ALP-pool/libssh
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sync from SUSE:ALP:Source:Standard:1.0 libssh revision e8972d7c99349ff1de8f2d7ab5c4a740

Browse Source
This commit is contained in:
Adrian Schröter 2024-02-09 15:26:25 +01:00
commit e4d69c627f
12 changed files with 1511 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

53
0001-disable-timeout-test-on-slow-buildsystems.patch Normal file
View File

@ -0,0 +1,53 @@
Index: libssh-0.10.0/tests/unittests/torture_misc.c
===================================================================
--- libssh-0.10.0.orig/tests/unittests/torture_misc.c 2022-07-07 15:53:51.000000000 +0200
+++ libssh-0.10.0/tests/unittests/torture_misc.c 2022-08-26 14:19:01.827866890 +0200
@@ -211,11 +211,13 @@ static void torture_timeout_elapsed(void
ssh_timestamp_init(&ts);
usleep(30000);
+#ifndef SLOW_TEST_SYSTEM
assert_true(ssh_timeout_elapsed(&ts,25));
assert_false(ssh_timeout_elapsed(&ts,30000));
assert_false(ssh_timeout_elapsed(&ts,75));
assert_true(ssh_timeout_elapsed(&ts,0));
assert_false(ssh_timeout_elapsed(&ts,-1));
+#endif /* SLOW_TEST_SYSTEM */
}
static void torture_timeout_update(void **state){
@@ -223,11 +225,13 @@ static void torture_timeout_update(void
(void) state;
ssh_timestamp_init(&ts);
usleep(50000);
+#ifndef SLOW_TEST_SYSTEM
assert_int_equal(ssh_timeout_update(&ts,25), 0);
assert_in_range(ssh_timeout_update(&ts,30000),29000,29960);
assert_in_range(ssh_timeout_update(&ts,75),1,40);
assert_int_equal(ssh_timeout_update(&ts,0),0);
assert_int_equal(ssh_timeout_update(&ts,-1),-1);
+#endif /* SLOW_TEST_SYSTEM */
}
static void torture_ssh_analyze_banner(void **state) {
Index: libssh-0.10.0/DefineOptions.cmake
===================================================================
--- libssh-0.10.0.orig/DefineOptions.cmake 2022-07-07 15:53:51.000000000 +0200
+++ libssh-0.10.0/DefineOptions.cmake 2022-08-26 14:19:41.500119198 +0200
@@ -25,6 +25,7 @@ option(WITH_GEX "Enable DH Group exchang
option(WITH_INSECURE_NONE "Enable insecure none cipher and MAC algorithms (not suitable for production!)" OFF)
option(FUZZ_TESTING "Build with fuzzer for the server and client (automatically enables none cipher!)" OFF)
option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
+option(SLOW_TEST_SYSTEM "Disable tests that fail on slow systems" OFF)
if (WITH_ZLIB)
set(WITH_LIBZ ON)
@@ -60,3 +61,8 @@ endif (NOT GLOBAL_CLIENT_CONFIG)
if (FUZZ_TESTING)
set(WITH_INSECURE_NONE ON)
endif (FUZZ_TESTING)
+
+if (SLOW_TEST_SYSTEM)
+ set (SLOW_TEST_SYSTEM ON)
+ add_definitions(-DSLOW_TEST_SYSTEM)
+endif (SLOW_TEST_SYSTEM)

3
_multibuild Normal file
View File

@ -0,0 +1,3 @@
<multibuild>
<package>test</package>
</multibuild>

1
baselibs.conf Normal file
View File

@ -0,0 +1 @@
libssh4

BIN
libssh-0.10.6.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
libssh-0.10.6.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmWAeGkACgkQfuD8TcwB
Tj2yAw//QOMEcCiijJvOgXCKsVoV9oSuK3aYxqpOS9cV2P40eev0KQrAZC2EXNt3
XAdfNhA21b2C6qSxckmkCWg3vwPmM6LousHG+zpyZkiSziolMoeBkvbEdU42fufE
SD39cA1bBEbZahyrILWT2I3Bi0d0G7FC13tIBXShS2zIITSXs/2SSRIhg3OXB979
FTwvEE4zHeSXO4itTMNA/sMJ/0qPccQIzisH0g/TF4318b0qjlQjkHJS1y0f3/PL
Ge3RORQVcZqGTnhJNlF/tKD8wZ9mfqqurQ9yNshiAu8hH8sDH5ZhI3o5pjQe0mGO
JNEwTw0X/vZ4iglWFmm2CusiHrh0KUFsrp8f3oaL3HU4i7yYgo0FhzFtgFVt0gXO
JQOhlSUq50yqbBj6S9C5ecuSR0uPgYA4d8qCFrt9oD77m7Qi3mMi+f/kP+HctIaV
4ro7lZf6IS54J4/m5hRY3F0nweFnZZL8gn8Da8mBZSvhXCqQL6qbD9buwrTzxGft
Fct7+PrRwz9igO7j2nNMyWxtX55/GpX06n7vuonRgQQQiT8eQ5R71STMHJaACFPS
CJHCpuVL28HGdyAxN5d65TCvkNo9/gFGM6ocIH3OlreTFUvy22qNrqwHpCkLgYWU
ylntVoE/VYtHtwFOe0uuCX+2TiM03P5UT2NqAAa/8D4Z5ur3qUY=
=nXW5
-----END PGP SIGNATURE-----

265
libssh-fix-ipv6-hostname-regression.patch Normal file
View File

@ -0,0 +1,265 @@
From 66ac6343b246458a6645ae32f75556a1407031ec Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 22 Dec 2023 10:32:40 +0100
Subject: [PATCH 1/2] Fix regression in IPv6 addresses in hostname parsing
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
include/libssh/config_parser.h | 11 ++++++++---
src/config.c | 4 ++--
src/config_parser.c | 19 ++++++++++++++-----
src/options.c | 10 ++--------
4 files changed, 26 insertions(+), 18 deletions(-)
diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h
index a7dd42a2c..ca353432b 100644
--- a/include/libssh/config_parser.h
+++ b/include/libssh/config_parser.h
@@ -30,6 +30,8 @@
extern "C" {
#endif
+#include <stdbool.h>
+
char *ssh_config_get_cmd(char **str);
char *ssh_config_get_token(char **str);
@@ -49,14 +51,17 @@ int ssh_config_get_yesno(char **str, int notfound);
* be stored or NULL if we do not care about the result.
* @param[out] port Pointer to the location, where the new port will
* be stored or NULL if we do not care about the result.
+ * @param[in] ignore_port Set to true if the we should not attempt to parse
+ * port number.
*
* @returns SSH_OK if the provided string is in format of SSH URI,
* SSH_ERROR on failure
*/
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port);
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port);
#ifdef __cplusplus
}
diff --git a/src/config.c b/src/config.c
index 5eedbce96..7135c3b19 100644
--- a/src/config.c
+++ b/src/config.c
@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
}
if (parse_entry) {
/* We actually care only about the first item */
- rv = ssh_config_parse_uri(cp, &username, &hostname, &port);
+ rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false);
/* The rest of the list needs to be passed on */
if (endp != NULL) {
next = strdup(endp + 1);
@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
}
} else {
/* The rest is just sanity-checked to avoid failures later */
- rv = ssh_config_parse_uri(cp, NULL, NULL, NULL);
+ rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false);
}
if (rv != SSH_OK) {
goto out;
diff --git a/src/config_parser.c b/src/config_parser.c
index 9ffc8b8b0..b30e94091 100644
--- a/src/config_parser.c
+++ b/src/config_parser.c
@@ -161,10 +161,14 @@ int ssh_config_get_yesno(char **str, int notfound)
return notfound;
}
+/* Parse the URI extracting parts such as a username, hostname and port.
+ * If the port is NULL, do not expect port present and be more lax for example
+ * with matching IPv6 address which have the same separators as host:port */
int ssh_config_parse_uri(const char *tok,
- char **username,
- char **hostname,
- char **port)
+ char **username,
+ char **hostname,
+ char **port,
+ bool ignore_port)
{
char *endp = NULL;
long port_n;
@@ -210,12 +214,17 @@ int ssh_config_parse_uri(const char *tok,
if (endp == NULL) {
goto error;
}
- } else {
- /* Hostnames or aliases expand to the last colon or to the end */
+ } else if (!ignore_port) {
+ /* Hostnames or aliases expand to the last colon (if port is requested)
+ * or to the end */
endp = strrchr(tok, ':');
if (endp == NULL) {
endp = strchr(tok, '\0');
}
+ } else {
+ /* If no port is requested, expand to the end of line
+ * (to accommodate the IPv6 addresses) */
+ endp = strchr(tok, '\0');
}
if (tok == endp) {
/* Zero-length hostnames are not valid */
diff --git a/src/options.c b/src/options.c
index 2e73be462..676c49e7a 100644
--- a/src/options.c
+++ b/src/options.c
@@ -634,17 +634,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type,
ssh_set_error_invalid(session);
return -1;
} else {
- char *username = NULL, *hostname = NULL, *port = NULL;
- rc = ssh_config_parse_uri(value, &username, &hostname, &port);
+ char *username = NULL, *hostname = NULL;
+ rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true);
if (rc != SSH_OK) {
return -1;
}
- if (port != NULL) {
- SAFE_FREE(username);
- SAFE_FREE(hostname);
- SAFE_FREE(port);
- return -1;
- }
if (username != NULL) {
SAFE_FREE(session->opts.username);
session->opts.username = username;
--
GitLab
From f2ec751f09901b9c539ae096f5ee4fc63f305f30 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Fri, 22 Dec 2023 09:52:18 +0100
Subject: [PATCH 2/2] tests: Increase test coverage for IPv6 address parsing as
hostnames
This was an issue in cockpit:
https://github.com/cockpit-project/cockpit/issues/19772
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
---
tests/unittests/torture_config.c | 49 +++++++++++++++++++++++++++++++
tests/unittests/torture_options.c | 16 ++++++++++
2 files changed, 65 insertions(+)
diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
index bc6b08f94..751aa126c 100644
--- a/tests/unittests/torture_config.c
+++ b/tests/unittests/torture_config.c
@@ -2332,6 +2332,53 @@ static void torture_config_make_absolute_no_sshdir(void **state)
torture_config_make_absolute_int(state, 1);
}
+static void torture_config_parse_uri(void **state)
+{
+ char *username = NULL;
+ char *hostname = NULL;
+ char *port = NULL;
+ int rc;
+
+ (void)state; /* unused */
+
+ rc = ssh_config_parse_uri("localhost", &username, &hostname, &port, false);
+ assert_return_code(rc, errno);
+ assert_null(username);
+ assert_string_equal(hostname, "localhost");
+ SAFE_FREE(hostname);
+ assert_null(port);
+
+ rc = ssh_config_parse_uri("1.2.3.4", &username, &hostname, &port, false);
+ assert_return_code(rc, errno);
+ assert_null(username);
+ assert_string_equal(hostname, "1.2.3.4");
+ SAFE_FREE(hostname);
+ assert_null(port);
+
+ rc = ssh_config_parse_uri("1.2.3.4:2222", &username, &hostname, &port, false);
+ assert_return_code(rc, errno);
+ assert_null(username);
+ assert_string_equal(hostname, "1.2.3.4");
+ SAFE_FREE(hostname);
+ assert_string_equal(port, "2222");
+ SAFE_FREE(port);
+
+ rc = ssh_config_parse_uri("[1:2:3::4]:2222", &username, &hostname, &port, false);
+ assert_return_code(rc, errno);
+ assert_null(username);
+ assert_string_equal(hostname, "1:2:3::4");
+ SAFE_FREE(hostname);
+ assert_string_equal(port, "2222");
+ SAFE_FREE(port);
+
+ /* do not want port */
+ rc = ssh_config_parse_uri("1:2:3::4", &username, &hostname, NULL, true);
+ assert_return_code(rc, errno);
+ assert_null(username);
+ assert_string_equal(hostname, "1:2:3::4");
+ SAFE_FREE(hostname);
+}
+
int torture_run_tests(void)
{
int rc;
@@ -2424,6 +2471,8 @@ int torture_run_tests(void)
setup, teardown),
cmocka_unit_test_setup_teardown(torture_config_make_absolute_no_sshdir,
setup_no_sshdir, teardown),
+ cmocka_unit_test_setup_teardown(torture_config_parse_uri,
+ setup, teardown),
};
diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c
index 5ba3bdc6a..b07712d86 100644
--- a/tests/unittests/torture_options.c
+++ b/tests/unittests/torture_options.c
@@ -57,6 +57,20 @@ static void torture_options_set_host(void **state) {
assert_non_null(session->opts.host);
assert_string_equal(session->opts.host, "localhost");
+ /* IPv4 address */
+ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "127.1.1.1");
+ assert_true(rc == 0);
+ assert_non_null(session->opts.host);
+ assert_string_equal(session->opts.host, "127.1.1.1");
+ assert_null(session->opts.username);
+
+ /* IPv6 address */
+ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "::1");
+ assert_true(rc == 0);
+ assert_non_null(session->opts.host);
+ assert_string_equal(session->opts.host, "::1");
+ assert_null(session->opts.username);
+
rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation");
assert_true(rc == 0);
assert_non_null(session->opts.host);
@@ -64,12 +78,14 @@ static void torture_options_set_host(void **state) {
assert_non_null(session->opts.username);
assert_string_equal(session->opts.username, "guru");
+ /* more @ in uri is OK -- it should go to the username */
rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname");
assert_true(rc == 0);
assert_non_null(session->opts.host);
assert_string_equal(session->opts.host, "hostname");
assert_non_null(session->opts.username);
assert_string_equal(session->opts.username, "at@login");
+
}
static void torture_options_set_ciphers(void **state) {
--
GitLab

970
libssh.changes Normal file
View File

@ -0,0 +1,970 @@
-------------------------------------------------------------------
Sat Dec 23 10:35:07 UTC 2023 - Andreas Schneider <asn@cryptomilk.org>
- Fix regression parsing IPv6 addresses provided as hostname
* Added libssh-fix-ipv6-hostname-regression.patch
-------------------------------------------------------------------
Tue Dec 19 12:28:53 UTC 2023 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.10.6
https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/
- Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209)
- Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126)
- Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186)
-------------------------------------------------------------------
Mon Sep 25 09:09:25 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
- Enable crypto-policies support: [bsc#1211301]
* Rebase libssh_client.config libssh_server.config
-------------------------------------------------------------------
Fri Aug 4 13:12:05 UTC 2023 - malcolmlewis@opensuse.org
- Add fix to spec file for the incorrect include path as a result
of the default openSSH move to /usr/etc, (boo#1211718).
-------------------------------------------------------------------
Sat May 6 01:05:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 0.10.5:
* Fix CVE-2023-1667: a NULL dereference during rekeying with
algorithm guessing
* Fix CVE-2023-2283: a possible authorization bypass in
pki_verify_data_signature under low-memory conditions.
* Fix several memory leaks in GSSAPI handling code
* Escape braces in ProxyCommand created from ProxyJump options
for zsh compatibility.
* Fix pkg-config path relocation for MinGW
* Improve doxygen documentation
* Fix build with cygwin due to the glob support
* Do not enqueue outgoing packets after sending
SSH2_MSG_NEWKEYS
* Add support for SSH_SUPPRESS_DEPRECATED
* Avoid functions declarations without prototype to build with
clang 15
* Fix spelling issues
* Avoid expanding KnownHosts, ProxyCommands and IdentityFiles
repetitively
* Add support sk-* keys through configuration
* Improve checking for Argp library
* Log information about received extensions
* Correctly handle rekey with delayed compression
* Move the EC keys handling to OpenSSL 3.0 API
* Record peer disconnect message
* Avoid deadlock when write buffering occurs and we call poll
recursively to flush the output buffer
* Disable preauthentication compression by default
* Add accidentally removed default compile flags
* Solve incorrect parsing of ProxyCommand option
-------------------------------------------------------------------
Wed Sep 7 13:32:34 UTC 2022 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.10.4
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4
-------------------------------------------------------------------
Mon Sep 5 13:00:07 UTC 2022 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.10.3
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.3
-------------------------------------------------------------------
Fri Sep 2 08:51:23 UTC 2022 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.10.2
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.2
- Removed libssh-weak-attribute.patch
-------------------------------------------------------------------
Tue Aug 30 14:29:51 UTC 2022 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.10.1
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.1
- Enable client and server testing
* Added libssh-weak-attribute.patch
-------------------------------------------------------------------
Fri Aug 26 12:16:13 UTC 2022 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.10.0
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.0
- Removed 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch
-------------------------------------------------------------------
Wed Jan 5 13:58:56 UTC 2022 - Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to make the compression option more compatible (boo#1192731):
* 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch
-------------------------------------------------------------------
Thu Aug 26 13:15:59 UTC 2021 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.9.6 (bsc#1189608, CVE-2021-3634)
* https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6
-------------------------------------------------------------------
Mon Sep 21 19:16:06 UTC 2020 - Andreas Schneider <asn@cryptomilk.org>
- Add missing BR for openssh needed for tests
-------------------------------------------------------------------
Sun Sep 13 19:17:44 UTC 2020 - Dirk Mueller <dmueller@suse.com>
- update to 0.9.5 (bsc#1174713, CVE-2020-16135):
* CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232)
* Improve handling of library initialization (T222)
* Fix parsing of subsecond times in SFTP (T219)
* Make the documentation reproducible
* Remove deprecated API usage in OpenSSL
* Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN
* Define version in one place (T226)
* Prevent invalid free when using different C runtimes than OpenSSL (T229)
* Compatibility improvements to testsuite
-------------------------------------------------------------------
Thu Apr 9 07:50:07 UTC 2020 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.9.4
* https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
* Fix possible Denial of Service attack when using AES-CTR-ciphers
CVE-2020-1730 (bsc#1168699)
-------------------------------------------------------------------
Tue Feb 18 14:05:49 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Drop the hack to pull curl-mini: we moved the split a bit higher
up and now have a non-curl linked variant of cmake in
openSUSE:Factory.
-------------------------------------------------------------------
Tue Dec 10 19:08:47 UTC 2019 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.9.3
* Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095)
* SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
* SSH-01-006 General: Various unchecked Null-derefs cause DOS
* SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
* SSH-01-010 SSH: Deprecated hash function in fingerprinting
* SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
* SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
* SSH-01-001 State Machine: Initial machine states should be set explicitly
* SSH-01-002 Kex: Differently bound macros used to iterate same array
* SSH-01-005 Code-Quality: Integer sign confusion during assignments
* SSH-01-008 SCP: Protocol Injection via unescaped File Names
* SSH-01-009 SSH: Update documentation which RFCs are implemented
* SSH-01-012 PKI: Information leak via uninitialized stack buffer
-------------------------------------------------------------------
Mon Dec 9 09:25:43 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved
for internal use.
-------------------------------------------------------------------
Thu Nov 7 15:47:45 UTC 2019 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.9.2
* Fixed libssh-config.cmake
* Fixed issues with rsa algorithm negotiation (T191)
* Fixed detection of OpenSSL ed25519 support (T197)
-------------------------------------------------------------------
Fri Oct 25 14:47:49 UTC 2019 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.9.1
* Added support for Ed25519 via OpenSSL
* Added support for X25519 via OpenSSL
* Added support for localuser in Match keyword
* Fixed Match keyword to be case sensitive
* Fixed compilation with LibreSSL
* Fixed error report of channel open (T75)
* Fixed sftp documentation (T137)
* Fixed known_hosts parsing (T156)
* Fixed build issue with MinGW (T157)
* Fixed build with gcc 9 (T164)
* Fixed deprecation issues (T165)
* Fixed known_hosts directory creation (T166)
-------------------------------------------------------------------
Wed Jul 10 08:42:34 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Split out configuration to separate package to not mess up the
library packaging and coinstallation
-------------------------------------------------------------------
Fri Jun 28 06:40:49 UTC 2019 - Andreas Schneider <asn@cryptomilk.org>
- Update to verion 0.9.0
* Added support for AES-GCM
* Added improved rekeying support
* Added performance improvements
* Disabled blowfish support by default
* Fixed several ssh config parsing issues
* Added support for DH Group Exchange KEX
* Added support for Encrypt-then-MAC mode
* Added support for parsing server side configuration file
* Added support for ECDSA/Ed25519 certificates
* Added FIPS 140-2 compatibility
* Improved known_hosts parsing
* Improved documentation
* Improved OpenSSL API usage for KEX, DH, and signatures
- Removed 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch
- Removed 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch
- Removed 0001-tests-Add-aes-gcm-ciphers-tests.patch
- Add libssh client and server config files
-------------------------------------------------------------------
Wed May 29 12:56:05 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
- Fix the typo in Obsoletes for -devel-doc subpackage
- Actually remove the description for -devel-doc subpackage
-------------------------------------------------------------------
Thu May 23 15:32:07 UTC 2019 - James McDonough <jmcdonough@suse.com>
- Add support for new AES-GCM encryption types; (bsc#1134193)
* Add 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch
* Add 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch
* Add 0001-tests-Add-aes-gcm-ciphers-tests.patch
-------------------------------------------------------------------
Thu Feb 28 07:17:52 UTC 2019 - Stephan Kulow <coolo@suse.com>
- Avoid build cycle between curl and libssh by using obs hint to
prefer curl-mini
-------------------------------------------------------------------
Mon Feb 25 09:28:34 UTC 2019 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.7
* Fixed handling extension flags in the server implementation
* Fixed exporting ed25519 private keys
* Fixed corner cases for rsa-sha2 signatures
* Fixed some issues with connector
-------------------------------------------------------------------
Mon Feb 11 12:24:43 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Drop doxygen from dependencies to avoid buildcycle
* the documentation is available online anyway for anyone to
consume and consult http://api.libssh.org
-------------------------------------------------------------------
Tue Jan 8 13:14:24 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Added the tests in a multiple build description file *test* to
break the cycle for cmocka, curl, doxygen and libssh.
-------------------------------------------------------------------
Sun Dec 30 16:15:23 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.6
* Fixed compilation issues with different OpenSSL versions
* Fixed StrictHostKeyChecking in new knownhosts API
* Fixed ssh_send_keepalive() with packet filter
* Fixed possible crash with knownhosts options
* Fixed issus with rekeying
* Fixed strong ECDSA keys
* Fixed some issues with rsa-sha2 extentions
* Fixed access violation in ssh_init() (static linking)
* Fixed ssh_channel_close() handling
-------------------------------------------------------------------
Mon Oct 29 10:36:40 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.5
* Added support to get known_hosts locations with ssh_options_get()
* Fixed preferred algorithm for known hosts negotiations
* Fixed KEX with some server implementations (e.g. Cisco)
* Fixed issues with MSVC
* Fixed keyboard-interactive auth in server mode
(regression from CVE-2018-10933)
* Fixed gssapi auth in server mode (regression from CVE-2018-10933)
* Fixed socket fd handling with proxy command
* Fixed a memory leak with OpenSSL
-------------------------------------------------------------------
Tue Oct 16 12:07:50 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.4
* Fixed CVE-2018-10933; (bsc#1108020)
* Fixed building without globbing support
* Fixed possible memory leaks
* Avoid SIGPIPE on sockets
-------------------------------------------------------------------
Fri Sep 21 08:32:56 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.3
* Added support for rsa-sha2
* Added support to parse private keys in openssh container format
(other than ed25519)
* Added support for diffie-hellman-group18-sha512 and
diffie-hellman-group16-sha512
* Added ssh_get_fingerprint_hash()
* Added ssh_pki_export_privkey_base64()
* Added support for Match keyword in config file
* Improved performance and reduced memory footprint for sftp
* Fixed ecdsa publickey auth
* Fixed reading a closed channel
* Added support to announce posix-rename@openssh.com and
hardlink@openssh.com in the sftp server
- Removed patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch
-------------------------------------------------------------------
Thu Aug 30 06:00:24 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.2
* Added sha256 fingerprints for pubkeys
* Improved compiler flag detection
* Fixed race condition in reading sftp messages
* Fixed doxygen generation and added modern style
* Fixed library initialization on Windows
* Fixed __bounded__ attribute detection
* Fixed a bug in the options parser
* Fixed documentation for new knwon_hosts API
- Added patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch
* Fix compiler warning on SLE12
-------------------------------------------------------------------
Mon Aug 27 09:25:49 UTC 2018 - vcizek@suse.com
- Add missing zlib-devel dependency which was previously pulled in
by libopenssl-devel
-------------------------------------------------------------------
Tue Aug 14 13:34:19 UTC 2018 - asn@cryptomilk.org
- Remove the libssh_threads.so symlink
-------------------------------------------------------------------
Mon Aug 13 20:26:03 UTC 2018 - asn@cryptomilk.org
- Update to version 0.8.1
* Fixed version number in the header
* Fixed version number in pkg-config and cmake config
* Fixed library initialization
* Fixed attribute detection
-------------------------------------------------------------------
Fri Aug 10 12:01:17 UTC 2018 - asn@cryptomilk.org
- Update to version 0.8.0
* Removed support for deprecated SSHv1 protocol
* Added new connector API for clients
* Added new known_hosts parsing API
* Added support for OpenSSL 1.1
* Added support for chacha20-poly1305 cipher
* Added crypto backend for mbedtls crypto library
* Added ECDSA support with gcrypt backend
* Added advanced client and server testing using cwrap.org
* Added support for curve25519-sha256 alias
* Added support for global known_hosts file
* Added support for symbol versioning
* Improved ssh_config parsing
* Improved threading support
- Removed 0001-libcrypto-Remove-AES_ctr128_encrypt.patch
- Removed 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
- Removed 0001-libcrypto-Use-newer-API-for-HMAC.patch
- Removed 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
- Removed 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
- Removed 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
- Removed 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
- Removed 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
- Removed 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
-------------------------------------------------------------------
Fri Mar 9 14:12:28 UTC 2018 - jmcdonough@suse.com
- Disable timeout testing on slow build systems (bsc#1084713)
* 0001-disable-timeout-test-on-slow-buildsystems.patch
-------------------------------------------------------------------
Sun Dec 24 14:41:46 UTC 2017 - fabian@ritter-vogt.de
- Add patch to fix parsing of config files (boo#1067782):
* 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
-------------------------------------------------------------------
Fri Sep 15 08:31:32 UTC 2017 - vcizek@suse.com
- add support for building with OpenSSL 1.1 (bsc#1055266)
* added patches:
* 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
* 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
* 0001-libcrypto-Remove-AES_ctr128_encrypt.patch
* 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
* 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
* 0001-libcrypto-Use-newer-API-for-HMAC.patch
* 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
* 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
-------------------------------------------------------------------
Mon Jul 31 08:31:20 UTC 2017 - astieger@suse.com
- add package keyring and verify source signature
-------------------------------------------------------------------
Thu Apr 13 14:41:57 UTC 2017 - asn@cryptomilk.org
- Update to version 0.7.5
* Fixed a memory allocation issue with buffers
* Fixed PKI on Windows
* Fixed some SSHv1 functions
* Fixed config hostname expansion
-------------------------------------------------------------------
Wed Feb 8 10:43:05 UTC 2017 - asn@cryptomilk.org
- Update to version 0.7.4
* Added id_ed25519 to the default identity list
* Fixed sftp EOF packet handling
* Fixed ssh_send_banner() to confirm with RFC 4253
* Fixed some memory leaks
- Removed patch gcc5-fixes.patch
-------------------------------------------------------------------
Wed Dec 7 12:22:00 UTC 2016 - jengelh@inai.de
- Update descriptions. Drop redundant pkgconfig require
(it's autodetected).
-------------------------------------------------------------------
Wed Oct 7 08:25:18 UTC 2015 - asn@cryptomilk.org
- Update to version 0.7.2
* Fixed OpenSSL detection on Windows
* Fixed return status for ssh_userauth_agent()
* Fixed KEX to prefer hmac-sha2-256
* Fixed sftp packet handling
* Fixed return values of ssh_key_is_(public|private)
* Fixed bug in global success reply
-------------------------------------------------------------------
Mon Jul 20 09:29:46 UTC 2015 - tchvatal@suse.com
- Enable testsuite run to check the state of libssh itself
- Use SUSE macros to define environment clearly
- Enable gssapi by adding krb5 dependency
-------------------------------------------------------------------
Tue Jun 30 07:36:31 UTC 2015 - asn@cryptomilk.org
- Update to version 0.7.1
* Fixed SSH_AUTH_PARTIAL auth with auto public key
* Fixed memory leak in session options
* Fixed allocation of ed25519 public keys
* Fixed channel exit-status and exit-signal
* Reintroduce ssh_forward_listen()
-------------------------------------------------------------------
Mon May 11 09:50:29 UTC 2015 - asn@cryptomilk.org
- Update to version 0.7.0
* Added support for ed25519 keys
* Added SHA2 algorithms for HMAC
* Added improved and more secure buffer handling code
* Added callback for auth_none_function
* Added support for ECDSA private key signing
* Added more tests
* Fixed a lot of bugs
* Improved API documentation
-------------------------------------------------------------------
Wed May 6 20:26:52 UTC 2015 - dmueller@suse.com
- add gcc5-fixes.patch: Fix build against GCC 5.x
-------------------------------------------------------------------
Thu Apr 30 14:08:31 UTC 2015 - asn@cryptomilk.org
- Update to version 0.6.5
* Fixed CVE-2015-3146
* Fixed port handling in config file
* Fixed the build with libgcrypt
* Fixed SFTP endian issues (rlo #179)
* Fixed uninitilized sig variable (rlo #167)
* Fixed polling issues which could result in a hang
* Fixed handling of EINTR in ssh_poll() (rlo #186)
* Fixed C99 issues with __func__
* Fixed some memory leaks
* Improved macro detection on Windows
-------------------------------------------------------------------
Thu Jan 22 07:41:22 UTC 2015 - coolo@suse.com
- removing argument from popd
- add baselibs.conf as source
-------------------------------------------------------------------
Fri Dec 19 09:51:35 UTC 2014 - asn@cryptomilk.org
- Update to version 0.6.4
* Fixed CVE-2014-8132.
* Added SHA-2 for session ID signing with ECDSA keys.
* Added support for ECDSA host keys.
* Added support for more ECDSA hostkey algorithms.
* Added ssh_pki_key_ecdsa_name() API.
* Fixed setting the bindfd only after successful listen.
* Fixed issues with user created sockets.
* Fixed several issues in libssh C++ wrapper.
* Fixed several documentation issues.
* Fixed channel exit-signal request.
* Fixed X11 request screen number in messages.
* Fixed several memory leaks.
-------------------------------------------------------------------
Tue Mar 4 17:20:09 UTC 2014 - asn@cryptomilk.org
- Update to version 0.6.3
* Fix CVE-2014-0017.
-------------------------------------------------------------------
Mon Feb 10 09:25:48 UTC 2014 - asn@cryptomilk.org
- Update to version 0.6.1
* Added support for libgcrypt 1.6.
* Added ssh_channel_accept_forward().
* Added known_hosts heuristic during connection (#138).
* Added getters for session cipher names.
* Fixed decrypt of zero length buffer.
* Fixed padding in RSA signature blobs.
* Fixed DSA signature extraction.
* Fixed some memory leaks.
* Fixed read of non-connected socket.
* Fixed thread dectection.
-------------------------------------------------------------------
Wed Jan 8 10:18:32 UTC 2014 - asn@cryptomilk.org
- Update to version 0.6.0
* Added new publicy key API.
* Added new userauth API.
* Added ssh_get_publickey_hash() function.
* Added ssh_get_poll_flags() function.
* Added gssapi-mic userauth.
* Added GSSAPIServerIdentity option.
* Added GSSAPIClientIdentity option.
* Added GSSAPIDelegateCredentials option.
* Added new callback based server API.
* Added Elliptic Curve DSA (ECDSA) support (with OpenSSL).
* Added Elliptic Curve Diffie Hellman (ECDH) support.
* Added Curve25519 for ECDH key exchange.
* Added improved logging system.
* Added SSH-agent forwarding.
* Added key-reexchange.
* Added more unit tests.
* Improved documentation.
* Fixed timeout handling.
-------------------------------------------------------------------
Thu Dec 19 13:23:21 CET 2013 - kukuk@suse.de
- Remove remove-pedantic-errors.diff, does not apply anymore and is
not needed anymore.
-------------------------------------------------------------------
Thu Oct 31 21:49:47 UTC 2013 - javier@opensuse.org
- Update to version 0.6.0rc1
* Added new publicy key API.
* Added new userauth API.
* Added gssapi-mic userauth.
* Added new callback based server API.
* Added Elliptic Curve DSA (ECDSA) support (with OpenSSL).
* Added Elliptic Curve Diffie Hellman (ECDH) support.
* Added improved logging system.
* Added SSH-agent forwarding.
* Added key-reexchange.
* Improved documentation.
* Fixed timeout handling.
-------------------------------------------------------------------
Mon Jul 29 08:17:19 UTC 2013 - asn@cryptomilk.org
- Add baselibs.conf
- Require xz to fix build on older distro versions.
-------------------------------------------------------------------
Fri Jul 26 07:44:37 UTC 2013 - asn@cryptomilk.org
- Update to version 0.5.5
* BUG 103: Fix ProxyCommand parsing.
- Remove patch fix-proxycomand-parsing1.diff
- Remove patch fix-proxy-command-none.diff
* Fix setting -D_FORTIFY_SOURCE=2.
* Fix pollset error return if emtpy.
* Fix NULL pointer checks in channel functions.
* Several bugfixes.
-------------------------------------------------------------------
Thu Jul 25 19:56:12 UTC 2013 - lbeltrame@kde.org
- Add fix-proxycomand-parsing1.diff: fix ProxyCommand parsing in
libssh (upstream libssh bug 103)
- Add fix-proxy-command-none.diff: fix ProxyCommand when it is
"none" (upstream libssh bug 103)
-------------------------------------------------------------------
Tue Jan 22 15:03:51 UTC 2013 - asn@cryptomilk.org
- Update to version 0.5.4
* CVE-2013-0176 - NULL dereference leads to denial of service
* Fixed several NULL pointer dereferences in SSHv1.
* Fixed a free crash bug in options parsing.
-------------------------------------------------------------------
Tue Nov 20 13:40:42 UTC 2012 - asn@cryptomilk.org
- Update to version 0.5.3
* CVE-2012-4559 Fixed multiple double free() flaws.
* CVE-2012-4560 Fixed multiple buffer overflow flaws.
* CVE-2012-4561 Fixed multiple invalid free() flaws.
* rlo #84 - Fix bug in sftp_mkdir not returning on error.
* rlo #85 - Fixed a possible channel infinite loop if the connection dropped.
* rlo #88 - Added missing channel request_state and set it to accepted.
* rlo #89 - Reset error state to no error on successful SSHv1 authentiction.
* Fixed a possible use after free in ssh_free().
* Fixed multiple possible NULL pointer dereferences.
* Fixed multiple memory leaks in error paths.
* Fixed timeout handling.
* Fixed regression in pre-connected socket setting.
* Handle all unknown global messages.
-------------------------------------------------------------------
Tue Feb 7 13:34:00 UTC 2012 - jengelh@medozas.de
- Ensure pkgconfig symbols are provided
-------------------------------------------------------------------
Tue Jan 31 10:36:26 UTC 2012 - jengelh@medozas.de
- Remove redundant tags/sections per specfile guideline suggestions
- Parallel building using %_smp_mflags
- Make pkgconfig provides available
- Add patch to work around compilation problems on SLES11SP1
-------------------------------------------------------------------
Sat Sep 17 07:00:53 UTC 2011 - asn@cryptomilk.org
- Update to version 0.5.2
* Increased window size x10.
* Fixed SSHv1.
* Fixed bugged lists.
* Fixed use-after-free + inconsistent callbacks call in poll.
* Fixed scp documentation.
* Fixed possible infinite loop in channel_read().
* Fixed handling of short reads of sftp_async_read().
* Fixed handling request service timeout in blocking mode.
* Fixed ssh_auth_list() documentation.
* Fixed incorrect return values in ssh_channel_write().
* Fixed an infinite loop in the termination callback.
* Fixed handling of SSH_AGAIN in channel_open().
* Fixed "status -5 inflating zlib packet"
-------------------------------------------------------------------
Tue Sep 6 03:36:48 UTC 2011 - crrodriguez@opensuse.org
- Build with OPENSSL_LOAD_CONF so we respect user's choice
of which "openssl engine" to use for crypto (aes-ni,intel-accel)
-------------------------------------------------------------------
Tue Aug 9 15:12:39 UTC 2011 - asn@cryptomilk.org
- Update to version 0.5.1
* Added checks for NULL pointers in string.c.
* Set the channel max packet size to 32768.
* Don't (de)compress empty buffers.
* Fixed ssh_scp_write so it works when doing recursive copy.
* Fixed another source of endless wait.
* Fixed an endless loop in case of a channel_open error.
* Fixed session timeout handling.
* Fixed ssh_channel_from_local() loop.
* Fixed permissions of scp example when we copy a file.
* Workaround ssh_get_user_home_dir on LDAP users.
* Added pkg-config support for libssh_threads.
* Fixed compilation without server and sftp modes.
* Fix static .lib overwriting on Windows.
-------------------------------------------------------------------
Tue May 31 14:32:09 UTC 2011 - asn@cryptomilk.org
- Update to version 0.5.0
* Added ssh_ prefix to all functions.
* Added complete Windows support.
* Added improved server support.
* Added unit tests for a lot of functions.
* Added asynchronous service request.
* Added a multiplatform ssh_getpass() function.
* Added a tutorial.
* Added a lot of documentation.
* Fixed a lot of bugs.
* Fixed several memory leaks.
-------------------------------------------------------------------
Sat Jan 15 08:58:45 UTC 2011 - asn@cryptomilk.org
- Update to version 0.4.8
* Fixed memory leaks in session signing.
* Fixed memory leak in ssh_print_hexa.
* Fixed problem with ssh_connect w/ timeout and fd > 1024.
* Fixed some warnings on OS/2.
* Fixed installation path for OS/2.
-------------------------------------------------------------------
Mon Dec 27 20:12:23 CET 2010 - asn@cynapses.org
- Update to version 0.4.7
* Fixed a possible memory leak in ssh_get_user_home().
* Fixed a memory leak in sftp_xstat.
* Fixed uninitialized fd->revents member.
* Fixed timout value in ssh_channel_accept().
* Fixed length checks in ssh_analyze_banner().
* Fixed a possible data overread and crash bug.
* Fixed setting max_fd which breaks ssh_select().
* Fixed some pedantic build warnings.
* Fixed a memory leak with session->bindaddr.
-------------------------------------------------------------------
Sun Sep 5 19:30:28 CEST 2010 - asn@cynapses.org
- Update to version 0.4.6
* Added a cleanup function to free the ws2_32 library.
* Fixed build with gcc 3.4.
* Fixed the Windows build on Vista and newer.
* Fixed the usage of WSAPoll() on Windows.
* Fixed "@deprecated" in doxygen
* Fixed some mingw warnings.
* Fixed handling of opened channels.
* Fixed keepalive problem on older openssh servers.
* Fixed testing for big endian on Windows.
* Fixed the Windows preprocessor macros and defines.
-------------------------------------------------------------------
Tue Jul 13 10:27:13 CEST 2010 - anschneider@exsuse.de
- Update to version 0.4.5
* Added option to bind a client to an ip address.
* Fixed the ssh socket polling function.
* Fixed Windows related bugs in bsd_poll().
* Fixed serveral build warnings.
-------------------------------------------------------------------
Mon May 31 14:13:55 CEST 2010 - anschneider@exsuse.de
- Update to version 0.4.4
* Fixed some bugs ein path expand functions.
-------------------------------------------------------------------
Mon May 17 23:50:11 CEST 2010 - anschneider@exsuse.de
- Update to version 0.4.3
* Added global/keepalive responses.
* Added runtime detection of WSAPoll().
* Added a select(2) based poll-emulation if poll(2) is not available.
* Added a function to expand an escaped string.
* Added a function to expand the tilde from a path.
* Added a proxycommand support.
* Added ssh_privatekey_type public function
* Added the possibility to define _OPENSSL_DIR and _ZLIB_DIR.
* Fixed sftp_chown.
* Fixed sftp_rename on protocol version 3.
* Fixed a blocking bug in channel_poll.
* Fixed config parsing wich has overwritten user specified values.
* Fixed hashed [host]:port format in knownhosts
* Fixed Windows build.
* Fixed doublefree happening after a negociation error.
* Fixed aes*-ctr with <= OpenSSL 0.9.7b.
* Fixed some documentation.
* Fixed exec example which has broken read usage.
* Fixed broken algorithm choice for server.
* Fixed a typo that we don't export all symbols.
* Removed the unneeded dependency to doxygen.
* Build examples only on the Linux plattform.
-------------------------------------------------------------------
Mon Mar 15 19:40:44 CET 2010 - anschneider@exsuse.de
- Update to version 0.4.2
* Added owner and group information in sftp attributes.
* Added missing SSH_OPTIONS_FD option.
* Added printout of owner and group in the sftp example.
* Added a prepend function for ssh_list.
* Added send back replies to openssh's keepalives.
* Fixed documentation in scp code
* Fixed longname parsing, this only workings with readdir.
* Fixed and added support for several identity files.
* Fixed sftp_parse_longname() on Windows.
* Fixed a race condition bug in ssh_scp_close()
* Remove config support for SSHv1 Cipher variable.
* Rename ssh_list_add to ssh_list_append.
* Rename ssh_list_get_head to ssh_list_pop_head
-------------------------------------------------------------------
Mon Feb 15 12:41:47 CET 2010 - anschneider@exsuse.de
- Fixed Requires.
-------------------------------------------------------------------
Sat Feb 13 15:29:14 CET 2010 - anschneider@exsuse.de
- Update to version 0.4.1
* Added support for aes128-ctr, aes192-ctr and aes256-ctr encryption.
* Added an example for exec.
* Added private key type detection feature in privatekey_from_file().
* Fixed zlib compression fallback.
* Fixed kex bug that client preference should be prioritary
* Fixed known_hosts file set by the user.
* Fixed a memleak in channel_accept().
* Fixed underflow when leave_function() are unbalanced
* Fixed memory corruption in handle_channel_request_open().
* Fixed closing of a file handle case of errors in privatekey_from_file().
* Fixed ssh_get_user_home_dir() to be thread safe.
* Fixed the doxygen documentation.
-------------------------------------------------------------------
Thu Dec 10 23:43:19 CET 2009 - anschneider@exsuse.de
- Update to version 0.4.0
* Added scp support.
* Added support for sending signals (RFC 4254, section 6.9).
* Added MSVC support.
* Added support for ~/.ssh/config.
* Added sftp extension support.
* Added X11 forwarding support for client.
* Added forward listening.
* Added support for openssh extensions (statvfs, fstatvfs).
* Added a cleaned up interface for setting options.
* Added a generic way to handle sockets asynchronously.
* Added logging of the sftp flags used to open a file.
* Added full poll() support and poll-emulation for win32.
* Added missing 64bit functions in sftp.
* Added support for ~/ and SSH_DIR/ in filenames instead of %s/.
* Fixed Fix channel_get_exit_status bug.
* Fixed calltrace logging to make it optional.
* Fixed compilation on Solaris.
* Fixed resolving of ip addresses.
* Fixed libssh compilation without server support.
* Fixed possible memory corruptions (ticket #14).
-------------------------------------------------------------------
Mon Sep 14 10:20:52 CEST 2009 - anschneider@exsuse.de
- Update to version 0.3.4.
* Added ssh_basename and ssh_dirname.
* Added a portable ssh_mkdir function.
* Added a sftp_tell64() function.
* Added missing NULL pointer checks to crypt_set_algorithms_server.
* Fixed ssh_write_knownhost if ~/.ssh doesn't exist.
* Fixed a possible integer overflow in buffer_get_data().
* Fixed possible security bug in packet_decrypt().
-------------------------------------------------------------------
Tue Aug 18 15:28:06 CEST 2009 - anschneider@exsuse.de
- Update to version 0.3.3.
* Fixed double free pointer crash in dsa_public_to_string.
* Fixed channel_get_exit_status bug.
* Fixed ssh_finalize which didn't clear the flag.
* Fixed memory leak introduced by previous bugfix.
* Fixed channel_poll broken when delayed EOF recvd.
* Fixed stupid "can't parse known host key" bug.
* Fixed possible memory corruption (ticket #14).
-------------------------------------------------------------------
Tue Aug 4 16:20:25 CEST 2009 - anschneider@exsuse.de
- Update to version 0.3.2
* Added ssh_init() function.
* Added sftp_readlink() function.
* Added sftp_symlink() function.
* Fixed ssh_write_knownhost().
* Fixed compilation on Solaris.
* Fixed SSHv1 compilation.
-------------------------------------------------------------------
Tue Jul 14 09:55:36 CEST 2009 - anschneider@exsuse.de
- Update to version 0.3.1
* Added return code SSH_SERVER_FILE_NOT_FOUND.
* Fixed compilation of SSHv1.
* Fixed several memory leaks.
* Fixed possible infinite loops.
* Fixed a possible crash bug.
* Fixed build warnings.
* Fixed cmake on BSD.
-------------------------------------------------------------------
Thu May 21 10:52:35 CEST 2009 - anschneider@exsuse.de
- Update to version 0.3.0
* Added support for ssh-agent authentication.
* Added POSIX like sftp implementation.
* Added error checking to all functions.
* Added const to arguments where it was needed.
* Added a channel_get_exit_status() function.
* Added a channel_read_buffer() function, channel_read() is now
a POSIX like function.
* Added a more generic auth callback function.
* Added printf attribute checking for log and error functions.
* Added runtime function tracer support.
* Added NSIS build support with CPack.
* Added openssh hashed host support.
* Added API documentation for all public functions.
* Added asynchronous SFTP read function.
* Added a ssh_bind_set_fd() function.
* Fixed known_hosts parsing.
* Fixed a lot of build warnings.
* Fixed the Windows build.
* Fixed a lot of memory leaks.
* Fixed a double free corruption in the server support.
* Fixed the "ssh_accept:" bug in server support.
* Fixed important channel bugs.
* Refactored the socket handling.
* Switched to CMake build system.
* Improved performance.
-------------------------------------------------------------------
Mon Nov 17 17:46:00 CET 2008 - anschneider@suse.de
- Add 'Provides: libssh' to the library that the debuginfo package
can be installed.
- Fix channel performance by changing the window len.
- Use libssh2 as name for the library package.
- Remove rpmlintrc
-------------------------------------------------------------------
Tue Oct 7 21:19:07 CEST 2008 - aj@suse.de
- Disable parallel build since it breaks the build.
-------------------------------------------------------------------
Tue Sep 30 14:02:58 CEST 2008 - ro@suse.de
- Add rpmlintrc (desired package name is already taken by another
package)
-------------------------------------------------------------------
Tue Sep 30 13:49:00 CEST 2008 - ro@suse.de
- Fix debug package requires
-------------------------------------------------------------------
Tue Sep 30 12:41:19 CEST 2008 - ro@suse.de
- Fixed filelist
-------------------------------------------------------------------
Thu Aug 21 11:26:29 CEST 2008 - anschneider@suse.de
- Map the permissions field to the type field for sftp v3.
- Add errno mapping for sftp functions
-------------------------------------------------------------------
Wed Aug 20 16:08:57 CEST 2008 - anschneider@suse.de
- Initial libssh package

BIN
libssh.keyring Normal file
View File

Binary file not shown.

171
libssh.spec Normal file
View File

@ -0,0 +1,171 @@
#
# spec file
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%global flavor @BUILD_FLAVOR@%{nil}
%if "%{flavor}" == "test"
%define pkg_suffix -test
%ifarch s390 s390x ppc64le
%define slow_test_system "ON"
%else
%define slow_test_system "OFF"
%endif
%bcond_without test
%else
%define pkg_suffix %{nil}
%bcond_with test
%endif
Name: libssh%{pkg_suffix}
Version: 0.10.6
Release: 0
Summary: The SSH library
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
URL: https://www.libssh.org
Source0: https://www.libssh.org/files/0.10/libssh-%{version}.tar.xz
Source1: https://www.libssh.org/files/0.10/libssh-%{version}.tar.xz.asc
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/libssh.keyring
Source3: libssh_client.config
Source4: libssh_server.config
Source99: baselibs.conf
Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch
Patch1: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/431.patch#/libssh-fix-ipv6-hostname-regression.patch
BuildRequires: cmake
BuildRequires: gcc-c++
BuildRequires: krb5-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: xz
BuildRequires: zlib-devel
# doxygen generated documentation used to be in subpkg
Obsoletes: %{name}-devel-doc <= 0.8.6
%if %{with test}
BuildRequires: libcmocka-devel
BuildRequires: openssh
%if 0%{?suse_version} > 1550
BuildRequires: nss_wrapper
BuildRequires: pam_wrapper
BuildRequires: socket_wrapper
BuildRequires: uid_wrapper
%endif
%endif
%description
An SSH implementation in the form of a library. With libssh, you can remotely
execute programs, transfer files, use a secure and transparent tunnel for your
remote programs. It supports SFTP as well.
This package provides libssh from https://www.libssh.org that should not be
confused with libssh2 available from https://www.libssh2.org (libssh2 package)
%package -n libssh4
Summary: SSH library
Group: System/Libraries
Requires: %{name}-config >= %{version}
%description -n libssh4
An SSH implementation in the form of a library. With libssh, you can remotely
execute programs, transfer files, use a secure and transparent tunnel for your
remote programs. It supports SFTP as well.
This package provides libssh from https://www.libssh.org that should not be
confused with libssh2 available from https://www.libssh2.org (libssh2 package)
%package config
Summary: SSH library configuration files
Group: Productivity/Networking/SSH
%description config
Configuration files for the SSH library.
%package devel
Summary: SSH library development headers
Group: Development/Libraries/C and C++
Requires: cmake
Requires: libssh4 = %{version}
%description devel
Development headers for the SSH library.
%prep
%autosetup -p1 -n libssh-%{version}
%build
%cmake \
-DCMAKE_C_FLAGS:STRING="%{optflags} -DOPENSSL_LOAD_CONF" \
%if %{with test}
-DUNIT_TESTING="ON" \
-DSLOW_TEST_SYSTEM=%{slow_test_system} \
%if 0%{?suse_version} > 1550
-DCLIENT_TESTING=ON \
-DSERVER_TESTING=ON \
%endif
%endif
-DWITH_GSSAPI=ON \
-DWITH_EXAMPLES="OFF" \
-DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
-DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
make %{?_smp_mflags}
%install
%if !%{with test}
%cmake_install
install -d -m755 %{buildroot}%{_sysconfdir}/libssh
install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config
install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
# Fix incorrect include path, (boo#1211718).
%if 0%{?suse_version} > 1600
sed -i '/^Include/ s|/etc|/usr/etc|' %{buildroot}%{_sysconfdir}/libssh/libssh_client.config
sed -i '/^Include/ s|/etc|/usr/etc|' %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
%endif
%endif
%check
%if %{with test}
# Tests are randomly failing when run in parallel
%define _smp_mflags %{nil}
%ctest
%endif
%if !%{with test}
%post -n libssh4 -p /sbin/ldconfig
%postun -n libssh4 -p /sbin/ldconfig
%files -n libssh4
%doc AUTHORS README CHANGELOG
%{_libdir}/libssh.so.*
%files config
%dir %{_sysconfdir}/libssh
%config(noreplace) %{_sysconfdir}/libssh/libssh_client.config
%config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%files devel
%{_includedir}/libssh
%{_libdir}/libssh.so
%{_libdir}/pkgconfig/libssh.pc
%dir %{_libdir}/cmake/libssh
%{_libdir}/cmake/libssh/libssh-config.cmake
%{_libdir}/cmake/libssh/libssh-config-relwithdebinfo.cmake
%{_libdir}/cmake/libssh/libssh-config-version.cmake
%endif
%changelog

4
libssh_client.config Normal file
View File

@ -0,0 +1,4 @@
# Parse system-wide crypto configuration file
Include /etc/crypto-policies/back-ends/libssh.config
# Parse OpenSSH configuration file for consistency
Include /etc/ssh/ssh_config

2
libssh_server.config Normal file
View File

@ -0,0 +1,2 @@
# Parse system-wide crypto configuration file
Include /etc/crypto-policies/back-ends/libssh.config