Update to 1.9.0

- New upstream release 1.9.0
  - Adds ECDSA keys and host key support when using OpenSSL
  - Adds ED25519 key and host key support when using OpenSSL 1.1.1
  - Adds OpenSSH style key file reading
  - Adds AES CTR mode support when using WinCNG
  - Adds PEM passphrase protected file support for libgcrypt and WinCNG
  - Adds SHA256 hostkey fingerprint
  - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
  - Adds explicit zeroing of sensitive data in memory
  - Adds additional bounds checks to network buffer reads
  - Adds the ability to use the server default permissions when creating sftp directories
  - Adds support for building with OpenSSL no engine flag
  - Adds support for building with LibreSSL
  - Increased sftp packet size to 256k
  - Fixed oversized packet handling in sftp
  - Fixed building with OpenSSL 1.1
  - Fixed a possible crash if sftp stat gets an unexpected response
  - Fixed incorrect parsing of the KEX preference string value
  - Fixed conditional RSA and AES-CTR support
  - Fixed a small memory leak during the key exchange process
  - Fixed a possible memory leak of the ssh banner string
  - Fixed various small memory leaks in the backends
  - Fixed possible out of bounds read when parsing public keys from the server
  - Fixed possible out of bounds read when parsing invalid PEM files
  - No longer null terminates the scp remote exec command
  - Now handle errors when Diffie Hellman key pair generation fails
  - Fixed compiling on Windows with the flag STDCALL=ON
  - Improved building instructions
  - Improved unit tests
- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed
- Modernize spec somewhat as EL-6 can no longer be supported

3 files changed, 38 insertions, 70 deletions

diff --git a/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch b/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
deleted file mode 100644
index a6881dd..0000000
--- a/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 819ef4f2037490b6aa2e870aea851b6364184090 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Mon, 11 Sep 2017 21:13:45 +0200
-Subject: [PATCH] scp: do not NUL-terminate the command for remote exec (#208)
-
-It breaks SCP download/upload from/to certain server implementations.
-
-The bug does not manifest with OpenSSH, which silently drops the NUL
-byte (eventually with any garbage that follows the NUL byte) before
-executing it.
-
-Bug: https://bugzilla.redhat.com/1489736
----
- src/scp.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/scp.c b/src/scp.c
-index 22778dd..d1665a6 100644
---- a/src/scp.c
-+++ b/src/scp.c
-@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb)
-                                   &session->scpRecv_command[cmd_len],
-                                   session->scpRecv_command_len - cmd_len);
- 
--        session->scpRecv_command[cmd_len] = '\0';
--        session->scpRecv_command_len = cmd_len + 1;
-+        /* the command to exec should _not_ be NUL-terminated */
-+        session->scpRecv_command_len = cmd_len;
- 
-         _libssh2_debug(session, LIBSSH2_TRACE_SCP,
-                        "Opening channel for SCP receive");
-@@ -845,8 +845,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode,
-                                   &session->scpSend_command[cmd_len],
-                                   session->scpSend_command_len - cmd_len);
- 
--        session->scpSend_command[cmd_len] = '\0';
--        session->scpSend_command_len = cmd_len + 1;
-+        /* the command to exec should _not_ be NUL-terminated */
-+        session->scpSend_command_len = cmd_len;
- 
-         _libssh2_debug(session, LIBSSH2_TRACE_SCP,
-                        "Opening channel for SCP send");
--- 
-2.9.5
-
diff --git a/libssh2.spec b/libssh2.spec
index c2f9c00..5b09a03 100644
--- a/libssh2.spec
+++ b/libssh2.spec
@@ -1,17 +1,16 @@
 Name:		libssh2
-Version:	1.8.2
+Version:	1.9.0
 Release:	1%{?dist}
 Summary:	A library implementing the SSH2 protocol
 License:	BSD
 URL:		http://www.libssh2.org/
 Source0:	http://libssh2.org/download/libssh2-%{version}.tar.gz
-Patch1:		0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch
 
 BuildRequires:	coreutils
 BuildRequires:	findutils
 BuildRequires:	gcc
 BuildRequires:	make
-BuildRequires:	openssl-devel
+BuildRequires:	openssl-devel > 1:1.0.1
 BuildRequires:	sed
 BuildRequires:	zlib-devel
 BuildRequires:	/usr/bin/man
@@ -22,13 +21,6 @@ BuildRequires:	openssh-server
 %if 0%{?fedora} > 23 || 0%{?rhel} > 7
 BuildRequires:	glibc-langpack-en
 %endif
-# We use matchpathcon to get the correct SELinux context for the ssh server
-# initialization script so that it can transition correctly in an SELinux
-# environment
-%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
-BuildRequires:	libselinux-utils
-BuildRequires:	selinux-policy-targeted
-%endif
 
 %description
 libssh2 is a library implementing the SSH2 protocol as defined by
@@ -57,28 +49,16 @@ developing applications that use libssh2.
 %prep
 %setup -q
 
-# scp: do not NUL-terminate the command for remote exec
-# https://bugzilla.redhat.com/show_bug.cgi?id=1489736
-# https://github.com/libssh2/libssh2/pull/208
-%patch1 -p1
-
 # Replace hard wired port number in the test suite to avoid collisions
 # between 32-bit and 64-bit builds running on a single build-host
 sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh}
 
-# Make sshd transition appropriately if building in an SELinux environment
-%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7)
-chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
-chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
-chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || :
-%endif
-
 %build
 %configure --disable-silent-rules --disable-static --enable-shared
-make %{?_smp_mflags}
+%{make_build}
 
 %install
-make install DESTDIR=%{buildroot} INSTALL="install -p"
+%{make_install} INSTALL="install -p"
 find %{buildroot} -name '*.la' -delete
 
 # clean things up a bit for packaging
@@ -131,6 +111,39 @@ LC_ALL=en_US.UTF-8 make -C tests check
 %{_libdir}/pkgconfig/libssh2.pc
 
 %changelog
+* Thu Jun 20 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-1
+- Update to 1.9.0
+  - Adds ECDSA keys and host key support when using OpenSSL
+  - Adds ED25519 key and host key support when using OpenSSL 1.1.1
+  - Adds OpenSSH style key file reading
+  - Adds AES CTR mode support when using WinCNG
+  - Adds PEM passphrase protected file support for libgcrypt and WinCNG
+  - Adds SHA256 hostkey fingerprint
+  - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
+  - Adds explicit zeroing of sensitive data in memory
+  - Adds additional bounds checks to network buffer reads
+  - Adds the ability to use the server default permissions when creating sftp directories
+  - Adds support for building with OpenSSL no engine flag
+  - Adds support for building with LibreSSL
+  - Increased sftp packet size to 256k
+  - Fixed oversized packet handling in sftp
+  - Fixed building with OpenSSL 1.1
+  - Fixed a possible crash if sftp stat gets an unexpected response
+  - Fixed incorrect parsing of the KEX preference string value
+  - Fixed conditional RSA and AES-CTR support
+  - Fixed a small memory leak during the key exchange process
+  - Fixed a possible memory leak of the ssh banner string
+  - Fixed various small memory leaks in the backends
+  - Fixed possible out of bounds read when parsing public keys from the server
+  - Fixed possible out of bounds read when parsing invalid PEM files
+  - No longer null terminates the scp remote exec command
+  - Now handle errors when Diffie Hellman key pair generation fails
+  - Fixed compiling on Windows with the flag STDCALL=ON
+  - Improved building instructions
+  - Improved unit tests
+- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed
+- Modernize spec somewhat as EL-6 can no longer be supported
+
 * Tue Mar 26 2019 Paul Howarth <paul@city-fan.org> - 1.8.2-1
 - Update to 1.8.2
   - Fixed the misapplied userauth patch that broke 1.8.1
diff --git a/sources b/sources
index d84d497..a8167df 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libssh2-1.8.2.tar.gz) = 390ab4ad93bb738415ec11a6eb92806c9b9e9e5d8ee7c442d841a58b4292c1c447a9bc99e153ba464e2e11f9c0d1913469303598c3046722d1ae821991e8cb93
+SHA512 (libssh2-1.9.0.tar.gz) = 41a3ebcf84e32eab69b7411ffb0a3b6e6db71491c968602b17392cfe3490ef00239726ec28acb3d25bf0ed62700db7f4d0bb5a9175618f413865f40badca6e17