Update to 0.7.7

Fixes CVE-2018-10933

.gitignore

@@ -25,32 +25,7 @@ libssh-0.4.4.tar.gz.asc
 /libssh-0.7.3.tar.xz
 /libssh-0.7.4.tar.xz
 /libssh-0.7.5.tar.xz
-/libssh-0.8.0.tar.xz
-/libssh-0.8.0.tar.xz.asc
-/libssh-0.8.1.tar.xz
-/libssh-0.8.1.tar.xz.asc
-/libssh-0.8.2.tar.xz
-/libssh-0.8.2.tar.xz.asc
-/libssh-0.8.3.tar.xz
-/libssh-0.8.3.tar.xz.asc
-/libssh-0.8.4.tar.xz
-/libssh-0.8.4.tar.xz.asc
-/libssh-0.8.5.tar.xz
-/libssh-0.8.5.tar.xz.asc
-/libssh-0.8.6.tar.xz
-/libssh-0.8.6.tar.xz.asc
-/libssh-0.8.7.tar.xz
-/libssh-0.8.7.tar.xz.asc
-/libssh-0.8.91.tar.xz
-/libssh_client.config
-/libssh_server.config
-/libssh-0.9.0.tar.xz
-/libssh-0.9.0.tar.xz.asc
-/libssh-0.9.2.tar.xz
-/libssh-0.9.2.tar.xz.asc
-/libssh-0.9.3.tar.xz
-/libssh-0.9.3.tar.xz.asc
-/libssh-0.9.4.tar.xz
-/libssh-0.9.4.tar.xz.asc
-/libssh-0.9.5.tar.xz
-/libssh-0.9.5.tar.xz.asc
+/libssh-0.7.6.tar.xz
+/libssh-0.7.6.tar.xz.asc
+/libssh-0.7.7.tar.xz
+/libssh-0.7.7.tar.xz.asc

gating.yml

@@ -1,14 +0,0 @@
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_testing
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_stable
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}

libssh.spec

@@ -1,41 +1,19 @@
 Name:           libssh
-Version:        0.9.5
+Version:        0.7.7
 Release:        1%{?dist}
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
 
-Source0:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
-Source1:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
-Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
-Source3:        libssh_client.config
-Source4:        libssh_server.config
+Source0:        https://www.libssh.org/files/0.7/%{name}-%{version}.tar.xz
 
 BuildRequires:  cmake
-BuildRequires:  gcc-c++
-BuildRequires:  gnupg2
+BuildRequires:  doxygen
 BuildRequires:  openssl-devel
 BuildRequires:  pkgconfig
 BuildRequires:  zlib-devel
 BuildRequires:  krb5-devel
 BuildRequires:  libcmocka-devel
-BuildRequires:  pam_wrapper
-BuildRequires:  socket_wrapper
-BuildRequires:  nss_wrapper
-BuildRequires:  uid_wrapper
-BuildRequires:  openssh-clients
-BuildRequires:  openssh-server
-BuildRequires:  nmap-ncat
-
-Requires:       %{name}-config = %{version}-%{release}
-
-Recommends:     crypto-policies
-
-%ifarch aarch64 ppc64 ppc64le s390x x86_64
-Provides: libssh_threads.so.4()(64bit)
-%else
-Provides: libssh_threads.so.4
-%endif
 
 %description
 The ssh library was designed to be used by programmers needing a working SSH
@@ -53,58 +31,40 @@ Requires:       %{name}%{?_isa} = %{version}-%{release}
 The %{name}-devel package contains libraries and header files for developing
 applications that use %{name}.
 
-%package config
-Summary:        Configuration files for %{name}
-BuildArch:      noarch
-Obsoletes:      %{name} < 0.9.0-3
-
-%description config
-The %{name}-config package provides the default configuration files for %{name}.
-
 %prep
-gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
 %autosetup -p1
 
 %build
-%cmake \
-    -DUNIT_TESTING=ON \
-    -DCLIENT_TESTING=ON \
-    -DSERVER_TESTING=ON \
-    -DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
-    -DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
+if test ! -e "obj"; then
+  mkdir obj
+fi
+pushd obj
 
-%cmake_build
+%cmake .. \
+    -DWITH_TESTING=ON
+
+make %{?_smp_mflags} VERBOSE=1
+make doc
+
+popd
 
 %install
-%cmake_install
-install -d -m755 %{buildroot}%{_sysconfdir}/libssh
-install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config
-install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
+make DESTDIR=%{buildroot} install/fast -C obj
 
-#
-# Workaround for the removal of libssh_threads.so
-#
-# This will allow libraries which link against libssh_threads.so or packages
-# requiring it to continue working.
-#
-pushd %{buildroot}%{_libdir}
-for i in libssh.so*;
-do
-    _target="${i}"
-    _link_name="${i%libssh*}libssh_threads${i##*libssh}"
-    if [ -L "${i}" ]; then
-        _target="$(readlink ${i})"
-    fi
-    ln -s "${_target}" "${_link_name}"
-done;
-popd
+## unpackaged files
+# static libs forced on using WITH_TESTING
+rm -fv %{buildroot}%{_libdir}/libssh.a
+rm -fv %{buildroot}%{_libdir}/libssh_threads.a
 
 %ldconfig_scriptlets
 
 %check
-# Tests are randomly failing when run in parallel
-%global _smp_build_ncpus 1
-%ctest
+pushd obj
+make test || {
+    cat Testing/Temporary/LastTest.log;
+    exit 1;
+}
+popd
 
 %files
 %doc AUTHORS BSD ChangeLog README
@@ -113,158 +73,26 @@ popd
 %{_libdir}/libssh_threads.so.4*
 
 %files devel
+%doc obj/doc/html
 %{_includedir}/libssh/
 # own this to avoid dep on cmake -- rex
 %dir  %{_libdir}/cmake/
 %{_libdir}/cmake/libssh/
 %{_libdir}/pkgconfig/libssh.pc
+%{_libdir}/pkgconfig/libssh_threads.pc
 %{_libdir}/libssh.so
 %{_libdir}/libssh_threads.so
 
-%files config
-%attr(0755,root,root) %dir %{_sysconfdir}/libssh
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_client.config
-%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
-
 %changelog
-* Thu Sep 10 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.5-1
-- Update to version 0.9.5
-  https://www.libssh.org/2020/09/10/libssh-0-9-5/
-- Removed patch to re-enable algorithms using sha1 in sshd for testing
-- The algorithms supported by sshd are now automatically detected for testing
-- Resolves: #1862457 - CVE-2020-16135
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-5
-- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jun 22 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-3
-- Do not return error when server properly closed the channel (#1849069)
-- Add a test for CVE-2019-14889
-- Do not parse configuration file in torture_knownhosts test
-
-* Wed Apr 15 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-2
-- Added patch to fix returned version
-
-* Thu Apr 09 2020 Anderson Sasaki <ansasaki@redhat.com> - 0.9.4-1
-- Update to version 0.9.4
-  https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
-- Removed inclusion of OpenSSH server configuration file from
-  libssh_server.config
-- Added patch to re-enable algorithms using sha1 in sshd for testing
-- resolves: #1822529 - CVE-2020-1730
-
-* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Tue Dec 10 2019 Andreas Schneider <asn@redhat.com> - 0.9.3-1
-- Update to version 0.9.3
-- resolves: #1781780 - Fixes CVE-2019-14889
-
-* Thu Nov 07 2019 Andreas Schneider <asn@redhat.com> - 0.9.2-1
-- Upate to version 0.9.2
-- resolves #1769370 - Remove the docs, they can be found on https://api.libssh.org/
-
-* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.0-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Thu Jul 11 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-5
-- Add Obsoletes in libssh-config to avoid conflict with old libssh which
-  installed the configuration files.
-
-* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-4
-- Eliminate circular dependency with libssh-config subpackage
-
-* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-3
-- Provide the configuration files in a separate libssh-config subpackage
-
-* Thu Jul 04 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-2
-- Do not ignore keys from known_hosts when SSH_OPTIONS_HOSTKEYS is set
-
-* Fri Jun 28 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-1
-- Fixed Release number to released format
-
-* Fri Jun 28 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-0.1
-- Update to version 0.9.0
-  https://www.libssh.org/2019/06/28/libssh-0-9-0/
-
-* Wed Jun 19 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.91-0.1
-- Update to 0.9.0 pre release version (0.8.91)
-- Added default configuration files for client and server
-- Follow system-wide crypto configuration (crypto-policies)
-- Added Recommends for crypto-policies
-- Use OpenSSL implementation for KDF, DH, and signatures.
-- Detect FIPS mode and use only allowed algorithms
-- Run client and server tests during build
-
-* Mon Feb 25 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.7-1
-- Update to version 0.8.7
-  https://www.libssh.org/2019/02/25/libssh-0-8-7/
-
-* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.8.6-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Tue Jan 15 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.6-2
-- Fix rsa-sha2 extension handling (#1666342)
-
-* Thu Jan 03 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.6-1
-- Update to version 0.8.6
-  https://www.libssh.org/2018/12/24/libssh-0-8-6-xmas-edition/
-
-* Mon Oct 29 2018 Andreas Schneider <asn@redhat.com> - 0.8.5-1
-- Update to version 0.8.5
+* Mon Oct 29 2018 Andreas Schneider <asn@redhat.com> - 0.7.7-1
+- Update to version 0.7.7
   https://www.libssh.org/2018/10/29/libssh-0-8-5-and-libssh-0-7-7/
 
-* Tue Oct 16 2018 Andreas Schneider <asn@redhat.com> - 0.8.4-1
-- Update to version 0.8.4
-  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release
+* Tue Oct 16 2018 Andreas Schneider <asn@redhat.com> - 0.7.6-1
+- Update to version 0.7.6
+  https://www.libssh.org/2018/10/16/libssh-0-8-4-and-0-7-6-security-and-bugfix-release                                                                                  
 - Fixes CVE-2018-10933
 
-* Mon Oct 01 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-3
-- Fixed errors found by static code analysis
-
-* Tue Sep 25 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-2
-- Add missing libssh_threads.so link to libssh-devel package
-
-* Fri Sep 21 2018 Andreas Schneider <asn@redhat.com> - 0.8.3-1
-- Update to version 0.8.3
-  https://www.libssh.org/2018/09/21/libssh-0-8-3/
-
-* Thu Aug 30 2018 Andreas Schneider <asn@redhat.com> - 0.8.2-1
-- Update to version 0.8.2
-  https://www.libssh.org/2018/08/30/libssh-0-8-2
-
-* Thu Aug 16 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-4
-- Fix link creation or RPM doesn't install it
-
-* Wed Aug 15 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-3
-- Add missing so version for libssh_threads.so.4
-
-* Tue Aug 14 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-2
-- Add Provides for libssh_threads.so to unbreak applications
-
-* Mon Aug 13 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-1
-- Update to version 0.8.1
-  https://www.libssh.org/2018/08/13/libssh-0-8-1
-- resolves: #1615248 - pkg-config --modversion
-- resolves: #1615132 - library initialization
-
-* Fri Aug 10 2018 Andreas Schneider <asn@redhat.com> - 0.8.0-1
-- Update to version 0.8.0
-  https://www.libssh.org/2018/08/10/libssh-0-8-0/
-
-* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Wed Mar 07 2018 Rex Dieter <rdieter@fedoraproject.org> - 0.7.5-8
-- BR: gcc-c++, use %%make_build
-
-* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-7
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
-
 * Thu Feb 01 2018 Andreas Schneider <asn@redhat.com> - 0.7.5-6
 - resolves: #1540021 - Build against OpenSSL 1.1
 

libssh_client.config

@@ -1,4 +0,0 @@
-# Parse system-wide crypto configuration file
-Include /etc/crypto-policies/back-ends/libssh.config
-# Parse OpenSSH configuration file for consistency
-Include /etc/ssh/ssh_config

libssh_server.config

@@ -1,2 +0,0 @@
-# Parse system-wide crypto configuration file
-Include /etc/crypto-policies/back-ends/libssh.config

sources

@@ -1,2 +1,2 @@
-SHA512 (libssh-0.9.5.tar.xz) = 64e692a0bfa7f73585ea7b7b8b1d4c9a7f9be59565bfd4de32ca8cd9db121f87e7ad51f5c80269fbd99545af34dcf1894374ed8a6d6c1ac5f8601c026572ac18
-SHA512 (libssh-0.9.5.tar.xz.asc) = f0b76cdccf26144b9cc9ad3f7e1605b50473fc5c686d0d9a2419b13382440776c09428d717253a918f7347b90e4a562fd88d8ea85a6e54f06b149826295b4f8e
+SHA512 (libssh-0.7.7.tar.xz) = 4037a2c8c048aedd5b58a18596962622bb402587172074b723c493604b1707acd275d5d64e1a92ac3d7caa86ea16afe4baed96557b37dec528d0d8acfda654e0
+SHA512 (libssh-0.7.7.tar.xz.asc) = 90f3bd200b983f32ae6f2c9ab0629d7cac89093e6be704fac7cd2a6644d7d8cb11a735fc0caa32968200cefef6c16274fda282dd87134064490ab6f9ee658cfb

tests/tests.yml

@@ -1,10 +0,0 @@
----
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    repositories:
-    - repo: "https://gitlab.com/redhat-crypto/tests/libssh.git"
-      dest: "libssh"
-      fmf_filter: "tier: 0,1,2,3"