Update to version 0.7.4

resolves: #1419007

.gitignore

@@ -22,3 +22,5 @@ libssh-0.4.4.tar.gz.asc
 /libssh-0.7.0.tar.xz
 /libssh-0.7.1.tar.xz
 /libssh-0.7.2.tar.xz
+/libssh-0.7.3.tar.xz
+/libssh-0.7.4.tar.xz

0001-Reintroduce-ssh_forward_listen-Fixes-194.patch

@@ -1,28 +0,0 @@
-From 3c8fe6e2c595ee019408249c364b3019b6c31a8a Mon Sep 17 00:00:00 2001
-From: Mike DePaulo <mikedep333@gmail.com>
-Date: Fri, 15 May 2015 22:22:13 -0400
-Subject: [PATCH] Reintroduce ssh_forward_listen() (Fixes: #194)
-
----
- src/channels.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/channels.c b/src/channels.c
-index 7a4e71f..db5f83a 100644
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -2206,6 +2206,11 @@ error:
- }
- 
- /* DEPRECATED */
-+int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port) {
-+  return ssh_channel_listen_forward(session, address, port, bound_port);
-+}
-+
-+/* DEPRECATED */
- ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
-   return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
- }
--- 
-2.1.4
-

libssh-0.7.2-fix_agent_bigendian.patch

@@ -1,105 +0,0 @@
-From 0425ac9ad0f8f1cefa12b448d31a400ced3e89b9 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 14 Oct 2015 20:45:49 +0200
-Subject: [PATCH] agent: Fix agent auth on big endian machines
-
-BUG: https://red.libssh.org/issues/204
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- ConfigureChecks.cmake |  1 +
- include/libssh/priv.h | 10 ++++++++++
- src/agent.c           | 17 +++++++++++++----
- 3 files changed, 24 insertions(+), 4 deletions(-)
-
-diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
-index c0326c2..3587b07 100644
---- a/ConfigureChecks.cmake
-+++ b/ConfigureChecks.cmake
-@@ -56,6 +56,7 @@ check_include_file(libutil.h HAVE_LIBUTIL_H)
- check_include_file(sys/time.h HAVE_SYS_TIME_H)
- check_include_file(sys/param.h HAVE_SYS_PARAM_H)
- check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
-+check_include_file(byteswap.h HAVE_BYTESWAP_H)
- 
- if (WIN32)
-   check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H)
-diff --git a/include/libssh/priv.h b/include/libssh/priv.h
-index 95a22c6..b7a80fe 100644
---- a/include/libssh/priv.h
-+++ b/include/libssh/priv.h
-@@ -43,6 +43,16 @@
- # endif
- #endif /* !defined(HAVE_STRTOULL) */
- 
-+#ifdef HAVE_BYTESWAP_H
-+#include <byteswap.h>
-+#endif
-+
-+#ifndef bswap_32
-+#define bswap_32(x) \
-+    ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >>  8) | \
-+     (((x) & 0x0000ff00) <<  8) | (((x) & 0x000000ff) << 24))
-+#endif
-+
- #ifdef _WIN32
- 
- /* Imitate define of inttypes.h */
-diff --git a/src/agent.c b/src/agent.c
-index 922d753..e520773 100644
---- a/src/agent.c
-+++ b/src/agent.c
-@@ -382,6 +382,9 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
-     ssh_buffer_free(reply);
-     return -1;
-   }
-+#ifdef WORDS_BIGENDIAN
-+  type = bswap_32(type);
-+#endif
- 
-   SSH_LOG(SSH_LOG_WARN,
-       "Answer type: %d, expected answer: %d",
-@@ -392,7 +395,7 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
-       return 0;
-   } else if (type != c2) {
-       ssh_set_error(session, SSH_FATAL,
--          "Bad authentication reply message type: %d", type);
-+          "Bad authentication reply message type: %u", type);
-       ssh_buffer_free(reply);
-       return -1;
-   }
-@@ -507,8 +510,8 @@ ssh_string ssh_agent_sign_data(ssh_session session,
-     ssh_buffer reply;
-     ssh_string key_blob;
-     ssh_string sig_blob;
--    int type = SSH2_AGENT_FAILURE;
--    int flags = 0;
-+    unsigned int type = 0;
-+    unsigned int flags = 0;
-     uint32_t dlen;
-     int rc;
- 
-@@ -572,13 +575,19 @@ ssh_string ssh_agent_sign_data(ssh_session session,
-         ssh_buffer_free(reply);
-         return NULL;
-     }
-+#ifdef WORDS_BIGENDIAN
-+    type = bswap_32(type);
-+#endif
- 
-     if (agent_failed(type)) {
-         SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key");
-         ssh_buffer_free(reply);
-         return NULL;
-     } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
--        ssh_set_error(session, SSH_FATAL, "Bad authentication response: %d", type);
-+        ssh_set_error(session,
-+                      SSH_FATAL,
-+                      "Bad authentication response: %u",
-+                      type);
-         ssh_buffer_free(reply);
-         return NULL;
-     }
--- 
-2.5.0
-

libssh.spec

@@ -1,21 +1,21 @@
 Name:           libssh
-Version:        0.7.2
-Release:        3%{?dist}
+Version:        0.7.4
+Release:        1%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
 Group:          System Environment/Libraries
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
-Source0:        https://red.libssh.org/attachments/download/177/libssh-0.7.2.tar.xz
-
-Patch0:         libssh-0.7.2-fix_agent_bigendian.patch
+Source0:        https://red.libssh.org/attachments/download/210/libssh-0.7.4.tar.xz
 
 BuildRequires:  cmake
 BuildRequires:  doxygen
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
+BuildRequires:  krb5-devel
+BuildRequires:  libcmocka-devel
 
 %description
 The ssh library was designed to be used by programmers needing a working SSH
@@ -39,12 +39,6 @@ applications that use %{name}.
 %prep
 %setup -q
 
-%patch0 -p1 -b .libssh-0.7.2-fix_agent_bigendian.patch
-
-# Remove examples, they are not packaged and do not build on EPEL 5
-sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
-rm -rf examples
-
 %build
 if test ! -e "obj"; then
   mkdir obj
@@ -52,6 +46,7 @@ fi
 pushd obj
 
 %cmake \
+    -DWITH_TESTING=ON \
     %{_builddir}/%{name}-%{version}
 make %{?_smp_mflags} VERBOSE=1
 make doc
@@ -63,6 +58,9 @@ pushd obj
 make DESTDIR=%{buildroot} install
 popd
 
+rm -f %{buildroot}%{_libdir}/libssh.a
+rm -f %{buildroot}%{_libdir}/libssh_threads.a
+
 %post -p /sbin/ldconfig
 
 %postun -p /sbin/ldconfig
@@ -70,6 +68,14 @@ popd
 %clean
 rm -rf %{buildroot}
 
+%check
+pushd obj
+make test || {
+    cat Testing/Temporary/LastTest.log;
+    exit 1;
+}
+popd
+
 %files
 %doc AUTHORS BSD ChangeLog COPYING README
 %{_libdir}/libssh.so.*
@@ -93,6 +99,22 @@ rm -rf %{buildroot}
 %{_libdir}/libssh_threads.so
 
 %changelog
+* Wed Feb 08 2017 Andreas Schneider <asn@redhat.com> - 0.7.4-1
+- Update to version 0.7.4
+  * Added id_ed25519 to the default identity list
+  * Fixed sftp EOF packet handling
+  * Fixed ssh_send_banner() to confirm with RFC 4253
+  * Fixed some memory leaks
+- resolves: #1419007
+
+* Wed Feb 24 2016 Andreas Schneider <asn@redhat.com> - 0.7.3-1
+- resolves: #1311259 - Fix CVE-2016-0739
+- resolves: #1311332 - Update to version 0.7.3
+  * Fixed CVE-2016-0739
+  * Fixed ssh-agent on big endian
+  * Fixed some documentation issues
+- Enabled GSSAPI support
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
 

sources

@@ -1 +1 @@
-5d7d468937649a6dfc6186edfff083db  libssh-0.7.2.tar.xz
+SHA512 (libssh-0.7.4.tar.xz) = 94b8183e5c83e339303c1a160c92ccff6159471ac7d189ab66cf6d606d2e803fd616519f079aef1577c947d3a14e315332b05ea08e44d0ab550edbcb768dbea7