From patchwork Sun May 11 10:13:02 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8724 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4ZwJVG6Yxnz3x4T for ; Sun, 11 May 2025 10:13:42 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E5" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4ZwJVF2vSJz6XQ for ; Sun, 11 May 2025 10:13:41 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4ZwJV25MSNz37F3 for ; Sun, 11 May 2025 10:13:30 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4ZwJTz5mvZz37Bn for ; Sun, 11 May 2025 10:13:27 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4ZwJTx5T7nz6SK; Sun, 11 May 2025 10:13:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1746958406; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c8H7Bnie5L9rQqsz+ize7aV3R1URgNJs+HEplbTbTo4=; b=Ey3zVOFjnyysoK3Fy3PfxgzqI1RD4TA41a47yeeJs16EcsdjDj6+bL9gSUOsyQPEUTNSYI xRka8kGTSH2DbQQH/1WT3SWxZ/pc2LLeOP/9VkTX577Fb3oBrbpMkNYjvLyAOAnhSs8OwH DzhLjdxW7yadqtpr9Y6yDi/fa3E9KQkrl5V4Dm4hXoLMOVs9/MaoH4qoZlzWIqh6wRDatc szy1p7YrXmPU6+Hcv+te/T5PShWF63XgCvLM8CYFhrZB21JhbZNJDsIBVRkxuxYQCZi2Fp 2EB2WRbrYsGGsE3NMgC+TZwc6NyhIR7oaTwp1BTTP25kwzfykfK0JolmrI/KBg== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1746958406; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=c8H7Bnie5L9rQqsz+ize7aV3R1URgNJs+HEplbTbTo4=; b=/AfuWCLqhoSXx4K2wr25zlPOioUksOZhUk3Od4KdJ57zx44fqCq7rqwH+4/a9CW4Wsi94J sWcZUP/xI93dmKAA== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH 7/9] libssh: Update to version 0.11.1 - fixes min cmake version Date: Sun, 11 May 2025 12:13:02 +0200 Message-ID: <20250511101311.7315-7-adolf.belka@ipfire.org> In-Reply-To: <20250511101311.7315-1-adolf.belka@ipfire.org> References: <20250511101311.7315-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 0.10.6 to 0.11.1 - Update of rootfile - Changelog 0.11.1 * Fixed default TTY modes that are set when stdin is not connected to tty (#270) * Fixed zlib cleanup procedure, which could crash on i386 * Various test fixes improving their stability * Fixed cygwin build 0.11.0 * Deprecations and Removals: * Dropped support for DSA * Deprecated Blowfish cipher (will be removed in next release) * Deprecated SSH_BIND_OPTIONS_{RSA,ECDSA}KEY in favor of generic HOSTKEY * Removed the usage of deprecated OpenSSL APIs (Note: Minimum supported OpenSSL version is 1.1.1) * Disabled preauth compression (zlib) by default * Support for pkcs#11 engines are deprecated, pkcs11-provider is used instead * Deprecation of old async SFTP API * libgcrypt cryptographic backend is deprecated * Deprecation of knownhosts hashing * SFTP Improvements: * Added support for async SFTP IO * Added support for sftp_limits() and applied capping to SFTP read/write operations accordingly * Added sftp_home_directory() API support for sftp extension "home-directory" * Added sftp_lsetstat() API for lsetstat extensions * Added sftp_expand_path() to canonicalize path using expand-path@openssh.com extension * Implemented stat and realpath in sftpserver * Added sftp_readlink() API to support hardlink@openssh.com * New extensible callback based SFTP server * Introduced the posix-rename@openssh.com extension * New functions and features: * Added support for PKCS #11 provider for OpenSSL 3.0 * Added testing for GSSAPI Authentication * Implemented proxy jump using libssh * Recategorized loglevels to show fatal errors and alignment with OpenSSH log levels * Added ssh_channel_request_pty_size_modes() API to set terminal modes for PTYs * Added function to check username syntax * Added support to check all keys in authorized_keys instead of one in example server implementation * Handled hostkey similar to OpenSSH * Added ssh_session_socket_close() API in order to not close socket passed through options on error conditions * Added option SSH_BIND_OPTIONS_IMPORT_KEY_STR to read user-supplied key string in ssh_bind_options_set() * Improved log handling around ssh_set_callbacks * Added ssh_set_error_invalid in ssh_options_set() * Prevented signature blob to start with 1 bit in libgcrypt * Added support to unbreak key comparison of Ed25519 keys imported from PEM or OpenSSH container * Added support to calculate missing CRT parameters when building RSA key * Added ssh_pki_export_privkey_base64_format() and ssh_pki_export_privkey_file_format() to support exporting keys in different formats (PEM, OpenSSH) * Added support to compare certificates and handle automatic certificate authentication * Added support to make compile-commands generation conditional * Built fuzzers for normal testing * Avoided passing other events to callbacks when called recursively * Added control master and path options * Refactored channel_rcv_data, check for errors and report more useful errors * Added support to connect to other host addresses than just the first one * Terminated the server properly when the MaxAuthTries is reached * Added support for no-more-sessions@openssh.com request in both client and server * Added callback to support forwarded-tcpip requests * Bumped minimal CMake version to 3.12 * Added support for MBedTLS 3.6.x * Added support for +,-,^ modifiers in front of algorithm lists in options * Added callbacks for channel open response, and channel request response * Replaced chroot() from chroot_wrapper internal library with chroot() from priv_wrapper package * Added a placeholder for non-expanded identities * Improved handling of channel transfer window sizes Signed-off-by: Adolf Belka --- config/rootfiles/common/libssh | 3 ++- lfs/libssh | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libssh b/config/rootfiles/common/libssh index 417a8be8d..5b0c59fbd 100644 --- a/config/rootfiles/common/libssh +++ b/config/rootfiles/common/libssh @@ -6,6 +6,7 @@ #usr/include/libssh/libsshpp.hpp #usr/include/libssh/server.h #usr/include/libssh/sftp.h +#usr/include/libssh/sftpserver.h #usr/include/libssh/ssh2.h #usr/lib/cmake/libssh #usr/lib/cmake/libssh/libssh-config-noconfig.cmake @@ -13,5 +14,5 @@ #usr/lib/cmake/libssh/libssh-config.cmake #usr/lib/libssh.so usr/lib/libssh.so.4 -usr/lib/libssh.so.4.9.6 +usr/lib/libssh.so.4.10.1 #usr/lib/pkgconfig/libssh.pc diff --git a/lfs/libssh b/lfs/libssh index 587a97921..d7b956aa6 100644 --- a/lfs/libssh +++ b/lfs/libssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team # +# Copyright (C) 2007-2025 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 0.10.6 +VER = 0.11.1 THISAPP = libssh-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 6ae1c611b685fa8ec5e5fb159f93493edf4d8ae8536300cd9a357daadc28ca2fbd8a64a22157744bc97e2e672b0b84b58e1167d7369fe88306b3581098af9f57 +$(DL_FILE)_BLAKE2 = 87079b4eaf66ceb77803b3d854f847b3f3fb6a67ac3bfa756ebcf8f06bf2b313e976044e0a1d81227fb5278fb04bc56f1a82877d14a6ee76bec0c690b14f38a7 install : $(TARGET)