From 63aba439d4adf2be12273099db04fd05a21cac84 Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki Date: Wed, 19 Jun 2019 14:02:00 +0200 Subject: [PATCH] Update to upstream 0.9.0 pre release (0.8.91) - Added default configuration files for client and server - Follow system-wide crypto configuration (crypto-policies) - Added Recommends for crypto-policies - Use OpenSSL implementation for KDF, DH, and signatures. - Detect FIPS mode and use only allowed algorithms - Run client and server tests during build --- .gitignore | 3 +++ libssh.spec | 41 ++++++++++++++++++++++++++++++++++------- libssh_client.config | 4 ++++ libssh_server.config | 4 ++++ sources | 5 +++-- 5 files changed, 48 insertions(+), 9 deletions(-) create mode 100644 libssh_client.config create mode 100644 libssh_server.config diff --git a/.gitignore b/.gitignore index 0279377..972f78e 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,6 @@ libssh-0.4.4.tar.gz.asc /libssh-0.8.6.tar.xz.asc /libssh-0.8.7.tar.xz /libssh-0.8.7.tar.xz.asc +/libssh-0.8.91.tar.xz +/libssh_client.config +/libssh_server.config diff --git a/libssh.spec b/libssh.spec index 9b1c731..d387988 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,13 +1,13 @@ Name: libssh -Version: 0.8.7 -Release: 1%{?dist} +Version: 0.8.91 +Release: 0.1%{?dist} Summary: A library implementing the SSH protocol License: LGPLv2+ URL: http://www.libssh.org -Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz -Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc -Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring +Source0: https://www.libssh.org/files/rc/libssh-0.8.91.tar.xz +Source3: libssh_client.config +Source4: libssh_server.config BuildRequires: cmake BuildRequires: doxygen @@ -18,6 +18,15 @@ BuildRequires: pkgconfig BuildRequires: zlib-devel BuildRequires: krb5-devel BuildRequires: libcmocka-devel +BuildRequires: pam_wrapper +BuildRequires: socket_wrapper +BuildRequires: nss_wrapper +BuildRequires: uid_wrapper +BuildRequires: openssh-clients +BuildRequires: openssh-server +BuildRequires: nmap-ncat + +Recommends: crypto-policies %ifarch aarch64 ppc64 ppc64le s390x x86_64 Provides: libssh_threads.so.4()(64bit) @@ -42,7 +51,6 @@ The %{name}-devel package contains libraries and header files for developing applications that use %{name}. %prep -gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} %autosetup -p1 %build @@ -52,7 +60,11 @@ fi pushd obj %cmake .. \ - -DUNIT_TESTING=ON + -DUNIT_TESTING=ON \ + -DCLIENT_TESTING=ON \ + -DSERVER_TESTING=ON \ + -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \ + -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config" %make_build VERBOSE=1 make docs @@ -61,6 +73,9 @@ popd %install make DESTDIR=%{buildroot} install/fast -C obj +mkdir -p -m755 %{buildroot}%{_sysconfdir}/libssh +install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config +install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config # # Workaround for the removal of libssh_threads.so @@ -92,6 +107,9 @@ popd %license COPYING %{_libdir}/libssh.so.4* %{_libdir}/libssh_threads.so.4* +%attr(0755,root,root) %dir %{_sysconfdir}/libssh +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_client.config +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config %files devel %doc obj/doc/html @@ -104,6 +122,15 @@ popd %{_libdir}/libssh_threads.so %changelog +* Wed Jun 19 2019 Anderson Sasaki - 0.8.91-0.1 +- Update to 0.9.0 pre release version (0.8.91) +- Added default configuration files for client and server +- Follow system-wide crypto configuration (crypto-policies) +- Added Recommends for crypto-policies +- Use OpenSSL implementation for KDF, DH, and signatures. +- Detect FIPS mode and use only allowed algorithms +- Run client and server tests during build + * Mon Feb 25 2019 Anderson Sasaki - 0.8.7-1 - Update to version 0.8.7 https://www.libssh.org/2019/02/25/libssh-0-8-7/ diff --git a/libssh_client.config b/libssh_client.config new file mode 100644 index 0000000..1d293bd --- /dev/null +++ b/libssh_client.config @@ -0,0 +1,4 @@ +# Parse system-wide crypto configuration file +Include /etc/crypto-policies/back-ends/libssh.config +# Parse OpenSSH configuration file for consistency +Include /etc/ssh/ssh_config diff --git a/libssh_server.config b/libssh_server.config new file mode 100644 index 0000000..279b5a3 --- /dev/null +++ b/libssh_server.config @@ -0,0 +1,4 @@ +# Parse system-wide crypto configuration file +Include /etc/crypto-policies/back-ends/libssh.config +# Parse OpenSSH configuration file for consistency +Include /etc/ssh/sshd_config diff --git a/sources b/sources index d4d1540..9897ae7 100644 --- a/sources +++ b/sources @@ -1,2 +1,3 @@ -SHA512 (libssh-0.8.7.tar.xz) = 13c3dccad81d521edf29c8a5e2c5f7fdd90507a0eda652b2b040a0a17bab88860873e089a46e181907ea3f449ca1847b1c84453b1960f456e391eefe5be983c5 -SHA512 (libssh-0.8.7.tar.xz.asc) = c7c33fba67216d429269d8fe0353eb85e0e4bc6848d006cb349720ecf7bf1699da495098b0d5441aaef057fe0fda0c5cb0cf95d3834f5ef7e57de90919793b3f +SHA512 (libssh-0.8.91.tar.xz) = 1c3dd621208bce94ccec19e3530235617e58b02fabf7465fd6bae6db64e911b159b516ab1ce3b66397a7f44c8a271a8357348ee19f01ae981c9e1ab33e6f600e +SHA512 (libssh_client.config) = b04fbfda339c4e53df8dd12cc89d4b92bdc94dd79af5799af2e675216fcd071f99bb12e5aed4b5e9848d93faf0e8407019def189eabbeef31a3c20ec799a6868 +SHA512 (libssh_server.config) = 30cd80669701ff4a7960a193fb141f850cea74c3bdadaec0f63633ff151d8b05430451307237cb88d2eb20000737091a191b06ea62754a2664a8717a11f9a420