commit d24ba9e15c73313ffffb5fc81144f1fb04a68cff2064d79116c34ff44b320553 Author: OBS User buildservice-autocommit Date: Sat Nov 30 12:27:11 2024 +0000 Updating link to change in openSUSE:Factory/libssh revision 74 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh?expand=0&rev=6f0af2fe0d378f902db7face133ae1c2 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-disable-timeout-test-on-slow-buildsystems.patch b/0001-disable-timeout-test-on-slow-buildsystems.patch new file mode 100644 index 0000000..cf6cda3 --- /dev/null +++ b/0001-disable-timeout-test-on-slow-buildsystems.patch @@ -0,0 +1,53 @@ +Index: libssh-0.10.0/tests/unittests/torture_misc.c +=================================================================== +--- libssh-0.10.0.orig/tests/unittests/torture_misc.c 2022-07-07 15:53:51.000000000 +0200 ++++ libssh-0.10.0/tests/unittests/torture_misc.c 2022-08-26 14:19:01.827866890 +0200 +@@ -211,11 +211,13 @@ static void torture_timeout_elapsed(void + ssh_timestamp_init(&ts); + usleep(30000); + ++#ifndef SLOW_TEST_SYSTEM + assert_true(ssh_timeout_elapsed(&ts,25)); + assert_false(ssh_timeout_elapsed(&ts,30000)); + assert_false(ssh_timeout_elapsed(&ts,75)); + assert_true(ssh_timeout_elapsed(&ts,0)); + assert_false(ssh_timeout_elapsed(&ts,-1)); ++#endif /* SLOW_TEST_SYSTEM */ + } + + static void torture_timeout_update(void **state){ +@@ -223,11 +225,13 @@ static void torture_timeout_update(void + (void) state; + ssh_timestamp_init(&ts); + usleep(50000); ++#ifndef SLOW_TEST_SYSTEM + assert_int_equal(ssh_timeout_update(&ts,25), 0); + assert_in_range(ssh_timeout_update(&ts,30000),29000,29960); + assert_in_range(ssh_timeout_update(&ts,75),1,40); + assert_int_equal(ssh_timeout_update(&ts,0),0); + assert_int_equal(ssh_timeout_update(&ts,-1),-1); ++#endif /* SLOW_TEST_SYSTEM */ + } + + static void torture_ssh_analyze_banner(void **state) { +Index: libssh-0.10.0/DefineOptions.cmake +=================================================================== +--- libssh-0.10.0.orig/DefineOptions.cmake 2022-07-07 15:53:51.000000000 +0200 ++++ libssh-0.10.0/DefineOptions.cmake 2022-08-26 14:19:41.500119198 +0200 +@@ -25,6 +25,7 @@ option(WITH_GEX "Enable DH Group exchang + option(WITH_INSECURE_NONE "Enable insecure none cipher and MAC algorithms (not suitable for production!)" OFF) + option(FUZZ_TESTING "Build with fuzzer for the server and client (automatically enables none cipher!)" OFF) + option(PICKY_DEVELOPER "Build with picky developer flags" OFF) ++option(SLOW_TEST_SYSTEM "Disable tests that fail on slow systems" OFF) + + if (WITH_ZLIB) + set(WITH_LIBZ ON) +@@ -60,3 +61,8 @@ endif (NOT GLOBAL_CLIENT_CONFIG) + if (FUZZ_TESTING) + set(WITH_INSECURE_NONE ON) + endif (FUZZ_TESTING) ++ ++if (SLOW_TEST_SYSTEM) ++ set (SLOW_TEST_SYSTEM ON) ++ add_definitions(-DSLOW_TEST_SYSTEM) ++endif (SLOW_TEST_SYSTEM) diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..fcc7b97 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + test + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..8a2a31d --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libssh4 diff --git a/libssh-0.10.6.tar.xz b/libssh-0.10.6.tar.xz new file mode 100644 index 0000000..61de8f4 --- /dev/null +++ b/libssh-0.10.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1861d498f5b6f1741b6abc73e608478491edcf9c9d4b6630eef6e74596de9dc1 +size 561036 diff --git a/libssh-0.10.6.tar.xz.asc b/libssh-0.10.6.tar.xz.asc new file mode 100644 index 0000000..77ff765 --- /dev/null +++ b/libssh-0.10.6.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmWAeGkACgkQfuD8TcwB +Tj2yAw//QOMEcCiijJvOgXCKsVoV9oSuK3aYxqpOS9cV2P40eev0KQrAZC2EXNt3 +XAdfNhA21b2C6qSxckmkCWg3vwPmM6LousHG+zpyZkiSziolMoeBkvbEdU42fufE +SD39cA1bBEbZahyrILWT2I3Bi0d0G7FC13tIBXShS2zIITSXs/2SSRIhg3OXB979 +FTwvEE4zHeSXO4itTMNA/sMJ/0qPccQIzisH0g/TF4318b0qjlQjkHJS1y0f3/PL +Ge3RORQVcZqGTnhJNlF/tKD8wZ9mfqqurQ9yNshiAu8hH8sDH5ZhI3o5pjQe0mGO +JNEwTw0X/vZ4iglWFmm2CusiHrh0KUFsrp8f3oaL3HU4i7yYgo0FhzFtgFVt0gXO +JQOhlSUq50yqbBj6S9C5ecuSR0uPgYA4d8qCFrt9oD77m7Qi3mMi+f/kP+HctIaV +4ro7lZf6IS54J4/m5hRY3F0nweFnZZL8gn8Da8mBZSvhXCqQL6qbD9buwrTzxGft +Fct7+PrRwz9igO7j2nNMyWxtX55/GpX06n7vuonRgQQQiT8eQ5R71STMHJaACFPS +CJHCpuVL28HGdyAxN5d65TCvkNo9/gFGM6ocIH3OlreTFUvy22qNrqwHpCkLgYWU +ylntVoE/VYtHtwFOe0uuCX+2TiM03P5UT2NqAAa/8D4Z5ur3qUY= +=nXW5 +-----END PGP SIGNATURE----- diff --git a/libssh-0.11.1.tar.xz b/libssh-0.11.1.tar.xz new file mode 100644 index 0000000..239fb0d --- /dev/null +++ b/libssh-0.11.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:14b7dcc72e91e08151c58b981a7b570ab2663f630e7d2837645d5a9c612c1b79 +size 621108 diff --git a/libssh-0.11.1.tar.xz.asc b/libssh-0.11.1.tar.xz.asc new file mode 100644 index 0000000..f90679b --- /dev/null +++ b/libssh-0.11.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEiKIo2JsHwsd9DHgJA9XfjP3T6OcFAmbRl74ACgkQA9XfjP3T +6OdnSw/+IrXAbSSpjVNG5Wjz3WQjqXkWInCT+qNhcS5w+qasGW5i6mktoNJkg2Fd +P4iRCeJEuZbOHZLWXdUaDKjmlOUIda2xA8U01uw2VrleEu05JV/s5tS1MpVOPfDi +8+CTxPesFQ9uX9q+OojTr4QXqBDqv15sldwRVTKegNpLkk3xHUUaMjwikWKKxXG+ +ypD4UCJWKVVhen9HPRSUOtruliZFPxQSLYvj4XKJxpr/QVaORS0EsTpdYP0h1+18 +6epynp4e1/9GRTmrKa8/JcCd/4c2UnHBFpw0DU1YirLK+54/qD76o63MTbo7mKru +cgfypfA/sdeklGTZYLrCyizcrSc2poaTznczUZC6gi3FxivLoldFyDgXeSQWEieB +QTGgnaLkB2Y2XuBl9F9MatqFC35TBuUUwHBoEa31acQhmotui5tF4oq/JxRtZi8v +OyrTYc/xfmDh4SbWuEVqr6B2SZjhxrIvEGEe4adJQ/tVN2wweoNgTHt8XjBb1amB +M9RPeXG5Uon+gIXDVzjgx+DZ85FweCEngv+OdjHPIBWsJUEc722L/gypIFnBfaPV +JgM84wxQz2J8xyk2zEANog9M8ae5jG9TVJORO8to+gbRlKB2ZRDdDne0cgRUSWaj +0IKsnehsxjF2OqChjRqRMBhfVAA0hrYU1ngxwCcdAcdlbfgs5L0= +=P/pw +-----END PGP SIGNATURE----- diff --git a/libssh-fix-ipv6-hostname-regression.patch b/libssh-fix-ipv6-hostname-regression.patch new file mode 100644 index 0000000..e4d66d5 --- /dev/null +++ b/libssh-fix-ipv6-hostname-regression.patch @@ -0,0 +1,265 @@ +From 66ac6343b246458a6645ae32f75556a1407031ec Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 22 Dec 2023 10:32:40 +0100 +Subject: [PATCH 1/2] Fix regression in IPv6 addresses in hostname parsing + +Signed-off-by: Jakub Jelen +--- + include/libssh/config_parser.h | 11 ++++++++--- + src/config.c | 4 ++-- + src/config_parser.c | 19 ++++++++++++++----- + src/options.c | 10 ++-------- + 4 files changed, 26 insertions(+), 18 deletions(-) + +diff --git a/include/libssh/config_parser.h b/include/libssh/config_parser.h +index a7dd42a2c..ca353432b 100644 +--- a/include/libssh/config_parser.h ++++ b/include/libssh/config_parser.h +@@ -30,6 +30,8 @@ + extern "C" { + #endif + ++#include ++ + char *ssh_config_get_cmd(char **str); + + char *ssh_config_get_token(char **str); +@@ -49,14 +51,17 @@ int ssh_config_get_yesno(char **str, int notfound); + * be stored or NULL if we do not care about the result. + * @param[out] port Pointer to the location, where the new port will + * be stored or NULL if we do not care about the result. ++ * @param[in] ignore_port Set to true if the we should not attempt to parse ++ * port number. + * + * @returns SSH_OK if the provided string is in format of SSH URI, + * SSH_ERROR on failure + */ + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port); ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port); + + #ifdef __cplusplus + } +diff --git a/src/config.c b/src/config.c +index 5eedbce96..7135c3b19 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -464,7 +464,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + if (parse_entry) { + /* We actually care only about the first item */ +- rv = ssh_config_parse_uri(cp, &username, &hostname, &port); ++ rv = ssh_config_parse_uri(cp, &username, &hostname, &port, false); + /* The rest of the list needs to be passed on */ + if (endp != NULL) { + next = strdup(endp + 1); +@@ -475,7 +475,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing) + } + } else { + /* The rest is just sanity-checked to avoid failures later */ +- rv = ssh_config_parse_uri(cp, NULL, NULL, NULL); ++ rv = ssh_config_parse_uri(cp, NULL, NULL, NULL, false); + } + if (rv != SSH_OK) { + goto out; +diff --git a/src/config_parser.c b/src/config_parser.c +index 9ffc8b8b0..b30e94091 100644 +--- a/src/config_parser.c ++++ b/src/config_parser.c +@@ -161,10 +161,14 @@ int ssh_config_get_yesno(char **str, int notfound) + return notfound; + } + ++/* Parse the URI extracting parts such as a username, hostname and port. ++ * If the port is NULL, do not expect port present and be more lax for example ++ * with matching IPv6 address which have the same separators as host:port */ + int ssh_config_parse_uri(const char *tok, +- char **username, +- char **hostname, +- char **port) ++ char **username, ++ char **hostname, ++ char **port, ++ bool ignore_port) + { + char *endp = NULL; + long port_n; +@@ -210,12 +214,17 @@ int ssh_config_parse_uri(const char *tok, + if (endp == NULL) { + goto error; + } +- } else { +- /* Hostnames or aliases expand to the last colon or to the end */ ++ } else if (!ignore_port) { ++ /* Hostnames or aliases expand to the last colon (if port is requested) ++ * or to the end */ + endp = strrchr(tok, ':'); + if (endp == NULL) { + endp = strchr(tok, '\0'); + } ++ } else { ++ /* If no port is requested, expand to the end of line ++ * (to accommodate the IPv6 addresses) */ ++ endp = strchr(tok, '\0'); + } + if (tok == endp) { + /* Zero-length hostnames are not valid */ +diff --git a/src/options.c b/src/options.c +index 2e73be462..676c49e7a 100644 +--- a/src/options.c ++++ b/src/options.c +@@ -634,17 +634,11 @@ int ssh_options_set(ssh_session session, enum ssh_options_e type, + ssh_set_error_invalid(session); + return -1; + } else { +- char *username = NULL, *hostname = NULL, *port = NULL; +- rc = ssh_config_parse_uri(value, &username, &hostname, &port); ++ char *username = NULL, *hostname = NULL; ++ rc = ssh_config_parse_uri(value, &username, &hostname, NULL, true); + if (rc != SSH_OK) { + return -1; + } +- if (port != NULL) { +- SAFE_FREE(username); +- SAFE_FREE(hostname); +- SAFE_FREE(port); +- return -1; +- } + if (username != NULL) { + SAFE_FREE(session->opts.username); + session->opts.username = username; +-- +GitLab + + +From f2ec751f09901b9c539ae096f5ee4fc63f305f30 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Fri, 22 Dec 2023 09:52:18 +0100 +Subject: [PATCH 2/2] tests: Increase test coverage for IPv6 address parsing as + hostnames + +This was an issue in cockpit: + +https://github.com/cockpit-project/cockpit/issues/19772 + +Signed-off-by: Jakub Jelen +--- + tests/unittests/torture_config.c | 49 +++++++++++++++++++++++++++++++ + tests/unittests/torture_options.c | 16 ++++++++++ + 2 files changed, 65 insertions(+) + +diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c +index bc6b08f94..751aa126c 100644 +--- a/tests/unittests/torture_config.c ++++ b/tests/unittests/torture_config.c +@@ -2332,6 +2332,53 @@ static void torture_config_make_absolute_no_sshdir(void **state) + torture_config_make_absolute_int(state, 1); + } + ++static void torture_config_parse_uri(void **state) ++{ ++ char *username = NULL; ++ char *hostname = NULL; ++ char *port = NULL; ++ int rc; ++ ++ (void)state; /* unused */ ++ ++ rc = ssh_config_parse_uri("localhost", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "localhost"); ++ SAFE_FREE(hostname); ++ assert_null(port); ++ ++ rc = ssh_config_parse_uri("1.2.3.4", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1.2.3.4"); ++ SAFE_FREE(hostname); ++ assert_null(port); ++ ++ rc = ssh_config_parse_uri("1.2.3.4:2222", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1.2.3.4"); ++ SAFE_FREE(hostname); ++ assert_string_equal(port, "2222"); ++ SAFE_FREE(port); ++ ++ rc = ssh_config_parse_uri("[1:2:3::4]:2222", &username, &hostname, &port, false); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1:2:3::4"); ++ SAFE_FREE(hostname); ++ assert_string_equal(port, "2222"); ++ SAFE_FREE(port); ++ ++ /* do not want port */ ++ rc = ssh_config_parse_uri("1:2:3::4", &username, &hostname, NULL, true); ++ assert_return_code(rc, errno); ++ assert_null(username); ++ assert_string_equal(hostname, "1:2:3::4"); ++ SAFE_FREE(hostname); ++} ++ + int torture_run_tests(void) + { + int rc; +@@ -2424,6 +2471,8 @@ int torture_run_tests(void) + setup, teardown), + cmocka_unit_test_setup_teardown(torture_config_make_absolute_no_sshdir, + setup_no_sshdir, teardown), ++ cmocka_unit_test_setup_teardown(torture_config_parse_uri, ++ setup, teardown), + }; + + +diff --git a/tests/unittests/torture_options.c b/tests/unittests/torture_options.c +index 5ba3bdc6a..b07712d86 100644 +--- a/tests/unittests/torture_options.c ++++ b/tests/unittests/torture_options.c +@@ -57,6 +57,20 @@ static void torture_options_set_host(void **state) { + assert_non_null(session->opts.host); + assert_string_equal(session->opts.host, "localhost"); + ++ /* IPv4 address */ ++ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "127.1.1.1"); ++ assert_true(rc == 0); ++ assert_non_null(session->opts.host); ++ assert_string_equal(session->opts.host, "127.1.1.1"); ++ assert_null(session->opts.username); ++ ++ /* IPv6 address */ ++ rc = ssh_options_set(session, SSH_OPTIONS_HOST, "::1"); ++ assert_true(rc == 0); ++ assert_non_null(session->opts.host); ++ assert_string_equal(session->opts.host, "::1"); ++ assert_null(session->opts.username); ++ + rc = ssh_options_set(session, SSH_OPTIONS_HOST, "guru@meditation"); + assert_true(rc == 0); + assert_non_null(session->opts.host); +@@ -64,12 +78,14 @@ static void torture_options_set_host(void **state) { + assert_non_null(session->opts.username); + assert_string_equal(session->opts.username, "guru"); + ++ /* more @ in uri is OK -- it should go to the username */ + rc = ssh_options_set(session, SSH_OPTIONS_HOST, "at@login@hostname"); + assert_true(rc == 0); + assert_non_null(session->opts.host); + assert_string_equal(session->opts.host, "hostname"); + assert_non_null(session->opts.username); + assert_string_equal(session->opts.username, "at@login"); ++ + } + + static void torture_options_set_ciphers(void **state) { +-- +GitLab + diff --git a/libssh.changes b/libssh.changes new file mode 100644 index 0000000..dcb358c --- /dev/null +++ b/libssh.changes @@ -0,0 +1,1000 @@ +------------------------------------------------------------------- +Fri Sep 13 07:42:23 UTC 2024 - Pedro Monreal + +- Update to version 0.11.1: + * Fixed default TTY modes that are set when stdin is not + connected to tty. + * Fixed zlib cleanup procedure, which could crash on i386. + * Various test fixes improving their stability. + * Remove 0001-disable-timeout-test-on-slow-buildsystems.patch + to enable slow tests also in s390 s390x ppc64le. + +------------------------------------------------------------------- +Fri Sep 13 07:41:57 UTC 2024 - Pedro Monreal + +- Set BuildArch: noarch for the config package as it only ships + configuration files. + +------------------------------------------------------------------- +Fri Aug 9 07:46:28 UTC 2024 - Andreas Schneider + +- Update to version 0.11.0 + https://www.libssh.org/2024/08/08/libssh-0-11-0-release/ +- Updated 0001-disable-timeout-test-on-slow-buildsystems.patch +- Removed libssh-fix-ipv6-hostname-regression.patch + +------------------------------------------------------------------- +Fri Apr 12 08:46:41 UTC 2024 - Pedro Monreal + +- Don't change the path for crypto-policies libssh.config (bsc#1222716) + +------------------------------------------------------------------- +Sat Dec 23 10:35:07 UTC 2023 - Andreas Schneider + +- Fix regression parsing IPv6 addresses provided as hostname + * Added libssh-fix-ipv6-hostname-regression.patch + +------------------------------------------------------------------- +Tue Dec 19 12:28:53 UTC 2023 - Andreas Schneider + +- Update to version 0.10.6 + https://www.libssh.org/2023/12/18/libssh-0-10-6-and-libssh-0-9-8-security-releases/ +- Fix CVE-2023-6004: ProxyCommand/ProxyJump features allow injection of malicious code through hostname (bsc#1218209) +- Fix CVE-2023-48795: prefix truncation breaking ssh channel integrity (bsc#1218126) +- Fix CVE-2023-6918: Added Missing checks for return values for digests (bsc#1218186) + +------------------------------------------------------------------- +Mon Sep 25 09:09:25 UTC 2023 - Pedro Monreal + +- Enable crypto-policies support: [bsc#1211301] + * Rebase libssh_client.config libssh_server.config + +------------------------------------------------------------------- +Fri Aug 4 13:12:05 UTC 2023 - malcolmlewis@opensuse.org + +- Add fix to spec file for the incorrect include path as a result + of the default openSSH move to /usr/etc, (boo#1211718). + +------------------------------------------------------------------- +Sat May 6 01:05:17 UTC 2023 - Dirk Müller + +- update to 0.10.5: + * Fix CVE-2023-1667: a NULL dereference during rekeying with + algorithm guessing + * Fix CVE-2023-2283: a possible authorization bypass in + pki_verify_data_signature under low-memory conditions. + * Fix several memory leaks in GSSAPI handling code + * Escape braces in ProxyCommand created from ProxyJump options + for zsh compatibility. + * Fix pkg-config path relocation for MinGW + * Improve doxygen documentation + * Fix build with cygwin due to the glob support + * Do not enqueue outgoing packets after sending + SSH2_MSG_NEWKEYS + * Add support for SSH_SUPPRESS_DEPRECATED + * Avoid functions declarations without prototype to build with + clang 15 + * Fix spelling issues + * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles + repetitively + * Add support sk-* keys through configuration + * Improve checking for Argp library + * Log information about received extensions + * Correctly handle rekey with delayed compression + * Move the EC keys handling to OpenSSL 3.0 API + * Record peer disconnect message + * Avoid deadlock when write buffering occurs and we call poll + recursively to flush the output buffer + * Disable preauthentication compression by default + * Add accidentally removed default compile flags + * Solve incorrect parsing of ProxyCommand option + +------------------------------------------------------------------- +Wed Sep 7 13:32:34 UTC 2022 - Andreas Schneider + +- Update to version 0.10.4 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4 + +------------------------------------------------------------------- +Mon Sep 5 13:00:07 UTC 2022 - Andreas Schneider + +- Update to version 0.10.3 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.3 + +------------------------------------------------------------------- +Fri Sep 2 08:51:23 UTC 2022 - Andreas Schneider + +- Update to version 0.10.2 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.2 +- Removed libssh-weak-attribute.patch + +------------------------------------------------------------------- +Tue Aug 30 14:29:51 UTC 2022 - Andreas Schneider + +- Update to version 0.10.1 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.1 +- Enable client and server testing + * Added libssh-weak-attribute.patch + +------------------------------------------------------------------- +Fri Aug 26 12:16:13 UTC 2022 - Andreas Schneider + +- Update to version 0.10.0 + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.0 +- Removed 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch + +------------------------------------------------------------------- +Wed Jan 5 13:58:56 UTC 2022 - Fabian Vogt + +- Add patch to make the compression option more compatible (boo#1192731): + * 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch + +------------------------------------------------------------------- +Thu Aug 26 13:15:59 UTC 2021 - Andreas Schneider + +- Update to version 0.9.6 (bsc#1189608, CVE-2021-3634) + * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 + +------------------------------------------------------------------- +Mon Sep 21 19:16:06 UTC 2020 - Andreas Schneider + +- Add missing BR for openssh needed for tests + +------------------------------------------------------------------- +Sun Sep 13 19:17:44 UTC 2020 - Dirk Mueller + +- update to 0.9.5 (bsc#1174713, CVE-2020-16135): + * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) + * Improve handling of library initialization (T222) + * Fix parsing of subsecond times in SFTP (T219) + * Make the documentation reproducible + * Remove deprecated API usage in OpenSSL + * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN + * Define version in one place (T226) + * Prevent invalid free when using different C runtimes than OpenSSL (T229) + * Compatibility improvements to testsuite + +------------------------------------------------------------------- +Thu Apr 9 07:50:07 UTC 2020 - Andreas Schneider + +- Update to version 0.9.4 + * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ + * Fix possible Denial of Service attack when using AES-CTR-ciphers + CVE-2020-1730 (bsc#1168699) + +------------------------------------------------------------------- +Tue Feb 18 14:05:49 UTC 2020 - Dominique Leuenberger + +- Drop the hack to pull curl-mini: we moved the split a bit higher + up and now have a non-curl linked variant of cmake in + openSUSE:Factory. + +------------------------------------------------------------------- +Tue Dec 10 19:08:47 UTC 2019 - Andreas Schneider + +- Update to version 0.9.3 + * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) + * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state + * SSH-01-006 General: Various unchecked Null-derefs cause DOS + * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys + * SSH-01-010 SSH: Deprecated hash function in fingerprinting + * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS + * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access + * SSH-01-001 State Machine: Initial machine states should be set explicitly + * SSH-01-002 Kex: Differently bound macros used to iterate same array + * SSH-01-005 Code-Quality: Integer sign confusion during assignments + * SSH-01-008 SCP: Protocol Injection via unescaped File Names + * SSH-01-009 SSH: Update documentation which RFCs are implemented + * SSH-01-012 PKI: Information leak via uninitialized stack buffer + +------------------------------------------------------------------- +Mon Dec 9 09:25:43 UTC 2019 - Dominique Leuenberger + +- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved + for internal use. + +------------------------------------------------------------------- +Thu Nov 7 15:47:45 UTC 2019 - Andreas Schneider + +- Update to version 0.9.2 + * Fixed libssh-config.cmake + * Fixed issues with rsa algorithm negotiation (T191) + * Fixed detection of OpenSSL ed25519 support (T197) + +------------------------------------------------------------------- +Fri Oct 25 14:47:49 UTC 2019 - Andreas Schneider + +- Update to version 0.9.1 + * Added support for Ed25519 via OpenSSL + * Added support for X25519 via OpenSSL + * Added support for localuser in Match keyword + * Fixed Match keyword to be case sensitive + * Fixed compilation with LibreSSL + * Fixed error report of channel open (T75) + * Fixed sftp documentation (T137) + * Fixed known_hosts parsing (T156) + * Fixed build issue with MinGW (T157) + * Fixed build with gcc 9 (T164) + * Fixed deprecation issues (T165) + * Fixed known_hosts directory creation (T166) + +------------------------------------------------------------------- +Wed Jul 10 08:42:34 UTC 2019 - Tomáš Chvátal + +- Split out configuration to separate package to not mess up the + library packaging and coinstallation + +------------------------------------------------------------------- +Fri Jun 28 06:40:49 UTC 2019 - Andreas Schneider + +- Update to verion 0.9.0 + * Added support for AES-GCM + * Added improved rekeying support + * Added performance improvements + * Disabled blowfish support by default + * Fixed several ssh config parsing issues + * Added support for DH Group Exchange KEX + * Added support for Encrypt-then-MAC mode + * Added support for parsing server side configuration file + * Added support for ECDSA/Ed25519 certificates + * Added FIPS 140-2 compatibility + * Improved known_hosts parsing + * Improved documentation + * Improved OpenSSL API usage for KEX, DH, and signatures +- Removed 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch +- Removed 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch +- Removed 0001-tests-Add-aes-gcm-ciphers-tests.patch +- Add libssh client and server config files + +------------------------------------------------------------------- +Wed May 29 12:56:05 UTC 2019 - Ismail Dönmez + +- Fix the typo in Obsoletes for -devel-doc subpackage +- Actually remove the description for -devel-doc subpackage + +------------------------------------------------------------------- +Thu May 23 15:32:07 UTC 2019 - James McDonough + +- Add support for new AES-GCM encryption types; (bsc#1134193) + * Add 0001-libcrypto-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch + * Add 0001-libgcrypt-Implement-OpenSSH-compatible-AES-GCM-ciphe.patch + * Add 0001-tests-Add-aes-gcm-ciphers-tests.patch + +------------------------------------------------------------------- +Thu Feb 28 07:17:52 UTC 2019 - Stephan Kulow + +- Avoid build cycle between curl and libssh by using obs hint to + prefer curl-mini + +------------------------------------------------------------------- +Mon Feb 25 09:28:34 UTC 2019 - Andreas Schneider + +- Update to version 0.8.7 + * Fixed handling extension flags in the server implementation + * Fixed exporting ed25519 private keys + * Fixed corner cases for rsa-sha2 signatures + * Fixed some issues with connector + +------------------------------------------------------------------- +Mon Feb 11 12:24:43 UTC 2019 - Tomáš Chvátal + +- Drop doxygen from dependencies to avoid buildcycle + * the documentation is available online anyway for anyone to + consume and consult http://api.libssh.org + +------------------------------------------------------------------- +Tue Jan 8 13:14:24 UTC 2019 - Pedro Monreal Gonzalez + +- Added the tests in a multiple build description file *test* to + break the cycle for cmocka, curl, doxygen and libssh. + +------------------------------------------------------------------- +Sun Dec 30 16:15:23 UTC 2018 - Andreas Schneider + +- Update to version 0.8.6 + * Fixed compilation issues with different OpenSSL versions + * Fixed StrictHostKeyChecking in new knownhosts API + * Fixed ssh_send_keepalive() with packet filter + * Fixed possible crash with knownhosts options + * Fixed issus with rekeying + * Fixed strong ECDSA keys + * Fixed some issues with rsa-sha2 extentions + * Fixed access violation in ssh_init() (static linking) + * Fixed ssh_channel_close() handling + +------------------------------------------------------------------- +Mon Oct 29 10:36:40 UTC 2018 - Andreas Schneider + +- Update to version 0.8.5 + * Added support to get known_hosts locations with ssh_options_get() + * Fixed preferred algorithm for known hosts negotiations + * Fixed KEX with some server implementations (e.g. Cisco) + * Fixed issues with MSVC + * Fixed keyboard-interactive auth in server mode + (regression from CVE-2018-10933) + * Fixed gssapi auth in server mode (regression from CVE-2018-10933) + * Fixed socket fd handling with proxy command + * Fixed a memory leak with OpenSSL + +------------------------------------------------------------------- +Tue Oct 16 12:07:50 UTC 2018 - Andreas Schneider + +- Update to version 0.8.4 + * Fixed CVE-2018-10933; (bsc#1108020) + * Fixed building without globbing support + * Fixed possible memory leaks + * Avoid SIGPIPE on sockets + +------------------------------------------------------------------- +Fri Sep 21 08:32:56 UTC 2018 - Andreas Schneider + +- Update to version 0.8.3 + * Added support for rsa-sha2 + * Added support to parse private keys in openssh container format + (other than ed25519) + * Added support for diffie-hellman-group18-sha512 and + diffie-hellman-group16-sha512 + * Added ssh_get_fingerprint_hash() + * Added ssh_pki_export_privkey_base64() + * Added support for Match keyword in config file + * Improved performance and reduced memory footprint for sftp + * Fixed ecdsa publickey auth + * Fixed reading a closed channel + * Added support to announce posix-rename@openssh.com and + hardlink@openssh.com in the sftp server +- Removed patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch + +------------------------------------------------------------------- +Thu Aug 30 06:00:24 UTC 2018 - Andreas Schneider + +- Update to version 0.8.2 + * Added sha256 fingerprints for pubkeys + * Improved compiler flag detection + * Fixed race condition in reading sftp messages + * Fixed doxygen generation and added modern style + * Fixed library initialization on Windows + * Fixed __bounded__ attribute detection + * Fixed a bug in the options parser + * Fixed documentation for new knwon_hosts API +- Added patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch + * Fix compiler warning on SLE12 + +------------------------------------------------------------------- +Mon Aug 27 09:25:49 UTC 2018 - vcizek@suse.com + +- Add missing zlib-devel dependency which was previously pulled in + by libopenssl-devel + +------------------------------------------------------------------- +Tue Aug 14 13:34:19 UTC 2018 - asn@cryptomilk.org + +- Remove the libssh_threads.so symlink + +------------------------------------------------------------------- +Mon Aug 13 20:26:03 UTC 2018 - asn@cryptomilk.org + +- Update to version 0.8.1 + * Fixed version number in the header + * Fixed version number in pkg-config and cmake config + * Fixed library initialization + * Fixed attribute detection + +------------------------------------------------------------------- +Fri Aug 10 12:01:17 UTC 2018 - asn@cryptomilk.org + +- Update to version 0.8.0 + * Removed support for deprecated SSHv1 protocol + * Added new connector API for clients + * Added new known_hosts parsing API + * Added support for OpenSSL 1.1 + * Added support for chacha20-poly1305 cipher + * Added crypto backend for mbedtls crypto library + * Added ECDSA support with gcrypt backend + * Added advanced client and server testing using cwrap.org + * Added support for curve25519-sha256 alias + * Added support for global known_hosts file + * Added support for symbol versioning + * Improved ssh_config parsing + * Improved threading support +- Removed 0001-libcrypto-Remove-AES_ctr128_encrypt.patch +- Removed 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch +- Removed 0001-libcrypto-Use-newer-API-for-HMAC.patch +- Removed 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch +- Removed 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch +- Removed 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch +- Removed 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch +- Removed 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch +- Removed 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch + +------------------------------------------------------------------- +Fri Mar 9 14:12:28 UTC 2018 - jmcdonough@suse.com + +- Disable timeout testing on slow build systems (bsc#1084713) + * 0001-disable-timeout-test-on-slow-buildsystems.patch + +------------------------------------------------------------------- +Sun Dec 24 14:41:46 UTC 2017 - fabian@ritter-vogt.de + +- Add patch to fix parsing of config files (boo#1067782): + * 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch + +------------------------------------------------------------------- +Fri Sep 15 08:31:32 UTC 2017 - vcizek@suse.com + +- add support for building with OpenSSL 1.1 (bsc#1055266) + * added patches: + * 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch + * 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch + * 0001-libcrypto-Remove-AES_ctr128_encrypt.patch + * 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch + * 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch + * 0001-libcrypto-Use-newer-API-for-HMAC.patch + * 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch + * 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch + +------------------------------------------------------------------- +Mon Jul 31 08:31:20 UTC 2017 - astieger@suse.com + +- add package keyring and verify source signature + +------------------------------------------------------------------- +Thu Apr 13 14:41:57 UTC 2017 - asn@cryptomilk.org + +- Update to version 0.7.5 + * Fixed a memory allocation issue with buffers + * Fixed PKI on Windows + * Fixed some SSHv1 functions + * Fixed config hostname expansion + +------------------------------------------------------------------- +Wed Feb 8 10:43:05 UTC 2017 - asn@cryptomilk.org + +- Update to version 0.7.4 + * Added id_ed25519 to the default identity list + * Fixed sftp EOF packet handling + * Fixed ssh_send_banner() to confirm with RFC 4253 + * Fixed some memory leaks +- Removed patch gcc5-fixes.patch + +------------------------------------------------------------------- +Wed Dec 7 12:22:00 UTC 2016 - jengelh@inai.de + +- Update descriptions. Drop redundant pkgconfig require + (it's autodetected). + +------------------------------------------------------------------- +Wed Oct 7 08:25:18 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.7.2 + * Fixed OpenSSL detection on Windows + * Fixed return status for ssh_userauth_agent() + * Fixed KEX to prefer hmac-sha2-256 + * Fixed sftp packet handling + * Fixed return values of ssh_key_is_(public|private) + * Fixed bug in global success reply + +------------------------------------------------------------------- +Mon Jul 20 09:29:46 UTC 2015 - tchvatal@suse.com + +- Enable testsuite run to check the state of libssh itself +- Use SUSE macros to define environment clearly +- Enable gssapi by adding krb5 dependency + +------------------------------------------------------------------- +Tue Jun 30 07:36:31 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.7.1 + * Fixed SSH_AUTH_PARTIAL auth with auto public key + * Fixed memory leak in session options + * Fixed allocation of ed25519 public keys + * Fixed channel exit-status and exit-signal + * Reintroduce ssh_forward_listen() + +------------------------------------------------------------------- +Mon May 11 09:50:29 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.7.0 + * Added support for ed25519 keys + * Added SHA2 algorithms for HMAC + * Added improved and more secure buffer handling code + * Added callback for auth_none_function + * Added support for ECDSA private key signing + * Added more tests + * Fixed a lot of bugs + * Improved API documentation + +------------------------------------------------------------------- +Wed May 6 20:26:52 UTC 2015 - dmueller@suse.com + +- add gcc5-fixes.patch: Fix build against GCC 5.x + +------------------------------------------------------------------- +Thu Apr 30 14:08:31 UTC 2015 - asn@cryptomilk.org + +- Update to version 0.6.5 + * Fixed CVE-2015-3146 + * Fixed port handling in config file + * Fixed the build with libgcrypt + * Fixed SFTP endian issues (rlo #179) + * Fixed uninitilized sig variable (rlo #167) + * Fixed polling issues which could result in a hang + * Fixed handling of EINTR in ssh_poll() (rlo #186) + * Fixed C99 issues with __func__ + * Fixed some memory leaks + * Improved macro detection on Windows + +------------------------------------------------------------------- +Thu Jan 22 07:41:22 UTC 2015 - coolo@suse.com + +- removing argument from popd +- add baselibs.conf as source + +------------------------------------------------------------------- +Fri Dec 19 09:51:35 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.4 + * Fixed CVE-2014-8132. + * Added SHA-2 for session ID signing with ECDSA keys. + * Added support for ECDSA host keys. + * Added support for more ECDSA hostkey algorithms. + * Added ssh_pki_key_ecdsa_name() API. + * Fixed setting the bindfd only after successful listen. + * Fixed issues with user created sockets. + * Fixed several issues in libssh C++ wrapper. + * Fixed several documentation issues. + * Fixed channel exit-signal request. + * Fixed X11 request screen number in messages. + * Fixed several memory leaks. + +------------------------------------------------------------------- +Tue Mar 4 17:20:09 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.3 + * Fix CVE-2014-0017. + +------------------------------------------------------------------- +Mon Feb 10 09:25:48 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.1 + * Added support for libgcrypt 1.6. + * Added ssh_channel_accept_forward(). + * Added known_hosts heuristic during connection (#138). + * Added getters for session cipher names. + * Fixed decrypt of zero length buffer. + * Fixed padding in RSA signature blobs. + * Fixed DSA signature extraction. + * Fixed some memory leaks. + * Fixed read of non-connected socket. + * Fixed thread dectection. + +------------------------------------------------------------------- +Wed Jan 8 10:18:32 UTC 2014 - asn@cryptomilk.org + +- Update to version 0.6.0 + * Added new publicy key API. + * Added new userauth API. + * Added ssh_get_publickey_hash() function. + * Added ssh_get_poll_flags() function. + * Added gssapi-mic userauth. + * Added GSSAPIServerIdentity option. + * Added GSSAPIClientIdentity option. + * Added GSSAPIDelegateCredentials option. + * Added new callback based server API. + * Added Elliptic Curve DSA (ECDSA) support (with OpenSSL). + * Added Elliptic Curve Diffie Hellman (ECDH) support. + * Added Curve25519 for ECDH key exchange. + * Added improved logging system. + * Added SSH-agent forwarding. + * Added key-reexchange. + * Added more unit tests. + * Improved documentation. + * Fixed timeout handling. + +------------------------------------------------------------------- +Thu Dec 19 13:23:21 CET 2013 - kukuk@suse.de + +- Remove remove-pedantic-errors.diff, does not apply anymore and is + not needed anymore. + +------------------------------------------------------------------- +Thu Oct 31 21:49:47 UTC 2013 - javier@opensuse.org + +- Update to version 0.6.0rc1 + * Added new publicy key API. + * Added new userauth API. + * Added gssapi-mic userauth. + * Added new callback based server API. + * Added Elliptic Curve DSA (ECDSA) support (with OpenSSL). + * Added Elliptic Curve Diffie Hellman (ECDH) support. + * Added improved logging system. + * Added SSH-agent forwarding. + * Added key-reexchange. + * Improved documentation. + * Fixed timeout handling. + +------------------------------------------------------------------- +Mon Jul 29 08:17:19 UTC 2013 - asn@cryptomilk.org + +- Add baselibs.conf +- Require xz to fix build on older distro versions. + +------------------------------------------------------------------- +Fri Jul 26 07:44:37 UTC 2013 - asn@cryptomilk.org + +- Update to version 0.5.5 + * BUG 103: Fix ProxyCommand parsing. + - Remove patch fix-proxycomand-parsing1.diff + - Remove patch fix-proxy-command-none.diff + * Fix setting -D_FORTIFY_SOURCE=2. + * Fix pollset error return if emtpy. + * Fix NULL pointer checks in channel functions. + * Several bugfixes. + +------------------------------------------------------------------- +Thu Jul 25 19:56:12 UTC 2013 - lbeltrame@kde.org + +- Add fix-proxycomand-parsing1.diff: fix ProxyCommand parsing in + libssh (upstream libssh bug 103) +- Add fix-proxy-command-none.diff: fix ProxyCommand when it is + "none" (upstream libssh bug 103) + +------------------------------------------------------------------- +Tue Jan 22 15:03:51 UTC 2013 - asn@cryptomilk.org + +- Update to version 0.5.4 + * CVE-2013-0176 - NULL dereference leads to denial of service + * Fixed several NULL pointer dereferences in SSHv1. + * Fixed a free crash bug in options parsing. + +------------------------------------------------------------------- +Tue Nov 20 13:40:42 UTC 2012 - asn@cryptomilk.org + +- Update to version 0.5.3 + * CVE-2012-4559 Fixed multiple double free() flaws. + * CVE-2012-4560 Fixed multiple buffer overflow flaws. + * CVE-2012-4561 Fixed multiple invalid free() flaws. + * rlo #84 - Fix bug in sftp_mkdir not returning on error. + * rlo #85 - Fixed a possible channel infinite loop if the connection dropped. + * rlo #88 - Added missing channel request_state and set it to accepted. + * rlo #89 - Reset error state to no error on successful SSHv1 authentiction. + * Fixed a possible use after free in ssh_free(). + * Fixed multiple possible NULL pointer dereferences. + * Fixed multiple memory leaks in error paths. + * Fixed timeout handling. + * Fixed regression in pre-connected socket setting. + * Handle all unknown global messages. + +------------------------------------------------------------------- +Tue Feb 7 13:34:00 UTC 2012 - jengelh@medozas.de + +- Ensure pkgconfig symbols are provided + +------------------------------------------------------------------- +Tue Jan 31 10:36:26 UTC 2012 - jengelh@medozas.de + +- Remove redundant tags/sections per specfile guideline suggestions +- Parallel building using %_smp_mflags +- Make pkgconfig provides available +- Add patch to work around compilation problems on SLES11SP1 + +------------------------------------------------------------------- +Sat Sep 17 07:00:53 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.2 + * Increased window size x10. + * Fixed SSHv1. + * Fixed bugged lists. + * Fixed use-after-free + inconsistent callbacks call in poll. + * Fixed scp documentation. + * Fixed possible infinite loop in channel_read(). + * Fixed handling of short reads of sftp_async_read(). + * Fixed handling request service timeout in blocking mode. + * Fixed ssh_auth_list() documentation. + * Fixed incorrect return values in ssh_channel_write(). + * Fixed an infinite loop in the termination callback. + * Fixed handling of SSH_AGAIN in channel_open(). + * Fixed "status -5 inflating zlib packet" + +------------------------------------------------------------------- +Tue Sep 6 03:36:48 UTC 2011 - crrodriguez@opensuse.org + +- Build with OPENSSL_LOAD_CONF so we respect user's choice + of which "openssl engine" to use for crypto (aes-ni,intel-accel) + +------------------------------------------------------------------- +Tue Aug 9 15:12:39 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.1 + * Added checks for NULL pointers in string.c. + * Set the channel max packet size to 32768. + * Don't (de)compress empty buffers. + * Fixed ssh_scp_write so it works when doing recursive copy. + * Fixed another source of endless wait. + * Fixed an endless loop in case of a channel_open error. + * Fixed session timeout handling. + * Fixed ssh_channel_from_local() loop. + * Fixed permissions of scp example when we copy a file. + * Workaround ssh_get_user_home_dir on LDAP users. + * Added pkg-config support for libssh_threads. + * Fixed compilation without server and sftp modes. + * Fix static .lib overwriting on Windows. + +------------------------------------------------------------------- +Tue May 31 14:32:09 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.0 + * Added ssh_ prefix to all functions. + * Added complete Windows support. + * Added improved server support. + * Added unit tests for a lot of functions. + * Added asynchronous service request. + * Added a multiplatform ssh_getpass() function. + * Added a tutorial. + * Added a lot of documentation. + * Fixed a lot of bugs. + * Fixed several memory leaks. + +------------------------------------------------------------------- +Sat Jan 15 08:58:45 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.4.8 + * Fixed memory leaks in session signing. + * Fixed memory leak in ssh_print_hexa. + * Fixed problem with ssh_connect w/ timeout and fd > 1024. + * Fixed some warnings on OS/2. + * Fixed installation path for OS/2. + +------------------------------------------------------------------- +Mon Dec 27 20:12:23 CET 2010 - asn@cynapses.org + +- Update to version 0.4.7 + * Fixed a possible memory leak in ssh_get_user_home(). + * Fixed a memory leak in sftp_xstat. + * Fixed uninitialized fd->revents member. + * Fixed timout value in ssh_channel_accept(). + * Fixed length checks in ssh_analyze_banner(). + * Fixed a possible data overread and crash bug. + * Fixed setting max_fd which breaks ssh_select(). + * Fixed some pedantic build warnings. + * Fixed a memory leak with session->bindaddr. + +------------------------------------------------------------------- +Sun Sep 5 19:30:28 CEST 2010 - asn@cynapses.org + +- Update to version 0.4.6 + * Added a cleanup function to free the ws2_32 library. + * Fixed build with gcc 3.4. + * Fixed the Windows build on Vista and newer. + * Fixed the usage of WSAPoll() on Windows. + * Fixed "@deprecated" in doxygen + * Fixed some mingw warnings. + * Fixed handling of opened channels. + * Fixed keepalive problem on older openssh servers. + * Fixed testing for big endian on Windows. + * Fixed the Windows preprocessor macros and defines. + +------------------------------------------------------------------- +Tue Jul 13 10:27:13 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.5 + * Added option to bind a client to an ip address. + * Fixed the ssh socket polling function. + * Fixed Windows related bugs in bsd_poll(). + * Fixed serveral build warnings. + +------------------------------------------------------------------- +Mon May 31 14:13:55 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.4 + * Fixed some bugs ein path expand functions. + +------------------------------------------------------------------- +Mon May 17 23:50:11 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.3 + * Added global/keepalive responses. + * Added runtime detection of WSAPoll(). + * Added a select(2) based poll-emulation if poll(2) is not available. + * Added a function to expand an escaped string. + * Added a function to expand the tilde from a path. + * Added a proxycommand support. + * Added ssh_privatekey_type public function + * Added the possibility to define _OPENSSL_DIR and _ZLIB_DIR. + * Fixed sftp_chown. + * Fixed sftp_rename on protocol version 3. + * Fixed a blocking bug in channel_poll. + * Fixed config parsing wich has overwritten user specified values. + * Fixed hashed [host]:port format in knownhosts + * Fixed Windows build. + * Fixed doublefree happening after a negociation error. + * Fixed aes*-ctr with <= OpenSSL 0.9.7b. + * Fixed some documentation. + * Fixed exec example which has broken read usage. + * Fixed broken algorithm choice for server. + * Fixed a typo that we don't export all symbols. + * Removed the unneeded dependency to doxygen. + * Build examples only on the Linux plattform. + +------------------------------------------------------------------- +Mon Mar 15 19:40:44 CET 2010 - anschneider@exsuse.de + +- Update to version 0.4.2 + * Added owner and group information in sftp attributes. + * Added missing SSH_OPTIONS_FD option. + * Added printout of owner and group in the sftp example. + * Added a prepend function for ssh_list. + * Added send back replies to openssh's keepalives. + * Fixed documentation in scp code + * Fixed longname parsing, this only workings with readdir. + * Fixed and added support for several identity files. + * Fixed sftp_parse_longname() on Windows. + * Fixed a race condition bug in ssh_scp_close() + * Remove config support for SSHv1 Cipher variable. + * Rename ssh_list_add to ssh_list_append. + * Rename ssh_list_get_head to ssh_list_pop_head + +------------------------------------------------------------------- +Mon Feb 15 12:41:47 CET 2010 - anschneider@exsuse.de + +- Fixed Requires. + +------------------------------------------------------------------- +Sat Feb 13 15:29:14 CET 2010 - anschneider@exsuse.de + +- Update to version 0.4.1 + * Added support for aes128-ctr, aes192-ctr and aes256-ctr encryption. + * Added an example for exec. + * Added private key type detection feature in privatekey_from_file(). + * Fixed zlib compression fallback. + * Fixed kex bug that client preference should be prioritary + * Fixed known_hosts file set by the user. + * Fixed a memleak in channel_accept(). + * Fixed underflow when leave_function() are unbalanced + * Fixed memory corruption in handle_channel_request_open(). + * Fixed closing of a file handle case of errors in privatekey_from_file(). + * Fixed ssh_get_user_home_dir() to be thread safe. + * Fixed the doxygen documentation. + +------------------------------------------------------------------- +Thu Dec 10 23:43:19 CET 2009 - anschneider@exsuse.de + +- Update to version 0.4.0 + * Added scp support. + * Added support for sending signals (RFC 4254, section 6.9). + * Added MSVC support. + * Added support for ~/.ssh/config. + * Added sftp extension support. + * Added X11 forwarding support for client. + * Added forward listening. + * Added support for openssh extensions (statvfs, fstatvfs). + * Added a cleaned up interface for setting options. + * Added a generic way to handle sockets asynchronously. + * Added logging of the sftp flags used to open a file. + * Added full poll() support and poll-emulation for win32. + * Added missing 64bit functions in sftp. + * Added support for ~/ and SSH_DIR/ in filenames instead of %s/. + * Fixed Fix channel_get_exit_status bug. + * Fixed calltrace logging to make it optional. + * Fixed compilation on Solaris. + * Fixed resolving of ip addresses. + * Fixed libssh compilation without server support. + * Fixed possible memory corruptions (ticket #14). + +------------------------------------------------------------------- +Mon Sep 14 10:20:52 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.4. + * Added ssh_basename and ssh_dirname. + * Added a portable ssh_mkdir function. + * Added a sftp_tell64() function. + * Added missing NULL pointer checks to crypt_set_algorithms_server. + * Fixed ssh_write_knownhost if ~/.ssh doesn't exist. + * Fixed a possible integer overflow in buffer_get_data(). + * Fixed possible security bug in packet_decrypt(). + +------------------------------------------------------------------- +Tue Aug 18 15:28:06 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.3. + * Fixed double free pointer crash in dsa_public_to_string. + * Fixed channel_get_exit_status bug. + * Fixed ssh_finalize which didn't clear the flag. + * Fixed memory leak introduced by previous bugfix. + * Fixed channel_poll broken when delayed EOF recvd. + * Fixed stupid "can't parse known host key" bug. + * Fixed possible memory corruption (ticket #14). + +------------------------------------------------------------------- +Tue Aug 4 16:20:25 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.2 + * Added ssh_init() function. + * Added sftp_readlink() function. + * Added sftp_symlink() function. + * Fixed ssh_write_knownhost(). + * Fixed compilation on Solaris. + * Fixed SSHv1 compilation. + +------------------------------------------------------------------- +Tue Jul 14 09:55:36 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.1 + * Added return code SSH_SERVER_FILE_NOT_FOUND. + * Fixed compilation of SSHv1. + * Fixed several memory leaks. + * Fixed possible infinite loops. + * Fixed a possible crash bug. + * Fixed build warnings. + * Fixed cmake on BSD. + +------------------------------------------------------------------- +Thu May 21 10:52:35 CEST 2009 - anschneider@exsuse.de + +- Update to version 0.3.0 + * Added support for ssh-agent authentication. + * Added POSIX like sftp implementation. + * Added error checking to all functions. + * Added const to arguments where it was needed. + * Added a channel_get_exit_status() function. + * Added a channel_read_buffer() function, channel_read() is now + a POSIX like function. + * Added a more generic auth callback function. + * Added printf attribute checking for log and error functions. + * Added runtime function tracer support. + * Added NSIS build support with CPack. + * Added openssh hashed host support. + * Added API documentation for all public functions. + * Added asynchronous SFTP read function. + * Added a ssh_bind_set_fd() function. + * Fixed known_hosts parsing. + * Fixed a lot of build warnings. + * Fixed the Windows build. + * Fixed a lot of memory leaks. + * Fixed a double free corruption in the server support. + * Fixed the "ssh_accept:" bug in server support. + * Fixed important channel bugs. + * Refactored the socket handling. + * Switched to CMake build system. + * Improved performance. + +------------------------------------------------------------------- +Mon Nov 17 17:46:00 CET 2008 - anschneider@suse.de + +- Add 'Provides: libssh' to the library that the debuginfo package + can be installed. +- Fix channel performance by changing the window len. +- Use libssh2 as name for the library package. +- Remove rpmlintrc + +------------------------------------------------------------------- +Tue Oct 7 21:19:07 CEST 2008 - aj@suse.de + +- Disable parallel build since it breaks the build. + +------------------------------------------------------------------- +Tue Sep 30 14:02:58 CEST 2008 - ro@suse.de + +- Add rpmlintrc (desired package name is already taken by another + package) + +------------------------------------------------------------------- +Tue Sep 30 13:49:00 CEST 2008 - ro@suse.de + +- Fix debug package requires + +------------------------------------------------------------------- +Tue Sep 30 12:41:19 CEST 2008 - ro@suse.de + +- Fixed filelist + +------------------------------------------------------------------- +Thu Aug 21 11:26:29 CEST 2008 - anschneider@suse.de + +- Map the permissions field to the type field for sftp v3. +- Add errno mapping for sftp functions + +------------------------------------------------------------------- +Wed Aug 20 16:08:57 CEST 2008 - anschneider@suse.de + +- Initial libssh package + diff --git a/libssh.keyring b/libssh.keyring new file mode 100644 index 0000000..9c2a937 --- /dev/null +++ b/libssh.keyring @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGZxQOQBEAC1EO1SSoQmzAyAyfQRRHcI4Je5E4mdTchhblLXmuxThquYZ6Xp +MT3alO6UxDO6aulzd0/RpLviELRwXqEKuUVC9oNbsolWT3sCh0J6ju2LNtmixPIf +5hd6UQRE32k7AXgwju7bn4TebVkl2fXsdtqSY+57Rs+8G7HiCRDoiYw1S4OwKsuI +RU7F4VNTV3drfcqpY1JZhMM/oestGqhWfln59kRgvqPDdOlX6Jv1502lElRddHBl +1f/SnE/mZQJ8Y+zfFuCxkhKZHYLzO3scudUIOHfVt2tLEYYsYK23NFAnF4ECYv+H +F1PoITbd8WeXoFeMjSr1h19ElzW76eBPvOYzqlzEKQ8b8uQUTqmyZl7HhQOtsIXG +YBYi3V30I+JBuEGkkhtkbXVET8sE1FCX2xSDOsqshqSiLchlVJxiQlThqZ4prtBC +byaTmdxFKRsQmSvLv5V9Puel80mzvM/L85s+gop9btygJ+Vpo1Dtdkbvp/jz+k1f +arZaqAFPE9/rJlMEW8HE12QBYpxiQAl6k0KUu/1MUcTbaZ7wbzQVGHXTmrP9mGff +9DTPeK01UPJpR9lT/kFwo/ip7nkI0zHcoAgwCGLNHCnbWjjz6ZAzYS9Dj8RG1T13 +g/TjpQtmNWxdPIQ3yZDv30BKFv1aoWLejz4rj19dtPnVClUyMlRPonDDfwARAQAB +tDRsaWJzc2ggcmVsZWFzZSBrZXkgKHJlbGVhc2Uga2V5KSA8bGlic3NoQGxpYnNz +aC5vcmc+iQJXBBMBCABBFiEEiKIo2JsHwsd9DHgJA9XfjP3T6OcFAmZxQOQCGwMF +CRLMAwAFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AACgkQA9XfjP3T6OfPBA// +cQA2fdsNyIgAyhppHAtdmKtRaN5dWj9InKZTWRmWNMAU3lTrMCGVurz2tcg2X6Xz +rVvZuXbLnb6GIRU0ly+nYiBZF4qDL088NtqN7AEEUaabOmlSZr5wXyJObMvlzDg9 +GkjKAKH2CBztROtG3P91uHQ12SDqqIGw5/LlWGUSBzDnChdaB7ntODmjJ8wHqyOy +tD6GIfy7KkvnD6nyCXvqlZgo0/nr91otkDFbJrF/IobZD1hiBcps7b3oC3ms0e9T +usk4wl+oUi2LdTIOVvAag17gdkbH7MXMMOwhbNrV5MEyKpleTfm+R+jo48hRwdrn +LMrDR0+f26bIsWILvGE9GIqvoJD3rKDgjTFwmMcM4OLssCgTTy0h93gDbyBrOmA9 +gJDApWWLq26SkDGIrsp4JcYlcR3m4S2Bjg98PTbz96fATK+AZ/R1Kntbt1J7DcnT +th3q4jXFIPUzvZA0r7Ul+UM/OfVr/Ryc023oID5po1zeO3HyVKVxXYY/DgpzWTcq +iwGjWM18XRDhUVV7eOJZ4XRcyDhf4eEF8etwFFraXjVVimCCEqgukEQh9azr+kqi +IWYoAH0fwVP85u38WqlLS+9in5mKq+lBFI201RpkzsdPDtJMtXTYgw1s6IrQntzF +w1PIJ/49b7nZhqvp0sMQGlAKfYTQvQsiAuEfzNiFcTS5Ag0EZnFA5AEQAJNgU4Wg +S+DUP9/wutGn9ADAEIZvD+dxpliKFmtfUeLiNAtaEfxmL7YCazlZbJ7tdhplwfJP +Es9k7G0K+8k1t+gni9sc7/W/0bB12cbCOxDlfcWATP5RZUfCc7eQVsWm1Sq41W2C +WGLqp9oC9jd2KGlReE4tj1PUmYtdHDOLBKr3PJrHHTGaF+4Qem5PVx+4ZmaH0qGT +8CmKYdhE0P8EYNImkmYsCo2nf3tbnjxBNAvwb1ljwJ1djFO72huvHslo6oTuQ+W6 +Bam4m37b+AA/NiXk3RkrL8dwHB/D4G4fk0yflVQFx+0uwYj+Ik5HAri7WISOYfBN +Yvb6VPm9cdw/ajF0sV4d1bChroLkw0Y9VW5jEkhwGeLexY+bLP+uLOn9CvSd5iZX +kmamBA5c/jDWAibqgADux3OKNOa7JND38axuc67o5BynfW1iw3osU5fa/jdOxogJ +xgRq+muWh8rpVGuJHLDcG2TWxC66zEA7Dp8UE/nToIZeP7m6Ihzpo37a33m0BfKH +qG2cM4EYjIoFDFlbBbk7RogOXTshVc69JhKUaNNh8zSlCOTjwQedqPb7eW+zkPOc +ZdII3a+oLe4j49+QBiRXoJT3QWhqbxQYF5gnv86o/ZhAUrzEW8KAk8vJAHiKJhe1 +sGHgu0yuiq5Ox4HHBrVBiEgZPxEYo4+xGLz7ABEBAAGJAjwEGAEIACYWIQSIoijY +mwfCx30MeAkD1d+M/dPo5wUCZnFA5AIbDAUJEswDAAAKCRAD1d+M/dPo523QD/wM ++Tf6y684Vn1HKMMyDLLCv1fFoSdialbf0gieXIlLm9yH0VaAcnMYFN7flYSekISq +23uH6ZIcABSfvg4dCCKUUggR3CnUql0SjF9BtFisGiCsDGlH3fNH0d1Ts0FOUdkL +TH/U676r08DQu1t0iSdOuDxM9FAo926gJSvyorLx7X94KhUeHhXfmzZ88ydz0ked +KFTKoo/LVhxRIoAGUdl98uJ+oycoELAeg7u0djVk+Hkw6ZLnMsjJBYHV3SyOXBpy +beQ9O3yK0oNqHW1oIAnHtX/Msqzj+x2+BMpjirsaHWsewnXgDUG/2h1MN67XW1zu +boztT8zswALbPfkOxS4Y+evaSnq4W6xF4dGuh2sM6g82pyAHdpBPrp4WEKnAcvi4 +5EFNZYpKbQVXnDyK4899CCPcsxj56DlVtJRv167WNRBlU6k6MUVZH0F1JLQpxwx5 +TlohKUa2KBnBZofmCD0xRzV7GbT08KRObSrMqIQU4ILqs2TlhDJhYMurKh7sWKFO +CX8wWu1TupOt7Zkf/OPapW2konKTu4h36yoPR6D4JZQhd6zZ+4+BsxgzdKCORPM5 +DfSh15+evGapxAdUZrt/N4q2o2TdMcaSu4cZQnqu2soBWiNEa1DeBurCwrHJu/tt +dEyK6ESk4OGJ2ycirv4skD17gMHNRODFjhAgKgEybg== +=m20i +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libssh.spec b/libssh.spec new file mode 100644 index 0000000..e00b223 --- /dev/null +++ b/libssh.spec @@ -0,0 +1,167 @@ +# +# spec file for package libssh +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "test" +%define pkg_suffix -test +%bcond_without test +%else +%define pkg_suffix %{nil} +%bcond_with test +%endif +Name: libssh%{pkg_suffix} +Version: 0.11.1 +Release: 0 +Summary: The SSH library +License: LGPL-2.1-or-later +Group: Development/Libraries/C and C++ +URL: https://www.libssh.org +Source0: https://www.libssh.org/files/0.11/libssh-%{version}.tar.xz +Source1: https://www.libssh.org/files/0.11/libssh-%{version}.tar.xz.asc +Source2: https://www.libssh.org/files/0x03D5DF8CFDD3E8E7_libssh_libssh_org_gpgkey.asc#/libssh.keyring +Source3: libssh_client.config +Source4: libssh_server.config +Source99: baselibs.conf +BuildRequires: cmake +BuildRequires: gcc-c++ +BuildRequires: krb5-devel +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: xz +BuildRequires: zlib-devel +# doxygen generated documentation used to be in subpkg +Obsoletes: %{name}-devel-doc <= 0.8.6 +%if %{with test} +BuildRequires: libcmocka-devel +BuildRequires: openssh +%if 0%{?suse_version} > 1550 +BuildRequires: nss_wrapper +BuildRequires: pam_wrapper +BuildRequires: socket_wrapper +BuildRequires: uid_wrapper +%endif +%endif + +%description +An SSH implementation in the form of a library. With libssh, you can remotely +execute programs, transfer files, use a secure and transparent tunnel for your +remote programs. It supports SFTP as well. + +This package provides libssh from https://www.libssh.org that should not be +confused with libssh2 available from https://www.libssh2.org (libssh2 package) + +%package -n libssh4 +Summary: SSH library +Group: System/Libraries +Requires: %{name}-config >= %{version} + +%description -n libssh4 +An SSH implementation in the form of a library. With libssh, you can remotely +execute programs, transfer files, use a secure and transparent tunnel for your +remote programs. It supports SFTP as well. + +This package provides libssh from https://www.libssh.org that should not be +confused with libssh2 available from https://www.libssh2.org (libssh2 package) + +%package config +Summary: SSH library configuration files +Group: Productivity/Networking/SSH +BuildArch: noarch + +%description config +Configuration files for the SSH library. + +%package devel +Summary: SSH library development headers +Group: Development/Libraries/C and C++ +Requires: cmake +Requires: libssh4 = %{version} + +%description devel +Development headers for the SSH library. + +%prep +%autosetup -p1 -n libssh-%{version} + +%build +%cmake \ + -DCMAKE_C_FLAGS:STRING="%{optflags} -DOPENSSL_LOAD_CONF" \ +%if %{with test} + -DUNIT_TESTING="ON" \ +%if 0%{?suse_version} > 1550 + -DCLIENT_TESTING=ON \ + -DSERVER_TESTING=ON \ +%endif +%endif + -DWITH_GSSAPI=ON \ + -DWITH_EXAMPLES="OFF" \ + -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \ + -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config" + +make %{?_smp_mflags} + +%install +%if !%{with test} +%cmake_install + +install -d -m755 %{buildroot}%{_sysconfdir}/libssh +install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config +install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config + +# Fix incorrect include path, (boo#1211718). +%if 0%{?suse_version} > 1600 +sed -i '/^Include/ s|/etc|/usr/etc|' %{buildroot}%{_sysconfdir}/libssh/libssh_client.config +sed -i '/^Include/ s|/etc|/usr/etc|' %{buildroot}%{_sysconfdir}/libssh/libssh_server.config +# Don't change the path for crypto-policies libssh.config (bsc#1222716) +sed -i '/^Include/ s|/usr/etc/crypto-policies|/etc/crypto-policies|' %{buildroot}%{_sysconfdir}/libssh/libssh_client.config +sed -i '/^Include/ s|/usr/etc/crypto-policies|/etc/crypto-policies|' %{buildroot}%{_sysconfdir}/libssh/libssh_server.config +%endif + +%endif + +%check +%if %{with test} +# Tests are randomly failing when run in parallel +%define _smp_mflags %{nil} +%ctest +%endif + +%if !%{with test} +%post -n libssh4 -p /sbin/ldconfig +%postun -n libssh4 -p /sbin/ldconfig + +%files -n libssh4 +%doc AUTHORS README CHANGELOG +%{_libdir}/libssh.so.* + +%files config +%dir %{_sysconfdir}/libssh +%config(noreplace) %{_sysconfdir}/libssh/libssh_client.config +%config(noreplace) %{_sysconfdir}/libssh/libssh_server.config + +%files devel +%{_includedir}/libssh +%{_libdir}/libssh.so +%{_libdir}/pkgconfig/libssh.pc +%dir %{_libdir}/cmake/libssh +%{_libdir}/cmake/libssh/libssh-config.cmake +%{_libdir}/cmake/libssh/libssh-config-relwithdebinfo.cmake +%{_libdir}/cmake/libssh/libssh-config-version.cmake +%endif + +%changelog diff --git a/libssh_client.config b/libssh_client.config new file mode 100644 index 0000000..fde1673 --- /dev/null +++ b/libssh_client.config @@ -0,0 +1,4 @@ +# Parse system-wide crypto configuration file +Include /etc/crypto-policies/back-ends/libssh.config +# Parse OpenSSH configuration file for consistency +Include /etc/ssh/ssh_config diff --git a/libssh_server.config b/libssh_server.config new file mode 100644 index 0000000..387b8b3 --- /dev/null +++ b/libssh_server.config @@ -0,0 +1,2 @@ +# Parse system-wide crypto configuration file +Include /etc/crypto-policies/back-ends/libssh.config