[arch-commits] Commit in libssh/repos (14 files)
Bartłomiej Piotrowski
bpiotrowski at nymeria.archlinux.org
Sun Mar 9 16:43:05 UTC 2014
Date: Sunday, March 9, 2014 @ 17:43:05
Author: bpiotrowski
Revision: 207452
archrelease: copy trunk to extra-i686, extra-x86_64
Added:
libssh/repos/extra-i686/0004-reset-global-request-status.patch
(from rev 207451, libssh/trunk/0004-reset-global-request-status.patch)
libssh/repos/extra-i686/0005-multi-reverse-fwd.patch
(from rev 207451, libssh/trunk/0005-multi-reverse-fwd.patch)
libssh/repos/extra-i686/CVE-2014-0017.patch
(from rev 207451, libssh/trunk/CVE-2014-0017.patch)
libssh/repos/extra-i686/PKGBUILD
(from rev 207451, libssh/trunk/PKGBUILD)
libssh/repos/extra-x86_64/0004-reset-global-request-status.patch
(from rev 207451, libssh/trunk/0004-reset-global-request-status.patch)
libssh/repos/extra-x86_64/0005-multi-reverse-fwd.patch
(from rev 207451, libssh/trunk/0005-multi-reverse-fwd.patch)
libssh/repos/extra-x86_64/CVE-2014-0017.patch
(from rev 207451, libssh/trunk/CVE-2014-0017.patch)
libssh/repos/extra-x86_64/PKGBUILD
(from rev 207451, libssh/trunk/PKGBUILD)
Deleted:
libssh/repos/extra-i686/0004-reset-global-request-status.patch
libssh/repos/extra-i686/0005-multi-reverse-fwd.patch
libssh/repos/extra-i686/PKGBUILD
libssh/repos/extra-x86_64/0004-reset-global-request-status.patch
libssh/repos/extra-x86_64/0005-multi-reverse-fwd.patch
libssh/repos/extra-x86_64/PKGBUILD
-----------------------------------------------------+
/0004-reset-global-request-status.patch | 36 +++
/0005-multi-reverse-fwd.patch | 170 ++++++++++++++++++
/PKGBUILD | 92 +++++++++
extra-i686/0004-reset-global-request-status.patch | 18 -
extra-i686/0005-multi-reverse-fwd.patch | 85 ---------
extra-i686/CVE-2014-0017.patch | 67 +++++++
extra-i686/PKGBUILD | 43 ----
extra-x86_64/0004-reset-global-request-status.patch | 18 -
extra-x86_64/0005-multi-reverse-fwd.patch | 85 ---------
extra-x86_64/CVE-2014-0017.patch | 67 +++++++
extra-x86_64/PKGBUILD | 43 ----
11 files changed, 432 insertions(+), 292 deletions(-)
Deleted: extra-i686/0004-reset-global-request-status.patch
===================================================================
--- extra-i686/0004-reset-global-request-status.patch 2014-03-09 16:42:55 UTC (rev 207451)
+++ extra-i686/0004-reset-global-request-status.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -1,18 +0,0 @@
-Description: Allow requesting more than one channel per session.
-Author: Andreas Schneider <asn at cryptomilk.org>
-Abstract:
- In the 0.5.x series of libssh only one channel request per session
- is possible. This blocks using libssh client sessions which require
- requesting multiple channels on a single SSH connection.
-Origin: http://git.libssh.org/projects/libssh.git/commit/src/channels.c?id=e30acdb58a86937e8bece57ce47e272f1106ca55
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -1951,7 +1951,7 @@
- break;
-
- }
--
-+ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
- leave_function();
- return rc;
- error:
Copied: libssh/repos/extra-i686/0004-reset-global-request-status.patch (from rev 207451, libssh/trunk/0004-reset-global-request-status.patch)
===================================================================
--- extra-i686/0004-reset-global-request-status.patch (rev 0)
+++ extra-i686/0004-reset-global-request-status.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,18 @@
+Description: Allow requesting more than one channel per session.
+Author: Andreas Schneider <asn at cryptomilk.org>
+Abstract:
+ In the 0.5.x series of libssh only one channel request per session
+ is possible. This blocks using libssh client sessions which require
+ requesting multiple channels on a single SSH connection.
+Origin: http://git.libssh.org/projects/libssh.git/commit/src/channels.c?id=e30acdb58a86937e8bece57ce47e272f1106ca55
+--- a/src/channels.c
++++ b/src/channels.c
+@@ -1951,7 +1951,7 @@
+ break;
+
+ }
+-
++ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
+ leave_function();
+ return rc;
+ error:
Deleted: extra-i686/0005-multi-reverse-fwd.patch
===================================================================
--- extra-i686/0005-multi-reverse-fwd.patch 2014-03-09 16:42:55 UTC (rev 207451)
+++ extra-i686/0005-multi-reverse-fwd.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -1,85 +0,0 @@
-Description: Allow requesting multiple reverse port forwarding tunnels per connection
-Author: Oleksandr Shneyder <o.schneyder at phoca-gmbh.de>
-Abstract:
- Channel: Add ssh_channel_accept_forward().
- .
- This new function works the same way as ssh_forward_accept()
- but can return a destination port of the channel (useful if
- SSH connection is supposed to reverse forward multiple TCP/IP
- ports).
-Origin: http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462
---- a/include/libssh/libssh.h
-+++ b/include/libssh/libssh.h
-@@ -371,6 +371,7 @@
- LIBSSH_API char *ssh_dirname (const char *path);
- LIBSSH_API int ssh_finalize(void);
- LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms);
-+LIBSSH_API ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int *destination_port);
- LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port);
- LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port);
- LIBSSH_API void ssh_free(ssh_session session);
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -1755,7 +1755,7 @@
- }
-
- static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
-- int timeout_ms) {
-+ int timeout_ms, int *destination_port) {
- #ifndef _WIN32
- static const struct timespec ts = {
- .tv_sec = 0,
-@@ -1779,6 +1779,10 @@
- ssh_message_subtype(msg) == channeltype) {
- ssh_list_remove(session->ssh_message_list, iterator);
- channel = ssh_message_channel_request_open_reply_accept(msg);
-+ if(destination_port) {
-+ *destination_port=msg->channel_request_open.destination_port;
-+ }
-+
- ssh_message_free(msg);
- return channel;
- }
-@@ -1809,7 +1813,7 @@
- * the server.
- */
- ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
-- return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms);
-+ return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL);
- }
-
- /**
-@@ -1857,7 +1861,7 @@
- } else {
- session->global_req_state=SSH_CHANNEL_REQ_STATE_DENIED;
- }
--
-+ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
- leave_function();
- return SSH_PACKET_USED;
-
-@@ -2027,7 +2031,23 @@
- * the server
- */
- ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
-- return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms);
-+ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
-+}
-+
-+/**
-+ * @brief Accept an incoming TCP/IP forwarding channel and get information
-+ * about incomming connection
-+ * @param[in] session The ssh session to use.
-+ *
-+ * @param[in] timeout_ms A timeout in milliseconds.
-+ *
-+ * @param[in] destination_port A pointer to destination port or NULL.
-+ *
-+ * @return Newly created channel, or NULL if no incoming channel request from
-+ * the server
-+ */
-+ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int* destination_port) {
-+ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, destination_port);
- }
-
- /**
Copied: libssh/repos/extra-i686/0005-multi-reverse-fwd.patch (from rev 207451, libssh/trunk/0005-multi-reverse-fwd.patch)
===================================================================
--- extra-i686/0005-multi-reverse-fwd.patch (rev 0)
+++ extra-i686/0005-multi-reverse-fwd.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,85 @@
+Description: Allow requesting multiple reverse port forwarding tunnels per connection
+Author: Oleksandr Shneyder <o.schneyder at phoca-gmbh.de>
+Abstract:
+ Channel: Add ssh_channel_accept_forward().
+ .
+ This new function works the same way as ssh_forward_accept()
+ but can return a destination port of the channel (useful if
+ SSH connection is supposed to reverse forward multiple TCP/IP
+ ports).
+Origin: http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462
+--- a/include/libssh/libssh.h
++++ b/include/libssh/libssh.h
+@@ -371,6 +371,7 @@
+ LIBSSH_API char *ssh_dirname (const char *path);
+ LIBSSH_API int ssh_finalize(void);
+ LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms);
++LIBSSH_API ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int *destination_port);
+ LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port);
+ LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port);
+ LIBSSH_API void ssh_free(ssh_session session);
+--- a/src/channels.c
++++ b/src/channels.c
+@@ -1755,7 +1755,7 @@
+ }
+
+ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
+- int timeout_ms) {
++ int timeout_ms, int *destination_port) {
+ #ifndef _WIN32
+ static const struct timespec ts = {
+ .tv_sec = 0,
+@@ -1779,6 +1779,10 @@
+ ssh_message_subtype(msg) == channeltype) {
+ ssh_list_remove(session->ssh_message_list, iterator);
+ channel = ssh_message_channel_request_open_reply_accept(msg);
++ if(destination_port) {
++ *destination_port=msg->channel_request_open.destination_port;
++ }
++
+ ssh_message_free(msg);
+ return channel;
+ }
+@@ -1809,7 +1813,7 @@
+ * the server.
+ */
+ ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
+- return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms);
++ return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL);
+ }
+
+ /**
+@@ -1857,7 +1861,7 @@
+ } else {
+ session->global_req_state=SSH_CHANNEL_REQ_STATE_DENIED;
+ }
+-
++ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
+ leave_function();
+ return SSH_PACKET_USED;
+
+@@ -2027,7 +2031,23 @@
+ * the server
+ */
+ ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
+- return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms);
++ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
++}
++
++/**
++ * @brief Accept an incoming TCP/IP forwarding channel and get information
++ * about incomming connection
++ * @param[in] session The ssh session to use.
++ *
++ * @param[in] timeout_ms A timeout in milliseconds.
++ *
++ * @param[in] destination_port A pointer to destination port or NULL.
++ *
++ * @return Newly created channel, or NULL if no incoming channel request from
++ * the server
++ */
++ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int* destination_port) {
++ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, destination_port);
+ }
+
+ /**
Copied: libssh/repos/extra-i686/CVE-2014-0017.patch (from rev 207451, libssh/trunk/CVE-2014-0017.patch)
===================================================================
--- extra-i686/CVE-2014-0017.patch (rev 0)
+++ extra-i686/CVE-2014-0017.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,67 @@
+diff -rupN a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+--- a/include/libssh/wrapper.h 2013-07-26 06:39:39.000000000 +0000
++++ b/include/libssh/wrapper.h 2014-03-09 16:38:49.807812235 +0000
+@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_sess
+ struct ssh_crypto_struct *crypto_new(void);
+ void crypto_free(struct ssh_crypto_struct *crypto);
+
++void ssh_reseed(void);
+
+ #endif /* WRAPPER_H_ */
+diff -rupN a/src/bind.c b/src/bind.c
+--- a/src/bind.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/bind.c 2014-03-09 16:39:00.571080087 +0000
+@@ -375,6 +375,7 @@ int ssh_bind_accept(ssh_bind sshbind, ss
+ session->dsa_key = dsa;
+ session->rsa_key = rsa;
+
++ ssh_reseed();
+ return SSH_OK;
+ }
+
+diff -rupN a/src/libcrypto.c b/src/libcrypto.c
+--- a/src/libcrypto.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/libcrypto.c 2014-03-09 16:40:07.807331327 +0000
+@@ -23,6 +23,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <sys/time.h>
+
+ #include "libssh/priv.h"
+ #include "libssh/session.h"
+@@ -38,6 +39,8 @@
+ #include <openssl/rsa.h>
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
++#include <openssl/rand.h>
++
+ #ifdef HAVE_OPENSSL_AES_H
+ #define HAS_AES
+ #include <openssl/aes.h>
+@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struc
+ return 0;
+ }
+
++void ssh_reseed(void) {
++ struct timeval tv;
++ gettimeofday(&tv, NULL);
++ RAND_add(&tv, sizeof(tv), 0.0);
++}
++
+ SHACTX sha1_init(void) {
+ SHACTX c = malloc(sizeof(*c));
+ if (c == NULL) {
+diff -rupN a/src/libgcrypt.c b/src/libgcrypt.c
+--- a/src/libgcrypt.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/libgcrypt.c 2014-03-09 16:40:51.730392881 +0000
+@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struc
+ return 0;
+ }
+
++void ssh_reseed(void) {
++ }
++
+ SHACTX sha1_init(void) {
+ SHACTX ctx = NULL;
+ gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
Deleted: extra-i686/PKGBUILD
===================================================================
--- extra-i686/PKGBUILD 2014-03-09 16:42:55 UTC (rev 207451)
+++ extra-i686/PKGBUILD 2014-03-09 16:43:05 UTC (rev 207452)
@@ -1,43 +0,0 @@
-# $Id$
-# Maintainer: Tom Gundersen <teg at jklm.no>
-# Contributor: Andrea Scarpino <andrea at archlinux.org>
-# Contributor: ice-man <icemanf at gmail.com>
-# Contributor: sergeantspoon <sergeantspoon at archlinux.us>
-
-pkgname=libssh
-pkgver=0.5.5
-pkgrel=2
-pkgdesc="Library for accessing ssh client services through C libraries"
-url="http://www.libssh.org/"
-license=('LGPL')
-arch=('i686' 'x86_64')
-depends=('zlib' 'openssl')
-makedepends=('cmake' 'doxygen')
-source=(https://red.libssh.org/attachments/download/51/${pkgname}-${pkgver}.tar.gz
- 0004-reset-global-request-status.patch
- 0005-multi-reverse-fwd.patch)
-md5sums=('bb308196756c7255c0969583d917136b'
- '0d8c28906b07e31466157b1fda441f4a'
- '6fa3a1a4f448e85a7eb39360f4a72ce9')
-
-prepare() {
- cd ${pkgname}-${pkgver}
- # add multiple channels on a single SSH connection required by X2goclient
- # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736231
- patch -Np1 -i ${srcdir}/0004-reset-global-request-status.patch
- patch -Np1 -i ${srcdir}/0005-multi-reverse-fwd.patch
-}
-
-build() {
- mkdir build
- cd build
- cmake ../${pkgname}-${pkgver} \
- -DCMAKE_INSTALL_PREFIX=/usr \
- -DCMAKE_BUILD_TYPE=Release
- make
-}
-
-package(){
- cd build
- make DESTDIR="${pkgdir}" install
-}
Copied: libssh/repos/extra-i686/PKGBUILD (from rev 207451, libssh/trunk/PKGBUILD)
===================================================================
--- extra-i686/PKGBUILD (rev 0)
+++ extra-i686/PKGBUILD 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,46 @@
+# $Id$
+# Maintainer: Tom Gundersen <teg at jklm.no>
+# Contributor: Andrea Scarpino <andrea at archlinux.org>
+# Contributor: ice-man <icemanf at gmail.com>
+# Contributor: sergeantspoon <sergeantspoon at archlinux.us>
+
+pkgname=libssh
+pkgver=0.5.5
+pkgrel=3
+pkgdesc="Library for accessing ssh client services through C libraries"
+url="http://www.libssh.org/"
+license=('LGPL')
+arch=('i686' 'x86_64')
+depends=('zlib' 'openssl')
+makedepends=('cmake' 'doxygen')
+source=(https://red.libssh.org/attachments/download/51/${pkgname}-${pkgver}.tar.gz
+ 0004-reset-global-request-status.patch
+ 0005-multi-reverse-fwd.patch
+ CVE-2014-0017.patch)
+md5sums=('bb308196756c7255c0969583d917136b'
+ '0d8c28906b07e31466157b1fda441f4a'
+ '6fa3a1a4f448e85a7eb39360f4a72ce9'
+ '2eddf36e41adf62e4094f17b64d466e0')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ # add multiple channels on a single SSH connection required by X2goclient
+ # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736231
+ patch -Np1 -i ${srcdir}/0004-reset-global-request-status.patch
+ patch -Np1 -i ${srcdir}/0005-multi-reverse-fwd.patch
+ patch -Np1 -i ${srcdir}/CVE-2014-0017.patch
+}
+
+build() {
+ mkdir build
+ cd build
+ cmake ../${pkgname}-${pkgver} \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_BUILD_TYPE=Release
+ make
+}
+
+package(){
+ cd build
+ make DESTDIR="${pkgdir}" install
+}
Deleted: extra-x86_64/0004-reset-global-request-status.patch
===================================================================
--- extra-x86_64/0004-reset-global-request-status.patch 2014-03-09 16:42:55 UTC (rev 207451)
+++ extra-x86_64/0004-reset-global-request-status.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -1,18 +0,0 @@
-Description: Allow requesting more than one channel per session.
-Author: Andreas Schneider <asn at cryptomilk.org>
-Abstract:
- In the 0.5.x series of libssh only one channel request per session
- is possible. This blocks using libssh client sessions which require
- requesting multiple channels on a single SSH connection.
-Origin: http://git.libssh.org/projects/libssh.git/commit/src/channels.c?id=e30acdb58a86937e8bece57ce47e272f1106ca55
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -1951,7 +1951,7 @@
- break;
-
- }
--
-+ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
- leave_function();
- return rc;
- error:
Copied: libssh/repos/extra-x86_64/0004-reset-global-request-status.patch (from rev 207451, libssh/trunk/0004-reset-global-request-status.patch)
===================================================================
--- extra-x86_64/0004-reset-global-request-status.patch (rev 0)
+++ extra-x86_64/0004-reset-global-request-status.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,18 @@
+Description: Allow requesting more than one channel per session.
+Author: Andreas Schneider <asn at cryptomilk.org>
+Abstract:
+ In the 0.5.x series of libssh only one channel request per session
+ is possible. This blocks using libssh client sessions which require
+ requesting multiple channels on a single SSH connection.
+Origin: http://git.libssh.org/projects/libssh.git/commit/src/channels.c?id=e30acdb58a86937e8bece57ce47e272f1106ca55
+--- a/src/channels.c
++++ b/src/channels.c
+@@ -1951,7 +1951,7 @@
+ break;
+
+ }
+-
++ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
+ leave_function();
+ return rc;
+ error:
Deleted: extra-x86_64/0005-multi-reverse-fwd.patch
===================================================================
--- extra-x86_64/0005-multi-reverse-fwd.patch 2014-03-09 16:42:55 UTC (rev 207451)
+++ extra-x86_64/0005-multi-reverse-fwd.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -1,85 +0,0 @@
-Description: Allow requesting multiple reverse port forwarding tunnels per connection
-Author: Oleksandr Shneyder <o.schneyder at phoca-gmbh.de>
-Abstract:
- Channel: Add ssh_channel_accept_forward().
- .
- This new function works the same way as ssh_forward_accept()
- but can return a destination port of the channel (useful if
- SSH connection is supposed to reverse forward multiple TCP/IP
- ports).
-Origin: http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462
---- a/include/libssh/libssh.h
-+++ b/include/libssh/libssh.h
-@@ -371,6 +371,7 @@
- LIBSSH_API char *ssh_dirname (const char *path);
- LIBSSH_API int ssh_finalize(void);
- LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms);
-+LIBSSH_API ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int *destination_port);
- LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port);
- LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port);
- LIBSSH_API void ssh_free(ssh_session session);
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -1755,7 +1755,7 @@
- }
-
- static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
-- int timeout_ms) {
-+ int timeout_ms, int *destination_port) {
- #ifndef _WIN32
- static const struct timespec ts = {
- .tv_sec = 0,
-@@ -1779,6 +1779,10 @@
- ssh_message_subtype(msg) == channeltype) {
- ssh_list_remove(session->ssh_message_list, iterator);
- channel = ssh_message_channel_request_open_reply_accept(msg);
-+ if(destination_port) {
-+ *destination_port=msg->channel_request_open.destination_port;
-+ }
-+
- ssh_message_free(msg);
- return channel;
- }
-@@ -1809,7 +1813,7 @@
- * the server.
- */
- ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
-- return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms);
-+ return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL);
- }
-
- /**
-@@ -1857,7 +1861,7 @@
- } else {
- session->global_req_state=SSH_CHANNEL_REQ_STATE_DENIED;
- }
--
-+ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
- leave_function();
- return SSH_PACKET_USED;
-
-@@ -2027,7 +2031,23 @@
- * the server
- */
- ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
-- return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms);
-+ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
-+}
-+
-+/**
-+ * @brief Accept an incoming TCP/IP forwarding channel and get information
-+ * about incomming connection
-+ * @param[in] session The ssh session to use.
-+ *
-+ * @param[in] timeout_ms A timeout in milliseconds.
-+ *
-+ * @param[in] destination_port A pointer to destination port or NULL.
-+ *
-+ * @return Newly created channel, or NULL if no incoming channel request from
-+ * the server
-+ */
-+ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int* destination_port) {
-+ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, destination_port);
- }
-
- /**
Copied: libssh/repos/extra-x86_64/0005-multi-reverse-fwd.patch (from rev 207451, libssh/trunk/0005-multi-reverse-fwd.patch)
===================================================================
--- extra-x86_64/0005-multi-reverse-fwd.patch (rev 0)
+++ extra-x86_64/0005-multi-reverse-fwd.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,85 @@
+Description: Allow requesting multiple reverse port forwarding tunnels per connection
+Author: Oleksandr Shneyder <o.schneyder at phoca-gmbh.de>
+Abstract:
+ Channel: Add ssh_channel_accept_forward().
+ .
+ This new function works the same way as ssh_forward_accept()
+ but can return a destination port of the channel (useful if
+ SSH connection is supposed to reverse forward multiple TCP/IP
+ ports).
+Origin: http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462
+--- a/include/libssh/libssh.h
++++ b/include/libssh/libssh.h
+@@ -371,6 +371,7 @@
+ LIBSSH_API char *ssh_dirname (const char *path);
+ LIBSSH_API int ssh_finalize(void);
+ LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms);
++LIBSSH_API ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int *destination_port);
+ LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port);
+ LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port);
+ LIBSSH_API void ssh_free(ssh_session session);
+--- a/src/channels.c
++++ b/src/channels.c
+@@ -1755,7 +1755,7 @@
+ }
+
+ static ssh_channel ssh_channel_accept(ssh_session session, int channeltype,
+- int timeout_ms) {
++ int timeout_ms, int *destination_port) {
+ #ifndef _WIN32
+ static const struct timespec ts = {
+ .tv_sec = 0,
+@@ -1779,6 +1779,10 @@
+ ssh_message_subtype(msg) == channeltype) {
+ ssh_list_remove(session->ssh_message_list, iterator);
+ channel = ssh_message_channel_request_open_reply_accept(msg);
++ if(destination_port) {
++ *destination_port=msg->channel_request_open.destination_port;
++ }
++
+ ssh_message_free(msg);
+ return channel;
+ }
+@@ -1809,7 +1813,7 @@
+ * the server.
+ */
+ ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) {
+- return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms);
++ return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL);
+ }
+
+ /**
+@@ -1857,7 +1861,7 @@
+ } else {
+ session->global_req_state=SSH_CHANNEL_REQ_STATE_DENIED;
+ }
+-
++ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE;
+ leave_function();
+ return SSH_PACKET_USED;
+
+@@ -2027,7 +2031,23 @@
+ * the server
+ */
+ ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) {
+- return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms);
++ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL);
++}
++
++/**
++ * @brief Accept an incoming TCP/IP forwarding channel and get information
++ * about incomming connection
++ * @param[in] session The ssh session to use.
++ *
++ * @param[in] timeout_ms A timeout in milliseconds.
++ *
++ * @param[in] destination_port A pointer to destination port or NULL.
++ *
++ * @return Newly created channel, or NULL if no incoming channel request from
++ * the server
++ */
++ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int* destination_port) {
++ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, destination_port);
+ }
+
+ /**
Copied: libssh/repos/extra-x86_64/CVE-2014-0017.patch (from rev 207451, libssh/trunk/CVE-2014-0017.patch)
===================================================================
--- extra-x86_64/CVE-2014-0017.patch (rev 0)
+++ extra-x86_64/CVE-2014-0017.patch 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,67 @@
+diff -rupN a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+--- a/include/libssh/wrapper.h 2013-07-26 06:39:39.000000000 +0000
++++ b/include/libssh/wrapper.h 2014-03-09 16:38:49.807812235 +0000
+@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_sess
+ struct ssh_crypto_struct *crypto_new(void);
+ void crypto_free(struct ssh_crypto_struct *crypto);
+
++void ssh_reseed(void);
+
+ #endif /* WRAPPER_H_ */
+diff -rupN a/src/bind.c b/src/bind.c
+--- a/src/bind.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/bind.c 2014-03-09 16:39:00.571080087 +0000
+@@ -375,6 +375,7 @@ int ssh_bind_accept(ssh_bind sshbind, ss
+ session->dsa_key = dsa;
+ session->rsa_key = rsa;
+
++ ssh_reseed();
+ return SSH_OK;
+ }
+
+diff -rupN a/src/libcrypto.c b/src/libcrypto.c
+--- a/src/libcrypto.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/libcrypto.c 2014-03-09 16:40:07.807331327 +0000
+@@ -23,6 +23,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <sys/time.h>
+
+ #include "libssh/priv.h"
+ #include "libssh/session.h"
+@@ -38,6 +39,8 @@
+ #include <openssl/rsa.h>
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
++#include <openssl/rand.h>
++
+ #ifdef HAVE_OPENSSL_AES_H
+ #define HAS_AES
+ #include <openssl/aes.h>
+@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struc
+ return 0;
+ }
+
++void ssh_reseed(void) {
++ struct timeval tv;
++ gettimeofday(&tv, NULL);
++ RAND_add(&tv, sizeof(tv), 0.0);
++}
++
+ SHACTX sha1_init(void) {
+ SHACTX c = malloc(sizeof(*c));
+ if (c == NULL) {
+diff -rupN a/src/libgcrypt.c b/src/libgcrypt.c
+--- a/src/libgcrypt.c 2013-07-26 06:39:39.000000000 +0000
++++ b/src/libgcrypt.c 2014-03-09 16:40:51.730392881 +0000
+@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struc
+ return 0;
+ }
+
++void ssh_reseed(void) {
++ }
++
+ SHACTX sha1_init(void) {
+ SHACTX ctx = NULL;
+ gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
Deleted: extra-x86_64/PKGBUILD
===================================================================
--- extra-x86_64/PKGBUILD 2014-03-09 16:42:55 UTC (rev 207451)
+++ extra-x86_64/PKGBUILD 2014-03-09 16:43:05 UTC (rev 207452)
@@ -1,43 +0,0 @@
-# $Id$
-# Maintainer: Tom Gundersen <teg at jklm.no>
-# Contributor: Andrea Scarpino <andrea at archlinux.org>
-# Contributor: ice-man <icemanf at gmail.com>
-# Contributor: sergeantspoon <sergeantspoon at archlinux.us>
-
-pkgname=libssh
-pkgver=0.5.5
-pkgrel=2
-pkgdesc="Library for accessing ssh client services through C libraries"
-url="http://www.libssh.org/"
-license=('LGPL')
-arch=('i686' 'x86_64')
-depends=('zlib' 'openssl')
-makedepends=('cmake' 'doxygen')
-source=(https://red.libssh.org/attachments/download/51/${pkgname}-${pkgver}.tar.gz
- 0004-reset-global-request-status.patch
- 0005-multi-reverse-fwd.patch)
-md5sums=('bb308196756c7255c0969583d917136b'
- '0d8c28906b07e31466157b1fda441f4a'
- '6fa3a1a4f448e85a7eb39360f4a72ce9')
-
-prepare() {
- cd ${pkgname}-${pkgver}
- # add multiple channels on a single SSH connection required by X2goclient
- # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736231
- patch -Np1 -i ${srcdir}/0004-reset-global-request-status.patch
- patch -Np1 -i ${srcdir}/0005-multi-reverse-fwd.patch
-}
-
-build() {
- mkdir build
- cd build
- cmake ../${pkgname}-${pkgver} \
- -DCMAKE_INSTALL_PREFIX=/usr \
- -DCMAKE_BUILD_TYPE=Release
- make
-}
-
-package(){
- cd build
- make DESTDIR="${pkgdir}" install
-}
Copied: libssh/repos/extra-x86_64/PKGBUILD (from rev 207451, libssh/trunk/PKGBUILD)
===================================================================
--- extra-x86_64/PKGBUILD (rev 0)
+++ extra-x86_64/PKGBUILD 2014-03-09 16:43:05 UTC (rev 207452)
@@ -0,0 +1,46 @@
+# $Id$
+# Maintainer: Tom Gundersen <teg at jklm.no>
+# Contributor: Andrea Scarpino <andrea at archlinux.org>
+# Contributor: ice-man <icemanf at gmail.com>
+# Contributor: sergeantspoon <sergeantspoon at archlinux.us>
+
+pkgname=libssh
+pkgver=0.5.5
+pkgrel=3
+pkgdesc="Library for accessing ssh client services through C libraries"
+url="http://www.libssh.org/"
+license=('LGPL')
+arch=('i686' 'x86_64')
+depends=('zlib' 'openssl')
+makedepends=('cmake' 'doxygen')
+source=(https://red.libssh.org/attachments/download/51/${pkgname}-${pkgver}.tar.gz
+ 0004-reset-global-request-status.patch
+ 0005-multi-reverse-fwd.patch
+ CVE-2014-0017.patch)
+md5sums=('bb308196756c7255c0969583d917136b'
+ '0d8c28906b07e31466157b1fda441f4a'
+ '6fa3a1a4f448e85a7eb39360f4a72ce9'
+ '2eddf36e41adf62e4094f17b64d466e0')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ # add multiple channels on a single SSH connection required by X2goclient
+ # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736231
+ patch -Np1 -i ${srcdir}/0004-reset-global-request-status.patch
+ patch -Np1 -i ${srcdir}/0005-multi-reverse-fwd.patch
+ patch -Np1 -i ${srcdir}/CVE-2014-0017.patch
+}
+
+build() {
+ mkdir build
+ cd build
+ cmake ../${pkgname}-${pkgver} \
+ -DCMAKE_INSTALL_PREFIX=/usr \
+ -DCMAKE_BUILD_TYPE=Release
+ make
+}
+
+package(){
+ cd build
+ make DESTDIR="${pkgdir}" install
+}
More information about the arch-commits
mailing list