import libssh-0.9.0-4.el8

This commit is contained in:
CentOS Sources 2019-11-05 16:29:41 -05:00 committed by Andrew Lukoshko
parent eeae263f83
commit 7b9615ff7f
14 changed files with 1447 additions and 242 deletions

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/libssh-0.8.5.tar.xz SOURCES/libssh-0.9.0.tar.xz
SOURCES/libssh.keyring SOURCES/libssh.keyring

View File

@ -1,2 +1,2 @@
b5564774f986e396a7288a593595455bf10d9ce8 SOURCES/libssh-0.8.5.tar.xz 570bffef68af6c1211673bc9a8036c9265935b2b SOURCES/libssh-0.9.0.tar.xz
3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring 3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring

View File

@ -1,39 +0,0 @@
From e6e8335847d4870c99c07f511b4a24ae9e053326 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 15 Nov 2018 11:03:56 +0100
Subject: [PATCH] packet: Adjust the packet filter to allow client-initialized
rekey
If the rekey is initialized by client, it sends the first KEXINIT
message, changes to the INIT_SENT state and waits for the KEXINIT
message from the server. This was not covered in the current filter.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Daiki Ueno <dueno@redhat.com>
---
src/packet.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/packet.c b/src/packet.c
index 9b7b9b8f..86314961 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -292,6 +292,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
* - session_state == SSH_SESSION_STATE_AUTHENTICATED
* or session_state == SSH_SESSION_STATE_INITIAL_KEX
* - dh_handshake_state == DH_STATE_INIT
+ * or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
* or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
*
* Transitions:
@@ -310,6 +311,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
}
if ((session->dh_handshake_state != DH_STATE_INIT) &&
+ (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
(session->dh_handshake_state != DH_STATE_FINISHED))
{
rc = SSH_PACKET_DENIED;
--
2.19.1

View File

@ -1,92 +0,0 @@
From a6e055c42b34ec50f55606312b09ec2e14990416 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Fri, 7 Dec 2018 18:19:33 +0100
Subject: [PATCH] packet: Allow SSH2_MSG_EXT_INFO when authenticated
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This
message was being filtered out by the packet filtering. This includes a
test to enforce the filtering rules for this packet type.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit fe309ba43fb904da4385fc40a338ecc7482f8388)
---
src/packet.c | 6 ++++-
tests/unittests/torture_packet_filter.c | 31 +++++++++++++++++++++++++
2 files changed, 36 insertions(+), 1 deletion(-)
diff --git a/src/packet.c b/src/packet.c
index 72e3c096..61a44237 100644
--- a/src/packet.c
+++ b/src/packet.c
@@ -263,13 +263,17 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
/*
* States required:
* - session_state == SSH_SESSION_STATE_AUTHENTICATING
+ * or session->session_state == SSH_SESSION_STATE_AUTHENTICATED
+ * (re-exchange)
* - dh_handshake_state == DH_STATE_FINISHED
*
* Transitions:
* - None
* */
- if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
+ if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATING) &&
+ (session->session_state != SSH_SESSION_STATE_AUTHENTICATED))
+ {
rc = SSH_PACKET_DENIED;
break;
}
diff --git a/tests/unittests/torture_packet_filter.c b/tests/unittests/torture_packet_filter.c
index 72cbc4cd..44ee3598 100644
--- a/tests/unittests/torture_packet_filter.c
+++ b/tests/unittests/torture_packet_filter.c
@@ -462,6 +462,36 @@ static void torture_packet_filter_check_auth_success(void **state)
assert_int_equal(rc, 0);
}
+static void torture_packet_filter_check_msg_ext_info(void **state)
+{
+ int rc;
+
+ global_state accepted[] = {
+ {
+ .flags = (COMPARE_SESSION_STATE |
+ COMPARE_DH_STATE),
+ .session = SSH_SESSION_STATE_AUTHENTICATING,
+ .dh = DH_STATE_FINISHED,
+ },
+ {
+ .flags = (COMPARE_SESSION_STATE |
+ COMPARE_DH_STATE),
+ .session = SSH_SESSION_STATE_AUTHENTICATED,
+ .dh = DH_STATE_FINISHED,
+ },
+ };
+
+ int accepted_count = 2;
+
+ /* Unused */
+ (void) state;
+
+ rc = check_message_in_all_states(accepted, accepted_count,
+ SSH2_MSG_EXT_INFO);
+
+ assert_int_equal(rc, 0);
+}
+
static void torture_packet_filter_check_channel_open(void **state)
{
int rc;
@@ -492,6 +522,7 @@ int torture_run_tests(void)
cmocka_unit_test(torture_packet_filter_check_auth_success),
cmocka_unit_test(torture_packet_filter_check_channel_open),
cmocka_unit_test(torture_packet_filter_check_unfiltered),
+ cmocka_unit_test(torture_packet_filter_check_msg_ext_info)
};
ssh_init();
--
2.19.1

View File

@ -1,47 +0,0 @@
From 7f1d30de47d67c03cf895f0d4d4e68daf9d396c5 Mon Sep 17 00:00:00 2001
From: Sanne Raymaekers <sraymaek@redhat.com>
Date: Fri, 26 Oct 2018 14:58:34 +0200
Subject: [PATCH] tests: Ensure the ssh session fd is read-/writeable in
torture_proxycommand
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 03c30e9c8ad34b3fa659a70e474a9b8cb248f85b)
(cherry picked from commit 3de34944ad11bf4e22fc981562f32cb4b3b90ba9)
---
tests/client/torture_proxycommand.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c
index ea1e1838..9608e663 100644
--- a/tests/client/torture_proxycommand.c
+++ b/tests/client/torture_proxycommand.c
@@ -9,6 +9,7 @@
#include <sys/types.h>
#include <pwd.h>
#include <errno.h>
+#include <fcntl.h>
static int sshd_setup(void **state)
{
@@ -61,11 +62,16 @@ static void torture_options_set_proxycommand(void **state) {
struct torture_state *s = *state;
ssh_session session = s->ssh.session;
int rc;
+ socket_t fd;
rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, "nc 127.0.0.10 22");
assert_int_equal(rc, 0);
rc = ssh_connect(session);
assert_ssh_return_code(session, rc);
+ fd = ssh_get_fd(session);
+ assert_true(fd != SSH_INVALID_SOCKET);
+ rc = fcntl(fd, F_GETFL);
+ assert_int_equal(rc & O_RDWR, O_RDWR);
}
static void torture_options_set_proxycommand_notexist(void **state) {
--
2.19.1

View File

@ -1,37 +0,0 @@
From bed645ed5fca3ff776fd1997ec9d5c6b9065a7eb Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Tue, 30 Oct 2018 13:55:30 +0100
Subject: [PATCH] knownhosts: Make sure we have both knownhosts files ready
If either one is missing at this point, fill it with default vaules in
ssh_options_apply().
Previously, when setting up only knownhosts, global_knownhosts file
was left pointing to NULL and the ssh_known_hosts_read_entries()
was trying to open NULL file which is invalid.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 5159cd96e8b61c9f8f96786f70cf23167980b621)
(cherry picked from commit a4b99eedf2f0f993f10c31d9bea0f1ad9fa7737e)
---
src/knownhosts.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/knownhosts.c b/src/knownhosts.c
index 23902a5f..546619aa 100644
--- a/src/knownhosts.c
+++ b/src/knownhosts.c
@@ -306,7 +306,8 @@ struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session)
int list_error = 0;
int rc;
- if (session->opts.knownhosts == NULL) {
+ if (session->opts.knownhosts == NULL ||
+ session->opts.global_knownhosts == NULL) {
if (ssh_options_apply(session) < 0) {
ssh_set_error(session,
SSH_REQUEST_DENIED,
--
2.19.1

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAlvW3ZEACgkQfuD8TcwB
Tj0mPw/9HZty2xOzKekX8+cedyZbW2lAoG9YNVxgTvQ2+98+TBH6M8qr5EryuH/q
mAFq/TJOrM3yccr1kJXFOm6QBw0xMTpWcosXjKmZxvJwW6iFEP33shVDkZGJWwmM
bzr165NTdRMJiaBfk47j0e1H2U9MHyV7wKmb79+bFtMDhiJYmXR1Oxa1SjjeG42c
XmrcH559kZ1mKmai6jKwTRUKGu3RLdWrXQIobCrdQM8FYrbSx5luZtDjdfXTRRtv
K96alBYxuey1nsZVei1y2hJlLLLVqao997Q7iMI63+/IJpYTmEPciDnTDDu767X6
rCXSuWbxcwk77zrt/dh7WJBOyLwh4aCFsSixBsONj4otwmFHNm/FAxV991ewcvQB
NMHPh3DcYLfoY/aUzwf160SfZu56mdVnFPLOnPUw3ARcPdgJG4OzqP9Jmz4Us+dS
ImZTduM62/+Af+LrODtRBRYJRSn38eBVVBYT01WsDSvvR2LaTn3gVAtY2m3Dr6wA
6sdMmYbn2zM+MNFE1+qlsaKmF+WmyCrBKBojBB+wh5G+dStJ7KGzlXjxNQudvWeA
VMlERLZYNBjSH1/XBH6VTnOl2xhExPv4eCUTVCXhlYUFEWjRunoxEed+b7r45iiu
+nRT+OfQZ8RFOLkFYxhB8iQNZAZ6T46ALSxo3V8PVEPDHZWdPTU=
=7iiz
-----END PGP SIGNATURE-----

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,67 @@
--- a/tests/torture.c 2019-06-28 14:01:52.936462964 +0200
+++ b/tests/torture.c 2019-06-28 14:03:52.324325029 +0200
@@ -854,7 +854,7 @@
s = *state;
snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
- "/usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
s->srv_config, s->socket_dir, s->socket_dir);
rc = system(sshd_start_cmd);
@@ -864,7 +864,7 @@
unsetenv("PAM_WRAPPER");
/* Wait until the sshd is ready to accept connections */
- rc = torture_wait_for_daemon(5);
+ rc = torture_wait_for_daemon(10);
assert_int_equal(rc, 0);
}
@@ -904,27 +904,32 @@
torture_reload_sshd_server(void **state)
{
struct torture_state *s = *state;
- pid_t pid;
+ char sshd_start_cmd[1024];
int rc;
- /* read the pidfile */
- pid = torture_read_pidfile(s->srv_pidfile);
- assert_int_not_equal(pid, -1);
+ rc = torture_terminate_process(s->srv_pidfile);
+ if (rc != 0) {
+ fprintf(stderr, "XXXXXX Failed to terminate sshd\n");
+ }
- kill(pid, SIGHUP);
+ usleep(100 * 1000);
- /* 10 ms */
- usleep(10 * 1000);
+ /* Set the default interface for the server */
+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
+ setenv("PAM_WRAPPER", "1", 1);
- rc = kill(pid, 0);
- if (rc != 0) {
- fprintf(stderr,
- "ERROR: SSHD process %u died during reload!\n", pid);
- return SSH_ERROR;
- }
+ snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
+ s->srv_config, s->socket_dir, s->socket_dir);
+
+ rc = system(sshd_start_cmd);
+ assert_return_code(rc, errno);
+
+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
+ unsetenv("PAM_WRAPPER");
/* Wait until the sshd is ready to accept connections */
- rc = torture_wait_for_daemon(5);
+ rc = torture_wait_for_daemon(10);
assert_int_equal(rc, 0);
return SSH_OK;
}

View File

@ -0,0 +1,59 @@
From bf2ed2ca929e5e12279f85c930f8fbb452ada888 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Tue, 30 Jul 2019 18:22:30 +0200
Subject: [PATCH] tests: Skip testing 1024 bits key generation in FIPS mode
In torture_threads_pki_rsa, skip the test which generates 1024 bits RSA
key pair when in FIPS mode.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
tests/unittests/torture_threads_pki_rsa.c | 28 ++++++++++++-----------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git a/tests/unittests/torture_threads_pki_rsa.c b/tests/unittests/torture_threads_pki_rsa.c
index 5a841ee9..03d526cd 100644
--- a/tests/unittests/torture_threads_pki_rsa.c
+++ b/tests/unittests/torture_threads_pki_rsa.c
@@ -571,23 +571,25 @@ static void *thread_pki_rsa_generate_key(void *threadid)
session = ssh_new();
assert_non_null(session);
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
- assert_ssh_return_code(session, rc);
- assert_non_null(key);
+ if (!ssh_fips_mode()) {
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
+ assert_ssh_return_code(session, rc);
+ assert_non_null(key);
- rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
- assert_int_equal(rc, SSH_OK);
- assert_non_null(pubkey);
+ rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
+ assert_int_equal(rc, SSH_OK);
+ assert_non_null(pubkey);
- sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
- assert_non_null(sign);
+ sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
+ assert_non_null(sign);
- rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
- assert_ssh_return_code(session, rc);
+ rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
+ assert_ssh_return_code(session, rc);
- ssh_signature_free(sign);
- SSH_KEY_FREE(key);
- SSH_KEY_FREE(pubkey);
+ ssh_signature_free(sign);
+ SSH_KEY_FREE(key);
+ SSH_KEY_FREE(pubkey);
+ }
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
assert_ssh_return_code(session, rc);
--
2.21.0

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl0VtfEACgkQfuD8TcwB
Tj0cthAApYglGlE2+f06uKvPUc8LvzVkRFJA5ycm7uMddrMbSJ+ElScEu1a6q/qV
xPK3w49WdDpbYcz3s/GtdhGkSTye49Zav2PJzDFWvac+PoXVOwt7C5JzlPSq7kfa
0i6k1/7YSiPcFCo7467v2fpg0t80OHgS+Tbc1mwI0KtRzPA2pjqHsnu+RVNc6EA1
paUf1QMhjPFIQwcqJcQGAHZBqpx4JBspzBpC7wDxQKFh5FfMbVOxPG3qvgeOYDqd
cbfsJkdOJQ0rAxyNBB6xbz8XktJyK4Bjg5eT9GEz+zpsjh8jtfJMhNEemaBLXkug
+4wb4DU2uhEuOoOFh0YOgLcRLm2INNhVSTcizasmA8X1YcvAUmKB7fUMuYwOQOPZ
bsSkJ8kg7v76Y8w/pUger99pVYg0iiLi9KI6a2t7qTSibZewv38IV6eSJqORnZja
SLeswZUAAtHK/nTf7ohZ8Blnhx3UE5M6vyuli+KMmHAxTOzHhyWJvYDYJ2oJ7+tR
N49U1O77VE0WYY7HoyEXYkvSwWLb+MYK6ueaJTVBEbq7ZdpzQBQtPLoyCXUdQwZ2
DyZaaZnhkn9FYvsJp/twHra3XlQ359EXdMwflISaKgFUpfaluLIu1xRGrYH4XPNm
FHZRPCj34PY1uDOKHXiRl/xUdaR4CSIKPgofhxzy/mLZepJR9vU=
=xGD9
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,4 @@
# Parse system-wide crypto configuration file
Include /etc/crypto-policies/back-ends/libssh.config
# Parse OpenSSH configuration file for consistency
Include /etc/ssh/ssh_config

View File

@ -0,0 +1,4 @@
# Parse system-wide crypto configuration file
Include /etc/crypto-policies/back-ends/libssh.config
# Parse OpenSSH configuration file for consistency
Include /etc/ssh/sshd_config

View File

@ -1,18 +1,19 @@
Name: libssh Name: libssh
Version: 0.8.5 Version: 0.9.0
Release: 2%{?dist} Release: 4%{?dist}
Summary: A library implementing the SSH protocol Summary: A library implementing the SSH protocol
License: LGPLv2+ License: LGPLv2+
URL: http://www.libssh.org URL: http://www.libssh.org
Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz Source0: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc Source1: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
Source3: libssh_client.config
Source4: libssh_server.config
Patch1: libssh-0.8.5-make-sure-both-known-hosts-ready.patch Patch0: libssh-0.9.0-run-sshd-confined.patch
Patch2: libssh-0.8.5-ensure-ssh-session-fd-writable.patch Patch1: libssh-0.9.0-do-not-ignore-known-hosts-keys.patch
Patch3: libssh-0.8.5-allow-msg-ext-info.patch Patch2: libssh-0.9.0-skip-1k-rsa-key-generation-test.patch
Patch4: libssh-0.8.5-allow-kex-init.patch
BuildRequires: cmake BuildRequires: cmake
BuildRequires: doxygen BuildRequires: doxygen
@ -24,6 +25,9 @@ BuildRequires: zlib-devel
BuildRequires: krb5-devel BuildRequires: krb5-devel
BuildRequires: libcmocka-devel BuildRequires: libcmocka-devel
Requires: crypto-policies
Requires: %{name}-config = %{version}-%{release}
%ifarch aarch64 ppc64 ppc64le s390x x86_64 %ifarch aarch64 ppc64 ppc64le s390x x86_64
Provides: libssh_threads.so()(64bit) Provides: libssh_threads.so()(64bit)
Provides: libssh_threads.so.4()(64bit) Provides: libssh_threads.so.4()(64bit)
@ -48,6 +52,14 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
The %{name}-devel package contains libraries and header files for developing The %{name}-devel package contains libraries and header files for developing
applications that use %{name}. applications that use %{name}.
%package config
Summary: Configuration files for %{name}
BuildArch: noarch
Obsoletes: %{name} < 0.9.0-1
%description config
The %{name}-config package provides the default configuration files for %{name}.
%prep %prep
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -p1 %autosetup -p1
@ -59,7 +71,10 @@ fi
pushd obj pushd obj
%cmake .. \ %cmake .. \
-DUNIT_TESTING=ON -DUNIT_TESTING=ON \
-DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
-DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
%make_build VERBOSE=1 %make_build VERBOSE=1
make docs make docs
@ -68,6 +83,9 @@ popd
%install %install
make DESTDIR=%{buildroot} install/fast -C obj make DESTDIR=%{buildroot} install/fast -C obj
install -d -m755 %{buildroot}%{_sysconfdir}/libssh
install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config
install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
# #
# Workaround for the removal of libssh_threads.so # Workaround for the removal of libssh_threads.so
@ -109,7 +127,35 @@ popd
%{_libdir}/pkgconfig/libssh.pc %{_libdir}/pkgconfig/libssh.pc
%{_libdir}/libssh.so %{_libdir}/libssh.so
%files config
%attr(0755,root,root) %dir %{_sysconfdir}/libssh
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_client.config
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
%changelog %changelog
* Mon Aug 05 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-4
- Skip 1024 bits RSA key generation test in FIPS mode (#1734485)
* Thu Jul 11 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-3
- Add Obsoletes in libssh-config to avoid conflict with old libssh which
installed the configuration files.
* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-2
- Eliminate circular dependency with libssh-config subpackage
* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-1
- Update to version 0.9.0
https://www.libssh.org/2019/06/28/libssh-0-9-0/
- Added explicit Requires for crypto-policies
- Do not ignore known_hosts keys when SSH_OPTIONS_HOSTKEYS is set
- Provide the configuration files in a separate libssh-config subpackage
* Mon Jun 17 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.91-0.1
- Update to 0.9.0 pre release version (0.8.91)
- Added default configuration files for client and server
- Removed unused patch files left behind
- Fixed issues found to run upstream test suite with SELinux
* Fri Dec 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-2 * Fri Dec 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-2
- Fix more regressions introduced by the fixes for CVE-2018-10933 - Fix more regressions introduced by the fixes for CVE-2018-10933