From 8f106e1af22bed118382e15446f5229ce3fbfed2 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: Thu, 20 Jun 2019 11:22:28 +0100 Subject: Update to 1.9.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - New upstream release 1.9.0 - Adds ECDSA keys and host key support when using OpenSSL - Adds ED25519 key and host key support when using OpenSSL 1.1.1 - Adds OpenSSH style key file reading - Adds AES CTR mode support when using WinCNG - Adds PEM passphrase protected file support for libgcrypt and WinCNG - Adds SHA256 hostkey fingerprint - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() - Adds explicit zeroing of sensitive data in memory - Adds additional bounds checks to network buffer reads - Adds the ability to use the server default permissions when creating sftp directories - Adds support for building with OpenSSL no engine flag - Adds support for building with LibreSSL - Increased sftp packet size to 256k - Fixed oversized packet handling in sftp - Fixed building with OpenSSL 1.1 - Fixed a possible crash if sftp stat gets an unexpected response - Fixed incorrect parsing of the KEX preference string value - Fixed conditional RSA and AES-CTR support - Fixed a small memory leak during the key exchange process - Fixed a possible memory leak of the ssh banner string - Fixed various small memory leaks in the backends - Fixed possible out of bounds read when parsing public keys from the server - Fixed possible out of bounds read when parsing invalid PEM files - No longer null terminates the scp remote exec command - Now handle errors when Diffie Hellman key pair generation fails - Fixed compiling on Windows with the flag STDCALL=ON - Improved building instructions - Improved unit tests - Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed - Modernize spec somewhat as EL-6 can no longer be supported --- ...NUL-terminate-the-command-for-remote-exec.patch | 45 ---------------------- 1 file changed, 45 deletions(-) delete mode 100644 0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch (limited to '0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch') diff --git a/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch b/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch deleted file mode 100644 index a6881dd..0000000 --- a/0001-scp-do-not-NUL-terminate-the-command-for-remote-exec.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 819ef4f2037490b6aa2e870aea851b6364184090 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka -Date: Mon, 11 Sep 2017 21:13:45 +0200 -Subject: [PATCH] scp: do not NUL-terminate the command for remote exec (#208) - -It breaks SCP download/upload from/to certain server implementations. - -The bug does not manifest with OpenSSH, which silently drops the NUL -byte (eventually with any garbage that follows the NUL byte) before -executing it. - -Bug: https://bugzilla.redhat.com/1489736 ---- - src/scp.c | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/scp.c b/src/scp.c -index 22778dd..d1665a6 100644 ---- a/src/scp.c -+++ b/src/scp.c -@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, libssh2_struct_stat * sb) - &session->scpRecv_command[cmd_len], - session->scpRecv_command_len - cmd_len); - -- session->scpRecv_command[cmd_len] = '\0'; -- session->scpRecv_command_len = cmd_len + 1; -+ /* the command to exec should _not_ be NUL-terminated */ -+ session->scpRecv_command_len = cmd_len; - - _libssh2_debug(session, LIBSSH2_TRACE_SCP, - "Opening channel for SCP receive"); -@@ -845,8 +845,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode, - &session->scpSend_command[cmd_len], - session->scpSend_command_len - cmd_len); - -- session->scpSend_command[cmd_len] = '\0'; -- session->scpSend_command_len = cmd_len + 1; -+ /* the command to exec should _not_ be NUL-terminated */ -+ session->scpSend_command_len = cmd_len; - - _libssh2_debug(session, LIBSSH2_TRACE_SCP, - "Opening channel for SCP send"); --- -2.9.5 - -- cgit