Compare commits
3 Commits
rawhide
...
main-riscv
Author | SHA1 | Date | |
---|---|---|---|
75474b078d | |||
|
afe9bca438 | ||
|
c797fc9e3e |
@ -1,19 +0,0 @@
|
||||
In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
|
||||
so we need to re-enable them as a workaround for the test
|
||||
suite until upstream updates the tests.
|
||||
|
||||
See: https://github.com/libssh2/libssh2/issues/630
|
||||
|
||||
--- tests/ssh2.sh
|
||||
+++ tests/ssh2.sh
|
||||
@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host
|
||||
-o 'Port 4711' \
|
||||
-o 'Protocol 2' \
|
||||
-o "AuthorizedKeysFile $srcdir/etc/user.pub" \
|
||||
- -o 'UsePrivilegeSeparation no' \
|
||||
+ -o 'HostKeyAlgorithms +ssh-rsa' \
|
||||
+ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \
|
||||
-o 'StrictModes no' \
|
||||
-D \
|
||||
$libssh2_sshd_params &
|
||||
|
17
libssh2-1.11.0-ssh-rsa-test.patch
Normal file
17
libssh2-1.11.0-ssh-rsa-test.patch
Normal file
@ -0,0 +1,17 @@
|
||||
In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
|
||||
so we need to re-enable them as a workaround for the test
|
||||
suite until upstream updates the tests.
|
||||
|
||||
See: https://github.com/libssh2/libssh2/issues/630
|
||||
|
||||
--- tests/test_sshd.test
|
||||
+++ tests/test_sshd.test
|
||||
@@ -79,6 +79,8 @@ chmod go-rwx \
|
||||
-o "AuthorizedKeysFile ${PUBKEY} ${d}/openssh_server/authorized_keys" \
|
||||
-o "TrustedUserCAKeys ${cakeys}" \
|
||||
-o 'PermitRootLogin yes' \
|
||||
+ -o 'HostKeyAlgorithms +ssh-rsa' \
|
||||
+ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \
|
||||
-D \
|
||||
${SSHD_FLAGS} &
|
||||
sshdpid=$!
|
15
libssh2-1.11.0-strict-modes.patch
Normal file
15
libssh2-1.11.0-strict-modes.patch
Normal file
@ -0,0 +1,15 @@
|
||||
Group-writeable directories in the hierarchy above where we
|
||||
run the tests from can cause failures due to openssh's strict
|
||||
permissions checks. Adding this option helps the tests to run
|
||||
more reliably on a variety of build systems.
|
||||
|
||||
--- tests/test_sshd.test
|
||||
+++ tests/test_sshd.test
|
||||
@@ -71,6 +71,7 @@ chmod go-rwx \
|
||||
# shellcheck disable=SC2086
|
||||
"${SSHD}" \
|
||||
-f "${SSHD_FIXTURE_CONFIG:-${d}/openssh_server/sshd_config}" \
|
||||
+ -o 'StrictModes no' \
|
||||
-o 'Port 4711' \
|
||||
-h "${d}/openssh_server/ssh_host_rsa_key" \
|
||||
-h "${d}/openssh_server/ssh_host_ecdsa_key" \
|
123
libssh2.spec
123
libssh2.spec
@ -1,6 +1,6 @@
|
||||
Name: libssh2
|
||||
Version: 1.10.0
|
||||
Release: 7%{?dist}
|
||||
Version: 1.11.0
|
||||
Release: 2.0.riscv64%{?dist}
|
||||
Summary: A library implementing the SSH2 protocol
|
||||
License: BSD-3-Clause
|
||||
URL: https://www.libssh2.org/
|
||||
@ -8,14 +8,16 @@ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz
|
||||
Source1: https://libssh2.org/download/libssh2-%{version}.tar.gz.asc
|
||||
# Daniel Stenberg's GPG keys; linked from https://daniel.haxx.se/address.html
|
||||
Source2: https://daniel.haxx.se/mykey.asc
|
||||
Patch1: libssh2-1.10.0-ssh-rsa-test.patch
|
||||
Patch1: libssh2-1.11.0-strict-modes.patch
|
||||
Patch2: libssh2-1.11.0-ssh-rsa-test.patch
|
||||
|
||||
BuildRequires: coreutils
|
||||
BuildRequires: findutils
|
||||
BuildRequires: gcc
|
||||
BuildRequires: gnupg2
|
||||
BuildRequires: make
|
||||
BuildRequires: openssl-devel > 1:1.0.1
|
||||
BuildRequires: openssl-devel > 1:1.0.2
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: sed
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: /usr/bin/man
|
||||
@ -58,32 +60,52 @@ developing applications that use libssh2.
|
||||
%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}'
|
||||
%setup -q
|
||||
|
||||
# Group-writeable directories in the hierarchy above where we
|
||||
# run the tests from can cause failures due to openssh's strict
|
||||
# permissions checks. Adding this option helps the tests to run
|
||||
# more reliably on a variety of build systems.
|
||||
%patch -P 1
|
||||
|
||||
# In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box,
|
||||
# so we need to re-enable them as a workaround for the test
|
||||
# suite until upstream updates the tests.
|
||||
# See: https://github.com/libssh2/libssh2/issues/630
|
||||
%if 0%{?fedora} > 33 || 0%{?rhel} > 8
|
||||
%patch1
|
||||
%patch -P 2
|
||||
%endif
|
||||
|
||||
# Replace hard wired port number in the test suite to avoid collisions
|
||||
# between 32-bit and 64-bit builds running on a single build-host
|
||||
sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
|
||||
sed -i s/4711/47%{?__isa_bits}/ tests/{openssh_fixture.c,test_ssh{2.c,d.test}}
|
||||
|
||||
%build
|
||||
%configure --disable-silent-rules --disable-static --enable-shared
|
||||
# Test suite fails to compile if we use --disable-static
|
||||
# https://github.com/libssh2/libssh2/issues/1056
|
||||
%configure \
|
||||
--disable-silent-rules \
|
||||
--enable-shared \
|
||||
--disable-docker-tests \
|
||||
--disable-rpath
|
||||
%{make_build}
|
||||
|
||||
%install
|
||||
%{make_install} INSTALL="install -p"
|
||||
find %{buildroot} -name '*.la' -delete
|
||||
|
||||
# clean things up a bit for packaging
|
||||
make -C example clean
|
||||
rm -rf example/.deps
|
||||
find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete
|
||||
# Remove static library that we only built for testing
|
||||
rm -v %{buildroot}%{_libdir}/libssh2.a
|
||||
|
||||
# avoid multilib conflict on libssh2-devel
|
||||
# Clean things up a bit for packaging
|
||||
make -C example clean
|
||||
find example/ -type f \
|
||||
'(' -name '*.am' -o -name '*.in' -o -name CMakeLists.txt ')' \
|
||||
-print -delete
|
||||
|
||||
# Remove redundant references to libdir in pkg-config file
|
||||
sed -i -e 's|-L%{_libdir} ||g' \
|
||||
-e 's|-L[$]{libdir} ||g' %{buildroot}%{_libdir}/pkgconfig/libssh2.pc
|
||||
|
||||
# Avoid multilib conflict on libssh2-devel
|
||||
mv -v example example.%{_arch}
|
||||
|
||||
%check
|
||||
@ -98,7 +120,7 @@ LC_ALL=en_US.UTF-8 make -C tests check
|
||||
%{_libdir}/libssh2.so.1.*
|
||||
|
||||
%files docs
|
||||
%doc docs/BINDINGS docs/HACKING docs/TODO NEWS
|
||||
%doc docs/BINDINGS.md docs/HACKING.md docs/TODO NEWS
|
||||
%{_mandir}/man3/libssh2_*.3*
|
||||
|
||||
%files devel
|
||||
@ -110,6 +132,81 @@ LC_ALL=en_US.UTF-8 make -C tests check
|
||||
%{_libdir}/pkgconfig/libssh2.pc
|
||||
|
||||
%changelog
|
||||
* Tue Jan 09 2024 David Abdurachmanov <davidlt@rivosinc.com> - 1.11.0-2.0.riscv64
|
||||
- Use --disable-rpath
|
||||
|
||||
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.11.0-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
|
||||
|
||||
* Thu Jun 1 2023 Paul Howarth <paul@city-fan.org> - 1.11.0-1
|
||||
- Update to 1.11.0 (rhbz#2211200)
|
||||
- Adds support for encrypt-then-mac (ETM) MACs
|
||||
- Adds support for AES-GCM crypto protocols
|
||||
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
|
||||
- Adds support for RSA certificate authentication
|
||||
- Adds FIDO support with *_sk() functions
|
||||
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
|
||||
- Adds Agent Forwarding and libssh2_agent_sign()
|
||||
- Adds support for Channel Signal message libssh2_channel_signal_ex()
|
||||
- Adds support to get the user auth banner message libssh2_userauth_banner()
|
||||
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
|
||||
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
|
||||
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
|
||||
- Adds wolfSSL support to CMake file
|
||||
- Adds mbedTLS 3.x support
|
||||
- Adds LibreSSL 3.5 support
|
||||
- Adds support for CMake "unity" builds
|
||||
- Adds CMake support for building shared and static libs in a single pass
|
||||
- Adds symbol hiding support to CMake
|
||||
- Adds support for libssh2.rc for all build tools
|
||||
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
|
||||
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
|
||||
- Improves OpenSSL 1.1 and 3 compatibility
|
||||
- Now requires OpenSSL 1.0.2 or newer
|
||||
- Now requires CMake 3.1 or newer
|
||||
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
|
||||
- SFTP: No longer has a packet limit when reading a directory
|
||||
- SFTP: Now parses attribute extensions if they exist
|
||||
- SFTP: No longer will busy loop if SFTP fails to initialize
|
||||
- SFTP: Now clear various errors as expected
|
||||
- SFTP: No longer skips files if the line buffer is too small
|
||||
- SCP: Add option to not quote paths
|
||||
- SCP: Enables 64-bit offset support unconditionally
|
||||
- Now skips leading \r and \n characters in banner_receive()
|
||||
- Enables secure memory zeroing with all build tools on all platforms
|
||||
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
|
||||
- Speed up base64 encoding by 7x
|
||||
- Assert if there is an attempt to write a value that is too large
|
||||
- WinCNG: fix memory leak in _libssh2_dh_secret()
|
||||
- Added protection against possible null pointer dereferences
|
||||
- Agent now handles overly large comment lengths
|
||||
- Now ensure KEX replies don't include extra bytes
|
||||
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
|
||||
- Fixed possible buffer overflow in keyboard interactive code path
|
||||
- Fixed overlapping memcpy()
|
||||
- Fixed Windows UWP builds
|
||||
- Fixed DLL import name
|
||||
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
|
||||
- Support for building with gcc versions older than 8
|
||||
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
|
||||
- Restores ANSI C89 compliance
|
||||
- Enabled new compiler warnings and fixed/silenced them
|
||||
- Improved error messages
|
||||
- Now uses CIFuzz
|
||||
- Numerous minor code improvements
|
||||
- Improvements to CI builds
|
||||
- Improvements to unit tests
|
||||
- Improvements to doc files
|
||||
- Improvements to example files
|
||||
- Removed "old gex" build option
|
||||
- Removed no-encryption/no-mac builds
|
||||
- Removed support for NetWare and Watcom wmake build files
|
||||
- Avoid use of deprecated patch syntax
|
||||
- Build static library but don't package it since it's required for the
|
||||
test suite (https://github.com/libssh2/libssh2/issues/1056)
|
||||
- Remove redundant references to %%{_libdir} from pkgconfig file
|
||||
- Add patch to work around strict permissions issues for sshd tests
|
||||
|
||||
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.10.0-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
SHA512 (libssh2-1.10.0.tar.gz) = e064ee1089eb8e6cd5fa2617f4fd8ff56c2721c5476775a98bdb68c6c4ee4d05c706c3bb0eb479a27a8ec0b17a8a5ef43e1d028ad3f134519aa582d3981a3a30
|
||||
SHA512 (libssh2-1.10.0.tar.gz.asc) = cfdd59406f1c22bb2a9c6b7d43442630bc889a339cea7ac968edb638022918b1cc961caf3a2a4b6bf8fc8bc582deb6ac927b6be31a11325372eb017f2bf19cf4
|
||||
SHA512 (libssh2-1.11.0.tar.gz) = ef85e152dc252bd9b1c05276972b9c22313f5d492743dde090235742746d67f634f2a419eff9162132e2274c8582113b75279b074e0c7b34b2526b92fd1a1e8e
|
||||
SHA512 (libssh2-1.11.0.tar.gz.asc) = 6187582a94be24d9ca68963b6d139982e8527378aee7ef8a4cbc0f5c2bae8aee4552e32ec85eb290ec4e940f1d6ebf6737f92468215e0b43b245762753bb2647
|
||||
|
Loading…
Reference in New Issue
Block a user