diff --git a/0001-Soften-behaviour-of-the-Compression-no-yes-option.patch b/0001-Soften-behaviour-of-the-Compression-no-yes-option.patch new file mode 100644 index 0000000..6fb2aae --- /dev/null +++ b/0001-Soften-behaviour-of-the-Compression-no-yes-option.patch @@ -0,0 +1,103 @@ +From 14991ad0718c137828e780308fc1f7027293ec15 Mon Sep 17 00:00:00 2001 +From: Fabian Vogt +Date: Thu, 23 Dec 2021 12:34:00 +0100 +Subject: [PATCH] Soften behaviour of the Compression=no/yes option + +Currently Compression=no (the default) force-disables zlib algos, while +Compression=yes force-enables it. This means that mismatching options between +client and server lead to connection failure. This can easily happen if the +server has default settings but the client specifies Compression=yes. + +OpenSSH treats the option as a "prefer compression" setting: +Compression=no -> none,zlib@openssh.com,zlib (default) +Compression=yes -> zlib@openssh.com,zlib,none + +This commit changes the libssh behaviour to the same as OpenSSH. + +Signed-off-by: Fabian Vogt +Reviewed-by: Andreas Schneider +Reviewed-by: Jakub Jelen +--- + src/kex.c | 6 +++--- + src/options.c | 8 ++++---- + tests/unittests/torture_config.c | 10 ++++++---- + tests/unittests/torture_options.c | 29 +++++++++++++++++++++++++---- + 4 files changed, 38 insertions(+), 15 deletions(-) + +Index: libssh-0.9.6/src/kex.c +=================================================================== +--- libssh-0.9.6.orig/src/kex.c ++++ libssh-0.9.6/src/kex.c +@@ -94,7 +94,7 @@ + #endif /* HAVE_LIBCRYPTO */ + + #ifdef WITH_ZLIB +-#define ZLIB "none,zlib,zlib@openssh.com" ++#define ZLIB "none,zlib@openssh.com,zlib" + #else + #define ZLIB "none" + #endif +@@ -218,8 +218,8 @@ static const char *default_methods[] = { + AES BLOWFISH DES, + "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1", + "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1", +- "none", +- "none", ++ ZLIB, ++ ZLIB, + "", + "", + NULL +Index: libssh-0.9.6/src/options.c +=================================================================== +--- libssh-0.9.6.orig/src/options.c ++++ libssh-0.9.6/src/options.c +@@ -844,10 +844,10 @@ int ssh_options_set(ssh_session session, + return -1; + } else { + if (strcasecmp(value,"yes")==0){ +- if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib") < 0) ++ if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib,none") < 0) + return -1; + } else if (strcasecmp(value,"no")==0){ +- if(ssh_options_set_algo(session,SSH_COMP_C_S,"none") < 0) ++ if(ssh_options_set_algo(session,SSH_COMP_C_S,"none,zlib@openssh.com,zlib") < 0) + return -1; + } else { + if (ssh_options_set_algo(session, SSH_COMP_C_S, v) < 0) +@@ -862,10 +862,10 @@ int ssh_options_set(ssh_session session, + return -1; + } else { + if (strcasecmp(value,"yes")==0){ +- if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib") < 0) ++ if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib,none") < 0) + return -1; + } else if (strcasecmp(value,"no")==0){ +- if(ssh_options_set_algo(session,SSH_COMP_S_C,"none") < 0) ++ if(ssh_options_set_algo(session,SSH_COMP_S_C,"none,zlib@openssh.com,zlib") < 0) + return -1; + } else { + if (ssh_options_set_algo(session, SSH_COMP_S_C, v) < 0) +Index: libssh-0.9.6/tests/unittests/torture_config.c +=================================================================== +--- libssh-0.9.6.orig/tests/unittests/torture_config.c ++++ libssh-0.9.6/tests/unittests/torture_config.c +@@ -345,12 +345,14 @@ static void torture_config_new(void **st + assert_string_equal(session->opts.bindaddr, BIND_ADDRESS); + #ifdef WITH_ZLIB + assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], +- "zlib@openssh.com,zlib"); ++ "zlib@openssh.com,zlib,none"); + assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], +- "zlib@openssh.com,zlib"); ++ "zlib@openssh.com,zlib,none"); + #else +- assert_null(session->opts.wanted_methods[SSH_COMP_C_S]); +- assert_null(session->opts.wanted_methods[SSH_COMP_S_C]); ++ assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S], ++ "none"); ++ assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C], ++ "none"); + #endif /* WITH_ZLIB */ + assert_int_equal(session->opts.StrictHostKeyChecking, 0); + assert_int_equal(session->opts.gss_delegate_creds, 1); diff --git a/libssh.changes b/libssh.changes index 082576f..54677ca 100644 --- a/libssh.changes +++ b/libssh.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Jan 5 13:58:56 UTC 2022 - Fabian Vogt + +- Add patch to make the compression option more compatible (boo#1192731): + * 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch + ------------------------------------------------------------------- Thu Aug 26 13:15:59 UTC 2021 - Andreas Schneider diff --git a/libssh.spec b/libssh.spec index 7729d64..3f54d61 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,7 +1,7 @@ # # spec file # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -43,6 +43,8 @@ Source3: libssh_client.config Source4: libssh_server.config Source99: baselibs.conf Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch +# PATCH-FIX-UPSTREAM +Patch1: 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch BuildRequires: cmake BuildRequires: gcc-c++ BuildRequires: krb5-devel