Update to upstream 0.9.0 pre release (0.8.91)

- Added default configuration files for client and server
- Follow system-wide crypto configuration (crypto-policies)
- Added Recommends for crypto-policies
- Use OpenSSL implementation for KDF, DH, and signatures.
- Detect FIPS mode and use only allowed algorithms
- Run client and server tests during build
This commit is contained in:
Anderson Toshiyuki Sasaki 2019-06-19 14:02:00 +02:00
parent f17dde0b4a
commit 63aba439d4
5 changed files with 48 additions and 9 deletions

3
.gitignore vendored
View File

@ -41,3 +41,6 @@ libssh-0.4.4.tar.gz.asc
/libssh-0.8.6.tar.xz.asc /libssh-0.8.6.tar.xz.asc
/libssh-0.8.7.tar.xz /libssh-0.8.7.tar.xz
/libssh-0.8.7.tar.xz.asc /libssh-0.8.7.tar.xz.asc
/libssh-0.8.91.tar.xz
/libssh_client.config
/libssh_server.config

View File

@ -1,13 +1,13 @@
Name: libssh Name: libssh
Version: 0.8.7 Version: 0.8.91
Release: 1%{?dist} Release: 0.1%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz Source0: https://www.libssh.org/files/rc/libssh-0.8.91.tar.xz
Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc Source3: libssh_client.config
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring Source4: libssh_server.config
BuildRequires: cmake BuildRequires: cmake
BuildRequires: doxygen BuildRequires: doxygen
@ -18,6 +18,15 @@ BuildRequires: pkgconfig
BuildRequires: zlib-devel BuildRequires: zlib-devel
BuildRequires: krb5-devel BuildRequires: krb5-devel
BuildRequires: libcmocka-devel BuildRequires: libcmocka-devel
BuildRequires: pam_wrapper
BuildRequires: socket_wrapper
BuildRequires: nss_wrapper
BuildRequires: uid_wrapper
BuildRequires: openssh-clients
BuildRequires: openssh-server
BuildRequires: nmap-ncat
Recommends: crypto-policies
%ifarch aarch64 ppc64 ppc64le s390x x86_64 %ifarch aarch64 ppc64 ppc64le s390x x86_64
Provides: libssh_threads.so.4()(64bit) Provides: libssh_threads.so.4()(64bit)
@ -42,7 +51,6 @@ The %{name}-devel package contains libraries and header files for developing
applications that use %{name}. applications that use %{name}.
%prep %prep
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -p1 %autosetup -p1
%build %build
@ -52,7 +60,11 @@ fi
pushd obj pushd obj
%cmake .. \ %cmake .. \
-DUNIT_TESTING=ON -DUNIT_TESTING=ON \
-DCLIENT_TESTING=ON \
-DSERVER_TESTING=ON \
-DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
-DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
%make_build VERBOSE=1 %make_build VERBOSE=1
make docs make docs
@ -61,6 +73,9 @@ popd
%install %install
make DESTDIR=%{buildroot} install/fast -C obj make DESTDIR=%{buildroot} install/fast -C obj
mkdir -p -m755 %{buildroot}%{_sysconfdir}/libssh
install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config
install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
# #
# Workaround for the removal of libssh_threads.so # Workaround for the removal of libssh_threads.so
@ -92,6 +107,9 @@ popd
%license COPYING %license COPYING
%{_libdir}/libssh.so.4* %{_libdir}/libssh.so.4*
%{_libdir}/libssh_threads.so.4* %{_libdir}/libssh_threads.so.4*
%attr(0755,root,root) %dir %{_sysconfdir}/libssh
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_client.config
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%files devel %files devel
%doc obj/doc/html %doc obj/doc/html
@ -104,6 +122,15 @@ popd
%{_libdir}/libssh_threads.so %{_libdir}/libssh_threads.so
%changelog %changelog
* Wed Jun 19 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.91-0.1
- Update to 0.9.0 pre release version (0.8.91)
- Added default configuration files for client and server
- Follow system-wide crypto configuration (crypto-policies)
- Added Recommends for crypto-policies
- Use OpenSSL implementation for KDF, DH, and signatures.
- Detect FIPS mode and use only allowed algorithms
- Run client and server tests during build
* Mon Feb 25 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.7-1 * Mon Feb 25 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.7-1
- Update to version 0.8.7 - Update to version 0.8.7
https://www.libssh.org/2019/02/25/libssh-0-8-7/ https://www.libssh.org/2019/02/25/libssh-0-8-7/

4
libssh_client.config Normal file
View File

@ -0,0 +1,4 @@
# Parse system-wide crypto configuration file
Include /etc/crypto-policies/back-ends/libssh.config
# Parse OpenSSH configuration file for consistency
Include /etc/ssh/ssh_config

4
libssh_server.config Normal file
View File

@ -0,0 +1,4 @@
# Parse system-wide crypto configuration file
Include /etc/crypto-policies/back-ends/libssh.config
# Parse OpenSSH configuration file for consistency
Include /etc/ssh/sshd_config

View File

@ -1,2 +1,3 @@
SHA512 (libssh-0.8.7.tar.xz) = 13c3dccad81d521edf29c8a5e2c5f7fdd90507a0eda652b2b040a0a17bab88860873e089a46e181907ea3f449ca1847b1c84453b1960f456e391eefe5be983c5 SHA512 (libssh-0.8.91.tar.xz) = 1c3dd621208bce94ccec19e3530235617e58b02fabf7465fd6bae6db64e911b159b516ab1ce3b66397a7f44c8a271a8357348ee19f01ae981c9e1ab33e6f600e
SHA512 (libssh-0.8.7.tar.xz.asc) = c7c33fba67216d429269d8fe0353eb85e0e4bc6848d006cb349720ecf7bf1699da495098b0d5441aaef057fe0fda0c5cb0cf95d3834f5ef7e57de90919793b3f SHA512 (libssh_client.config) = b04fbfda339c4e53df8dd12cc89d4b92bdc94dd79af5799af2e675216fcd071f99bb12e5aed4b5e9848d93faf0e8407019def189eabbeef31a3c20ec799a6868
SHA512 (libssh_server.config) = 30cd80669701ff4a7960a193fb141f850cea74c3bdadaec0f63633ff151d8b05430451307237cb88d2eb20000737091a191b06ea62754a2664a8717a11f9a420