Corrected the ssh_print_hexa to ssh_print_hash in the patch
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
A flaw was found in libssh. By utilizing the
ProxyCommand or ProxyJump feature, users can exploit
unchecked hostname syntax on the client. This issue
may allow an attacker to inject malicious code into
the command of the features mentioned through the
hostname parameter
Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Set protocol to https as the git protocol doesn't work for this repo:
$ git clone git://git.libssh.org/projects/libssh.git
Cloning into 'libssh'...
fatal: unable to connect to git.libssh.org:
git.libssh.org[0: 78.46.21.5]: errno=Connection timed out
git.libssh.org[1: 2a01:4f8:201:2294::2]: errno=Network is unreachable
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Since libssh is now a dependency of cryptsetup, it needs to be buildable
for the same cases as cryptsetup.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This would allow to build it without libgcrypt (relying instead on
libcrypto).
Enable it by default to keep the recipe behaving the same wihtout a
configuration change.
Signed-off-by: Valentin Longchamp <valentin@longchamp.me>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Reformat COPYING file
0.8.8 is a security release to especially address CVE-2019-14889.
Thins includes the following changes from the 0.8.4 version:
7850307 Bump version to 0.8.8
30c0f0c cpack: Ignore patch files and other stuff
b0edec4 CVE-2019-14889: scp: Quote location to be used on shell
391c78d CVE-2019-14889: scp: Don't allow file path longer than 32kb
2ba1dea CVE-2019-14889: misc: Add function to quote file names
82c375b CVE-2019-14889: scp: Log SCP warnings received from the server
4aea835 CVE-2019-14889: scp: Reformat scp.c
2fbeb2a gitlab-ci: Mips is dead
e981113 doc: Add a note about OpenSSL linking
3736a03 libcrypto: Add missing includes for modes.h
be73335 sftp: Document how to free memory retruned by sftp_canonicalize_path()
5298611 Bump version to 0.8.7
7a49ee5 cmake: Bump API version to 4.7.4
c842bc2 Remove SHA384 HMAC
8892577 Use constant time comparison function for HMAC comparison
ac7c64a pki_gcrypt: Include missing stdbool.h
47014eb pki: Fix size type for len in privatekey_string_to_buffer()
2223106 connect: Fix size type for i an j in ssh_select()
4af7736 connector: Fallback on the socket output callback
f4a0fcc connector: Don't NULL connector (in|out) channels on event remove
fa150ef options: Removed outdated param annotations of ssh_options_set()
810dbd3 config: Avoid buffer overflow
fa6aa12 tests/pkd: repro rsa-sha2-{256,512} negotiation bug
a4948f6 kex: honor client preference for rsa-sha2-{256,512} host key algorithms
e05e4ae pki_crypto: plug pki_signature_from_blob leaks
b6d2755 pki: NULL check pki_signature_from_rsa_blob result
e69fb89 pki_container_openssh: Add padding to be compatible with OpenSSH
f9beb3c gitlab-ci: Disable debian cross mips runner
bfc39d5 kex: List also the SHA2 extension when ordering hostkey algorithms
0acfd81 server: Correctly handle extensions
d028b24 dh: Make sure we do not access uninitialized memory
68fc17c Bump version to 0.8.6
d327712 Bump SO version to 4.7.3
fded1fb channels: Don't call ssh_channel_close() twice
a6e055c packet: Allow SSH2_MSG_EXT_INFO when authenticated
32221ea channels: Send close if we received a remote close
917ba07 channels: Reformat ssh_channel_free()
bcdbc11 channel: Add SSH_CHANNEL_FLAG_CLOSED_LOCAL
79289dc channel: Reformat ssh_channel_close()
45172a7 sftp: Do not overwrite errors set by channel functions
7b0c80b tests: Test calling ssh_init() after ssh_finalize()
d5bc9a1 libcrypto: Fix access violation in ssh_init()
80d3e10 tests: Verify that signatures are sane and can not be verified by non-matching key
455d495 pki: Sanitize input to verification
b1bae1d pki: Return default RSA key type for DIGEST_AUTO
ad4f1db pki: Verify the provided public key has expected type
5ffe695 pki: Sanity-check signature matches base key type
230a437 tests: Do not require base RSA type for SHA2 extension whitelist
1df272c packet_cb: Properly verify the signature type
c3a57fe pki: Separate signature extraction and verification
a238df2 pki: Set correct type for imported signatures
f5e8fa5 pki: Use self-explanatory variable names
0a07266 The largest ECDSA key has 521 bits
953eae8 pki_gcrypt: Do not abort on bad signature
1d5215a server: Do not send SSH_MSG_EXT_INFO after rekey
2d06a83 kex: Do not negotiate extensions during rekey
fd844ca tests: Verify setting NULL knownhosts does not crash
a106a00 options: Do not crash when setting knownhosts to NULL (T108)
d8372c3 gcrypt: Bugfix for very slow ecdh
9462105 socket: Add missing braces
fe0331c socket: Remove redundant code
709c48e socket: Fix potential buffer overrun
3d56bda pki: Fix typos in documentation
8b4de1c packet: Fix timeout on hostkey type mismatch instead of proper error
906f63b packets: Fix ssh_send_keepalive()
26ea4f0 COPYING: Reformat the last paragraph
3b46198 tests: Fix chroot_wrapper location
3de3494 tests: Ensure the ssh session fd is read-/writeable in torture_proxycommand
69cb3c5 knownhosts: Take StrictHostKeyChecking option into account
5102b16 crypto: Fix compilation for OpenSSL without deprecated APIs
dc071dc cmake: Refresh the CMake Config files
a8d4fba tests: Improve error reporting in auth test
56b7d2d tests: Typo -- the flags should be checked according to the comment
a4b99ee knownhosts: Make sure we have both knownhosts files ready
8a8498b client: Reformat comment
44b32e9 tests/pkd: Properly clean up memory
0590795 session: Drop unused structure member (SSHv1)
f11be32 misc: Properly check for errors returned from getpwuid_r()
a9be4ab misc: Reformat ssh_get_user_home_dir and ssh_file_readaccess_ok
273fb4c Bump version to 0.8.5
56f7c27 Bump SO version to 4.7.2
1285b37 doc: fix up various typos and trailing whitespace
b7de358 libcrypto: Fix memory leak in evp_final()
bea6393 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
9158cc5 socket: Undouble socket fds
8ba10ef client: Send KEX as soon as banners are exchanged
2ff8a09 tests: Verify we can authenticate using ed25519 key
d52fa9a tests: Global known_hosts are used for host key verification
ec3fdb4 knownhosts: Consult also the global known hosts file
d877969 options: Set the global known_hosts file
b1a7bd2 tests: Verify the hostkey ordering for negotiation is correct
0831b85 tests: Generate valid known_hosts file, fixing the current test
34d1f5e tests: Verify the ecdsa key types are handled correctly
fcf2cd0 kex: Use all supported hostkey algorithms for negotiation
4a4ca44 kex: Honor more host key algorithms than the first one (ssh-ed25519)
17a6c3f knownhosts: Use the correct name for ECDSA keys for host key negotiation
e24bb93 tests: Do not trace sshd
5c2d444 tests: Add option tests for global and user specific known_hosts
9763563 options: Add support for getting the known_hosts locations
5f9d9f4 examples: Explicitly track auth state in samplesshd-kbdint
e8f3207 messages: Check that the requested service is 'ssh-connection'
e5cee20 server: Set correct state after sending INFO_REQUEST (Kbd Interactive)
63056d1 priv: Add ssize_t if not available with MSVC
09e4f3d packet: Add missing break in ssh_packet_incoming_filter()
4b886ac src: Fix typos
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Notable changes since 0.7.3:
* Fixed CVE-2018-10933 authentication bypass
* Removed support for deprecated SSHv1 protocol
* Added support for OpenSSL 1.1
* Added support for chacha20-poly1305 cipher
* Added ECDSA support with gcrypt backend
* Improved threading support (note: libssh_threads is now gone)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Set the correct LIB_SUFFIX to fix QA issue for multilib:
ERROR: QA Issue: libssh: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/libssh.so
/usr/lib/libssh_threads.so.4.5.0
/usr/lib/libssh.so.4
/usr/lib/libssh_threads.so.4
/usr/lib/libssh_threads.so
[snip]
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. [installed-vs-shipped]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Among other things, includes a fix for CVE-2014-8132.
(There are a couple of useful-looking fixes after 0.6.4 in the 0.6
branch, hence I have renamed the recipe to _git and set PV to the
standard format.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
cmake.bbclass as of oe-core 783fb88 defaults to out-of-tree builds. Use that
functionality instead of OECMAKE_BUILDPATH/_SOURCEPATH which are no longer used.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Reviewed-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Vijay Anusuri
Divya Chellam
Rajeshkumar Ramasamy
Hitendra Prajapati
Virendra Thakur
nikhil
Khem Raj
Yi Zhao
Peter Kjellerstedt
Martin Jansa
Valentin Longchamp
Pierre-Jean Texier
Paul Eggleton
Trevor Woerner
Joshua Lock
Jackie Huang
Armin Kuster
Koen Kooi
Matthieu CRAPET
Ross Burton
Andrei Gherzan