Thursday 1st June 2023
Fedora Project
Updated libssh2 to 1.11.0 in Rawhide:
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
Adds Agent Forwarding and libssh2_agent_sign()
Adds support for Channel Signal message libssh2_channel_signal_ex()
Adds support to get the user auth banner message libssh2_userauth_banner()
Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake "unity" builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
Adds support for libssh2.rc for all build tools
Adds .zip, .tar.xz and .tar.bz2 release tarballs
Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: Now parses attribute extensions if they exist
- SFTP: No longer will busy loop if SFTP fails to initialize
- SFTP: Now clear various errors as expected
- SFTP: No longer skips files if the line buffer is too small
- SCP: Add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
Support for building with gcc versions older than 8
Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed "old gex" build option
- Removed no-encryption/no-mac builds
Removed support for NetWare and Watcom wmake build files
I added a patch to work around strict permissions issues that would cause the sshd tests to fail:
1 Group-writeable directories in the hierarchy above where we 2 run the tests from can cause failures due to openssh's strict 3 permissions checks. Adding this option helps the tests to run 4 more reliably on a variety of build systems. 5 6 --- tests/test_sshd.test 7 +++ tests/test_sshd.test 8 @@ -71,6 +71,7 @@ chmod go-rwx \ 9 # shellcheck disable=SC2086 10 "${SSHD}" \ 11 -f "${SSHD_FIXTURE_CONFIG:-${d}/openssh_server/sshd_config}" \ 12 + -o 'StrictModes no' \ 13 -o 'Port 4711' \ 14 -h "${d}/openssh_server/ssh_host_rsa_key" \ 15 -h "${d}/openssh_server/ssh_host_ecdsa_key" \
Updated perl-Tie-EncryptedHash (1.24) in Rawhide to use SPDX-format license tag
Updated perl-Tie-RefHash-Weak (0.09) in Rawhide to use SPDX-format license tag
Updated perl-Time-Piece-MySQL (0.06) in Rawhide to use SPDX-format license tag
Updated perl-Time-y2038 (20100403) in Rawhide to use SPDX-format license tag
Updated perl-Tree-DAG_Node (1.32) in Rawhide to use SPDX-format license tag
Updated perl-UNIVERSAL-moniker (0.08) in Rawhide to use SPDX-format license tag
Updated perl-URI-cpan (1.008) in Rawhide to use SPDX-format license tag
Updated perl-URI-Fetch (0.15) in Rawhide to use SPDX-format license tag
Local Packages
Updated libssh2 to 1.11.0 as per the Fedora version
Updated perl-Net-DNS to 1.39:
Fix udpsize uninitialized value (CPAN RT#148340)
Updated perl-Tie-RefHash-Weak (0.09) as per the Fedora version
Updated perl-Time-y2038 (20100403) as per the Fedora version
Updated perl-Tree-DAG_Node (1.32) as per the Fedora version
Updated perl-URI-cpan (1.008) as per the Fedora version