pool/libssh
SHA256
11
0
Fork 3
Code Issues Pull Requests Activity

Accepting request 944781 from devel:libraries:c_c++

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/944781
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libssh?expand=0&rev=66
This commit is contained in:
Dominique Leuenberger
2022-01-09 21:50:02 +00:00
committed by Git OBS Bridge
parent 9938b7e3e3 8313717b4c
commit 96d20a8bb8
3 changed files with 112 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
0001-Soften-behaviour-of-the-Compression-no-yes-option.patch Normal file
View File

@@ -0,0 +1,103 @@
From 14991ad0718c137828e780308fc1f7027293ec15 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fabian@ritter-vogt.de>
Date: Thu, 23 Dec 2021 12:34:00 +0100
Subject: [PATCH] Soften behaviour of the Compression=no/yes option
Currently Compression=no (the default) force-disables zlib algos, while
Compression=yes force-enables it. This means that mismatching options between
client and server lead to connection failure. This can easily happen if the
server has default settings but the client specifies Compression=yes.
OpenSSH treats the option as a "prefer compression" setting:
Compression=no -> none,zlib@openssh.com,zlib (default)
Compression=yes -> zlib@openssh.com,zlib,none
This commit changes the libssh behaviour to the same as OpenSSH.
Signed-off-by: Fabian Vogt <fabian@ritter-vogt.de>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
src/kex.c | 6 +++---
src/options.c | 8 ++++----
tests/unittests/torture_config.c | 10 ++++++----
tests/unittests/torture_options.c | 29 +++++++++++++++++++++++++----
4 files changed, 38 insertions(+), 15 deletions(-)
Index: libssh-0.9.6/src/kex.c
===================================================================
--- libssh-0.9.6.orig/src/kex.c
+++ libssh-0.9.6/src/kex.c
@@ -94,7 +94,7 @@
#endif /* HAVE_LIBCRYPTO */
#ifdef WITH_ZLIB
-#define ZLIB "none,zlib,zlib@openssh.com"
+#define ZLIB "none,zlib@openssh.com,zlib"
#else
#define ZLIB "none"
#endif
@@ -218,8 +218,8 @@ static const char *default_methods[] = {
AES BLOWFISH DES,
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
"hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1",
- "none",
- "none",
+ ZLIB,
+ ZLIB,
"",
"",
NULL
Index: libssh-0.9.6/src/options.c
===================================================================
--- libssh-0.9.6.orig/src/options.c
+++ libssh-0.9.6/src/options.c
@@ -844,10 +844,10 @@ int ssh_options_set(ssh_session session,
return -1;
} else {
if (strcasecmp(value,"yes")==0){
- if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib") < 0)
+ if(ssh_options_set_algo(session,SSH_COMP_C_S,"zlib@openssh.com,zlib,none") < 0)
return -1;
} else if (strcasecmp(value,"no")==0){
- if(ssh_options_set_algo(session,SSH_COMP_C_S,"none") < 0)
+ if(ssh_options_set_algo(session,SSH_COMP_C_S,"none,zlib@openssh.com,zlib") < 0)
return -1;
} else {
if (ssh_options_set_algo(session, SSH_COMP_C_S, v) < 0)
@@ -862,10 +862,10 @@ int ssh_options_set(ssh_session session,
return -1;
} else {
if (strcasecmp(value,"yes")==0){
- if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib") < 0)
+ if(ssh_options_set_algo(session,SSH_COMP_S_C,"zlib@openssh.com,zlib,none") < 0)
return -1;
} else if (strcasecmp(value,"no")==0){
- if(ssh_options_set_algo(session,SSH_COMP_S_C,"none") < 0)
+ if(ssh_options_set_algo(session,SSH_COMP_S_C,"none,zlib@openssh.com,zlib") < 0)
return -1;
} else {
if (ssh_options_set_algo(session, SSH_COMP_S_C, v) < 0)
Index: libssh-0.9.6/tests/unittests/torture_config.c
===================================================================
--- libssh-0.9.6.orig/tests/unittests/torture_config.c
+++ libssh-0.9.6/tests/unittests/torture_config.c
@@ -345,12 +345,14 @@ static void torture_config_new(void **st
assert_string_equal(session->opts.bindaddr, BIND_ADDRESS);
#ifdef WITH_ZLIB
assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
- "zlib@openssh.com,zlib");
+ "zlib@openssh.com,zlib,none");
assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
- "zlib@openssh.com,zlib");
+ "zlib@openssh.com,zlib,none");
#else
- assert_null(session->opts.wanted_methods[SSH_COMP_C_S]);
- assert_null(session->opts.wanted_methods[SSH_COMP_S_C]);
+ assert_string_equal(session->opts.wanted_methods[SSH_COMP_C_S],
+ "none");
+ assert_string_equal(session->opts.wanted_methods[SSH_COMP_S_C],
+ "none");
#endif /* WITH_ZLIB */
assert_int_equal(session->opts.StrictHostKeyChecking, 0);
assert_int_equal(session->opts.gss_delegate_creds, 1);

6
libssh.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Jan 5 13:58:56 UTC 2022 - Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to make the compression option more compatible (boo#1192731):
* 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Aug 26 13:15:59 UTC 2021 - Andreas Schneider <asn@cryptomilk.org> Thu Aug 26 13:15:59 UTC 2021 - Andreas Schneider <asn@cryptomilk.org>

4
libssh.spec
View File

@@ -1,7 +1,7 @@
# #
# spec file # spec file
# #
# Copyright (c) 2021 SUSE LLC # Copyright (c) 2022 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@@ -43,6 +43,8 @@ Source3: libssh_client.config
Source4: libssh_server.config Source4: libssh_server.config
Source99: baselibs.conf Source99: baselibs.conf
Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch
# PATCH-FIX-UPSTREAM
Patch1: 0001-Soften-behaviour-of-the-Compression-no-yes-option.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: gcc-c++ BuildRequires: gcc-c++
BuildRequires: krb5-devel BuildRequires: krb5-devel