From 084f455e1501829e1762f46c6eeb9915dd2eb495 Mon Sep 17 00:00:00 2001 From: B Stack Date: Tue, 17 Sep 2019 14:38:29 -0400 Subject: libssh 1.9.0 from city-fan Add here, with tests disabled, for the copr so we can build FreeFileSync without external repos. --- libssh2/libssh2-1.7.0-pkgconfig.patch | 13 + libssh2/libssh2.spec | 801 ++++++++++++++++++++++++++++++++++ 2 files changed, 814 insertions(+) create mode 100644 libssh2/libssh2-1.7.0-pkgconfig.patch create mode 100644 libssh2/libssh2.spec diff --git a/libssh2/libssh2-1.7.0-pkgconfig.patch b/libssh2/libssh2-1.7.0-pkgconfig.patch new file mode 100644 index 0000000..838c234 --- /dev/null +++ b/libssh2/libssh2-1.7.0-pkgconfig.patch @@ -0,0 +1,13 @@ +Remove libdir from pkg-config --libs output, as it's a standard place +on Fedora + +--- libssh2.pc.in ++++ libssh2.pc.in +@@ -12,6 +12,6 @@ URL: http://www.libssh2.org/ + Description: Library for SSH-based communication + Version: @LIBSSH2VER@ + Requires.private: @LIBSREQUIRED@ +-Libs: -L${libdir} -lssh2 @LIBS@ ++Libs: -lssh2 @LIBS@ + Libs.private: @LIBS@ + Cflags: -I${includedir} diff --git a/libssh2/libssh2.spec b/libssh2/libssh2.spec new file mode 100644 index 0000000..2c38eeb --- /dev/null +++ b/libssh2/libssh2.spec @@ -0,0 +1,801 @@ +# Detect the distribution in use +%global __despace head -n 1 | tr -d '[:space:]' | sed -e 's/[(].*[)]//g' +%global __lower4 cut -c 1-4 | tr '[:upper:]' '[:lower:]' +%global __distfile %([ -f /etc/SuSE-release ] && echo /etc/SuSE-release || echo /etc/redhat-release) +%global __distinit %(sed -e 's/ release .*//' -e 's/\\([A-Za-z]\\)[^ ]*/\\1/g' %{__distfile} | %{__despace} | %{__lower4}) +%global __distvers %(sed -e 's/.* release \\([^. ]*\\).*/\\1/' %{__distfile} | %{__despace}) +# Identify CentOS Linux and Scientific Linux as rhel +%if "%{__distinit}" == "c" || "%{__distinit}" == "cl" || "%{__distinit}" == "sl" || "%{__distinit}" == "sls" +%global __distinit rhel +%endif +# Dist tag for Fedora is still "fc" +%if "%{__distinit}" == "f" +%global __distinit fc +%endif + +# Define %%{__isa_bits} for old releases +%{!?__isa_bits: %global __isa_bits %((echo '#include '; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} + +Name: libssh2 +Version: 1.9.0 +Release: 2.0.stack.%{__distinit}%{__distvers} +Summary: A library implementing the SSH2 protocol +License: BSD +URL: http://www.libssh2.org/ +Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz +Patch0: libssh2-1.7.0-pkgconfig.patch +BuildRequires: coreutils +BuildRequires: findutils +BuildRequires: gcc +BuildRequires: make +BuildRequires: openssl-devel > 1:1.0.1 +BuildRequires: pkgconfig +BuildRequires: sed +BuildRequires: zlib-devel +BuildRequires: /usr/bin/man +%if 0%{?fedora} > 20 || 0%{?rhel} > 7 +BuildRequires: hostname +%else +BuildRequires: /bin/hostname +%endif +# OpenSSH server used in test suite +BuildRequires: openssh-server +# Need a valid locale to run the mansyntax check +%if 0%{?fedora} > 23 || 0%{?rhel} > 7 +BuildRequires: glibc-langpack-en +%endif +# We use matchpathcon from libselinux-utils to get the correct SELinux context +# for the ssh server initialization script so that it can transition correctly +# in an SELinux environment +BuildRequires: libselinux-utils +BuildRequires: selinux-policy-targeted + +%description +libssh2 is a library implementing the SSH2 protocol as defined by +Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), +SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, +SECSH-DHGEX(04), and SECSH-NUMBERS(10). + +%package devel +Summary: Development files for libssh2 +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description devel +The libssh2-devel package contains libraries and header files for +developing applications that use libssh2. + +%package docs +Summary: Documentation for libssh2 +Requires: %{name} = %{version}-%{release} +BuildArch: noarch + +%description docs +The libssh2-docs package contains man pages and examples for +developing applications that use libssh2. + +%prep +%setup -q + +# Replace hard wired port number in the test suite to avoid collisions +# between 32-bit and 64-bit builds running on a single build-host +sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh} + +# Fix pkg-config --libs output (#1279966) +%patch0 + +# Make sshd transition appropriately if building in an SELinux environment +chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : +chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || : +chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || : + +%build +export CPPFLAGS="$(pkg-config --cflags openssl)" +%configure --disable-silent-rules --disable-static --enable-shared +make %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} INSTALL="install -p" +find %{buildroot} -name '*.la' -delete + +# clean things up a bit for packaging +make -C example clean +rm -rf example/.deps +find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete + +# avoid multilib conflict on libssh2-devel +mv -v example example.%{_arch} + +%check +echo "Running tests for %{_arch}" +# The SSH test will fail if we don't have /dev/tty, as is the case in some +# versions of mock (#672713) +if [ ! -c /dev/tty ]; then + echo Skipping SSH test due to missing /dev/tty + echo "exit 0" > tests/ssh2.sh +fi +# Apparently it fails in the sparc and arm buildsystems too +%ifarch %{sparc} %{arm} +echo Skipping SSH test on sparc/arm +echo "exit 0" > tests/ssh2.sh +%endif +# mansyntax check fails on PPC* and aarch64 with some strange locale error +%ifarch ppc %{power64} aarch64 +echo "Skipping mansyntax test on PPC* and aarch64" +echo "exit 0" > tests/mansyntax.sh +%endif +# stackrpms: disable tests for copr build +#LC_ALL=en_US.UTF-8 make -C tests check + +%if (0%{?rhel} && 0%{?rhel} <= 7) || (0%{?fedora} && 0%{?fedora} <= 27) +# ldconfig replaced by RPM File Triggers from Fedora 28 +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig +%endif + +%files +%if 0%{?_licensedir:1} +%license COPYING +%else +%doc COPYING +%endif +%doc docs/AUTHORS ChangeLog README RELEASE-NOTES +%{_libdir}/libssh2.so.1 +%{_libdir}/libssh2.so.1.* + +%files docs +%doc docs/BINDINGS docs/HACKING docs/TODO NEWS +%{_mandir}/man3/libssh2_*.3* + +%files devel +%doc example.%{_arch}/ +%{_includedir}/libssh2.h +%{_includedir}/libssh2_publickey.h +%{_includedir}/libssh2_sftp.h +%{_libdir}/libssh2.so +%{_libdir}/pkgconfig/libssh2.pc + +%changelog +* Tue Sep 17 2019 Ben Stack - 1.9.0-2.0.stack +- Disable tests so it will build in copr + +* Fri Jul 26 2019 Paul Howarth - 1.9.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Jun 20 2019 Paul Howarth - 1.9.0-1.0.cf +- Update to 1.9.0 + - Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115) + - Adds ECDSA keys and host key support when using OpenSSL + - Adds ED25519 key and host key support when using OpenSSL 1.1.1 + - Adds OpenSSH style key file reading + - Adds AES CTR mode support when using WinCNG + - Adds PEM passphrase protected file support for libgcrypt and WinCNG + - Adds SHA256 hostkey fingerprint + - Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path() + - Adds explicit zeroing of sensitive data in memory + - Adds additional bounds checks to network buffer reads + - Adds the ability to use the server default permissions when creating sftp directories + - Adds support for building with OpenSSL no engine flag + - Adds support for building with LibreSSL + - Increased sftp packet size to 256k + - Fixed oversized packet handling in sftp + - Fixed building with OpenSSL 1.1 + - Fixed a possible crash if sftp stat gets an unexpected response + - Fixed incorrect parsing of the KEX preference string value + - Fixed conditional RSA and AES-CTR support + - Fixed a small memory leak during the key exchange process + - Fixed a possible memory leak of the ssh banner string + - Fixed various small memory leaks in the backends + - Fixed possible out of bounds read when parsing public keys from the server + - Fixed possible out of bounds read when parsing invalid PEM files + - No longer null terminates the scp remote exec command + - Now handle errors when Diffie Hellman key pair generation fails + - Fixed compiling on Windows with the flag STDCALL=ON + - Improved building instructions + - Improved unit tests +- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed + +* Tue Mar 26 2019 Paul Howarth - 1.8.2-1.0.cf +- Update to 1.8.2 + - Fixed the misapplied userauth patch that broke 1.8.1 + - Moved the MAX size declarations from the public header + +* Tue Mar 19 2019 Paul Howarth - 1.8.1-1.0.cf +- Update to 1.8.1 + - Fixed possible integer overflow when reading a specially crafted packet + (CVE-2019-3855) + - Fixed possible integer overflow in userauth_keyboard_interactive with a + number of extremely long prompt strings (CVE-2019-3863) + - Fixed possible integer overflow if the server sent an extremely large + number of keyboard prompts (CVE-2019-3856) + - Fixed possible out of bounds read when processing a specially crafted + packet (CVE-2019-3861) + - Fixed possible integer overflow when receiving a specially crafted exit + signal message channel packet (CVE-2019-3857) + - Fixed possible out of bounds read when receiving a specially crafted exit + status message channel packet (CVE-2019-3862) + - Fixed possible zero byte allocation when reading a specially crafted SFTP + packet (CVE-2019-3858) + - Fixed possible out of bounds reads when processing specially crafted SFTP + packets (CVE-2019-3860) + - Fixed possible out of bounds reads in _libssh2_packet_require(v) + (CVE-2019-3859) +- Fix mis-applied patch in the fix of CVE-2019-3859 + - https://github.com/libssh2/libssh2/issues/325 + - https://github.com/libssh2/libssh2/pull/327 + +* Mon Feb 4 2019 Paul Howarth - 1.8.0-10.0.cf +- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky + locale settings in mock builders + +* Fri Jul 13 2018 Paul Howarth - 1.8.0-8.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 14 2018 Paul Howarth - 1.8.0-7.0.cf +- ldconfig replaced by RPM File Triggers from Fedora 28 + +* Tue Sep 12 2017 Paul Howarth - 1.8.0-5.0.cf +- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208) +- Make devel package dependency on main package arch-specific + +* Thu Jul 27 2017 Paul Howarth - 1.8.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Paul Howarth - 1.8.0-3.0.cf +- Drop support for EOL distributions prior to F-13 + - Drop BuildRoot: and Group: tags + - Drop explicit buildroot cleaning in %%install section + - Drop explicit %%clean section + - noarch sub-packages always available now + - libselinux-utils always available now + +* Sat Feb 11 2017 Paul Howarth - 1.8.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Oct 25 2016 Paul Howarth - 1.8.0-1.0.cf +- Update to 1.8.0 + - Added a basic dockerised test suite + - crypto: Add support for the mbedTLS backend + - libgcrypt: Fixed a NULL pointer dereference on OOM + - VMS: Can't use %%zd for off_t format + - VMS: Update vms/libssh2_config.h + - Windows: Link with crypt32.lib + - libssh2_channel_open: Speeling error fixed in channel error message + - msvc: Fixed 14 compilation warnings + - tests: HAVE_NETINET_IN_H was not defined correctly + - openssl: Add OpenSSL 1.1.0 compatibility + - cmake: Add CLEAR_MEMORY option, analogously to that for autoconf + - configure: Make the --with-* options override the OpenSSL default + - libssh2_wait_socket: Set err_msg on errors + - libssh2_wait_socket: Fix comparison with api_timeout to use milliseconds + +* Thu Oct 20 2016 Paul Howarth - 1.7.0-7.0.cf +- Make curl test suite work again with valgrind enabled + +* Wed Oct 12 2016 Paul Howarth - 1.7.0-6.0.cf +- Include upstream fix for OpenSSL 1.1.0 compatibility + +* Sun Mar 6 2016 Paul Howarth - 1.7.0-5.0.cf +- Move large NEWS file to docs package +- Use -delete with find + +* Wed Feb 24 2016 Paul Howarth - 1.7.0-3.0.cf +- diffie_hellman_sha1: Convert bytes to bits (additional fix for CVE-2016-0787) +- Drop UTF-8 patch, which breaks things rather than fixes them + +* Tue Feb 23 2016 Paul Howarth - 1.7.0-1.0.cf +- Update to 1.7.0 + - diffie_hellman_sha256: convert bytes to bits (CVE-2016-0787); see + http://www.libssh2.org/adv_20160223.html + - libssh2_session_set_last_error: Add function + - mac: Add support for HMAC-SHA-256 and HMAC-SHA-512 + - WinCNG: support for SHA256/512 HMAC + - kex: Added diffie-hellman-group-exchange-sha256 support + - OS/400 crypto library QC3 support + - SFTP: Increase speed and datasize in SFTP read + - openssl: Make libssh2_sha1 return error code + - openssl: Fix memleak in _libssh2_dsa_sha1_verify() + - cmake: Include CMake files in the release tarballs + - Fix builds with Visual Studio 2015 + - hostkey.c: Fix compiling error when OPENSSL_NO_MD5 is defined + - GNUmakefile: Add support for LIBSSH2_LDFLAG_EXTRAS + - GNUmakefile: Add -m64 CFLAGS when targeting mingw64 + - kex: free server host key before allocating it (again) + - SCP: Add libssh2_scp_recv2 to support large (> 2GB) files on windows + - channel: Detect bad usage of libssh2_channel_process_startup + - userauth: Fix off by one error when reading public key file + - kex: Removed dupe entry from libssh2_kex_methods + - _libssh2_error: Support allocating the error message + - hostkey: Fix invalid memory access if libssh2_dsa_new fails + - hostkey: Align code path of ssh_rsa_init to ssh_dss_init + - libssh2.pc.in: Fix the output of pkg-config --libs + - wincng: Fixed possible memory leak in _libssh2_wincng_hash + - wincng: Fixed _libssh2_wincng_hash_final return value + - Add OpenSSL 1.1.0-pre2 compatibility + - agent_disconnect_unix: Unset the agent fd after closing it + - sftp: Stop reading when buffer is full + - sftp: Send at least one read request before reading + - sftp: Don't return EAGAIN if data was written to buffer + - sftp: Check read packet file offset + - configure: build "silent" if possible + - openssl: Add OpenSSL 1.1.0-pre3-dev compatibility + - GNUmakefile: List system libs after user libs +- Update pkgconfig patch + +* Thu Feb 4 2016 Paul Howarth - 1.6.0-4.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Tue Nov 10 2015 Paul Howarth - 1.6.0-3.0.cf +- Fix pkg-config --libs output (#1279966) + +* Thu Jun 18 2015 Paul Howarth - 1.6.0-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Sun Jun 14 2015 Paul Howarth - 1.6.0-1.0.cf +- Update to 1.6.0 + - Added CMake build system + - Added libssh2_userauth_publickey_frommemory() + - wait_socket: Wrong use of difftime() + - userauth: Fixed prompt text no longer being copied to the prompt's struct + - mingw build: Allow to pass custom CFLAGS + - Let mansyntax.sh work regardless of where it is called from + - Init HMAC_CTX before using it + - direct_tcpip: Fixed channel write + - WinCNG: Fixed backend breakage + - OpenSSL: Fix bug caused by introducing libssh2_hmac_ctx_init + - userauth.c: Fix possible dereferences of a null pointer + - wincng: Added explicit clear memory feature to WinCNG backend + - openssl.c: Fix possible segfault in case EVP_DigestInit fails + - wincng: Fix return code of libssh2_md5_init() + - kex: Do not ignore failure of libssh2_sha1_init() + - scp: Fix that scp_send may transmit uninitialized memory + - scp.c: Improved command length calculation + - nonblocking examples: Fix warning about unused tvdiff on Mac OS X + - configure: Make clear-memory default but WARN if backend unsupported + - OpenSSL: Enable use of OpenSSL that doesn't have DSA + - OpenSSL: Use correct no-blowfish #define + - kex: Fix libgcrypt memory leaks of bignum + - libssh2_channel_open: More detailed error message + - wincng: Fixed memleak in (block) cipher destructor + +* Wed Mar 11 2015 Paul Howarth - 1.5.0-1.0.cf +- Update to 1.5.0 + - Added Windows Cryptography API: Next Generation based backend + - Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded + - Missing _libssh2_error in _libssh2_channel_write + - knownhost: Fix DSS keys being detected as unknown + - knownhost: Restore behaviour of 'libssh2_knownhost_writeline' with short + buffer + - libssh2.h: On Windows, a socket is of type SOCKET, not int + - libssh2_priv.h: A 1 bit bit-field should be unsigned + - Windows build: Do not export externals from static library + - Fixed two potential use-after-frees of the payload buffer + - Fixed a few memory leaks in error paths + - userauth: Fixed an attempt to free from stack on error + - agent_list_identities: Fixed memory leak on OOM + - knownhosts: Abort if the hosts buffer is too small + - sftp_close_handle: Ensure the handle is always closed + - channel_close: Close the channel even in the case of errors + - Docs: Added missing libssh2_session_handshake.3 file + - Docs: Fixed a bunch of typos + - userauth_password: Pass on the underlying error code + - _libssh2_channel_forward_cancel: Accessed struct after free + - _libssh2_packet_add: Avoid using uninitialized memory + - _libssh2_channel_forward_cancel: Avoid memory leaks on error + - _libssh2_channel_write: Client spins on write when window full + - Windows build: Fix build errors + - publickey_packet_receive: Avoid junk in returned pointers + - channel_receive_window_adjust: Store windows size always + - userauth_hostbased_fromfile: Zero assign to avoid uninitialized use + - configure: Change LIBS not LDFLAGS when checking for libs + - agent_connect_unix: Make sure there's a trailing zero + - MinGW build: Fixed redefine warnings + - sftpdir.c: Added authentication method detection + - Watcom build: Added support for WinCNG build + - configure.ac: Replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS + - sftp_statvfs: Fix for servers not supporting statfvs extension + - knownhost.c: Use LIBSSH2_FREE macro instead of free + - Fixed compilation using mingw-w64 + - knownhost.c: Fixed that 'key_type_len' may be used uninitialized + - configure: Display individual crypto backends on separate lines + - Examples on Windows: Check for WSAStartup return code + - Examples on Windows: Check for socket return code + - agent.c: Check return code of MapViewOfFile + - kex.c: Fix possible NULL pointer de-reference with session->kex + - packet.c: Fix possible NULL pointer de-reference within listen_state + - Tests on Windows: Check for WSAStartup return code + - userauth.c: Improve readability and clarity of for-loops + - Examples on Windows: Use native SOCKET-type instead of int + - packet.c: i < 256 was always true and i would overflow to 0 + - kex.c: Make sure mlist is not set to NULL + - session.c: Check return value of session_nonblock in debug mode + - session.c: Check return value of session_nonblock during startup + - userauth.c: Make sure that sp_len is positive and avoid overflows + - knownhost.c: Fix use of uninitialized argument variable wrote + - openssl: Initialise the digest context before calling EVP_DigestInit() + - libssh2_agent_init: Init ->fd to LIBSSH2_INVALID_SOCKET + - configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib + - configure.ac: Rework crypto library detection + - configure.ac: Reorder --with-* options in --help output + - configure.ac: Call zlib zlib and not libz in text but keep option names + - Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro + - sftp: seek: Don't flush buffers on same offset + - sftp: statvfs: Along error path, reset the correct 'state' variable + - sftp: Add support for fsync (OpenSSH extension) + - _libssh2_channel_read: Fix data drop when out of window + - comp_method_zlib_decomp: Improve buffer growing algorithm + - _libssh2_channel_read: Honour window_size_initial + - window_size: Redid window handling for flow control reasons + - knownhosts: Handle unknown key types + +* Fri Oct 10 2014 Paul Howarth - 1.4.3-16.0.cf +- Prevent a not-connected agent from closing STDIN (#1147717) + +* Sun Aug 17 2014 Paul Howarth - 1.4.3-15.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jul 19 2014 Paul Howarth - 1.4.3-14.0.cf +- Use %%license where possible + +* Sun Jun 8 2014 Paul Howarth - 1.4.3-13.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed Apr 30 2014 Paul Howarth - 1.4.3-12.0.cf +- Fix curl's excessive memory consumption during scp download +- BR: hostname package rather than /bin/hostname from F-21 as the latter is no + longer provided in rawhide +- Drop %%defattr, redundant since rpm 4.4 + +* Mon Feb 17 2014 Paul Howarth - 1.4.3-11.0.cf +- Skip the manpage syntax check on ppc* and aarch64 as there are wierd locale + issues in their buildroots + +* Wed Aug 14 2013 Paul Howarth - 1.4.3-8.0.cf +- Fix very slow sftp upload to localhost +- Fix a use after free in channel.c + +* Sat Aug 3 2013 Paul Howarth - 1.4.3-7.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Apr 9 2013 Paul Howarth - 1.4.3-6.0.cf +- Add three patches from upstream git required for qemu ssh block driver + +* Wed Apr 3 2013 Paul Howarth - 1.4.3-4.0.cf +- Avoid polluting libssh2.pc with linker options (#947813) + +* Tue Mar 26 2013 Paul Howarth - 1.4.3-3.0.cf +- Avoid collisions between 32-bit and 64-bit builds running on a single + build-host + +* Thu Feb 14 2013 Paul Howarth - 1.4.3-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 28 2012 Paul Howarth - 1.4.3-1.0.cf +- Update to 1.4.3 + - compression: add support for zlib@openssh.com + - sftp_read: return error if a too large package arrives + - libssh2_hostkey_hash.3: update the description of return value + - Fixed MSVC NMakefile + - examples: use stderr for messages, stdout for data + - openssl: do not leak memory when handling errors + - improved handling of disabled MD5 algorithm in OpenSSL + - known_hosts: Fail when parsing unknown keys in known_hosts file + - configure: gcrypt doesn't come with pkg-config support + - session_free: wrong variable used for keeping state + - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL + - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating +- Drop upstreamed patches + +* Wed Nov 7 2012 Paul Howarth - 1.4.2-4.0.cf +- examples: use stderr for messages, stdout for data (upstream commit b31e35ab) +- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) + +* Mon Oct 1 2012 Paul Howarth - 1.4.2-3.0.cf +- Fix basic functionality of libssh2 in FIPS mode + +* Thu Jul 19 2012 Paul Howarth - 1.4.2-2.0.cf +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun May 20 2012 Paul Howarth - 1.4.2-1.0.cf +- Update to 1.4.2 + - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner + - userauth.c: fread() from public key file to correctly detect any errors + - configure.ac: add option to disable build of the example applications + - added 'Requires.private:' line to libssh2.pc + - SFTP: filter off incoming "zombie" responses + - gettimeofday: no need for a replacement under cygwin + - SSH_MSG_CHANNEL_REQUEST: default to want_reply + - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB + +* Fri Apr 27 2012 Paul Howarth - 1.4.1-2.0.cf +- Fix multi-arch conflict again (#816969) + +* Thu Apr 5 2012 Paul Howarth - 1.4.1-1.0.cf +- Update to 1.4.1 + - Build error with gcrypt backend + - Always do "forced" window updates to avoid corner case stalls + - aes: the init function fails when OpenSSL has AES support + - transport_send: finish in-progress key exchange before sending data + - channel_write: acknowledge transport errors + - examples/x11.c: make sure sizeof passed to read operation is correct + - examples/x11.c: fix suspicious sizeof usage + - sftp_packet_add: verify the packet before accepting it + - SFTP: preserve the original error code more + - sftp_packet_read: adjust window size as necessary + - Use safer snprintf rather then sprintf in several places + - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET + - sftp_write: cannot return acked data *and* EAGAIN + - sftp_read: avoid data *and* EAGAIN + - libssh2.h: add missing prototype for libssh2_session_banner_set() +- Drop upstream patches now included in release tarball + +* Mon Mar 19 2012 Paul Howarth - 1.4.0-4.0.cf +- Don't ignore transport errors when writing to channel (#804150) + +* Sun Mar 18 2012 Paul Howarth - 1.4.0-3.0.cf +- Don't try to use openssl's AES-CTR functions + (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml) + +* Fri Mar 16 2012 Paul Howarth - 1.4.0-2.0.cf +- Fix libssh2 failing key re-exchange when write channel is saturated (#804156) +- Drop support for distributions prior to FC-3: + - BR: openssh-server unconditionally + +* Wed Feb 1 2012 Paul Howarth - 1.4.0-1.0.cf +- Update to 1.4.0 + - Added libssh2_session_supported_algs() + - Added libssh2_session_banner_get() + - Added libssh2_sftp_get_channel() + - libssh2.h: bump the default window size to 256K + - sftp-seek: clear EOF flag + - userauth: provide more informations if ssh pub key extraction fails + - ssh2_exec: skip error outputs for EAGAIN + - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 + - knownhost_check(): don't dereference ext if NULL is passed + - knownhost_add: avoid dereferencing uninitialized memory on error path + - OpenSSL EVP: fix threaded use of structs + - _libssh2_channel_read: react on errors from receive_window_adjust + - sftp_read: cap the read ahead maximum amount + - _libssh2_channel_read: fix non-blocking window adjusting +- Add upstream patch fixing undefined function reference in libgcrypt backend +- BR: /usr/bin/man for test suite + +* Mon Jan 16 2012 Paul Howarth - 1.3.0-4.0.cf +- Skip the ssh test on sparc and arm buildsystems, where it tends to fail + +* Fri Jan 13 2012 Paul Howarth - 1.3.0-3.0.cf +- Example includes arch-specific bits, so move to devel package + +* Wed Sep 7 2011 Paul Howarth - 1.3.0-1.0.cf +- Update to 1.3.0 + - Added custom callbacks for performing low level socket I/O + - sftp_read: advance offset correctly for buffered copies + - libssh2_sftp_seek64: flush packetlist and buffered data + - _libssh2_packet_add: adjust window size when truncating + - sftp_read: a short read is not end of file + +* Tue Aug 16 2011 Paul Howarth - 1.2.9-1.0.cf +- Update to 1.2.9 + - Added libssh2_session_set_timeout() and libssh2_session_get_timeout() to + make blocking calls get a timeout + - configure and pkg-config: fix $VERSION + - s/\.NF/.nf/ to fix wrong macro name caught by man --warnings + - keepalive: add first basic man pages + - sftp_write: flush the packetlist on error + - sftp_write: clean offsets on error + - msvcproj: added libs and debug stuff + - SCP: fix incorrect error code + - session_startup: init state properly + - sftp_write_sliding: send the complete file + - userauth_keyboard_interactive: skip code on zero length auth + - _libssh2_wait_socket: fix timeouts for poll() uses + - agent_list_identities: fix out of scope access + - _libssh2_recv(): handle ENOENT error as EAGAIN + - userauth_keyboard_interactive: fix buffer overflow + - removed man pages for non-existing functions! + - gettimeofday: fix name space pollution + - _libssh2_channel_write: handle window_size == 0 better +- Drop upstreamed version patch +- Use patch rather than scripted iconv to fix character encoding +- Fix dist tag for CentOS 6 and Scientific Linux + +* Wed Apr 6 2011 Paul Howarth - 1.2.8-1.0.cf +- Update to 1.2.8 + - Added libssh2_free, libssh2_channel_get_exit_signal and + libssh2_session_handshake + - SFTP read/write remade and now MUCH faster, especially on high latency + connections + - Added new examples: ssh2_echo.c, sftp_append.c and sftp_write_sliding.c + - userauth: derive publickey from private + - Support unlimited number of host names in a single line of the + known_hosts file + - Fix memory leak in userauth_keyboard_interactive() + - Fix memory leaks (two times cipher_data) for each sftp session + - session_startup: manage server data before server identification + - SCP: allow file names with bytes > 126 + - scp_recv: improved treatment of channel_read() returning zero + - libssh2_userauth_authenticated: make it work as documented + - variable size cleanup: match internal variable sizes better with the sizes + of the fields used on the wire + - channel_request_pty_size: fix reqPTY_state + - sftp_symlink: return error if receive buffer too small + - sftp_readdir: return error if buffer is too small + - libssh2_knownhost_readfile.3: clarify return value + - configure: stop using the deprecated AM_INIT_AUTOMAKE syntax + - Fixed Win32 makefile which was now broken at resource build + - kex_agree_hostkey: fix NULL pointer derefence + - _libssh2_ntohu64: fix conversion from network bytes to uint64 + - ssize_t: proper typedef with MSVC compilers + - zlib: Add debug tracing of zlib errors + - decomp: increase decompression buffer sizes +- Skip the SSH test if we don't have /dev/tty (#672713) +- Nobody else likes macros for commands + +* Wed Oct 13 2010 Paul Howarth - 1.2.7-1.1.cf +- Improve support for running tests with SELinux in enforcing mode +- Avoid multilib conflict on libssh2-docs + +* Wed Aug 18 2010 Paul Howarth - 1.2.7-1.0.cf +- Update to 1.2.7 + - Better handling of invalid key files + - inputchecks: make lots of API functions check for NULL pointers + - libssh2_session_callback_set: extended the man page + - SFTP: limit write() to not produce overly large packets + - agent: make libssh2_agent_userauth() work blocking properly + - _libssh2_userauth_publickey: reject method names longer than the data + - channel_free: ignore problems with channel_close() + - typedef: make ssize_t get typedef without LIBSSH2_WIN32 + - _libssh2_wait_socket: poll needs milliseconds + - libssh2_wait_socket: reset error code to "leak" EAGAIN less + - Added include for sys/select.h to get fd.set on some platforms + - session_free: free more data to avoid memory leaks + - openssl: make use of the EVP interface + - Make libssh2_debug() create a correctly terminated string + - userauth_hostbased_fromfile: packet length too short + - handshake: Compression enabled at the wrong time + - Don't overflow MD5 server hostkey + +* Thu Jun 10 2010 Paul Howarth - 1.2.6-1.0.cf +- Update to 1.2.6 + - Added libssh2_sftp_statvfs() and libssh2_sftp_fstatvfs() + - Added libssh2_knownhost_checkp() + - Added libssh2_scp_send64() + - wait_socket made c89 compliant and use two fd_sets for select() + - OpenSSL AES-128-CTR detection fixed + - Proper keyboard-interactive user dialog in the sftp.c example + - Fixed Build procedure for VMS + - Fixed libssh2.dsw to use the generated libssh2.dsp + - Several Windows-related build fixes + - Fixed fail to init SFTP if session isn't already authenticated + - Many tiny fixes that address clang-analyzer warnings + - sftp_open: deal with short channel_write calls + - libssh2_publickey_init: fixed to work better non-blocking + - sftp_close_handle: add precation to not access NULL pointer + - sftp_readdir: simplified and bugfixed + - channel_write: if data has been sent, don't return EAGAIN +- Drop upstreamed AES-CTR detection patch + +* Tue Jun 8 2010 Paul Howarth - 1.2.5-3.1.cf +- RHEL-6 has noarch subpackages, so use one for docs + +* Tue May 25 2010 Paul Howarth - 1.2.5-3.0.cf +- Fix dist tag for RHEL-6 Beta + +* Wed Apr 28 2010 Paul Howarth - 1.2.5-2.0.cf +- Add buildreq openssh-server to enable additional test coverage +- Make sshd transition appropriately if building in an SELinux environment + (a mock buildroot is not such an environment) +- Add buildreq /usr/sbin/matchpathcon to get appropriate SELinux context + +* Wed Apr 14 2010 Paul Howarth - 1.2.5-1.0.cf +- Update to 1.2.5 + - Add keep-alive support: libssh2_keepalive_config()/libssh2_keepalive_send() + - Add libssh2_knownhost_addc(), libssh2_init() and libssh2_exit() + - Add LIBSSH2_SFTP_S_IS***() macros + - Fix memory leak in libssh2_session_startup() + - Add missing error codes - shown as hangs in blocking mode + - Fix memory leak in userauth_keyboard_interactive() + - libssh2_knownhost_del: fix write to freed memory + - Send and receive channel EOF before sending SSH_MSG_CHANNEL_CLOSE + - Use AES-CTR from OpenSSL when available + - Fixed gettimeofday to compile with Visual C++ 6 + - NULL dereference when window adjusting a non-existing channel + - Avoid using poll on interix and mac os x systems + - Fix scp memory leak + - Correctly clear blocking flag after sending multipart packet + - Reduce used window sizes by factor 10 + - libssh2_userauth_publickey_fromfile_ex() handles a NULL password + - sftp_init() deal with _libssh2_channel_write() short returns +- Add patch to fix AES-CTR detection +- Add buildreq /bin/hostname for build host detection + +* Mon Feb 15 2010 Paul Howarth - 1.2.4-1.0.cf +- Update to 1.2.4 + - Resolve compile issues on Solaris x64 and UltraSPARC + - Allow compiling with OpenSSL when AES isn't available + - Fix Tru64 socklen_t compile issue with example/direct_tcpip.c + +* Wed Feb 3 2010 Paul Howarth - 1.2.3-1.0.cf +- Update to 1.2.3 + - Add libssh2_trace_sethandler() + - Add the direct_tcpip.c example + - Fix memory leak in userauth_publickey + - Add support for authentication via SSH-Agent + - Fix OpenSSH server keepalive (see NEWS) +- Drop padding patch + +* Fri Jan 22 2010 Paul Howarth - 1.2.2-5.0.cf +- Rename padding patch as per Fedora package +- sshd tests intentionally avoided (by not having openssh-server buildreq) + because they appear to hang in the buildsystem + +* Thu Dec 24 2009 Paul Howarth - 1.2.2-2.0.cf +- Fix padding in ssh-dss signature blob encoding (#539444) + +* Tue Nov 17 2009 Paul Howarth - 1.2.2-1.0.cf +- Update to 1.2.2 + - fix crash when server sends an invalid SSH_MSG_IGNORE message + - support for aes128-ctr, aes192-ctr, aes256-ctr ciphers as per RFC 4344 + - support for arcfour128 cipher as per RFC 4345 +- Dist tag for Rawhide no longer needs special-casing +- Make docs package noarch where possible + +* Wed Sep 30 2009 Paul Howarth - 1.2.1-1.0.cf +- Update to 1.2.1 (many bugfixes - see NEWS) +- Drop upstreamed transport layer patch +- Devel package now includes a pkgconfig file (and requires pkgconfig) +- Don't redundantly include COPYING in docs and devel packages + +* Wed Sep 23 2009 Paul Howarth - 1.2-2.0.cf +- Update to 1.2 (see RELEASE-NOTES for details) +- Upstream source moved to libssh2.org +- Add upstream patch to fix transport layer bug causing invalid -39 + (LIBSSH2_ERROR_BAD_USE) errors + +* Thu Apr 2 2009 Paul Howarth - 1.1-1.0.cf +- Update to 1.1 (fixes memory leak and boosts sftp performance) + +* Mon Jan 26 2009 Paul Howarth - 1.0-1.0.cf +- Update to 1.0 +- Help the configure script find openssl by setting CPPFLAGS + +* Fri Aug 1 2008 Paul Howarth - 0.18-9.0.cf +- Tweak dist tag macros to work on current Rawhide with three-part releasenum + +* Fri Jul 4 2008 Paul Howarth - 0.18-7.0.cf +- Import from Fedora +- Fix find syntax +- Add buildreq pkgconfig, missing dep from openssl-devel in older distributions + +* Mon Feb 18 2008 Fedora Release Engineering - 0.18-7 +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Chris Weyl 0.18-6 +- rebuild for new openssl... + +* Tue Nov 27 2007 Chris Weyl 0.18-5 +- bump + +* Tue Nov 27 2007 Chris Weyl 0.18-4 +- add INSTALL arg to make install vs env. var + +* Mon Nov 26 2007 Chris Weyl 0.18-3 +- run tests; don't package test + +* Sun Nov 18 2007 Chris Weyl 0.18-2 +- split docs into -docs (they seemed... large.) + +* Tue Nov 13 2007 Chris Weyl 0.18-1 +- update to 0.18 + +* Sun Oct 14 2007 Chris Weyl 0.17-1 +- update to 0.17 +- many spec file changes + +* Wed May 23 2007 Sindre Pedersen Bjørdal - 0.15-0.2.20070506 +- Fix release tag +- Move manpages to -devel package +- Add Examples dir to -devel package + +* Sun May 06 2007 Sindre Pedersen Bjørdal - 0.15-0.20070506.1 +- Initial build -- cgit