Merge commit '479eca13aaaa46b43e68c52186e3783f06ae6f34'

Author: Sibras

.gitlab-ci.yml

@@ -2,15 +2,16 @@
 variables:
   BUILD_IMAGES_PROJECT: libssh/build-images
   CENTOS7_BUILD: buildenv-centos7
+  CENTOS8_BUILD: buildenv-c8s
   CENTOS9_BUILD: buildenv-c9s
-  COVERITY_BUILD: buildenv-coverity
   FEDORA_BUILD: buildenv-fedora
   MINGW_BUILD: buildenv-mingw
   TUMBLEWEED_BUILD: buildenv-tumbleweed
   UBUNTU_BUILD: buildenv-ubuntu
   ALPINE_BUILD: buildenv-alpine
 
 stages:
+  - review
   - build
   - test
   - analysis
@@ -66,6 +67,23 @@ stages:
   extends: .tests
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$TUMBLEWEED_BUILD
 
+.fips:
+  extends: .tests
+  variables:
+    # DSA is turned off in fips mode
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON -DWITH_DSA=OFF
+  before_script:
+    - *build
+    - echo "# userspace fips" > /etc/system-fips
+    # We do not need the kernel part, but in case we ever do:
+    # mkdir -p /var/tmp/userspace-fips
+    # echo 1 > /var/tmp/userspace-fips/fips_enabled
+    # mount --bind /var/tmp/userspace-fips/fips_enabled \
+    # /proc/sys/crypto/fips_enabled
+    - update-crypto-policies --show
+    - update-crypto-policies --set FIPS
+    - update-crypto-policies --show
+
 
 ###############################################################################
 #                               CentOS builds                                 #
@@ -82,12 +100,40 @@ centos7/openssl_1.0.x/x86_64:
 centos9s/openssl_3.0.x/x86_64:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
   extends: .tests
+  variables:
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON
   script:
     - export OPENSSL_ENABLE_SHA1_SIGNATURES=1
-    - cmake3 $CMAKE_OPTIONS .. &&
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
       make -j$(nproc) &&
       ctest --output-on-failure
 
+centos9s/openssl_3.0.x/x86_64/fips:
+  extends: .fips
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
+  script:
+    - export OPENSSL_ENABLE_SHA1_SIGNATURES=1
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
+
+centos8s/openssl_1.1.1/x86_64:
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
+  extends: .tests
+  variables:
+    CMAKE_ADDITIONAL_OPTIONS: -DWITH_PKCS11_URI=ON
+  script:
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      ctest --output-on-failure
+
+centos8s/openssl_1.1.1/x86_64/fips:
+  extends: .fips
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS8_BUILD
+  script:
+    - cmake $CMAKE_OPTIONS $CMAKE_ADDITIONAL_OPTIONS .. &&
+      make -j$(nproc) &&
+      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
 
 ###############################################################################
 #                               Fedora builds                                 #
@@ -111,31 +157,6 @@ fedora/ninja:
 fedora/openssl_3.0.x/x86_64:
   extends: .fedora
 
-fedora/openssl_3.0.x/x86_64/fips:
-  extends: .fedora
-  before_script:
-    - echo "# userspace fips" > /etc/system-fips
-    # We do not need the kernel part, but in case we ever do:
-    # mkdir -p /var/tmp/userspace-fips
-    # echo 1 > /var/tmp/userspace-fips/fips_enabled
-    # mount --bind /var/tmp/userspace-fips/fips_enabled \
-    # /proc/sys/crypto/fips_enabled
-    - update-crypto-policies --show
-    - update-crypto-policies --set FIPS
-    - update-crypto-policies --show
-    - mkdir -p obj && cd obj && cmake
-      -DCMAKE_BUILD_TYPE=RelWithDebInfo
-      -DPICKY_DEVELOPER=ON
-      -DWITH_BLOWFISH_CIPHER=ON
-      -DWITH_SFTP=ON -DWITH_SERVER=ON -DWITH_ZLIB=ON -DWITH_PCAP=ON
-      -DWITH_DEBUG_CRYPTO=ON -DWITH_DEBUG_PACKET=ON -DWITH_DEBUG_CALLTRACE=ON
-      -DWITH_DSA=ON
-      -DUNIT_TESTING=ON -DCLIENT_TESTING=ON -DSERVER_TESTING=ON ..
-  script:
-    - cmake $CMAKE_OPTIONS .. &&
-      make -j$(nproc) &&
-      OPENSSL_FORCE_FIPS_MODE=1 ctest --output-on-failure
-
 fedora/openssl_3.0.x/x86_64/minimal:
   extends: .fedora
   variables:
@@ -309,15 +330,15 @@ fedora/csbuild/mbedtls:
 ###############################################################################
 #                               Ubuntu builds                                 #
 ###############################################################################
-ubuntu/openssl_1.1.x/x86_64:
+ubuntu/openssl_3.0.x/x86_64:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$UBUNTU_BUILD
   extends: .tests
 
 
 ###############################################################################
 #                               Alpine builds                                 #
 ###############################################################################
-alpine/musl:
+alpine/openssl_3.0.x/musl:
   image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$ALPINE_BUILD
   extends: .tests
   script:
@@ -334,12 +355,12 @@ alpine/musl:
 ###############################################################################
 #                             Tumbleweed builds                               #
 ###############################################################################
-tumbleweed/openssl_1.1.x/x86_64/gcc:
+tumbleweed/openssl_3.0.x/x86_64/gcc:
   extends: .tumbleweed
   variables:
     CMAKE_ADDITIONAL_OPTIONS: "-DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"
 
-tumbleweed/openssl_1.1.x/x86/gcc:
+tumbleweed/openssl_3.0.x/x86/gcc:
   extends: .tumbleweed
   script:
     - cmake
@@ -350,14 +371,15 @@ tumbleweed/openssl_1.1.x/x86/gcc:
       -DWITH_ZLIB=ON
       -DWITH_PCAP=ON
       -DWITH_DSA=ON
-      -DUNIT_TESTING=ON ..
+      -DUNIT_TESTING=ON .. &&
+      make -j$(nproc)
 
-tumbleweed/openssl_1.1.x/x86_64/gcc7:
+tumbleweed/openssl_3.0.x/x86_64/gcc7:
   extends: .tumbleweed
   variables:
     CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=gcc-7 -DCMAKE_CXX_COMPILER=g++-7 -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"
 
-tumbleweed/openssl_1.1.x/x86/gcc7:
+tumbleweed/openssl_3.0.x/x86/gcc7:
   extends: .tumbleweed
   script:
     - cmake
@@ -370,7 +392,7 @@ tumbleweed/openssl_1.1.x/x86/gcc7:
       make -j$(nproc) &&
       ctest --output-on-failure
 
-tumbleweed/openssl_1.1.x/x86_64/clang:
+tumbleweed/openssl_3.0.x/x86_64/clang:
   extends: .tumbleweed
   variables:
     CMAKE_ADDITIONAL_OPTIONS: "-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DKRB5_CONFIG=/usr/lib/mit/bin/krb5-config"
@@ -402,7 +424,7 @@ tumbleweed/static-analysis:
 ###############################################################################
 # That is a specific runner that we cannot enable universally.
 # We restrict it to builds under the $BUILD_IMAGES_PROJECT project.
-freebsd/x86_64:
+freebsd/openssl_1.1.1/x86_64:
   image:
   extends: .tests
   before_script:
@@ -455,8 +477,6 @@ freebsd/x86_64:
     paths:
       - obj/
   before_script:
-    - choco install --no-progress -y cmake
-    - $env:Path += ';C:\Program Files\CMake\bin'
     - If (!(test-path .vcpkg\archives)) { mkdir -p .vcpkg\archives }
     - $env:VCPKG_DEFAULT_BINARY_CACHE="$PWD\.vcpkg\archives"
     - echo $env:VCPKG_DEFAULT_BINARY_CACHE
@@ -496,7 +516,7 @@ visualstudio/x86:
 
 coverity:
   stage: analysis
-  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$COVERITY_BUILD
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$CENTOS9_BUILD
   script:
     - mkdir obj && cd obj
     - wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$COVERITY_SCAN_PROJECT_NAME" -O /tmp/coverity_tool.tgz
@@ -526,3 +546,14 @@ coverity:
     when: on_failure
     paths:
       - obj/cov-int/*.txt
+
+###############################################################################
+#                                 Codespell                                   #
+###############################################################################
+codespell:
+  stage: review
+  image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$FEDORA_BUILD
+  script:
+    - codespell --ignore-words-list=keypair,sorce,ned,nd,ue
+  tags:
+    - shared

CHANGELOG

@@ -1,6 +1,34 @@
 CHANGELOG
 =========
 
+version 0.10.5 (released 2023-05-04)
+ * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing
+ * Fix CVE-2023-2283: a possible authorization bypass in
+   pki_verify_data_signature under low-memory conditions.
+ * Fix several memory leaks in GSSAPI handling code
+ * Escape braces in ProxyCommand created from ProxyJump options for zsh
+   compatibility.
+ * Fix pkg-config path relocation for MinGW
+ * Improve doxygen documentation
+ * Fix build with cygwin due to the glob support
+ * Do not enqueue outgoing packets after sending SSH2_MSG_NEWKEYS
+ * Add support for SSH_SUPPRESS_DEPRECATED
+ * Avoid functions declarations without prototype to build with clang 15
+ * Fix spelling issues
+ * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles repetitively
+ * Add support sk-* keys through configuration
+ * Improve checking for Argp library
+ * Log information about received extensions
+ * Correctly handle rekey with delayed compression
+ * Move the EC keys handling to OpenSSL 3.0 API
+ * Record peer disconnect message
+ * Avoid deadlock when write buffering occurs and we call poll recursively to
+   flush the output buffer
+ * Disable preauthentication compression by default
+ * Add CentOS 8 Stream / OpenSSL 1.1.1 to CI
+ * Add accidentally removed default compile flags
+ * Solve incorrect parsing of ProxyCommand option
+
 version 0.10.4 (released 2022-09-07)
   * Fixed issues with KDF on big endian
 
@@ -75,7 +103,7 @@ version 0.9.4 (released 2020-04-09)
   * Fixed CVE-2020-1730 - Possible DoS in client and server when handling
     AES-CTR keys with OpenSSL
   * Added diffie-hellman-group14-sha256
-  * Fixed serveral possible memory leaks
+  * Fixed several possible memory leaks
 
 version 0.9.3 (released 2019-12-10)
   * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
@@ -226,7 +254,7 @@ version 0.6.1 (released 2014-02-08)
   * Fixed DSA signature extraction.
   * Fixed some memory leaks.
   * Fixed read of non-connected socket.
-  * Fixed thread dectection.
+  * Fixed thread detection.
 
 version 0.6.0 (released 2014-01-08)
   * Added new publicy key API.
@@ -251,7 +279,7 @@ version 0.6.0 (released 2014-01-08)
 version 0.5.5 (released 2013-07-26)
   * BUG 103: Fix ProxyCommand parsing.
   * Fix setting -D_FORTIFY_SOURCE=2.
-  * Fix pollset error return if emtpy.
+  * Fix pollset error return if empty.
   * Fix NULL pointer checks in channel functions.
   * Several bugfixes.
 
@@ -267,7 +295,7 @@ version 0.5.3 (released 2012-11-20)
   * BUG #84 - Fix bug in sftp_mkdir not returning on error.
   * BUG #85 - Fixed a possible channel infinite loop if the connection dropped.
   * BUG #88 - Added missing channel request_state and set it to accepted.
-  * BUG #89 - Reset error state to no error on successful SSHv1 authentiction.
+  * BUG #89 - Reset error state to no error on successful SSHv1 authentication.
   * Fixed a possible use after free in ssh_free().
   * Fixed multiple possible NULL pointer dereferences.
   * Fixed multiple memory leaks in error paths.
@@ -328,7 +356,7 @@ version 0.4.7 (released 2010-12-28)
   * Fixed a possible memory leak in ssh_get_user_home().
   * Fixed a memory leak in sftp_xstat.
   * Fixed uninitialized fd->revents member.
-  * Fixed timout value in ssh_channel_accept().
+  * Fixed timeout value in ssh_channel_accept().
   * Fixed length checks in ssh_analyze_banner().
   * Fixed a possible data overread and crash bug.
   * Fixed setting max_fd which breaks ssh_select().
@@ -351,7 +379,7 @@ version 0.4.5 (released 2010-07-13)
   * Added option to bind a client to an ip address.
   * Fixed the ssh socket polling function.
   * Fixed Windows related bugs in bsd_poll().
-  * Fixed serveral build warnings.
+  * Fixed several build warnings.
 
 version 0.4.4 (released 2010-06-01)
   * Fixed a bug in the expand function for escape sequences.
@@ -370,17 +398,17 @@ version 0.4.3 (released 2010-05-18)
   * Fixed sftp_chown.
   * Fixed sftp_rename on protocol version 3.
   * Fixed a blocking bug in channel_poll.
-  * Fixed config parsing wich has overwritten user specified values.
+  * Fixed config parsing which has overwritten user specified values.
   * Fixed hashed [host]:port format in knownhosts
   * Fixed Windows build.
-  * Fixed doublefree happening after a negociation error.
+  * Fixed doublefree happening after a negotiation error.
   * Fixed aes*-ctr with <= OpenSSL 0.9.7b.
   * Fixed some documentation.
   * Fixed exec example which has broken read usage.
   * Fixed broken algorithm choice for server.
   * Fixed a typo that we don't export all symbols.
   * Removed the unneeded dependency to doxygen.
-  * Build examples only on the Linux plattform.
+  * Build examples only on the Linux platform.
 
 version 0.4.2 (released 2010-03-15)
   * Added owner and group information in sftp attributes.
@@ -402,7 +430,7 @@ version 0.4.1 (released 2010-02-13)
   * Added an example for exec.
   * Added private key type detection feature in privatekey_from_file().
   * Fixed zlib compression fallback.
-  * Fixed kex bug that client preference should be prioritary
+  * Fixed kex bug that client preference should be priority
   * Fixed known_hosts file set by the user.
   * Fixed a memleak in channel_accept().
   * Fixed underflow when leave_function() are unbalanced
@@ -540,7 +568,7 @@ version 0.11-dev
   * Keyboard-interactive authentication working.
 
 version 0.1 (released 2004-03-05)
-  * Begining of sftp subsystem implementation.
+  * Beginning of sftp subsystem implementation.
   * Some cleanup into channels implementation
   * Now every channel functions is called by its CHANNEL handler.
   * Added channel_poll() and channel_read().
@@ -561,7 +589,7 @@ version 0.0.4 (released 2003-10-10)
   * Added a wrapper.c file. The goal is to provide a similar API to every
     cryptographic functions. bignums and sha/md5 are wrapped now.
   * More work than it first looks.
-  * Support for other crypto libs planed (lighter libs)
+  * Support for other crypto libs planned (lighter libs)
   * Fixed stupid select() bug.
   * Libssh now compiles and links with openssl 0.9.6
   * RSA pubkey authentication code now works !

CMakeLists.txt

@@ -10,7 +10,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake/Modules")
 include(DefineCMakeDefaults)
 include(DefineCompilerFlags)
 
-project(libssh VERSION 0.10.4 LANGUAGES C)
+project(libssh VERSION 0.10.5 LANGUAGES C)
 
 # global needed variable
 set(APPLICATION_NAME ${PROJECT_NAME})
@@ -22,7 +22,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 #     Increment AGE. Set REVISION to 0
 #   If the source code was changed, but there were no interface changes:
 #     Increment REVISION.
-set(LIBRARY_VERSION "4.9.4")
+set(LIBRARY_VERSION "4.9.5")
 set(LIBRARY_SOVERSION "4")
 
 # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked
@@ -103,9 +103,7 @@ if (WITH_NACL)
     endif (NOT NACL_FOUND)
 endif (WITH_NACL)
 
-if (BSD OR SOLARIS OR OSX OR CYGWIN)
-    find_package(Argp)
-endif (BSD OR SOLARIS OR OSX OR CYGWIN)
+find_package(Argp)
 
 # Disable symbol versioning in non UNIX platforms
 if (UNIX)
@@ -125,7 +123,7 @@ add_subdirectory(src)
 
 # pkg-config file
 if (UNIX OR MINGW)
-configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc)
+configure_file(libssh.pc.cmake ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc @ONLY)
 install(
   FILES
     ${CMAKE_CURRENT_BINARY_DIR}/libssh.pc