Update to 1.9.0
- New upstream release 1.9.0 - Adds ECDSA keys and host key support when using OpenSSL - Adds ED25519 key and host key support when using OpenSSL 1.1.1 - Adds OpenSSH style key file reading - Adds AES CTR mode support when using WinCNG - Adds PEM passphrase protected file support for libgcrypt and WinCNG - Adds SHA256 hostkey fingerprint - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() - Adds explicit zeroing of sensitive data in memory - Adds additional bounds checks to network buffer reads - Adds the ability to use the server default permissions when creating sftp directories - Adds support for building with OpenSSL no engine flag - Adds support for building with LibreSSL - Increased sftp packet size to 256k - Fixed oversized packet handling in sftp - Fixed building with OpenSSL 1.1 - Fixed a possible crash if sftp stat gets an unexpected response - Fixed incorrect parsing of the KEX preference string value - Fixed conditional RSA and AES-CTR support - Fixed a small memory leak during the key exchange process - Fixed a possible memory leak of the ssh banner string - Fixed various small memory leaks in the backends - Fixed possible out of bounds read when parsing public keys from the server - Fixed possible out of bounds read when parsing invalid PEM files - No longer null terminates the scp remote exec command - Now handle errors when Diffie Hellman key pair generation fails - Fixed compiling on Windows with the flag STDCALL=ON - Improved building instructions - Improved unit tests - Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed - Modernize spec somewhat as EL-6 can no longer be supported
This commit is contained in:
parent
69ee8f7637
commit
8f106e1af2
|
@ -1,45 +0,0 @@
|
|||
From 819ef4f2037490b6aa2e870aea851b6364184090 Mon Sep 17 00:00:00 2001
|
||||
From: Kamil Dudka <kdudka@redhat.com>
|
||||
Date: Mon, 11 Sep 2017 21:13:45 +0200
|
||||
Subject: [PATCH] scp: do not NUL-terminate the command for remote exec (#208)
|
||||
|
||||
It breaks SCP download/upload from/to certain server implementations.
|
||||
|
||||
The bug does not manifest with OpenSSH, which silently drops the NUL
|
||||
byte (eventually with any garbage that follows the NUL byte) before
|
||||
executing it.
|
||||
|
||||
Bug: https://bugzilla.redhat.com/1489736
|
||||
---
|
||||
src/scp.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/src/scp.c b/src/scp.c
|
||||
index 22778dd..d1665a6 100644
|
||||
--- a/src/scp.c
|
||||
+++ b/src/scp.c
|
||||
@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
|
||||
&session->scpRecv_command[cmd_len],
|
||||
session->scpRecv_command_len - cmd_len);
|
||||
|
||||
- session->scpRecv_command[cmd_len] = '\0';
|
||||
- session->scpRecv_command_len = cmd_len + 1;
|
||||
+ /* the command to exec should _not_ be NUL-terminated */
|
||||
+ session->scpRecv_command_len = cmd_len;
|
||||
|
||||
_libssh2_debug(session, LIBSSH2_TRACE_SCP,
|
||||
"Opening channel for SCP receive");
|
||||
@@ -845,8 +845,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode,
|
||||
&session->scpSend_command[cmd_len],
|
||||
session->scpSend_command_len - cmd_len);
|
||||
|
||||
- session->scpSend_command[cmd_len] = '\0';
|
||||
- session->scpSend_command_len = cmd_len + 1;
|
||||
+ /* the command to exec should _not_ be NUL-terminated */
|
||||
+ session->scpSend_command_len = cmd_len;
|
||||
|
||||
_libssh2_debug(session, LIBSSH2_TRACE_SCP,
|
||||
"Opening channel for SCP send");
|
||||
--
|
||||
2.9.5
|
||||
|
61
libssh2.spec
61
libssh2.spec
|
@ -1,17 +1,16 @@
|
|||
Name: libssh2
|
||||
Version: 1.8.2
|
||||
Version: 1.9.0
|
||||
Release: 1%{?dist}
|
||||
Summary: A library implementing the SSH2 protocol
|
||||
License: BSD
|
||||
URL: http://www.libssh2.org/
|
||||
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
|
||||
Patch1: 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
|
||||
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: findutils
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: openssl-devel
|
||||
BuildRequires: openssl-devel > 1:1.0.1
|
||||
BuildRequires: sed
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: /usr/bin/man
|
||||
|
@ -22,13 +21,6 @@ BuildRequires: openssh-server
|
|||
%if 0%{?fedora} > 23 || 0%{?rhel} > 7
|
||||
BuildRequires: glibc-langpack-en
|
||||
%endif
|
||||
# We use matchpathcon to get the correct SELinux context for the ssh server
|
||||
# initialization script so that it can transition correctly in an SELinux
|
||||
# environment
|
||||
%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
|
||||
BuildRequires: libselinux-utils
|
||||
BuildRequires: selinux-policy-targeted
|
||||
%endif
|
||||
|
||||
%description
|
||||
libssh2 is a library implementing the SSH2 protocol as defined by
|
||||
|
@ -57,28 +49,16 @@ developing applications that use libssh2.
|
|||
%prep
|
||||
%setup -q
|
||||
|
||||
# scp: do not NUL-terminate the command for remote exec
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1489736
|
||||
# https://github.com/libssh2/libssh2/pull/208
|
||||
%patch1 -p1
|
||||
|
||||
# Replace hard wired port number in the test suite to avoid collisions
|
||||
# between 32-bit and 64-bit builds running on a single build-host
|
||||
sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
|
||||
|
||||
# Make sshd transition appropriately if building in an SELinux environment
|
||||
%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
|
||||
chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
|
||||
chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
|
||||
chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || :
|
||||
%endif
|
||||
|
||||
%build
|
||||
%configure --disable-silent-rules --disable-static --enable-shared
|
||||
make %{?_smp_mflags}
|
||||
%{make_build}
|
||||
|
||||
%install
|
||||
make install DESTDIR=%{buildroot} INSTALL="install -p"
|
||||
%{make_install} INSTALL="install -p"
|
||||
find %{buildroot} -name '*.la' -delete
|
||||
|
||||
# clean things up a bit for packaging
|
||||
|
@ -131,6 +111,39 @@ LC_ALL=en_US.UTF-8 make -C tests check
|
|||
%{_libdir}/pkgconfig/libssh2.pc
|
||||
|
||||
%changelog
|
||||
* Thu Jun 20 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-1
|
||||
- Update to 1.9.0
|
||||
- Adds ECDSA keys and host key support when using OpenSSL
|
||||
- Adds ED25519 key and host key support when using OpenSSL 1.1.1
|
||||
- Adds OpenSSH style key file reading
|
||||
- Adds AES CTR mode support when using WinCNG
|
||||
- Adds PEM passphrase protected file support for libgcrypt and WinCNG
|
||||
- Adds SHA256 hostkey fingerprint
|
||||
- Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
|
||||
- Adds explicit zeroing of sensitive data in memory
|
||||
- Adds additional bounds checks to network buffer reads
|
||||
- Adds the ability to use the server default permissions when creating sftp directories
|
||||
- Adds support for building with OpenSSL no engine flag
|
||||
- Adds support for building with LibreSSL
|
||||
- Increased sftp packet size to 256k
|
||||
- Fixed oversized packet handling in sftp
|
||||
- Fixed building with OpenSSL 1.1
|
||||
- Fixed a possible crash if sftp stat gets an unexpected response
|
||||
- Fixed incorrect parsing of the KEX preference string value
|
||||
- Fixed conditional RSA and AES-CTR support
|
||||
- Fixed a small memory leak during the key exchange process
|
||||
- Fixed a possible memory leak of the ssh banner string
|
||||
- Fixed various small memory leaks in the backends
|
||||
- Fixed possible out of bounds read when parsing public keys from the server
|
||||
- Fixed possible out of bounds read when parsing invalid PEM files
|
||||
- No longer null terminates the scp remote exec command
|
||||
- Now handle errors when Diffie Hellman key pair generation fails
|
||||
- Fixed compiling on Windows with the flag STDCALL=ON
|
||||
- Improved building instructions
|
||||
- Improved unit tests
|
||||
- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed
|
||||
- Modernize spec somewhat as EL-6 can no longer be supported
|
||||
|
||||
* Tue Mar 26 2019 Paul Howarth <paul@city-fan.org> - 1.8.2-1
|
||||
- Update to 1.8.2
|
||||
- Fixed the misapplied userauth patch that broke 1.8.1
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
SHA512 (libssh2-1.8.2.tar.gz) = 390ab4ad93bb738415ec11a6eb92806c9b9e9e5d8ee7c442d841a58b4292c1c447a9bc99e153ba464e2e11f9c0d1913469303598c3046722d1ae821991e8cb93
|
||||
SHA512 (libssh2-1.9.0.tar.gz) = 41a3ebcf84e32eab69b7411ffb0a3b6e6db71491c968602b17392cfe3490ef00239726ec28acb3d25bf0ed62700db7f4d0bb5a9175618f413865f40badca6e17
|
||||
|
|
Loading…
Reference in New Issue