diff options
Diffstat (limited to 'extra/libssh')
-rw-r--r-- | extra/libssh/0004-reset-global-request-status.patch | 18 | ||||
-rw-r--r-- | extra/libssh/0005-multi-reverse-fwd.patch | 85 | ||||
-rw-r--r-- | extra/libssh/CVE-2014-0017.patch | 67 | ||||
-rw-r--r-- | extra/libssh/PKGBUILD | 28 |
4 files changed, 7 insertions, 191 deletions
diff --git a/extra/libssh/0004-reset-global-request-status.patch b/extra/libssh/0004-reset-global-request-status.patch deleted file mode 100644 index 760f3497a..000000000 --- a/extra/libssh/0004-reset-global-request-status.patch +++ /dev/null @@ -1,18 +0,0 @@ -Description: Allow requesting more than one channel per session. -Author: Andreas Schneider <asn@cryptomilk.org> -Abstract: - In the 0.5.x series of libssh only one channel request per session - is possible. This blocks using libssh client sessions which require - requesting multiple channels on a single SSH connection. -Origin: http://git.libssh.org/projects/libssh.git/commit/src/channels.c?id=e30acdb58a86937e8bece57ce47e272f1106ca55 ---- a/src/channels.c -+++ b/src/channels.c -@@ -1951,7 +1951,7 @@ - break; - - } -- -+ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE; - leave_function(); - return rc; - error: diff --git a/extra/libssh/0005-multi-reverse-fwd.patch b/extra/libssh/0005-multi-reverse-fwd.patch deleted file mode 100644 index 0771e8c4d..000000000 --- a/extra/libssh/0005-multi-reverse-fwd.patch +++ /dev/null @@ -1,85 +0,0 @@ -Description: Allow requesting multiple reverse port forwarding tunnels per connection -Author: Oleksandr Shneyder <o.schneyder@phoca-gmbh.de> -Abstract: - Channel: Add ssh_channel_accept_forward(). - . - This new function works the same way as ssh_forward_accept() - but can return a destination port of the channel (useful if - SSH connection is supposed to reverse forward multiple TCP/IP - ports). -Origin: http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462 ---- a/include/libssh/libssh.h -+++ b/include/libssh/libssh.h -@@ -371,6 +371,7 @@ - LIBSSH_API char *ssh_dirname (const char *path); - LIBSSH_API int ssh_finalize(void); - LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms); -+LIBSSH_API ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int *destination_port); - LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port); - LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port); - LIBSSH_API void ssh_free(ssh_session session); ---- a/src/channels.c -+++ b/src/channels.c -@@ -1755,7 +1755,7 @@ - } - - static ssh_channel ssh_channel_accept(ssh_session session, int channeltype, -- int timeout_ms) { -+ int timeout_ms, int *destination_port) { - #ifndef _WIN32 - static const struct timespec ts = { - .tv_sec = 0, -@@ -1779,6 +1779,10 @@ - ssh_message_subtype(msg) == channeltype) { - ssh_list_remove(session->ssh_message_list, iterator); - channel = ssh_message_channel_request_open_reply_accept(msg); -+ if(destination_port) { -+ *destination_port=msg->channel_request_open.destination_port; -+ } -+ - ssh_message_free(msg); - return channel; - } -@@ -1809,7 +1813,7 @@ - * the server. - */ - ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) { -- return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms); -+ return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL); - } - - /** -@@ -1857,7 +1861,7 @@ - } else { - session->global_req_state=SSH_CHANNEL_REQ_STATE_DENIED; - } -- -+ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE; - leave_function(); - return SSH_PACKET_USED; - -@@ -2027,7 +2031,23 @@ - * the server - */ - ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) { -- return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms); -+ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL); -+} -+ -+/** -+ * @brief Accept an incoming TCP/IP forwarding channel and get information -+ * about incomming connection -+ * @param[in] session The ssh session to use. -+ * -+ * @param[in] timeout_ms A timeout in milliseconds. -+ * -+ * @param[in] destination_port A pointer to destination port or NULL. -+ * -+ * @return Newly created channel, or NULL if no incoming channel request from -+ * the server -+ */ -+ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int* destination_port) { -+ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, destination_port); - } - - /** diff --git a/extra/libssh/CVE-2014-0017.patch b/extra/libssh/CVE-2014-0017.patch deleted file mode 100644 index dd56a329d..000000000 --- a/extra/libssh/CVE-2014-0017.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -rupN a/include/libssh/wrapper.h b/include/libssh/wrapper.h ---- a/include/libssh/wrapper.h 2013-07-26 06:39:39.000000000 +0000 -+++ b/include/libssh/wrapper.h 2014-03-09 16:38:49.807812235 +0000 -@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_sess - struct ssh_crypto_struct *crypto_new(void); - void crypto_free(struct ssh_crypto_struct *crypto); - -+void ssh_reseed(void); - - #endif /* WRAPPER_H_ */ -diff -rupN a/src/bind.c b/src/bind.c ---- a/src/bind.c 2013-07-26 06:39:39.000000000 +0000 -+++ b/src/bind.c 2014-03-09 16:39:00.571080087 +0000 -@@ -375,6 +375,7 @@ int ssh_bind_accept(ssh_bind sshbind, ss - session->dsa_key = dsa; - session->rsa_key = rsa; - -+ ssh_reseed(); - return SSH_OK; - } - -diff -rupN a/src/libcrypto.c b/src/libcrypto.c ---- a/src/libcrypto.c 2013-07-26 06:39:39.000000000 +0000 -+++ b/src/libcrypto.c 2014-03-09 16:40:07.807331327 +0000 -@@ -23,6 +23,7 @@ - #include <stdlib.h> - #include <stdio.h> - #include <string.h> -+#include <sys/time.h> - - #include "libssh/priv.h" - #include "libssh/session.h" -@@ -38,6 +39,8 @@ - #include <openssl/rsa.h> - #include <openssl/hmac.h> - #include <openssl/opensslv.h> -+#include <openssl/rand.h> -+ - #ifdef HAVE_OPENSSL_AES_H - #define HAS_AES - #include <openssl/aes.h> -@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struc - return 0; - } - -+void ssh_reseed(void) { -+ struct timeval tv; -+ gettimeofday(&tv, NULL); -+ RAND_add(&tv, sizeof(tv), 0.0); -+} -+ - SHACTX sha1_init(void) { - SHACTX c = malloc(sizeof(*c)); - if (c == NULL) { -diff -rupN a/src/libgcrypt.c b/src/libgcrypt.c ---- a/src/libgcrypt.c 2013-07-26 06:39:39.000000000 +0000 -+++ b/src/libgcrypt.c 2014-03-09 16:40:51.730392881 +0000 -@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struc - return 0; - } - -+void ssh_reseed(void) { -+ } -+ - SHACTX sha1_init(void) { - SHACTX ctx = NULL; - gcry_md_open(&ctx, GCRY_MD_SHA1, 0); diff --git a/extra/libssh/PKGBUILD b/extra/libssh/PKGBUILD index bd9c30295..cbc36b9b3 100644 --- a/extra/libssh/PKGBUILD +++ b/extra/libssh/PKGBUILD @@ -1,42 +1,28 @@ -# $Id: PKGBUILD 207452 2014-03-09 16:43:05Z bpiotrowski $ +# $Id: PKGBUILD 211694 2014-04-23 15:10:12Z andyrtr $ # Maintainer: Tom Gundersen <teg@jklm.no> # Contributor: Andrea Scarpino <andrea@archlinux.org> # Contributor: ice-man <icemanf@gmail.com> # Contributor: sergeantspoon <sergeantspoon@archlinux.us> pkgname=libssh -pkgver=0.5.5 -pkgrel=3 +pkgver=0.6.3 +pkgrel=1 pkgdesc="Library for accessing ssh client services through C libraries" url="http://www.libssh.org/" license=('LGPL') arch=('i686' 'x86_64') depends=('zlib' 'openssl') makedepends=('cmake' 'doxygen') -source=(https://red.libssh.org/attachments/download/51/${pkgname}-${pkgver}.tar.gz - 0004-reset-global-request-status.patch - 0005-multi-reverse-fwd.patch - CVE-2014-0017.patch) -md5sums=('bb308196756c7255c0969583d917136b' - '0d8c28906b07e31466157b1fda441f4a' - '6fa3a1a4f448e85a7eb39360f4a72ce9' - '2eddf36e41adf62e4094f17b64d466e0') - -prepare() { - cd ${pkgname}-${pkgver} - # add multiple channels on a single SSH connection required by X2goclient - # see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736231 - patch -Np1 -i ${srcdir}/0004-reset-global-request-status.patch - patch -Np1 -i ${srcdir}/0005-multi-reverse-fwd.patch - patch -Np1 -i ${srcdir}/CVE-2014-0017.patch -} +source=(https://red.libssh.org/attachments/download/87/${pkgname}-${pkgver}.tar.xz) +md5sums=('66cf16e77f60913b4d54f18c92cdbf71') build() { mkdir build cd build cmake ../${pkgname}-${pkgver} \ -DCMAKE_INSTALL_PREFIX=/usr \ - -DCMAKE_BUILD_TYPE=Release + -DCMAKE_BUILD_TYPE=Release \ + -DWITH_GSSAPI=OFF make } |