From e3d0f1a309ca614c5ded4a57f52452d31f2c2147 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Thu, 5 Apr 2012 10:46:49 +0100 Subject: [PATCH] Update to 1.4.1 - New upstream release 1.4.1 - Build error with gcrypt backend - Always do "forced" window updates to avoid corner case stalls - aes: the init function fails when OpenSSL has AES support - transport_send: finish in-progress key exchange before sending data - channel_write: acknowledge transport errors - examples/x11.c: make sure sizeof passed to read operation is correct - examples/x11.c: fix suspicious sizeof usage - sftp_packet_add: verify the packet before accepting it - SFTP: preserve the original error code more - sftp_packet_read: adjust window size as necessary - Use safer snprintf rather then sprintf in several places - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET - sftp_write: cannot return acked data *and* EAGAIN - sftp_read: avoid data *and* EAGAIN - libssh2.h: add missing prototype for libssh2_session_banner_set() - Drop upstream patches now included in release tarball --- libssh2-1.4.0-c4a0e0.patch | 28 ------------------ libssh2-1.4.0-cc4f9d.patch | 58 ------------------------------------ libssh2-1.4.0-f4f229.patch | 60 -------------------------------------- libssh2-1.4.0-fed075.patch | 34 --------------------- libssh2.spec | 40 +++++++++++++------------ sources | 2 +- 6 files changed, 22 insertions(+), 200 deletions(-) delete mode 100644 libssh2-1.4.0-c4a0e0.patch delete mode 100644 libssh2-1.4.0-cc4f9d.patch delete mode 100644 libssh2-1.4.0-f4f229.patch delete mode 100644 libssh2-1.4.0-fed075.patch diff --git a/libssh2-1.4.0-c4a0e0.patch b/libssh2-1.4.0-c4a0e0.patch deleted file mode 100644 index 6fb4c44..0000000 --- a/libssh2-1.4.0-c4a0e0.patch +++ /dev/null @@ -1,28 +0,0 @@ -From b3ade9a63e881e69b4c9cfe7b5dbad78dcc4a0e0 Mon Sep 17 00:00:00 2001 -From: Peter Stuge -Date: Wed, 1 Feb 2012 09:53:44 +0100 -Subject: [PATCH] Fix undefined reference to _libssh_error in libgcrypt - backend - -Commit 209de22299b4b58e582891dfba70f57e1e0492db introduced a function -call to a non-existing function, and since then the libgcrypt backend -has not been buildable. ---- - src/libgcrypt.c | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/src/libgcrypt.c b/src/libgcrypt.c -index 1bda5ee..5c2787b 100644 ---- a/src/libgcrypt.c -+++ b/src/libgcrypt.c -@@ -581,7 +581,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session, - const char *privatekey, - const char *passphrase) - { -- return _libssh_error(session, LIBSSH2_ERROR_FILE, -+ return _libssh2_error(session, LIBSSH2_ERROR_FILE, - "Unable to extract public key from private key file: " - "Method unimplemented in libgcrypt backend"); - } --- -1.7.6.1 diff --git a/libssh2-1.4.0-cc4f9d.patch b/libssh2-1.4.0-cc4f9d.patch deleted file mode 100644 index 33e5e4d..0000000 --- a/libssh2-1.4.0-cc4f9d.patch +++ /dev/null @@ -1,58 +0,0 @@ -commit cc4f9d5679278ce41cd5480fab3f5e71dba163ed -Author: Matthew Booth -Date: Fri Mar 16 16:29:00 2012 +0100 - - transport_send: Finish in-progress key exchange before sending data - - _libssh2_channel_write() first reads outstanding packets before writing - new data. If it reads a key exchange request, it will immediately start - key re-exchange, which will require sending a response. If the output - socket is full, this will result in a return from - _libssh2_transport_read() of LIBSSH2_ERROR_EAGAIN. In order not to block - a write because there is no data to read, this error is explicitly - ignored and the code continues marshalling a packet for sending. When it - is sent, the remote end immediately drops the connection because it was - expecting a continuation of the key exchange, but got a data packet. - - This change adds the same check for key exchange to - _libssh2_transport_send() that is in _libssh2_transport_read(). This - ensures that key exchange is completed before any data packet is sent. - -diff --git a/src/transport.c b/src/transport.c -index 057dcf5..95b9a3a 100644 ---- a/src/transport.c -+++ b/src/transport.c -@@ -296,7 +296,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) - * is done! - */ - _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the" -- " key re-exchange"); -+ " key re-exchange from _libssh2_transport_read"); - rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state); - if (rc) - return rc; -@@ -687,6 +687,24 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session, - const unsigned char *orgdata = data; - size_t orgdata_len = data_len; - -+ /* -+ * If the last read operation was interrupted in the middle of a key -+ * exchange, we must complete that key exchange before continuing to write -+ * further data. -+ * -+ * See the similar block in _libssh2_transport_read for more details. -+ */ -+ if (session->state & LIBSSH2_STATE_EXCHANGING_KEYS && -+ !(session->state & LIBSSH2_STATE_KEX_ACTIVE)) { -+ /* Don't write any new packets if we're still in the middle of a key -+ * exchange. */ -+ _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the" -+ " key re-exchange from _libssh2_transport_send"); -+ rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state); -+ if (rc) -+ return rc; -+ } -+ - debugdump(session, "libssh2_transport_write plain", data, data_len); - if(data2) - debugdump(session, "libssh2_transport_write plain2", data2, data2_len); diff --git a/libssh2-1.4.0-f4f229.patch b/libssh2-1.4.0-f4f229.patch deleted file mode 100644 index 2dee81a..0000000 --- a/libssh2-1.4.0-f4f229.patch +++ /dev/null @@ -1,60 +0,0 @@ -From f4f2298ef3635acd031cc2ee0e71026cdcda5864 Mon Sep 17 00:00:00 2001 -From: Paul Howarth -Date: Sun, 18 Mar 2012 12:07:27 +0000 -Subject: [PATCH] aes: the init function fails when OpenSSL has AES support - -The internal init function only worked fine when the configure script -didn't detect the OpenSSL AES_CTR function! - -Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml -Reported by: Paul Howarth ---- - src/openssl.c | 4 +++- - src/openssl.h | 6 ------ - 2 files changed, 3 insertions(+), 7 deletions(-) - -diff --git a/src/openssl.c b/src/openssl.c -index 40818c0..481982c 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -201,7 +201,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, - return ret == 1 ? 0 : 1; - } - --#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR) -+#if LIBSSH2_AES_CTR - - #include - #include -@@ -358,6 +358,8 @@ void _libssh2_init_aes_ctr(void) - _libssh2_EVP_aes_256_ctr(); - } - -+#else -+void _libssh2_init_aes_ctr(void) {} - #endif /* LIBSSH2_AES_CTR */ - - /* TODO: Optionally call a passphrase callback specified by the -diff --git a/src/openssl.h b/src/openssl.h -index a196184..6d2aeed 100644 ---- a/src/openssl.h -+++ b/src/openssl.h -@@ -148,15 +148,9 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char - #define _libssh2_cipher_aes256 EVP_aes_256_cbc - #define _libssh2_cipher_aes192 EVP_aes_192_cbc - #define _libssh2_cipher_aes128 EVP_aes_128_cbc --#ifdef HAVE_EVP_AES_128_CTR --#define _libssh2_cipher_aes128ctr EVP_aes_128_ctr --#define _libssh2_cipher_aes192ctr EVP_aes_192_ctr --#define _libssh2_cipher_aes256ctr EVP_aes_256_ctr --#else - #define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr - #define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr - #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr --#endif - #define _libssh2_cipher_blowfish EVP_bf_cbc - #define _libssh2_cipher_arcfour EVP_rc4 - #define _libssh2_cipher_cast5 EVP_cast5_cbc --- -1.7.7.6 - diff --git a/libssh2-1.4.0-fed075.patch b/libssh2-1.4.0-fed075.patch deleted file mode 100644 index 510a9cc..0000000 --- a/libssh2-1.4.0-fed075.patch +++ /dev/null @@ -1,34 +0,0 @@ -From fed075972080ed705bd79b731c40cf5e73085aeb Mon Sep 17 00:00:00 2001 -From: Daniel Stenberg -Date: Thu, 15 Mar 2012 13:03:08 +0100 -Subject: [PATCH] channel_write: acknowledge transport errors - -When draining data off the socket with _libssh2_transport_read() (which -in turn has to be done so that we can be sure to have read any possible -window-increasing packets), this code previously ignored errors which -could lead to nasty loops. Now all error codes except EAGAIN will cause -the error to be returned at once. - -Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0068.shtml -Reported by: Matthew Booth ---- - src/channel.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/src/channel.c b/src/channel.c -index 8d6fb0a..9e29492 100644 ---- a/src/channel.c -+++ b/src/channel.c -@@ -2008,6 +2008,9 @@ _libssh2_channel_write(LIBSSH2_CHANNEL *channel, int stream_id, - rc = _libssh2_transport_read(session); - while (rc > 0); - -+ if((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN)) -+ return rc; -+ - if(channel->local.window_size <= 0) - /* there's no room for data so we stop */ - return (rc==LIBSSH2_ERROR_EAGAIN?rc:0); --- -1.7.1 - diff --git a/libssh2.spec b/libssh2.spec index 57c53c9..f0f473b 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -8,18 +8,14 @@ %endif Name: libssh2 -Version: 1.4.0 -Release: 4%{?dist} +Version: 1.4.1 +Release: 1%{?dist} Summary: A library implementing the SSH2 protocol Group: System Environment/Libraries License: BSD URL: http://www.libssh2.org/ Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz Patch0: libssh2-1.2.9-utf8.patch -Patch1: libssh2-1.4.0-c4a0e0.patch -Patch2: libssh2-1.4.0-cc4f9d.patch -Patch3: libssh2-1.4.0-f4f229.patch -Patch4: libssh2-1.4.0-fed075.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRequires: openssl-devel BuildRequires: zlib-devel @@ -69,19 +65,6 @@ developing applications that use libssh2. # Make sure things are UTF-8... %patch0 -p1 -# Fix undefined reference to _libssh_error in libgcrypt (upstream patch) -%patch1 -p1 - -# Fix libssh2 failing key re-exchange when write channel is saturated -# (upstream patch, #804156) -%patch2 -p1 - -# Don't try to use openssl's AES-CTR functions (upstream patch) -%patch3 -p1 - -# Don't ignore transport errors in channel_write (upstream patch, #804150) -%patch4 -p1 - # Make sshd transition appropriately if building in an SELinux environment chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || : @@ -143,6 +126,25 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/libssh2.pc %changelog +* Thu Apr 5 2012 Paul Howarth 1.4.1-1 +- Update to 1.4.1 + - Build error with gcrypt backend + - Always do "forced" window updates to avoid corner case stalls + - aes: the init function fails when OpenSSL has AES support + - transport_send: finish in-progress key exchange before sending data + - channel_write: acknowledge transport errors + - examples/x11.c: make sure sizeof passed to read operation is correct + - examples/x11.c: fix suspicious sizeof usage + - sftp_packet_add: verify the packet before accepting it + - SFTP: preserve the original error code more + - sftp_packet_read: adjust window size as necessary + - Use safer snprintf rather then sprintf in several places + - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET + - sftp_write: cannot return acked data *and* EAGAIN + - sftp_read: avoid data *and* EAGAIN + - libssh2.h: add missing prototype for libssh2_session_banner_set() +- Drop upstream patches now included in release tarball + * Mon Mar 19 2012 Kamil Dudka 1.4.0-4 - Don't ignore transport errors when writing to channel (#804150) diff --git a/sources b/sources index aa596fe..03137b9 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -ee670161d8c5dff93ae84a3f34f15669 libssh2-1.4.0.tar.gz +b94106e046af37fdc0734e487842fe66 libssh2-1.4.1.tar.gz