import libssh-0.9.0-4.el8
This commit is contained in:
parent
eeae263f83
commit
7b9615ff7f
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/libssh-0.8.5.tar.xz
|
SOURCES/libssh-0.9.0.tar.xz
|
||||||
SOURCES/libssh.keyring
|
SOURCES/libssh.keyring
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
b5564774f986e396a7288a593595455bf10d9ce8 SOURCES/libssh-0.8.5.tar.xz
|
570bffef68af6c1211673bc9a8036c9265935b2b SOURCES/libssh-0.9.0.tar.xz
|
||||||
3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring
|
3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring
|
||||||
|
@ -1,39 +0,0 @@
|
|||||||
From e6e8335847d4870c99c07f511b4a24ae9e053326 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Thu, 15 Nov 2018 11:03:56 +0100
|
|
||||||
Subject: [PATCH] packet: Adjust the packet filter to allow client-initialized
|
|
||||||
rekey
|
|
||||||
|
|
||||||
If the rekey is initialized by client, it sends the first KEXINIT
|
|
||||||
message, changes to the INIT_SENT state and waits for the KEXINIT
|
|
||||||
message from the server. This was not covered in the current filter.
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Reviewed-by: Daiki Ueno <dueno@redhat.com>
|
|
||||||
---
|
|
||||||
src/packet.c | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/packet.c b/src/packet.c
|
|
||||||
index 9b7b9b8f..86314961 100644
|
|
||||||
--- a/src/packet.c
|
|
||||||
+++ b/src/packet.c
|
|
||||||
@@ -292,6 +292,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
|
|
||||||
* - session_state == SSH_SESSION_STATE_AUTHENTICATED
|
|
||||||
* or session_state == SSH_SESSION_STATE_INITIAL_KEX
|
|
||||||
* - dh_handshake_state == DH_STATE_INIT
|
|
||||||
+ * or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
|
|
||||||
* or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
|
|
||||||
*
|
|
||||||
* Transitions:
|
|
||||||
@@ -310,6 +311,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
|
|
||||||
}
|
|
||||||
|
|
||||||
if ((session->dh_handshake_state != DH_STATE_INIT) &&
|
|
||||||
+ (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
|
|
||||||
(session->dh_handshake_state != DH_STATE_FINISHED))
|
|
||||||
{
|
|
||||||
rc = SSH_PACKET_DENIED;
|
|
||||||
--
|
|
||||||
2.19.1
|
|
||||||
|
|
@ -1,92 +0,0 @@
|
|||||||
From a6e055c42b34ec50f55606312b09ec2e14990416 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
||||||
Date: Fri, 7 Dec 2018 18:19:33 +0100
|
|
||||||
Subject: [PATCH] packet: Allow SSH2_MSG_EXT_INFO when authenticated
|
|
||||||
|
|
||||||
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This
|
|
||||||
message was being filtered out by the packet filtering. This includes a
|
|
||||||
test to enforce the filtering rules for this packet type.
|
|
||||||
|
|
||||||
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
||||||
(cherry picked from commit fe309ba43fb904da4385fc40a338ecc7482f8388)
|
|
||||||
---
|
|
||||||
src/packet.c | 6 ++++-
|
|
||||||
tests/unittests/torture_packet_filter.c | 31 +++++++++++++++++++++++++
|
|
||||||
2 files changed, 36 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/packet.c b/src/packet.c
|
|
||||||
index 72e3c096..61a44237 100644
|
|
||||||
--- a/src/packet.c
|
|
||||||
+++ b/src/packet.c
|
|
||||||
@@ -263,13 +263,17 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
|
|
||||||
/*
|
|
||||||
* States required:
|
|
||||||
* - session_state == SSH_SESSION_STATE_AUTHENTICATING
|
|
||||||
+ * or session->session_state == SSH_SESSION_STATE_AUTHENTICATED
|
|
||||||
+ * (re-exchange)
|
|
||||||
* - dh_handshake_state == DH_STATE_FINISHED
|
|
||||||
*
|
|
||||||
* Transitions:
|
|
||||||
* - None
|
|
||||||
* */
|
|
||||||
|
|
||||||
- if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
|
|
||||||
+ if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATING) &&
|
|
||||||
+ (session->session_state != SSH_SESSION_STATE_AUTHENTICATED))
|
|
||||||
+ {
|
|
||||||
rc = SSH_PACKET_DENIED;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
diff --git a/tests/unittests/torture_packet_filter.c b/tests/unittests/torture_packet_filter.c
|
|
||||||
index 72cbc4cd..44ee3598 100644
|
|
||||||
--- a/tests/unittests/torture_packet_filter.c
|
|
||||||
+++ b/tests/unittests/torture_packet_filter.c
|
|
||||||
@@ -462,6 +462,36 @@ static void torture_packet_filter_check_auth_success(void **state)
|
|
||||||
assert_int_equal(rc, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static void torture_packet_filter_check_msg_ext_info(void **state)
|
|
||||||
+{
|
|
||||||
+ int rc;
|
|
||||||
+
|
|
||||||
+ global_state accepted[] = {
|
|
||||||
+ {
|
|
||||||
+ .flags = (COMPARE_SESSION_STATE |
|
|
||||||
+ COMPARE_DH_STATE),
|
|
||||||
+ .session = SSH_SESSION_STATE_AUTHENTICATING,
|
|
||||||
+ .dh = DH_STATE_FINISHED,
|
|
||||||
+ },
|
|
||||||
+ {
|
|
||||||
+ .flags = (COMPARE_SESSION_STATE |
|
|
||||||
+ COMPARE_DH_STATE),
|
|
||||||
+ .session = SSH_SESSION_STATE_AUTHENTICATED,
|
|
||||||
+ .dh = DH_STATE_FINISHED,
|
|
||||||
+ },
|
|
||||||
+ };
|
|
||||||
+
|
|
||||||
+ int accepted_count = 2;
|
|
||||||
+
|
|
||||||
+ /* Unused */
|
|
||||||
+ (void) state;
|
|
||||||
+
|
|
||||||
+ rc = check_message_in_all_states(accepted, accepted_count,
|
|
||||||
+ SSH2_MSG_EXT_INFO);
|
|
||||||
+
|
|
||||||
+ assert_int_equal(rc, 0);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
static void torture_packet_filter_check_channel_open(void **state)
|
|
||||||
{
|
|
||||||
int rc;
|
|
||||||
@@ -492,6 +522,7 @@ int torture_run_tests(void)
|
|
||||||
cmocka_unit_test(torture_packet_filter_check_auth_success),
|
|
||||||
cmocka_unit_test(torture_packet_filter_check_channel_open),
|
|
||||||
cmocka_unit_test(torture_packet_filter_check_unfiltered),
|
|
||||||
+ cmocka_unit_test(torture_packet_filter_check_msg_ext_info)
|
|
||||||
};
|
|
||||||
|
|
||||||
ssh_init();
|
|
||||||
--
|
|
||||||
2.19.1
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
|||||||
From 7f1d30de47d67c03cf895f0d4d4e68daf9d396c5 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sanne Raymaekers <sraymaek@redhat.com>
|
|
||||||
Date: Fri, 26 Oct 2018 14:58:34 +0200
|
|
||||||
Subject: [PATCH] tests: Ensure the ssh session fd is read-/writeable in
|
|
||||||
torture_proxycommand
|
|
||||||
|
|
||||||
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
||||||
(cherry picked from commit 03c30e9c8ad34b3fa659a70e474a9b8cb248f85b)
|
|
||||||
(cherry picked from commit 3de34944ad11bf4e22fc981562f32cb4b3b90ba9)
|
|
||||||
---
|
|
||||||
tests/client/torture_proxycommand.c | 6 ++++++
|
|
||||||
1 file changed, 6 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c
|
|
||||||
index ea1e1838..9608e663 100644
|
|
||||||
--- a/tests/client/torture_proxycommand.c
|
|
||||||
+++ b/tests/client/torture_proxycommand.c
|
|
||||||
@@ -9,6 +9,7 @@
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <pwd.h>
|
|
||||||
#include <errno.h>
|
|
||||||
+#include <fcntl.h>
|
|
||||||
|
|
||||||
static int sshd_setup(void **state)
|
|
||||||
{
|
|
||||||
@@ -61,11 +62,16 @@ static void torture_options_set_proxycommand(void **state) {
|
|
||||||
struct torture_state *s = *state;
|
|
||||||
ssh_session session = s->ssh.session;
|
|
||||||
int rc;
|
|
||||||
+ socket_t fd;
|
|
||||||
|
|
||||||
rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, "nc 127.0.0.10 22");
|
|
||||||
assert_int_equal(rc, 0);
|
|
||||||
rc = ssh_connect(session);
|
|
||||||
assert_ssh_return_code(session, rc);
|
|
||||||
+ fd = ssh_get_fd(session);
|
|
||||||
+ assert_true(fd != SSH_INVALID_SOCKET);
|
|
||||||
+ rc = fcntl(fd, F_GETFL);
|
|
||||||
+ assert_int_equal(rc & O_RDWR, O_RDWR);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void torture_options_set_proxycommand_notexist(void **state) {
|
|
||||||
--
|
|
||||||
2.19.1
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
|||||||
From bed645ed5fca3ff776fd1997ec9d5c6b9065a7eb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Date: Tue, 30 Oct 2018 13:55:30 +0100
|
|
||||||
Subject: [PATCH] knownhosts: Make sure we have both knownhosts files ready
|
|
||||||
|
|
||||||
If either one is missing at this point, fill it with default vaules in
|
|
||||||
ssh_options_apply().
|
|
||||||
|
|
||||||
Previously, when setting up only knownhosts, global_knownhosts file
|
|
||||||
was left pointing to NULL and the ssh_known_hosts_read_entries()
|
|
||||||
was trying to open NULL file which is invalid.
|
|
||||||
|
|
||||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
|
||||||
(cherry picked from commit 5159cd96e8b61c9f8f96786f70cf23167980b621)
|
|
||||||
(cherry picked from commit a4b99eedf2f0f993f10c31d9bea0f1ad9fa7737e)
|
|
||||||
---
|
|
||||||
src/knownhosts.c | 3 ++-
|
|
||||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/knownhosts.c b/src/knownhosts.c
|
|
||||||
index 23902a5f..546619aa 100644
|
|
||||||
--- a/src/knownhosts.c
|
|
||||||
+++ b/src/knownhosts.c
|
|
||||||
@@ -306,7 +306,8 @@ struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session)
|
|
||||||
int list_error = 0;
|
|
||||||
int rc;
|
|
||||||
|
|
||||||
- if (session->opts.knownhosts == NULL) {
|
|
||||||
+ if (session->opts.knownhosts == NULL ||
|
|
||||||
+ session->opts.global_knownhosts == NULL) {
|
|
||||||
if (ssh_options_apply(session) < 0) {
|
|
||||||
ssh_set_error(session,
|
|
||||||
SSH_REQUEST_DENIED,
|
|
||||||
--
|
|
||||||
2.19.1
|
|
||||||
|
|
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAlvW3ZEACgkQfuD8TcwB
|
|
||||||
Tj0mPw/9HZty2xOzKekX8+cedyZbW2lAoG9YNVxgTvQ2+98+TBH6M8qr5EryuH/q
|
|
||||||
mAFq/TJOrM3yccr1kJXFOm6QBw0xMTpWcosXjKmZxvJwW6iFEP33shVDkZGJWwmM
|
|
||||||
bzr165NTdRMJiaBfk47j0e1H2U9MHyV7wKmb79+bFtMDhiJYmXR1Oxa1SjjeG42c
|
|
||||||
XmrcH559kZ1mKmai6jKwTRUKGu3RLdWrXQIobCrdQM8FYrbSx5luZtDjdfXTRRtv
|
|
||||||
K96alBYxuey1nsZVei1y2hJlLLLVqao997Q7iMI63+/IJpYTmEPciDnTDDu767X6
|
|
||||||
rCXSuWbxcwk77zrt/dh7WJBOyLwh4aCFsSixBsONj4otwmFHNm/FAxV991ewcvQB
|
|
||||||
NMHPh3DcYLfoY/aUzwf160SfZu56mdVnFPLOnPUw3ARcPdgJG4OzqP9Jmz4Us+dS
|
|
||||||
ImZTduM62/+Af+LrODtRBRYJRSn38eBVVBYT01WsDSvvR2LaTn3gVAtY2m3Dr6wA
|
|
||||||
6sdMmYbn2zM+MNFE1+qlsaKmF+WmyCrBKBojBB+wh5G+dStJ7KGzlXjxNQudvWeA
|
|
||||||
VMlERLZYNBjSH1/XBH6VTnOl2xhExPv4eCUTVCXhlYUFEWjRunoxEed+b7r45iiu
|
|
||||||
+nRT+OfQZ8RFOLkFYxhB8iQNZAZ6T46ALSxo3V8PVEPDHZWdPTU=
|
|
||||||
=7iiz
|
|
||||||
-----END PGP SIGNATURE-----
|
|
1240
SOURCES/libssh-0.9.0-do-not-ignore-known-hosts-keys.patch
Normal file
1240
SOURCES/libssh-0.9.0-do-not-ignore-known-hosts-keys.patch
Normal file
File diff suppressed because it is too large
Load Diff
67
SOURCES/libssh-0.9.0-run-sshd-confined.patch
Normal file
67
SOURCES/libssh-0.9.0-run-sshd-confined.patch
Normal file
@ -0,0 +1,67 @@
|
|||||||
|
--- a/tests/torture.c 2019-06-28 14:01:52.936462964 +0200
|
||||||
|
+++ b/tests/torture.c 2019-06-28 14:03:52.324325029 +0200
|
||||||
|
@@ -854,7 +854,7 @@
|
||||||
|
s = *state;
|
||||||
|
|
||||||
|
snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
|
||||||
|
- "/usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
|
||||||
|
+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
|
||||||
|
s->srv_config, s->socket_dir, s->socket_dir);
|
||||||
|
|
||||||
|
rc = system(sshd_start_cmd);
|
||||||
|
@@ -864,7 +864,7 @@
|
||||||
|
unsetenv("PAM_WRAPPER");
|
||||||
|
|
||||||
|
/* Wait until the sshd is ready to accept connections */
|
||||||
|
- rc = torture_wait_for_daemon(5);
|
||||||
|
+ rc = torture_wait_for_daemon(10);
|
||||||
|
assert_int_equal(rc, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -904,27 +904,32 @@
|
||||||
|
torture_reload_sshd_server(void **state)
|
||||||
|
{
|
||||||
|
struct torture_state *s = *state;
|
||||||
|
- pid_t pid;
|
||||||
|
+ char sshd_start_cmd[1024];
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
- /* read the pidfile */
|
||||||
|
- pid = torture_read_pidfile(s->srv_pidfile);
|
||||||
|
- assert_int_not_equal(pid, -1);
|
||||||
|
+ rc = torture_terminate_process(s->srv_pidfile);
|
||||||
|
+ if (rc != 0) {
|
||||||
|
+ fprintf(stderr, "XXXXXX Failed to terminate sshd\n");
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- kill(pid, SIGHUP);
|
||||||
|
+ usleep(100 * 1000);
|
||||||
|
|
||||||
|
- /* 10 ms */
|
||||||
|
- usleep(10 * 1000);
|
||||||
|
+ /* Set the default interface for the server */
|
||||||
|
+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "10", 1);
|
||||||
|
+ setenv("PAM_WRAPPER", "1", 1);
|
||||||
|
|
||||||
|
- rc = kill(pid, 0);
|
||||||
|
- if (rc != 0) {
|
||||||
|
- fprintf(stderr,
|
||||||
|
- "ERROR: SSHD process %u died during reload!\n", pid);
|
||||||
|
- return SSH_ERROR;
|
||||||
|
- }
|
||||||
|
+ snprintf(sshd_start_cmd, sizeof(sshd_start_cmd),
|
||||||
|
+ "runcon -t sshd_t -u system_u -r system_r /usr/sbin/sshd -r -f %s -E %s/sshd/daemon.log 2> %s/sshd/cwrap.log",
|
||||||
|
+ s->srv_config, s->socket_dir, s->socket_dir);
|
||||||
|
+
|
||||||
|
+ rc = system(sshd_start_cmd);
|
||||||
|
+ assert_return_code(rc, errno);
|
||||||
|
+
|
||||||
|
+ setenv("SOCKET_WRAPPER_DEFAULT_IFACE", "21", 1);
|
||||||
|
+ unsetenv("PAM_WRAPPER");
|
||||||
|
|
||||||
|
/* Wait until the sshd is ready to accept connections */
|
||||||
|
- rc = torture_wait_for_daemon(5);
|
||||||
|
+ rc = torture_wait_for_daemon(10);
|
||||||
|
assert_int_equal(rc, 0);
|
||||||
|
return SSH_OK;
|
||||||
|
}
|
59
SOURCES/libssh-0.9.0-skip-1k-rsa-key-generation-test.patch
Normal file
59
SOURCES/libssh-0.9.0-skip-1k-rsa-key-generation-test.patch
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
From bf2ed2ca929e5e12279f85c930f8fbb452ada888 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||||
|
Date: Tue, 30 Jul 2019 18:22:30 +0200
|
||||||
|
Subject: [PATCH] tests: Skip testing 1024 bits key generation in FIPS mode
|
||||||
|
|
||||||
|
In torture_threads_pki_rsa, skip the test which generates 1024 bits RSA
|
||||||
|
key pair when in FIPS mode.
|
||||||
|
|
||||||
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||||
|
---
|
||||||
|
tests/unittests/torture_threads_pki_rsa.c | 28 ++++++++++++-----------
|
||||||
|
1 file changed, 15 insertions(+), 13 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/tests/unittests/torture_threads_pki_rsa.c b/tests/unittests/torture_threads_pki_rsa.c
|
||||||
|
index 5a841ee9..03d526cd 100644
|
||||||
|
--- a/tests/unittests/torture_threads_pki_rsa.c
|
||||||
|
+++ b/tests/unittests/torture_threads_pki_rsa.c
|
||||||
|
@@ -571,23 +571,25 @@ static void *thread_pki_rsa_generate_key(void *threadid)
|
||||||
|
session = ssh_new();
|
||||||
|
assert_non_null(session);
|
||||||
|
|
||||||
|
- rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
|
||||||
|
- assert_ssh_return_code(session, rc);
|
||||||
|
- assert_non_null(key);
|
||||||
|
+ if (!ssh_fips_mode()) {
|
||||||
|
+ rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 1024, &key);
|
||||||
|
+ assert_ssh_return_code(session, rc);
|
||||||
|
+ assert_non_null(key);
|
||||||
|
|
||||||
|
- rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||||
|
- assert_int_equal(rc, SSH_OK);
|
||||||
|
- assert_non_null(pubkey);
|
||||||
|
+ rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||||
|
+ assert_int_equal(rc, SSH_OK);
|
||||||
|
+ assert_non_null(pubkey);
|
||||||
|
|
||||||
|
- sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||||
|
- assert_non_null(sign);
|
||||||
|
+ sign = pki_do_sign(key, RSA_HASH, 20, SSH_DIGEST_SHA256);
|
||||||
|
+ assert_non_null(sign);
|
||||||
|
|
||||||
|
- rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
||||||
|
- assert_ssh_return_code(session, rc);
|
||||||
|
+ rc = pki_signature_verify(session, sign, pubkey, RSA_HASH, 20);
|
||||||
|
+ assert_ssh_return_code(session, rc);
|
||||||
|
|
||||||
|
- ssh_signature_free(sign);
|
||||||
|
- SSH_KEY_FREE(key);
|
||||||
|
- SSH_KEY_FREE(pubkey);
|
||||||
|
+ ssh_signature_free(sign);
|
||||||
|
+ SSH_KEY_FREE(key);
|
||||||
|
+ SSH_KEY_FREE(pubkey);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
rc = ssh_pki_generate(SSH_KEYTYPE_RSA, 2048, &key);
|
||||||
|
assert_ssh_return_code(session, rc);
|
||||||
|
--
|
||||||
|
2.21.0
|
||||||
|
|
16
SOURCES/libssh-0.9.0.tar.xz.asc
Normal file
16
SOURCES/libssh-0.9.0.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl0VtfEACgkQfuD8TcwB
|
||||||
|
Tj0cthAApYglGlE2+f06uKvPUc8LvzVkRFJA5ycm7uMddrMbSJ+ElScEu1a6q/qV
|
||||||
|
xPK3w49WdDpbYcz3s/GtdhGkSTye49Zav2PJzDFWvac+PoXVOwt7C5JzlPSq7kfa
|
||||||
|
0i6k1/7YSiPcFCo7467v2fpg0t80OHgS+Tbc1mwI0KtRzPA2pjqHsnu+RVNc6EA1
|
||||||
|
paUf1QMhjPFIQwcqJcQGAHZBqpx4JBspzBpC7wDxQKFh5FfMbVOxPG3qvgeOYDqd
|
||||||
|
cbfsJkdOJQ0rAxyNBB6xbz8XktJyK4Bjg5eT9GEz+zpsjh8jtfJMhNEemaBLXkug
|
||||||
|
+4wb4DU2uhEuOoOFh0YOgLcRLm2INNhVSTcizasmA8X1YcvAUmKB7fUMuYwOQOPZ
|
||||||
|
bsSkJ8kg7v76Y8w/pUger99pVYg0iiLi9KI6a2t7qTSibZewv38IV6eSJqORnZja
|
||||||
|
SLeswZUAAtHK/nTf7ohZ8Blnhx3UE5M6vyuli+KMmHAxTOzHhyWJvYDYJ2oJ7+tR
|
||||||
|
N49U1O77VE0WYY7HoyEXYkvSwWLb+MYK6ueaJTVBEbq7ZdpzQBQtPLoyCXUdQwZ2
|
||||||
|
DyZaaZnhkn9FYvsJp/twHra3XlQ359EXdMwflISaKgFUpfaluLIu1xRGrYH4XPNm
|
||||||
|
FHZRPCj34PY1uDOKHXiRl/xUdaR4CSIKPgofhxzy/mLZepJR9vU=
|
||||||
|
=xGD9
|
||||||
|
-----END PGP SIGNATURE-----
|
4
SOURCES/libssh_client.config
Normal file
4
SOURCES/libssh_client.config
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# Parse system-wide crypto configuration file
|
||||||
|
Include /etc/crypto-policies/back-ends/libssh.config
|
||||||
|
# Parse OpenSSH configuration file for consistency
|
||||||
|
Include /etc/ssh/ssh_config
|
4
SOURCES/libssh_server.config
Normal file
4
SOURCES/libssh_server.config
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
# Parse system-wide crypto configuration file
|
||||||
|
Include /etc/crypto-policies/back-ends/libssh.config
|
||||||
|
# Parse OpenSSH configuration file for consistency
|
||||||
|
Include /etc/ssh/sshd_config
|
@ -1,18 +1,19 @@
|
|||||||
Name: libssh
|
Name: libssh
|
||||||
Version: 0.8.5
|
Version: 0.9.0
|
||||||
Release: 2%{?dist}
|
Release: 4%{?dist}
|
||||||
Summary: A library implementing the SSH protocol
|
Summary: A library implementing the SSH protocol
|
||||||
License: LGPLv2+
|
License: LGPLv2+
|
||||||
URL: http://www.libssh.org
|
URL: http://www.libssh.org
|
||||||
|
|
||||||
Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz
|
Source0: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
|
||||||
Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc
|
Source1: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
|
||||||
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
|
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
|
||||||
|
Source3: libssh_client.config
|
||||||
|
Source4: libssh_server.config
|
||||||
|
|
||||||
Patch1: libssh-0.8.5-make-sure-both-known-hosts-ready.patch
|
Patch0: libssh-0.9.0-run-sshd-confined.patch
|
||||||
Patch2: libssh-0.8.5-ensure-ssh-session-fd-writable.patch
|
Patch1: libssh-0.9.0-do-not-ignore-known-hosts-keys.patch
|
||||||
Patch3: libssh-0.8.5-allow-msg-ext-info.patch
|
Patch2: libssh-0.9.0-skip-1k-rsa-key-generation-test.patch
|
||||||
Patch4: libssh-0.8.5-allow-kex-init.patch
|
|
||||||
|
|
||||||
BuildRequires: cmake
|
BuildRequires: cmake
|
||||||
BuildRequires: doxygen
|
BuildRequires: doxygen
|
||||||
@ -24,6 +25,9 @@ BuildRequires: zlib-devel
|
|||||||
BuildRequires: krb5-devel
|
BuildRequires: krb5-devel
|
||||||
BuildRequires: libcmocka-devel
|
BuildRequires: libcmocka-devel
|
||||||
|
|
||||||
|
Requires: crypto-policies
|
||||||
|
Requires: %{name}-config = %{version}-%{release}
|
||||||
|
|
||||||
%ifarch aarch64 ppc64 ppc64le s390x x86_64
|
%ifarch aarch64 ppc64 ppc64le s390x x86_64
|
||||||
Provides: libssh_threads.so()(64bit)
|
Provides: libssh_threads.so()(64bit)
|
||||||
Provides: libssh_threads.so.4()(64bit)
|
Provides: libssh_threads.so.4()(64bit)
|
||||||
@ -48,6 +52,14 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
|||||||
The %{name}-devel package contains libraries and header files for developing
|
The %{name}-devel package contains libraries and header files for developing
|
||||||
applications that use %{name}.
|
applications that use %{name}.
|
||||||
|
|
||||||
|
%package config
|
||||||
|
Summary: Configuration files for %{name}
|
||||||
|
BuildArch: noarch
|
||||||
|
Obsoletes: %{name} < 0.9.0-1
|
||||||
|
|
||||||
|
%description config
|
||||||
|
The %{name}-config package provides the default configuration files for %{name}.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||||
%autosetup -p1
|
%autosetup -p1
|
||||||
@ -59,7 +71,10 @@ fi
|
|||||||
pushd obj
|
pushd obj
|
||||||
|
|
||||||
%cmake .. \
|
%cmake .. \
|
||||||
-DUNIT_TESTING=ON
|
-DUNIT_TESTING=ON \
|
||||||
|
-DGLOBAL_CLIENT_CONFIG="%{_sysconfdir}/libssh/libssh_client.config" \
|
||||||
|
-DGLOBAL_BIND_CONFIG="%{_sysconfdir}/libssh/libssh_server.config"
|
||||||
|
|
||||||
|
|
||||||
%make_build VERBOSE=1
|
%make_build VERBOSE=1
|
||||||
make docs
|
make docs
|
||||||
@ -68,6 +83,9 @@ popd
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
make DESTDIR=%{buildroot} install/fast -C obj
|
make DESTDIR=%{buildroot} install/fast -C obj
|
||||||
|
install -d -m755 %{buildroot}%{_sysconfdir}/libssh
|
||||||
|
install -m644 %{SOURCE3} %{buildroot}%{_sysconfdir}/libssh/libssh_client.config
|
||||||
|
install -m644 %{SOURCE4} %{buildroot}%{_sysconfdir}/libssh/libssh_server.config
|
||||||
|
|
||||||
#
|
#
|
||||||
# Workaround for the removal of libssh_threads.so
|
# Workaround for the removal of libssh_threads.so
|
||||||
@ -109,7 +127,35 @@ popd
|
|||||||
%{_libdir}/pkgconfig/libssh.pc
|
%{_libdir}/pkgconfig/libssh.pc
|
||||||
%{_libdir}/libssh.so
|
%{_libdir}/libssh.so
|
||||||
|
|
||||||
|
%files config
|
||||||
|
%attr(0755,root,root) %dir %{_sysconfdir}/libssh
|
||||||
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_client.config
|
||||||
|
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/libssh/libssh_server.config
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 05 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-4
|
||||||
|
- Skip 1024 bits RSA key generation test in FIPS mode (#1734485)
|
||||||
|
|
||||||
|
* Thu Jul 11 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-3
|
||||||
|
- Add Obsoletes in libssh-config to avoid conflict with old libssh which
|
||||||
|
installed the configuration files.
|
||||||
|
|
||||||
|
* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-2
|
||||||
|
- Eliminate circular dependency with libssh-config subpackage
|
||||||
|
|
||||||
|
* Wed Jul 10 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.9.0-1
|
||||||
|
- Update to version 0.9.0
|
||||||
|
https://www.libssh.org/2019/06/28/libssh-0-9-0/
|
||||||
|
- Added explicit Requires for crypto-policies
|
||||||
|
- Do not ignore known_hosts keys when SSH_OPTIONS_HOSTKEYS is set
|
||||||
|
- Provide the configuration files in a separate libssh-config subpackage
|
||||||
|
|
||||||
|
* Mon Jun 17 2019 Anderson Sasaki <ansasaki@redhat.com> - 0.8.91-0.1
|
||||||
|
- Update to 0.9.0 pre release version (0.8.91)
|
||||||
|
- Added default configuration files for client and server
|
||||||
|
- Removed unused patch files left behind
|
||||||
|
- Fixed issues found to run upstream test suite with SELinux
|
||||||
|
|
||||||
* Fri Dec 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-2
|
* Fri Dec 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-2
|
||||||
- Fix more regressions introduced by the fixes for CVE-2018-10933
|
- Fix more regressions introduced by the fixes for CVE-2018-10933
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user