libssh/libssh.spec

Name:           libssh
Version:        0.10.4
Release:        4
Summary:        A library implementing the SSH protocol
License:        LGPLv2+
URL:            http://www.libssh.org

Source0:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz
Source1:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring

Patch0:         backport-config-Escape-brackets-in-ProxyCommand-build-from.patch
Patch1:         backport-packet-do-not-enqueue-outgoing-packets-after-sending.patch
Patch2:         backport-examples-Fix-build-issue-with-new-clang-15.patch
Patch3:         backport-0001-CVE-2023-1667-packet_cb-Log-more-verbose-error-if-si.patch
Patch4:         backport-0002-CVE-2023-1667-packet-Do-not-allow-servers-to-initiat.patch
Patch5:         backport-0003-CVE-2023-1667-kex-Remove-needless-function-argument.patch
Patch6:         backport-0004-CVE-2023-1667-kex-Factor-out-the-kex-mapping-to-inte.patch
Patch7:         backport-0005-CVE-2023-1667-dh-Expose-the-callback-cleanup-functio.patch
Patch8:         backport-0006-CVE-2023-1667-kex-Correctly-handle-last-fields-of-KE.patch
Patch9:         backport-0007-CVE-2023-1667-kex-Add-support-for-sending-first_kex_.patch
Patch10:        backport-0008-CVE-2023-1667-tests-Client-coverage-for-key-exchange.patch
Patch11:        backport-0009-CVE-2023-1667-tests-Send-a-bit-more-to-make-sure-rek.patch
Patch12:        backport-0001-CVE-2023-2283-pki_crypto-Fix-possible-authentication.patch
Patch13:        backport-0002-CVE-2023-2283-pki_crypto-Remove-unnecessary-NUL.patch

BuildRequires:  cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
BuildRequires:  krb5-devel libcmocka-devel openssh-clients openssh-server
BuildRequires:  nmap-ncat

Recommends:     crypto-policies

Provides: libssh_threads.so.4()(64bit)

%description
The ssh library was designed to be used by programmers needing a working SSH
implementation by the mean of a library. The complete control of the client is
made by the programmer. With libssh, you can remotely execute programs, transfer
files, use a secure and transparent tunnel for your remote programs. With its
Secure FTP implementation, you can play with remote files easily, without
third-party programs others than libcrypto (from openssl).

%package devel
Summary:        Development files for %{name}
Requires:       %{name}%{?_isa} = %{version}-%{release}

%description devel
The %{name}-devel package contains libraries and header files for developing
applications that use %{name}.

%package_help

%prep
gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}
%autosetup -p1

%build
if test ! -e "obj"; then
  mkdir obj
fi
pushd obj

%cmake .. \
    -DUNIT_TESTING=ON \

%make_build VERBOSE=1

popd

%install
make DESTDIR=%{buildroot} install/fast -C obj
install -d -m755 %{buildroot}%{_sysconfdir}/libssh

pushd %{buildroot}%{_libdir}
for i in libssh.so*;
do
    _target="${i}"
    _link_name="${i%libssh*}libssh_threads${i##*libssh}"
    if [ -L "${i}" ]; then
        _target="$(readlink ${i})"
    fi
    ln -s "${_target}" "${_link_name}"
done;
popd

%ldconfig_scriptlets

%check
pushd obj
ctest --output-on-failure
popd

%files
%defattr(-,root,root)
%doc AUTHORS BSD
%license COPYING
%{_libdir}/*.so.4*

%files devel
%defattr(-,root,root)
%{_includedir}/libssh/
%{_libdir}/cmake/libssh/
%{_libdir}/pkgconfig/libssh.pc
%{_libdir}/*.so

%files help
%defattr(-,root,root)
%doc CHANGELOG README

%changelog
* Wed May 24 2023 renmingshuai <renmingshuai@huawei.com> - 0.10.4-4
- Type:CVE
- Id:CVE-2023-1667,CVE-2023-2283
- SUG:NA
- DESC:fix CVE-2023-1667 and CVE-2023-2283

* Mon Apr 3 2023 Chenxi Mao <chenxi.mao@suse.com> - 0.10.4-3
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:Backport patches to fix build error if compiler switch to clang.

* Sat Mar 18 2023 renmingshuai <renmingshuai@huawei.com> - 0.10.4-2
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:config: Escape brackets in ProxyCommand build from ProxyJump
       packet: do not enqueue outgoing packets after sending

* Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.10.4-1
- Type:requirement
- Id:NA
- SUG:NA
- DESC:update to 0.10.4

* Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.9.6-5
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:avoid false positive report from Coveritt CID 1470006
       kdf: Avoid endianess issues
       misc: Fix format truncation in ssh_path_expand_escape()
       misc: Fix expanding port numbers
       misc: rename gettimeofday symbol
       session: Initialize the port with the standard port (22)
       session->socket_callbacks.data will be set to ssh_packet_socket_callback
       socket: Add error message if execv fails
       tests: Add test for expanding port numbers

* Thu Oct 13 2022 xinghe <xinghe2@h-partners.com> - 0.9.6-4
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:options: Parse hostname by last '@'
       torture_options: Add test for '@' in login name
       session: Initialize pointers
       tests: Ensure the mode of the created file is what we set

* Fri Sep 02 2022 gaihuiying <eaglegai@163.com> - 0.9.6-3
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:backport upstream patches

* Wed Mar 16 2022 xihaochen <xihaochen@h-partners.com> - 0.9.6-2
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:remove obsolete lib

* Fri Dec 03 2021 gaihuiying <gaihuiying1@huawei.com> - 0.9.6-1
- Type:requirement
- Id:NA
- SUG:NA
- DESC:update libssh to 0.9.6

* Mon Sep 13 2021 heyaohua<heyaohua1@huawei.com> - 0.9.5-2
- Type:CVE
- Id:CVE-2021-3634
- SUG:NA
- DESC:fix CVE-2021-3634

* Fri Jan 29 2021 xihaochen <xihaochen@huawei.com> - 0.9.5-1
- Type:requirements                                                                                                                                            
- Id:NA
- SUG:NA
- DESC:update libssh to 0.9.5

* Thu Aug 6 2020 zhaowei <zhaowei23@huawei.com> - 0.9.4-2
- Type:CVE
- Id:CVE-2020-16135
- SUG:NA
- DESC:fix CVE-2020-16135

* Mon Apr 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.9.4-1
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:update to 0.9.4

* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-7
- Type:bugfix
- Id:NA
- SUG:NA
- DESC:bugfix in build process

* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-6
- Type:bugfix
- Id:NA
- SUG:NA
- DESC: fixes cves

* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-5
- Type:bugfix
- Id:NA
- SUG:NA
- DESC: fixes the oss fuzz bug

* Thu Sep 12 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-4
- Package init
Package init 2019-09-30 10:58:15 -04:00			`Name: libssh`
update to 0.10.4 2023-02-03 10:08:02 +08:00			`Version: 0.10.4`
fix CVE-2023-1667 and CVE-2023-2283 2023-05-24 12:13:09 +08:00			`Release: 4`
Package init 2019-09-30 10:58:15 -04:00			`Summary: A library implementing the SSH protocol`
			`License: LGPLv2+`
upgrade to 0.9.4 2020-07-27 17:48:00 +08:00			`URL: http://www.libssh.org`

			`Source0: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz`
			`Source1: https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc`
			`Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring`

backport some upstream patches 2023-03-18 12:10:12 +08:00			`Patch0: backport-config-Escape-brackets-in-ProxyCommand-build-from.patch`
			`Patch1: backport-packet-do-not-enqueue-outgoing-packets-after-sending.patch`
Fix build error if compiler switch to clang Signed-off-by: Chenxi Mao <chenxi.mao@suse.com> 2023-04-03 17:46:03 +08:00			`Patch2: backport-examples-Fix-build-issue-with-new-clang-15.patch`
fix CVE-2023-1667 and CVE-2023-2283 2023-05-24 12:13:09 +08:00			`Patch3: backport-0001-CVE-2023-1667-packet_cb-Log-more-verbose-error-if-si.patch`
			`Patch4: backport-0002-CVE-2023-1667-packet-Do-not-allow-servers-to-initiat.patch`
			`Patch5: backport-0003-CVE-2023-1667-kex-Remove-needless-function-argument.patch`
			`Patch6: backport-0004-CVE-2023-1667-kex-Factor-out-the-kex-mapping-to-inte.patch`
			`Patch7: backport-0005-CVE-2023-1667-dh-Expose-the-callback-cleanup-functio.patch`
			`Patch8: backport-0006-CVE-2023-1667-kex-Correctly-handle-last-fields-of-KE.patch`
			`Patch9: backport-0007-CVE-2023-1667-kex-Add-support-for-sending-first_kex_.patch`
			`Patch10: backport-0008-CVE-2023-1667-tests-Client-coverage-for-key-exchange.patch`
			`Patch11: backport-0009-CVE-2023-1667-tests-Send-a-bit-more-to-make-sure-rek.patch`
			`Patch12: backport-0001-CVE-2023-2283-pki_crypto-Fix-possible-authentication.patch`
			`Patch13: backport-0002-CVE-2023-2283-pki_crypto-Remove-unnecessary-NUL.patch`
backport some upstream patches 2023-03-18 12:10:12 +08:00
upgrade to 0.9.4 2020-07-27 17:48:00 +08:00			`BuildRequires: cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel`
			`BuildRequires: krb5-devel libcmocka-devel openssh-clients openssh-server`
remove obsolete lib (cherry picked from commit 6fb3ba877420f8e3245be686d845f47576402098) 2022-03-16 15:58:25 +08:00			`BuildRequires: nmap-ncat`
upgrade to 0.9.4 2020-07-27 17:48:00 +08:00
			`Recommends: crypto-policies`
Package init 2019-09-30 10:58:15 -04:00
			`Provides: libssh_threads.so.4()(64bit)`

			`%description`
			`The ssh library was designed to be used by programmers needing a working SSH`
			`implementation by the mean of a library. The complete control of the client is`
			`made by the programmer. With libssh, you can remotely execute programs, transfer`
			`files, use a secure and transparent tunnel for your remote programs. With its`
			`Secure FTP implementation, you can play with remote files easily, without`
			`third-party programs others than libcrypto (from openssl).`

			`%package devel`
			`Summary: Development files for %{name}`
			`Requires: %{name}%{?_isa} = %{version}-%{release}`

			`%description devel`
			`The %{name}-devel package contains libraries and header files for developing`
			`applications that use %{name}.`

			`%package_help`

			`%prep`
			`gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0}`
			`%autosetup -p1`

			`%build`
			`if test ! -e "obj"; then`
			`mkdir obj`
			`fi`
			`pushd obj`

			`%cmake .. \`
upgrade to 0.9.4 2020-07-27 17:48:00 +08:00			`-DUNIT_TESTING=ON \`
Package init 2019-09-30 10:58:15 -04:00
			`%make_build VERBOSE=1`

			`popd`

			`%install`
			`make DESTDIR=%{buildroot} install/fast -C obj`
upgrade to 0.9.4 2020-07-27 17:48:00 +08:00			`install -d -m755 %{buildroot}%{_sysconfdir}/libssh`
Package init 2019-09-30 10:58:15 -04:00
			`pushd %{buildroot}%{_libdir}`
			`for i in libssh.so*;`
			`do`
			`_target="${i}"`
			`_link_name="${i%libssh}libssh_threads${i##libssh}"`
			`if [ -L "${i}" ]; then`
			`_target="$(readlink ${i})"`
			`fi`
			`ln -s "${_target}" "${_link_name}"`
			`done;`
			`popd`

			`%ldconfig_scriptlets`

			`%check`
			`pushd obj`
			`ctest --output-on-failure`
			`popd`

			`%files`
			`%defattr(-,root,root)`
			`%doc AUTHORS BSD`
			`%license COPYING`
			`%{_libdir}/.so.4`

			`%files devel`
			`%defattr(-,root,root)`
			`%{_includedir}/libssh/`
			`%{_libdir}/cmake/libssh/`
upgrade to 0.9.4 2020-07-27 17:48:00 +08:00			`%{_libdir}/pkgconfig/libssh.pc`
Package init 2019-09-30 10:58:15 -04:00			`%{_libdir}/*.so`

			`%files help`
			`%defattr(-,root,root)`
update to 0.10.4 2023-02-03 10:08:02 +08:00			`%doc CHANGELOG README`
Package init 2019-09-30 10:58:15 -04:00
			`%changelog`
fix CVE-2023-1667 and CVE-2023-2283 2023-05-24 12:13:09 +08:00			`* Wed May 24 2023 renmingshuai <renmingshuai@huawei.com> - 0.10.4-4`
			`- Type:CVE`
			`- Id:CVE-2023-1667,CVE-2023-2283`
			`- SUG:NA`
			`- DESC:fix CVE-2023-1667 and CVE-2023-2283`

Fix build error if compiler switch to clang Signed-off-by: Chenxi Mao <chenxi.mao@suse.com> 2023-04-03 17:46:03 +08:00			`* Mon Apr 3 2023 Chenxi Mao <chenxi.mao@suse.com> - 0.10.4-3`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:Backport patches to fix build error if compiler switch to clang.`

backport some upstream patches 2023-03-18 12:10:12 +08:00			`* Sat Mar 18 2023 renmingshuai <renmingshuai@huawei.com> - 0.10.4-2`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:config: Escape brackets in ProxyCommand build from ProxyJump`
			`packet: do not enqueue outgoing packets after sending`

update to 0.10.4 2023-02-03 10:08:02 +08:00			`* Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.10.4-1`
			`- Type:requirement`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:update to 0.10.4`

backport some patches from upstream community 2022-10-20 10:25:21 +08:00			`* Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.9.6-5`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:avoid false positive report from Coveritt CID 1470006`
			`kdf: Avoid endianess issues`
			`misc: Fix format truncation in ssh_path_expand_escape()`
			`misc: Fix expanding port numbers`
			`misc: rename gettimeofday symbol`
			`session: Initialize the port with the standard port (22)`
			`session->socket_callbacks.data will be set to ssh_packet_socket_callback`
			`socket: Add error message if execv fails`
			`tests: Add test for expanding port numbers`

backport upstream patches 2022-10-13 03:05:26 +00:00			`* Thu Oct 13 2022 xinghe <xinghe2@h-partners.com> - 0.9.6-4`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:options: Parse hostname by last '@'`
			`torture_options: Add test for '@' in login name`
			`session: Initialize pointers`
			`tests: Ensure the mode of the created file is what we set`

backport upstream patches 2022-09-02 06:45:16 +00:00			`* Fri Sep 02 2022 gaihuiying <eaglegai@163.com> - 0.9.6-3`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:backport upstream patches`

remove obsolete lib (cherry picked from commit 6fb3ba877420f8e3245be686d845f47576402098) 2022-03-16 15:58:25 +08:00			`* Wed Mar 16 2022 xihaochen <xihaochen@h-partners.com> - 0.9.6-2`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:remove obsolete lib`

update libssh to 0.9.6 2021-12-03 16:15:31 +08:00			`* Fri Dec 03 2021 gaihuiying <gaihuiying1@huawei.com> - 0.9.6-1`
			`- Type:requirement`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:update libssh to 0.9.6`

fix CVE-2021-3634 2021-09-13 17:00:31 +08:00			`* Mon Sep 13 2021 heyaohua<heyaohua1@huawei.com> - 0.9.5-2`
			`- Type:CVE`
			`- Id:CVE-2021-3634`
			`- SUG:NA`
			`- DESC:fix CVE-2021-3634`

update libssh to 0.9.5 2021-01-28 16:00:00 +08:00			`* Fri Jan 29 2021 xihaochen <xihaochen@huawei.com> - 0.9.5-1`
			`- Type:requirements`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:update libssh to 0.9.5`

fix CVE-2020-16135 reference: https://gitlab.com/libssh/libssh-mirror/-/commit/533d881b0f4b24c72b35ecc97fa35d295d063e53 https://gitlab.com/libssh/libssh-mirror/-/commit/2782cb0495b7450bd8fe43ce4af886b66fea6c40 https://gitlab.com/libssh/libssh-mirror/-/commit/10b3ebbe61a7031a3dae97f05834442220447181 https://gitlab.com/libssh/libssh-mirror/-/commit/245ad744b5ab0582fef7cf3905a717b791d7e08b 2020-08-06 17:41:02 +08:00			`* Thu Aug 6 2020 zhaowei <zhaowei23@huawei.com> - 0.9.4-2`
			`- Type:CVE`
			`- Id:CVE-2020-16135`
			`- SUG:NA`
			`- DESC:fix CVE-2020-16135`

upgrade to 0.9.4 2020-07-27 17:48:00 +08:00			`* Mon Apr 20 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.9.4-1`
			`- Type:bugfix`
			`- Id:NA`
libssh: fix CVE-2020-1730 2020-04-17 15:38:42 +08:00			`- SUG:NA`
upgrade to 0.9.4 2020-07-27 17:48:00 +08:00			`- DESC:update to 0.9.4`
libssh: fix CVE-2020-1730 2020-04-17 15:38:42 +08:00
bugfix in build 2020-01-12 18:11:21 +08:00			`* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-7`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC:bugfix in build process`

fix cve 2020-01-12 12:31:39 +08:00			`* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-6`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC: fixes cves`

Package init 2019-12-25 15:55:06 +08:00			`* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-5`
			`- Type:bugfix`
			`- Id:NA`
			`- SUG:NA`
			`- DESC: fixes the oss fuzz bug`

Package init 2019-09-30 10:58:15 -04:00			`* Thu Sep 12 2019 openEuler Buildteam <buildteam@openeuler.org> - 0.8.3-4`
			`- Package init`