Compare commits

..

91 Commits
f13 ... rawhide

Author SHA1 Message Date
Paul Howarth
96fdcab143 Use SPDX-format license tag 2023-01-20 09:26:55 +00:00
Fedora Release Engineering
66974e7345 Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-01-19 17:32:36 +00:00
Todd Zullinger
75902ed4b9 Verify upstream release signatures
Update git ignore rules to add the signature, as well as the expanded
source directory.
2022-10-28 21:11:31 -04:00
Fedora Release Engineering
c48c35531d Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-07-21 19:06:47 +00:00
Paul Howarth
47f7114f7d Fix FTBFS with OpenSSH 8.8
In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
so we need to re-enable them as a workaround for the test
suite until upstream updates the tests.
See: https://github.com/libssh2/libssh2/issues/630

Drop other test workarounds, none of them being needed any longer.
2022-01-23 15:52:55 +00:00
Fedora Release Engineering
ff63c9bf5b - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2022-01-20 17:20:46 +00:00
Sahana Prasad
ab29cf25d9 Rebuilt with OpenSSL 3.0.0 2021-09-14 19:06:48 +02:00
Paul Howarth
9784ae6dca Update to 1.10.0
- New upstream release 1.10.0
  - Adds agent forwarding support
  - Adds OpenSSH Agent support on Windows
  - Adds ECDSA key support using the Mbed TLS backend
  - Adds ECDSA cert authentication
  - Adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
    diffie-hellman-group18-sha512 key exchanges
  - Adds support for PKIX key reading when using ed25519 with OpenSSL
  - Adds support for EWOULDBLOCK on VMS systems
  - Adds support for building with OpenSSL 3
  - Adds support for using FIPS mode in OpenSSL
  - Adds debug symbols when building with MSVC
  - Adds support for building on the 3DS
  - Adds unicode build support on Windows
  - Restores os400 building
  - Increases min, max and opt Diffie Hellman group values
  - Improves portability of the make file
  - Improves timeout behaviour with 2FA keyboard auth
  - Various improvements to the Wincng backend
  - Fixes reading partial packet replies when using an agent
  - Fixes Diffie Hellman key exchange on Windows 1903+ builds
  - Fixes building tests with older versions of OpenSSL
  - Fixes possible multiple definition warnings
  - Fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
  - Fixes potential use after free if libssh2_init() is called twice
  - Improved linking when using Mbed TLS
  - Fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
  - Fixes crash when loading public keys with no id
  - Fixes possible out of bounds read when exchanging keys
  - Fixes possible out of bounds read when reading packets
  - Fixes possible out of bounds read when opening an X11 connection
  - Fixes possible out of bounds read when ecdh host keys
  - Fixes possible hang when trying to read a disconnected socket
  - Fixes a crash when using the delayed compression option
  - Fixes read error with large known host entries
  - Fixes various warnings
  - Fixes various small memory leaks
  - Improved error handling, various detailed errors will now be reported
  - Builds are now using OSS-Fuzz
  - Builds now use autoreconf instead of a custom build script
  - cmake now respects install directory
  - Improved CI backend
  - Updated HACKING-CRYPTO documentation
  - Use markdown file extensions
  - Improved unit tests
2021-08-30 17:28:58 +01:00
Fedora Release Engineering
258ac8bba4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-07-22 12:28:13 +00:00
Fedora Release Engineering
e0deb7c637 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2021-01-26 18:05:27 +00:00
Fedora Release Engineering
f7ade1940e - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-07-28 05:40:03 +00:00
Paul Howarth
9974fca06a Full groff (not just groff-base) needed for the mansyntax check 2020-03-27 10:44:30 +00:00
Paul Howarth
f336757a89 Switch to https:// upstream URLs 2020-03-27 09:46:51 +00:00
Fedora Release Engineering
4d276899a1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 10:28:12 +00:00
Kamil Dudka
41525baf3f Resolves: CVE-2019-17498 - fix integer overflow in SSH_MSG_DISCONNECT logic 2019-10-30 18:23:36 +01:00
Fedora Release Engineering
3d9150262d - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 14:27:39 +00:00
Paul Howarth
6957951772 Add changelog reference to CVE-2019-13115 2019-07-19 09:44:33 +01:00
Paul Howarth
8f106e1af2 Update to 1.9.0
- New upstream release 1.9.0
  - Adds ECDSA keys and host key support when using OpenSSL
  - Adds ED25519 key and host key support when using OpenSSL 1.1.1
  - Adds OpenSSH style key file reading
  - Adds AES CTR mode support when using WinCNG
  - Adds PEM passphrase protected file support for libgcrypt and WinCNG
  - Adds SHA256 hostkey fingerprint
  - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
  - Adds explicit zeroing of sensitive data in memory
  - Adds additional bounds checks to network buffer reads
  - Adds the ability to use the server default permissions when creating sftp directories
  - Adds support for building with OpenSSL no engine flag
  - Adds support for building with LibreSSL
  - Increased sftp packet size to 256k
  - Fixed oversized packet handling in sftp
  - Fixed building with OpenSSL 1.1
  - Fixed a possible crash if sftp stat gets an unexpected response
  - Fixed incorrect parsing of the KEX preference string value
  - Fixed conditional RSA and AES-CTR support
  - Fixed a small memory leak during the key exchange process
  - Fixed a possible memory leak of the ssh banner string
  - Fixed various small memory leaks in the backends
  - Fixed possible out of bounds read when parsing public keys from the server
  - Fixed possible out of bounds read when parsing invalid PEM files
  - No longer null terminates the scp remote exec command
  - Now handle errors when Diffie Hellman key pair generation fails
  - Fixed compiling on Windows with the flag STDCALL=ON
  - Improved building instructions
  - Improved unit tests
- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed
- Modernize spec somewhat as EL-6 can no longer be supported
2019-06-20 11:22:28 +01:00
Paul Howarth
69ee8f7637 Update to 1.8.2
- New upstream release 1.8.2
  - Fixed the misapplied userauth patch that broke 1.8.1
  - Moved the MAX size declarations from the public header
2019-03-26 09:44:16 +00:00
Paul Howarth
7dfb17d3cb Update to 1.8.1
- New upstream release 1.8.1
  - Fixed possible integer overflow when reading a specially crafted packet
    (CVE-2019-3855)
  - Fixed possible integer overflow in userauth_keyboard_interactive with a
    number of extremely long prompt strings (CVE-2019-3863)
  - Fixed possible integer overflow if the server sent an extremely large
    number of keyboard prompts (CVE-2019-3856)
  - Fixed possible out of bounds read when processing a specially crafted
    packet (CVE-2019-3861)
  - Fixed possible integer overflow when receiving a specially crafted exit
    signal message channel packet (CVE-2019-3857)
  - Fixed possible out of bounds read when receiving a specially crafted exit
    status message channel packet (CVE-2019-3862)
  - Fixed possible zero byte allocation when reading a specially crafted SFTP
    packet (CVE-2019-3858)
  - Fixed possible out of bounds reads when processing specially crafted SFTP
    packets (CVE-2019-3860)
  - Fixed possible out of bounds reads in _libssh2_packet_require(v)
    (CVE-2019-3859)
- Fix mis-applied patch in the fix of CVE-2019-3859
  - https://github.com/libssh2/libssh2/issues/325
  - https://github.com/libssh2/libssh2/pull/327
2019-03-19 12:20:07 +00:00
Paul Howarth
ab0e53ac52 Work around mock locale issues in test suite
Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky
locale settings in mock builders.
2019-02-04 12:17:15 +00:00
Fedora Release Engineering
4fcb4f9ea8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 08:17:37 +00:00
Fedora Release Engineering
d1bae723b7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-13 08:52:50 +00:00
Fedora Release Engineering
339e430067 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 23:25:06 +00:00
Igor Gnatenko
2ee9663dd7
Switch to %ldconfig_scriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
2018-02-03 16:28:53 +01:00
Paul Howarth
af56e4903a Fix for BrickFTP (#1489736), spec clean-up
- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208)
- Make devel package dependency on main package arch-specific
- Drop EL-5 support
  - noarch sub-packages always available now
  - Drop legacy Group: and BuildRoot: tags
  - Drop explicit buildroot cleaning
  - %{__isa_bits} always defined now
2017-09-12 11:03:08 +01:00
Fedora Release Engineering
29d026f712 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-03 02:19:51 +00:00
Fedora Release Engineering
30a5673bf1 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 19:46:05 +00:00
Fedora Release Engineering
e44a6af4ac - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-10 19:30:17 +00:00
Paul Howarth
fa24637e03 libssh2 1.8.0 2016-10-25 09:23:34 +01:00
Paul Howarth
a9c954ed4c Update to 1.8.0
- New upstream release 1.8.0
  - Added a basic dockerised test suite
  - crypto: Add support for the mbedTLS backend
  - See RELEASE-NOTES for details of bug fixes
2016-10-25 09:16:53 +01:00
Kamil Dudka
29e2533fad add libssh2-1.7.0-openssl11-memleak.patch
... forgotten in the last commit
2016-10-20 17:47:18 +02:00
Kamil Dudka
999a09c336 make curl test-suite work again with valgrind enabled 2016-10-20 17:38:44 +02:00
Tomas Mraz
975ba11ea3 rebuild with OpenSSL 1.1.0 2016-10-11 18:12:27 +02:00
Paul Howarth
f8c7ae2c29 Fix EL-5 compatibility
- Revert parts of previous change that broke EL-5 compatibility
- Include NEWS in docs package, it's much more than RELEASE-NOTES
2016-03-06 11:56:26 +00:00
Peter Robinson
0355577a5d Modernise spec (no we really don't care about el4/fc4), Don't ship ChangeLog/NEWS, duplicates of RELEASE-NOTES 2016-03-05 17:45:34 +00:00
Paul Howarth
f9f6b45015 Drop UTF-8 patch, which breaks things rather than fixes them 2016-02-24 12:12:23 +00:00
Kamil Dudka
2d448ce083 Resolves: CVE-2016-0787 - diffie_hellman_sha1: Convert bytes to bits 2016-02-24 09:08:02 +01:00
Paul Howarth
0587739ebe Update to 1.7.0
- New upstream release 1.7.0
  - diffie_hellman_sha256: Convert bytes to bits (CVE-2016-0787); see
    http://www.libssh2.org/adv_20160223.html
  - libssh2_session_set_last_error: Add function
  - See RELEASE-NOTES for details of bug fixes
2016-02-23 10:55:39 +00:00
Dennis Gilmore
1ce9bf4210 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 03:58:15 +00:00
Paul Howarth
eb27184133 Fix pkg-config --libs output (#1279966) 2015-11-11 11:34:14 +00:00
Dennis Gilmore
576be02309 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 17:21:55 +00:00
Paul Howarth
80ed1ccaeb Update to 1.6.0
- New upstream release 1.6.0
  - Added CMake build system
  - Added libssh2_userauth_publickey_frommemory()
  - See RELEASE-NOTES for details of bug fixes
2015-06-14 17:35:46 +01:00
Paul Howarth
62cea02db3 Merge branch 'master' into f21
Conflicts:
	libssh2.spec
2015-03-11 10:55:17 +00:00
Paul Howarth
33cf9702d8 Update to 1.5.0
- New upstream release 1.5.0
  - See RELEASE-NOTES for details of bug fixes and enhancements
  - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
2015-03-11 10:33:45 +00:00
Kamil Dudka
61ab33f548 Resolves: #1147717 - prevent a not-connected agent from closing STDIN 2014-10-10 13:25:08 +02:00
Kamil Dudka
384b1c0765 Resolves: #1147717 - prevent a not-connected agent from closing STDIN 2014-10-10 13:22:55 +02:00
Peter Robinson
48f7eb2d50 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 06:10:03 +00:00
Peter Robinson
aa67a47340 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 06:09:50 +00:00
Tom Callaway
f3791deea4 fix license handling 2014-07-18 15:23:59 -04:00
Tom Callaway
a53677d01b fix license handling 2014-07-18 15:23:38 -04:00
Dennis Gilmore
d7ba3102d3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 00:34:36 -05:00
Kamil Dudka
5881ed4686 Fix curl's excessive memory consumption during scp download 2014-04-30 15:06:59 +02:00
Paul Howarth
0908d2fabd The aarch64 buildroot seems to have the same locale issue as the PPC one 2014-02-17 16:19:16 +00:00
Karsten Hopp
fc169ae47c next attempt to work around a self check problem on PPC* 2014-02-17 15:39:41 +01:00
Karsten Hopp
0816533a63 skip self checks on ppc* 2014-02-17 14:26:40 +01:00
Kamil Dudka
343e650ca6 fix a use after free in channel.c 2013-08-14 17:54:06 +02:00
Kamil Dudka
68034f3fb2 fix very slow sftp upload to localhost 2013-08-14 17:52:22 +02:00
Dennis Gilmore
bddd40fef5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 02:06:55 -05:00
Paul Howarth
10b73a08d7 Revert 'Modernize the spec file' so as to retain EL-5 spec compatibility 2013-04-09 16:47:40 +01:00
Richard W.M. Jones
fe8b55ff64 Add three patches from upstream git required for qemu ssh block driver. 2013-04-09 16:01:28 +01:00
Richard W.M. Jones
e53393977d Modernize the spec file:
* Remove BuildRoot.
  * Remove Group.
  * Remove clean section.
  * Don't need to clean up buildroot before installing.
2013-04-09 15:57:01 +01:00
Paul Howarth
7899b8095f Avoid polluting libssh2.pc with linker options (#947813) 2013-04-03 12:25:16 +01:00
Paul Howarth
976807eeb4 Retain EL-5 compatibility 2013-03-26 14:56:04 +00:00
Kamil Dudka
abdd90b894 avoid collisions between 32bit and 64bit builds
... running on a single build-host
2013-03-26 13:43:20 +01:00
Dennis Gilmore
8cfe889c9e - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild 2013-02-13 23:17:48 -06:00
Paul Howarth
c256d188f4 Update to 1.4.3
- New upstream release 1.4.3
  - compression: add support for zlib@openssh.com
  - sftp_read: return error if a too large package arrives
  - libssh2_hostkey_hash.3: update the description of return value
  - Fixed MSVC NMakefile
  - examples: use stderr for messages, stdout for data
  - openssl: do not leak memory when handling errors
  - improved handling of disabled MD5 algorithm in OpenSSL
  - known_hosts: Fail when parsing unknown keys in known_hosts file
  - configure: gcrypt doesn't come with pkg-config support
  - session_free: wrong variable used for keeping state
  - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
  - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
- Drop upstreamed patches
2012-11-28 12:47:04 +00:00
Kamil Dudka
91ca20147c update libssh2_hostkey_hash(3) man page
[upstream commit fe8f3deb]
2012-11-07 15:35:06 +01:00
Kamil Dudka
4e05bd07c3 examples: use stderr for messages, stdout for data
[upstream commit b31e35ab]
2012-11-07 15:34:30 +01:00
Kamil Dudka
15d584a147 defuzz patches 2012-10-01 12:42:40 +02:00
Kamil Dudka
529c6ce524 skip SELinux-related quirks on recent distros
... to prevent a test-suite failure
2012-10-01 12:40:10 +02:00
Kamil Dudka
8576e20313 fix basic functionality of libssh2 in FIPS mode 2012-10-01 12:39:11 +02:00
Dennis Gilmore
b1dbb78e83 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-19 16:17:19 -05:00
Paul Howarth
8e792e752c Update to 1.4.2
- New upstream release 1.4.2
  - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
  - userauth.c: fread() from public key file to correctly detect any errors
  - configure.ac: add option to disable build of the example applications
  - added 'Requires.private:' line to libssh2.pc
  - SFTP: filter off incoming "zombie" responses
  - gettimeofday: no need for a replacement under cygwin
  - SSH_MSG_CHANNEL_REQUEST: default to want_reply
  - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB
2012-05-20 22:08:23 +01:00
Paul Howarth
a352ea2406 Fix multi-arch conflict again (#816969) 2012-04-27 13:21:06 +01:00
Paul Howarth
e3d0f1a309 Update to 1.4.1
- New upstream release 1.4.1
  - Build error with gcrypt backend
  - Always do "forced" window updates to avoid corner case stalls
  - aes: the init function fails when OpenSSL has AES support
  - transport_send: finish in-progress key exchange before sending data
  - channel_write: acknowledge transport errors
  - examples/x11.c: make sure sizeof passed to read operation is correct
  - examples/x11.c: fix suspicious sizeof usage
  - sftp_packet_add: verify the packet before accepting it
  - SFTP: preserve the original error code more
  - sftp_packet_read: adjust window size as necessary
  - Use safer snprintf rather then sprintf in several places
  - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
  - sftp_write: cannot return acked data *and* EAGAIN
  - sftp_read: avoid data *and* EAGAIN
  - libssh2.h: add missing prototype for libssh2_session_banner_set()
- Drop upstream patches now included in release tarball
2012-04-05 10:46:49 +01:00
Kamil Dudka
8e8214ab77 Don't ignore transport errors when writing to channel (#804150) 2012-03-19 15:03:20 +01:00
Paul Howarth
1d6da849c3 Don't try to use openssl's AES-CTR functions
The code supporting openssl's AES-CTR functions does not currently work:
(http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml)
2012-03-18 14:53:07 +00:00
Paul Howarth
12e9f5a79f Fix libssh2 failing key re-exchange when write channel is saturated (#804156) 2012-03-16 19:24:57 +00:00
Paul Howarth
d2c802f8e0 Update to 1.4.0
- Update to 1.4.0
  - Added libssh2_session_supported_algs()
  - Added libssh2_session_banner_get()
  - Added libssh2_sftp_get_channel()
  - libssh2.h: bump the default window size to 256K
  - sftp-seek: clear EOF flag
  - userauth: provide more informations if ssh pub key extraction fails
  - ssh2_exec: skip error outputs for EAGAIN
  - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000
  - knownhost_check(): don't dereference ext if NULL is passed
  - knownhost_add: avoid dereferencing uninitialized memory on error path
  - OpenSSL EVP: fix threaded use of structs
  - _libssh2_channel_read: react on errors from receive_window_adjust
  - sftp_read: cap the read ahead maximum amount
  - _libssh2_channel_read: fix non-blocking window adjusting
- Add upstream patch fixing undefined function reference in libgcrypt backend
- BR: /usr/bin/man for test suite
2012-02-01 11:06:03 +00:00
Paul Howarth
4256e1a18e Comment clean-up 2012-01-16 09:24:22 +00:00
Peter Robinson
d70bd6d322 Disable some tests on ARM 2012-01-15 23:11:01 +00:00
Paul Howarth
980b4761ee example includes arch-specific bits, so move to devel package 2012-01-13 17:14:29 +00:00
Paul Howarth
2981c211df use tabs for indentation 2012-01-13 16:05:02 +00:00
Paul Howarth
edbbfd779a Spec clean-up
- make docs package noarch where possible
- use patch rather than scripted iconv to fix character encoding
- don't make assumptions about SELinux context types used for the ssh server
  in the test suite
- skip the ssh test if /dev/tty isn't present, as in some versions of mock
- make the %files list more explicit
2012-01-13 16:01:35 +00:00
Dennis Gilmore
b46de2ab55 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 02:29:01 -06:00
Kamil Dudka
13e3a891a5 update to 1.3.0 2011-09-08 11:15:55 +02:00
Dennis Gilmore
d8deb37f03 sshd/loopback test fails in the sparc buildsystem 2011-06-25 08:20:10 -05:00
Kamil Dudka
9936af47e1 update to 1.2.7 (#632916)
- avoid multilib conflict on libssh2-docs
- avoid build failure in mock with SELinux in the enforcing mode
  (#558964)
2010-10-13 00:04:08 +02:00
Fedora Release Engineering
a6bc831ff0 dist-git conversion 2010-07-28 21:42:18 +00:00
Chris Weyl
92c18b1937 - update to 1.2.4
- drop old patch0
- be more aggressive about keeping .deps from intruding into -docs
2010-03-13 05:15:12 +00:00
6 changed files with 590 additions and 84 deletions

4
.gitignore vendored
View File

@ -1 +1,3 @@
libssh2-1.2.2.tar.gz
/libssh2-[0-9.]*/
/libssh2-[0-9.]*.tar.gz
/libssh2-[0-9.]*.tar.gz.asc

View File

@ -0,0 +1,19 @@
In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
so we need to re-enable them as a workaround for the test
suite until upstream updates the tests.
See: https://github.com/libssh2/libssh2/issues/630
--- tests/ssh2.sh
+++ tests/ssh2.sh
@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host
-o 'Port 4711' \
-o 'Protocol 2' \
-o "AuthorizedKeysFile $srcdir/etc/user.pub" \
- -o 'UsePrivilegeSeparation no' \
+ -o 'HostKeyAlgorithms +ssh-rsa' \
+ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \
-o 'StrictModes no' \
-D \
$libssh2_sshd_params &

View File

@ -1,19 +1,34 @@
Name: libssh2
Version: 1.2.4
Release: 1%{?dist}
Summary: A library implementing the SSH2 protocol
Name: libssh2
Version: 1.10.0
Release: 7%{?dist}
Summary: A library implementing the SSH2 protocol
License: BSD-3-Clause
URL: https://www.libssh2.org/
Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz
Source1: https://libssh2.org/download/libssh2-%{version}.tar.gz.asc
# Daniel Stenberg's GPG keys; linked from https://daniel.haxx.se/address.html
Source2: https://daniel.haxx.se/mykey.asc
Patch1: libssh2-1.10.0-ssh-rsa-test.patch
Group: System Environment/Libraries
License: BSD
URL: http://www.libssh2.org
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: coreutils
BuildRequires: findutils
BuildRequires: gcc
BuildRequires: gnupg2
BuildRequires: make
BuildRequires: openssl-devel > 1:1.0.1
BuildRequires: sed
BuildRequires: zlib-devel
BuildRequires: /usr/bin/man
BuildRequires: openssl-devel
BuildRequires: zlib-devel
# tests
BuildRequires: openssh-server
# Test suite requirements
# Full groff (not just groff-base) needed for the mansyntax check
BuildRequires: groff
# We run the OpenSSH server and try to connect to it
BuildRequires: openssh-server
# Need a valid locale to run the mansyntax check
%if 0%{?fedora} > 23 || 0%{?rhel} > 7
BuildRequires: glibc-langpack-en
%endif
%description
libssh2 is a library implementing the SSH2 protocol as defined by
@ -21,85 +36,490 @@ Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25),
SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*,
SECSH-DHGEX(04), and SECSH-NUMBERS(10).
%package devel
Summary: Development files for libssh2
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
%package devel
Summary: Development files for %{name}
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
Requires: pkgconfig
%description devel
The libssh2-devel package contains libraries and header files for
developing applications that use libssh2.
%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.
%package docs
Summary: Documentation for %{name}
Group: Development/Libraries
Requires: %{name} = %{version}-%{release}
%description docs
The %{name}-docs package contains man pages and examples for
developing applications that use %{name}.
%package docs
Summary: Documentation for libssh2
Requires: %{name} = %{version}-%{release}
BuildArch: noarch
%description docs
The libssh2-docs package contains man pages and examples for
developing applications that use libssh2.
%prep
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
%setup -q
# make sure things are UTF-8...
for i in ChangeLog NEWS ; do
iconv --from=ISO-8859-1 --to=UTF-8 $i > new
mv new $i
done
# In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
# so we need to re-enable them as a workaround for the test
# suite until upstream updates the tests.
# See: https://github.com/libssh2/libssh2/issues/630
%if 0%{?fedora} > 33 || 0%{?rhel} > 8
%patch1
%endif
# Replace hard wired port number in the test suite to avoid collisions
# between 32-bit and 64-bit builds running on a single build-host
sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
%build
%configure --disable-static --enable-shared
make %{?_smp_mflags}
%configure --disable-silent-rules --disable-static --enable-shared
%{make_build}
%install
rm -rf %{buildroot}
make install DESTDIR=%{buildroot} INSTALL="install -p"
find %{buildroot} -name '*.la' -exec rm -f {} +
%{make_install} INSTALL="install -p"
find %{buildroot} -name '*.la' -delete
# clean things up a bit for packaging
( cd example && make clean )
find example/ -type d -name .deps -exec rm -rf {} +
find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} +
make -C example clean
rm -rf example/.deps
find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete
# avoid multilib conflict on libssh2-devel
mv -v example example.%{_arch}
%check
# sshd/loopback test fails under local build, with selinux enforcing
%{?_without_sshd_tests:echo "Skipping sshd tests" ; echo "exit 0" > tests/ssh2.sh }
(cd tests && make check)
%clean
rm -rf %{buildroot}
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
LC_ALL=en_US.UTF-8 make -C tests check
%ldconfig_scriptlets
%files
%defattr(-,root,root,-)
%doc AUTHORS ChangeLog COPYING README NEWS
%{_libdir}/*.so.*
%license COPYING
%doc docs/AUTHORS README RELEASE-NOTES
%{_libdir}/libssh2.so.1
%{_libdir}/libssh2.so.1.*
%files docs
%defattr(-,root,root,-)
%doc COPYING HACKING example/
%{_mandir}/man?/*
%doc docs/BINDINGS docs/HACKING docs/TODO NEWS
%{_mandir}/man3/libssh2_*.3*
%files devel
%defattr(-,root,root,-)
%doc COPYING
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*
%doc example.%{_arch}/
%{_includedir}/libssh2.h
%{_includedir}/libssh2_publickey.h
%{_includedir}/libssh2_sftp.h
%{_libdir}/libssh2.so
%{_libdir}/pkgconfig/libssh2.pc
%changelog
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Fri Oct 28 2022 Todd Zullinger <tmz@pobox.com> - 1.10.0-6
- Verify upstream release signatures
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sun Jan 23 2022 Paul Howarth <paul@city-fan.org> - 1.10.0-4
- In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
so we need to re-enable them as a workaround for the test
suite until upstream updates the tests
See: https://github.com/libssh2/libssh2/issues/630
- Drop other test workarounds, none of them being needed any longer
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.10.0-2
- Rebuilt with OpenSSL 3.0.0
* Mon Aug 30 2021 Paul Howarth <paul@city-fan.org> - 1.10.0-1
- Update to 1.10.0
- Adds agent forwarding support
- Adds OpenSSH Agent support on Windows
- Adds ECDSA key support using the Mbed TLS backend
- Adds ECDSA cert authentication
- Adds diffie-hellman-group14-sha256, diffie-hellman-group16-sha512,
diffie-hellman-group18-sha512 key exchanges
- Adds support for PKIX key reading when using ed25519 with OpenSSL
- Adds support for EWOULDBLOCK on VMS systems
- Adds support for building with OpenSSL 3
- Adds support for using FIPS mode in OpenSSL
- Adds debug symbols when building with MSVC
- Adds support for building on the 3DS
- Adds unicode build support on Windows
- Restores os400 building
- Increases min, max and opt Diffie Hellman group values
- Improves portability of the make file
- Improves timeout behaviour with 2FA keyboard auth
- Various improvements to the Wincng backend
- Fixes reading partial packet replies when using an agent
- Fixes Diffie Hellman key exchange on Windows 1903+ builds
- Fixes building tests with older versions of OpenSSL
- Fixes possible multiple definition warnings
- Fixes potential cast issues _libssh2_ecdsa_key_get_curve_type()
- Fixes potential use after free if libssh2_init() is called twice
- Improved linking when using Mbed TLS
- Fixes call to libssh2_crypto_exit() if crypto hasn't been initialized
- Fixes crash when loading public keys with no id
- Fixes possible out of bounds read when exchanging keys
- Fixes possible out of bounds read when reading packets
- Fixes possible out of bounds read when opening an X11 connection
- Fixes possible out of bounds read when ecdh host keys
- Fixes possible hang when trying to read a disconnected socket
- Fixes a crash when using the delayed compression option
- Fixes read error with large known host entries
- Fixes various warnings
- Fixes various small memory leaks
- Improved error handling, various detailed errors will now be reported
- Builds are now using OSS-Fuzz
- Builds now use autoreconf instead of a custom build script
- cmake now respects install directory
- Improved CI backend
- Updated HACKING-CRYPTO documentation
- Use markdown file extensions
- Improved unit tests
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Mar 27 2020 Paul Howarth <paul@city-fan.org> - 1.9.0-5
- Switch to https:// upstream URLs
- Full groff (not just groff-base) needed for the mansyntax check
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Oct 30 2019 Kamil Dudka <kdudka@redhat.com> - 1.9.0-3
- Fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 20 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-1
- Update to 1.9.0
- Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115)
- Adds ECDSA keys and host key support when using OpenSSL
- Adds ED25519 key and host key support when using OpenSSL 1.1.1
- Adds OpenSSH style key file reading
- Adds AES CTR mode support when using WinCNG
- Adds PEM passphrase protected file support for libgcrypt and WinCNG
- Adds SHA256 hostkey fingerprint
- Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
- Adds explicit zeroing of sensitive data in memory
- Adds additional bounds checks to network buffer reads
- Adds the ability to use the server default permissions when creating sftp directories
- Adds support for building with OpenSSL no engine flag
- Adds support for building with LibreSSL
- Increased sftp packet size to 256k
- Fixed oversized packet handling in sftp
- Fixed building with OpenSSL 1.1
- Fixed a possible crash if sftp stat gets an unexpected response
- Fixed incorrect parsing of the KEX preference string value
- Fixed conditional RSA and AES-CTR support
- Fixed a small memory leak during the key exchange process
- Fixed a possible memory leak of the ssh banner string
- Fixed various small memory leaks in the backends
- Fixed possible out of bounds read when parsing public keys from the server
- Fixed possible out of bounds read when parsing invalid PEM files
- No longer null terminates the scp remote exec command
- Now handle errors when Diffie Hellman key pair generation fails
- Fixed compiling on Windows with the flag STDCALL=ON
- Improved building instructions
- Improved unit tests
- Needs OpenSSL 1.0.1 now as ECC support is assumed
- Modernize spec somewhat as EL-6 can no longer be supported
* Tue Mar 26 2019 Paul Howarth <paul@city-fan.org> - 1.8.2-1
- Update to 1.8.2
- Fixed the misapplied userauth patch that broke 1.8.1
- Moved the MAX size declarations from the public header
* Tue Mar 19 2019 Paul Howarth <paul@city-fan.org> - 1.8.1-1
- Update to 1.8.1
- Fixed possible integer overflow when reading a specially crafted packet
(CVE-2019-3855)
- Fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings (CVE-2019-3863)
- Fixed possible integer overflow if the server sent an extremely large
number of keyboard prompts (CVE-2019-3856)
- Fixed possible out of bounds read when processing a specially crafted
packet (CVE-2019-3861)
- Fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (CVE-2019-3857)
- Fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (CVE-2019-3862)
- Fixed possible zero byte allocation when reading a specially crafted SFTP
packet (CVE-2019-3858)
- Fixed possible out of bounds reads when processing specially crafted SFTP
packets (CVE-2019-3860)
- Fixed possible out of bounds reads in _libssh2_packet_require(v)
(CVE-2019-3859)
- Fix mis-applied patch in the fix of CVE-2019-3859
- https://github.com/libssh2/libssh2/issues/325
- https://github.com/libssh2/libssh2/pull/327
* Mon Feb 4 2019 Paul Howarth <paul@city-fan.org> - 1.8.0-10
- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky
locale settings in mock builders
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.0-6
- Switch to %%ldconfig_scriptlets
* Tue Sep 12 2017 Paul Howarth <paul@city-fan.org> - 1.8.0-5
- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208)
- Make devel package dependency on main package arch-specific
- Drop EL-5 support
- noarch sub-packages always available now
- Drop legacy Group: and BuildRoot: tags
- Drop explicit buildroot cleaning
- %%{__isa_bits} always defined now
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Oct 25 2016 Paul Howarth <paul@city-fan.org> - 1.8.0-1
- Update to 1.8.0
- Added a basic dockerised test suite
- crypto: Add support for the mbedTLS backend
- See RELEASE-NOTES for details of bug fixes
* Thu Oct 20 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-7
- Make curl test-suite work again with valgrind enabled
* Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 1.7.0-6
- Rebuild with OpenSSL 1.1.0
* Sun Mar 6 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-5
- Revert parts of previous change that broke EL-5 compatibility
- Include NEWS in docs package, it's much more than RELEASE-NOTES
* Sat Mar 5 2016 Peter Robinson <pbrobinson@fedoraproject.org> - 1.7.0-4
- Modernise spec (no we really don't care about el4/fc4)
- Don't ship ChangeLog/NEWS, duplicates of RELEASE-NOTES
* Wed Feb 24 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-3
- Drop UTF-8 patch, which breaks things rather than fixes them
* Wed Feb 24 2016 Kamil Dudka <kdudka@redhat.com> - 1.7.0-2
- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787)
* Tue Feb 23 2016 Paul Howarth <paul@city-fan.org> - 1.7.0-1
- Update to 1.7.0
- diffie_hellman_sha256: Convert bytes to bits (CVE-2016-0787); see
http://www.libssh2.org/adv_20160223.html
- libssh2_session_set_last_error: Add function
- See RELEASE-NOTES for details of bug fixes
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Tue Nov 10 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-3
- Fix pkg-config --libs output (#1279966)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Jun 14 2015 Paul Howarth <paul@city-fan.org> - 1.6.0-1
- Update to 1.6.0
- Added CMake build system
- Added libssh2_userauth_publickey_frommemory()
- See RELEASE-NOTES for details of bug fixes
* Wed Mar 11 2015 Paul Howarth <paul@city-fan.org> - 1.5.0-1
- Update to 1.5.0
- See RELEASE-NOTES for details of bug fixes and enhancements
- Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
* Fri Oct 10 2014 Kamil Dudka <kdudka@redhat.com> 1.4.3-16
- prevent a not-connected agent from closing STDIN (#1147717)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jul 18 2014 Tom Callaway <spot@fedoraproject.org> - 1.4.3-14
- fix license handling
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 30 2014 Kamil Dudka <kdudka@redhat.com> 1.4.3-12
- Fix curl's excessive memory consumption during scp download
* Mon Feb 17 2014 Paul Howarth <paul@city-fan.org> - 1.4.3-11
- The aarch64 buildroot seems to have the same locale issue as the PPC one
* Mon Feb 17 2014 Karsten Hopp <karsten@redhat.com> 1.4.3-10
- Next attempt to work around a self check problem on PPC*
* Mon Feb 17 2014 Karsten Hopp <karsten@redhat.com> 1.4.3-9
- Skip self checks on ppc*
* Wed Aug 14 2013 Kamil Dudka <kdudka@redhat.com> 1.4.3-8
- Fix very slow sftp upload to localhost
- Fix a use after free in channel.c
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Apr 9 2013 Paul Howarth <paul@city-fan.org> 1.4.3-6
- Revert 'Modernize the spec file' so as to retain EL-5 spec compatibility
* Tue Apr 9 2013 Richard W.M. Jones <rjones@redhat.com> 1.4.3-5
- Add three patches from upstream git required for qemu ssh block driver
- Modernize the spec file:
* Remove BuildRoot
* Remove Group
* Remove clean section
* Don't need to clean up buildroot before installing
* Wed Apr 3 2013 Paul Howarth <paul@city-fan.org> 1.4.3-4
- Avoid polluting libssh2.pc with linker options (#947813)
* Tue Mar 26 2013 Kamil Dudka <kdudka@redhat.com> 1.4.3-3
- Avoid collisions between 32-bit and 64-bit builds running on a single build
host
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 28 2012 Paul Howarth <paul@city-fan.org> 1.4.3-1
- Update to 1.4.3
- compression: add support for zlib@openssh.com
- sftp_read: return error if a too large package arrives
- libssh2_hostkey_hash.3: update the description of return value
- Fixed MSVC NMakefile
- examples: use stderr for messages, stdout for data
- openssl: do not leak memory when handling errors
- improved handling of disabled MD5 algorithm in OpenSSL
- known_hosts: Fail when parsing unknown keys in known_hosts file
- configure: gcrypt doesn't come with pkg-config support
- session_free: wrong variable used for keeping state
- libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
- comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
- Drop upstreamed patches
* Wed Nov 07 2012 Kamil Dudka <kdudka@redhat.com> 1.4.2-4
- examples: use stderr for messages, stdout for data (upstream commit b31e35ab)
- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb)
* Wed Sep 26 2012 Kamil Dudka <kdudka@redhat.com> 1.4.2-3
- Fix basic functionality of libssh2 in FIPS mode
- Skip SELinux-related quirks on recent distros to prevent a test-suite failure
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun May 20 2012 Paul Howarth <paul@city-fan.org> 1.4.2-1
- Update to 1.4.2
- Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner
- userauth.c: fread() from public key file to correctly detect any errors
- configure.ac: add option to disable build of the example applications
- added 'Requires.private:' line to libssh2.pc
- SFTP: filter off incoming "zombie" responses
- gettimeofday: no need for a replacement under cygwin
- SSH_MSG_CHANNEL_REQUEST: default to want_reply
- win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB
* Fri Apr 27 2012 Paul Howarth <paul@city-fan.org> 1.4.1-2
- Fix multi-arch conflict again (#816969)
* Thu Apr 5 2012 Paul Howarth <paul@city-fan.org> 1.4.1-1
- Update to 1.4.1
- Build error with gcrypt backend
- Always do "forced" window updates to avoid corner case stalls
- aes: the init function fails when OpenSSL has AES support
- transport_send: finish in-progress key exchange before sending data
- channel_write: acknowledge transport errors
- examples/x11.c: make sure sizeof passed to read operation is correct
- examples/x11.c: fix suspicious sizeof usage
- sftp_packet_add: verify the packet before accepting it
- SFTP: preserve the original error code more
- sftp_packet_read: adjust window size as necessary
- Use safer snprintf rather then sprintf in several places
- Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
- sftp_write: cannot return acked data *and* EAGAIN
- sftp_read: avoid data *and* EAGAIN
- libssh2.h: add missing prototype for libssh2_session_banner_set()
- Drop upstream patches now included in release tarball
* Mon Mar 19 2012 Kamil Dudka <kdudka@redhat.com> 1.4.0-4
- Don't ignore transport errors when writing to channel (#804150)
* Sun Mar 18 2012 Paul Howarth <paul@city-fan.org> 1.4.0-3
- Don't try to use openssl's AES-CTR functions
(http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml)
* Fri Mar 16 2012 Paul Howarth <paul@city-fan.org> 1.4.0-2
- fix libssh2 failing key re-exchange when write channel is saturated (#804156)
- drop %%defattr, redundant since rpm 4.4
* Wed Feb 1 2012 Paul Howarth <paul@city-fan.org> 1.4.0-1
- update to 1.4.0
- added libssh2_session_supported_algs()
- added libssh2_session_banner_get()
- added libssh2_sftp_get_channel()
- libssh2.h: bump the default window size to 256K
- sftp-seek: clear EOF flag
- userauth: provide more informations if ssh pub key extraction fails
- ssh2_exec: skip error outputs for EAGAIN
- LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000
- knownhost_check(): don't dereference ext if NULL is passed
- knownhost_add: avoid dereferencing uninitialized memory on error path
- OpenSSL EVP: fix threaded use of structs
- _libssh2_channel_read: react on errors from receive_window_adjust
- sftp_read: cap the read ahead maximum amount
- _libssh2_channel_read: fix non-blocking window adjusting
- add upstream patch fixing undefined function reference in libgcrypt backend
- BR: /usr/bin/man for test suite
* Sun Jan 15 2012 Peter Robinson <pbrobinson@fedoraproject.org> 1.3.0-4
- skip the ssh test on ARM too
* Fri Jan 13 2012 Paul Howarth <paul@city-fan.org> 1.3.0-3
- make docs package noarch where possible
- example includes arch-specific bits, so move to devel package
- use patch rather than scripted iconv to fix character encoding
- don't make assumptions about SELinux context types used for the ssh server
in the test suite
- skip the ssh test if /dev/tty isn't present, as in some versions of mock
- make the %%files list more explicit
- use tabs for indentation
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> 1.3.0-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Sep 08 2011 Kamil Dudka <kdudka@redhat.com> 1.3.0-1
- update to 1.3.0
* Sat Jun 25 2011 Dennis Gilmore <dennis@ausil.us> 1.2.7-2
- sshd/loopback test fails in the sparc buildsystem
* Tue Oct 12 2010 Kamil Dudka <kdudka@redhat.com> 1.2.7-1
- update to 1.2.7 (#632916)
- avoid multilib conflict on libssh2-docs
- avoid build failure in mock with SELinux in the enforcing mode (#558964)
* Fri Mar 12 2010 Chris Weyl <cweyl@alumni.drew.edu> 1.2.4-1
- update to 1.2.4
- drop old patch0

77
mykey.asc Normal file
View File

@ -0,0 +1,77 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2
mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ
QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV
0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1
EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch
soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje
f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL
gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo
SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2
m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0
ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU
ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w
i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD
AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv
jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb
XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz
7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM
wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+
dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT
rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t
FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9
OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx
5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h
zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O
poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA
Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d
6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8
tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu
c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ
EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1
svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+
Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv
+BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh
Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg
rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL
y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP
BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/
0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf
09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG
6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8
67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H
a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr
LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK
nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb
0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb
2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC
OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/
PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC
8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3
/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e
8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk
bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0
IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx
AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN
2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ
L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD
/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6
UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb
9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh
TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k
IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ
AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ
eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8
sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI
c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND
KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j
4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S
wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv
BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF
PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu
gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5
ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb
j/qx4ytjt5uxt6Jm6IXV9cry8i6x
=Phs/
-----END PGP PUBLIC KEY BLOCK-----

View File

@ -1 +1,2 @@
4d65a66d5f232e5bb1d05b311e43d46d libssh2-1.2.4.tar.gz
SHA512 (libssh2-1.10.0.tar.gz) = e064ee1089eb8e6cd5fa2617f4fd8ff56c2721c5476775a98bdb68c6c4ee4d05c706c3bb0eb479a27a8ec0b17a8a5ef43e1d028ad3f134519aa582d3981a3a30
SHA512 (libssh2-1.10.0.tar.gz.asc) = cfdd59406f1c22bb2a9c6b7d43442630bc889a339cea7ac968edb638022918b1cc961caf3a2a4b6bf8fc8bc582deb6ac927b6be31a11325372eb017f2bf19cf4

View File

@ -1,13 +0,0 @@
diff --git a/src/transport.c b/src/transport.c
index 19efdf2..d9a38ca 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -626,7 +626,7 @@ send_existing(LIBSSH2_SESSION * session, unsigned char *data,
p->osent += rc; /* we sent away this much data */
- return PACKET_NONE;
+ return p->osent < data_len ? PACKET_EAGAIN : PACKET_NONE;
}
/*