From ab29cf25d9d79649b19072a6a280ddf17f3992d7 Mon Sep 17 00:00:00 2001 From: Sahana Prasad Date: Tue, 14 Sep 2021 19:06:48 +0200 Subject: [PATCH 1/9] Rebuilt with OpenSSL 3.0.0 --- libssh2.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libssh2.spec b/libssh2.spec index e03ceea..0c1c99f 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 Version: 1.10.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ @@ -114,6 +114,9 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/pkgconfig/libssh2.pc %changelog +* Tue Sep 14 2021 Sahana Prasad - 1.10.0-2 +- Rebuilt with OpenSSL 3.0.0 + * Mon Aug 30 2021 Paul Howarth - 1.10.0-1 - Update to 1.10.0 - Adds agent forwarding support From ff63c9bf5b36f2959b3c0ce1c19aebe7fdf0a835 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 20 Jan 2022 17:20:46 +0000 Subject: [PATCH 2/9] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libssh2.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libssh2.spec b/libssh2.spec index 0c1c99f..7503326 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 Version: 1.10.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ @@ -114,6 +114,9 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/pkgconfig/libssh2.pc %changelog +* Thu Jan 20 2022 Fedora Release Engineering - 1.10.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Tue Sep 14 2021 Sahana Prasad - 1.10.0-2 - Rebuilt with OpenSSL 3.0.0 From 47f7114f7d0780f3075bad51a71881f45cc933c5 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Sun, 23 Jan 2022 15:52:55 +0000 Subject: [PATCH 3/9] Fix FTBFS with OpenSSH 8.8 In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, so we need to re-enable them as a workaround for the test suite until upstream updates the tests. See: https://github.com/libssh2/libssh2/issues/630 Drop other test workarounds, none of them being needed any longer. --- libssh2-1.10.0-ssh-rsa-test.patch | 19 ++++++++++++++++ libssh2.spec | 36 +++++++++++++++---------------- 2 files changed, 36 insertions(+), 19 deletions(-) create mode 100644 libssh2-1.10.0-ssh-rsa-test.patch diff --git a/libssh2-1.10.0-ssh-rsa-test.patch b/libssh2-1.10.0-ssh-rsa-test.patch new file mode 100644 index 0000000..8485f14 --- /dev/null +++ b/libssh2-1.10.0-ssh-rsa-test.patch @@ -0,0 +1,19 @@ +In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, +so we need to re-enable them as a workaround for the test +suite until upstream updates the tests. + +See: https://github.com/libssh2/libssh2/issues/630 + +--- tests/ssh2.sh ++++ tests/ssh2.sh +@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host + -o 'Port 4711' \ + -o 'Protocol 2' \ + -o "AuthorizedKeysFile $srcdir/etc/user.pub" \ +- -o 'UsePrivilegeSeparation no' \ ++ -o 'HostKeyAlgorithms +ssh-rsa' \ ++ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \ + -o 'StrictModes no' \ + -D \ + $libssh2_sshd_params & + diff --git a/libssh2.spec b/libssh2.spec index 7503326..a2ed7be 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,10 +1,11 @@ Name: libssh2 Version: 1.10.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz +Patch1: libssh2-1.10.0-ssh-rsa-test.patch BuildRequires: coreutils BuildRequires: findutils @@ -52,6 +53,14 @@ developing applications that use libssh2. %prep %setup -q +# In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, +# so we need to re-enable them as a workaround for the test +# suite until upstream updates the tests. +# See: https://github.com/libssh2/libssh2/issues/630 +%if 0%{?fedora} > 33 || 0%{?rhel} > 8 +%patch1 +%endif + # Replace hard wired port number in the test suite to avoid collisions # between 32-bit and 64-bit builds running on a single build-host sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh} @@ -73,29 +82,11 @@ find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete mv -v example example.%{_arch} %check -echo "Running tests for %{_arch}" -# The SSH test will fail if we don't have /dev/tty, as is the case in some -# versions of mock (#672713) -if [ ! -c /dev/tty ]; then - echo Skipping SSH test due to missing /dev/tty - echo "exit 0" > tests/ssh2.sh -fi -# Apparently it fails in the sparc and arm buildsystems too -%ifarch %{sparc} %{arm} -echo Skipping SSH test on sparc/arm -echo "exit 0" > tests/ssh2.sh -%endif -# mansyntax check fails on PPC* and aarch64 with some strange locale error -%ifarch ppc %{power64} aarch64 -echo "Skipping mansyntax test on PPC* and aarch64" -echo "exit 0" > tests/mansyntax.sh -%endif LC_ALL=en_US.UTF-8 make -C tests check %ldconfig_scriptlets %files -%{!?_licensedir:%global license %%doc} %license COPYING %doc docs/AUTHORS README RELEASE-NOTES %{_libdir}/libssh2.so.1 @@ -114,6 +105,13 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/pkgconfig/libssh2.pc %changelog +* Sun Jan 23 2022 Paul Howarth - 1.10.0-4 +- In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, + so we need to re-enable them as a workaround for the test + suite until upstream updates the tests + See: https://github.com/libssh2/libssh2/issues/630 +- Drop other test workarounds, none of them being needed any longer + * Thu Jan 20 2022 Fedora Release Engineering - 1.10.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From c48c35531df7b5c322da7958e6a4b39d27eda910 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 21 Jul 2022 19:06:47 +0000 Subject: [PATCH 4/9] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libssh2.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libssh2.spec b/libssh2.spec index a2ed7be..251fc0b 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 Version: 1.10.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ @@ -105,6 +105,9 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/pkgconfig/libssh2.pc %changelog +* Thu Jul 21 2022 Fedora Release Engineering - 1.10.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Sun Jan 23 2022 Paul Howarth - 1.10.0-4 - In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, so we need to re-enable them as a workaround for the test From 75902ed4b916e1742c8a9b2020831cfd6d8a6878 Mon Sep 17 00:00:00 2001 From: Todd Zullinger Date: Fri, 28 Oct 2022 21:07:13 -0400 Subject: [PATCH 5/9] Verify upstream release signatures Update git ignore rules to add the signature, as well as the expanded source directory. --- .gitignore | 2 ++ libssh2.spec | 10 ++++++- mykey.asc | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++ sources | 1 + 4 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 mykey.asc diff --git a/.gitignore b/.gitignore index 0fc8c0e..7483adc 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ +/libssh2-[0-9.]*/ /libssh2-[0-9.]*.tar.gz +/libssh2-[0-9.]*.tar.gz.asc diff --git a/libssh2.spec b/libssh2.spec index 251fc0b..45c5941 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,15 +1,19 @@ Name: libssh2 Version: 1.10.0 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz +Source1: https://libssh2.org/download/libssh2-%{version}.tar.gz.asc +# Daniel Stenberg's GPG keys; linked from https://daniel.haxx.se/address.html +Source2: https://daniel.haxx.se/mykey.asc Patch1: libssh2-1.10.0-ssh-rsa-test.patch BuildRequires: coreutils BuildRequires: findutils BuildRequires: gcc +BuildRequires: gnupg2 BuildRequires: make BuildRequires: openssl-devel > 1:1.0.1 BuildRequires: sed @@ -51,6 +55,7 @@ The libssh2-docs package contains man pages and examples for developing applications that use libssh2. %prep +%{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %setup -q # In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, @@ -105,6 +110,9 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/pkgconfig/libssh2.pc %changelog +* Fri Oct 28 2022 Todd Zullinger - 1.10.0-6 +- Verify upstream release signatures + * Thu Jul 21 2022 Fedora Release Engineering - 1.10.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild diff --git a/mykey.asc b/mykey.asc new file mode 100644 index 0000000..0c77721 --- /dev/null +++ b/mykey.asc @@ -0,0 +1,77 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2 + +mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ +QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV +0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 +EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch +soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje +f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL +gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo +SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 +m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 +ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iF4EExECAB4CHgECF4AFAlQU +ki4FCwkIBwMFFQoJCAsFFgIDAQAACgkQeOEcayedXJEOOwCggCsNHdAQPAlPte3w +i2IZEekkM0YAoOXXPFAWjUwIHjZY41l7WgzACbANiFkEExECABkFAj6tnnoECwcD +AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAoO1y3LoSOEgD8vR062cdYDmv +jLvVAJ0dmp1UiuQp+oMyq2VbWyw8LXN1XLkBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb +XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz +7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM +wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ +dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT +rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t +FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 +OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfxmQENBFcGhyIBCAC79AIx +5hHixKmNtqbryuZTDwlt9XXkEn/QSrQD3pzgbsbBiWyqOV4hfscvtmoqA7koOw4h +zZ/b8pJPA36eNzqMFIbkWpIit/BwA5bTKRkKXeD2kBFkjIN+iDuXawwhv7eNKH9O +poAUe0K/esK/kvbMO721q24IgkOjB1Vtr/Y4Xkg7+VWVP0LFh7C/2Nwq6n2bktsA +Ey9uCDD1hl8BdckN/XxpuUqSfxbF85GvYzzON67zOxxo6jqRXXcJ2PdPq0o9Ak0d +6Fe7g9ZxOAeuYEbFTCZHBBccx84K0Bhn5tpqoq8Mq3f3mZfGBoe4J6wr17cxEDC8 +tTHUpDqk0CoLERUxABEBAAG0IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHgu +c2U+iQE3BBMBCgAhBQJXBociAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJ +EPn+r/nTShvbHoAIAJDwb7dcAX4VGPa2oSuQqVnHsjDE7g8ATmcZq2IAzAG6bZg1 +svuhNyPQnL7kNrsz6Ew+yE4vH8mOjDUbc3feY4MzmtEMaB6VS0Xlna6cdtWkv4Y+ +Us4TuYSdftPZuZgI3nN/sXLlxWJCZgCPJJaGM6dXgyTFatk2P1LE98Qif7+ZMqfv ++BA5L6cy2cAwJ5qbvLtuT25rTxooN54JETfwdhUD1NEIqTQxeC4E5lFvwedjAjLh +Gswau8WMCdM/HzGbuQ9Gp3/RafYoAvMV6r6sskvUrWubCHj0u+uNgOpUHvlrwcFg +rBirzQdElumCWqbJVCH0V5NcP/zSz1U1W8wSRqS5AQ0EVwaHIgEIALyCqpnax0cL +y7EK3UiU2Kkryb7LPsZkia9hTcIZjNg0B8XAdqDYpHiquYtX0cz5I1sSZMBJ/xJP +BF2ce/bmOTJtyW3GaF9a+M2zboZSzx9nlv9xx0o3bXBrBlL2vaG2TW+x2G53GA0/ +0chbj35PR+fvJx8ob/fHwCkfzGb1qCzwovhwGVUNHqI5bxK/xVwXfiycbllE3Hmf +09BGeXKR7gQtaal8byKKlqCtayteEaPNQt6czYxZkVAOvY4ZDQKSZJUNwGFog3bG +6rHr1J/0un6nAvX+wMuvRkUDiQxZZCel7e0Qcg3gPrYh+adlr0Tn7wyCP7/BULz8 +67fQfzc2ENkAEQEAAYkBHwQYAQoACQUCVwaHIgIbDAAKCRD5/q/500ob27KaB/9H +a+iDip6mxFdoqy7TAefBy7KgbMQxxT926IcFqf70aJDzeVQI3lGCqN9GW03d+wPr +LoyeQBQKNxxfQ9fEOvp1AXGWFIYYtEZIvQBpIqaSaA7W5IzqfDuO9xG89DNn8zKK +nh/mbYJov/fywhBU6JH7bqdFSHbqoG9TY64s0BkV6shIVOubXLSG5G7LxXhw+xrb +0zl4ie2wCeCBOLdbGHc+o2sKo1rBEz6UBK2DesPfkzxBO7lfa9HTcN03UJPHXmzb +2mCbeFV8yPsTAoaGv4qZH1+FX+9Lv374xTSXa4CjQzSxd0dkZGG+YQjocoPftgsC +OVsiqW0WhRVIEJ+hBAMUmQENBFcGiPEBCAC7sCnaZqWxfXNgBC7P28BSDUs9w4y/ +PEFsOv9bpgbgZagX1FnhG0eV71nm0p8v9T8Bft1eXaBd977Dq9pgk5qKO0xZo8fC +8prFqB5db7fMUvPZCuJTTb6lGMz4OdfT6aHqUvJ+LFF1mKn8Eqt1Q4snHGSL1PI3 +/+435qDRQsU15GdYrj1waNJKk79aes9oguaI2/OTQqzIcOFK5tJjlSOD1ryOIH1e +8vD+5MMpGvsRxv3sQHeTZkfZbkzSLFg/LKpoiQkyql1+BLNhBYq8oaE/jlvQrTEk +bAyKpMScdyHwmkWWKjyZtXTrAtlComnki4yC2lAV9MXINHHvNJBcIXvVABEBAAG0 +IERhbmllbCBTdGVuYmVyZyA8ZGFuaWVsQGhheHguc2U+iQE3BBMBCgAhBQJXBojx +AhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEFzJCP23HhLCOKkH/1CyoKiN +2PCgTlWoYQspv/AAmsj+cFwZobI167KowA+o3zxQqxg0MV3ds8G+iig9OIuYurlQ +L5Jr3CbDltaiXdWtVteRh/VKp61EwyXq77vjJbx81hvOuaXWWLSlU0KB3w7Hj6aD +/mt16DpOcY9Aw90mKyvafRTqMF7TcT7J5HeGn2NL45dPkAhiMDEgEnw9yBTxK/x6 +UoQGPgiOWxSSN7Foj3mhUOflp8W0rnkLbJ4icpym6WuLKRMKAefDvk8GVlAWuXAb +9gloL1P6u3uNHllq/IODR2bZUBI0QNKhvt0iSj7WKsc/kaqscl+AE9jd/6kXd6vh +TNFWdzeco/2mGlaIRgQQEQoABgUCVwaJ/AAKCRB44RxrJ51ckWcaAKCJ6+arS/3k +IMcO14Jz8dVf2BH3OACgwTenVSsK66qi+VfGCoALpzpiLDO5AQ0EVwaI8QEIAOxQ +AEvF3idxcn80tbUhJg1J98fAS7Hx3WhlFG74uAikZQl1KZrprBu70RWTb7Nm1tvZ +eXW65IlY7kk42bhfYDs1JrIPWOWKvVwKWDxoEbYgW/yvy1TOuXH276zbxLl5OEE8 +sQuOfXZsFSX2IPF9hsgNGaNzor8Ke7Y5BuCQLcGZWW5dLFbbKRKjXG8CaWmsJVoI +c2nyXCAss2q9oCJ13X/5z+Ei392rwi1d3NxAYkSiDQan+fkWkCvZH+dHmFjQ1AND +KielxcW1VfilK1hu9ziBBDf8TCEud/q0woIAH7rvIft4i3CqjymonByE4/OjfH8j +4EteQ8qoknMCjjwNVqkAEQEAAYkBHwQYAQoACQUCVwaI8QIbDAAKCRBcyQj9tx4S +wupjB/9TV4anbZK58bN7QJ5qGnU3GNjlvWFZXMw1u1xVc7abDJyqmFeJcJ4qLUkv +BA0OsvlVnMWmeCmzsXhlQVM4Bv6IWyr7JBWgkK5q2CWVB59V7v7znf5kWnMGFhDF +PlLsGbxDWLMoZGH+Iy84whMJFgferwCJy1dND/bHXPztfhvFXi8NNlJUFJa8Xtmu +gm78C+nwNHcFpVC70HPr3oa8U1ODXMp7L8W/dL3eLYXmRCNd0urHgYrzDt6V/zf5 +ymvPk5w4HBocn2oRCJj/FXKhFAUptmpTE3g1yvYULmuFcNGAnPAExmAmd6NqsCmb +j/qx4ytjt5uxt6Jm6IXV9cry8i6x +=Phs/ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/sources b/sources index 5c08420..fa93d12 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (libssh2-1.10.0.tar.gz) = e064ee1089eb8e6cd5fa2617f4fd8ff56c2721c5476775a98bdb68c6c4ee4d05c706c3bb0eb479a27a8ec0b17a8a5ef43e1d028ad3f134519aa582d3981a3a30 +SHA512 (libssh2-1.10.0.tar.gz.asc) = cfdd59406f1c22bb2a9c6b7d43442630bc889a339cea7ac968edb638022918b1cc961caf3a2a4b6bf8fc8bc582deb6ac927b6be31a11325372eb017f2bf19cf4 From 66974e7345b82a16d8b9011a4877396abb82e4cb Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 19 Jan 2023 17:32:36 +0000 Subject: [PATCH 6/9] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- libssh2.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libssh2.spec b/libssh2.spec index 45c5941..eff1dcc 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 Version: 1.10.0 -Release: 6%{?dist} +Release: 7%{?dist} Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ @@ -110,6 +110,9 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/pkgconfig/libssh2.pc %changelog +* Thu Jan 19 2023 Fedora Release Engineering - 1.10.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Fri Oct 28 2022 Todd Zullinger - 1.10.0-6 - Verify upstream release signatures From 96fdcab14390182985ec948fca4407016961553d Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Fri, 20 Jan 2023 09:26:55 +0000 Subject: [PATCH 7/9] Use SPDX-format license tag --- libssh2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libssh2.spec b/libssh2.spec index eff1dcc..e4e9a65 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -2,7 +2,7 @@ Name: libssh2 Version: 1.10.0 Release: 7%{?dist} Summary: A library implementing the SSH2 protocol -License: BSD +License: BSD-3-Clause URL: https://www.libssh2.org/ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz Source1: https://libssh2.org/download/libssh2-%{version}.tar.gz.asc From c797fc9e3e0a7c01918be7356ba3af192e39a076 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Thu, 1 Jun 2023 08:52:34 +0100 Subject: [PATCH 8/9] Update to 1.11.0 (rhbz#2211200) - New upstream release 1.11.0 - Adds support for encrypt-then-mac (ETM) MACs - Adds support for AES-GCM crypto protocols - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys - Adds support for RSA certificate authentication - Adds FIDO support with *_sk() functions - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends - Adds Agent Forwarding and libssh2_agent_sign() - Adds support for Channel Signal message libssh2_channel_signal_ex() - Adds support to get the user auth banner message libssh2_userauth_banner() - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() - Adds wolfSSL support to CMake file - Adds mbedTLS 3.x support - Adds LibreSSL 3.5 support - Adds support for CMake "unity" builds - Adds CMake support for building shared and static libs in a single pass - Adds symbol hiding support to CMake - Adds support for libssh2.rc for all build tools - Adds .zip, .tar.xz and .tar.bz2 release tarballs - Enables ed25519 key support for LibreSSL 3.7.0 or higher - Improves OpenSSL 1.1 and 3 compatibility - Now requires OpenSSL 1.0.2 or newer - Now requires CMake 3.1 or newer - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs - SFTP: No longer has a packet limit when reading a directory - SFTP: Now parses attribute extensions if they exist - SFTP: No longer will busy loop if SFTP fails to initialize - SFTP: Now clear various errors as expected - SFTP: No longer skips files if the line buffer is too small - SCP: Add option to not quote paths - SCP: Enables 64-bit offset support unconditionally - Now skips leading \r and \n characters in banner_receive() - Enables secure memory zeroing with all build tools on all platforms - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive - Speed up base64 encoding by 7x Assert if there is an attempt to write a value that is too large - WinCNG: fix memory leak in _libssh2_dh_secret() - Added protection against possible null pointer dereferences - Agent now handles overly large comment lengths - Now ensure KEX replies don't include extra bytes - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER - Fixed possible buffer overflow in keyboard interactive code path - Fixed overlapping memcpy() - Fixed Windows UWP builds - Fixed DLL import name - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows - Support for building with gcc versions older than 8 - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files - Restores ANSI C89 compliance - Enabled new compiler warnings and fixed/silenced them - Improved error messages - Now uses CIFuzz - Numerous minor code improvements - Improvements to CI builds - Improvements to unit tests - Improvements to doc files - Improvements to example files - Removed "old gex" build option - Removed no-encryption/no-mac builds - Removed support for NetWare and Watcom wmake build files - Avoid use of deprecated patch syntax - Build static library but don't package it since it's required for the test suite (https://github.com/libssh2/libssh2/issues/1056) - Remove redundant references to %{_libdir} from pkgconfig file - Add patch to work around strict permissions issues for sshd tests --- libssh2-1.10.0-ssh-rsa-test.patch | 19 ----- libssh2-1.11.0-ssh-rsa-test.patch | 17 +++++ libssh2-1.11.0-strict-modes.patch | 15 ++++ libssh2.spec | 114 ++++++++++++++++++++++++++---- sources | 4 +- 5 files changed, 136 insertions(+), 33 deletions(-) delete mode 100644 libssh2-1.10.0-ssh-rsa-test.patch create mode 100644 libssh2-1.11.0-ssh-rsa-test.patch create mode 100644 libssh2-1.11.0-strict-modes.patch diff --git a/libssh2-1.10.0-ssh-rsa-test.patch b/libssh2-1.10.0-ssh-rsa-test.patch deleted file mode 100644 index 8485f14..0000000 --- a/libssh2-1.10.0-ssh-rsa-test.patch +++ /dev/null @@ -1,19 +0,0 @@ -In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, -so we need to re-enable them as a workaround for the test -suite until upstream updates the tests. - -See: https://github.com/libssh2/libssh2/issues/630 - ---- tests/ssh2.sh -+++ tests/ssh2.sh -@@ -25,7 +25,8 @@ $SSHD -f /dev/null -h "$srcdir"/etc/host - -o 'Port 4711' \ - -o 'Protocol 2' \ - -o "AuthorizedKeysFile $srcdir/etc/user.pub" \ -- -o 'UsePrivilegeSeparation no' \ -+ -o 'HostKeyAlgorithms +ssh-rsa' \ -+ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \ - -o 'StrictModes no' \ - -D \ - $libssh2_sshd_params & - diff --git a/libssh2-1.11.0-ssh-rsa-test.patch b/libssh2-1.11.0-ssh-rsa-test.patch new file mode 100644 index 0000000..2fa3f0a --- /dev/null +++ b/libssh2-1.11.0-ssh-rsa-test.patch @@ -0,0 +1,17 @@ +In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, +so we need to re-enable them as a workaround for the test +suite until upstream updates the tests. + +See: https://github.com/libssh2/libssh2/issues/630 + +--- tests/test_sshd.test ++++ tests/test_sshd.test +@@ -79,6 +79,8 @@ chmod go-rwx \ + -o "AuthorizedKeysFile ${PUBKEY} ${d}/openssh_server/authorized_keys" \ + -o "TrustedUserCAKeys ${cakeys}" \ + -o 'PermitRootLogin yes' \ ++ -o 'HostKeyAlgorithms +ssh-rsa' \ ++ -o 'PubkeyAcceptedAlgorithms +ssh-rsa' \ + -D \ + ${SSHD_FLAGS} & + sshdpid=$! diff --git a/libssh2-1.11.0-strict-modes.patch b/libssh2-1.11.0-strict-modes.patch new file mode 100644 index 0000000..45a7cf3 --- /dev/null +++ b/libssh2-1.11.0-strict-modes.patch @@ -0,0 +1,15 @@ +Group-writeable directories in the hierarchy above where we +run the tests from can cause failures due to openssh's strict +permissions checks. Adding this option helps the tests to run +more reliably on a variety of build systems. + +--- tests/test_sshd.test ++++ tests/test_sshd.test +@@ -71,6 +71,7 @@ chmod go-rwx \ + # shellcheck disable=SC2086 + "${SSHD}" \ + -f "${SSHD_FIXTURE_CONFIG:-${d}/openssh_server/sshd_config}" \ ++ -o 'StrictModes no' \ + -o 'Port 4711' \ + -h "${d}/openssh_server/ssh_host_rsa_key" \ + -h "${d}/openssh_server/ssh_host_ecdsa_key" \ diff --git a/libssh2.spec b/libssh2.spec index e4e9a65..e762f87 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -1,6 +1,6 @@ Name: libssh2 -Version: 1.10.0 -Release: 7%{?dist} +Version: 1.11.0 +Release: 1%{?dist} Summary: A library implementing the SSH2 protocol License: BSD-3-Clause URL: https://www.libssh2.org/ @@ -8,14 +8,16 @@ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz Source1: https://libssh2.org/download/libssh2-%{version}.tar.gz.asc # Daniel Stenberg's GPG keys; linked from https://daniel.haxx.se/address.html Source2: https://daniel.haxx.se/mykey.asc -Patch1: libssh2-1.10.0-ssh-rsa-test.patch +Patch1: libssh2-1.11.0-strict-modes.patch +Patch2: libssh2-1.11.0-ssh-rsa-test.patch BuildRequires: coreutils BuildRequires: findutils BuildRequires: gcc BuildRequires: gnupg2 BuildRequires: make -BuildRequires: openssl-devel > 1:1.0.1 +BuildRequires: openssl-devel > 1:1.0.2 +BuildRequires: pkgconfig BuildRequires: sed BuildRequires: zlib-devel BuildRequires: /usr/bin/man @@ -58,32 +60,51 @@ developing applications that use libssh2. %{gpgverify} --keyring='%{SOURCE2}' --signature='%{SOURCE1}' --data='%{SOURCE0}' %setup -q +# Group-writeable directories in the hierarchy above where we +# run the tests from can cause failures due to openssh's strict +# permissions checks. Adding this option helps the tests to run +# more reliably on a variety of build systems. +%patch -P 1 + # In 8.8 OpenSSH disabled sha1 rsa-sha keys out of the box, # so we need to re-enable them as a workaround for the test # suite until upstream updates the tests. # See: https://github.com/libssh2/libssh2/issues/630 %if 0%{?fedora} > 33 || 0%{?rhel} > 8 -%patch1 +%patch -P 2 %endif # Replace hard wired port number in the test suite to avoid collisions # between 32-bit and 64-bit builds running on a single build-host -sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh} +sed -i s/4711/47%{?__isa_bits}/ tests/{openssh_fixture.c,test_ssh{2.c,d.test}} %build -%configure --disable-silent-rules --disable-static --enable-shared +# Test suite fails to compile if we use --disable-static +# https://github.com/libssh2/libssh2/issues/1056 +%configure \ + --disable-silent-rules \ + --enable-shared \ + --disable-docker-tests %{make_build} %install %{make_install} INSTALL="install -p" find %{buildroot} -name '*.la' -delete -# clean things up a bit for packaging +# Remove static library that we only built for testing +rm -v %{buildroot}%{_libdir}/libssh2.a + +# Clean things up a bit for packaging make -C example clean -rm -rf example/.deps -find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete +find example/ -type f \ + '(' -name '*.am' -o -name '*.in' -o -name CMakeLists.txt ')' \ + -print -delete -# avoid multilib conflict on libssh2-devel +# Remove redundant references to libdir in pkg-config file +sed -i -e 's|-L%{_libdir} ||g' \ + -e 's|-L[$]{libdir} ||g' %{buildroot}%{_libdir}/pkgconfig/libssh2.pc + +# Avoid multilib conflict on libssh2-devel mv -v example example.%{_arch} %check @@ -98,7 +119,7 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/libssh2.so.1.* %files docs -%doc docs/BINDINGS docs/HACKING docs/TODO NEWS +%doc docs/BINDINGS.md docs/HACKING.md docs/TODO NEWS %{_mandir}/man3/libssh2_*.3* %files devel @@ -110,6 +131,75 @@ LC_ALL=en_US.UTF-8 make -C tests check %{_libdir}/pkgconfig/libssh2.pc %changelog +* Thu Jun 1 2023 Paul Howarth - 1.11.0-1 +- Update to 1.11.0 (rhbz#2211200) + - Adds support for encrypt-then-mac (ETM) MACs + - Adds support for AES-GCM crypto protocols + - Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys + - Adds support for RSA certificate authentication + - Adds FIDO support with *_sk() functions + - Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends + - Adds Agent Forwarding and libssh2_agent_sign() + - Adds support for Channel Signal message libssh2_channel_signal_ex() + - Adds support to get the user auth banner message libssh2_userauth_banner() + - Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, + AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options + - Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex() + - Adds wolfSSL support to CMake file + - Adds mbedTLS 3.x support + - Adds LibreSSL 3.5 support + - Adds support for CMake "unity" builds + - Adds CMake support for building shared and static libs in a single pass + - Adds symbol hiding support to CMake + - Adds support for libssh2.rc for all build tools + - Adds .zip, .tar.xz and .tar.bz2 release tarballs + - Enables ed25519 key support for LibreSSL 3.7.0 or higher + - Improves OpenSSL 1.1 and 3 compatibility + - Now requires OpenSSL 1.0.2 or newer + - Now requires CMake 3.1 or newer + - SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs + - SFTP: No longer has a packet limit when reading a directory + - SFTP: Now parses attribute extensions if they exist + - SFTP: No longer will busy loop if SFTP fails to initialize + - SFTP: Now clear various errors as expected + - SFTP: No longer skips files if the line buffer is too small + - SCP: Add option to not quote paths + - SCP: Enables 64-bit offset support unconditionally + - Now skips leading \r and \n characters in banner_receive() + - Enables secure memory zeroing with all build tools on all platforms + - No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive + - Speed up base64 encoding by 7x + - Assert if there is an attempt to write a value that is too large + - WinCNG: fix memory leak in _libssh2_dh_secret() + - Added protection against possible null pointer dereferences + - Agent now handles overly large comment lengths + - Now ensure KEX replies don't include extra bytes + - Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER + - Fixed possible buffer overflow in keyboard interactive code path + - Fixed overlapping memcpy() + - Fixed Windows UWP builds + - Fixed DLL import name + - Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows + - Support for building with gcc versions older than 8 + - Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files + - Restores ANSI C89 compliance + - Enabled new compiler warnings and fixed/silenced them + - Improved error messages + - Now uses CIFuzz + - Numerous minor code improvements + - Improvements to CI builds + - Improvements to unit tests + - Improvements to doc files + - Improvements to example files + - Removed "old gex" build option + - Removed no-encryption/no-mac builds + - Removed support for NetWare and Watcom wmake build files +- Avoid use of deprecated patch syntax +- Build static library but don't package it since it's required for the + test suite (https://github.com/libssh2/libssh2/issues/1056) +- Remove redundant references to %%{_libdir} from pkgconfig file +- Add patch to work around strict permissions issues for sshd tests + * Thu Jan 19 2023 Fedora Release Engineering - 1.10.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/sources b/sources index fa93d12..bc2ad57 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (libssh2-1.10.0.tar.gz) = e064ee1089eb8e6cd5fa2617f4fd8ff56c2721c5476775a98bdb68c6c4ee4d05c706c3bb0eb479a27a8ec0b17a8a5ef43e1d028ad3f134519aa582d3981a3a30 -SHA512 (libssh2-1.10.0.tar.gz.asc) = cfdd59406f1c22bb2a9c6b7d43442630bc889a339cea7ac968edb638022918b1cc961caf3a2a4b6bf8fc8bc582deb6ac927b6be31a11325372eb017f2bf19cf4 +SHA512 (libssh2-1.11.0.tar.gz) = ef85e152dc252bd9b1c05276972b9c22313f5d492743dde090235742746d67f634f2a419eff9162132e2274c8582113b75279b074e0c7b34b2526b92fd1a1e8e +SHA512 (libssh2-1.11.0.tar.gz.asc) = 6187582a94be24d9ca68963b6d139982e8527378aee7ef8a4cbc0f5c2bae8aee4552e32ec85eb290ec4e940f1d6ebf6737f92468215e0b43b245762753bb2647 From 3f800de8c48323a10f12fe9aad9371bc56dec91f Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Fri, 8 Dec 2023 16:33:37 +0300 Subject: [PATCH 9/9] Change files format --- .gitignore | 3 --- .../libssh2-1.11.0-ssh-rsa-test.patch | 0 .../libssh2-1.11.0-strict-modes.patch | 0 mykey.asc => SOURCES/mykey.asc | 0 libssh2.spec => SPECS/libssh2.spec | 0 sources | 2 -- 6 files changed, 5 deletions(-) delete mode 100644 .gitignore rename libssh2-1.11.0-ssh-rsa-test.patch => SOURCES/libssh2-1.11.0-ssh-rsa-test.patch (100%) rename libssh2-1.11.0-strict-modes.patch => SOURCES/libssh2-1.11.0-strict-modes.patch (100%) rename mykey.asc => SOURCES/mykey.asc (100%) rename libssh2.spec => SPECS/libssh2.spec (100%) delete mode 100644 sources diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 7483adc..0000000 --- a/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/libssh2-[0-9.]*/ -/libssh2-[0-9.]*.tar.gz -/libssh2-[0-9.]*.tar.gz.asc diff --git a/libssh2-1.11.0-ssh-rsa-test.patch b/SOURCES/libssh2-1.11.0-ssh-rsa-test.patch similarity index 100% rename from libssh2-1.11.0-ssh-rsa-test.patch rename to SOURCES/libssh2-1.11.0-ssh-rsa-test.patch diff --git a/libssh2-1.11.0-strict-modes.patch b/SOURCES/libssh2-1.11.0-strict-modes.patch similarity index 100% rename from libssh2-1.11.0-strict-modes.patch rename to SOURCES/libssh2-1.11.0-strict-modes.patch diff --git a/mykey.asc b/SOURCES/mykey.asc similarity index 100% rename from mykey.asc rename to SOURCES/mykey.asc diff --git a/libssh2.spec b/SPECS/libssh2.spec similarity index 100% rename from libssh2.spec rename to SPECS/libssh2.spec diff --git a/sources b/sources deleted file mode 100644 index bc2ad57..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (libssh2-1.11.0.tar.gz) = ef85e152dc252bd9b1c05276972b9c22313f5d492743dde090235742746d67f634f2a419eff9162132e2274c8582113b75279b074e0c7b34b2526b92fd1a1e8e -SHA512 (libssh2-1.11.0.tar.gz.asc) = 6187582a94be24d9ca68963b6d139982e8527378aee7ef8a4cbc0f5c2bae8aee4552e32ec85eb290ec4e940f1d6ebf6737f92468215e0b43b245762753bb2647