Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

    PaulHowarth/Blog/2023-06-01

Thursday 1st June 2023

Fedora Project

  • Updated libssh2 to 1.11.0 in Rawhide:

    • Adds support for encrypt-then-mac (ETM) MACs
    • Adds support for AES-GCM crypto protocols

    • Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys

    • Adds support for RSA certificate authentication

    • Adds FIDO support with *_sk() functions

    • Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends

    • Adds Agent Forwarding and libssh2_agent_sign()

    • Adds support for Channel Signal message libssh2_channel_signal_ex()

    • Adds support to get the user auth banner message libssh2_userauth_banner()

    • Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519, AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options

    • Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()

    • Adds wolfSSL support to CMake file
    • Adds mbedTLS 3.x support
    • Adds LibreSSL 3.5 support
    • Adds support for CMake "unity" builds
    • Adds CMake support for building shared and static libs in a single pass
    • Adds symbol hiding support to CMake

    • Adds support for libssh2.rc for all build tools

    • Adds .zip, .tar.xz and .tar.bz2 release tarballs

    • Enables ed25519 key support for LibreSSL 3.7.0 or higher

    • Improves OpenSSL 1.1 and 3 compatibility
    • Now requires OpenSSL 1.0.2 or newer
    • Now requires CMake 3.1 or newer

    • SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs

    • SFTP: No longer has a packet limit when reading a directory
    • SFTP: Now parses attribute extensions if they exist
    • SFTP: No longer will busy loop if SFTP fails to initialize
    • SFTP: Now clear various errors as expected
    • SFTP: No longer skips files if the line buffer is too small
    • SCP: Add option to not quote paths
    • SCP: Enables 64-bit offset support unconditionally

    • Now skips leading \r and \n characters in banner_receive()

    • Enables secure memory zeroing with all build tools on all platforms

    • No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive

    • Speed up base64 encoding by 7x
    • Assert if there is an attempt to write a value that is too large

    • WinCNG: fix memory leak in _libssh2_dh_secret()

    • Added protection against possible null pointer dereferences
    • Agent now handles overly large comment lengths
    • Now ensure KEX replies don't include extra bytes

    • Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER

    • Fixed possible buffer overflow in keyboard interactive code path

    • Fixed overlapping memcpy()

    • Fixed Windows UWP builds
    • Fixed DLL import name

    • Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows

    • Support for building with gcc versions older than 8

    • Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files

    • Restores ANSI C89 compliance
    • Enabled new compiler warnings and fixed/silenced them
    • Improved error messages
    • Now uses CIFuzz
    • Numerous minor code improvements
    • Improvements to CI builds
    • Improvements to unit tests
    • Improvements to doc files
    • Improvements to example files
    • Removed "old gex" build option
    • Removed no-encryption/no-mac builds

    • Removed support for NetWare and Watcom wmake build files

  • I added a patch to work around strict permissions issues that would cause the sshd tests to fail: 

  •    1 Group-writeable directories in the hierarchy above where we
   2 run the tests from can cause failures due to openssh's strict
   3 permissions checks. Adding this option helps the tests to run
   4 more reliably on a variety of build systems.
   5 
   6 --- tests/test_sshd.test
   7 +++ tests/test_sshd.test
   8 @@ -71,6 +71,7 @@ chmod go-rwx \
   9  # shellcheck disable=SC2086
  10  "${SSHD}" \
  11    -f "${SSHD_FIXTURE_CONFIG:-${d}/openssh_server/sshd_config}" \
  12 +  -o 'StrictModes no' \
  13    -o 'Port 4711' \
  14    -h "${d}/openssh_server/ssh_host_rsa_key" \
  15    -h "${d}/openssh_server/ssh_host_ecdsa_key" \

  • Updated perl-Tie-EncryptedHash (1.24) in Rawhide to use SPDX-format license tag

  • Updated perl-Tie-RefHash-Weak (0.09) in Rawhide to use SPDX-format license tag

  • Updated perl-Time-Piece-MySQL (0.06) in Rawhide to use SPDX-format license tag

  • Updated perl-Time-y2038 (20100403) in Rawhide to use SPDX-format license tag

  • Updated perl-Tree-DAG_Node (1.32) in Rawhide to use SPDX-format license tag

  • Updated perl-UNIVERSAL-moniker (0.08) in Rawhide to use SPDX-format license tag

  • Updated perl-URI-cpan (1.008) in Rawhide to use SPDX-format license tag

  • Updated perl-URI-Fetch (0.15) in Rawhide to use SPDX-format license tag

Local Packages

  • Updated libssh2 to 1.11.0 as per the Fedora version

  • Updated perl-Net-DNS to 1.39:

  • Updated perl-Tie-RefHash-Weak (0.09) as per the Fedora version

  • Updated perl-Time-y2038 (20100403) as per the Fedora version

  • Updated perl-Tree-DAG_Node (1.32) as per the Fedora version

  • Updated perl-URI-cpan (1.008) as per the Fedora version

Recent