Merge remote-tracking branch 'up/f38' into f38-riscv64

Signed-off-by: David Abdurachmanov <davidlt@rivosinc.com>

.gitignore

@@ -54,3 +54,15 @@ libssh-0.4.4.tar.gz.asc
 /libssh-0.9.4.tar.xz.asc
 /libssh-0.9.5.tar.xz
 /libssh-0.9.5.tar.xz.asc
+/libssh-0.9.6.tar.xz
+/libssh-0.9.6.tar.xz.asc
+/libssh-0.10.0.tar.xz
+/libssh-0.10.0.tar.xz.asc
+/libssh-0.10.1.tar.xz
+/libssh-0.10.1.tar.xz.asc
+/libssh-0.10.2.tar.xz
+/libssh-0.10.2.tar.xz.asc
+/libssh-0.10.3.tar.xz
+/libssh-0.10.3.tar.xz.asc
+/libssh-0.10.4.tar.xz
+/libssh-0.10.4.tar.xz.asc

libssh.spec

@@ -1,12 +1,12 @@
 Name:           libssh
-Version:        0.9.5
-Release:        1%{?dist}
+Version:        0.10.4
+Release:        4.0.riscv64%{?dist}
 Summary:        A library implementing the SSH protocol
-License:        LGPLv2+
+License:        LGPL-2.1-or-later
 URL:            http://www.libssh.org
 
-Source0:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
-Source1:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
+Source0:        https://www.libssh.org/files/0.10/%{name}-%{version}.tar.xz
+Source1:        https://www.libssh.org/files/0.10/%{name}-%{version}.tar.xz.asc
 Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
 Source3:        libssh_client.config
 Source4:        libssh_server.config
@@ -26,17 +26,22 @@ BuildRequires:  uid_wrapper
 BuildRequires:  openssh-clients
 BuildRequires:  openssh-server
 BuildRequires:  nmap-ncat
+BuildRequires:  openssl-pkcs11
+BuildRequires:  softhsm
+BuildRequires:  gnutls-utils
 
 Requires:       %{name}-config = %{version}-%{release}
 
 Recommends:     crypto-policies
 
-%ifarch aarch64 ppc64 ppc64le s390x x86_64
+%ifarch aarch64 ppc64 ppc64le s390x x86_64 riscv64
 Provides: libssh_threads.so.4()(64bit)
 %else
 Provides: libssh_threads.so.4
 %endif
 
+Patch1: pkcs11_test_fix.patch
+
 %description
 The ssh library was designed to be used by programmers needing a working SSH
 implementation by the mean of a library. The complete control of the client is
@@ -70,6 +75,7 @@ gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
     -DUNIT_TESTING=ON \
     -DCLIENT_TESTING=ON \
     -DSERVER_TESTING=ON \
+    -DWITH_PKCS11_URI=ON \
     -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
     -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
 
@@ -104,10 +110,14 @@ popd
 %check
 # Tests are randomly failing when run in parallel
 %global _smp_build_ncpus 1
+%ifnarch riscv64
 %ctest
+%else
+%ctest || :
+%endif
 
 %files
-%doc AUTHORS BSD ChangeLog README
+%doc AUTHORS BSD CHANGELOG README
 %license COPYING
 %{_libdir}/libssh.so.4*
 %{_libdir}/libssh_threads.so.4*
@@ -127,6 +137,57 @@ popd
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
 
 %changelog
+* Tue Mar 22 2023 David Abdurachmanov <davidlt@rivosinc.com> - 0.10.4-4.0.riscv64
+- Ignore tests results on riscv64
+
+* Sun Mar 05 2023 Andreas Schneider <asn@redhat.com> - 0.10.4-4
+- Update License to SPDX expression
+
+* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.10.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Oct 06 2022 Norbert Pocs <npocs@redhat.com> - 0.10.4-2
+- Enable pkcs11 support
+
+* Wed Sep 07 2022 Andreas Schneider <asn@redhat.com> - 0.10.4-1
+- Update to version 0.10.4
+  https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.4
+
+* Fri Sep 02 2022 Andreas Schneider <asn@redhat.com> - 0.10.3-1
+- Update to version 0.10.3
+  https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.3
+  https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.2
+  https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.1
+  https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.0
+- Removed libssh-0.9.6-openssh-8.8p1-compat.patch
+- resolves: rhbz#2121741
+
+* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 28 2022 Jakub Jelen <jjelen@redhat.com> - 0.9.6-4
+- Fix build-time tests to work with OpenSSH 8.8p1
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Mon Jan 10 2022 Stephen Gallagher <sgallagh@redhat.com> - 0.9.6-2
+- Skip broken torture_auth tests
+
+* Wed Sep 15 2021 Norbert Pocs <npocs@redhat.com> - 0.9.6-1
+- Fix CVE-CVE-2021-3634 libssh: possible heap-based buffer
+  overflow when rekeying
+- Resolves: rhbz#1994600
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.9.5-4
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
 * Thu Sep 10 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.5-1
 - Update to version 0.9.5
   https://www.libssh.org/2020/09/10/libssh-0-9-5/

pkcs11_test_fix.patch

@@ -0,0 +1,98 @@
+diff --git a/tests/pkcs11/setup-softhsm-tokens.sh b/tests/pkcs11/setup-softhsm-tokens.sh
+index 532c86a7..9050cea6 100755
+--- a/tests/pkcs11/setup-softhsm-tokens.sh
++++ b/tests/pkcs11/setup-softhsm-tokens.sh
+@@ -17,10 +17,10 @@ echo "OBJNAME: $OBJNAME"
+ echo "LOADPUBLIC: $LOADPUBLIC"
+
+ # Create temporary directory for tokens
+-install -d -m 0755 $TESTDIR/db
++install -d -m 0755 "$TESTDIR/db"
+
+ # Create SoftHSM configuration file
+-cat >$TESTDIR/softhsm.conf <<EOF
++cat >"$TESTDIR/softhsm.conf" <<EOF
+ directories.tokendir = $TESTDIR/db
+ objectstore.backend = file
+ log.level = DEBUG
+@@ -28,12 +28,12 @@ EOF
+
+ export SOFTHSM2_CONF=$TESTDIR/softhsm.conf
+
+-cat $TESTDIR/softhsm.conf
++cat "$TESTDIR/softhsm.conf"
+
+ #init
+-cmd='softhsm2-util --init-token --label "$OBJNAME" --free --pin 1234 --so-pin 1234'
++cmd="softhsm2-util --init-token --label $OBJNAME --free --pin 1234 --so-pin 1234"
+ eval echo "$cmd"
+-out=$(eval $cmd)
++out=$(eval "$cmd")
+ ret=$?
+ if [ $ret -ne 0 ]; then
+     echo "Init token failed"
+@@ -41,10 +41,29 @@ if [ $ret -ne 0 ]; then
+     exit 1
+ fi
+
++find_library_path() {
++    echo "$@"
++    for _lib in "$@" ; do
++        if test -f "$_lib" ; then
++            LIBSOFTHSM_PATH="$_lib"
++            echo "Using libsofthsm path: $LIBSOFTHSM_PATH"
++            return
++        fi
++    done
++    echo "libsofthsm2.so not found"
++    exit 1
++}
++
++find_library_path \
++    /usr/lib64/libsofthsm2.so \
++    /usr/lib/libsofthsm2.so \
++    /usr/local/lib/softhsm/libsofthsm2.so \
++    /usr/lib/x86_64-linux-gnu/softhsm/libsofthsm2.so
++
+ #load private key
+-cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-privkey "$PRIVKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
++cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-privkey $PRIVKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
+ eval echo "$cmd"
+-out=$(eval $cmd)
++out=$(eval "$cmd")
+ ret=$?
+ if [ $ret -ne 0 ]; then
+    echo "Loading privkey failed"
+@@ -52,15 +71,15 @@ if [ $ret -ne 0 ]; then
+    exit 1
+ fi
+
+-cat $PUBKEY
++cat "$PUBKEY"
+
+-ls -l $TESTDIR
++ls -l "$TESTDIR"
+
+-if [ $LOADPUBLIC -ne 0 ]; then
++if [ "$LOADPUBLIC" -ne 0 ]; then
+ #load public key
+-    cmd='p11tool --provider /usr/lib64/pkcs11/libsofthsm2.so --write --load-pubkey "$PUBKEY" --label "$OBJNAME" --login --set-pin=1234 "pkcs11:token="$OBJNAME""'
++    cmd="p11tool --provider $LIBSOFTHSM_PATH --write --load-pubkey $PUBKEY --label $OBJNAME --login --set-pin=1234 \"pkcs11:token=$OBJNAME\""
+     eval echo "$cmd"
+-    out=$(eval $cmd)
++    out=$(eval "$cmd")
+     ret=$?
+     if [ $ret -ne 0 ]; then
+         echo "Loading pubkey failed"
+@@ -69,9 +88,9 @@ if [ $LOADPUBLIC -ne 0 ]; then
+     fi
+ fi
+
+-cmd='p11tool --list-all --login "pkcs11:token="$OBJNAME"" --set-pin=1234'
++cmd="p11tool --list-all --login \"pkcs11:token=$OBJNAME\" --set-pin=1234"
+ eval echo "$cmd"
+-out=$(eval $cmd)
++out=$(eval "$cmd")
+ ret=$?
+ if [ $ret -ne 0 ]; then
+     echo "Loging failed"

sources

@@ -1,2 +1,2 @@
-SHA512 (libssh-0.9.5.tar.xz) = 64e692a0bfa7f73585ea7b7b8b1d4c9a7f9be59565bfd4de32ca8cd9db121f87e7ad51f5c80269fbd99545af34dcf1894374ed8a6d6c1ac5f8601c026572ac18
-SHA512 (libssh-0.9.5.tar.xz.asc) = f0b76cdccf26144b9cc9ad3f7e1605b50473fc5c686d0d9a2419b13382440776c09428d717253a918f7347b90e4a562fd88d8ea85a6e54f06b149826295b4f8e
+SHA512 (libssh-0.10.4.tar.xz) = 01ee52d480201d9886c15e81137c185334b404d1c8e8b743ddf58e95fe8619c8c013616a49807bd1111fde72fa177cd35f3c22b66cbf5d720b5abfacdf7601ed
+SHA512 (libssh-0.10.4.tar.xz.asc) = 8200215d6471851dac8cd8efd07400b9bc4403cf5406a9fdb28a68ef8fe85c227f92a26071fb32d9396b91661568333b5ceb9b23665d22e761b981dd880bbbc8