import libssh-0.8.5-2.el8
This commit is contained in:
commit
eeae263f83
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
SOURCES/libssh-0.8.5.tar.xz
|
||||||
|
SOURCES/libssh.keyring
|
2
.libssh.metadata
Normal file
2
.libssh.metadata
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
b5564774f986e396a7288a593595455bf10d9ce8 SOURCES/libssh-0.8.5.tar.xz
|
||||||
|
3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring
|
39
SOURCES/libssh-0.8.5-allow-kex-init.patch
Normal file
39
SOURCES/libssh-0.8.5-allow-kex-init.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From e6e8335847d4870c99c07f511b4a24ae9e053326 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Thu, 15 Nov 2018 11:03:56 +0100
|
||||||
|
Subject: [PATCH] packet: Adjust the packet filter to allow client-initialized
|
||||||
|
rekey
|
||||||
|
|
||||||
|
If the rekey is initialized by client, it sends the first KEXINIT
|
||||||
|
message, changes to the INIT_SENT state and waits for the KEXINIT
|
||||||
|
message from the server. This was not covered in the current filter.
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Reviewed-by: Daiki Ueno <dueno@redhat.com>
|
||||||
|
---
|
||||||
|
src/packet.c | 2 ++
|
||||||
|
1 file changed, 2 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/packet.c b/src/packet.c
|
||||||
|
index 9b7b9b8f..86314961 100644
|
||||||
|
--- a/src/packet.c
|
||||||
|
+++ b/src/packet.c
|
||||||
|
@@ -292,6 +292,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
|
||||||
|
* - session_state == SSH_SESSION_STATE_AUTHENTICATED
|
||||||
|
* or session_state == SSH_SESSION_STATE_INITIAL_KEX
|
||||||
|
* - dh_handshake_state == DH_STATE_INIT
|
||||||
|
+ * or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange)
|
||||||
|
* or dh_handshake_state == DH_STATE_FINISHED (re-exchange)
|
||||||
|
*
|
||||||
|
* Transitions:
|
||||||
|
@@ -310,6 +311,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
|
||||||
|
}
|
||||||
|
|
||||||
|
if ((session->dh_handshake_state != DH_STATE_INIT) &&
|
||||||
|
+ (session->dh_handshake_state != DH_STATE_INIT_SENT) &&
|
||||||
|
(session->dh_handshake_state != DH_STATE_FINISHED))
|
||||||
|
{
|
||||||
|
rc = SSH_PACKET_DENIED;
|
||||||
|
--
|
||||||
|
2.19.1
|
||||||
|
|
92
SOURCES/libssh-0.8.5-allow-msg-ext-info.patch
Normal file
92
SOURCES/libssh-0.8.5-allow-msg-ext-info.patch
Normal file
@ -0,0 +1,92 @@
|
|||||||
|
From a6e055c42b34ec50f55606312b09ec2e14990416 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||||
|
Date: Fri, 7 Dec 2018 18:19:33 +0100
|
||||||
|
Subject: [PATCH] packet: Allow SSH2_MSG_EXT_INFO when authenticated
|
||||||
|
|
||||||
|
When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This
|
||||||
|
message was being filtered out by the packet filtering. This includes a
|
||||||
|
test to enforce the filtering rules for this packet type.
|
||||||
|
|
||||||
|
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
(cherry picked from commit fe309ba43fb904da4385fc40a338ecc7482f8388)
|
||||||
|
---
|
||||||
|
src/packet.c | 6 ++++-
|
||||||
|
tests/unittests/torture_packet_filter.c | 31 +++++++++++++++++++++++++
|
||||||
|
2 files changed, 36 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/packet.c b/src/packet.c
|
||||||
|
index 72e3c096..61a44237 100644
|
||||||
|
--- a/src/packet.c
|
||||||
|
+++ b/src/packet.c
|
||||||
|
@@ -263,13 +263,17 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se
|
||||||
|
/*
|
||||||
|
* States required:
|
||||||
|
* - session_state == SSH_SESSION_STATE_AUTHENTICATING
|
||||||
|
+ * or session->session_state == SSH_SESSION_STATE_AUTHENTICATED
|
||||||
|
+ * (re-exchange)
|
||||||
|
* - dh_handshake_state == DH_STATE_FINISHED
|
||||||
|
*
|
||||||
|
* Transitions:
|
||||||
|
* - None
|
||||||
|
* */
|
||||||
|
|
||||||
|
- if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) {
|
||||||
|
+ if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATING) &&
|
||||||
|
+ (session->session_state != SSH_SESSION_STATE_AUTHENTICATED))
|
||||||
|
+ {
|
||||||
|
rc = SSH_PACKET_DENIED;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
diff --git a/tests/unittests/torture_packet_filter.c b/tests/unittests/torture_packet_filter.c
|
||||||
|
index 72cbc4cd..44ee3598 100644
|
||||||
|
--- a/tests/unittests/torture_packet_filter.c
|
||||||
|
+++ b/tests/unittests/torture_packet_filter.c
|
||||||
|
@@ -462,6 +462,36 @@ static void torture_packet_filter_check_auth_success(void **state)
|
||||||
|
assert_int_equal(rc, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
+static void torture_packet_filter_check_msg_ext_info(void **state)
|
||||||
|
+{
|
||||||
|
+ int rc;
|
||||||
|
+
|
||||||
|
+ global_state accepted[] = {
|
||||||
|
+ {
|
||||||
|
+ .flags = (COMPARE_SESSION_STATE |
|
||||||
|
+ COMPARE_DH_STATE),
|
||||||
|
+ .session = SSH_SESSION_STATE_AUTHENTICATING,
|
||||||
|
+ .dh = DH_STATE_FINISHED,
|
||||||
|
+ },
|
||||||
|
+ {
|
||||||
|
+ .flags = (COMPARE_SESSION_STATE |
|
||||||
|
+ COMPARE_DH_STATE),
|
||||||
|
+ .session = SSH_SESSION_STATE_AUTHENTICATED,
|
||||||
|
+ .dh = DH_STATE_FINISHED,
|
||||||
|
+ },
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ int accepted_count = 2;
|
||||||
|
+
|
||||||
|
+ /* Unused */
|
||||||
|
+ (void) state;
|
||||||
|
+
|
||||||
|
+ rc = check_message_in_all_states(accepted, accepted_count,
|
||||||
|
+ SSH2_MSG_EXT_INFO);
|
||||||
|
+
|
||||||
|
+ assert_int_equal(rc, 0);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
static void torture_packet_filter_check_channel_open(void **state)
|
||||||
|
{
|
||||||
|
int rc;
|
||||||
|
@@ -492,6 +522,7 @@ int torture_run_tests(void)
|
||||||
|
cmocka_unit_test(torture_packet_filter_check_auth_success),
|
||||||
|
cmocka_unit_test(torture_packet_filter_check_channel_open),
|
||||||
|
cmocka_unit_test(torture_packet_filter_check_unfiltered),
|
||||||
|
+ cmocka_unit_test(torture_packet_filter_check_msg_ext_info)
|
||||||
|
};
|
||||||
|
|
||||||
|
ssh_init();
|
||||||
|
--
|
||||||
|
2.19.1
|
||||||
|
|
47
SOURCES/libssh-0.8.5-ensure-ssh-session-fd-writable.patch
Normal file
47
SOURCES/libssh-0.8.5-ensure-ssh-session-fd-writable.patch
Normal file
@ -0,0 +1,47 @@
|
|||||||
|
From 7f1d30de47d67c03cf895f0d4d4e68daf9d396c5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Sanne Raymaekers <sraymaek@redhat.com>
|
||||||
|
Date: Fri, 26 Oct 2018 14:58:34 +0200
|
||||||
|
Subject: [PATCH] tests: Ensure the ssh session fd is read-/writeable in
|
||||||
|
torture_proxycommand
|
||||||
|
|
||||||
|
Signed-off-by: Sanne Raymaekers <sraymaek@redhat.com>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
(cherry picked from commit 03c30e9c8ad34b3fa659a70e474a9b8cb248f85b)
|
||||||
|
(cherry picked from commit 3de34944ad11bf4e22fc981562f32cb4b3b90ba9)
|
||||||
|
---
|
||||||
|
tests/client/torture_proxycommand.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c
|
||||||
|
index ea1e1838..9608e663 100644
|
||||||
|
--- a/tests/client/torture_proxycommand.c
|
||||||
|
+++ b/tests/client/torture_proxycommand.c
|
||||||
|
@@ -9,6 +9,7 @@
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <pwd.h>
|
||||||
|
#include <errno.h>
|
||||||
|
+#include <fcntl.h>
|
||||||
|
|
||||||
|
static int sshd_setup(void **state)
|
||||||
|
{
|
||||||
|
@@ -61,11 +62,16 @@ static void torture_options_set_proxycommand(void **state) {
|
||||||
|
struct torture_state *s = *state;
|
||||||
|
ssh_session session = s->ssh.session;
|
||||||
|
int rc;
|
||||||
|
+ socket_t fd;
|
||||||
|
|
||||||
|
rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, "nc 127.0.0.10 22");
|
||||||
|
assert_int_equal(rc, 0);
|
||||||
|
rc = ssh_connect(session);
|
||||||
|
assert_ssh_return_code(session, rc);
|
||||||
|
+ fd = ssh_get_fd(session);
|
||||||
|
+ assert_true(fd != SSH_INVALID_SOCKET);
|
||||||
|
+ rc = fcntl(fd, F_GETFL);
|
||||||
|
+ assert_int_equal(rc & O_RDWR, O_RDWR);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void torture_options_set_proxycommand_notexist(void **state) {
|
||||||
|
--
|
||||||
|
2.19.1
|
||||||
|
|
37
SOURCES/libssh-0.8.5-make-sure-both-known-hosts-ready.patch
Normal file
37
SOURCES/libssh-0.8.5-make-sure-both-known-hosts-ready.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From bed645ed5fca3ff776fd1997ec9d5c6b9065a7eb Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Date: Tue, 30 Oct 2018 13:55:30 +0100
|
||||||
|
Subject: [PATCH] knownhosts: Make sure we have both knownhosts files ready
|
||||||
|
|
||||||
|
If either one is missing at this point, fill it with default vaules in
|
||||||
|
ssh_options_apply().
|
||||||
|
|
||||||
|
Previously, when setting up only knownhosts, global_knownhosts file
|
||||||
|
was left pointing to NULL and the ssh_known_hosts_read_entries()
|
||||||
|
was trying to open NULL file which is invalid.
|
||||||
|
|
||||||
|
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||||
|
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||||
|
(cherry picked from commit 5159cd96e8b61c9f8f96786f70cf23167980b621)
|
||||||
|
(cherry picked from commit a4b99eedf2f0f993f10c31d9bea0f1ad9fa7737e)
|
||||||
|
---
|
||||||
|
src/knownhosts.c | 3 ++-
|
||||||
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/knownhosts.c b/src/knownhosts.c
|
||||||
|
index 23902a5f..546619aa 100644
|
||||||
|
--- a/src/knownhosts.c
|
||||||
|
+++ b/src/knownhosts.c
|
||||||
|
@@ -306,7 +306,8 @@ struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session)
|
||||||
|
int list_error = 0;
|
||||||
|
int rc;
|
||||||
|
|
||||||
|
- if (session->opts.knownhosts == NULL) {
|
||||||
|
+ if (session->opts.knownhosts == NULL ||
|
||||||
|
+ session->opts.global_knownhosts == NULL) {
|
||||||
|
if (ssh_options_apply(session) < 0) {
|
||||||
|
ssh_set_error(session,
|
||||||
|
SSH_REQUEST_DENIED,
|
||||||
|
--
|
||||||
|
2.19.1
|
||||||
|
|
16
SOURCES/libssh-0.8.5.tar.xz.asc
Normal file
16
SOURCES/libssh-0.8.5.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAlvW3ZEACgkQfuD8TcwB
|
||||||
|
Tj0mPw/9HZty2xOzKekX8+cedyZbW2lAoG9YNVxgTvQ2+98+TBH6M8qr5EryuH/q
|
||||||
|
mAFq/TJOrM3yccr1kJXFOm6QBw0xMTpWcosXjKmZxvJwW6iFEP33shVDkZGJWwmM
|
||||||
|
bzr165NTdRMJiaBfk47j0e1H2U9MHyV7wKmb79+bFtMDhiJYmXR1Oxa1SjjeG42c
|
||||||
|
XmrcH559kZ1mKmai6jKwTRUKGu3RLdWrXQIobCrdQM8FYrbSx5luZtDjdfXTRRtv
|
||||||
|
K96alBYxuey1nsZVei1y2hJlLLLVqao997Q7iMI63+/IJpYTmEPciDnTDDu767X6
|
||||||
|
rCXSuWbxcwk77zrt/dh7WJBOyLwh4aCFsSixBsONj4otwmFHNm/FAxV991ewcvQB
|
||||||
|
NMHPh3DcYLfoY/aUzwf160SfZu56mdVnFPLOnPUw3ARcPdgJG4OzqP9Jmz4Us+dS
|
||||||
|
ImZTduM62/+Af+LrODtRBRYJRSn38eBVVBYT01WsDSvvR2LaTn3gVAtY2m3Dr6wA
|
||||||
|
6sdMmYbn2zM+MNFE1+qlsaKmF+WmyCrBKBojBB+wh5G+dStJ7KGzlXjxNQudvWeA
|
||||||
|
VMlERLZYNBjSH1/XBH6VTnOl2xhExPv4eCUTVCXhlYUFEWjRunoxEed+b7r45iiu
|
||||||
|
+nRT+OfQZ8RFOLkFYxhB8iQNZAZ6T46ALSxo3V8PVEPDHZWdPTU=
|
||||||
|
=7iiz
|
||||||
|
-----END PGP SIGNATURE-----
|
363
SPECS/libssh.spec
Normal file
363
SPECS/libssh.spec
Normal file
@ -0,0 +1,363 @@
|
|||||||
|
Name: libssh
|
||||||
|
Version: 0.8.5
|
||||||
|
Release: 2%{?dist}
|
||||||
|
Summary: A library implementing the SSH protocol
|
||||||
|
License: LGPLv2+
|
||||||
|
URL: http://www.libssh.org
|
||||||
|
|
||||||
|
Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz
|
||||||
|
Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc
|
||||||
|
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
|
||||||
|
|
||||||
|
Patch1: libssh-0.8.5-make-sure-both-known-hosts-ready.patch
|
||||||
|
Patch2: libssh-0.8.5-ensure-ssh-session-fd-writable.patch
|
||||||
|
Patch3: libssh-0.8.5-allow-msg-ext-info.patch
|
||||||
|
Patch4: libssh-0.8.5-allow-kex-init.patch
|
||||||
|
|
||||||
|
BuildRequires: cmake
|
||||||
|
BuildRequires: doxygen
|
||||||
|
BuildRequires: gcc-c++
|
||||||
|
BuildRequires: gnupg2
|
||||||
|
BuildRequires: openssl-devel
|
||||||
|
BuildRequires: pkgconfig
|
||||||
|
BuildRequires: zlib-devel
|
||||||
|
BuildRequires: krb5-devel
|
||||||
|
BuildRequires: libcmocka-devel
|
||||||
|
|
||||||
|
%ifarch aarch64 ppc64 ppc64le s390x x86_64
|
||||||
|
Provides: libssh_threads.so()(64bit)
|
||||||
|
Provides: libssh_threads.so.4()(64bit)
|
||||||
|
%else
|
||||||
|
Provides: libssh_threads.so
|
||||||
|
Provides: libssh_threads.so.4
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%description
|
||||||
|
The ssh library was designed to be used by programmers needing a working SSH
|
||||||
|
implementation by the mean of a library. The complete control of the client is
|
||||||
|
made by the programmer. With libssh, you can remotely execute programs, transfer
|
||||||
|
files, use a secure and transparent tunnel for your remote programs. With its
|
||||||
|
Secure FTP implementation, you can play with remote files easily, without
|
||||||
|
third-party programs others than libcrypto (from openssl).
|
||||||
|
|
||||||
|
%package devel
|
||||||
|
Summary: Development files for %{name}
|
||||||
|
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||||
|
|
||||||
|
%description devel
|
||||||
|
The %{name}-devel package contains libraries and header files for developing
|
||||||
|
applications that use %{name}.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
|
||||||
|
%autosetup -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
if test ! -e "obj"; then
|
||||||
|
mkdir obj
|
||||||
|
fi
|
||||||
|
pushd obj
|
||||||
|
|
||||||
|
%cmake .. \
|
||||||
|
-DUNIT_TESTING=ON
|
||||||
|
|
||||||
|
%make_build VERBOSE=1
|
||||||
|
make docs
|
||||||
|
|
||||||
|
popd
|
||||||
|
|
||||||
|
%install
|
||||||
|
make DESTDIR=%{buildroot} install/fast -C obj
|
||||||
|
|
||||||
|
#
|
||||||
|
# Workaround for the removal of libssh_threads.so
|
||||||
|
#
|
||||||
|
# This will allow libraries which link against libssh_threads.so or packages
|
||||||
|
# requiring it to continue working.
|
||||||
|
#
|
||||||
|
pushd %{buildroot}%{_libdir}
|
||||||
|
for i in libssh.so.4*;
|
||||||
|
do
|
||||||
|
_target="${i}"
|
||||||
|
_link_name="${i%libssh*}libssh_threads${i##*libssh}"
|
||||||
|
if [ -L "${i}" ]; then
|
||||||
|
_target="$(readlink ${i})"
|
||||||
|
fi
|
||||||
|
ln -s "${_target}" "${_link_name}"
|
||||||
|
done;
|
||||||
|
popd
|
||||||
|
|
||||||
|
%ldconfig_scriptlets
|
||||||
|
|
||||||
|
%check
|
||||||
|
pushd obj
|
||||||
|
ctest --output-on-failure
|
||||||
|
popd
|
||||||
|
|
||||||
|
%files
|
||||||
|
%doc AUTHORS BSD ChangeLog README
|
||||||
|
%license COPYING
|
||||||
|
%{_libdir}/libssh.so.4*
|
||||||
|
%{_libdir}/libssh_threads.so.4*
|
||||||
|
|
||||||
|
%files devel
|
||||||
|
%doc obj/doc/html
|
||||||
|
%{_includedir}/libssh/
|
||||||
|
# own this to avoid dep on cmake -- rex
|
||||||
|
%dir %{_libdir}/cmake/
|
||||||
|
%{_libdir}/cmake/libssh/
|
||||||
|
%{_libdir}/pkgconfig/libssh.pc
|
||||||
|
%{_libdir}/libssh.so
|
||||||
|
|
||||||
|
%changelog
|
||||||
|
* Fri Dec 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-2
|
||||||
|
- Fix more regressions introduced by the fixes for CVE-2018-10933
|
||||||
|
|
||||||
|
* Thu Nov 29 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.5-1
|
||||||
|
- Update to version 0.8.5
|
||||||
|
* Fixed an issue where global known_hosts file was ignored (#1649321)
|
||||||
|
* Fixed ssh_get_fd() to return writable file descriptor (#1649319)
|
||||||
|
* Fixed regression introduced in known_hosts parsing (#1649315)
|
||||||
|
* Fixed a regression which caused only the first algorithm in known_hosts to
|
||||||
|
be considered (#1638790)
|
||||||
|
|
||||||
|
* Thu Nov 08 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-5
|
||||||
|
- Fix regressions introduced by the fixes for CVE-2018-10933
|
||||||
|
|
||||||
|
* Wed Oct 17 2018 Nikos Mavrogiannopoulos <nmav@redhat.com> - 0.8.3-4
|
||||||
|
- Fix for authentication bypass issue in server implementation (#1639926)
|
||||||
|
|
||||||
|
* Tue Oct 02 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-3
|
||||||
|
- Fixed errors found by static code analysis (#1602594)
|
||||||
|
|
||||||
|
* Fri Sep 21 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.3-1
|
||||||
|
- Update to version 0.8.3
|
||||||
|
* Added support for rsa-sha2 (#1610882)
|
||||||
|
* Added support to parse private keys in openssh container format (other than
|
||||||
|
ed25519) (#1622983)
|
||||||
|
* Added support for diffie-hellman-group18-sha512 and
|
||||||
|
diffie-hellman-group16-sha512 (#1610885)
|
||||||
|
* Added ssh_get_fingerprint_hash()
|
||||||
|
* Added ssh_pki_export_privkey_base64()
|
||||||
|
* Added support for Match keyword in config file
|
||||||
|
* Improved performance and reduced memory footprint for sftp
|
||||||
|
* Fixed ecdsa publickey auth
|
||||||
|
* Fixed reading a closed channel
|
||||||
|
* Added support to announce posix-rename@openssh.com and hardlink@openssh.com
|
||||||
|
in the sftp server
|
||||||
|
* Use -fstack-protector-strong if possible (#1624135)
|
||||||
|
|
||||||
|
* Wed Aug 15 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.1-4
|
||||||
|
- Fix the creation of symbolic links for libssh_threads.so.4
|
||||||
|
|
||||||
|
* Wed Aug 15 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.1-3
|
||||||
|
- Add missing Provides for libssh_threads.so.4
|
||||||
|
|
||||||
|
* Tue Aug 14 2018 Anderson Sasaki <ansasaki@redhat.com> - 0.8.1-2
|
||||||
|
- Add Provides for libssh_threads.so to unbreak applications
|
||||||
|
- Fix ABIMap detection to not depend on python to build
|
||||||
|
|
||||||
|
* Mon Aug 13 2018 Andreas Schneider <asn@redhat.com> - 0.8.1-1
|
||||||
|
- Update to version 0.8.1
|
||||||
|
https://www.libssh.org/2018/08/13/libssh-0-8-1/
|
||||||
|
|
||||||
|
* Fri Aug 10 2018 Andreas Schneider <asn@redhat.com> - 0.8.0-1
|
||||||
|
- Update to version 0.8.0
|
||||||
|
https://www.libssh.org/2018/08/10/libssh-0-8-0/
|
||||||
|
|
||||||
|
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-9
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Mar 07 2018 Rex Dieter <rdieter@fedoraproject.org> - 0.7.5-8
|
||||||
|
- BR: gcc-c++, use %%make_build
|
||||||
|
|
||||||
|
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-7
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
- Related: bug#1614611
|
||||||
|
|
||||||
|
* Thu Feb 01 2018 Andreas Schneider <asn@redhat.com> - 0.7.5-6
|
||||||
|
- resolves: #1540021 - Build against OpenSSL 1.1
|
||||||
|
|
||||||
|
* Wed Jan 31 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 0.7.5-5
|
||||||
|
- Switch to %%ldconfig_scriptlets
|
||||||
|
|
||||||
|
* Fri Dec 29 2017 Andreas Schneider <asn@redhat.com> - 0.7.5-4
|
||||||
|
- Fix parsing ssh_config
|
||||||
|
|
||||||
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.5-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Apr 26 2017 Peter Robinson <pbrobinson@fedoraproject.org> 0.7.5-1
|
||||||
|
- Update to version 0.7.5
|
||||||
|
|
||||||
|
* Sat Mar 11 2017 Rex Dieter <rdieter@fedoraproject.org> - 0.7.4-2
|
||||||
|
- BR: compat-openssl10-devel (f26+, #1423088)
|
||||||
|
- use %%license
|
||||||
|
- -devel: drop hardcoded pkgconfig dep (let autodeps handle it)
|
||||||
|
- %%files: track library sonames, simplify -devel
|
||||||
|
- %%install: use 'install/fast' target
|
||||||
|
- .spec cosmetics, drop deprecated %%clean section
|
||||||
|
|
||||||
|
* Wed Feb 08 2017 Andreas Schneider <asn@redhat.com> - 0.7.4-1
|
||||||
|
- Update to version 0.7.4
|
||||||
|
* Added id_ed25519 to the default identity list
|
||||||
|
* Fixed sftp EOF packet handling
|
||||||
|
* Fixed ssh_send_banner() to confirm with RFC 4253
|
||||||
|
* Fixed some memory leaks
|
||||||
|
- resolves: #1419007
|
||||||
|
|
||||||
|
* Wed Feb 24 2016 Andreas Schneider <asn@redhat.com> - 0.7.3-1
|
||||||
|
- resolves: #1311259 - Fix CVE-2016-0739
|
||||||
|
- resolves: #1311332 - Update to version 0.7.3
|
||||||
|
* Fixed CVE-2016-0739
|
||||||
|
* Fixed ssh-agent on big endian
|
||||||
|
* Fixed some documentation issues
|
||||||
|
- Enabled GSSAPI support
|
||||||
|
|
||||||
|
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.7.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Oct 22 2015 Andreas Schneider <asn@redhat.com> - 0.7.2-2
|
||||||
|
- resolves: #1271230 - Fix ssh-agent support on big endian
|
||||||
|
|
||||||
|
* Wed Sep 30 2015 Andreas Schneider <asn@redhat.com> - 0.7.2-1
|
||||||
|
- Update to version 0.7.2
|
||||||
|
* Fixed OpenSSL detection on Windows
|
||||||
|
* Fixed return status for ssh_userauth_agent()
|
||||||
|
* Fixed KEX to prefer hmac-sha2-256
|
||||||
|
* Fixed sftp packet handling
|
||||||
|
* Fixed return values of ssh_key_is_(public|private)
|
||||||
|
* Fixed bug in global success reply
|
||||||
|
- resolves: #1267346
|
||||||
|
|
||||||
|
* Tue Jun 30 2015 Andreas Schneider <asn@redhat.com> - 0.7.1-1
|
||||||
|
- Update to version 0.7.1
|
||||||
|
* Fixed SSH_AUTH_PARTIAL auth with auto public key
|
||||||
|
* Fixed memory leak in session options
|
||||||
|
* Fixed allocation of ed25519 public keys
|
||||||
|
* Fixed channel exit-status and exit-signal
|
||||||
|
* Reintroduce ssh_forward_listen()
|
||||||
|
|
||||||
|
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.7.0-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu May 21 2015 Orion Poplawski <orion@cora.nwra.com> - 0.7.0-2
|
||||||
|
- Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310)
|
||||||
|
|
||||||
|
* Mon May 11 2015 Andreas Schneider <asn@redhat.com> - 0.7.0-1
|
||||||
|
- Update to version 0.7.0
|
||||||
|
* Added support for ed25519 keys
|
||||||
|
* Added SHA2 algorithms for HMAC
|
||||||
|
* Added improved and more secure buffer handling code
|
||||||
|
* Added callback for auth_none_function
|
||||||
|
* Added support for ECDSA private key signing
|
||||||
|
* Added more tests
|
||||||
|
* Fixed a lot of bugs
|
||||||
|
* Improved API documentation
|
||||||
|
|
||||||
|
* Thu Apr 30 2015 Andreas Schneider <asn@redhat.com> - 0.6.5-1
|
||||||
|
- resolves: #1213775 - Security fix for CVE-2015-3146
|
||||||
|
- resolves: #1218076 - Security fix for CVE-2015-3146
|
||||||
|
|
||||||
|
* Fri Dec 19 2014 - Andreas Schneider <asn@redhat.com> - 0.6.4-1
|
||||||
|
- Security fix for CVE-2014-8132.
|
||||||
|
|
||||||
|
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.3-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6.3-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Mar 04 2014 - Andreas Schneider <asn@redhat.com> - 0.6.3-1
|
||||||
|
- Fix CVE-2014-0017.
|
||||||
|
|
||||||
|
* Mon Feb 10 2014 - Andreas Schneider <asn@redhat.com> - 0.6.1-1
|
||||||
|
- Update to version 0.6.1.
|
||||||
|
- resolves: #1056757 - Fix scp mode.
|
||||||
|
- resolves: #1053305 - Fix known_hosts heuristic.
|
||||||
|
|
||||||
|
* Wed Jan 08 2014 - Andreas Schneider <asn@redhat.com> - 0.6.0-1
|
||||||
|
- Update to 0.6.0
|
||||||
|
|
||||||
|
* Fri Jul 26 2013 - Andreas Schneider <asn@redhat.com> - 0.5.5-1
|
||||||
|
- Update to 0.5.5.
|
||||||
|
- Clenup the spec file.
|
||||||
|
|
||||||
|
* Thu Jul 18 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-5
|
||||||
|
- Add EPEL 5 support.
|
||||||
|
- Add Debian patches to enable Doxygen documentation.
|
||||||
|
|
||||||
|
* Tue Jul 16 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-4
|
||||||
|
- Add patch for #982685.
|
||||||
|
|
||||||
|
* Mon Jun 10 2013 Simone Caronni <negativo17@gmail.com> - 0.5.4-3
|
||||||
|
- Clean up SPEC file and fix rpmlint complaints.
|
||||||
|
|
||||||
|
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.4-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 23 2013 Petr Lautrbach <plautrba@redhat.com> 0.5.4-1
|
||||||
|
- update to security 0.5.4 release
|
||||||
|
- CVE-2013-0176 (#894407)
|
||||||
|
|
||||||
|
* Tue Nov 20 2012 Petr Lautrbach <plautrba@redhat.com> 0.5.3-1
|
||||||
|
- update to security 0.5.3 release (#878465)
|
||||||
|
|
||||||
|
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.2-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
||||||
|
|
||||||
|
* Thu Feb 02 2012 Petr Lautrbach <plautrba@redhat.com> 0.5.2-1
|
||||||
|
- update to 0.5.2 version (#730270)
|
||||||
|
|
||||||
|
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.5.0-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jun 1 2011 Jan F. Chadima <jchadima@redhat.com> - 0.5.0-1
|
||||||
|
- bounce versionn to 0.5.0 (#709785)
|
||||||
|
- the support for protocol v1 is disabled
|
||||||
|
|
||||||
|
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.8-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jan 19 2011 Jan F. Chadima <jchadima@redhat.com> - 0.4.8-1
|
||||||
|
- bounce versionn to 0.4.8 (#670456)
|
||||||
|
|
||||||
|
* Mon Sep 6 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.6-1
|
||||||
|
- bounce versionn to 0.4.6 (#630602)
|
||||||
|
|
||||||
|
* Thu Jun 3 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.4-1
|
||||||
|
- bounce versionn to 0.4.4 (#598592)
|
||||||
|
|
||||||
|
* Wed May 19 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.3-1
|
||||||
|
- bounce versionn to 0.4.3 (#593288)
|
||||||
|
|
||||||
|
* Tue Mar 16 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.2-1
|
||||||
|
- bounce versionn to 0.4.2 (#573972)
|
||||||
|
|
||||||
|
* Tue Feb 16 2010 Jan F. Chadima <jchadima@redhat.com> - 0.4.1-1
|
||||||
|
- bounce versionn to 0.4.1 (#565870)
|
||||||
|
|
||||||
|
* Fri Dec 11 2009 Jan F. Chadima <jchadima@redhat.com> - 0.4.0-1
|
||||||
|
- bounce versionn to 0.4.0 (#541010)
|
||||||
|
|
||||||
|
* Thu Nov 26 2009 Jan F. Chadima <jchadima@redhat.com> - 0.3.92-2
|
||||||
|
- typo in spec file
|
||||||
|
|
||||||
|
* Thu Nov 26 2009 Jan F. Chadima <jchadima@redhat.com> - 0.3.92-1
|
||||||
|
- bounce versionn to 0.3.92 (0.4 beta2) (#541010)
|
||||||
|
|
||||||
|
* Fri Aug 21 2009 Tomas Mraz <tmraz@redhat.com> - 0.2-4
|
||||||
|
- rebuilt with new openssl
|
||||||
|
|
||||||
|
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.2-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 02 2009 Jan F. Chadima <jchadima@redhat.com> - 0.2-2
|
||||||
|
- Small changes during review
|
||||||
|
|
||||||
|
* Mon Jun 01 2009 Jan F. Chadima <jchadima@redhat.com> - 0.2-1
|
||||||
|
- Initial build
|
||||||
|
|
Loading…
Reference in New Issue
Block a user