# remirepo spec file for remi-libssh2 # renamed for parallel installation, from: # # Fedora spec file for libssh2 # # License: MIT # http://opensource.org/licenses/MIT # # Please preserve changelog entries # %global projname libssh2 %if 0%{?vendeur:1} && 0%{?fedora} < 35 && 0%{?rhel} < 9 %global move_to_opt 1 %global _prefix /opt/%{vendeur}/%{projname} %global __arch_install_post /bin/true Name: %{vendeur}-%{projname} %else %global move_to_opt 0 Name: %{projname} %endif Version: 1.10.0 Release: 1%{?dist} Summary: A library implementing the SSH2 protocol License: BSD URL: https://www.libssh2.org/ Source0: https://libssh2.org/download/libssh2-%{version}.tar.gz BuildRequires: coreutils BuildRequires: findutils BuildRequires: gcc BuildRequires: make BuildRequires: openssl-devel BuildRequires: sed BuildRequires: zlib-devel BuildRequires: /usr/bin/man # Test suite requirements # Full groff (not just groff-base) needed for the mansyntax check BuildRequires: groff # We run the OpenSSH server and try to connect to it BuildRequires: openssh-server # Need a valid locale to run the mansyntax check %if 0%{?fedora} > 23 || 0%{?rhel} > 7 BuildRequires: glibc-langpack-en %endif %description libssh2 is a library implementing the SSH2 protocol as defined by Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, SECSH-DHGEX(04), and SECSH-NUMBERS(10). %package devel Summary: Development files for libssh2 Requires: %{name}%{?_isa} = %{version}-%{release} Requires: pkgconfig %description devel The libssh2-devel package contains libraries and header files for developing applications that use libssh2. %package docs Summary: Documentation for libssh2 Requires: %{name} = %{version}-%{release} BuildArch: noarch %description docs The libssh2-docs package contains man pages and examples for developing applications that use libssh2. %if %{move_to_opt} # Filter in the /opt installation %{?filter_from_provides: %filter_from_provides /libssh2/d} %{?filter_from_requires: %filter_from_requires /libssh2/d} %{?filter_setup} %endif %prep %setup -q -n %{projname}-%{version} # Replace hard wired port number in the test suite to avoid collisions # between 32-bit and 64-bit builds running on a single build-host sed -i s/4711/47%{__isa_bits}/ tests/ssh2.{c,sh} %build %configure --disable-silent-rules --disable-static --enable-shared make %{?_smp_mflags} %install make install DESTDIR=%{buildroot} INSTALL="install -p" find %{buildroot} -name '*.la' -delete # clean things up a bit for packaging make -C example clean rm -rf example/.deps find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -delete # avoid multilib conflict on libssh2-devel mv -v example example.%{_arch} %check echo "Running tests for %{_arch}" # The SSH test will fail if we don't have /dev/tty, as is the case in some # versions of mock (#672713) if [ ! -c /dev/tty ]; then echo Skipping SSH test due to missing /dev/tty echo "exit 0" > tests/ssh2.sh fi # Apparently it fails in the sparc and arm buildsystems too %ifarch %{sparc} %{arm} echo Skipping SSH test on sparc/arm echo "exit 0" > tests/ssh2.sh %endif # mansyntax check fails on PPC* and aarch64 with some strange locale error %ifarch ppc %{power64} aarch64 echo "Skipping mansyntax test on PPC* and aarch64" echo "exit 0" > tests/mansyntax.sh %endif LC_ALL=en_US.UTF-8 make -C tests check %if 0%{?fedora} < 28 && 0%{?rhel} < 8 %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %endif %files %{!?_licensedir:%global license %%doc} %license COPYING %doc docs/AUTHORS README RELEASE-NOTES %if %{move_to_opt} %dir %{_libdir} %dir %{_prefix} %dir %{_datadir} %ghost %{_datadir}/doc %ghost %{_docdir} %{?_licensedir:%ghost %{_datadir}/licenses} %{?_licensedir:%ghost %{_licensedir}} %endif %{_libdir}/libssh2.so.1 %{_libdir}/libssh2.so.1.* %files docs %doc docs/BINDINGS docs/HACKING docs/TODO NEWS %if %{move_to_opt} %dir %{_mandir} %dir %{_mandir}/man3 %endif %{_mandir}/man3/libssh2_*.3* %files devel %doc example.%{_arch}/ %if %{move_to_opt} %dir %{_includedir} %dir %{_libdir}/pkgconfig/ %endif %{_includedir}/libssh2.h %{_includedir}/libssh2_publickey.h %{_includedir}/libssh2_sftp.h %{_libdir}/libssh2.so %{_libdir}/pkgconfig/libssh2.pc %changelog * Sun Jun 26 2022 Remi Collet - 1.10.0-1 - rename to remi-libssh2 for EL-7 and EL-8 - update to 1.10.0 * Tue Mar 2 2021 Remi Collet - 1.8.0-0 - rebuild with lower release for amazon * Wed Oct 30 2019 Kamil Dudka - 1.8.0-4 - fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498) * Wed Mar 20 2019 Kamil Dudka 1.8.0-3 - sanitize public header file (detected by rpmdiff) * Tue Mar 19 2019 Kamil Dudka 1.8.0-2 - fix integer overflow in keyboard interactive handling that allows out-of-bounds writes (CVE-2019-3863) - fix out-of-bounds memory comparison with specially crafted message channel request (CVE-2019-3862) - fix out-of-bounds reads with specially crafted SSH packets (CVE-2019-3861) - fix zero-byte allocation in SFTP packet processing resulting in out-of-bounds read (CVE-2019-3858) - fix integer overflow in SSH packet processing channel resulting in out of bounds write (CVE-2019-3857) - fix integer overflow in keyboard interactive handling resulting in out of bounds write (CVE-2019-3856) - fix integer overflow in transport read resulting in out of bounds write (CVE-2019-3855) * Wed Nov 21 2018 Kamil Dudka 1.8.0-1 - rebase to 1.8.0 (#1592784) * Tue Sep 26 2017 Kamil Dudka 1.4.3-12 - session: avoid printing misleading debug messages (#1503294) - scp: send valid commands for remote execution (#1489733) * Fri Feb 19 2016 Kamil Dudka 1.4.3-11 - use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787) * Mon Jun 01 2015 Kamil Dudka 1.4.3-10 - check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782) * Tue May 05 2015 Kamil Dudka 1.4.3-9 - curl consumes too much memory during scp download (#1080459) - prevent a not-connected agent from closing STDIN (#1147717) * Fri Jan 24 2014 Daniel Mach - 1.4.3-8 - Mass rebuild 2014-01-24 * Fri Dec 27 2013 Daniel Mach - 1.4.3-7 - Mass rebuild 2013-12-27 * Wed Aug 14 2013 Kamil Dudka 1.4.3-6 - fix very slow sftp upload to localhost - fix a use after free in channel.c * Tue Apr 9 2013 Richard W.M. Jones 1.4.3-5 - Add three patches from upstream git required for qemu ssh block driver. * Wed Apr 3 2013 Paul Howarth 1.4.3-4 - Avoid polluting libssh2.pc with linker options (#947813) * Tue Mar 26 2013 Kamil Dudka 1.4.3-3 - Avoid collisions between 32-bit and 64-bit builds running on a single build host * Thu Feb 14 2013 Fedora Release Engineering - 1.4.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Wed Nov 28 2012 Paul Howarth 1.4.3-1 - Update to 1.4.3 - compression: add support for zlib@openssh.com - sftp_read: return error if a too large package arrives - libssh2_hostkey_hash.3: update the description of return value - Fixed MSVC NMakefile - examples: use stderr for messages, stdout for data - openssl: do not leak memory when handling errors - improved handling of disabled MD5 algorithm in OpenSSL - known_hosts: Fail when parsing unknown keys in known_hosts file - configure: gcrypt doesn't come with pkg-config support - session_free: wrong variable used for keeping state - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating - Drop upstreamed patches * Wed Nov 07 2012 Kamil Dudka 1.4.2-4 - examples: use stderr for messages, stdout for data (upstream commit b31e35ab) - Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) * Wed Sep 26 2012 Kamil Dudka 1.4.2-3 - Fix basic functionality of libssh2 in FIPS mode - Skip SELinux-related quirks on recent distros to prevent a test-suite failure * Thu Jul 19 2012 Fedora Release Engineering - 1.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sun May 20 2012 Paul Howarth 1.4.2-1 - Update to 1.4.2 - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner - userauth.c: fread() from public key file to correctly detect any errors - configure.ac: add option to disable build of the example applications - added 'Requires.private:' line to libssh2.pc - SFTP: filter off incoming "zombie" responses - gettimeofday: no need for a replacement under cygwin - SSH_MSG_CHANNEL_REQUEST: default to want_reply - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB * Fri Apr 27 2012 Paul Howarth 1.4.1-2 - Fix multi-arch conflict again (#816969) * Thu Apr 5 2012 Paul Howarth 1.4.1-1 - Update to 1.4.1 - Build error with gcrypt backend - Always do "forced" window updates to avoid corner case stalls - aes: the init function fails when OpenSSL has AES support - transport_send: finish in-progress key exchange before sending data - channel_write: acknowledge transport errors - examples/x11.c: make sure sizeof passed to read operation is correct - examples/x11.c: fix suspicious sizeof usage - sftp_packet_add: verify the packet before accepting it - SFTP: preserve the original error code more - sftp_packet_read: adjust window size as necessary - Use safer snprintf rather then sprintf in several places - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET - sftp_write: cannot return acked data *and* EAGAIN - sftp_read: avoid data *and* EAGAIN - libssh2.h: add missing prototype for libssh2_session_banner_set() - Drop upstream patches now included in release tarball * Mon Mar 19 2012 Kamil Dudka 1.4.0-4 - Don't ignore transport errors when writing to channel (#804150) * Sun Mar 18 2012 Paul Howarth 1.4.0-3 - Don't try to use openssl's AES-CTR functions (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml) * Fri Mar 16 2012 Paul Howarth 1.4.0-2 - fix libssh2 failing key re-exchange when write channel is saturated (#804156) - drop %%defattr, redundant since rpm 4.4 * Wed Feb 1 2012 Paul Howarth 1.4.0-1 - update to 1.4.0 - added libssh2_session_supported_algs() - added libssh2_session_banner_get() - added libssh2_sftp_get_channel() - libssh2.h: bump the default window size to 256K - sftp-seek: clear EOF flag - userauth: provide more informations if ssh pub key extraction fails - ssh2_exec: skip error outputs for EAGAIN - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 - knownhost_check(): don't dereference ext if NULL is passed - knownhost_add: avoid dereferencing uninitialized memory on error path - OpenSSL EVP: fix threaded use of structs - _libssh2_channel_read: react on errors from receive_window_adjust - sftp_read: cap the read ahead maximum amount - _libssh2_channel_read: fix non-blocking window adjusting - add upstream patch fixing undefined function reference in libgcrypt backend - BR: /usr/bin/man for test suite * Sun Jan 15 2012 Peter Robinson 1.3.0-4 - skip the ssh test on ARM too * Fri Jan 13 2012 Paul Howarth 1.3.0-3 - make docs package noarch where possible - example includes arch-specific bits, so move to devel package - use patch rather than scripted iconv to fix character encoding - don't make assumptions about SELinux context types used for the ssh server in the test suite - skip the ssh test if /dev/tty isn't present, as in some versions of mock - make the %%files list more explicit - use tabs for indentation * Fri Jan 13 2012 Fedora Release Engineering 1.3.0-2 - rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Sep 08 2011 Kamil Dudka 1.3.0-1 - update to 1.3.0 * Sat Jun 25 2011 Dennis Gilmore 1.2.7-2 - sshd/loopback test fails in the sparc buildsystem * Tue Oct 12 2010 Kamil Dudka 1.2.7-1 - update to 1.2.7 (#632916) - avoid multilib conflict on libssh2-docs - avoid build failure in mock with SELinux in the enforcing mode (#558964) * Fri Mar 12 2010 Chris Weyl 1.2.4-1 - update to 1.2.4 - drop old patch0 - be more aggressive about keeping .deps from intruding into -docs * Wed Jan 20 2010 Chris Weyl 1.2.2-5 - pkgconfig dep should be with -devel, not -docs * Mon Jan 18 2010 Chris Weyl 1.2.2-4 - enable tests; conditionalize sshd test, which fails with a funky SElinux error when run locally * Mon Jan 18 2010 Chris Weyl 1.2.2-3 - patch w/1aba38cd7d2658146675ce1737e5090f879f306; not yet in a GA release * Thu Jan 14 2010 Chris Weyl 1.2.2-2 - correct bad file entry under -devel * Thu Jan 14 2010 Chris Weyl 1.2.2-1 - update to 1.2.2 - drop old patch now in upstream - add new pkgconfig file to -devel * Mon Sep 21 2009 Chris Weyl 1.2-2 - patch based on 683aa0f6b52fb1014873c961709102b5006372fc - disable tests (*sigh*) * Tue Aug 25 2009 Chris Weyl 1.2-1 - update to 1.2 * Fri Aug 21 2009 Tomas Mraz - 1.0-4 - rebuilt with new openssl * Sat Jul 25 2009 Fedora Release Engineering - 1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Wed Feb 25 2009 Fedora Release Engineering - 1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Mon Feb 16 2009 Chris Weyl 1.0-1 - update to 1.0 * Sat Jan 17 2009 Tomas Mraz - 0.18-8 - rebuild with new openssl * Mon Feb 18 2008 Fedora Release Engineering - 0.18-7 - Autorebuild for GCC 4.3 * Wed Dec 05 2007 Chris Weyl 0.18-6 - rebuild for new openssl... * Tue Nov 27 2007 Chris Weyl 0.18-5 - bump * Tue Nov 27 2007 Chris Weyl 0.18-4 - add INSTALL arg to make install vs env. var * Mon Nov 26 2007 Chris Weyl 0.18-3 - run tests; don't package test * Sun Nov 18 2007 Chris Weyl 0.18-2 - split docs into -docs (they seemed... large.) * Tue Nov 13 2007 Chris Weyl 0.18-1 - update to 0.18 * Sun Oct 14 2007 Chris Weyl 0.17-1 - update to 0.17 - many spec file changes * Wed May 23 2007 Sindre Pedersen Bjørdal - 0.15-0.2.20070506 - Fix release tag - Move manpages to -devel package - Add Examples dir to -devel package * Sun May 06 2007 Sindre Pedersen Bjørdal - 0.15-0.20070506.1 - Initial build