Update to 1.4.1

- New upstream release 1.4.1
  - Build error with gcrypt backend
  - Always do "forced" window updates to avoid corner case stalls
  - aes: the init function fails when OpenSSL has AES support
  - transport_send: finish in-progress key exchange before sending data
  - channel_write: acknowledge transport errors
  - examples/x11.c: make sure sizeof passed to read operation is correct
  - examples/x11.c: fix suspicious sizeof usage
  - sftp_packet_add: verify the packet before accepting it
  - SFTP: preserve the original error code more
  - sftp_packet_read: adjust window size as necessary
  - Use safer snprintf rather then sprintf in several places
  - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
  - sftp_write: cannot return acked data *and* EAGAIN
  - sftp_read: avoid data *and* EAGAIN
  - libssh2.h: add missing prototype for libssh2_session_banner_set()
- Drop upstream patches now included in release tarball

libssh2-1.4.0-c4a0e0.patch

@@ -1,28 +0,0 @@
-From b3ade9a63e881e69b4c9cfe7b5dbad78dcc4a0e0 Mon Sep 17 00:00:00 2001
-From: Peter Stuge <peter@stuge.se>
-Date: Wed, 1 Feb 2012 09:53:44 +0100
-Subject: [PATCH] Fix undefined reference to _libssh_error in libgcrypt
- backend
-
-Commit 209de22299b4b58e582891dfba70f57e1e0492db introduced a function
-call to a non-existing function, and since then the libgcrypt backend
-has not been buildable.
----
- src/libgcrypt.c |    2 +-
- 1 files changed, 1 insertions(+), 1 deletions(-)
-
-diff --git a/src/libgcrypt.c b/src/libgcrypt.c
-index 1bda5ee..5c2787b 100644
---- a/src/libgcrypt.c
-+++ b/src/libgcrypt.c
-@@ -581,7 +581,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
-                           const char *privatekey,
-                           const char *passphrase)
- {
--    return _libssh_error(session, LIBSSH2_ERROR_FILE,
-+    return _libssh2_error(session, LIBSSH2_ERROR_FILE,
-                          "Unable to extract public key from private key file: "
-                          "Method unimplemented in libgcrypt backend");
- }
--- 
-1.7.6.1

libssh2-1.4.0-cc4f9d.patch

@@ -1,58 +0,0 @@
-commit cc4f9d5679278ce41cd5480fab3f5e71dba163ed
-Author: Matthew Booth <mbooth@redhat.com>
-Date:   Fri Mar 16 16:29:00 2012 +0100
-
-    transport_send: Finish in-progress key exchange before sending data
-    
-    _libssh2_channel_write() first reads outstanding packets before writing
-    new data. If it reads a key exchange request, it will immediately start
-    key re-exchange, which will require sending a response. If the output
-    socket is full, this will result in a return from
-    _libssh2_transport_read() of LIBSSH2_ERROR_EAGAIN. In order not to block
-    a write because there is no data to read, this error is explicitly
-    ignored and the code continues marshalling a packet for sending. When it
-    is sent, the remote end immediately drops the connection because it was
-    expecting a continuation of the key exchange, but got a data packet.
-    
-    This change adds the same check for key exchange to
-    _libssh2_transport_send() that is in _libssh2_transport_read(). This
-    ensures that key exchange is completed before any data packet is sent.
-
-diff --git a/src/transport.c b/src/transport.c
-index 057dcf5..95b9a3a 100644
---- a/src/transport.c
-+++ b/src/transport.c
-@@ -296,7 +296,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
-          * is done!
-          */
-         _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the"
--                       " key re-exchange");
-+                       " key re-exchange from _libssh2_transport_read");
-         rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state);
-         if (rc)
-             return rc;
-@@ -687,6 +687,24 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session,
-     const unsigned char *orgdata = data;
-     size_t orgdata_len = data_len;
- 
-+    /*
-+     * If the last read operation was interrupted in the middle of a key
-+     * exchange, we must complete that key exchange before continuing to write
-+     * further data.
-+     *
-+     * See the similar block in _libssh2_transport_read for more details.
-+     */
-+    if (session->state & LIBSSH2_STATE_EXCHANGING_KEYS &&
-+        !(session->state & LIBSSH2_STATE_KEX_ACTIVE)) {
-+        /* Don't write any new packets if we're still in the middle of a key
-+         * exchange. */
-+        _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the"
-+                       " key re-exchange from _libssh2_transport_send");
-+        rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state);
-+        if (rc)
-+            return rc;
-+    }
-+
-     debugdump(session, "libssh2_transport_write plain", data, data_len);
-     if(data2)
-         debugdump(session, "libssh2_transport_write plain2", data2, data2_len);

libssh2-1.4.0-f4f229.patch

@@ -1,60 +0,0 @@
-From f4f2298ef3635acd031cc2ee0e71026cdcda5864 Mon Sep 17 00:00:00 2001
-From: Paul Howarth <paul@city-fan.org>
-Date: Sun, 18 Mar 2012 12:07:27 +0000
-Subject: [PATCH] aes: the init function fails when OpenSSL has AES support
-
-The internal init function only worked fine when the configure script
-didn't detect the OpenSSL AES_CTR function!
-
-Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml
-Reported by: Paul Howarth
----
- src/openssl.c |    4 +++-
- src/openssl.h |    6 ------
- 2 files changed, 3 insertions(+), 7 deletions(-)
-
-diff --git a/src/openssl.c b/src/openssl.c
-index 40818c0..481982c 100644
---- a/src/openssl.c
-+++ b/src/openssl.c
-@@ -201,7 +201,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
-     return ret == 1 ? 0 : 1;
- }
- 
--#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
-+#if LIBSSH2_AES_CTR
- 
- #include <openssl/aes.h>
- #include <openssl/evp.h>
-@@ -358,6 +358,8 @@ void _libssh2_init_aes_ctr(void)
-     _libssh2_EVP_aes_256_ctr();
- }
- 
-+#else
-+void _libssh2_init_aes_ctr(void) {}
- #endif /* LIBSSH2_AES_CTR */
- 
- /* TODO: Optionally call a passphrase callback specified by the
-diff --git a/src/openssl.h b/src/openssl.h
-index a196184..6d2aeed 100644
---- a/src/openssl.h
-+++ b/src/openssl.h
-@@ -148,15 +148,9 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char
- #define _libssh2_cipher_aes256 EVP_aes_256_cbc
- #define _libssh2_cipher_aes192 EVP_aes_192_cbc
- #define _libssh2_cipher_aes128 EVP_aes_128_cbc
--#ifdef HAVE_EVP_AES_128_CTR
--#define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
--#define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
--#define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
--#else
- #define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
- #define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
- #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
--#endif
- #define _libssh2_cipher_blowfish EVP_bf_cbc
- #define _libssh2_cipher_arcfour EVP_rc4
- #define _libssh2_cipher_cast5 EVP_cast5_cbc
--- 
-1.7.7.6
-

libssh2-1.4.0-fed075.patch

@@ -1,34 +0,0 @@
-From fed075972080ed705bd79b731c40cf5e73085aeb Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Thu, 15 Mar 2012 13:03:08 +0100
-Subject: [PATCH] channel_write: acknowledge transport errors
-
-When draining data off the socket with _libssh2_transport_read() (which
-in turn has to be done so that we can be sure to have read any possible
-window-increasing packets), this code previously ignored errors which
-could lead to nasty loops. Now all error codes except EAGAIN will cause
-the error to be returned at once.
-
-Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0068.shtml
-Reported by: Matthew Booth
----
- src/channel.c |    3 +++
- 1 files changed, 3 insertions(+), 0 deletions(-)
-
-diff --git a/src/channel.c b/src/channel.c
-index 8d6fb0a..9e29492 100644
---- a/src/channel.c
-+++ b/src/channel.c
-@@ -2008,6 +2008,9 @@ _libssh2_channel_write(LIBSSH2_CHANNEL *channel, int stream_id,
-             rc = _libssh2_transport_read(session);
-         while (rc > 0);
- 
-+        if((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN))
-+            return rc;
-+
-         if(channel->local.window_size <= 0)
-             /* there's no room for data so we stop */
-             return (rc==LIBSSH2_ERROR_EAGAIN?rc:0);
--- 
-1.7.1
-

libssh2.spec

@@ -8,18 +8,14 @@
 %endif
 
 Name:		libssh2
-Version:	1.4.0
-Release:	4%{?dist}
+Version:	1.4.1
+Release:	1%{?dist}
 Summary:	A library implementing the SSH2 protocol
 Group:		System Environment/Libraries
 License:	BSD
 URL:		http://www.libssh2.org/
 Source0:	http://libssh2.org/download/libssh2-%{version}.tar.gz
 Patch0:		libssh2-1.2.9-utf8.patch
-Patch1:		libssh2-1.4.0-c4a0e0.patch
-Patch2:		libssh2-1.4.0-cc4f9d.patch
-Patch3:		libssh2-1.4.0-f4f229.patch
-Patch4:		libssh2-1.4.0-fed075.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildRequires:	openssl-devel
 BuildRequires:	zlib-devel
@@ -69,19 +65,6 @@ developing applications that use libssh2.
 # Make sure things are UTF-8...
 %patch0 -p1
 
-# Fix undefined reference to _libssh_error in libgcrypt (upstream patch)
-%patch1 -p1
-
-# Fix libssh2 failing key re-exchange when write channel is saturated
-# (upstream patch, #804156)
-%patch2 -p1
-
-# Don't try to use openssl's AES-CTR functions (upstream patch)
-%patch3 -p1
-
-# Don't ignore transport errors in channel_write (upstream patch, #804150)
-%patch4 -p1
-
 # Make sshd transition appropriately if building in an SELinux environment
 chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
 chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
@@ -143,6 +126,25 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/libssh2.pc
 
 %changelog
+* Thu Apr  5 2012 Paul Howarth <paul@city-fan.org> 1.4.1-1
+- Update to 1.4.1
+  - Build error with gcrypt backend
+  - Always do "forced" window updates to avoid corner case stalls
+  - aes: the init function fails when OpenSSL has AES support
+  - transport_send: finish in-progress key exchange before sending data
+  - channel_write: acknowledge transport errors
+  - examples/x11.c: make sure sizeof passed to read operation is correct
+  - examples/x11.c: fix suspicious sizeof usage
+  - sftp_packet_add: verify the packet before accepting it
+  - SFTP: preserve the original error code more
+  - sftp_packet_read: adjust window size as necessary
+  - Use safer snprintf rather then sprintf in several places
+  - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
+  - sftp_write: cannot return acked data *and* EAGAIN
+  - sftp_read: avoid data *and* EAGAIN
+  - libssh2.h: add missing prototype for libssh2_session_banner_set()
+- Drop upstream patches now included in release tarball
+
 * Mon Mar 19 2012 Kamil Dudka <kdudka@redhat.com> 1.4.0-4
 - Don't ignore transport errors when writing to channel (#804150)
 

sources

@@ -1 +1 @@
-ee670161d8c5dff93ae84a3f34f15669  libssh2-1.4.0.tar.gz
+b94106e046af37fdc0734e487842fe66  libssh2-1.4.1.tar.gz