diff options
| author | Paul Howarth <paul@city-fan.org> | 2012-11-28 12:47:04 +0000 |
|---|---|---|
| committer | Paul Howarth <paul@city-fan.org> | 2012-11-28 12:47:04 +0000 |
| commit | c256d188f4af3b4b98f578742846d851954f4504 (patch) | |
| tree | 3d55bc4318bbdae2bc51ac69ff0540c17fdc28cc | |
| parent | update libssh2_hostkey_hash(3) man page (diff) | |
| download | libssh2-freefilesync-c256d188f4af3b4b98f578742846d851954f4504.tar.gz libssh2-freefilesync-c256d188f4af3b4b98f578742846d851954f4504.tar.bz2 libssh2-freefilesync-c256d188f4af3b4b98f578742846d851954f4504.zip | |
Update to 1.4.3
- New upstream release 1.4.3
- compression: add support for zlib@openssh.com
- sftp_read: return error if a too large package arrives
- libssh2_hostkey_hash.3: update the description of return value
- Fixed MSVC NMakefile
- examples: use stderr for messages, stdout for data
- openssl: do not leak memory when handling errors
- improved handling of disabled MD5 algorithm in OpenSSL
- known_hosts: Fail when parsing unknown keys in known_hosts file
- configure: gcrypt doesn't come with pkg-config support
- session_free: wrong variable used for keeping state
- libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
- comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
- Drop upstreamed patches
| -rw-r--r-- | libssh2-1.4.2-examples.patch | 1019 | ||||
| -rw-r--r-- | libssh2-1.4.2-fips.patch | 334 | ||||
| -rw-r--r-- | libssh2.spec | 34 | ||||
| -rw-r--r-- | sources | 2 |
4 files changed, 22 insertions, 1367 deletions
diff --git a/libssh2-1.4.2-examples.patch b/libssh2-1.4.2-examples.patch deleted file mode 100644 index fa138c9..0000000 --- a/libssh2-1.4.2-examples.patch +++ /dev/null @@ -1,1019 +0,0 @@ -From b31e35aba6fa2e39f7aa91c21400722afe8d675e Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Mon, 22 Oct 2012 13:29:27 +0200 -Subject: [PATCH] examples: use stderr for messages, stdout for data - -Reported by: Karel Srot -Bug: https://bugzilla.redhat.com/867462 ---- - example/direct_tcpip.c | 19 ++++++++------- - example/scp_nonblock.c | 2 +- - example/scp_write_nonblock.c | 2 +- - example/sftp.c | 49 +++++++++++++++++++++------------------- - example/sftp_RW_nonblock.c | 14 ++++++------ - example/sftp_append.c | 18 +++++++------- - example/sftp_mkdir.c | 12 +++++----- - example/sftp_mkdir_nonblock.c | 12 +++++----- - example/sftp_nonblock.c | 4 +- - example/sftp_write.c | 14 ++++++------ - example/sftp_write_nonblock.c | 16 ++++++------ - example/sftp_write_sliding.c | 16 ++++++------ - example/sftpdir.c | 12 +++++----- - example/sftpdir_nonblock.c | 8 +++--- - example/ssh2.c | 26 +++++++++++---------- - example/ssh2_agent.c | 14 ++++++------ - example/ssh2_echo.c | 2 +- - example/ssh2_exec.c | 4 +- - example/subsystem_netconf.c | 20 ++++++++-------- - example/tcpip-forward.c | 25 +++++++++++---------- - 20 files changed, 148 insertions(+), 141 deletions(-) - -diff --git a/example/direct_tcpip.c b/example/direct_tcpip.c -index 6aa9845..e530199 100644 ---- a/example/direct_tcpip.c -+++ b/example/direct_tcpip.c -@@ -135,7 +135,7 @@ int main(int argc, char *argv[]) - - /* check what authentication methods are available */ - userauthlist = libssh2_userauth_list(session, username, strlen(username)); -- printf("Authentication methods: %s\n", userauthlist); -+ fprintf(stderr, "Authentication methods: %s\n", userauthlist); - if (strstr(userauthlist, "password")) - auth |= AUTH_PASSWORD; - if (strstr(userauthlist, "publickey")) -@@ -157,12 +157,12 @@ int main(int argc, char *argv[]) - } else if (auth & AUTH_PUBLICKEY) { - if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, - keyfile2, password)) { -- printf("\tAuthentication by public key failed!\n"); -+ fprintf(stderr, "\tAuthentication by public key failed!\n"); - goto shutdown; - } -- printf("\tAuthentication by public key succeeded.\n"); -+ fprintf(stderr, "\tAuthentication by public key succeeded.\n"); - } else { -- printf("No supported authentication methods found!\n"); -+ fprintf(stderr, "No supported authentication methods found!\n"); - goto shutdown; - } - -@@ -185,7 +185,7 @@ int main(int argc, char *argv[]) - goto shutdown; - } - -- printf("Waiting for TCP connection on %s:%d...\n", -+ fprintf(stderr, "Waiting for TCP connection on %s:%d...\n", - inet_ntoa(sin.sin_addr), ntohs(sin.sin_port)); - - forwardsock = accept(listensock, (struct sockaddr *)&sin, &sinlen); -@@ -197,8 +197,8 @@ int main(int argc, char *argv[]) - shost = inet_ntoa(sin.sin_addr); - sport = ntohs(sin.sin_port); - -- printf("Forwarding connection from %s:%d here to remote %s:%d\n", shost, -- sport, remote_desthost, remote_destport); -+ fprintf(stderr, "Forwarding connection from %s:%d here to remote %s:%d\n", -+ shost, sport, remote_desthost, remote_destport); - - channel = libssh2_channel_direct_tcpip_ex(session, remote_desthost, - remote_destport, shost, sport); -@@ -228,7 +228,8 @@ int main(int argc, char *argv[]) - perror("read"); - goto shutdown; - } else if (0 == len) { -- printf("The client at %s:%d disconnected!\n", shost, sport); -+ fprintf(stderr, "The client at %s:%d disconnected!\n", shost, -+ sport); - goto shutdown; - } - wr = 0; -@@ -259,7 +260,7 @@ int main(int argc, char *argv[]) - wr += i; - } - if (libssh2_channel_eof(channel)) { -- printf("The server at %s:%d disconnected!\n", -+ fprintf(stderr, "The server at %s:%d disconnected!\n", - remote_desthost, remote_destport); - goto shutdown; - } -diff --git a/example/scp_nonblock.c b/example/scp_nonblock.c -index 867d851..5d636c0 100644 ---- a/example/scp_nonblock.c -+++ b/example/scp_nonblock.c -@@ -250,7 +250,7 @@ int main(int argc, char *argv[]) - gettimeofday(&end, NULL); - - time_ms = tvdiff(end, start); -- printf("Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total, -+ fprintf(stderr, "Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total, - time_ms, total/(time_ms/1000.0), spin ); - - libssh2_channel_free(channel); -diff --git a/example/scp_write_nonblock.c b/example/scp_write_nonblock.c -index 9dfbd4e..0ac0f69 100644 ---- a/example/scp_write_nonblock.c -+++ b/example/scp_write_nonblock.c -@@ -243,7 +243,7 @@ int main(int argc, char *argv[]) - - duration = (int)(time(NULL)-start); - -- printf("%ld bytes in %d seconds makes %.1f bytes/sec\n", -+ fprintf(stderr, "%ld bytes in %d seconds makes %.1f bytes/sec\n", - total, duration, total/(double)duration); - - fprintf(stderr, "Sending EOF\n"); -diff --git a/example/sftp.c b/example/sftp.c -index e69b3c3..88ceba2 100644 ---- a/example/sftp.c -+++ b/example/sftp.c -@@ -55,24 +55,24 @@ static void kbd_callback(const char *name, int name_len, - char buf[1024]; - (void)abstract; - -- printf("Performing keyboard-interactive authentication.\n"); -+ fprintf(stderr, "Performing keyboard-interactive authentication.\n"); - -- printf("Authentication name: '"); -- fwrite(name, 1, name_len, stdout); -- printf("'\n"); -+ fprintf(stderr, "Authentication name: '"); -+ fwrite(name, 1, name_len, stderr); -+ fprintf(stderr, "'\n"); - -- printf("Authentication instruction: '"); -- fwrite(instruction, 1, instruction_len, stdout); -- printf("'\n"); -+ fprintf(stderr, "Authentication instruction: '"); -+ fwrite(instruction, 1, instruction_len, stderr); -+ fprintf(stderr, "'\n"); - -- printf("Number of prompts: %d\n\n", num_prompts); -+ fprintf(stderr, "Number of prompts: %d\n\n", num_prompts); - - for (i = 0; i < num_prompts; i++) { -- printf("Prompt %d from server: '", i); -- fwrite(prompts[i].text, 1, prompts[i].length, stdout); -- printf("'\n"); -+ fprintf(stderr, "Prompt %d from server: '", i); -+ fwrite(prompts[i].text, 1, prompts[i].length, stderr); -+ fprintf(stderr, "'\n"); - -- printf("Please type response: "); -+ fprintf(stderr, "Please type response: "); - fgets(buf, sizeof(buf), stdin); - n = strlen(buf); - while (n > 0 && strchr("\r\n", buf[n - 1])) -@@ -82,12 +82,13 @@ static void kbd_callback(const char *name, int name_len, - responses[i].text = strdup(buf); - responses[i].length = n; - -- printf("Response %d from user is '", i); -- fwrite(responses[i].text, 1, responses[i].length, stdout); -- printf("'\n\n"); -+ fprintf(stderr, "Response %d from user is '", i); -+ fwrite(responses[i].text, 1, responses[i].length, stderr); -+ fprintf(stderr, "'\n\n"); - } - -- printf("Done. Sending keyboard-interactive responses to server now.\n"); -+ fprintf(stderr, -+ "Done. Sending keyboard-interactive responses to server now.\n"); - } - - -@@ -127,7 +128,7 @@ int main(int argc, char *argv[]) - - rc = libssh2_init (0); - if (rc != 0) { -- fprintf (stderr, "libssh2 initialization failed (%d)\n", rc); -+ fprintf(stderr, "libssh2 initialization failed (%d)\n", rc); - return 1; - } - -@@ -178,7 +179,7 @@ int main(int argc, char *argv[]) - - /* check what authentication methods are available */ - userauthlist = libssh2_userauth_list(session, username, strlen(username)); -- printf("Authentication methods: %s\n", userauthlist); -+ fprintf(stderr, "Authentication methods: %s\n", userauthlist); - if (strstr(userauthlist, "password") != NULL) { - auth_pw |= 1; - } -@@ -211,21 +212,23 @@ int main(int argc, char *argv[]) - } else if (auth_pw & 2) { - /* Or via keyboard-interactive */ - if (libssh2_userauth_keyboard_interactive(session, username, &kbd_callback) ) { -- printf("\tAuthentication by keyboard-interactive failed!\n"); -+ fprintf(stderr, -+ "\tAuthentication by keyboard-interactive failed!\n"); - goto shutdown; - } else { -- printf("\tAuthentication by keyboard-interactive succeeded.\n"); -+ fprintf(stderr, -+ "\tAuthentication by keyboard-interactive succeeded.\n"); - } - } else if (auth_pw & 4) { - /* Or by public key */ - if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, keyfile2, password)) { -- printf("\tAuthentication by public key failed!\n"); -+ fprintf(stderr, "\tAuthentication by public key failed!\n"); - goto shutdown; - } else { -- printf("\tAuthentication by public key succeeded.\n"); -+ fprintf(stderr, "\tAuthentication by public key succeeded.\n"); - } - } else { -- printf("No supported authentication methods found!\n"); -+ fprintf(stderr, "No supported authentication methods found!\n"); - goto shutdown; - } - -diff --git a/example/sftp_RW_nonblock.c b/example/sftp_RW_nonblock.c -index babb48a..77c2027 100644 ---- a/example/sftp_RW_nonblock.c -+++ b/example/sftp_RW_nonblock.c -@@ -141,11 +141,11 @@ int main(int argc, char *argv[]) - * user, that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if(argc > 1) { - username = argv[1]; -@@ -162,7 +162,7 @@ int main(int argc, char *argv[]) - - tempstorage = fopen(STORAGE, "wb"); - if(!tempstorage) { -- printf("Can't open temp storage file %s\n", STORAGE); -+ fprintf(stderr, "Can't open temp storage file %s\n", STORAGE); - goto shutdown; - } - -@@ -171,7 +171,7 @@ int main(int argc, char *argv[]) - while ((rc = libssh2_userauth_password(session, username, password)) - == LIBSSH2_ERROR_EAGAIN); - if (rc) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -185,7 +185,7 @@ int main(int argc, char *argv[]) - password)) == - LIBSSH2_ERROR_EAGAIN); - if (rc) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -341,7 +341,7 @@ int main(int argc, char *argv[]) - #endif - if (tempstorage) - fclose(tempstorage); -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftp_append.c b/example/sftp_append.c -index 731d21a..7585d38 100644 ---- a/example/sftp_append.c -+++ b/example/sftp_append.c -@@ -86,7 +86,7 @@ int main(int argc, char *argv[]) - - local = fopen(loclfile, "rb"); - if (!local) { -- printf("Can't local file %s\n", loclfile); -+ fprintf(stderr, "Can't open local file %s\n", loclfile); - return -1; - } - -@@ -129,16 +129,16 @@ int main(int argc, char *argv[]) - * user, that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ - if (libssh2_userauth_password(session, username, password)) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -147,7 +147,7 @@ int main(int argc, char *argv[]) - "/home/username/.ssh/id_rsa.pub", - "/home/username/.ssh/id_rsa", - password)) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -174,12 +174,12 @@ int main(int argc, char *argv[]) - } - - if(libssh2_sftp_fstat_ex(sftp_handle, &attrs, 0) < 0) { -- printf("libssh2_sftp_fstat_ex failed\n"); -+ fprintf(stderr, "libssh2_sftp_fstat_ex failed\n"); - goto shutdown; - } - else - libssh2_sftp_seek64(sftp_handle, attrs.filesize); -- printf("Did a seek to position %ld\n", (long) attrs.filesize); -+ fprintf(stderr, "Did a seek to position %ld\n", (long) attrs.filesize); - - fprintf(stderr, "libssh2_sftp_open() a handle for APPEND\n"); - -@@ -222,7 +222,7 @@ shutdown: - #endif - if (local) - fclose(local); -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftp_mkdir.c b/example/sftp_mkdir.c -index 39af8f0..8747084 100644 ---- a/example/sftp_mkdir.c -+++ b/example/sftp_mkdir.c -@@ -110,16 +110,16 @@ int main(int argc, char *argv[]) - * user, that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ - if (libssh2_userauth_password(session, username, password)) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -128,7 +128,7 @@ int main(int argc, char *argv[]) - "/home/username/.ssh/id_rsa.pub", - "/home/username/.ssh/id_rsa", - password)) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -164,7 +164,7 @@ int main(int argc, char *argv[]) - #else - close(sock); - #endif -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftp_mkdir_nonblock.c b/example/sftp_mkdir_nonblock.c -index 84cdc8f..22a8f59 100644 ---- a/example/sftp_mkdir_nonblock.c -+++ b/example/sftp_mkdir_nonblock.c -@@ -110,16 +110,16 @@ int main(int argc, char *argv[]) - * user, that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ - if (libssh2_userauth_password(session, username, password)) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -128,7 +128,7 @@ int main(int argc, char *argv[]) - "/home/username/.ssh/id_rsa.pub", - "/home/username/.ssh/id_rsa", - password)) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -164,7 +164,7 @@ int main(int argc, char *argv[]) - #else - close(sock); - #endif -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftp_nonblock.c b/example/sftp_nonblock.c -index 6ddc109..29cec8a 100644 ---- a/example/sftp_nonblock.c -+++ b/example/sftp_nonblock.c -@@ -251,7 +251,7 @@ int main(int argc, char *argv[]) - - gettimeofday(&end, NULL); - time_ms = tvdiff(end, start); -- printf("Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total, -+ fprintf(stderr, "Got %d bytes in %ld ms = %.1f bytes/sec spin: %d\n", total, - time_ms, total/(time_ms/1000.0), spin ); - - libssh2_sftp_close(sftp_handle); -@@ -259,7 +259,7 @@ int main(int argc, char *argv[]) - - shutdown: - -- printf("libssh2_session_disconnect\n"); -+ fprintf(stderr, "libssh2_session_disconnect\n"); - while (libssh2_session_disconnect(session, - "Normal Shutdown, Thank you") == - LIBSSH2_ERROR_EAGAIN); -diff --git a/example/sftp_write.c b/example/sftp_write.c -index 9415ce4..483f80a 100644 ---- a/example/sftp_write.c -+++ b/example/sftp_write.c -@@ -85,7 +85,7 @@ int main(int argc, char *argv[]) - - local = fopen(loclfile, "rb"); - if (!local) { -- printf("Can't local file %s\n", loclfile); -+ fprintf(stderr, "Can't open local file %s\n", loclfile); - return -1; - } - -@@ -128,16 +128,16 @@ int main(int argc, char *argv[]) - * user, that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ - if (libssh2_userauth_password(session, username, password)) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -146,7 +146,7 @@ int main(int argc, char *argv[]) - "/home/username/.ssh/id_rsa.pub", - "/home/username/.ssh/id_rsa", - password)) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -206,7 +206,7 @@ shutdown: - #endif - if (local) - fclose(local); -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftp_write_nonblock.c b/example/sftp_write_nonblock.c -index 61cc5f4..0d66c40 100644 ---- a/example/sftp_write_nonblock.c -+++ b/example/sftp_write_nonblock.c -@@ -125,7 +125,7 @@ int main(int argc, char *argv[]) - - local = fopen(loclfile, "rb"); - if (!local) { -- printf("Can't local file %s\n", loclfile); -+ fprintf(stderr, "Can't open local file %s\n", loclfile); - return -1; - } - -@@ -169,18 +169,18 @@ int main(int argc, char *argv[]) - * that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ - while ((rc = libssh2_userauth_password(session, username, password)) == - LIBSSH2_ERROR_EAGAIN); - if (rc) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -191,7 +191,7 @@ int main(int argc, char *argv[]) - password)) == - LIBSSH2_ERROR_EAGAIN); - if (rc) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -253,7 +253,7 @@ int main(int argc, char *argv[]) - - duration = (int)(time(NULL)-start); - -- printf("%ld bytes in %d seconds makes %.1f bytes/sec\n", -+ fprintf(stderr, "%ld bytes in %d seconds makes %.1f bytes/sec\n", - total, duration, total/(double)duration); - - -@@ -272,7 +272,7 @@ shutdown: - #else - close(sock); - #endif -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftp_write_sliding.c b/example/sftp_write_sliding.c -index 2d8301c..c2ba39d 100644 ---- a/example/sftp_write_sliding.c -+++ b/example/sftp_write_sliding.c -@@ -125,7 +125,7 @@ int main(int argc, char *argv[]) - - local = fopen(loclfile, "rb"); - if (!local) { -- printf("Can't local file %s\n", loclfile); -+ fprintf(stderr, "Can't open local file %s\n", loclfile); - return -1; - } - -@@ -169,18 +169,18 @@ int main(int argc, char *argv[]) - * that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ - while ((rc = libssh2_userauth_password(session, username, password)) == - LIBSSH2_ERROR_EAGAIN); - if (rc) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -191,7 +191,7 @@ int main(int argc, char *argv[]) - password)) == - LIBSSH2_ERROR_EAGAIN); - if (rc) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -262,7 +262,7 @@ int main(int argc, char *argv[]) - - duration = (int)(time(NULL)-start); - -- printf("%ld bytes in %d seconds makes %.1f bytes/sec\n", -+ fprintf(stderr, "%ld bytes in %d seconds makes %.1f bytes/sec\n", - total, duration, total/(double)duration); - - -@@ -281,7 +281,7 @@ shutdown: - #else - close(sock); - #endif -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftpdir.c b/example/sftpdir.c -index 006fd27..cb9fb88 100644 ---- a/example/sftpdir.c -+++ b/example/sftpdir.c -@@ -130,16 +130,16 @@ int main(int argc, char *argv[]) - * user, that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ - if (libssh2_userauth_password(session, username, password)) { -- printf("Authentication by password failed.\n"); -+ fprintf(stderr, "Authentication by password failed.\n"); - goto shutdown; - } - } else { -@@ -148,7 +148,7 @@ int main(int argc, char *argv[]) - "/home/username/.ssh/id_rsa.pub", - "/home/username/.ssh/id_rsa", - password)) { -- printf("\tAuthentication by public key failed\n"); -+ fprintf(stderr, "\tAuthentication by public key failed\n"); - goto shutdown; - } - } -@@ -229,7 +229,7 @@ int main(int argc, char *argv[]) - #else - close(sock); - #endif -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/sftpdir_nonblock.c b/example/sftpdir_nonblock.c -index 38fb010..c8ad9f5 100644 ---- a/example/sftpdir_nonblock.c -+++ b/example/sftpdir_nonblock.c -@@ -134,11 +134,11 @@ int main(int argc, char *argv[]) - * user, that's your call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - if (auth_pw) { - /* We could authenticate via password */ -@@ -239,7 +239,7 @@ int main(int argc, char *argv[]) - #else - close(sock); - #endif -- printf("all done\n"); -+ fprintf(stderr, "all done\n"); - - libssh2_exit(); - -diff --git a/example/ssh2.c b/example/ssh2.c -index d5e6166..008496c 100644 ---- a/example/ssh2.c -+++ b/example/ssh2.c -@@ -126,15 +126,15 @@ int main(int argc, char *argv[]) - * call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - /* check what authentication methods are available */ - userauthlist = libssh2_userauth_list(session, username, strlen(username)); -- printf("Authentication methods: %s\n", userauthlist); -+ fprintf(stderr, "Authentication methods: %s\n", userauthlist); - if (strstr(userauthlist, "password") != NULL) { - auth_pw |= 1; - } -@@ -161,31 +161,33 @@ int main(int argc, char *argv[]) - if (auth_pw & 1) { - /* We could authenticate via password */ - if (libssh2_userauth_password(session, username, password)) { -- printf("\tAuthentication by password failed!\n"); -+ fprintf(stderr, "\tAuthentication by password failed!\n"); - goto shutdown; - } else { -- printf("\tAuthentication by password succeeded.\n"); -+ fprintf(stderr, "\tAuthentication by password succeeded.\n"); - } - } else if (auth_pw & 2) { - /* Or via keyboard-interactive */ - if (libssh2_userauth_keyboard_interactive(session, username, - &kbd_callback) ) { -- printf("\tAuthentication by keyboard-interactive failed!\n"); -+ fprintf(stderr, -+ "\tAuthentication by keyboard-interactive failed!\n"); - goto shutdown; - } else { -- printf("\tAuthentication by keyboard-interactive succeeded.\n"); -+ fprintf(stderr, -+ "\tAuthentication by keyboard-interactive succeeded.\n"); - } - } else if (auth_pw & 4) { - /* Or by public key */ - if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, - keyfile2, password)) { -- printf("\tAuthentication by public key failed!\n"); -+ fprintf(stderr, "\tAuthentication by public key failed!\n"); - goto shutdown; - } else { -- printf("\tAuthentication by public key succeeded.\n"); -+ fprintf(stderr, "\tAuthentication by public key succeeded.\n"); - } - } else { -- printf("No supported authentication methods found!\n"); -+ fprintf(stderr, "No supported authentication methods found!\n"); - goto shutdown; - } - -@@ -250,7 +252,7 @@ int main(int argc, char *argv[]) - #else - close(sock); - #endif -- printf("all done!\n"); -+ fprintf(stderr, "all done!\n"); - - libssh2_exit(); - -diff --git a/example/ssh2_agent.c b/example/ssh2_agent.c -index 9ca1a42..231445f 100644 ---- a/example/ssh2_agent.c -+++ b/example/ssh2_agent.c -@@ -105,15 +105,15 @@ int main(int argc, char *argv[]) - * call - */ - fingerprint = libssh2_hostkey_hash(session, LIBSSH2_HOSTKEY_HASH_SHA1); -- printf("Fingerprint: "); -+ fprintf(stderr, "Fingerprint: "); - for(i = 0; i < 20; i++) { -- printf("%02X ", (unsigned char)fingerprint[i]); -+ fprintf(stderr, "%02X ", (unsigned char)fingerprint[i]); - } -- printf("\n"); -+ fprintf(stderr, "\n"); - - /* check what authentication methods are available */ - userauthlist = libssh2_userauth_list(session, username, strlen(username)); -- printf("Authentication methods: %s\n", userauthlist); -+ fprintf(stderr, "Authentication methods: %s\n", userauthlist); - if (strstr(userauthlist, "publickey") == NULL) { - fprintf(stderr, "\"publickey\" authentication is not supported\n"); - goto shutdown; -@@ -147,11 +147,11 @@ int main(int argc, char *argv[]) - goto shutdown; - } - if (libssh2_agent_userauth(agent, username, identity)) { -- printf("\tAuthentication with username %s and " -+ fprintf(stderr, "\tAuthentication with username %s and " - "public key %s failed!\n", - username, identity->comment); - } else { -- printf("\tAuthentication with username %s and " -+ fprintf(stderr, "\tAuthentication with username %s and " - "public key %s succeeded!\n", - username, identity->comment); - break; -@@ -234,7 +234,7 @@ int main(int argc, char *argv[]) - #endif - } - -- printf("all done!\n"); -+ fprintf(stderr, "all done!\n"); - - libssh2_exit(); - -diff --git a/example/ssh2_echo.c b/example/ssh2_echo.c -index 1fd8f3f..2430e33 100644 ---- a/example/ssh2_echo.c -+++ b/example/ssh2_echo.c -@@ -327,7 +327,7 @@ int main(int argc, char *argv[]) - } - - if (exitsignal) -- printf("\nGot signal: %s\n", exitsignal); -+ fprintf(stderr, "\nGot signal: %s\n", exitsignal); - - libssh2_channel_free(channel); - channel = NULL; -diff --git a/example/ssh2_exec.c b/example/ssh2_exec.c -index e5b151d..d47761c 100644 ---- a/example/ssh2_exec.c -+++ b/example/ssh2_exec.c -@@ -292,9 +292,9 @@ int main(int argc, char *argv[]) - } - - if (exitsignal) -- printf("\nGot signal: %s\n", exitsignal); -+ fprintf(stderr, "\nGot signal: %s\n", exitsignal); - else -- printf("\nEXIT: %d bytecount: %d\n", exitcode, bytecount); -+ fprintf(stderr, "\nEXIT: %d bytecount: %d\n", exitcode, bytecount); - - libssh2_channel_free(channel); - channel = NULL; -diff --git a/example/subsystem_netconf.c b/example/subsystem_netconf.c -index 708113b..6f83661 100644 ---- a/example/subsystem_netconf.c -+++ b/example/subsystem_netconf.c -@@ -173,7 +173,7 @@ int main(int argc, char *argv[]) - - /* check what authentication methods are available */ - userauthlist = libssh2_userauth_list(session, username, strlen(username)); -- printf("Authentication methods: %s\n", userauthlist); -+ fprintf(stderr, "Authentication methods: %s\n", userauthlist); - if (strstr(userauthlist, "password")) - auth |= AUTH_PASSWORD; - if (strstr(userauthlist, "publickey")) -@@ -195,12 +195,12 @@ int main(int argc, char *argv[]) - } else if (auth & AUTH_PUBLICKEY) { - if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, - keyfile2, password)) { -- printf("Authentication by public key failed!\n"); -+ fprintf(stderr, "Authentication by public key failed!\n"); - goto shutdown; - } -- printf("Authentication by public key succeeded.\n"); -+ fprintf(stderr, "Authentication by public key succeeded.\n"); - } else { -- printf("No supported authentication methods found!\n"); -+ fprintf(stderr, "No supported authentication methods found!\n"); - goto shutdown; - } - -@@ -223,7 +223,7 @@ int main(int argc, char *argv[]) - - /* NETCONF: http://tools.ietf.org/html/draft-ietf-netconf-ssh-06 */ - -- printf("Sending NETCONF client <hello>\n"); -+ fprintf(stderr, "Sending NETCONF client <hello>\n"); - snprintf(buf, sizeof(buf), - "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" - "<hello>" -@@ -235,14 +235,14 @@ int main(int argc, char *argv[]) - if (-1 == netconf_write(channel, buf, len)) - goto shutdown; - -- printf("Reading NETCONF server <hello>\n"); -+ fprintf(stderr, "Reading NETCONF server <hello>\n"); - len = netconf_read_until(channel, "</hello>", buf, sizeof(buf)); - if (-1 == len) - goto shutdown; - -- printf("Got %d bytes:\n----------------------\n%s", (int)len, buf); -+ fprintf(stderr, "Got %d bytes:\n----------------------\n%s", (int)len, buf); - -- printf("Sending NETCONF <rpc>\n"); -+ fprintf(stderr, "Sending NETCONF <rpc>\n"); - snprintf(buf, sizeof(buf), - "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n" - "<rpc xmlns=\"urn:ietf:params:xml:ns:netconf:base:1.0\">" -@@ -252,12 +252,12 @@ int main(int argc, char *argv[]) - if (-1 == netconf_write(channel, buf, len)) - goto shutdown; - -- printf("Reading NETCONF <rpc-reply>\n"); -+ fprintf(stderr, "Reading NETCONF <rpc-reply>\n"); - len = netconf_read_until(channel, "</rpc-reply>", buf, sizeof(buf)); - if (-1 == len) - goto shutdown; - -- printf("Got %d bytes:\n----------------------\n%s", (int)len, buf); -+ fprintf(stderr, "Got %d bytes:\n----------------------\n%s", (int)len, buf); - - shutdown: - if (channel) -diff --git a/example/tcpip-forward.c b/example/tcpip-forward.c -index a408b69..94d3cc8 100644 ---- a/example/tcpip-forward.c -+++ b/example/tcpip-forward.c -@@ -137,7 +137,7 @@ int main(int argc, char *argv[]) - - /* check what authentication methods are available */ - userauthlist = libssh2_userauth_list(session, username, strlen(username)); -- printf("Authentication methods: %s\n", userauthlist); -+ fprintf(stderr, "Authentication methods: %s\n", userauthlist); - if (strstr(userauthlist, "password")) - auth |= AUTH_PASSWORD; - if (strstr(userauthlist, "publickey")) -@@ -159,17 +159,17 @@ int main(int argc, char *argv[]) - } else if (auth & AUTH_PUBLICKEY) { - if (libssh2_userauth_publickey_fromfile(session, username, keyfile1, - keyfile2, password)) { -- printf("\tAuthentication by public key failed!\n"); -+ fprintf(stderr, "\tAuthentication by public key failed!\n"); - goto shutdown; - } -- printf("\tAuthentication by public key succeeded.\n"); -+ fprintf(stderr, "\tAuthentication by public key succeeded.\n"); - } else { -- printf("No supported authentication methods found!\n"); -+ fprintf(stderr, "No supported authentication methods found!\n"); - goto shutdown; - } - -- printf("Asking server to listen on remote %s:%d\n", remote_listenhost, -- remote_wantport); -+ fprintf(stderr, "Asking server to listen on remote %s:%d\n", -+ remote_listenhost, remote_wantport); - - listener = libssh2_channel_forward_listen_ex(session, remote_listenhost, - remote_wantport, &remote_listenport, 1); -@@ -180,10 +180,10 @@ int main(int argc, char *argv[]) - goto shutdown; - } - -- printf("Server is listening on %s:%d\n", remote_listenhost, -+ fprintf(stderr, "Server is listening on %s:%d\n", remote_listenhost, - remote_listenport); - -- printf("Waiting for remote connection\n"); -+ fprintf(stderr, "Waiting for remote connection\n"); - channel = libssh2_channel_forward_accept(listener); - if (!channel) { - fprintf(stderr, "Could not accept connection!\n" -@@ -192,7 +192,8 @@ int main(int argc, char *argv[]) - goto shutdown; - } - -- printf("Accepted remote connection. Connecting to local server %s:%d\n", -+ fprintf(stderr, -+ "Accepted remote connection. Connecting to local server %s:%d\n", - local_destip, local_destport); - forwardsock = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP); - sin.sin_family = AF_INET; -@@ -206,7 +207,7 @@ int main(int argc, char *argv[]) - goto shutdown; - } - -- printf("Forwarding connection from remote %s:%d to local %s:%d\n", -+ fprintf(stderr, "Forwarding connection from remote %s:%d to local %s:%d\n", - remote_listenhost, remote_listenport, local_destip, local_destport); - - /* Must use non-blocking IO hereafter due to the current libssh2 API */ -@@ -228,7 +229,7 @@ int main(int argc, char *argv[]) - perror("read"); - goto shutdown; - } else if (0 == len) { -- printf("The local server at %s:%d disconnected!\n", -+ fprintf(stderr, "The local server at %s:%d disconnected!\n", - local_destip, local_destport); - goto shutdown; - } -@@ -260,7 +261,7 @@ int main(int argc, char *argv[]) - wr += i; - } - if (libssh2_channel_eof(channel)) { -- printf("The remote client at %s:%d disconnected!\n", -+ fprintf(stderr, "The remote client at %s:%d disconnected!\n", - remote_listenhost, remote_listenport); - goto shutdown; - } --- -1.7.1 - diff --git a/libssh2-1.4.2-fips.patch b/libssh2-1.4.2-fips.patch deleted file mode 100644 index 38d49af..0000000 --- a/libssh2-1.4.2-fips.patch +++ /dev/null @@ -1,334 +0,0 @@ -From 43b730ce56f010e9d33573fcb020df49798c1ed8 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Mon, 10 Sep 2012 15:32:40 +0200 -Subject: [PATCH 1/4] kex: do not ignore failure of libssh2_md5_init() - -The MD5 algorithm is disabled when running in FIPS mode. ---- - src/hostkey.c | 4 +++- - src/kex.c | 13 +++++++++---- - src/libgcrypt.h | 6 +++++- - src/libssh2_priv.h | 1 + - src/openssl.h | 3 +++ - 5 files changed, 21 insertions(+), 6 deletions(-) - -diff --git a/src/hostkey.c b/src/hostkey.c -index 53f7479..753563d 100644 ---- a/src/hostkey.c -+++ b/src/hostkey.c -@@ -429,7 +429,9 @@ libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type) - switch (hash_type) { - #if LIBSSH2_MD5 - case LIBSSH2_HOSTKEY_HASH_MD5: -- return (char *) session->server_hostkey_md5; -+ return (session->server_hostkey_md5_valid) -+ ? (char *) session->server_hostkey_md5 -+ : NULL; - break; - #endif /* LIBSSH2_MD5 */ - case LIBSSH2_HOSTKEY_HASH_SHA1: -diff --git a/src/kex.c b/src/kex.c -index 0a72cb7..07e717f 100644 ---- a/src/kex.c -+++ b/src/kex.c -@@ -218,10 +218,15 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session, - { - libssh2_md5_ctx fingerprint_ctx; - -- libssh2_md5_init(&fingerprint_ctx); -- libssh2_md5_update(fingerprint_ctx, session->server_hostkey, -- session->server_hostkey_len); -- libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5); -+ if (libssh2_md5_init(&fingerprint_ctx)) { -+ libssh2_md5_update(fingerprint_ctx, session->server_hostkey, -+ session->server_hostkey_len); -+ libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5); -+ session->server_hostkey_md5_valid = TRUE; -+ } -+ else { -+ session->server_hostkey_md5_valid = FALSE; -+ } - } - #ifdef LIBSSH2DEBUG - { -diff --git a/src/libgcrypt.h b/src/libgcrypt.h -index 04516e5..1f0276e 100644 ---- a/src/libgcrypt.h -+++ b/src/libgcrypt.h -@@ -68,7 +68,11 @@ - gcry_md_hash_buffer (GCRY_MD_SHA1, out, message, len) - - #define libssh2_md5_ctx gcry_md_hd_t --#define libssh2_md5_init(ctx) gcry_md_open (ctx, GCRY_MD_MD5, 0); -+ -+/* returns 0 in case of failure */ -+#define libssh2_md5_init(ctx) \ -+ (GPG_ERR_NO_ERROR == gcry_md_open (ctx, GCRY_MD_MD5, 0)) -+ - #define libssh2_md5_update(ctx, data, len) gcry_md_write (ctx, data, len) - #define libssh2_md5_final(ctx, out) \ - memcpy (out, gcry_md_read (ctx, 0), MD5_DIGEST_LENGTH), gcry_md_close (ctx) -diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h -index 23fbc65..196864d 100644 ---- a/src/libssh2_priv.h -+++ b/src/libssh2_priv.h -@@ -597,6 +597,7 @@ struct _LIBSSH2_SESSION - uint32_t server_hostkey_len; - #if LIBSSH2_MD5 - unsigned char server_hostkey_md5[MD5_DIGEST_LENGTH]; -+ int server_hostkey_md5_valid; - #endif /* ! LIBSSH2_MD5 */ - unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH]; - -diff --git a/src/openssl.h b/src/openssl.h -index 6d2aeed..4835ab6 100644 ---- a/src/openssl.h -+++ b/src/openssl.h -@@ -113,7 +113,10 @@ - void libssh2_sha1(const unsigned char *message, unsigned long len, unsigned char *out); - - #define libssh2_md5_ctx EVP_MD_CTX -+ -+/* returns 0 in case of failure */ - #define libssh2_md5_init(ctx) EVP_DigestInit(ctx, EVP_get_digestbyname("md5")) -+ - #define libssh2_md5_update(ctx, data, len) EVP_DigestUpdate(&(ctx), data, len) - #define libssh2_md5_final(ctx, out) EVP_DigestFinal(&(ctx), out, NULL) - void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char *out); --- -1.7.1 - - -From bfbb5a4dc75c04b3532063c03b80796dd6d69da4 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Mon, 10 Sep 2012 15:59:16 +0200 -Subject: [PATCH 2/4] openssl: do not ignore failure of EVP_CipherInit() - ---- - src/openssl.c | 3 +-- - 1 files changed, 1 insertions(+), 2 deletions(-) - -diff --git a/src/openssl.c b/src/openssl.c -index 481982c..c61cb0e 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -175,8 +175,7 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h, - unsigned char *iv, unsigned char *secret, int encrypt) - { - EVP_CIPHER_CTX_init(h); -- EVP_CipherInit(h, algo(), secret, iv, encrypt); -- return 0; -+ return !EVP_CipherInit(h, algo(), secret, iv, encrypt); - } - - int --- -1.7.1 - - -From 5d567faecce45a891de2a3e10fad7b221a4f6540 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Tue, 11 Sep 2012 09:33:34 +0200 -Subject: [PATCH 3/4] crypt: use hard-wired cipher block sizes consistently - ---- - src/crypt.c | 8 +++++--- - src/crypto.h | 2 +- - src/libgcrypt.c | 8 +------- - src/libssh2_priv.h | 2 +- - src/openssl.c | 7 +------ - src/transport.c | 3 ++- - 6 files changed, 11 insertions(+), 19 deletions(-) - -diff --git a/src/crypt.c b/src/crypt.c -index 93d99c4..931ae8b 100644 ---- a/src/crypt.c -+++ b/src/crypt.c -@@ -96,11 +96,12 @@ crypt_init(LIBSSH2_SESSION * session, - - static int - crypt_encrypt(LIBSSH2_SESSION * session, unsigned char *block, -- void **abstract) -+ size_t blocksize, void **abstract) - { - struct crypt_ctx *cctx = *(struct crypt_ctx **) abstract; - (void) session; -- return _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block); -+ return _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block, -+ blocksize); - } - - static int -@@ -248,7 +249,8 @@ crypt_init_arcfour128(LIBSSH2_SESSION * session, - unsigned char block[8]; - size_t discard = 1536; - for (; discard; discard -= 8) -- _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block); -+ _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block, -+ method->blocksize); - } - - return rc; -diff --git a/src/crypto.h b/src/crypto.h -index 8cf34f5..5dc5931 100644 ---- a/src/crypto.h -+++ b/src/crypto.h -@@ -103,7 +103,7 @@ int _libssh2_cipher_init(_libssh2_cipher_ctx * h, - - int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, - _libssh2_cipher_type(algo), -- int encrypt, unsigned char *block); -+ int encrypt, unsigned char *block, size_t blocksize); - - int _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session, - unsigned char **method, -diff --git a/src/libgcrypt.c b/src/libgcrypt.c -index 5c2787b..29770c7 100644 ---- a/src/libgcrypt.c -+++ b/src/libgcrypt.c -@@ -553,17 +553,11 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h, - int - _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, - _libssh2_cipher_type(algo), -- int encrypt, unsigned char *block) -+ int encrypt, unsigned char *block, size_t blklen) - { - int cipher = _libssh2_gcry_cipher (algo); -- size_t blklen = gcry_cipher_get_algo_blklen(cipher); - int ret; - -- if (blklen == 1) { --/* Hack for arcfour. */ -- blklen = 8; -- } -- - if (encrypt) { - ret = gcry_cipher_encrypt(*ctx, block, blklen, block, blklen); - } else { -diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h -index 196864d..4ec9f73 100644 ---- a/src/libssh2_priv.h -+++ b/src/libssh2_priv.h -@@ -883,7 +883,7 @@ struct _LIBSSH2_CRYPT_METHOD - int *free_iv, unsigned char *secret, int *free_secret, - int encrypt, void **abstract); - int (*crypt) (LIBSSH2_SESSION * session, unsigned char *block, -- void **abstract); -+ size_t blocksize, void **abstract); - int (*dtor) (LIBSSH2_SESSION * session, void **abstract); - - _libssh2_cipher_type(algo); -diff --git a/src/openssl.c b/src/openssl.c -index c61cb0e..8643591 100644 ---- a/src/openssl.c -+++ b/src/openssl.c -@@ -181,18 +181,13 @@ _libssh2_cipher_init(_libssh2_cipher_ctx * h, - int - _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, - _libssh2_cipher_type(algo), -- int encrypt, unsigned char *block) -+ int encrypt, unsigned char *block, size_t blocksize) - { -- int blocksize = ctx->cipher->block_size; - unsigned char buf[EVP_MAX_BLOCK_LENGTH]; - int ret; - (void) algo; - (void) encrypt; - -- if (blocksize == 1) { --/* Hack for arcfour. */ -- blocksize = 8; -- } - ret = EVP_Cipher(ctx, buf, block, blocksize); - if (ret == 1) { - memcpy(block, buf, blocksize); -diff --git a/src/transport.c b/src/transport.c -index 15425b9..b4ec037 100644 ---- a/src/transport.c -+++ b/src/transport.c -@@ -139,7 +139,7 @@ decrypt(LIBSSH2_SESSION * session, unsigned char *source, - assert((len % blocksize) == 0); - - while (len >= blocksize) { -- if (session->remote.crypt->crypt(session, source, -+ if (session->remote.crypt->crypt(session, source, blocksize, - &session->remote.crypt_abstract)) { - LIBSSH2_FREE(session, p->payload); - return LIBSSH2_ERROR_DECRYPT; -@@ -834,6 +834,7 @@ int _libssh2_transport_send(LIBSSH2_SESSION *session, - for(i = 0; i < packet_length; i += session->local.crypt->blocksize) { - unsigned char *ptr = &p->outbuf[i]; - if (session->local.crypt->crypt(session, ptr, -+ session->local.crypt->blocksize, - &session->local.crypt_abstract)) - return LIBSSH2_ERROR_ENCRYPT; /* encryption failure */ - } --- -1.7.1 - - -From 9f6fd5af8282ef82c0ff8d89cf9ebc121bb35b59 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Tue, 11 Sep 2012 09:02:31 +0200 -Subject: [PATCH 4/4] Revert "aes: the init function fails when OpenSSL has AES support" - -This partially reverts commit f4f2298ef3635acd031cc2ee0e71026cdcda5864. - -We need to use the EVP_aes_???_ctr() functions in FIPS mode. ---- - src/openssl.h | 6 ++++++ - 1 files changed, 6 insertions(+), 0 deletions(-) - -diff --git a/src/openssl.h b/src/openssl.h -index 4835ab6..6f21a1a 100644 ---- a/src/openssl.h -+++ b/src/openssl.h -@@ -151,9 +151,15 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char - #define _libssh2_cipher_aes256 EVP_aes_256_cbc - #define _libssh2_cipher_aes192 EVP_aes_192_cbc - #define _libssh2_cipher_aes128 EVP_aes_128_cbc -+#ifdef HAVE_EVP_AES_128_CTR -+#define _libssh2_cipher_aes128ctr EVP_aes_128_ctr -+#define _libssh2_cipher_aes192ctr EVP_aes_192_ctr -+#define _libssh2_cipher_aes256ctr EVP_aes_256_ctr -+#else - #define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr - #define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr - #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr -+#endif - #define _libssh2_cipher_blowfish EVP_bf_cbc - #define _libssh2_cipher_arcfour EVP_rc4 - #define _libssh2_cipher_cast5 EVP_cast5_cbc --- -1.7.1 - -From fe8f3deb480d1fcef0d720e6b9acabbd640fe7c3 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Thu, 1 Nov 2012 14:57:06 +0100 -Subject: [PATCH] libssh2_hostkey_hash.3: update the description of return value - -The function returns NULL also if the hash algorithm is not available. ---- - docs/libssh2_hostkey_hash.3 | 7 ++++--- - 1 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/docs/libssh2_hostkey_hash.3 b/docs/libssh2_hostkey_hash.3 -index f78831c..c2f1644 100644 ---- a/docs/libssh2_hostkey_hash.3 -+++ b/docs/libssh2_hostkey_hash.3 -@@ -18,8 +18,9 @@ Returns the computed digest of the remote system's hostkey. The length of - the returned string is hash_type specific (e.g. 16 bytes for MD5, - 20 bytes for SHA1). - .SH RETURN VALUE --Computed hostkey hash value. or NULL if the session has not yet been started --up. (The hash consists of raw binary bytes, not hex digits, so is not --directly printable.) -+Computed hostkey hash value, or NULL if the information is not available -+(either the session has not yet been started up, or the requested hash -+algorithm was not available). The hash consists of raw binary bytes, not hex -+digits, so it is not directly printable. - .SH SEE ALSO - .BR libssh2_session_init_ex(3) --- -1.7.1 - diff --git a/libssh2.spec b/libssh2.spec index cff63e8..7ea624f 100644 --- a/libssh2.spec +++ b/libssh2.spec @@ -8,16 +8,14 @@ %endif Name: libssh2 -Version: 1.4.2 -Release: 4%{?dist} +Version: 1.4.3 +Release: 1%{?dist} Summary: A library implementing the SSH2 protocol Group: System Environment/Libraries License: BSD URL: http://www.libssh2.org/ Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz Patch0: libssh2-1.4.2-utf8.patch -Patch1: libssh2-1.4.2-fips.patch -Patch2: libssh2-1.4.2-examples.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) BuildRequires: openssl-devel BuildRequires: zlib-devel @@ -67,12 +65,6 @@ developing applications that use libssh2. # Make sure things are UTF-8... %patch0 -p1 -# Make sure libssh2 works in FIPS mode... -%patch1 -p1 - -# examples: use stderr for messages, stdout for data -%patch2 -p1 - # Make sshd transition appropriately if building in an SELinux environment %if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7) chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : @@ -136,13 +128,29 @@ rm -rf %{buildroot} %{_libdir}/pkgconfig/libssh2.pc %changelog +* Wed Nov 28 2012 Paul Howarth <paul@city-fan.org> 1.4.3-1 +- Update to 1.4.3 + - compression: add support for zlib@openssh.com + - sftp_read: return error if a too large package arrives + - libssh2_hostkey_hash.3: update the description of return value + - Fixed MSVC NMakefile + - examples: use stderr for messages, stdout for data + - openssl: do not leak memory when handling errors + - improved handling of disabled MD5 algorithm in OpenSSL + - known_hosts: Fail when parsing unknown keys in known_hosts file + - configure: gcrypt doesn't come with pkg-config support + - session_free: wrong variable used for keeping state + - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL + - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating +- Drop upstreamed patches + * Wed Nov 07 2012 Kamil Dudka <kdudka@redhat.com> 1.4.2-4 - examples: use stderr for messages, stdout for data (upstream commit b31e35ab) -- update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) +- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) * Wed Sep 26 2012 Kamil Dudka <kdudka@redhat.com> 1.4.2-3 -- fix basic functionality of libssh2 in FIPS mode -- skip SELinux-related quirks on recent distros to prevent a test-suite failure +- Fix basic functionality of libssh2 in FIPS mode +- Skip SELinux-related quirks on recent distros to prevent a test-suite failure * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild @@ -1 +1 @@ -42e2b3796ac07fc1dbafc7abcc002cd3 libssh2-1.4.2.tar.gz +071004c60c5d6f90354ad1b701013a0b libssh2-1.4.3.tar.gz |