Request 1134431 (superseded)

This request is superseded by request 1134726 (Show diff)

Overview

Request 1134431 superseded

- Update to version 0.10.6
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
- Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209)
- Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126)
- Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186)

Created by adamm 11 months ago
In state superseded
Supersedes 1134048
Superseded by 1134726
Open review for factory-staging

Submit libssh

Comments for request 1134431 4
Comments for request 1134048 1

Ana Guerrero (anag+factory) - 11 months ago

reviewer

FTR, the FTBFS with cockpit is still present

[  115s] ok 3 /ssh-bridge/echo-large
[  115s] # cockpit-protocol-DEBUG: test-ssh: output queue empty
[  115s] # cockpit-protocol-DEBUG: test-ssh: reading input 1
[  115s] # cockpit-protocol-DEBUG: test-ssh: received a 73 byte payload
[  115s] # cockpit-protocol-DEBUG: test-ssh: want more data
[  115s] # cockpit-protocol-DEBUG: test-ssh: queued 112 byte payload
[  115s] # cockpit-protocol-DEBUG: test-ssh: wrote 5 bytes
[  115s] # cockpit-protocol-DEBUG: test-ssh: wrote 112 bytes
[  115s] # cockpit-protocol-DEBUG: test-ssh: output queue empty
[  115s] 
[  115s] (cockpit-ssh:8831): cockpit-ssh-WARNING **: 12:39:40.380: (src/ssh/cockpitsshrelay.c:1349):cockpit_ssh_connect: runtime check failed: (ssh_options_set (data->session, SSH_OPTIONS_HOST, host) == 0)
[  115s] 
[  115s] (cockpit-ssh:8831): cockpit-ssh-WARNING **: 12:39:40.380: (src/ssh/cockpitsshrelay.c:1350):cockpit_ssh_connect: runtime check failed: (ssh_options_parse_config (data->session, NULL) == 0)
[  115s] # cockpit-protocol-DEBUG: test-ssh: reading input 1
[  115s] # cockpit-protocol-DEBUG: test-ssh: received a 82 byte payload
[  115s] # cockpit-protocol-DEBUG: test-ssh: want more data
[  115s] **
[  115s] cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:542:wait_until_transport_init: assertion failed (json_object_get_string_member (init, "command") == "init"): ("authorize" == "init")
[  115s] not ok /ssh-bridge/ipv6-address - cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:542:wait_until_transport_init: assertion failed (json_object_get_string_member (init, "command") == "init"): ("authorize" == "init")
[  115s] Bail out!
[  115s] cockpit-ssh-Message: 12:39:40.380: cockpit-ssh [::1]:37775: -1 couldn't connect: Hostname required '::1' '37775'
[  115s] cockpit-ssh-Message: 12:39:40.380: couldn't write control message: Broken pipe
[  115s] cockpit-ssh-Message: 12:39:40.380: couldn't write authorize message: Inappropriate ioctl for device
[  115s] FAIL test-sshbridge (exit status: 134)
[  115s] 
[  115s] ============================================================================
[  115s] Testsuite summary for Cockpit 300.1
[  115s] ============================================================================
[  115s] # TOTAL: 89
[  115s] # PASS:  88
[  115s] # SKIP:  0
[  115s] # XFAIL: 0
[  115s] # FAIL:  1
[  115s] # XPASS: 0
[  115s] # ERROR: 0
[  115s] ============================================================================

Ana Guerrero (anag+factory) - 11 months ago

reviewer

breaks cockpit, it's a security update!