From e4d69c627fe4767abff7300abb146c925c0d9621 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 9 Feb 2024 15:26:25 +0100 Subject: [PATCH] Sync from SUSE:ALP:Source:Standard:1.0 libssh revision e8972d7c99349ff1de8f2d7ab5c4a740 --- .gitattributes | 23 + ...le-timeout-test-on-slow-buildsystems.patch | 53 + _multibuild | 3 + baselibs.conf | 1 + libssh-0.10.6.tar.xz | 3 + libssh-0.10.6.tar.xz.asc | 16 + libssh-fix-ipv6-hostname-regression.patch | 265 +++++ libssh.changes | 970 ++++++++++++++++++ libssh.keyring | Bin 0 -> 3432 bytes libssh.spec | 171 +++ libssh_client.config | 4 + libssh_server.config | 2 + 12 files changed, 1511 insertions(+) create mode 100644 .gitattributes create mode 100644 0001-disable-timeout-test-on-slow-buildsystems.patch create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 libssh-0.10.6.tar.xz create mode 100644 libssh-0.10.6.tar.xz.asc create mode 100644 libssh-fix-ipv6-hostname-regression.patch create mode 100644 libssh.changes create mode 100644 libssh.keyring create mode 100644 libssh.spec create mode 100644 libssh_client.config create mode 100644 libssh_server.config diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..fecc750 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/0001-disable-timeout-test-on-slow-buildsystems.patch b/0001-disable-timeout-test-on-slow-buildsystems.patch new file mode 100644 index 0000000..05922a7 --- /dev/null +++ b/0001-disable-timeout-test-on-slow-buildsystems.patch @@ -0,0 +1,53 @@ +Index: libssh-0.10.0/tests/unittests/torture_misc.c +=================================================================== +--- libssh-0.10.0.orig/tests/unittests/torture_misc.c 2022-07-07 15:53:51.000000000 +0200 ++++ libssh-0.10.0/tests/unittests/torture_misc.c 2022-08-26 14:19:01.827866890 +0200 +@@ -211,11 +211,13 @@ static void torture_timeout_elapsed(void + ssh_timestamp_init(&ts); + usleep(30000); + ++#ifndef SLOW_TEST_SYSTEM + assert_true(ssh_timeout_elapsed(&ts,25)); + assert_false(ssh_timeout_elapsed(&ts,30000)); + assert_false(ssh_timeout_elapsed(&ts,75)); + assert_true(ssh_timeout_elapsed(&ts,0)); + assert_false(ssh_timeout_elapsed(&ts,-1)); ++#endif /* SLOW_TEST_SYSTEM */ + } + + static void torture_timeout_update(void **state){ +@@ -223,11 +225,13 @@ static void torture_timeout_update(void + (void) state; + ssh_timestamp_init(&ts); + usleep(50000); ++#ifndef SLOW_TEST_SYSTEM + assert_int_equal(ssh_timeout_update(&ts,25), 0); + assert_in_range(ssh_timeout_update(&ts,30000),29000,29960); + assert_in_range(ssh_timeout_update(&ts,75),1,40); + assert_int_equal(ssh_timeout_update(&ts,0),0); + assert_int_equal(ssh_timeout_update(&ts,-1),-1); ++#endif /* SLOW_TEST_SYSTEM */ + } + + static void torture_ssh_analyze_banner(void **state) { +Index: libssh-0.10.0/DefineOptions.cmake +=================================================================== +--- libssh-0.10.0.orig/DefineOptions.cmake 2022-07-07 15:53:51.000000000 +0200 ++++ libssh-0.10.0/DefineOptions.cmake 2022-08-26 14:19:41.500119198 +0200 +@@ -25,6 +25,7 @@ option(WITH_GEX "Enable DH Group exchang + option(WITH_INSECURE_NONE "Enable insecure none cipher and MAC algorithms (not suitable for production!)" OFF) + option(FUZZ_TESTING "Build with fuzzer for the server and client (automatically enables none cipher!)" OFF) + option(PICKY_DEVELOPER "Build with picky developer flags" OFF) ++option(SLOW_TEST_SYSTEM "Disable tests that fail on slow systems" OFF) + + if (WITH_ZLIB) + set(WITH_LIBZ ON) +@@ -60,3 +61,8 @@ endif (NOT GLOBAL_CLIENT_CONFIG) + if (FUZZ_TESTING) + set(WITH_INSECURE_NONE ON) + endif (FUZZ_TESTING) ++ ++if (SLOW_TEST_SYSTEM) ++ set (SLOW_TEST_SYSTEM ON) ++ add_definitions(-DSLOW_TEST_SYSTEM) ++endif (SLOW_TEST_SYSTEM) diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..83bd4e9 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + test + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..564c042 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libssh4 diff --git a/libssh-0.10.6.tar.xz b/libssh-0.10.6.tar.xz new file mode 100644 index 0000000..b5bf112 --- /dev/null +++ b/libssh-0.10.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1861d498f5b6f1741b6abc73e608478491edcf9c9d4b6630eef6e74596de9dc1 +size 561036 diff --git a/libssh-0.10.6.tar.xz.asc b/libssh-0.10.6.tar.xz.asc new file mode 100644 index 0000000..bf9c364 --- /dev/null +++ b/libssh-0.10.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmWAeGkACgkQfuD8TcwB +Tj2yAw//QOMEcCiijJvOgXCKsVoV9oSuK3aYxqpOS9cV2P40eev0KQrAZC2EXNt3 +XAdfNhA21b2C6qSxckmkCWg3vwPmM6LousHG+zpyZkiSziolMoeBkvbEdU42fufE +SD39cA1bBEbZahyrILWT2I3Bi0d0G7FC13tIBXShS2zIITSXs/2SSRIhg3OXB979 +FTwvEE4zHeSXO4itTMNA/sMJ/0qPccQIzisH0g/TF4318b0qjlQjkHJS1y0f3/PL +Ge3RORQVcZqGTnhJNlF/tKD8wZ9mfqqurQ9yNshiAu8hH8sDH5ZhI3o5pjQe0mGO +JNEwTw0X/vZ4iglWFmm2CusiHrh0KUFsrp8f3oaL3HU4i7yYgo0FhzFtgFVt0gXO +JQOhlSUq50yqbBj6S9C5ecuSR0uPgYA4d8qCFrt9oD77m7Qi3mMi+f/kP+HctIaV +4ro7lZf6IS54J4/m5hRY3F0nweFnZZL8gn8Da8mBZSvhXCqQL6qbD9buwrTzxGft +Fct7+PrRwz9igO7j2nNMyWxtX55/GpX06n7vuonRgQQQiT8eQ5R71STMHJaACFPS +CJHCpuVL28HGdyAxN5d65TCvkNo9/gFGM6ocIH3OlreTFUvy22qNrqwHpCkLgYWU +ylntVoE/VYtHtwFOe0uuCX+2TiM03P5UT2NqAAa/8D4Z5ur3qUY= +=nXW5 +-----END PGP SIGNATURE----- diff --git a/libssh-fix-ipv6-hostname-regression.patch b/libssh-fix-ipv6-hostname-regression.patch new file mode 100644 index 0000000..228a610 --- /dev/null +++ b/libssh-fix-ipv6-hostname-regression.patch @@ -0,0 +1,265 @@ +From 66ac6343b246458a6645ae32f75556a1407031ec Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 22 Dec 2023 10:32:40 +0100 +Subject: [PATCH 1/2] Fix regression in IPv6 addresses in hostname parsing + +Signed-off-by: Jakub Jelen +--- + include/libssh/config_parser.h | 11 ++++++++--- + src/config.c | 4 ++-- + src/config_parser.c | 19 ++++++++++++++----- + src/options.c | 10 ++-------- + 4 files changed, 26 insertions(+), 18 deletions(-) + +diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h +index a7dd42a2c..ca353432b 100644 +--- a/include/libssh/config_parser.h ++++ b/include/libssh/config_parser.h +@@ -30,6 +30,8 @@ + extern "C" { + #endif + ++#include ++ + char *ssh_config_get_cmd(char **str); + + char *ssh_config_get_token(char **str); +@@ -49,14 +51,17 @@ int ssh_config_get_yesno(char **str, int notfound); + * be stored or NULL if we do not care about the result. + * @param[out] port Pointer to the location, where the new port will + * be stored or NULL if we do not care about the result. ++ * @param[in] ignore_port Set to true if the we should not attempt to parse ++ * port number. + * + * @returns SSH_OK if the provided string is in format of SSH URI, + * SSH_ERROR on failure + */ + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port); ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port); + + #ifdef __cplusplus + } +diff --git a/src/config.c b/src/config.c +index 5eedbce96..7135c3b19 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + if (parse_entry) { + /* We actually care only about the first item */ +- rv = ssh_config_parse_uri(cp, &username, &hostname, &port); ++ rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false); + /* The rest of the list needs to be passed on */ + if (endp != NULL) { + next = strdup(endp + 1); +@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + } else { + /* The rest is just sanity-checked to avoid failures later */ +- rv = ssh_config_parse_uri(cp, NULL, NULL, NULL); ++ rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false); + } + if (rv != SSH_OK) { + goto out; +diff --git a/src/config_parser.c b/src/config_parser.c +index 9ffc8b8b0..b30e94091 100644 +--- a/src/config_parser.c ++++ b/src/config_parser.c +@@ -161,10 +161,14 @@ int ssh_config_get_yesno(char **str, int notfound) + return notfound; + } + ++/* Parse the URI extracting parts such as a username, hostname and port. ++ * If the port is NULL, do not expect port present and be more lax for example ++ * with matching IPv6 address which have the same separators as host:port */ + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port) ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port) + { + char *endp = NULL; + long port_n; +@@ -210,12 +214,17 @@ int ssh_config_parse_uri(const char *tok, + if (endp == NULL) { + goto error; + } +- } else { +- /* Hostnames or aliases expand to the last colon or to the end */ ++ } else if (!ignore_port) { ++ /* Hostnames or aliases expand to the last colon (if port is requested) ++ * or to the end */ + endp = strrchr(tok, ':'); + if (endp == NULL) { + endp = strchr(tok, '\0'); + } ++ } else { ++ /* If no port is requested, expand to the end of line ++ * (to accommodate the IPv6 addresses) */ ++ endp = strchr(tok, '\0'); + } + if (tok == endp) { + /* Zero-length hostnames are not valid */ +diff --git a/src/options.c b/src/options.c +index 2e73be462..676c49e7a 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -634,17 +634,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, + ssh_set_error_invalid(session); + return -1; + } else { +- char *username = NULL, *hostname = NULL, *port = NULL; +- rc = ssh_config_parse_uri(value, &username, &hostname, &port); ++ char *username = NULL, *hostname = NULL; ++ rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true); + if (rc != SSH_OK) { + return -1; + } +- if (port != NULL) { +- SAFE_FREE(username); +- SAFE_FREE(hostname); +- SAFE_FREE(port); +- return -1; +- } + if (username != NULL) { + SAFE_FREE(session->opts.username); + session->opts.username = username; +-- +GitLab + + +From f2ec751f09901b9c539ae096f5ee4fc63f305f30 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 22 Dec 2023 09:52:18 +0100 +Subject: [PATCH 2/2] tests: Increase test coverage for IPv6 address parsing as + hostnames + +This was an issue in cockpit: + +https://github.com/cockpit-project/cockpit/issues/19772 + +Signed-off-by: Jakub Jelen +--- + tests/unittests/torture_config.c | 49 +++++++++++++++++++++++++++++++ + tests/unittests/torture_options.c | 16 ++++++++++ + 2 files changed, 65 insertions(+) + +diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c +index bc6b08f94..751aa126c 100644 +--- a/tests/unittests/torture_config.c ++++ b/tests/unittests/torture_config.c +@@ -2332,6 +2332,53 @@ static void torture_config_make_absolute_no_sshdir(void **state) + torture_config_make_absolute_int(state, 1); + } + ++static void torture_config_parse_uri(void **state) ++{ ++ char *username = NULL; ++ char *hostname = NULL; ++ char *port = NULL; ++ int rc; ++ ++ (void)state; /* unused */ ++ ++ rc = ssh_config_parse_uri("localhost", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "localhost"); ++ SAFE_FREE(hostname); ++ assert_null(port); ++ ++ rc = ssh_config_parse_uri("1.2.3.4", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1.2.3.4"); ++ SAFE_FREE(hostname); ++ assert_null(port); ++ ++ rc = ssh_config_parse_uri("1.2.3.4:2222", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1.2.3.4"); ++ SAFE_FREE(hostname); ++ assert_string_equal(port, "2222"); ++ SAFE_FREE(port); ++ ++ rc = ssh_config_parse_uri("[1:2:3::4]:2222", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1:2:3::4"); ++ SAFE_FREE(hostname); ++ assert_string_equal(port, "2222"); ++ SAFE_FREE(port); ++ ++ /* do not want port */ ++ rc = ssh_config_parse_uri("1:2:3::4", &username, &hostname, NULL, true); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1:2:3::4"); ++ SAFE_FREE(hostname); ++} ++ + int torture_run_tests(void) + { + int rc; +@@ -2424,6 +2471,8 @@ int torture_run_tests(void) + setup, teardown), + cmocka_unit_test_setup_teardown(torture_config_make_absolute_no_sshdir, + setup_no_sshdir, teardown), ++ cmocka_unit_test_setup_teardown(torture_config_parse_uri, ++ setup, teardown), + }; + + +diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c +index 5ba3bdc6a..b07712d86 100644 +--- a/tests/unittests/torture_options.c ++++ b/tests/unittests/torture_options.c +@@ -57,6 +57,20 @@ static void torture_options_set_host(void **state) { + assert_non_null(session->opts.host); + assert_string_equal(session->opts.host, "localhost"); + ++ /* IPv4 address */ ++ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "127.1.1.1"); ++ assert_true(rc == 0); ++ assert_non_null(session->opts.host); ++ assert_string_equal(session->opts.host, "127.1.1.1"); ++ assert_null(session->opts.username); ++ ++ /* IPv6 address */ ++ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "::1"); ++ assert_true(rc == 0); ++ assert_non_null(session->opts.host); ++ assert_string_equal(session->opts.host, "::1"); ++ assert_null(session->opts.username); ++ + rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation"); + assert_true(rc == 0); + assert_non_null(session->opts.host); +@@ -64,12 +78,14 @@ static void torture_options_set_host(void **state) { + assert_non_null(session->opts.username); + assert_string_equal(session->opts.username, "guru"); + ++ /* more @ in uri is OK -- it should go to the username */ + rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname"); + assert_true(rc == 0); + assert_non_null(session->opts.host); + assert_string_equal(session->opts.host, "hostname"); + assert_non_null(session->opts.username); + assert_string_equal(session->opts.username, "at@login"); ++ + } + + static void torture_options_set_ciphers(void **state) { +-- +GitLab + diff --git a/libssh.changes b/libssh.changes new file mode 100644 index 0000000..5baf429 --- /dev/null +++ b/libssh.changes @@ -0,0 +1,970 @@ +------------------------------------------------------------------- +Sat Dec 23 10:35:07 UTC 2023 - Andreas Schneider + +- Fix regression parsing IPv6 addresses provided as hostname + * Added libssh-fix-ipv6-hostname-regression.patch + +------------------------------------------------------------------- +Tue Dec 19 12:28:53 UTC 2023 - Andreas Schneider + +- Update to version 0.10.6 + https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ +- Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209) +- Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126) +- Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186) + +------------------------------------------------------------------- +Mon Sep 25 09:09:25 UTC 2023 - Pedro Monreal + +- Enable crypto-policies support: [bsc#1211301] + * Rebase libssh_client.config libssh_server.config + +------------------------------------------------------------------- +Fri Aug 4 13:12:05 UTC 2023 - malcolmlewis@opensuse.org + +- Add fix to spec file for the incorrect include path as a result + of the default openSSH move to /usr/etc, (boo#1211718). + +------------------------------------------------------------------- +Sat May 6 01:05:17 UTC 2023 - Dirk Müller + +- update to 0.10.5: + * Fix CVE-2023-1667: a NULL dereference during rekeying with + algorithm guessing + * Fix CVE-2023-2283: a possible authorization bypass in + pki_verify_data_signature under low-memory conditions. + * Fix several memory leaks in GSSAPI handling code + * Escape braces in ProxyCommand created from ProxyJump options + for zsh compatibility. + * Fix pkg-config path relocation for MinGW + * Improve doxygen documentation + * Fix build with cygwin due to the glob support + * Do not enqueue outgoing packets after sending + SSH2_MSG_NEWKEYS + * Add support for SSH_SUPPRESS_DEPRECATED + * Avoid functions declarations without prototype to build with + clang 15 + * Fix spelling issues + * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles + repetitively + * Add support sk-* keys through configuration + * Improve checking for Argp library + * Log information about received extensions + * Correctly handle rekey with delayed compression + * Move the EC keys handling to OpenSSL 3.0 API + * Record peer disconnect message + * Avoid deadlock when write buffering occurs and we call poll + recursively to flush the output buffer + * Disable preauthentication compression by default + * Add accidentally removed default compile flags + * Solve incorrect parsing of ProxyCommand option + +------------------------------------------------------------------- +Wed Sep 7 13:32:34 UTC 2022 - Andreas Schneider + +- Update to version 0.10.4 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4 + +------------------------------------------------------------------- +Mon Sep 5 13:00:07 UTC 2022 - Andreas Schneider + +- Update to version 0.10.3 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.3 + +------------------------------------------------------------------- +Fri Sep 2 08:51:23 UTC 2022 - Andreas Schneider + +- Update to version 0.10.2 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.2 +- Removed libssh-weak-attribute.patch + +------------------------------------------------------------------- +Tue Aug 30 14:29:51 UTC 2022 - Andreas Schneider + +- Update to version 0.10.1 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.1 +- Enable client and server testing + * Added libssh-weak-attribute.patch + +------------------------------------------------------------------- +Fri Aug 26 12:16:13 UTC 2022 - Andreas Schneider + +- Update to version 0.10.0 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.0 +- Removed 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch + +------------------------------------------------------------------- +Wed Jan 5 13:58:56 UTC 2022 - Fabian Vogt + +- Add patch to make the compression option more compatible (boo#1192731): + * 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch + +------------------------------------------------------------------- +Thu Aug 26 13:15:59 UTC 2021 - Andreas Schneider + +- Update to version 0.9.6 (bsc#1189608, CVE-2021-3634) + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 + +------------------------------------------------------------------- +Mon Sep 21 19:16:06 UTC 2020 - Andreas Schneider + +- Add missing BR for openssh needed for tests + +------------------------------------------------------------------- +Sun Sep 13 19:17:44 UTC 2020 - Dirk Mueller + +- update to 0.9.5 (bsc#1174713, CVE-2020-16135): + * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) + * Improve handling of library initialization (T222) + * Fix parsing of subsecond times in SFTP (T219) + * Make the documentation reproducible + * Remove deprecated API usage in OpenSSL + * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN + * Define version in one place (T226) + * Prevent invalid free when using different C runtimes than OpenSSL (T229) + * Compatibility improvements to testsuite + +------------------------------------------------------------------- +Thu Apr 9 07:50:07 UTC 2020 - Andreas Schneider + +- Update to version 0.9.4 + * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ + * Fix possible Denial of Service attack when using AES-CTR-ciphers + CVE-2020-1730 (bsc#1168699) + +------------------------------------------------------------------- +Tue Feb 18 14:05:49 UTC 2020 - Dominique Leuenberger + +- Drop the hack to pull curl-mini: we moved the split a bit higher + up and now have a non-curl linked variant of cmake in + openSUSE:Factory. + +------------------------------------------------------------------- +Tue Dec 10 19:08:47 UTC 2019 - Andreas Schneider + +- Update to version 0.9.3 + * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) + * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state + * SSH-01-006 General: Various unchecked Null-derefs cause DOS + * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys + * SSH-01-010 SSH: Deprecated hash function in fingerprinting + * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS + * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access + * SSH-01-001 State Machine: Initial machine states should be set explicitly + * SSH-01-002 Kex: Differently bound macros used to iterate same array + * SSH-01-005 Code-Quality: Integer sign confusion during assignments + * SSH-01-008 SCP: Protocol Injection via unescaped File Names + * SSH-01-009 SSH: Update documentation which RFCs are implemented + * SSH-01-012 PKI: Information leak via uninitialized stack buffer + +------------------------------------------------------------------- +Mon Dec 9 09:25:43 UTC 2019 - Dominique Leuenberger + +- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved + for internal use. + +------------------------------------------------------------------- +Thu Nov 7 15:47:45 UTC 2019 - Andreas Schneider + +- Update to version 0.9.2 + * Fixed libssh-config.cmake + * Fixed issues with rsa algorithm negotiation (T191) + * Fixed detection of OpenSSL ed25519 support (T197) + +------------------------------------------------------------------- +Fri Oct 25 14:47:49 UTC 2019 - Andreas Schneider + +- Update to version 0.9.1 + * Added support for Ed25519 via OpenSSL + * Added support for X25519 via OpenSSL + * Added support for localuser in Match keyword + * Fixed Match keyword to be case sensitive + * Fixed compilation with LibreSSL + * Fixed error report of channel open (T75) + * Fixed sftp documentation (T137) + * Fixed known_hosts parsing (T156) + * Fixed build issue with MinGW (T157) + * Fixed build with gcc 9 (T164) + * Fixed deprecation issues (T165) + * Fixed known_hosts directory creation (T166) + +------------------------------------------------------------------- +Wed Jul 10 08:42:34 UTC 2019 - Tomáš Chvátal + +- Split out configuration to separate package to not mess up the + library packaging and coinstallation + +------------------------------------------------------------------- +Fri Jun 28 06:40:49 UTC 2019 - Andreas Schneider + +- Update to verion 0.9.0 + * Added support for AES-GCM + * Added improved rekeying support + * Added performance improvements + * Disabled blowfish support by default + * Fixed several ssh config parsing issues + * Added support for DH Group Exchange KEX + * Added support for Encrypt-then-MAC mode + * Added support for parsing server side configuration file + * Added support for ECDSA/Ed25519 certificates + * Added FIPS 140-2 compatibility + * Improved known_hosts parsing + * Improved documentation + * Improved OpenSSL API usage for KEX, DH, and signatures +- Removed 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch +- Removed 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch +- Removed 0001-tests-Add-aes-gcm-ciphers-tests.patch +- Add libssh client and server config files + +------------------------------------------------------------------- +Wed May 29 12:56:05 UTC 2019 - Ismail Dönmez + +- Fix the typo in Obsoletes for -devel-doc subpackage +- Actually remove the description for -devel-doc subpackage + +------------------------------------------------------------------- +Thu May 23 15:32:07 UTC 2019 - James McDonough + +- Add support for new AES-GCM encryption types; (bsc#1134193) + * Add 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch + * Add 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch + * Add 0001-tests-Add-aes-gcm-ciphers-tests.patch + +------------------------------------------------------------------- +Thu Feb 28 07:17:52 UTC 2019 - Stephan Kulow + +- Avoid build cycle between curl and libssh by using obs hint to + prefer curl-mini + +------------------------------------------------------------------- +Mon Feb 25 09:28:34 UTC 2019 - Andreas Schneider + +- Update to version 0.8.7 + * Fixed handling extension flags in the server implementation + * Fixed exporting ed25519 private keys + * Fixed corner cases for rsa-sha2 signatures + * Fixed some issues with connector + +------------------------------------------------------------------- +Mon Feb 11 12:24:43 UTC 2019 - Tomáš Chvátal + +- Drop doxygen from dependencies to avoid buildcycle + * the documentation is available online anyway for anyone to + consume and consult http://api.libssh.org + +------------------------------------------------------------------- +Tue Jan 8 13:14:24 UTC 2019 - Pedro Monreal Gonzalez + +- Added the tests in a multiple build description file *test* to + break the cycle for cmocka, curl, doxygen and libssh. + +------------------------------------------------------------------- +Sun Dec 30 16:15:23 UTC 2018 - Andreas Schneider + +- Update to version 0.8.6 + * Fixed compilation issues with different OpenSSL versions + * Fixed StrictHostKeyChecking in new knownhosts API + * Fixed ssh_send_keepalive() with packet filter + * Fixed possible crash with knownhosts options + * Fixed issus with rekeying + * Fixed strong ECDSA keys + * Fixed some issues with rsa-sha2 extentions + * Fixed access violation in ssh_init() (static linking) + * Fixed ssh_channel_close() handling + +------------------------------------------------------------------- +Mon Oct 29 10:36:40 UTC 2018 - Andreas Schneider + +- Update to version 0.8.5 + * Added support to get known_hosts locations with ssh_options_get() + * Fixed preferred algorithm for known hosts negotiations + * Fixed KEX with some server implementations (e.g. Cisco) + * Fixed issues with MSVC + * Fixed keyboard-interactive auth in server mode + (regression from CVE-2018-10933) + * Fixed gssapi auth in server mode (regression from CVE-2018-10933) + * Fixed socket fd handling with proxy command + * Fixed a memory leak with OpenSSL + +------------------------------------------------------------------- +Tue Oct 16 12:07:50 UTC 2018 - Andreas Schneider + +- Update to version 0.8.4 + * Fixed CVE-2018-10933; (bsc#1108020) + * Fixed building without globbing support + * Fixed possible memory leaks + * Avoid SIGPIPE on sockets + +------------------------------------------------------------------- +Fri Sep 21 08:32:56 UTC 2018 - Andreas Schneider + +- Update to version 0.8.3 + * Added support for rsa-sha2 + * Added support to parse private keys in openssh container format + (other than ed25519) + * Added support for diffie-hellman-group18-sha512 and + diffie-hellman-group16-sha512 + * Added ssh_get_fingerprint_hash() + * Added ssh_pki_export_privkey_base64() + * Added support for Match keyword in config file + * Improved performance and reduced memory footprint for sftp + * Fixed ecdsa publickey auth + * Fixed reading a closed channel + * Added support to announce posix-rename@openssh.com and + hardlink@openssh.com in the sftp server +- Removed patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch + +------------------------------------------------------------------- +Thu Aug 30 06:00:24 UTC 2018 - Andreas Schneider + +- Update to version 0.8.2 + * Added sha256 fingerprints for pubkeys + * Improved compiler flag detection + * Fixed race condition in reading sftp messages + * Fixed doxygen generation and added modern style + * Fixed library initialization on Windows + * Fixed __bounded__ attribute detection + * Fixed a bug in the options parser + * Fixed documentation for new knwon_hosts API +- Added patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch + * Fix compiler warning on SLE12 + +------------------------------------------------------------------- +Mon Aug 27 09:25:49 UTC 2018 - vcizek@suse.com + +- Add missing zlib-devel dependency which was previously pulled in + by libopenssl-devel + +------------------------------------------------------------------- +Tue Aug 14 13:34:19 UTC 2018 - asn@cryptomilk.org + +- Remove the libssh_threads.so symlink + +------------------------------------------------------------------- +Mon Aug 13 20:26:03 UTC 2018 - asn@cryptomilk.org + +- Update to version 0.8.1 + * Fixed version number in the header + * Fixed version number in pkg-config and cmake config + * Fixed library initialization + * Fixed attribute detection + +------------------------------------------------------------------- +Fri Aug 10 12:01:17 UTC 2018 - asn@cryptomilk.org + +- Update to version 0.8.0 + * Removed support for deprecated SSHv1 protocol + * Added new connector API for clients + * Added new known_hosts parsing API + * Added support for OpenSSL 1.1 + * Added support for chacha20-poly1305 cipher + * Added crypto backend for mbedtls crypto library + * Added ECDSA support with gcrypt backend + * Added advanced client and server testing using cwrap.org + * Added support for curve25519-sha256 alias + * Added support for global known_hosts file + * Added support for symbol versioning + * Improved ssh_config parsing + * Improved threading support +- Removed 0001-libcrypto-Remove-AES_ctr128_encrypt.patch +- Removed 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch +- Removed 0001-libcrypto-Use-newer-API-for-HMAC.patch +- Removed 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch +- Removed 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch +- Removed 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch +- Removed 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch +- Removed 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch +- Removed 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch + +------------------------------------------------------------------- +Fri Mar 9 14:12:28 UTC 2018 - jmcdonough@suse.com + +- Disable timeout testing on slow build systems (bsc#1084713) + * 0001-disable-timeout-test-on-slow-buildsystems.patch + +------------------------------------------------------------------- +Sun Dec 24 14:41:46 UTC 2017 - fabian@ritter-vogt.de + +- Add patch to fix parsing of config files (boo#1067782): + * 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch + +------------------------------------------------------------------- +Fri Sep 15 08:31:32 UTC 2017 - vcizek@suse.com + +- add support for building with OpenSSL 1.1 (bsc#1055266) + * added patches: + * 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch + * 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch + * 0001-libcrypto-Remove-AES_ctr128_encrypt.patch + * 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch + * 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch + * 0001-libcrypto-Use-newer-API-for-HMAC.patch + * 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch + * 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch + +------------------------------------------------------------------- +Mon Jul 31 08:31:20 UTC 2017 - astieger@suse.com + +- add package keyring and verify source signature + +------------------------------------------------------------------- +Thu Apr 13 14:41:57 UTC 2017 - asn@cryptomilk.org + +- Update to version 0.7.5 + * Fixed a memory allocation issue with buffers + * Fixed PKI on Windows + * Fixed some SSHv1 functions + * Fixed config hostname expansion + +------------------------------------------------------------------- +Wed Feb 8 10:43:05 UTC 2017 - asn@cryptomilk.org + +- Update to version 0.7.4 + * Added id_ed25519 to the default identity list + * Fixed sftp EOF packet handling + * Fixed ssh_send_banner() to confirm with RFC 4253 + * Fixed some memory leaks +- Removed patch gcc5-fixes.patch + +------------------------------------------------------------------- +Wed Dec 7 12:22:00 UTC 2016 - jengelh@inai.de + +- Update descriptions. Drop redundant pkgconfig require + (it's autodetected). + +------------------------------------------------------------------- +Wed Oct 7 08:25:18 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.7.2 + * Fixed OpenSSL detection on Windows + * Fixed return status for ssh_userauth_agent() + * Fixed KEX to prefer hmac-sha2-256 + * Fixed sftp packet handling + * Fixed return values of ssh_key_is_(public|private) + * Fixed bug in global success reply + +------------------------------------------------------------------- +Mon Jul 20 09:29:46 UTC 2015 - tchvatal@suse.com + +- Enable testsuite run to check the state of libssh itself +- Use SUSE macros to define environment clearly +- Enable gssapi by adding krb5 dependency + +------------------------------------------------------------------- +Tue Jun 30 07:36:31 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.7.1 + * Fixed SSH_AUTH_PARTIAL auth with auto public key + * Fixed memory leak in session options + * Fixed allocation of ed25519 public keys + * Fixed channel exit-status and exit-signal + * Reintroduce ssh_forward_listen() + +------------------------------------------------------------------- +Mon May 11 09:50:29 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.7.0 + * Added support for ed25519 keys + * Added SHA2 algorithms for HMAC + * Added improved and more secure buffer handling code + * Added callback for auth_none_function + * Added support for ECDSA private key signing + * Added more tests + * Fixed a lot of bugs + * Improved API documentation + +------------------------------------------------------------------- +Wed May 6 20:26:52 UTC 2015 - dmueller@suse.com + +- add gcc5-fixes.patch: Fix build against GCC 5.x + +------------------------------------------------------------------- +Thu Apr 30 14:08:31 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.6.5 + * Fixed CVE-2015-3146 + * Fixed port handling in config file + * Fixed the build with libgcrypt + * Fixed SFTP endian issues (rlo #179) + * Fixed uninitilized sig variable (rlo #167) + * Fixed polling issues which could result in a hang + * Fixed handling of EINTR in ssh_poll() (rlo #186) + * Fixed C99 issues with __func__ + * Fixed some memory leaks + * Improved macro detection on Windows + +------------------------------------------------------------------- +Thu Jan 22 07:41:22 UTC 2015 - coolo@suse.com + +- removing argument from popd +- add baselibs.conf as source + +------------------------------------------------------------------- +Fri Dec 19 09:51:35 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.4 + * Fixed CVE-2014-8132. + * Added SHA-2 for session ID signing with ECDSA keys. + * Added support for ECDSA host keys. + * Added support for more ECDSA hostkey algorithms. + * Added ssh_pki_key_ecdsa_name() API. + * Fixed setting the bindfd only after successful listen. + * Fixed issues with user created sockets. + * Fixed several issues in libssh C++ wrapper. + * Fixed several documentation issues. + * Fixed channel exit-signal request. + * Fixed X11 request screen number in messages. + * Fixed several memory leaks. + +------------------------------------------------------------------- +Tue Mar 4 17:20:09 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.3 + * Fix CVE-2014-0017. + +------------------------------------------------------------------- +Mon Feb 10 09:25:48 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.1 + * Added support for libgcrypt 1.6. + * Added ssh_channel_accept_forward(). + * Added known_hosts heuristic during connection (#138). + * Added getters for session cipher names. + * Fixed decrypt of zero length buffer. + * Fixed padding in RSA signature blobs. + * Fixed DSA signature extraction. + * Fixed some memory leaks. + * Fixed read of non-connected socket. + * Fixed thread dectection. + +------------------------------------------------------------------- +Wed Jan 8 10:18:32 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.0 + * Added new publicy key API. + * Added new userauth API. + * Added ssh_get_publickey_hash() function. + * Added ssh_get_poll_flags() function. + * Added gssapi-mic userauth. + * Added GSSAPIServerIdentity option. + * Added GSSAPIClientIdentity option. + * Added GSSAPIDelegateCredentials option. + * Added new callback based server API. + * Added Elliptic Curve DSA (ECDSA) support (with OpenSSL). + * Added Elliptic Curve Diffie Hellman (ECDH) support. + * Added Curve25519 for ECDH key exchange. + * Added improved logging system. + * Added SSH-agent forwarding. + * Added key-reexchange. + * Added more unit tests. + * Improved documentation. + * Fixed timeout handling. + +------------------------------------------------------------------- +Thu Dec 19 13:23:21 CET 2013 - kukuk@suse.de + +- Remove remove-pedantic-errors.diff, does not apply anymore and is + not needed anymore. + +------------------------------------------------------------------- +Thu Oct 31 21:49:47 UTC 2013 - javier@opensuse.org + +- Update to version 0.6.0rc1 + * Added new publicy key API. + * Added new userauth API. + * Added gssapi-mic userauth. + * Added new callback based server API. + * Added Elliptic Curve DSA (ECDSA) support (with OpenSSL). + * Added Elliptic Curve Diffie Hellman (ECDH) support. + * Added improved logging system. + * Added SSH-agent forwarding. + * Added key-reexchange. + * Improved documentation. + * Fixed timeout handling. + +------------------------------------------------------------------- +Mon Jul 29 08:17:19 UTC 2013 - asn@cryptomilk.org + +- Add baselibs.conf +- Require xz to fix build on older distro versions. + +------------------------------------------------------------------- +Fri Jul 26 07:44:37 UTC 2013 - asn@cryptomilk.org + +- Update to version 0.5.5 + * BUG 103: Fix ProxyCommand parsing. + - Remove patch fix-proxycomand-parsing1.diff + - Remove patch fix-proxy-command-none.diff + * Fix setting -D_FORTIFY_SOURCE=2. + * Fix pollset error return if emtpy. + * Fix NULL pointer checks in channel functions. + * Several bugfixes. + +------------------------------------------------------------------- +Thu Jul 25 19:56:12 UTC 2013 - lbeltrame@kde.org + +- Add fix-proxycomand-parsing1.diff: fix ProxyCommand parsing in + libssh (upstream libssh bug 103) +- Add fix-proxy-command-none.diff: fix ProxyCommand when it is + "none" (upstream libssh bug 103) + +------------------------------------------------------------------- +Tue Jan 22 15:03:51 UTC 2013 - asn@cryptomilk.org + +- Update to version 0.5.4 + * CVE-2013-0176 - NULL dereference leads to denial of service + * Fixed several NULL pointer dereferences in SSHv1. + * Fixed a free crash bug in options parsing. + +------------------------------------------------------------------- +Tue Nov 20 13:40:42 UTC 2012 - asn@cryptomilk.org + +- Update to version 0.5.3 + * CVE-2012-4559 Fixed multiple double free() flaws. + * CVE-2012-4560 Fixed multiple buffer overflow flaws. + * CVE-2012-4561 Fixed multiple invalid free() flaws. + * rlo #84 - Fix bug in sftp_mkdir not returning on error. + * rlo #85 - Fixed a possible channel infinite loop if the connection dropped. + * rlo #88 - Added missing channel request_state and set it to accepted. + * rlo #89 - Reset error state to no error on successful SSHv1 authentiction. + * Fixed a possible use after free in ssh_free(). + * Fixed multiple possible NULL pointer dereferences. + * Fixed multiple memory leaks in error paths. + * Fixed timeout handling. + * Fixed regression in pre-connected socket setting. + * Handle all unknown global messages. + +------------------------------------------------------------------- +Tue Feb 7 13:34:00 UTC 2012 - jengelh@medozas.de + +- Ensure pkgconfig symbols are provided + +------------------------------------------------------------------- +Tue Jan 31 10:36:26 UTC 2012 - jengelh@medozas.de + +- Remove redundant tags/sections per specfile guideline suggestions +- Parallel building using %_smp_mflags +- Make pkgconfig provides available +- Add patch to work around compilation problems on SLES11SP1 + +------------------------------------------------------------------- +Sat Sep 17 07:00:53 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.2 + * Increased window size x10. + * Fixed SSHv1. + * Fixed bugged lists. + * Fixed use-after-free + inconsistent callbacks call in poll. + * Fixed scp documentation. + * Fixed possible infinite loop in channel_read(). + * Fixed handling of short reads of sftp_async_read(). + * Fixed handling request service timeout in blocking mode. + * Fixed ssh_auth_list() documentation. + * Fixed incorrect return values in ssh_channel_write(). + * Fixed an infinite loop in the termination callback. + * Fixed handling of SSH_AGAIN in channel_open(). + * Fixed "status -5 inflating zlib packet" + +------------------------------------------------------------------- +Tue Sep 6 03:36:48 UTC 2011 - crrodriguez@opensuse.org + +- Build with OPENSSL_LOAD_CONF so we respect user's choice + of which "openssl engine" to use for crypto (aes-ni,intel-accel) + +------------------------------------------------------------------- +Tue Aug 9 15:12:39 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.1 + * Added checks for NULL pointers in string.c. + * Set the channel max packet size to 32768. + * Don't (de)compress empty buffers. + * Fixed ssh_scp_write so it works when doing recursive copy. + * Fixed another source of endless wait. + * Fixed an endless loop in case of a channel_open error. + * Fixed session timeout handling. + * Fixed ssh_channel_from_local() loop. + * Fixed permissions of scp example when we copy a file. + * Workaround ssh_get_user_home_dir on LDAP users. + * Added pkg-config support for libssh_threads. + * Fixed compilation without server and sftp modes. + * Fix static .lib overwriting on Windows. + +------------------------------------------------------------------- +Tue May 31 14:32:09 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.0 + * Added ssh_ prefix to all functions. + * Added complete Windows support. + * Added improved server support. + * Added unit tests for a lot of functions. + * Added asynchronous service request. + * Added a multiplatform ssh_getpass() function. + * Added a tutorial. + * Added a lot of documentation. + * Fixed a lot of bugs. + * Fixed several memory leaks. + +------------------------------------------------------------------- +Sat Jan 15 08:58:45 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.4.8 + * Fixed memory leaks in session signing. + * Fixed memory leak in ssh_print_hexa. + * Fixed problem with ssh_connect w/ timeout and fd > 1024. + * Fixed some warnings on OS/2. + * Fixed installation path for OS/2. + +------------------------------------------------------------------- +Mon Dec 27 20:12:23 CET 2010 - asn@cynapses.org + +- Update to version 0.4.7 + * Fixed a possible memory leak in ssh_get_user_home(). + * Fixed a memory leak in sftp_xstat. + * Fixed uninitialized fd->revents member. + * Fixed timout value in ssh_channel_accept(). + * Fixed length checks in ssh_analyze_banner(). + * Fixed a possible data overread and crash bug. + * Fixed setting max_fd which breaks ssh_select(). + * Fixed some pedantic build warnings. + * Fixed a memory leak with session->bindaddr. + +------------------------------------------------------------------- +Sun Sep 5 19:30:28 CEST 2010 - asn@cynapses.org + +- Update to version 0.4.6 + * Added a cleanup function to free the ws2_32 library. + * Fixed build with gcc 3.4. + * Fixed the Windows build on Vista and newer. + * Fixed the usage of WSAPoll() on Windows. + * Fixed "@deprecated" in doxygen + * Fixed some mingw warnings. + * Fixed handling of opened channels. + * Fixed keepalive problem on older openssh servers. + * Fixed testing for big endian on Windows. + * Fixed the Windows preprocessor macros and defines. + +------------------------------------------------------------------- +Tue Jul 13 10:27:13 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.5 + * Added option to bind a client to an ip address. + * Fixed the ssh socket polling function. + * Fixed Windows related bugs in bsd_poll(). + * Fixed serveral build warnings. + +------------------------------------------------------------------- +Mon May 31 14:13:55 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.4 + * Fixed some bugs ein path expand functions. + +------------------------------------------------------------------- +Mon May 17 23:50:11 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.3 + * Added global/keepalive responses. + * Added runtime detection of WSAPoll(). + * Added a select(2) based poll-emulation if poll(2) is not available. + * Added a function to expand an escaped string. + * Added a function to expand the tilde from a path. + * Added a proxycommand support. + * Added ssh_privatekey_type public function + * Added the possibility to define _OPENSSL_DIR and _ZLIB_DIR. + * Fixed sftp_chown. + * Fixed sftp_rename on protocol version 3. + * Fixed a blocking bug in channel_poll. + * Fixed config parsing wich has overwritten user specified values. + * Fixed hashed [host]:port format in knownhosts + * Fixed Windows build. + * Fixed doublefree happening after a negociation error. + * Fixed aes*-ctr with <= OpenSSL 0.9.7b. + * Fixed some documentation. + * Fixed exec example which has broken read usage. + * Fixed broken algorithm choice for server. + * Fixed a typo that we don't export all symbols. + * Removed the unneeded dependency to doxygen. + * Build examples only on the Linux plattform. + +------------------------------------------------------------------- +Mon Mar 15 19:40:44 CET 2010 - anschneider@exsuse.de + +- Update to version 0.4.2 + * Added owner and group information in sftp attributes. + * Added missing SSH_OPTIONS_FD option. + * Added printout of owner and group in the sftp example. + * Added a prepend function for ssh_list. + * Added send back replies to openssh's keepalives. + * Fixed documentation in scp code + * Fixed longname parsing, this only workings with readdir. + * Fixed and added support for several identity files. + * Fixed sftp_parse_longname() on Windows. + * Fixed a race condition bug in ssh_scp_close() + * Remove config support for SSHv1 Cipher variable. + * Rename ssh_list_add to ssh_list_append. + * Rename ssh_list_get_head to ssh_list_pop_head + +------------------------------------------------------------------- +Mon Feb 15 12:41:47 CET 2010 - anschneider@exsuse.de + +- Fixed Requires. + +------------------------------------------------------------------- +Sat Feb 13 15:29:14 CET 2010 - anschneider@exsuse.de + +- Update to version 0.4.1 + * Added support for aes128-ctr, aes192-ctr and aes256-ctr encryption. + * Added an example for exec. + * Added private key type detection feature in privatekey_from_file(). + * Fixed zlib compression fallback. + * Fixed kex bug that client preference should be prioritary + * Fixed known_hosts file set by the user. + * Fixed a memleak in channel_accept(). + * Fixed underflow when leave_function() are unbalanced + * Fixed memory corruption in handle_channel_request_open(). + * Fixed closing of a file handle case of errors in privatekey_from_file(). + * Fixed ssh_get_user_home_dir() to be thread safe. + * Fixed the doxygen documentation. + +------------------------------------------------------------------- +Thu Dec 10 23:43:19 CET 2009 - anschneider@exsuse.de + +- Update to version 0.4.0 + * Added scp support. + * Added support for sending signals (RFC 4254, section 6.9). + * Added MSVC support. + * Added support for ~/.ssh/config. + * Added sftp extension support. + * Added X11 forwarding support for client. + * Added forward listening. + * Added support for openssh extensions (statvfs, fstatvfs). + * Added a cleaned up interface for setting options. + * Added a generic way to handle sockets asynchronously. + * Added logging of the sftp flags used to open a file. + * Added full poll() support and poll-emulation for win32. + * Added missing 64bit functions in sftp. + * Added support for ~/ and SSH_DIR/ in filenames instead of %s/. + * Fixed Fix channel_get_exit_status bug. + * Fixed calltrace logging to make it optional. + * Fixed compilation on Solaris. + * Fixed resolving of ip addresses. + * Fixed libssh compilation without server support. + * Fixed possible memory corruptions (ticket #14). + +------------------------------------------------------------------- +Mon Sep 14 10:20:52 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.4. + * Added ssh_basename and ssh_dirname. + * Added a portable ssh_mkdir function. + * Added a sftp_tell64() function. + * Added missing NULL pointer checks to crypt_set_algorithms_server. + * Fixed ssh_write_knownhost if ~/.ssh doesn't exist. + * Fixed a possible integer overflow in buffer_get_data(). + * Fixed possible security bug in packet_decrypt(). + +------------------------------------------------------------------- +Tue Aug 18 15:28:06 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.3. + * Fixed double free pointer crash in dsa_public_to_string. + * Fixed channel_get_exit_status bug. + * Fixed ssh_finalize which didn't clear the flag. + * Fixed memory leak introduced by previous bugfix. + * Fixed channel_poll broken when delayed EOF recvd. + * Fixed stupid "can't parse known host key" bug. + * Fixed possible memory corruption (ticket #14). + +------------------------------------------------------------------- +Tue Aug 4 16:20:25 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.2 + * Added ssh_init() function. + * Added sftp_readlink() function. + * Added sftp_symlink() function. + * Fixed ssh_write_knownhost(). + * Fixed compilation on Solaris. + * Fixed SSHv1 compilation. + +------------------------------------------------------------------- +Tue Jul 14 09:55:36 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.1 + * Added return code SSH_SERVER_FILE_NOT_FOUND. + * Fixed compilation of SSHv1. + * Fixed several memory leaks. + * Fixed possible infinite loops. + * Fixed a possible crash bug. + * Fixed build warnings. + * Fixed cmake on BSD. + +------------------------------------------------------------------- +Thu May 21 10:52:35 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.0 + * Added support for ssh-agent authentication. + * Added POSIX like sftp implementation. + * Added error checking to all functions. + * Added const to arguments where it was needed. + * Added a channel_get_exit_status() function. + * Added a channel_read_buffer() function, channel_read() is now + a POSIX like function. + * Added a more generic auth callback function. + * Added printf attribute checking for log and error functions. + * Added runtime function tracer support. + * Added NSIS build support with CPack. + * Added openssh hashed host support. + * Added API documentation for all public functions. + * Added asynchronous SFTP read function. + * Added a ssh_bind_set_fd() function. + * Fixed known_hosts parsing. + * Fixed a lot of build warnings. + * Fixed the Windows build. + * Fixed a lot of memory leaks. + * Fixed a double free corruption in the server support. + * Fixed the "ssh_accept:" bug in server support. + * Fixed important channel bugs. + * Refactored the socket handling. + * Switched to CMake build system. + * Improved performance. + +------------------------------------------------------------------- +Mon Nov 17 17:46:00 CET 2008 - anschneider@suse.de + +- Add 'Provides: libssh' to the library that the debuginfo package + can be installed. +- Fix channel performance by changing the window len. +- Use libssh2 as name for the library package. +- Remove rpmlintrc + +------------------------------------------------------------------- +Tue Oct 7 21:19:07 CEST 2008 - aj@suse.de + +- Disable parallel build since it breaks the build. + +------------------------------------------------------------------- +Tue Sep 30 14:02:58 CEST 2008 - ro@suse.de + +- Add rpmlintrc (desired package name is already taken by another + package) + +------------------------------------------------------------------- +Tue Sep 30 13:49:00 CEST 2008 - ro@suse.de + +- Fix debug package requires + +------------------------------------------------------------------- +Tue Sep 30 12:41:19 CEST 2008 - ro@suse.de + +- Fixed filelist + +------------------------------------------------------------------- +Thu Aug 21 11:26:29 CEST 2008 - anschneider@suse.de + +- Map the permissions field to the type field for sftp v3. +- Add errno mapping for sftp functions + +------------------------------------------------------------------- +Wed Aug 20 16:08:57 CEST 2008 - anschneider@suse.de + +- Initial libssh package + diff --git a/libssh.keyring b/libssh.keyring new file mode 100644 index 0000000000000000000000000000000000000000..411bf36750f0fc4a8856034415e39c7116559ee4 GIT binary patch literal 3432 zcma*p_ct4i!ocx}QL!m1M$D?3u}kf!7>&Kfo>jzNwfC+*)QGKCjjC0OQpBF2iW)Uz zuiB;D=e_5i^FF`a_q_kZ=X}pM8%R!|t2L&GM+F!>lQPCyyIvl`cuN@$-G>|ou&}^A zn93lyCo!q)4>ia3)el-n*1nj^vXJGQThLGx{NnCp;L^s1(PBlSFEXaSzqiqHCY|Id zZL;oMaJk9*-Y}D^u@0LTMT-kB>#wDZL;*&GW~y!D9OJcT_H}-W3Uz%p8N&m4CUS7> zD-$(KGF!hH;-%I|{sgrT=$64vNgx3y zk6cyafMfnTZk;oDS-&XwToz$?4HG2@AT|d5v#;2?GmSH}!`IX4V3Z4b)oAz=2pZRy9};;0gB`uUi48bFN)z-#1IbhGocxAtPwvvqQ_e_?0u$tGj%<)&ck z8Q|`Xa(&_QQV`|oC>IZuA-InR1aJeH@b8g=i0|P8@rdY%fglo60(u}m9uR^Dd=N$m z)YY0y1%mMaBp|B4(I7_fG-dsvRDkl6bCGmiA5G$Wu-n+uzoaaMu@$LFQM>wT1WY?3 zkl`S1YZ{^K;Uc068akUF1?XQKYWinR_qf+5tTaDS_T&5Ma%Qm@G;UzWb@ER&0dP!?BHkITj|CtGNKbVNej z^lkm9-UehnIPes}p8v8%fo!NF=Q^yS+AIR;^i0_BpS^!=Kj~h~_;AMZ4aWG-`p&!R zpR#c?AE884S%wnC0!E2!;Y>4$>5i8V5ANh!F7EuIOa^XfzIy*w!jmz`@A~n$ZZ3Kg z_oO8&P2}g~Fh|=CGB}UT*PCi)s-!iX!EppqJumx>_>mJMVZVI0?SbIjgQ{c_NSakw z`4M;YuIJ}Z9T^iUjIA37yxz}`Mmtk$DQGlQZ;o7J6d{8@R}%Vub^jQ{AoY1A!V6a} zv)ZQ)9{<)V|MRryQ3(L|g3`GU8lUg+XGNQ0987ZjhsSeg755GLk>uV|j8CTO-17Gv zp;H2@iV;>N2EwE?4A%-Jox5bFe5|m>t#R1^fctzM(v~NmEYbIh+dMvRX}aigPdaE% z?Nu{Q8@b}hI16GDuQ{koe6uP1gVwzmj*n|oJw`I`<@$kdICa^!IpsB8Hl<_3bj@{R zmU>q6v#(>p&V~FexOG?~`+s5PW$kKX{U2dc{}#si{}A?1UUBM_cZOh|e%=GAb4Kd6 zX+>srORAGXdV`JT-=yuy#W_)o!oKZSI-9@xf^BSv z%Hk}`Yyao{>7sq?s3>&C@=*tymxWj=yV^oAKmHzcTphuh`yDHy4=kVKb4hh>DFyk- zU>-M>wcYvD^B8qsX(~3PB-dPhXkLknp5KaY-ZvbDy87eWgJ-Bw9f8=4N$8C91iw8` zxj*TZjb$9wiJnswT}*k;O^OA**D2X9!-em&Su-eTo|Cn54lh)QPr;w+x&gCH@u7_- zEQZR+2z`&wMOyH6uMiEFGewgo`PtW&$&5lODY-`63il0sKZbPatrF_~toqOs)!+e-?K*ID_Amsgsij+&6!VzOiML>Vxu zrco_mQ;jwd<&lWc7-53eO(L}0lB|1YJ#F88*WM>ZZcrE#eiJEks%aCtQb%tjjR8BV ze7pCKRwR=|cZgMesASEajgof2Q-(qgESH*UV_8zy#P7$N3%ykl@H*wxT&qnymykBQMd5%ow{~hF8%j}XMNe#iHeLGSoPE)gOBbfoSALf zF?Id99)$^fWAle0j3GA8$=k(dm|1WKh^YXkr)_>fIZ>LNGUFuWq_5mS#HG@*PjJEQ zACBeFxIa7yBjx`~J5-Doq1CXpq^eOvX?jP}k|sAm#uCHfwFU$pi%jP&lN)i$i<_<% zI#iH+507AW6^$2V7H8@fG~a&Wx-THchjmwYw&=@&@rvXivU!*&R<0WENa@&U zw49x3)}*`1l7lmjgiRu1s^nx<&`BfX@d8O}pC=;Dm@oHpi!NUXN4qbJ(ywyFJOT%* zGt*8_A;rAPm-So5$dFu#0;sp@%kpA->Z9tJ(U=;XJC|feP;3osXIaj=qvT`Ic%BEf zMW1;8Wb||V1yWEW;B>RaL(dU%C6CpshsL)Z@IWA2<@He-4n)I~_vGcynDD7n(F%9M ztLI{euUf!LrBHpc^W?3`t&vasi6N}_tKo*D_)WA=zE!@?{A&?VL$KoO)~|}TvfS7+ zUXclP7$|wNZ6!TZU{elwB=Wp2$7HA(H6Xwl4^tcrnF>Le61(<)4BH5lK`(He^UGy* z%b`7!GiNz&5S>wD4`49*&E0Cr$t-DGPI5I&KYqekSA0EePKz{T#EXasY{9c6dv{yv zL%{XH@+be$s7xul(fTdfJuJ;uyp) z6t3uCz<)`528o7Nyd$l2l|Y5&XPoxUyIdGMRwuhk6WWJ9^{u<7yf3T#u|{}N_jm0p ziG*>B&4R**r*0}{4{oPZYS;#x*!+in_-dxU5>=M*(Q(>mhqs_R4`+9##H{rQDNmd$ z<3GL8m+A2c+HN0Em|MzNi4e zszZ^O3|CJCW&}y2kY0M)Q)(7n%-OHtW{!&MCPB`pRyAe6PtJ9^PT^+x5Ms?2lpEcg zxLE42T2Q;)-@I2rN3bZf`ZGVsESUm*azDxK)1S)?X1dOY6Fk110>vSA>xs@(83LvN zrqZ8RqPwhP2MbDS8dN(KLk<M0^X91Y&-2YtVD z7BEl8V*IU1za57kjLA}OZbyBE4RPh&y8`PFdQS*AN%(*I0Dhl5g_`w+fV-wDz^?%e-MC+^^F)pKXO*>8GLAobn_18oHSlg1D@CVQ@t^{77jP+?~bsVsupi zx!ysj!tWst*4B-=Dlp12NVbB|9bzI+YYMDxj^+?*_K=k1?_vXW+YMq5Fgxu;00GLv7ozi8D%0m6&DgGm$ag&vThM`$#;S->ro4Abem9=|F=4Q<)fXi_hC?5-{)I4qJ<*-gGX^b5V}^M4xQA-l?J3`= z+j%iAdqjf#6K6CNg}+~#7iki!4|J-=5~{hT*G;m(8i?A7`d1HoY>4HBTts484LyV# WZDm2tMA4T=UAs2at-!xR8~z2&g;JCN literal 0 HcmV?d00001 diff --git a/libssh.spec b/libssh.spec new file mode 100644 index 0000000..d76bd9a --- /dev/null +++ b/libssh.spec @@ -0,0 +1,171 @@ +# +# spec file +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "test" +%define pkg_suffix -test +%ifarch s390 s390x ppc64le + %define slow_test_system "ON" +%else + %define slow_test_system "OFF" +%endif +%bcond_without test +%else +%define pkg_suffix %{nil} +%bcond_with test +%endif +Name: libssh%{pkg_suffix} +Version: 0.10.6 +Release: 0 +Summary: The SSH library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://www.libssh.org +Source0: https://www.libssh.org/files/0.10/libssh-%{version}.tar.xz +Source1: https://www.libssh.org/files/0.10/libssh-%{version}.tar.xz.asc +Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/libssh.keyring +Source3: libssh_client.config +Source4: libssh_server.config +Source99: baselibs.conf +Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch +Patch1: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/431.patch#/libssh-fix-ipv6-hostname-regression.patch +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: krb5-devel +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: zlib-devel +# doxygen generated documentation used to be in subpkg +Obsoletes: %{name}-devel-doc <= 0.8.6 +%if %{with test} +BuildRequires: libcmocka-devel +BuildRequires: openssh +%if 0%{?suse_version} > 1550 +BuildRequires: nss_wrapper +BuildRequires: pam_wrapper +BuildRequires: socket_wrapper +BuildRequires: uid_wrapper +%endif +%endif + +%description +An SSH implementation in the form of a library. With libssh, you can remotely +execute programs, transfer files, use a secure and transparent tunnel for your +remote programs. It supports SFTP as well. + +This package provides libssh from https://www.libssh.org that should not be +confused with libssh2 available from https://www.libssh2.org (libssh2 package) + +%package -n libssh4 +Summary: SSH library +Group: System/Libraries +Requires: %{name}-config >= %{version} + +%description -n libssh4 +An SSH implementation in the form of a library. With libssh, you can remotely +execute programs, transfer files, use a secure and transparent tunnel for your +remote programs. It supports SFTP as well. + +This package provides libssh from https://www.libssh.org that should not be +confused with libssh2 available from https://www.libssh2.org (libssh2 package) + +%package config +Summary: SSH library configuration files +Group: Productivity/Networking/SSH + +%description config +Configuration files for the SSH library. + +%package devel +Summary: SSH library development headers +Group: Development/Libraries/C and C++ +Requires: cmake +Requires: libssh4 = %{version} + +%description devel +Development headers for the SSH library. + +%prep +%autosetup -p1 -n libssh-%{version} + +%build +%cmake \ + -DCMAKE_C_FLAGS:STRING="%{optflags} -DOPENSSL_LOAD_CONF" \ +%if %{with test} + -DUNIT_TESTING="ON" \ + -DSLOW_TEST_SYSTEM=%{slow_test_system} \ +%if 0%{?suse_version} > 1550 + -DCLIENT_TESTING=ON \ + -DSERVER_TESTING=ON \ +%endif +%endif + -DWITH_GSSAPI=ON \ + -DWITH_EXAMPLES="OFF" \ + -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \ + -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config" + +make %{?_smp_mflags} + +%install +%if !%{with test} +%cmake_install + +install -d -m755 %{buildroot}%{_sysconfdir}/libssh +install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config +install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config + +# Fix incorrect include path, (boo#1211718). +%if 0%{?suse_version} > 1600 +sed -i '/^Include/ s|/etc|/usr/etc|' %{buildroot}%{_sysconfdir}/libssh/libssh_client.config +sed -i '/^Include/ s|/etc|/usr/etc|' %{buildroot}%{_sysconfdir}/libssh/libssh_server.config +%endif + +%endif + +%check +%if %{with test} +# Tests are randomly failing when run in parallel +%define _smp_mflags %{nil} +%ctest +%endif + +%if !%{with test} +%post -n libssh4 -p /sbin/ldconfig +%postun -n libssh4 -p /sbin/ldconfig + +%files -n libssh4 +%doc AUTHORS README CHANGELOG +%{_libdir}/libssh.so.* + +%files config +%dir %{_sysconfdir}/libssh +%config(noreplace) %{_sysconfdir}/libssh/libssh_client.config +%config(noreplace) %{_sysconfdir}/libssh/libssh_server.config + +%files devel +%{_includedir}/libssh +%{_libdir}/libssh.so +%{_libdir}/pkgconfig/libssh.pc +%dir %{_libdir}/cmake/libssh +%{_libdir}/cmake/libssh/libssh-config.cmake +%{_libdir}/cmake/libssh/libssh-config-relwithdebinfo.cmake +%{_libdir}/cmake/libssh/libssh-config-version.cmake +%endif + +%changelog diff --git a/libssh_client.config b/libssh_client.config new file mode 100644 index 0000000..1d293bd --- /dev/null +++ b/libssh_client.config @@ -0,0 +1,4 @@ +# Parse system-wide crypto configuration file +Include /etc/crypto-policies/back-ends/libssh.config +# Parse OpenSSH configuration file for consistency +Include /etc/ssh/ssh_config diff --git a/libssh_server.config b/libssh_server.config new file mode 100644 index 0000000..d3ef5c2 --- /dev/null +++ b/libssh_server.config @@ -0,0 +1,2 @@ +# Parse system-wide crypto configuration file +Include /etc/crypto-policies/back-ends/libssh.config