diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d7bf14e --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/libssh2-1.4.3.tar.gz diff --git a/.libssh2.metadata b/.libssh2.metadata new file mode 100644 index 0000000..2c41b87 --- /dev/null +++ b/.libssh2.metadata @@ -0,0 +1 @@ +c27ca83e1ffeeac03be98b6eef54448701e044b0 SOURCES/libssh2-1.4.3.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/0001-sftp-seek-Don-t-flush-buffers-on-same-offset.patch b/SOURCES/0001-sftp-seek-Don-t-flush-buffers-on-same-offset.patch new file mode 100644 index 0000000..9acbd6d --- /dev/null +++ b/SOURCES/0001-sftp-seek-Don-t-flush-buffers-on-same-offset.patch @@ -0,0 +1,54 @@ +From 486bb376218a37fe15318d7724d6eada36b81e6c Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 26 Mar 2013 17:58:04 +0100 +Subject: [PATCH 1/3] sftp: seek: Don't flush buffers on same offset + +Signed-off-by: Richard W.M. Jones +--- + src/sftp.c | 27 +++++++++++++++------------ + 1 file changed, 15 insertions(+), 12 deletions(-) + +diff --git a/src/sftp.c b/src/sftp.c +index d0536dd..3760025 100644 +--- a/src/sftp.c ++++ b/src/sftp.c +@@ -2132,21 +2132,24 @@ libssh2_sftp_fstat_ex(LIBSSH2_SFTP_HANDLE *hnd, + LIBSSH2_API void + libssh2_sftp_seek64(LIBSSH2_SFTP_HANDLE *handle, libssh2_uint64_t offset) + { +- if(handle) { +- handle->u.file.offset = handle->u.file.offset_sent = offset; +- /* discard all pending requests and currently read data */ +- sftp_packetlist_flush(handle); ++ if(!handle) ++ return; ++ if(handle->u.file.offset == offset && handle->u.file.offset_sent == offset) ++ return; + +- /* free the left received buffered data */ +- if (handle->u.file.data_left) { +- LIBSSH2_FREE(handle->sftp->channel->session, handle->u.file.data); +- handle->u.file.data_left = handle->u.file.data_len = 0; +- handle->u.file.data = NULL; +- } ++ handle->u.file.offset = handle->u.file.offset_sent = offset; ++ /* discard all pending requests and currently read data */ ++ sftp_packetlist_flush(handle); + +- /* reset EOF to False */ +- handle->u.file.eof = FALSE; ++ /* free the left received buffered data */ ++ if (handle->u.file.data_left) { ++ LIBSSH2_FREE(handle->sftp->channel->session, handle->u.file.data); ++ handle->u.file.data_left = handle->u.file.data_len = 0; ++ handle->u.file.data = NULL; + } ++ ++ /* reset EOF to False */ ++ handle->u.file.eof = FALSE; + } + + /* libssh2_sftp_seek +-- +1.8.1.4 + diff --git a/SOURCES/0002-sftp-statvfs-Along-error-path-reset-the-correct-stat.patch b/SOURCES/0002-sftp-statvfs-Along-error-path-reset-the-correct-stat.patch new file mode 100644 index 0000000..83ca15e --- /dev/null +++ b/SOURCES/0002-sftp-statvfs-Along-error-path-reset-the-correct-stat.patch @@ -0,0 +1,26 @@ +From a12f3ffab579b514eeb7fdfaca0ade271961cdb4 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Mon, 8 Apr 2013 17:30:10 +0100 +Subject: [PATCH 2/3] sftp: statvfs: Along error path, reset the correct + 'state' variable. + +--- + src/sftp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/sftp.c b/src/sftp.c +index 3760025..65fa77a 100644 +--- a/src/sftp.c ++++ b/src/sftp.c +@@ -2752,7 +2752,7 @@ static int sftp_statvfs(LIBSSH2_SFTP *sftp, const char *path, + "Error waiting for FXP EXTENDED REPLY"); + } else if (data_len < 93) { + LIBSSH2_FREE(session, data); +- sftp->fstatvfs_state = libssh2_NB_state_idle; ++ sftp->statvfs_state = libssh2_NB_state_idle; + return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error: short response"); + } +-- +1.8.1.4 + diff --git a/SOURCES/0003-sftp-Add-support-for-fsync-OpenSSH-extension.patch b/SOURCES/0003-sftp-Add-support-for-fsync-OpenSSH-extension.patch new file mode 100644 index 0000000..cc1cbb4 --- /dev/null +++ b/SOURCES/0003-sftp-Add-support-for-fsync-OpenSSH-extension.patch @@ -0,0 +1,223 @@ +From 6e0d757f24a45252c4cae9ea09732eda2562c767 Mon Sep 17 00:00:00 2001 +From: "Richard W.M. Jones" +Date: Tue, 9 Apr 2013 11:42:09 +0200 +Subject: [PATCH 3/3] sftp: Add support for fsync (OpenSSH extension). + +The new libssh2_sftp_fsync API causes data and metadata in the +currently open file to be committed to disk at the server. + +This is an OpenSSH extension to the SFTP protocol. See: + +https://bugzilla.mindrot.org/show_bug.cgi?id=1798 +--- + docs/Makefile.am | 1 + + docs/libssh2_sftp_fsync.3 | 39 +++++++++++++++++++ + include/libssh2_sftp.h | 1 + + src/sftp.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++ + src/sftp.h | 5 +++ + 5 files changed, 143 insertions(+) + create mode 100644 docs/libssh2_sftp_fsync.3 + +diff --git a/docs/Makefile.am b/docs/Makefile.am +index e4cf487..e6ab394 100644 +--- a/docs/Makefile.am ++++ b/docs/Makefile.am +@@ -120,6 +120,7 @@ dist_man_MANS = \ + libssh2_sftp_fstat.3 \ + libssh2_sftp_fstat_ex.3 \ + libssh2_sftp_fstatvfs.3 \ ++ libssh2_sftp_fsync.3 \ + libssh2_sftp_get_channel.3 \ + libssh2_sftp_init.3 \ + libssh2_sftp_last_error.3 \ +diff --git a/docs/libssh2_sftp_fsync.3 b/docs/libssh2_sftp_fsync.3 +new file mode 100644 +index 0000000..646760a +--- /dev/null ++++ b/docs/libssh2_sftp_fsync.3 +@@ -0,0 +1,39 @@ ++.TH libssh2_sftp_fsync 3 "8 Apr 2013" "libssh2 1.4.4" "libssh2 manual" ++.SH NAME ++libssh2_sftp_fsync - synchronize file to disk ++.SH SYNOPSIS ++.nf ++#include ++#include ++ ++int ++libssh2_sftp_fsync(LIBSSH2_SFTP_HANDLE *handle) ++.fi ++.SH DESCRIPTION ++This function causes the remote server to synchronize the file ++data and metadata to disk (like fsync(2)). ++ ++For this to work requires fsync@openssh.com support on the server. ++ ++\fIhandle\fP - SFTP File Handle as returned by ++.BR libssh2_sftp_open_ex(3) ++ ++.SH RETURN VALUE ++Returns 0 on success or negative on failure. If used in non-blocking mode, it ++returns LIBSSH2_ERROR_EAGAIN when it would otherwise block. While ++LIBSSH2_ERROR_EAGAIN is a negative number, it isn't really a failure per se. ++.SH ERRORS ++\fILIBSSH2_ERROR_ALLOC\fP - An internal memory allocation call failed. ++ ++\fILIBSSH2_ERROR_SOCKET_SEND\fP - Unable to send data on socket. ++ ++\fILIBSSH2_ERROR_SFTP_PROTOCOL\fP - An invalid SFTP protocol response ++was received on the socket, or an SFTP operation caused an errorcode ++to be returned by the server. In particular, this can be returned if ++the SSH server does not support the fsync operation: the SFTP subcode ++\fILIBSSH2_FX_OP_UNSUPPORTED\fP will be returned in this case. ++ ++.SH AVAILABILITY ++Added in libssh2 1.4.4 and OpenSSH 6.3. ++.SH SEE ALSO ++.BR fsync(2) +diff --git a/include/libssh2_sftp.h b/include/libssh2_sftp.h +index 74884fb..677faf2 100644 +--- a/include/libssh2_sftp.h ++++ b/include/libssh2_sftp.h +@@ -247,6 +247,7 @@ LIBSSH2_API int libssh2_sftp_readdir_ex(LIBSSH2_SFTP_HANDLE *handle, \ + + LIBSSH2_API ssize_t libssh2_sftp_write(LIBSSH2_SFTP_HANDLE *handle, + const char *buffer, size_t count); ++LIBSSH2_API int libssh2_sftp_fsync(LIBSSH2_SFTP_HANDLE *handle); + + LIBSSH2_API int libssh2_sftp_close_handle(LIBSSH2_SFTP_HANDLE *handle); + #define libssh2_sftp_close(handle) libssh2_sftp_close_handle(handle) +diff --git a/src/sftp.c b/src/sftp.c +index 65fa77a..01017fd 100644 +--- a/src/sftp.c ++++ b/src/sftp.c +@@ -986,6 +986,10 @@ sftp_shutdown(LIBSSH2_SFTP *sftp) + LIBSSH2_FREE(session, sftp->symlink_packet); + sftp->symlink_packet = NULL; + } ++ if (sftp->fsync_packet) { ++ LIBSSH2_FREE(session, sftp->fsync_packet); ++ sftp->fsync_packet = NULL; ++ } + + sftp_packet_flush(sftp); + +@@ -2014,6 +2018,99 @@ libssh2_sftp_write(LIBSSH2_SFTP_HANDLE *hnd, const char *buffer, + + } + ++static int sftp_fsync(LIBSSH2_SFTP_HANDLE *handle) ++{ ++ LIBSSH2_SFTP *sftp = handle->sftp; ++ LIBSSH2_CHANNEL *channel = sftp->channel; ++ LIBSSH2_SESSION *session = channel->session; ++ /* 34 = packet_len(4) + packet_type(1) + request_id(4) + ++ string_len(4) + strlen("fsync@openssh.com")(17) + handle_len(4) */ ++ uint32_t packet_len = handle->handle_len + 34; ++ size_t data_len; ++ unsigned char *packet, *s, *data; ++ ssize_t rc; ++ uint32_t retcode; ++ ++ if (sftp->fsync_state == libssh2_NB_state_idle) { ++ _libssh2_debug(session, LIBSSH2_TRACE_SFTP, ++ "Issuing fsync command"); ++ s = packet = LIBSSH2_ALLOC(session, packet_len); ++ if (!packet) { ++ return _libssh2_error(session, LIBSSH2_ERROR_ALLOC, ++ "Unable to allocate memory for FXP_EXTENDED " ++ "packet"); ++ } ++ ++ _libssh2_store_u32(&s, packet_len - 4); ++ *(s++) = SSH_FXP_EXTENDED; ++ sftp->fsync_request_id = sftp->request_id++; ++ _libssh2_store_u32(&s, sftp->fsync_request_id); ++ _libssh2_store_str(&s, "fsync@openssh.com", 17); ++ _libssh2_store_str(&s, handle->handle, handle->handle_len); ++ ++ sftp->fsync_state = libssh2_NB_state_created; ++ } else { ++ packet = sftp->fsync_packet; ++ } ++ ++ if (sftp->fsync_state == libssh2_NB_state_created) { ++ rc = _libssh2_channel_write(channel, 0, packet, packet_len); ++ if (rc == LIBSSH2_ERROR_EAGAIN || ++ (0 <= rc && rc < (ssize_t)packet_len)) { ++ sftp->fsync_packet = packet; ++ return LIBSSH2_ERROR_EAGAIN; ++ } ++ ++ LIBSSH2_FREE(session, packet); ++ sftp->fsync_packet = NULL; ++ ++ if (rc < 0) { ++ sftp->fsync_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, ++ "_libssh2_channel_write() failed"); ++ } ++ sftp->fsync_state = libssh2_NB_state_sent; ++ } ++ ++ rc = sftp_packet_require(sftp, SSH_FXP_STATUS, ++ sftp->fsync_request_id, &data, &data_len); ++ if (rc == LIBSSH2_ERROR_EAGAIN) { ++ return rc; ++ } else if (rc) { ++ sftp->fsync_state = libssh2_NB_state_idle; ++ return _libssh2_error(session, rc, ++ "Error waiting for FXP EXTENDED REPLY"); ++ } ++ ++ sftp->fsync_state = libssh2_NB_state_idle; ++ ++ retcode = _libssh2_ntohu32(data + 5); ++ LIBSSH2_FREE(session, data); ++ ++ if (retcode != LIBSSH2_FX_OK) { ++ sftp->last_errno = retcode; ++ return _libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, ++ "fsync failed"); ++ } ++ ++ return 0; ++} ++ ++/* libssh2_sftp_fsync ++ * Commit data on the handle to disk. ++ */ ++LIBSSH2_API int ++libssh2_sftp_fsync(LIBSSH2_SFTP_HANDLE *hnd) ++{ ++ int rc; ++ if(!hnd) ++ return LIBSSH2_ERROR_BAD_USE; ++ BLOCK_ADJUST(rc, hnd->sftp->channel->session, ++ sftp_fsync(hnd)); ++ return rc; ++} ++ ++ + /* + * sftp_fstat + * +diff --git a/src/sftp.h b/src/sftp.h +index 55bdb46..63e8139 100644 +--- a/src/sftp.h ++++ b/src/sftp.h +@@ -175,6 +175,11 @@ struct _LIBSSH2_SFTP + /* State variable used in sftp_write() */ + libssh2_nonblocking_states write_state; + ++ /* State variables used in sftp_fsync() */ ++ libssh2_nonblocking_states fsync_state; ++ unsigned char *fsync_packet; ++ uint32_t fsync_request_id; ++ + /* State variables used in libssh2_sftp_readdir() */ + libssh2_nonblocking_states readdir_state; + unsigned char *readdir_packet; +-- +1.8.1.4 + diff --git a/SOURCES/0004-partially-revert-window_size-explicit-adjustments-on.patch b/SOURCES/0004-partially-revert-window_size-explicit-adjustments-on.patch new file mode 100644 index 0000000..fe7751a --- /dev/null +++ b/SOURCES/0004-partially-revert-window_size-explicit-adjustments-on.patch @@ -0,0 +1,69 @@ +From 9e56b84c41efcaf3349f82a93c3dc854e172e5c4 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Fri, 9 Aug 2013 16:22:08 +0200 +Subject: [PATCH 4/5] partially revert "window_size: explicit adjustments only" + +This partially reverts commit 03ca9020756a4e16f0294e5b35e9826ee6af2364 +in order to fix extreme slowdown when uploading to localhost via SFTP. + +I was able to repeat the issue on RHEL-7 on localhost only. It did not +occur when uploading via network and it did not occur on a RHEL-6 box +with the same version of libssh2. + +The problem was that sftp_read() used a read-ahead logic to figure out +the window_size, but sftp_packet_read() called indirectly from +sftp_write() did not use any read-ahead logic. +--- + src/channel.c | 29 +++++++++++++++++++++++++++++ + 1 files changed, 29 insertions(+), 0 deletions(-) + +diff --git a/src/channel.c b/src/channel.c +index 4f41e1f..d4ffdce 100644 +--- a/src/channel.c ++++ b/src/channel.c +@@ -1759,6 +1759,15 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, + channel->read_state = libssh2_NB_state_created; + } + ++ /* ++ * =============================== NOTE =============================== ++ * I know this is very ugly and not a really good use of "goto", but ++ * this case statement would be even uglier to do it any other way ++ */ ++ if (channel->read_state == libssh2_NB_state_jump1) { ++ goto channel_read_window_adjust; ++ } ++ + rc = 1; /* set to >0 to let the while loop start */ + + /* Process all pending incoming packets in all states in order to "even +@@ -1867,6 +1876,26 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, + more off the network again */ + channel->read_state = libssh2_NB_state_created; + ++ if(channel->remote.window_size < (LIBSSH2_CHANNEL_WINDOW_DEFAULT*30)) { ++ /* the window is getting too narrow, expand it! */ ++ ++ channel_read_window_adjust: ++ channel->read_state = libssh2_NB_state_jump1; ++ /* the actual window adjusting may not finish so we need to deal with ++ this special state here */ ++ rc = _libssh2_channel_receive_window_adjust(channel, ++ (LIBSSH2_CHANNEL_WINDOW_DEFAULT*60), 0, NULL); ++ if (rc) ++ return rc; ++ ++ _libssh2_debug(session, LIBSSH2_TRACE_CONN, ++ "channel_read() filled %d adjusted %d", ++ bytes_read, buflen); ++ /* continue in 'created' state to drain the already read packages ++ first before starting to empty the socket further */ ++ channel->read_state = libssh2_NB_state_created; ++ } ++ + return bytes_read; + } + +-- +1.7.1 + diff --git a/SOURCES/0005-channel.c-fix-a-use-after-free.patch b/SOURCES/0005-channel.c-fix-a-use-after-free.patch new file mode 100644 index 0000000..8fa0a05 --- /dev/null +++ b/SOURCES/0005-channel.c-fix-a-use-after-free.patch @@ -0,0 +1,26 @@ +From 96e1078fced70e39e4163857ad8345ae9d24573f Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 14 Aug 2013 17:37:00 +0200 +Subject: [PATCH 5/5] channel.c: fix a use after free + +Bug: https://trac.libssh2.org/ticket/268 +--- + src/channel.c | 2 -- + 1 files changed, 0 insertions(+), 2 deletions(-) + +diff --git a/src/channel.c b/src/channel.c +index d4ffdce..9f2c241 100644 +--- a/src/channel.c ++++ b/src/channel.c +@@ -670,8 +670,6 @@ int _libssh2_channel_forward_cancel(LIBSSH2_LISTENER *listener) + + LIBSSH2_FREE(session, listener); + +- listener->chanFwdCncl_state = libssh2_NB_state_idle; +- + return 0; + } + +-- +1.7.1 + diff --git a/SOURCES/0006-_libssh2_channel_write-client-spins-on-write-when-wi.patch b/SOURCES/0006-_libssh2_channel_write-client-spins-on-write-when-wi.patch new file mode 100644 index 0000000..4389e5e --- /dev/null +++ b/SOURCES/0006-_libssh2_channel_write-client-spins-on-write-when-wi.patch @@ -0,0 +1,45 @@ +From d0a263ef805244245afd9b709bdd3dc733113a6c Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sat, 7 Sep 2013 13:41:14 +0200 +Subject: [PATCH 06/11] _libssh2_channel_write: client spins on write when window full + +When there's no window to "write to", there's no point in waiting for +the socket to become writable since it most likely just will continue to +be. + +Patch-by: ncm +Fixes #258 + +[upstream commit e6c46cc249227de7b7cd136d72eded5dcb3f9381] + +Signed-off-by: Kamil Dudka +--- + src/channel.c | 10 +++++++++- + 1 files changed, 9 insertions(+), 1 deletions(-) + +diff --git a/src/channel.c b/src/channel.c +index 9f2c241..74262d8 100644 +--- a/src/channel.c ++++ b/src/channel.c +@@ -2039,9 +2039,17 @@ _libssh2_channel_write(LIBSSH2_CHANNEL *channel, int stream_id, + if((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN)) + return rc; + +- if(channel->local.window_size <= 0) ++ if(channel->local.window_size <= 0) { + /* there's no room for data so we stop */ ++ ++ /* Waiting on the socket to be writable would be wrong because we ++ * would be back here immediately, but a readable socket might ++ * herald an incoming window adjustment. ++ */ ++ session->socket_block_directions = LIBSSH2_SESSION_BLOCK_INBOUND; ++ + return (rc==LIBSSH2_ERROR_EAGAIN?rc:0); ++ } + + channel->write_bufwrite = buflen; + +-- +1.7.1 + diff --git a/SOURCES/0007-window_size-redid-window-handling-for-flow-control-r.patch b/SOURCES/0007-window_size-redid-window-handling-for-flow-control-r.patch new file mode 100644 index 0000000..64b7607 --- /dev/null +++ b/SOURCES/0007-window_size-redid-window-handling-for-flow-control-r.patch @@ -0,0 +1,146 @@ +From 8af6637d86b6a85e8889c286f7ff3d841fc5621c Mon Sep 17 00:00:00 2001 +From: Salvador Fandino +Date: Sat, 12 Oct 2013 02:51:46 +0200 +Subject: [PATCH 07/11] window_size: redid window handling for flow control reasons + +Until now, the window size (channel->remote.window_size) was being +updated just after receiving the packet from the transport layer. + +That behaviour is wrong because the channel queue may grow uncontrolled +when data arrives from the network faster that the upper layer consumes +it. + +This patch adds a new counter, read_avail, which keeps a count of the +bytes available from the packet queue for reading. Also, now the window +size is adjusted when the data is actually read by an upper layer. + +That way, if the upper layer stops reading data, the window will +eventually fill and the remote host will stop sending data. When the +upper layers reads enough data, a window adjust packet is delivered and +the transfer resumes. + +The read_avail counter is used to detect the situation when the remote +server tries to send data surpassing the window size. In that case, the +extra data is discarded. + +Signed-off-by: Salvador + +[upstream commit cdeef54967ed5b7d5bd8fa6da5851aa3d173faa0] +Signed-off-by: Kamil Dudka +--- + src/channel.c | 8 +++++++- + src/libssh2_priv.h | 2 ++ + src/packet.c | 35 ++++++++++++++++++++++++++++------- + 3 files changed, 37 insertions(+), 8 deletions(-) + +diff --git a/src/channel.c b/src/channel.c +index 74262d8..499d815 100644 +--- a/src/channel.c ++++ b/src/channel.c +@@ -1411,6 +1411,9 @@ _libssh2_channel_flush(LIBSSH2_CHANNEL *channel, int streamid) + channel->flush_state = libssh2_NB_state_created; + } + ++ channel->read_avail -= channel->flush_flush_bytes; ++ channel->remote.window_size -= channel->flush_flush_bytes; ++ + if (channel->flush_refund_bytes) { + int rc; + +@@ -1868,11 +1871,14 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, + /* if the transport layer said EAGAIN then we say so as well */ + return _libssh2_error(session, rc, "would block"); + } +- else ++ else { ++ channel->read_avail -= bytes_read; ++ channel->remote.window_size -= bytes_read; + /* make sure we remain in the created state to focus on emptying the + data we already have in the packet brigade before we try to read + more off the network again */ + channel->read_state = libssh2_NB_state_created; ++ } + + if(channel->remote.window_size < (LIBSSH2_CHANNEL_WINDOW_DEFAULT*30)) { + /* the window is getting too narrow, expand it! */ +diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h +index 4ec9f73..fcf4370 100644 +--- a/src/libssh2_priv.h ++++ b/src/libssh2_priv.h +@@ -357,6 +357,8 @@ struct _LIBSSH2_CHANNEL + libssh2_channel_data local, remote; + /* Amount of bytes to be refunded to receive window (but not yet sent) */ + uint32_t adjust_queue; ++ /* Data immediately available for reading */ ++ uint32_t read_avail; + + LIBSSH2_SESSION *session; + +diff --git a/src/packet.c b/src/packet.c +index bfbd56a..d2e758c 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -653,6 +653,18 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + _libssh2_debug(session, LIBSSH2_TRACE_CONN, + "Ignoring extended data and refunding %d bytes", + (int) (datalen - 13)); ++ if (channelp->read_avail + datalen - data_head >= ++ channelp->remote.window_size) ++ datalen = channelp->remote.window_size - ++ channelp->read_avail + data_head; ++ ++ channelp->remote.window_size -= datalen - data_head; ++ _libssh2_debug(session, LIBSSH2_TRACE_CONN, ++ "shrinking window size by %lu bytes to %lu, read_avail %lu", ++ datalen - data_head, ++ channelp->remote.window_size, ++ channelp->read_avail); ++ + session->packAdd_channelp = channelp; + + /* Adjust the window based on the block we just freed */ +@@ -684,7 +696,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + " to receive, truncating"); + datalen = channelp->remote.packet_size + data_head; + } +- if (channelp->remote.window_size <= 0) { ++ if (channelp->remote.window_size <= channelp->read_avail) { + /* + * Spec says we MAY ignore bytes sent beyond + * window_size +@@ -700,17 +712,26 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + /* Reset EOF status */ + channelp->remote.eof = 0; + +- if ((datalen - data_head) > channelp->remote.window_size) { ++ if (channelp->read_avail + datalen - data_head > ++ channelp->remote.window_size) { + _libssh2_error(session, + LIBSSH2_ERROR_CHANNEL_WINDOW_EXCEEDED, + "Remote sent more data than current " + "window allows, truncating"); +- datalen = channelp->remote.window_size + data_head; +- channelp->remote.window_size = 0; ++ datalen = channelp->remote.window_size - ++ channelp->read_avail + data_head; + } +- else +- /* Now that we've received it, shrink our window */ +- channelp->remote.window_size -= datalen - data_head; ++ ++ /* Update the read_avail counter. The window size will be ++ * updated once the data is actually read from the queue ++ * from an upper layer */ ++ channelp->read_avail += datalen - data_head; ++ ++ _libssh2_debug(session, LIBSSH2_TRACE_CONN, ++ "increasing read_avail by %lu bytes to %lu/%lu", ++ (long)(datalen - data_head), ++ (long)channelp->read_avail, ++ (long)channelp->remote.window_size); + + break; + +-- +1.7.1 + diff --git a/SOURCES/0008-_libssh2_channel_read-fix-data-drop-when-out-of-wind.patch b/SOURCES/0008-_libssh2_channel_read-fix-data-drop-when-out-of-wind.patch new file mode 100644 index 0000000..f06b7ad --- /dev/null +++ b/SOURCES/0008-_libssh2_channel_read-fix-data-drop-when-out-of-wind.patch @@ -0,0 +1,140 @@ +From cae2385ba898f71038ed4dd00ddae02f85e588e7 Mon Sep 17 00:00:00 2001 +From: Salvador +Date: Tue, 15 Oct 2013 11:45:10 +0200 +Subject: [PATCH 08/11] _libssh2_channel_read: fix data drop when out of window + +After filling the read buffer with data from the read queue, when the +window size was too small, "libssh2_channel_receive_window_adjust" was +called to increase it. In non-blocking mode that function could return +EAGAIN and, in that case, the EAGAIN was propagated upwards and the data +already read on the buffer lost. + +The function was also moving between the two read states +"libssh2_NB_state_idle" and "libssh2_NB_state_created" both of which +behave in the same way (excepting a debug statment). + +This commit modifies "_libssh2_channel_read" so that the +"libssh2_channel_receive_window_adjust" call is performed first (when +required) and if everything goes well, then it reads the data from the +queued packets into the read buffer. + +It also removes the useless "libssh2_NB_state_created" read state. + +Some rotted comments have also been updated. + +Signed-off-by: Salvador + +[upstream commit 27f9ac2549b7721cf9d857022c0e7a311830b367] +Signed-off-by: Kamil Dudka +--- + src/channel.c | 75 +++++++++++++++++++-------------------------------------- + 1 files changed, 25 insertions(+), 50 deletions(-) + +diff --git a/src/channel.c b/src/channel.c +index 499d815..82f6980 100644 +--- a/src/channel.c ++++ b/src/channel.c +@@ -1751,31 +1751,33 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, + LIBSSH2_PACKET *read_packet; + LIBSSH2_PACKET *read_next; + +- if (channel->read_state == libssh2_NB_state_idle) { +- _libssh2_debug(session, LIBSSH2_TRACE_CONN, +- "channel_read() wants %d bytes from channel %lu/%lu " +- "stream #%d", +- (int) buflen, channel->local.id, channel->remote.id, +- stream_id); +- channel->read_state = libssh2_NB_state_created; +- } ++ _libssh2_debug(session, LIBSSH2_TRACE_CONN, ++ "channel_read() wants %d bytes from channel %lu/%lu " ++ "stream #%d", ++ (int) buflen, channel->local.id, channel->remote.id, ++ stream_id); + +- /* +- * =============================== NOTE =============================== +- * I know this is very ugly and not a really good use of "goto", but +- * this case statement would be even uglier to do it any other way +- */ +- if (channel->read_state == libssh2_NB_state_jump1) { +- goto channel_read_window_adjust; +- } ++ /* expand the receiving window first if it has become too narrow */ ++ if((channel->read_state == libssh2_NB_state_jump1) || ++ (channel->remote.window_size < (LIBSSH2_CHANNEL_WINDOW_DEFAULT*30))) { ++ ++ /* the actual window adjusting may not finish so we need to deal with ++ this special state here */ ++ channel->read_state = libssh2_NB_state_jump1; ++ rc = _libssh2_channel_receive_window_adjust(channel, ++ (LIBSSH2_CHANNEL_WINDOW_DEFAULT*60), ++ 0, NULL); ++ if (rc) ++ return rc; + +- rc = 1; /* set to >0 to let the while loop start */ ++ channel->read_state = libssh2_NB_state_idle; ++ } + +- /* Process all pending incoming packets in all states in order to "even +- out" the network readings. Tests prove that this way produces faster +- transfers. */ +- while (rc > 0) ++ /* Process all pending incoming packets. Tests prove that this way ++ produces faster transfers. */ ++ do { + rc = _libssh2_transport_read(session); ++ } while (rc > 0); + + if ((rc < 0) && (rc != LIBSSH2_ERROR_EAGAIN)) + return _libssh2_error(session, rc, "transport read"); +@@ -1857,8 +1859,6 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, + } + + if (!bytes_read) { +- channel->read_state = libssh2_NB_state_idle; +- + /* If the channel is already at EOF or even closed, we need to signal + that back. We may have gotten that info while draining the incoming + transport layer until EAGAIN so we must not be fooled by that +@@ -1871,34 +1871,9 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, + /* if the transport layer said EAGAIN then we say so as well */ + return _libssh2_error(session, rc, "would block"); + } +- else { +- channel->read_avail -= bytes_read; +- channel->remote.window_size -= bytes_read; +- /* make sure we remain in the created state to focus on emptying the +- data we already have in the packet brigade before we try to read +- more off the network again */ +- channel->read_state = libssh2_NB_state_created; +- } +- +- if(channel->remote.window_size < (LIBSSH2_CHANNEL_WINDOW_DEFAULT*30)) { +- /* the window is getting too narrow, expand it! */ +- +- channel_read_window_adjust: +- channel->read_state = libssh2_NB_state_jump1; +- /* the actual window adjusting may not finish so we need to deal with +- this special state here */ +- rc = _libssh2_channel_receive_window_adjust(channel, +- (LIBSSH2_CHANNEL_WINDOW_DEFAULT*60), 0, NULL); +- if (rc) +- return rc; + +- _libssh2_debug(session, LIBSSH2_TRACE_CONN, +- "channel_read() filled %d adjusted %d", +- bytes_read, buflen); +- /* continue in 'created' state to drain the already read packages +- first before starting to empty the socket further */ +- channel->read_state = libssh2_NB_state_created; +- } ++ channel->read_avail -= bytes_read; ++ channel->remote.window_size -= bytes_read; + + return bytes_read; + } +-- +1.7.1 + diff --git a/SOURCES/0009-_libssh2_channel_read-Honour-window_size_initial.patch b/SOURCES/0009-_libssh2_channel_read-Honour-window_size_initial.patch new file mode 100644 index 0000000..eea48df --- /dev/null +++ b/SOURCES/0009-_libssh2_channel_read-Honour-window_size_initial.patch @@ -0,0 +1,62 @@ +From 5c14f0e6ecfe73da86d3ad20edd60c4756037935 Mon Sep 17 00:00:00 2001 +From: Salvador +Date: Wed, 16 Oct 2013 13:31:31 +0200 +Subject: [PATCH 09/11] _libssh2_channel_read: Honour window_size_initial + +_libssh2_channel_read was using an arbitrary hard-coded limit to trigger +the window adjusting code. The adjustment used was also hard-coded and +arbitrary, 15MB actually, which would limit the usability of libssh2 on +systems with little RAM. + +This patch, uses the window_size parameter passed to +libssh2_channel_open_ex (stored as remote.window_size_initial) plus the +buflen as the base for the trigger and the adjustment calculation. + +The memory usage when using the default window size is reduced from 22MB +to 256KB per channel (actually, if compression is used, these numbers +should be incremented by ~50% to account for the errors between the +decompressed packet sizes and the predicted sizes). + +My tests indicate that this change does not impact the performance of +transfers across localhost or a LAN, being it on par with that of +OpenSSH. On the other hand, it will probably slow down transfers on +networks with high bandwidth*delay when the default window size +(LIBSSH2_CHANNEL_WINDOW_DEFAULT=256KB) is used. + +Signed-off-by: Salvador Fandino + +[upstream commit 1b3307dda0c58d9023a657747592ac86703b1ff4] +Signed-off-by: Kamil Dudka +--- + src/channel.c | 11 +++++++---- + 1 files changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/channel.c b/src/channel.c +index 82f6980..36c75d2 100644 +--- a/src/channel.c ++++ b/src/channel.c +@@ -1758,14 +1758,17 @@ ssize_t _libssh2_channel_read(LIBSSH2_CHANNEL *channel, int stream_id, + stream_id); + + /* expand the receiving window first if it has become too narrow */ +- if((channel->read_state == libssh2_NB_state_jump1) || +- (channel->remote.window_size < (LIBSSH2_CHANNEL_WINDOW_DEFAULT*30))) { ++ if( (channel->read_state == libssh2_NB_state_jump1) || ++ (channel->remote.window_size < channel->remote.window_size_initial / 4 * 3 + buflen) ) { ++ ++ uint32_t adjustment = channel->remote.window_size_initial + buflen - channel->remote.window_size; ++ if (adjustment < LIBSSH2_CHANNEL_MINADJUST) ++ adjustment = LIBSSH2_CHANNEL_MINADJUST; + + /* the actual window adjusting may not finish so we need to deal with + this special state here */ + channel->read_state = libssh2_NB_state_jump1; +- rc = _libssh2_channel_receive_window_adjust(channel, +- (LIBSSH2_CHANNEL_WINDOW_DEFAULT*60), ++ rc = _libssh2_channel_receive_window_adjust(channel, adjustment, + 0, NULL); + if (rc) + return rc; +-- +1.7.1 + diff --git a/SOURCES/0010-Set-default-window-size-to-2MB.patch b/SOURCES/0010-Set-default-window-size-to-2MB.patch new file mode 100644 index 0000000..0b8f693 --- /dev/null +++ b/SOURCES/0010-Set-default-window-size-to-2MB.patch @@ -0,0 +1,85 @@ +From 0a758095c40ae1b32dc5052a706a16c2d9ac5742 Mon Sep 17 00:00:00 2001 +From: Salvador Fandino +Date: Mon, 21 Oct 2013 11:58:55 +0200 +Subject: [PATCH 10/11] Set default window size to 2MB + +The default channel window size used until now was 256KB. This value is +too small and results on a bottleneck on real-life networks where +round-trip delays can easily reach 300ms. + +The issue was not visible because the configured channel window size +was being ignored and a hard-coded value of ~22MB being used instead, +but that was fixed on a previous commit. + +This patch just changes the default window size +(LIBSSH2_CHANNEL_WINDOW_DEFAULT) to 2MB. It is the same value used by +OpenSSH and in our opinion represents a good compromise between memory +used and transfer speed. + +Performance tests were run to determine the optimum value. The details +and related discussion are available from the following thread on the +libssh2 mailing-list: + +http://www.libssh2.org/mail/libssh2-devel-archive-2013-10/0018.shtml +http://article.gmane.org/gmane.network.ssh.libssh2.devel/6543 + +An excerpt follows: + +"I have been running some transfer test and measuring their speed. + +My setup was composed of a quad-core Linux machine running Ubuntu 13.10 +x86_64 with a LXC container inside. The data transfers were performed +from the container to the host (never crossing through a physical +network device). + +Network delays were simulated using the tc tool. And ping was used to +verify that they worked as intended during the tests. + +The operation performed was the equivalent to the following ssh command: + + $ ssh container "dd bs=16K count=8K if=/dev/zero" >/dev/null + +Though, establishment and closing of the SSH connection was excluded +from the timings. + +I run the tests several times transferring files of sizes up to 128MB +and the results were consistent between runs. + +The results corresponding to the 128MB transfer are available here: + +https://docs.google.com/spreadsheet/ccc?key=0Ao1yRmX6PQQzdG5wSFlrZl9HRWNET3ZyN0hnaGo5ZFE&usp=sharing + +It clearly shows that 256KB is too small as the default window size. +Moving to a 512MB generates a great improvement and after the 1MB mark +the returns rapidly diminish. Other factors (TCP window size, probably) +become more limiting than the channel window size + +For comparison I also performed the same transfers using OpenSSH. Its +speed is usually on par with that of libssh2 using a window size of 1MB +(even if it uses a 2MB window, maybe it is less aggressive sending the +window adjust msgs)." + +Signed-off-by: Salvador Fandino + +[upstream commit 85a827d1bceb9abd4442f225dd7c65ef5cefdc32] +Signed-off-by: Kamil Dudka +--- + include/libssh2.h | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/include/libssh2.h b/include/libssh2.h +index 9b1a6e1..df873fc 100644 +--- a/include/libssh2.h ++++ b/include/libssh2.h +@@ -587,7 +587,7 @@ LIBSSH2_API int libssh2_poll(LIBSSH2_POLLFD *fds, unsigned int nfds, + long timeout); + + /* Channel API */ +-#define LIBSSH2_CHANNEL_WINDOW_DEFAULT (256*1024) ++#define LIBSSH2_CHANNEL_WINDOW_DEFAULT (2*1024*1024) + #define LIBSSH2_CHANNEL_PACKET_DEFAULT 32768 + #define LIBSSH2_CHANNEL_MINADJUST 1024 + +-- +1.7.1 + diff --git a/SOURCES/0011-channel_receive_window_adjust-store-windows-size-alw.patch b/SOURCES/0011-channel_receive_window_adjust-store-windows-size-alw.patch new file mode 100644 index 0000000..b14f844 --- /dev/null +++ b/SOURCES/0011-channel_receive_window_adjust-store-windows-size-alw.patch @@ -0,0 +1,66 @@ +From baadc811a703b9a6dec655c7afb3218d8cff51fa Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 16 Mar 2014 20:02:37 +0100 +Subject: [PATCH 11/11] channel_receive_window_adjust: store windows size always + +Avoid it sometimes returning without storing it, leaving calling +functions with unknown content! + +Detected by clang-analyzer + +[upstream commit fcb601da7b37c6e9bbcd264199597e2ddb7bc347] + +Signed-off-by: Kamil Dudka +--- + src/channel.c | 11 ++++------- + 1 files changed, 4 insertions(+), 7 deletions(-) + +diff --git a/src/channel.c b/src/channel.c +index 36c75d2..1d074df 100644 +--- a/src/channel.c ++++ b/src/channel.c +@@ -1,6 +1,6 @@ + /* Copyright (c) 2004-2007 Sara Golemon + * Copyright (c) 2005 Mikhail Gusarov +- * Copyright (c) 2008-2011 by Daniel Stenberg ++ * Copyright (c) 2008-2014 by Daniel Stenberg + * + * All rights reserved. + * +@@ -1544,6 +1544,9 @@ _libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel, + { + int rc; + ++ if(store) ++ *store = channel->remote.window_size; ++ + if (channel->adjust_state == libssh2_NB_state_idle) { + if (!force + && (adjustment + channel->adjust_queue < +@@ -1553,14 +1556,10 @@ _libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel, + "for channel %lu/%lu", + adjustment, channel->local.id, channel->remote.id); + channel->adjust_queue += adjustment; +- if(store) +- *store = channel->remote.window_size; + return 0; + } + + if (!adjustment && !channel->adjust_queue) { +- if(store) +- *store = channel->remote.window_size; + return 0; + } + +@@ -1598,8 +1597,6 @@ _libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel, + + channel->adjust_state = libssh2_NB_state_idle; + +- if(store) +- *store = channel->remote.window_size; + return 0; + } + +-- +1.7.1 + diff --git a/SOURCES/0012-libssh2_agent_init-init-fd-to-LIBSSH2_INVALID_SOCKET.patch b/SOURCES/0012-libssh2_agent_init-init-fd-to-LIBSSH2_INVALID_SOCKET.patch new file mode 100644 index 0000000..48a62e8 --- /dev/null +++ b/SOURCES/0012-libssh2_agent_init-init-fd-to-LIBSSH2_INVALID_SOCKET.patch @@ -0,0 +1,31 @@ +From a958624be229315ab57017040ef15c5ae072d1ac Mon Sep 17 00:00:00 2001 +From: Matthias Kerestesch +Date: Sat, 18 May 2013 23:01:35 +0200 +Subject: [PATCH] libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET + +... previously it was left at 0 which is a valid file descriptor! + +Bug: https://trac.libssh2.org/ticket/265 + +Fixes #265 + +Upstream-commit: 1ad20ac7d3e21d091e7cfec58fda0afdc359360a +--- + src/agent.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/agent.c b/src/agent.c +index 1c65149..a8a5025 100644 +--- a/src/agent.c ++++ b/src/agent.c +@@ -652,6 +652,7 @@ libssh2_agent_init(LIBSSH2_SESSION *session) + return NULL; + } + memset(agent, 0, sizeof *agent); ++ agent->fd = LIBSSH2_INVALID_SOCKET; + agent->session = session; + _libssh2_list_init(&agent->head); + +-- +2.1.0 + diff --git a/SOURCES/0013-kex-bail-out-on-rubbish-in-the-incoming-packet.patch b/SOURCES/0013-kex-bail-out-on-rubbish-in-the-incoming-packet.patch new file mode 100644 index 0000000..6ebca01 --- /dev/null +++ b/SOURCES/0013-kex-bail-out-on-rubbish-in-the-incoming-packet.patch @@ -0,0 +1,109 @@ +From d62ed72daacc95e75bd0a617af9e4d88829b2e77 Mon Sep 17 00:00:00 2001 +From: Mariusz Ziulek +Date: Sat, 21 Feb 2015 23:31:36 +0100 +Subject: [PATCH] kex: bail out on rubbish in the incoming packet + +CVE-2015-1782 + +Bug: http://www.libssh2.org/adv_20150311.html + +Upstream-commit: 7d94b69b802c03e8d7726f4ae61baba52cb7d871 +Signed-off-by: Kamil Dudka +--- + src/kex.c | 73 +++++++++++++++++++++++++++++++++++---------------------------- + 1 file changed, 41 insertions(+), 32 deletions(-) + +diff --git a/src/kex.c b/src/kex.c +index fa4c4e1..ad7498a 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -1549,6 +1549,30 @@ static int kex_agree_comp(LIBSSH2_SESSION *session, + * The Client gets to make the final call on "agreed methods" + */ + ++/* ++ * kex_string_pair() extracts a string from the packet and makes sure it fits ++ * within the given packet. ++ */ ++static int kex_string_pair(unsigned char **sp, /* parsing position */ ++ unsigned char *data, /* start pointer to packet */ ++ size_t data_len, /* size of total packet */ ++ size_t *lenp, /* length of the string */ ++ unsigned char **strp) /* pointer to string start */ ++{ ++ unsigned char *s = *sp; ++ *lenp = _libssh2_ntohu32(s); ++ ++ /* the length of the string must fit within the current pointer and the ++ end of the packet */ ++ if (*lenp > (data_len - (s - data) -4)) ++ return 1; ++ *strp = s + 4; ++ s += 4 + *lenp; ++ ++ *sp = s; ++ return 0; ++} ++ + /* kex_agree_methods + * Decide which specific method to use of the methods offered by each party + */ +@@ -1568,38 +1592,23 @@ static int kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, + s += 16; + + /* Locate each string */ +- kex_len = _libssh2_ntohu32(s); +- kex = s + 4; +- s += 4 + kex_len; +- hostkey_len = _libssh2_ntohu32(s); +- hostkey = s + 4; +- s += 4 + hostkey_len; +- crypt_cs_len = _libssh2_ntohu32(s); +- crypt_cs = s + 4; +- s += 4 + crypt_cs_len; +- crypt_sc_len = _libssh2_ntohu32(s); +- crypt_sc = s + 4; +- s += 4 + crypt_sc_len; +- mac_cs_len = _libssh2_ntohu32(s); +- mac_cs = s + 4; +- s += 4 + mac_cs_len; +- mac_sc_len = _libssh2_ntohu32(s); +- mac_sc = s + 4; +- s += 4 + mac_sc_len; +- comp_cs_len = _libssh2_ntohu32(s); +- comp_cs = s + 4; +- s += 4 + comp_cs_len; +- comp_sc_len = _libssh2_ntohu32(s); +- comp_sc = s + 4; +-#if 0 +- s += 4 + comp_sc_len; +- lang_cs_len = _libssh2_ntohu32(s); +- lang_cs = s + 4; +- s += 4 + lang_cs_len; +- lang_sc_len = _libssh2_ntohu32(s); +- lang_sc = s + 4; +- s += 4 + lang_sc_len; +-#endif ++ if(kex_string_pair(&s, data, data_len, &kex_len, &kex)) ++ return -1; ++ if(kex_string_pair(&s, data, data_len, &hostkey_len, &hostkey)) ++ return -1; ++ if(kex_string_pair(&s, data, data_len, &crypt_cs_len, &crypt_cs)) ++ return -1; ++ if(kex_string_pair(&s, data, data_len, &crypt_sc_len, &crypt_sc)) ++ return -1; ++ if(kex_string_pair(&s, data, data_len, &mac_cs_len, &mac_cs)) ++ return -1; ++ if(kex_string_pair(&s, data, data_len, &mac_sc_len, &mac_sc)) ++ return -1; ++ if(kex_string_pair(&s, data, data_len, &comp_cs_len, &comp_cs)) ++ return -1; ++ if(kex_string_pair(&s, data, data_len, &comp_sc_len, &comp_sc)) ++ return -1; ++ + /* If the server sent an optimistic packet, assume that it guessed wrong. + * If the guess is determined to be right (by kex_agree_kex_hostkey) + * This flag will be reset to zero so that it's not ignored */ +-- +2.4.2 + diff --git a/SOURCES/0014-libssh2-1.4.3-scp-remote-exec.patch b/SOURCES/0014-libssh2-1.4.3-scp-remote-exec.patch new file mode 100644 index 0000000..96040bc --- /dev/null +++ b/SOURCES/0014-libssh2-1.4.3-scp-remote-exec.patch @@ -0,0 +1,261 @@ +From 3893140b1ff88d70407d5ab902022ab36d7305d7 Mon Sep 17 00:00:00 2001 +From: Marc Hoersken +Date: Mon, 23 Mar 2015 22:47:46 +0100 +Subject: [PATCH 1/5] scp.c: fix that scp_send may transmit not initialised + memory + +Fixes ticket 244. Thanks Torsten. + +Upstream-commit: b99204f2896b0cdafa3ecc0736f0252ce44c32c7 +Signed-off-by: Kamil Dudka +--- + src/scp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/scp.c b/src/scp.c +index 63d181e..2f92804 100644 +--- a/src/scp.c ++++ b/src/scp.c +@@ -801,12 +801,18 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode, + + cmd_len = strlen((char *)session->scpSend_command); + ++ memset(&session->scpSend_command[cmd_len], 0, ++ session->scpSend_command_len - cmd_len); ++ + (void)shell_quotearg(path, + &session->scpSend_command[cmd_len], + session->scpSend_command_len - cmd_len); + + session->scpSend_command[session->scpSend_command_len - 1] = '\0'; + ++ session->scpSend_command_len = ++ strlen((char *)session->scpSend_command); ++ + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP send"); + /* Allocate a channel */ +-- +2.13.5 + + +From 2ecb8c5d6e116fcc71a31360115c9c2b4b0ca1d2 Mon Sep 17 00:00:00 2001 +From: Marc Hoersken +Date: Mon, 23 Mar 2015 23:04:24 +0100 +Subject: [PATCH 2/5] scp.c: fix that scp_recv may transmit not initialised + memory + +Upstream-commit: 1e7988cb0d8dae32148b04dd93e919a770599f30 +Signed-off-by: Kamil Dudka +--- + src/scp.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/scp.c b/src/scp.c +index 2f92804..d0c0d26 100644 +--- a/src/scp.c ++++ b/src/scp.c +@@ -299,10 +299,17 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb) + + cmd_len = strlen((char *)session->scpRecv_command); + ++ memset(&session->scpRecv_command[cmd_len], 0, ++ session->scpRecv_command_len - cmd_len); ++ + (void) shell_quotearg(path, + &session->scpRecv_command[cmd_len], + session->scpRecv_command_len - cmd_len); + ++ session->scpRecv_command[session->scpRecv_command_len - 1] = '\0'; ++ ++ session->scpRecv_command_len = ++ strlen((char *)session->scpRecv_command); + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP receive"); +-- +2.13.5 + + +From 5b23e9e9875302791f5c190cf0e4f61fd9879ff0 Mon Sep 17 00:00:00 2001 +From: Marc Hoersken +Date: Mon, 23 Mar 2015 23:05:41 +0100 +Subject: [PATCH 3/5] scp.c: improved and streamlined formatting + +Upstream-commit: 2d59b41daa3925645a26e6406fc318e6c2bfaae6 +Signed-off-by: Kamil Dudka +--- + src/scp.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/src/scp.c b/src/scp.c +index d0c0d26..30d46af 100644 +--- a/src/scp.c ++++ b/src/scp.c +@@ -295,16 +295,17 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb) + } + + snprintf((char *)session->scpRecv_command, +- session->scpRecv_command_len, "scp -%sf ", sb?"p":""); ++ session->scpRecv_command_len, ++ "scp -%sf ", sb?"p":""); + + cmd_len = strlen((char *)session->scpRecv_command); + + memset(&session->scpRecv_command[cmd_len], 0, + session->scpRecv_command_len - cmd_len); + +- (void) shell_quotearg(path, +- &session->scpRecv_command[cmd_len], +- session->scpRecv_command_len - cmd_len); ++ (void)shell_quotearg(path, ++ &session->scpRecv_command[cmd_len], ++ session->scpRecv_command_len - cmd_len); + + session->scpRecv_command[session->scpRecv_command_len - 1] = '\0'; + +@@ -797,13 +798,16 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode, + + session->scpSend_command = + LIBSSH2_ALLOC(session, session->scpSend_command_len); ++ + if (!session->scpSend_command) { + _libssh2_error(session, LIBSSH2_ERROR_ALLOC, +- "Unable to allocate a command buffer for scp session"); ++ "Unable to allocate a command buffer for " ++ "SCP session"); + return NULL; + } + +- snprintf((char *)session->scpSend_command, session->scpSend_command_len, ++ snprintf((char *)session->scpSend_command, ++ session->scpSend_command_len, + "scp -%st ", (mtime || atime)?"p":""); + + cmd_len = strlen((char *)session->scpSend_command); +-- +2.13.5 + + +From fc0d9df034e8701cdcf6c24fd40b1dbc8bc3e084 Mon Sep 17 00:00:00 2001 +From: Marc Hoersken +Date: Mon, 23 Mar 2015 23:17:31 +0100 +Subject: [PATCH 4/5] scp.c: improved command length calculation + +Reduced number of calls to strlen, because shell_quotearg already +returns the length of the resulting string (e.q. quoted path) +which we can add to the existing and known cmd_len. +Removed obsolete call to memset again, because we can put a final +NULL-byte at the end of the string using the calculated length. + +Upstream-commit: 3d3347c0625ce29b5581a0aa45e6e3be580769f1 +Signed-off-by: Kamil Dudka +--- + src/scp.c | 32 ++++++++++---------------------- + 1 file changed, 10 insertions(+), 22 deletions(-) + +diff --git a/src/scp.c b/src/scp.c +index 30d46af..f3d4995 100644 +--- a/src/scp.c ++++ b/src/scp.c +@@ -299,18 +299,12 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb) + "scp -%sf ", sb?"p":""); + + cmd_len = strlen((char *)session->scpRecv_command); ++ cmd_len += shell_quotearg(path, ++ &session->scpRecv_command[cmd_len], ++ session->scpRecv_command_len - cmd_len); + +- memset(&session->scpRecv_command[cmd_len], 0, +- session->scpRecv_command_len - cmd_len); +- +- (void)shell_quotearg(path, +- &session->scpRecv_command[cmd_len], +- session->scpRecv_command_len - cmd_len); +- +- session->scpRecv_command[session->scpRecv_command_len - 1] = '\0'; +- +- session->scpRecv_command_len = +- strlen((char *)session->scpRecv_command); ++ session->scpRecv_command[cmd_len] = '\0'; ++ session->scpRecv_command_len = cmd_len + 1; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP receive"); +@@ -811,18 +805,12 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode, + "scp -%st ", (mtime || atime)?"p":""); + + cmd_len = strlen((char *)session->scpSend_command); ++ cmd_len += shell_quotearg(path, ++ &session->scpSend_command[cmd_len], ++ session->scpSend_command_len - cmd_len); + +- memset(&session->scpSend_command[cmd_len], 0, +- session->scpSend_command_len - cmd_len); +- +- (void)shell_quotearg(path, +- &session->scpSend_command[cmd_len], +- session->scpSend_command_len - cmd_len); +- +- session->scpSend_command[session->scpSend_command_len - 1] = '\0'; +- +- session->scpSend_command_len = +- strlen((char *)session->scpSend_command); ++ session->scpSend_command[cmd_len] = '\0'; ++ session->scpSend_command_len = cmd_len + 1; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP send"); +-- +2.13.5 + + +From 9506e299fa5116aa8c4c626e6de1feaed9ff9ff8 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 11 Sep 2017 21:13:45 +0200 +Subject: [PATCH 5/5] scp: do not NUL-terminate the command for remote exec + (#208) + +It breaks SCP download/upload from/to certain server implementations. + +The bug does not manifest with OpenSSH, which silently drops the NUL +byte (eventually with any garbage that follows the NUL byte) before +executing it. + +Bug: https://bugzilla.redhat.com/1489736 + +Upstream-commit: 819ef4f2037490b6aa2e870aea851b6364184090 +Signed-off-by: Kamil Dudka +--- + src/scp.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/scp.c b/src/scp.c +index f3d4995..c6451bc 100644 +--- a/src/scp.c ++++ b/src/scp.c +@@ -303,8 +303,8 @@ scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb) + &session->scpRecv_command[cmd_len], + session->scpRecv_command_len - cmd_len); + +- session->scpRecv_command[cmd_len] = '\0'; +- session->scpRecv_command_len = cmd_len + 1; ++ /* the command to exec should _not_ be NUL-terminated */ ++ session->scpRecv_command_len = cmd_len; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP receive"); +@@ -809,8 +809,8 @@ scp_send(LIBSSH2_SESSION * session, const char *path, int mode, + &session->scpSend_command[cmd_len], + session->scpSend_command_len - cmd_len); + +- session->scpSend_command[cmd_len] = '\0'; +- session->scpSend_command_len = cmd_len + 1; ++ /* the command to exec should _not_ be NUL-terminated */ ++ session->scpSend_command_len = cmd_len; + + _libssh2_debug(session, LIBSSH2_TRACE_SCP, + "Opening channel for SCP send"); +-- +2.13.5 + diff --git a/SOURCES/0015-libssh2-1.4.3-debug-msgs.patch b/SOURCES/0015-libssh2-1.4.3-debug-msgs.patch new file mode 100644 index 0000000..70f6596 --- /dev/null +++ b/SOURCES/0015-libssh2-1.4.3-debug-msgs.patch @@ -0,0 +1,70 @@ +From c1bbc2d6b0708dcb1fd014554585296b0ba25a43 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 9 Oct 2017 17:35:51 +0200 +Subject: [PATCH] session: avoid printing misleading debug messages + +... while throwing LIBSSH2_ERROR_EAGAIN out of session_startup() + +If the session runs in blocking mode, LIBSSH2_ERROR_EAGAIN never reaches +the libssh2 API boundary and, in non-blocking mode, these messages are +suppressed by the condition in _libssh2_error_flags() anyway. + +Closes #211 + +Upstream-commit: 712c6cbdd2f1b509f586aea5889a5c1deb7c9bda +Signed-off-by: Kamil Dudka +--- + src/session.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/src/session.c b/src/session.c +index 9838d2b..62ef70d 100644 +--- a/src/session.c ++++ b/src/session.c +@@ -695,7 +695,9 @@ session_startup(LIBSSH2_SESSION *session, libssh2_socket_t sock) + + if (session->startup_state == libssh2_NB_state_created) { + rc = banner_send(session); +- if (rc) { ++ if (rc == LIBSSH2_ERROR_EAGAIN) ++ return rc; ++ else if (rc) { + return _libssh2_error(session, rc, + "Failed sending banner"); + } +@@ -706,7 +708,9 @@ session_startup(LIBSSH2_SESSION *session, libssh2_socket_t sock) + if (session->startup_state == libssh2_NB_state_sent) { + do { + rc = banner_receive(session); +- if (rc) ++ if (rc == LIBSSH2_ERROR_EAGAIN) ++ return rc; ++ else if (rc) + return _libssh2_error(session, rc, + "Failed getting banner"); + } while(strncmp("SSH-", (char *)session->remote.banner, 4)); +@@ -716,7 +720,9 @@ session_startup(LIBSSH2_SESSION *session, libssh2_socket_t sock) + + if (session->startup_state == libssh2_NB_state_sent1) { + rc = _libssh2_kex_exchange(session, 0, &session->startup_key_state); +- if (rc) ++ if (rc == LIBSSH2_ERROR_EAGAIN) ++ return rc; ++ else if (rc) + return _libssh2_error(session, rc, + "Unable to exchange encryption keys"); + +@@ -741,7 +747,9 @@ session_startup(LIBSSH2_SESSION *session, libssh2_socket_t sock) + rc = _libssh2_transport_send(session, session->startup_service, + sizeof("ssh-userauth") + 5 - 1, + NULL, 0); +- if (rc) { ++ if (rc == LIBSSH2_ERROR_EAGAIN) ++ return rc; ++ else if (rc) { + return _libssh2_error(session, rc, + "Unable to ask for ssh-userauth service"); + } +-- +2.13.6 + diff --git a/SOURCES/0101-libssh2-1.4.3-CVE-2016-0787.patch b/SOURCES/0101-libssh2-1.4.3-CVE-2016-0787.patch new file mode 100644 index 0000000..ec7b1b6 --- /dev/null +++ b/SOURCES/0101-libssh2-1.4.3-CVE-2016-0787.patch @@ -0,0 +1,30 @@ +From 7046d670d3803d484b7af490e529dc4619145cc2 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Thu, 11 Feb 2016 13:52:20 +0100 +Subject: [PATCH] diffie_hellman_sha256: convert bytes to bits + +As otherwise we get far too small numbers. + +CVE-2016-0787 + +Signed-off-by: Kamil Dudka +--- + src/kex.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/kex.c b/src/kex.c +index 5649248..f12797c 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_SESSION *session, + memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); + + /* Generate x and e */ +- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1); ++ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1); + _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p, + exchange_state->ctx); + +-- +2.5.0 + diff --git a/SOURCES/libssh2-1.4.2-utf8.patch b/SOURCES/libssh2-1.4.2-utf8.patch new file mode 100644 index 0000000..9177691 --- /dev/null +++ b/SOURCES/libssh2-1.4.2-utf8.patch @@ -0,0 +1,14 @@ + NEWS | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +--- libssh2/NEWS ++++ libssh2/NEWS +@@ -3552,7 +3552,7 @@ Simon Josefsson (16 Nov 2009) + - support arcfour128 cipher per RFC 4345 + + Daniel Stenberg (21 Oct 2009) +-- [Cristian Rodríguez brought this change] ++- [Cristian Rodríguez brought this change] + + add support for GCC visibility features + diff --git a/SPECS/libssh2.spec b/SPECS/libssh2.spec new file mode 100644 index 0000000..671a235 --- /dev/null +++ b/SPECS/libssh2.spec @@ -0,0 +1,421 @@ +# Fedora 10 onwards support noarch subpackages; by using one, we can +# put the arch-independent docs in a common subpackage and save lots +# of space on the mirrors +%if 0%{?fedora} > 9 || 0%{?rhel} > 5 +%global noarch_docs_package 1 +%else +%global noarch_docs_package 0 +%endif + +# Define %%{__isa_bits} for old releases +%{!?__isa_bits: %global __isa_bits %((echo '#include '; echo __WORDSIZE) | cpp - | grep -Ex '32|64')} + +Name: libssh2 +Version: 1.4.3 +Release: 12%{?dist} +Summary: A library implementing the SSH2 protocol +Group: System Environment/Libraries +License: BSD +URL: http://www.libssh2.org/ +Source0: http://libssh2.org/download/libssh2-%{version}.tar.gz +Patch0: libssh2-1.4.2-utf8.patch +Patch1: 0001-sftp-seek-Don-t-flush-buffers-on-same-offset.patch +Patch2: 0002-sftp-statvfs-Along-error-path-reset-the-correct-stat.patch +Patch3: 0003-sftp-Add-support-for-fsync-OpenSSH-extension.patch +Patch4: 0004-partially-revert-window_size-explicit-adjustments-on.patch +Patch5: 0005-channel.c-fix-a-use-after-free.patch +Patch6: 0006-_libssh2_channel_write-client-spins-on-write-when-wi.patch +Patch7: 0007-window_size-redid-window-handling-for-flow-control-r.patch +Patch8: 0008-_libssh2_channel_read-fix-data-drop-when-out-of-wind.patch +Patch9: 0009-_libssh2_channel_read-Honour-window_size_initial.patch +Patch10: 0010-Set-default-window-size-to-2MB.patch +Patch11: 0011-channel_receive_window_adjust-store-windows-size-alw.patch +Patch12: 0012-libssh2_agent_init-init-fd-to-LIBSSH2_INVALID_SOCKET.patch +Patch13: 0013-kex-bail-out-on-rubbish-in-the-incoming-packet.patch +Patch14: 0014-libssh2-1.4.3-scp-remote-exec.patch +Patch15: 0015-libssh2-1.4.3-debug-msgs.patch +Patch101: 0101-libssh2-1.4.3-CVE-2016-0787.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu) +BuildRequires: openssl-devel +BuildRequires: zlib-devel +BuildRequires: /usr/bin/man + +# Test suite requirements - we run the OpenSSH server and try to connect to it +BuildRequires: openssh-server +# We use matchpathcon to get the correct SELinux context for the ssh server +# initialization script so that it can transition correctly in an SELinux +# environment; matchpathcon is only available from FC-4 and moved from the +# libselinux to libselinux-utils package in F-10 +%if (0%{?fedora} >= 4 || 0%{?rhel} >= 5) && !(0%{?fedora} >=17 || 0%{?rhel} >=7) +BuildRequires: /usr/sbin/matchpathcon selinux-policy-targeted +%endif + +%description +libssh2 is a library implementing the SSH2 protocol as defined by +Internet Drafts: SECSH-TRANS(22), SECSH-USERAUTH(25), +SECSH-CONNECTION(23), SECSH-ARCH(20), SECSH-FILEXFER(06)*, +SECSH-DHGEX(04), and SECSH-NUMBERS(10). + +%package devel +Summary: Development files for libssh2 +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +Requires: pkgconfig + +%description devel +The libssh2-devel package contains libraries and header files for +developing applications that use libssh2. + +%package docs +Summary: Documentation for libssh2 +Group: Development/Libraries +Requires: %{name} = %{version}-%{release} +%if %{noarch_docs_package} +BuildArch: noarch +%endif + +%description docs +The libssh2-docs package contains man pages and examples for +developing applications that use libssh2. + +%prep +%setup -q + +# Replace hard wired port number in the test suite to avoid collisions +# between 32-bit and 64-bit builds running on a single build-host +sed -i s/4711/47%{?__isa_bits}/ tests/ssh2.{c,sh} + +# Make sure things are UTF-8... +%patch0 -p1 + +# Three upstream patches required for qemu ssh block driver. +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +# http://thread.gmane.org/gmane.network.ssh.libssh2.devel/6428 +%patch4 -p1 + +# https://trac.libssh2.org/ticket/268 +%patch5 -p1 + +# Resolves: #1080459 - curl consumes too much memory during scp download +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 + +# prevent a not-connected agent from closing STDIN (#1147717) +%patch12 -p1 + +# check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782) +%patch13 -p1 + +# use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787) +%patch101 -p1 + +# scp: send valid commands for remote execution (#1489733) +%patch14 -p1 + +# session: avoid printing misleading debug messages (#1503294) +%patch15 -p1 + +# Make sshd transition appropriately if building in an SELinux environment +%if !(0%{?fedora} >= 17 || 0%{?rhel} >= 7) +chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || : +chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || : +chcon $(/usr/sbin/matchpathcon -n /etc/ssh/ssh_host_key) tests/etc/{host,user} || : +%endif + +%build +%configure --disable-static --enable-shared +make %{?_smp_mflags} + +# Avoid polluting libssh2.pc with linker options (#947813) +sed -i -e 's|[[:space:]]-Wl,[^[:space:]]*||' libssh2.pc + +%install +rm -rf %{buildroot} +make install DESTDIR=%{buildroot} INSTALL="install -p" +find %{buildroot} -name '*.la' -exec rm -f {} \; + +# clean things up a bit for packaging +make -C example clean +rm -rf example/.deps +find example/ -type f '(' -name '*.am' -o -name '*.in' ')' -exec rm -v {} \; + +# avoid multilib conflict on libssh2-devel +mv -v example example.%{_arch} + +%check +# The SSH test will fail if we don't have /dev/tty, as is the case in some +# versions of mock (#672713) +if [ ! -c /dev/tty ]; then + echo Skipping SSH test due to missing /dev/tty + echo "exit 0" > tests/ssh2.sh +fi +# Apparently it fails in the sparc and arm buildsystems too +%ifarch %{sparc} %{arm} +echo Skipping SSH test on sparc/arm +echo "exit 0" > tests/ssh2.sh +%endif +make -C tests check + +%clean +rm -rf %{buildroot} + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%doc AUTHORS ChangeLog COPYING README NEWS +%{_libdir}/libssh2.so.1 +%{_libdir}/libssh2.so.1.* + +%files docs +%doc HACKING +%{_mandir}/man3/libssh2_*.3* + +%files devel +%doc example.%{_arch}/ +%{_includedir}/libssh2.h +%{_includedir}/libssh2_publickey.h +%{_includedir}/libssh2_sftp.h +%{_libdir}/libssh2.so +%{_libdir}/pkgconfig/libssh2.pc + +%changelog +* Tue Sep 26 2017 Kamil Dudka 1.4.3-12 +- session: avoid printing misleading debug messages (#1503294) +- scp: send valid commands for remote execution (#1489733) + +* Fri Feb 19 2016 Kamil Dudka 1.4.3-11 +- use secrects of the appropriate length in Diffie-Hellman (CVE-2016-0787) + +* Mon Jun 01 2015 Kamil Dudka 1.4.3-10 +- check length of data extracted from the SSH_MSG_KEXINIT packet (CVE-2015-1782) + +* Tue May 05 2015 Kamil Dudka 1.4.3-9 +- curl consumes too much memory during scp download (#1080459) +- prevent a not-connected agent from closing STDIN (#1147717) + +* Fri Jan 24 2014 Daniel Mach - 1.4.3-8 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 1.4.3-7 +- Mass rebuild 2013-12-27 + +* Wed Aug 14 2013 Kamil Dudka 1.4.3-6 +- fix very slow sftp upload to localhost +- fix a use after free in channel.c + +* Tue Apr 9 2013 Richard W.M. Jones 1.4.3-5 +- Add three patches from upstream git required for qemu ssh block driver. + +* Wed Apr 3 2013 Paul Howarth 1.4.3-4 +- Avoid polluting libssh2.pc with linker options (#947813) + +* Tue Mar 26 2013 Kamil Dudka 1.4.3-3 +- Avoid collisions between 32-bit and 64-bit builds running on a single build + host + +* Thu Feb 14 2013 Fedora Release Engineering - 1.4.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Nov 28 2012 Paul Howarth 1.4.3-1 +- Update to 1.4.3 + - compression: add support for zlib@openssh.com + - sftp_read: return error if a too large package arrives + - libssh2_hostkey_hash.3: update the description of return value + - Fixed MSVC NMakefile + - examples: use stderr for messages, stdout for data + - openssl: do not leak memory when handling errors + - improved handling of disabled MD5 algorithm in OpenSSL + - known_hosts: Fail when parsing unknown keys in known_hosts file + - configure: gcrypt doesn't come with pkg-config support + - session_free: wrong variable used for keeping state + - libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL + - comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating +- Drop upstreamed patches + +* Wed Nov 07 2012 Kamil Dudka 1.4.2-4 +- examples: use stderr for messages, stdout for data (upstream commit b31e35ab) +- Update libssh2_hostkey_hash(3) man page (upstream commit fe8f3deb) + +* Wed Sep 26 2012 Kamil Dudka 1.4.2-3 +- Fix basic functionality of libssh2 in FIPS mode +- Skip SELinux-related quirks on recent distros to prevent a test-suite failure + +* Thu Jul 19 2012 Fedora Release Engineering - 1.4.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Sun May 20 2012 Paul Howarth 1.4.2-1 +- Update to 1.4.2 + - Return LIBSSH2_ERROR_SOCKET_DISCONNECT on EOF when reading banner + - userauth.c: fread() from public key file to correctly detect any errors + - configure.ac: add option to disable build of the example applications + - added 'Requires.private:' line to libssh2.pc + - SFTP: filter off incoming "zombie" responses + - gettimeofday: no need for a replacement under cygwin + - SSH_MSG_CHANNEL_REQUEST: default to want_reply + - win32/libssh2_config.h: remove hardcoded #define LIBSSH2_HAVE_ZLIB + +* Fri Apr 27 2012 Paul Howarth 1.4.1-2 +- Fix multi-arch conflict again (#816969) + +* Thu Apr 5 2012 Paul Howarth 1.4.1-1 +- Update to 1.4.1 + - Build error with gcrypt backend + - Always do "forced" window updates to avoid corner case stalls + - aes: the init function fails when OpenSSL has AES support + - transport_send: finish in-progress key exchange before sending data + - channel_write: acknowledge transport errors + - examples/x11.c: make sure sizeof passed to read operation is correct + - examples/x11.c: fix suspicious sizeof usage + - sftp_packet_add: verify the packet before accepting it + - SFTP: preserve the original error code more + - sftp_packet_read: adjust window size as necessary + - Use safer snprintf rather then sprintf in several places + - Define and use LIBSSH2_INVALID_SOCKET instead of INVALID_SOCKET + - sftp_write: cannot return acked data *and* EAGAIN + - sftp_read: avoid data *and* EAGAIN + - libssh2.h: add missing prototype for libssh2_session_banner_set() +- Drop upstream patches now included in release tarball + +* Mon Mar 19 2012 Kamil Dudka 1.4.0-4 +- Don't ignore transport errors when writing to channel (#804150) + +* Sun Mar 18 2012 Paul Howarth 1.4.0-3 +- Don't try to use openssl's AES-CTR functions + (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml) + +* Fri Mar 16 2012 Paul Howarth 1.4.0-2 +- fix libssh2 failing key re-exchange when write channel is saturated (#804156) +- drop %%defattr, redundant since rpm 4.4 + +* Wed Feb 1 2012 Paul Howarth 1.4.0-1 +- update to 1.4.0 + - added libssh2_session_supported_algs() + - added libssh2_session_banner_get() + - added libssh2_sftp_get_channel() + - libssh2.h: bump the default window size to 256K + - sftp-seek: clear EOF flag + - userauth: provide more informations if ssh pub key extraction fails + - ssh2_exec: skip error outputs for EAGAIN + - LIBSSH2_SFTP_PACKET_MAXLEN: increase to 80000 + - knownhost_check(): don't dereference ext if NULL is passed + - knownhost_add: avoid dereferencing uninitialized memory on error path + - OpenSSL EVP: fix threaded use of structs + - _libssh2_channel_read: react on errors from receive_window_adjust + - sftp_read: cap the read ahead maximum amount + - _libssh2_channel_read: fix non-blocking window adjusting +- add upstream patch fixing undefined function reference in libgcrypt backend +- BR: /usr/bin/man for test suite + +* Sun Jan 15 2012 Peter Robinson 1.3.0-4 +- skip the ssh test on ARM too + +* Fri Jan 13 2012 Paul Howarth 1.3.0-3 +- make docs package noarch where possible +- example includes arch-specific bits, so move to devel package +- use patch rather than scripted iconv to fix character encoding +- don't make assumptions about SELinux context types used for the ssh server + in the test suite +- skip the ssh test if /dev/tty isn't present, as in some versions of mock +- make the %%files list more explicit +- use tabs for indentation + +* Fri Jan 13 2012 Fedora Release Engineering 1.3.0-2 +- rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Thu Sep 08 2011 Kamil Dudka 1.3.0-1 +- update to 1.3.0 + +* Sat Jun 25 2011 Dennis Gilmore 1.2.7-2 +- sshd/loopback test fails in the sparc buildsystem + +* Tue Oct 12 2010 Kamil Dudka 1.2.7-1 +- update to 1.2.7 (#632916) +- avoid multilib conflict on libssh2-docs +- avoid build failure in mock with SELinux in the enforcing mode (#558964) + +* Fri Mar 12 2010 Chris Weyl 1.2.4-1 +- update to 1.2.4 +- drop old patch0 +- be more aggressive about keeping .deps from intruding into -docs + +* Wed Jan 20 2010 Chris Weyl 1.2.2-5 +- pkgconfig dep should be with -devel, not -docs + +* Mon Jan 18 2010 Chris Weyl 1.2.2-4 +- enable tests; conditionalize sshd test, which fails with a funky SElinux + error when run locally + +* Mon Jan 18 2010 Chris Weyl 1.2.2-3 +- patch w/1aba38cd7d2658146675ce1737e5090f879f306; not yet in a GA release + +* Thu Jan 14 2010 Chris Weyl 1.2.2-2 +- correct bad file entry under -devel + +* Thu Jan 14 2010 Chris Weyl 1.2.2-1 +- update to 1.2.2 +- drop old patch now in upstream +- add new pkgconfig file to -devel + +* Mon Sep 21 2009 Chris Weyl 1.2-2 +- patch based on 683aa0f6b52fb1014873c961709102b5006372fc +- disable tests (*sigh*) + +* Tue Aug 25 2009 Chris Weyl 1.2-1 +- update to 1.2 + +* Fri Aug 21 2009 Tomas Mraz - 1.0-4 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 1.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 1.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 16 2009 Chris Weyl 1.0-1 +- update to 1.0 + +* Sat Jan 17 2009 Tomas Mraz - 0.18-8 +- rebuild with new openssl + +* Mon Feb 18 2008 Fedora Release Engineering - 0.18-7 +- Autorebuild for GCC 4.3 + +* Wed Dec 05 2007 Chris Weyl 0.18-6 +- rebuild for new openssl... + +* Tue Nov 27 2007 Chris Weyl 0.18-5 +- bump + +* Tue Nov 27 2007 Chris Weyl 0.18-4 +- add INSTALL arg to make install vs env. var + +* Mon Nov 26 2007 Chris Weyl 0.18-3 +- run tests; don't package test + +* Sun Nov 18 2007 Chris Weyl 0.18-2 +- split docs into -docs (they seemed... large.) + +* Tue Nov 13 2007 Chris Weyl 0.18-1 +- update to 0.18 + +* Sun Oct 14 2007 Chris Weyl 0.17-1 +- update to 0.17 +- many spec file changes + +* Wed May 23 2007 Sindre Pedersen Bjørdal - 0.15-0.2.20070506 +- Fix release tag +- Move manpages to -devel package +- Add Examples dir to -devel package + +* Sun May 06 2007 Sindre Pedersen Bjørdal - 0.15-0.20070506.1 +- Initial build