rpms
/
libssh2
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update to 1.4.1

Browse Source 
- New upstream release 1.4.1
  - Build error with gcrypt backend
  - Always do "forced" window updates to avoid corner case stalls
  - aes: the init function fails when OpenSSL has AES support
  - transport_send: finish in-progress key exchange before sending data
  - channel_write: acknowledge transport errors
  - examples/x11.c: make sure sizeof passed to read operation is correct
  - examples/x11.c: fix suspicious sizeof usage
  - sftp_packet_add: verify the packet before accepting it
  - SFTP: preserve the original error code more
  - sftp_packet_read: adjust window size as necessary
  - Use safer snprintf rather then sprintf in several places
  - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
  - sftp_write: cannot return acked data *and* EAGAIN
  - sftp_read: avoid data *and* EAGAIN
  - libssh2.h: add missing prototype for libssh2_session_banner_set()
- Drop upstream patches now included in release tarball
epel9
Paul Howarth 13 years ago
parent 8e8214ab77
commit e3d0f1a309
6 changed files with 22 additions and 200 deletions
Show Stats Download Patch File Download Diff File

28
libssh2-1.4.0-c4a0e0.patch
Unescape View File

@ -1,28 +0,0 @@
From b3ade9a63e881e69b4c9cfe7b5dbad78dcc4a0e0 Mon Sep 17 00:00:00 2001
From: Peter Stuge <peter@stuge.se>
Date: Wed, 1 Feb 2012 09:53:44 +0100
Subject: [PATCH] Fix undefined reference to _libssh_error in libgcrypt
backend
Commit 209de22299b4b58e582891dfba70f57e1e0492db introduced a function
call to a non-existing function, and since then the libgcrypt backend
has not been buildable.
---
src/libgcrypt.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/libgcrypt.c b/src/libgcrypt.c
index 1bda5ee..5c2787b 100644
--- a/src/libgcrypt.c
+++ b/src/libgcrypt.c
@@ -581,7 +581,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
const char *privatekey,
const char *passphrase)
{
- return _libssh_error(session, LIBSSH2_ERROR_FILE,
+ return _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Unable to extract public key from private key file: "
"Method unimplemented in libgcrypt backend");
}
--
1.7.6.1

58
libssh2-1.4.0-cc4f9d.patch
Unescape View File

@ -1,58 +0,0 @@
commit cc4f9d5679278ce41cd5480fab3f5e71dba163ed
Author: Matthew Booth <mbooth@redhat.com>
Date: Fri Mar 16 16:29:00 2012 +0100
transport_send: Finish in-progress key exchange before sending data
_libssh2_channel_write() first reads outstanding packets before writing
new data. If it reads a key exchange request, it will immediately start
key re-exchange, which will require sending a response. If the output
socket is full, this will result in a return from
_libssh2_transport_read() of LIBSSH2_ERROR_EAGAIN. In order not to block
a write because there is no data to read, this error is explicitly
ignored and the code continues marshalling a packet for sending. When it
is sent, the remote end immediately drops the connection because it was
expecting a continuation of the key exchange, but got a data packet.
This change adds the same check for key exchange to
_libssh2_transport_send() that is in _libssh2_transport_read(). This
ensures that key exchange is completed before any data packet is sent.
diff --git a/src/transport.c b/src/transport.c
index 057dcf5..95b9a3a 100644
--- a/src/transport.c
+++ b/src/transport.c
@@ -296,7 +296,7 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session)
* is done!
*/
_libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the"
- " key re-exchange");
+ " key re-exchange from _libssh2_transport_read");
rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state);
if (rc)
return rc;
@@ -687,6 +687,24 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session,
const unsigned char *orgdata = data;
size_t orgdata_len = data_len;
+ /*
+ * If the last read operation was interrupted in the middle of a key
+ * exchange, we must complete that key exchange before continuing to write
+ * further data.
+ *
+ * See the similar block in _libssh2_transport_read for more details.
+ */
+ if (session->state & LIBSSH2_STATE_EXCHANGING_KEYS &&
+ !(session->state & LIBSSH2_STATE_KEX_ACTIVE)) {
+ /* Don't write any new packets if we're still in the middle of a key
+ * exchange. */
+ _libssh2_debug(session, LIBSSH2_TRACE_TRANS, "Redirecting into the"
+ " key re-exchange from _libssh2_transport_send");
+ rc = _libssh2_kex_exchange(session, 1, &session->startup_key_state);
+ if (rc)
+ return rc;
+ }
+
debugdump(session, "libssh2_transport_write plain", data, data_len);
if(data2)
debugdump(session, "libssh2_transport_write plain2", data2, data2_len);

60
libssh2-1.4.0-f4f229.patch
Unescape View File

@ -1,60 +0,0 @@
From f4f2298ef3635acd031cc2ee0e71026cdcda5864 Mon Sep 17 00:00:00 2001
From: Paul Howarth <paul@city-fan.org>
Date: Sun, 18 Mar 2012 12:07:27 +0000
Subject: [PATCH] aes: the init function fails when OpenSSL has AES support
The internal init function only worked fine when the configure script
didn't detect the OpenSSL AES_CTR function!
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml
Reported by: Paul Howarth
---
src/openssl.c | 4 +++-
src/openssl.h | 6 ------
2 files changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/openssl.c b/src/openssl.c
index 40818c0..481982c 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -201,7 +201,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
return ret == 1 ? 0 : 1;
}
-#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
+#if LIBSSH2_AES_CTR
#include <openssl/aes.h>
#include <openssl/evp.h>
@@ -358,6 +358,8 @@ void _libssh2_init_aes_ctr(void)
_libssh2_EVP_aes_256_ctr();
}
+#else
+void _libssh2_init_aes_ctr(void) {}
#endif /* LIBSSH2_AES_CTR */
/* TODO: Optionally call a passphrase callback specified by the
diff --git a/src/openssl.h b/src/openssl.h
index a196184..6d2aeed 100644
--- a/src/openssl.h
+++ b/src/openssl.h
@@ -148,15 +148,9 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char
#define _libssh2_cipher_aes256 EVP_aes_256_cbc
#define _libssh2_cipher_aes192 EVP_aes_192_cbc
#define _libssh2_cipher_aes128 EVP_aes_128_cbc
-#ifdef HAVE_EVP_AES_128_CTR
-#define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
-#define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
-#define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
-#else
#define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
#define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
#define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
-#endif
#define _libssh2_cipher_blowfish EVP_bf_cbc
#define _libssh2_cipher_arcfour EVP_rc4
#define _libssh2_cipher_cast5 EVP_cast5_cbc
--
1.7.7.6

34
libssh2-1.4.0-fed075.patch
Unescape View File

@ -1,34 +0,0 @@
From fed075972080ed705bd79b731c40cf5e73085aeb Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 15 Mar 2012 13:03:08 +0100
Subject: [PATCH] channel_write: acknowledge transport errors
When draining data off the socket with _libssh2_transport_read() (which
in turn has to be done so that we can be sure to have read any possible
window-increasing packets), this code previously ignored errors which
could lead to nasty loops. Now all error codes except EAGAIN will cause
the error to be returned at once.
Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0068.shtml
Reported by: Matthew Booth
---
src/channel.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/channel.c b/src/channel.c
index 8d6fb0a..9e29492 100644
--- a/src/channel.c
+++ b/src/channel.c
@@ -2008,6 +2008,9 @@ _libssh2_channel_write(LIBSSH2_CHANNEL *channel, int stream_id,
rc = _libssh2_transport_read(session);
while (rc > 0);
+ if((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN))
+ return rc;
+
if(channel->local.window_size <= 0)
/* there's no room for data so we stop */
return (rc==LIBSSH2_ERROR_EAGAIN?rc:0);
--
1.7.1

40
libssh2.spec
Unescape View File

@ -8,18 +8,14 @@
%endif %endif
Name: libssh2 Name: libssh2
Version: 1.4.0 Version: 1.4.1
Release: 4%{?dist} Release: 1%{?dist}
Summary: A library implementing the SSH2 protocol Summary: A library implementing the SSH2 protocol
Group: System Environment/Libraries Group: System Environment/Libraries
License: BSD License: BSD
URL: http://www.libssh2.org/ URL: http://www.libssh2.org/
Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz
Patch0: libssh2-1.2.9-utf8.patch Patch0: libssh2-1.2.9-utf8.patch
Patch1: libssh2-1.4.0-c4a0e0.patch
Patch2: libssh2-1.4.0-cc4f9d.patch
Patch3: libssh2-1.4.0-f4f229.patch
Patch4: libssh2-1.4.0-fed075.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
BuildRequires: openssl-devel BuildRequires: openssl-devel
BuildRequires: zlib-devel BuildRequires: zlib-devel
@ -69,19 +65,6 @@ developing applications that use libssh2.
# Make sure things are UTF-8... # Make sure things are UTF-8...
%patch0 -p1 %patch0 -p1
# Fix undefined reference to _libssh_error in libgcrypt (upstream patch)
%patch1 -p1
# Fix libssh2 failing key re-exchange when write channel is saturated
# (upstream patch, #804156)
%patch2 -p1
# Don't try to use openssl's AES-CTR functions (upstream patch)
%patch3 -p1
# Don't ignore transport errors in channel_write (upstream patch, #804150)
%patch4 -p1
# Make sshd transition appropriately if building in an SELinux environment # Make sshd transition appropriately if building in an SELinux environment
chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || : chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
@ -143,6 +126,25 @@ rm -rf %{buildroot}
%{_libdir}/pkgconfig/libssh2.pc %{_libdir}/pkgconfig/libssh2.pc
%changelog %changelog
* Thu Apr 5 2012 Paul Howarth <paul@city-fan.org> 1.4.1-1
- Update to 1.4.1
- Build error with gcrypt backend
- Always do "forced" window updates to avoid corner case stalls
- aes: the init function fails when OpenSSL has AES support
- transport_send: finish in-progress key exchange before sending data
- channel_write: acknowledge transport errors
- examples/x11.c: make sure sizeof passed to read operation is correct
- examples/x11.c: fix suspicious sizeof usage
- sftp_packet_add: verify the packet before accepting it
- SFTP: preserve the original error code more
- sftp_packet_read: adjust window size as necessary
- Use safer snprintf rather then sprintf in several places
- Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET
- sftp_write: cannot return acked data *and* EAGAIN
- sftp_read: avoid data *and* EAGAIN
- libssh2.h: add missing prototype for libssh2_session_banner_set()
- Drop upstream patches now included in release tarball
* Mon Mar 19 2012 Kamil Dudka <kdudka@redhat.com> 1.4.0-4 * Mon Mar 19 2012 Kamil Dudka <kdudka@redhat.com> 1.4.0-4
- Don't ignore transport errors when writing to channel (#804150) - Don't ignore transport errors when writing to channel (#804150)

2
sources
Unescape View File

@ -1 +1 @@
ee670161d8c5dff93ae84a3f34f15669 libssh2-1.4.0.tar.gz b94106e046af37fdc0734e487842fe66 libssh2-1.4.1.tar.gz

Write Preview
Loading…
Cancel
Save