Accepting request 711121 from home:pmonrealgonzalez:branches:devel:libraries:c_c++

- Version update to 1.9.0: Enhancements and bugfixes: * adds ECDSA keys and host key support when using OpenSSL * adds ED25519 key and host key support when using OpenSSL 1.1.1 * adds OpenSSH style key file reading * adds AES CTR mode support when using WinCNG * adds PEM passphrase protected file support for Libgcrypt and WinCNG * adds SHA256 hostkey fingerprint * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() * adds explicit zeroing of sensitive data in memory * adds additional bounds checks to network buffer reads * adds the ability to use the server default permissions when creating sftp directories * adds support for building with OpenSSL no engine flag * adds support for building with LibreSSL * increased sftp packet size to 256k * fixed oversized packet handling in sftp * fixed building with OpenSSL 1.1 * fixed a possible crash if sftp stat gets an unexpected response * fixed incorrect parsing of the KEX preference string value * fixed conditional RSA and AES-CTR support * fixed a small memory leak during the key exchange process * fixed a possible memory leak of the ssh banner string * fixed various small memory leaks in the backends * fixed possible out of bounds read when parsing public keys from the server * fixed possible out of bounds read when parsing invalid PEM files * no longer null terminates the scp remote exec command * now handle errors when diffie hellman key pair generation fails * improved building instructions * improved unit tests - Rebased patch libssh2-ocloexec.patch OBS-URL: https://build.opensuse.org/request/show/711121 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh2_org?expand=0&rev=65
2019-06-21 09:50:59 +00:00 · 2019-06-21 09:50:59 +00:00 · 9307041c2f
commit 9307041c2f
parent 4dd88213d6
7 changed files with 85 additions and 38 deletions
--- a/libssh2-1.8.2.tar.gz
+++ b/libssh2-1.8.2.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:088307d9f6b6c4b8c13f34602e8ff65d21c2dc4d55284dfe15d502c4ee190d67
-size 859587
--- a/libssh2-1.8.2.tar.gz.asc
+++ b/libssh2-1.8.2.tar.gz.asc
@ -1,11 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlyZLEkACgkQXMkI/bce
-EsKIgAf/SG014jBSrrYrNdcBHVWZHzHvCERX9f3+horQG97kTFwq7sr9mIXI+zJe
-ZFiHd7ugLLacqtYf6mbst+aTuy+OYxhCBbAHMm3i+cbH/xWFNw6xh3GqPSdlLTj8
-pwJSLTUKN26SqL9fSjEZGQTZJiMBnQuegCMFGwrkvtawPBAKQk2VBCot3y5G2tUa
-i8gZajgcbVjXTBkf63j0rRqTt0oiL5Vw43+8Z/2gp/QKfnjNI7P8i/mfMKxjt3rY
-vcoRoq2ZzGjm/jW4C1W+LpsvLOnaTNSR1AlYnWD50Snvx14QGCMqHdRj65UDUX5B
-uPXwzZCzXZ8IXKd1hxzbH240jwz8VQ==
-=tp1M
-----END PGP SIGNATURE-----
--- a/libssh2-1.9.0.tar.gz
+++ b/libssh2-1.9.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd
+size 888551
--- a/libssh2-1.9.0.tar.gz.asc
+++ b/libssh2-1.9.0.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAl0LJYMACgkQXMkI/bce
+EsLN6Af9G7wRkmiJre8ocUpeWwNILaHr7N7IN+K4SkFFA8uxhf19ur73TX93twQk
+Ft2N0biO3RxzL8Q6eMeLsxKCf1SKcW2M1taZfXSYq95+pWzSqtNasMZX/e6dTj9S
+0V50nutZHCQFIAmRB9XF34xuHqIphEkt9ohWSzZv2XFpJwk/MQ03AL/vBWCGycns
+dsITO7RRxmi9ymO4sDTlAGFxt/3CeoVEhaZ2UaBsKJWvxOFKKrw7/K44rAdx6SJQ
+rX4ScKgkpuJX0bcJReGKwWcBzRkD4uHwD5HRLv6zfRDWxUQ+o3Ziq3FRgHbRCjnQ
+6gN1teEjRkN+F80T+27aUDs/LcBKGg==
+=cd3b
+-----END PGP SIGNATURE-----
--- a/libssh2-ocloexec.patch
+++ b/libssh2-ocloexec.patch
@ -9,51 +9,64 @@ Subject: [PATCH] Use O_CLOEXEC where needed
 src/userauth.c  |    2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

-Index: libssh2-1.7.0/src/agent.c
+Index: libssh2-1.9.0/src/agent.c
 ===================================================================
--- libssh2-1.7.0.orig/src/agent.c	2016-02-09 22:54:08.000000000 +0100
-+++ libssh2-1.7.0/src/agent.c	2016-02-23 14:36:47.133091344 +0100
-@@ -152,7 +152,7 @@ agent_connect_unix(LIBSSH2_AGENT *agent)
-         return _libssh2_error(agent->session, LIBSSH2_ERROR_BAD_USE,
-                               "no auth sock variable");
+--- libssh2-1.9.0.orig/src/agent.c
+++ libssh2-1.9.0/src/agent.c
+@@ -157,7 +157,7 @@ agent_connect_unix(LIBSSH2_AGENT *agent)
+                                   "no auth sock variable");
+     }
 
 -    agent->fd = socket(PF_UNIX, SOCK_STREAM, 0);
 +    agent->fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
-     if (agent->fd < 0)
+     if(agent->fd < 0)
         return _libssh2_error(agent->session, LIBSSH2_ERROR_BAD_SOCKET,
                               "failed creating socket");
-Index: libssh2-1.7.0/src/knownhost.c
+Index: libssh2-1.9.0/src/knownhost.c
 ===================================================================
--- libssh2-1.7.0.orig/src/knownhost.c	2015-03-19 14:01:33.000000000 +0100
-+++ libssh2-1.7.0/src/knownhost.c	2016-02-23 14:36:47.134091362 +0100
-@@ -954,7 +954,7 @@ libssh2_knownhost_readfile(LIBSSH2_KNOWN
+--- libssh2-1.9.0.orig/src/knownhost.c
+++ libssh2-1.9.0/src/knownhost.c
+@@ -963,7 +963,7 @@ libssh2_knownhost_readfile(LIBSSH2_KNOWN
                               "Unsupported type of known-host information "
                               "store");
 
-    file = fopen(filename, "r");
-+    file = fopen(filename, "re");
+-    file = fopen(filename, FOPEN_READTEXT);
+    file = fopen(filename, FOPEN_READTEXT_CLOEXEC);
     if(file) {
         while(fgets(buf, sizeof(buf), file)) {
             if(libssh2_knownhost_readline(hosts, buf, strlen(buf), type)) {
-@@ -1178,7 +1178,7 @@ libssh2_knownhost_writefile(LIBSSH2_KNOW
+@@ -1204,7 +1204,7 @@ libssh2_knownhost_writefile(LIBSSH2_KNOW
                               "Unsupported type of known-host information "
                               "store");
 
-    file = fopen(filename, "w");
-+    file = fopen(filename, "we");
+-    file = fopen(filename, FOPEN_WRITETEXT);
+    file = fopen(filename, FOPEN_WRITETEXT_CLOEXEC);
     if(!file)
         return _libssh2_error(hosts->session, LIBSSH2_ERROR_FILE,
                               "Failed to open file");
-Index: libssh2-1.7.0/src/userauth.c
+Index: libssh2-1.9.0/src/userauth.c
 ===================================================================
--- libssh2-1.7.0.orig/src/userauth.c	2016-01-18 13:41:58.000000000 +0100
-+++ libssh2-1.7.0/src/userauth.c	2016-02-23 14:36:47.134091362 +0100
-@@ -538,7 +538,7 @@ file_read_publickey(LIBSSH2_SESSION * se
+--- libssh2-1.9.0.orig/src/userauth.c
+++ libssh2-1.9.0/src/userauth.c
+@@ -578,7 +578,7 @@ file_read_publickey(LIBSSH2_SESSION * se
     _libssh2_debug(session, LIBSSH2_TRACE_AUTH, "Loading public key file: %s",
                    pubkeyfile);
     /* Read Public Key */
-    fd = fopen(pubkeyfile, "r");
-+    fd = fopen(pubkeyfile, "re");
-     if (!fd) {
+-    fd = fopen(pubkeyfile, FOPEN_READTEXT);
+    fd = fopen(pubkeyfile, FOPEN_READTEXT_CLOEXEC);
+     if(!fd) {
         return _libssh2_error(session, LIBSSH2_ERROR_FILE,
                               "Unable to open public key file");
+Index: libssh2-1.9.0/src/libssh2_priv.h
+===================================================================
+--- libssh2-1.9.0.orig/src/libssh2_priv.h
+++ libssh2-1.9.0/src/libssh2_priv.h
+@@ -1138,6 +1138,8 @@ endings either CRLF or LF so 't' is appr
+ #define FOPEN_READTEXT "r"
+ #define FOPEN_WRITETEXT "w"
+ #define FOPEN_APPENDTEXT "a"
+#define FOPEN_READTEXT_CLOEXEC "re"
+#define FOPEN_WRITETEXT_CLOEXEC "we"
+ #endif
+ 
+ #endif /* LIBSSH2_H */
--- a/libssh2_org.changes
+++ b/libssh2_org.changes
@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Thu Jun 20 11:07:36 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Version update to 1.9.0:
+   Enhancements and bugfixes:
+    * adds ECDSA keys and host key support when using OpenSSL
+    * adds ED25519 key and host key support when using OpenSSL 1.1.1
+    * adds OpenSSH style key file reading
+    * adds AES CTR mode support when using WinCNG
+    * adds PEM passphrase protected file support for Libgcrypt and WinCNG
+    * adds SHA256 hostkey fingerprint
+    * adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
+    * adds explicit zeroing of sensitive data in memory
+    * adds additional bounds checks to network buffer reads
+    * adds the ability to use the server default permissions when creating sftp directories
+    * adds support for building with OpenSSL no engine flag
+    * adds support for building with LibreSSL
+    * increased sftp packet size to 256k
+    * fixed oversized packet handling in sftp
+    * fixed building with OpenSSL 1.1
+    * fixed a possible crash if sftp stat gets an unexpected response
+    * fixed incorrect parsing of the KEX preference string value
+    * fixed conditional RSA and AES-CTR support
+    * fixed a small memory leak during the key exchange process
+    * fixed a possible memory leak of the ssh banner string
+    * fixed various small memory leaks in the backends
+    * fixed possible out of bounds read when parsing public keys from the server
+    * fixed possible out of bounds read when parsing invalid PEM files
+    * no longer null terminates the scp remote exec command
+    * now handle errors when diffie hellman key pair generation fails
+    * improved building instructions
+    * improved unit tests
+- Rebased patch libssh2-ocloexec.patch
+
 -------------------------------------------------------------------
 Tue Apr  9 09:10:26 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

--- a/libssh2_org.spec
+++ b/libssh2_org.spec
@ -18,7 +18,7 @@

 %define pkg_name libssh2
 Name:           libssh2_org
-Version:        1.8.2
+Version:        1.9.0
 Release:        0
 Summary:        A library implementing the SSH2 protocol
 License:        BSD-3-Clause