[arch-commits] Commit in libssh/trunk (4 files)

Andreas Radke andyrtr at nymeria.archlinux.org
Fri Apr 18 17:57:46 UTC 2014 

    Date: Friday, April 18, 2014 @ 19:57:45
  Author: andyrtr
Revision: 211328

upgpkg: libssh 0.6.3-1

upstream update 0.6.3

Modified:
  libssh/trunk/PKGBUILD
Deleted:
  libssh/trunk/0004-reset-global-request-status.patch
  libssh/trunk/0005-multi-reverse-fwd.patch
  libssh/trunk/CVE-2014-0017.patch

----------------------------------------+
 0004-reset-global-request-status.patch |   18 ------
 0005-multi-reverse-fwd.patch           |   85 -------------------------------
 CVE-2014-0017.patch                    |   67 ------------------------
 PKGBUILD                               |   26 ++-------
 4 files changed, 6 insertions(+), 190 deletions(-)

Deleted: 0004-reset-global-request-status.patch
===================================================================
--- 0004-reset-global-request-status.patch	2014-04-18 17:38:49 UTC (rev 211327)
+++ 0004-reset-global-request-status.patch	2014-04-18 17:57:45 UTC (rev 211328)
@@ -1,18 +0,0 @@
-Description: Allow requesting more than one channel per session.
-Author: Andreas Schneider <asn at cryptomilk.org>
-Abstract:
- In the 0.5.x series of libssh only one channel request per session
- is possible. This blocks using libssh client sessions which require
- requesting multiple channels on a single SSH connection.
-Origin: http://git.libssh.org/projects/libssh.git/commit/src/channels.c?id=e30acdb58a86937e8bece57ce47e272f1106ca55
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -1951,7 +1951,7 @@
-       break;
- 
-   }
--
-+  session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
-   leave_function();
-   return rc;
- error:

Deleted: 0005-multi-reverse-fwd.patch
===================================================================
--- 0005-multi-reverse-fwd.patch	2014-04-18 17:38:49 UTC (rev 211327)
+++ 0005-multi-reverse-fwd.patch	2014-04-18 17:57:45 UTC (rev 211328)
@@ -1,85 +0,0 @@
-Description: Allow requesting multiple reverse port forwarding tunnels per connection
-Author: Oleksandr Shneyder <o.schneyder at phoca-gmbh.de>
-Abstract:
- Channel: Add ssh_channel_accept_forward().
- .
- This new function works the same way as ssh_forward_accept()
- but can return a destination port of the channel (useful if
- SSH connection is supposed to reverse forward multiple TCP/IP
- ports).
-Origin: http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462
---- a/include/libssh/libssh.h
-+++ b/include/libssh/libssh.h
-@@ -371,6 +371,7 @@
- LIBSSH_API char *ssh_dirname (const char *path);
- LIBSSH_API int ssh_finalize(void);
- LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms);
-+LIBSSH_API ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int *destination_port);
- LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port);
- LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port);
- LIBSSH_API void ssh_free(ssh_session session);
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -1755,7 +1755,7 @@
- }
- 
- static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
--    int timeout_ms) {
-+    int timeout_ms, int *destination_port) {
- #ifndef _WIN32
-   static const struct timespec ts = {
-     .tv_sec = 0,
-@@ -1779,6 +1779,10 @@
-             ssh_message_subtype(msg) == channeltype) {
-           ssh_list_remove(session->ssh_message_list, iterator);
-           channel = ssh_message_channel_request_open_reply_accept(msg);
-+          if(destination_port) {
-+            *destination_port=msg->channel_request_open.destination_port;
-+          }
-+
-           ssh_message_free(msg);
-           return channel;
-         }
-@@ -1809,7 +1813,7 @@
-  *                      the server.
-  */
- ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
--  return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms);
-+  return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL);
- }
- 
- /**
-@@ -1857,7 +1861,7 @@
-   } else {
-     session->global_req_state=SSH_CHANNEL_REQ_STATE_DENIED;
-   }
--
-+  session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
-   leave_function();
-   return SSH_PACKET_USED;
- 
-@@ -2027,7 +2031,23 @@
-  *         the server
-  */
- ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
--  return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms);
-+  return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
-+}
-+
-+/**
-+ * @brief Accept an incoming TCP/IP forwarding channel and get information
-+ * about incomming connection
-+ * @param[in]  session    The ssh session to use.
-+ *
-+ * @param[in]  timeout_ms A timeout in milliseconds.
-+ *
-+ * @param[in]  destination_port A pointer to destination port or NULL.
-+ *
-+ * @return Newly created channel, or NULL if no incoming channel request from
-+ *         the server
-+ */
-+ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int* destination_port) {
-+  return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, destination_port);
- }
- 
- /**

Deleted: CVE-2014-0017.patch
===================================================================
--- CVE-2014-0017.patch	2014-04-18 17:38:49 UTC (rev 211327)
+++ CVE-2014-0017.patch	2014-04-18 17:57:45 UTC (rev 211328)
@@ -1,67 +0,0 @@
-diff -rupN a/include/libssh/wrapper.h b/include/libssh/wrapper.h
---- a/include/libssh/wrapper.h	2013-07-26 06:39:39.000000000 +0000
-+++ b/include/libssh/wrapper.h	2014-03-09 16:38:49.807812235 +0000
-@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_sess
- struct ssh_crypto_struct *crypto_new(void);
- void crypto_free(struct ssh_crypto_struct *crypto);
- 
-+void ssh_reseed(void);
- 
- #endif /* WRAPPER_H_ */
-diff -rupN a/src/bind.c b/src/bind.c
---- a/src/bind.c	2013-07-26 06:39:39.000000000 +0000
-+++ b/src/bind.c	2014-03-09 16:39:00.571080087 +0000
-@@ -375,6 +375,7 @@ int ssh_bind_accept(ssh_bind sshbind, ss
-   session->dsa_key = dsa;
-   session->rsa_key = rsa;
- 
-+  ssh_reseed();
-   return SSH_OK;
- }
- 
-diff -rupN a/src/libcrypto.c b/src/libcrypto.c
---- a/src/libcrypto.c	2013-07-26 06:39:39.000000000 +0000
-+++ b/src/libcrypto.c	2014-03-09 16:40:07.807331327 +0000
-@@ -23,6 +23,7 @@
- #include <stdlib.h>
- #include <stdio.h>
- #include <string.h>
-+#include <sys/time.h>
- 
- #include "libssh/priv.h"
- #include "libssh/session.h"
-@@ -38,6 +39,8 @@
- #include <openssl/rsa.h>
- #include <openssl/hmac.h>
- #include <openssl/opensslv.h>
-+#include <openssl/rand.h>
-+
- #ifdef HAVE_OPENSSL_AES_H
- #define HAS_AES
- #include <openssl/aes.h>
-@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struc
-     return 0;
- }
- 
-+void ssh_reseed(void) {
-+    struct timeval tv;
-+    gettimeofday(&tv, NULL);
-+    RAND_add(&tv, sizeof(tv), 0.0);
-+}
-+
- SHACTX sha1_init(void) {
-   SHACTX c = malloc(sizeof(*c));
-   if (c == NULL) {
-diff -rupN a/src/libgcrypt.c b/src/libgcrypt.c
---- a/src/libgcrypt.c	2013-07-26 06:39:39.000000000 +0000
-+++ b/src/libgcrypt.c	2014-03-09 16:40:51.730392881 +0000
-@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struc
-     return 0;
- }
- 
-+void ssh_reseed(void) {
-+    }
-+
- SHACTX sha1_init(void) {
-   SHACTX ctx = NULL;
-   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-04-18 17:38:49 UTC (rev 211327)
+++ PKGBUILD	2014-04-18 17:57:45 UTC (rev 211328)
@@ -5,8 +5,8 @@
 # Contributor: sergeantspoon <sergeantspoon at archlinux.us>
 
 pkgname=libssh
-pkgver=0.5.5
-pkgrel=3
+pkgver=0.6.3
+pkgrel=1
 pkgdesc="Library for accessing ssh client services through C libraries"
 url="http://www.libssh.org/"
 license=('LGPL')
@@ -13,30 +13,16 @@
 arch=('i686' 'x86_64')
 depends=('zlib' 'openssl')
 makedepends=('cmake' 'doxygen')
-source=(https://red.libssh.org/attachments/download/51/${pkgname}-${pkgver}.tar.gz
-        0004-reset-global-request-status.patch
-        0005-multi-reverse-fwd.patch
-        CVE-2014-0017.patch)
-md5sums=('bb308196756c7255c0969583d917136b'
-         '0d8c28906b07e31466157b1fda441f4a'
-         '6fa3a1a4f448e85a7eb39360f4a72ce9'
-         '2eddf36e41adf62e4094f17b64d466e0')
+source=(https://red.libssh.org/attachments/download/87/${pkgname}-${pkgver}.tar.xz)
+md5sums=('66cf16e77f60913b4d54f18c92cdbf71')
 
-prepare() {
-  cd ${pkgname}-${pkgver}
-  # add multiple channels on a single SSH connection required by X2goclient
-  # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736231
-  patch -Np1 -i ${srcdir}/0004-reset-global-request-status.patch
-  patch -Np1 -i ${srcdir}/0005-multi-reverse-fwd.patch
-  patch -Np1 -i ${srcdir}/CVE-2014-0017.patch
-}
-
 build() {
   mkdir build
   cd build
   cmake ../${pkgname}-${pkgver} \
     -DCMAKE_INSTALL_PREFIX=/usr \
-    -DCMAKE_BUILD_TYPE=Release
+    -DCMAKE_BUILD_TYPE=Release \
+    -DWITH_GSSAPI=OFF
   make
 }

More information about the arch-commits mailing list