开源软件构建与测试

Changes of Revision 4

_service:tar_scm:libssh.spec Changed

@@ -1,6 +1,6 @@
 Name:           libssh
 Version:        0.10.4
-Release:        1
+Release:        3
 Summary:        A library implementing the SSH protocol
 License:        LGPLv2+
 URL:            http://www.libssh.org
@@ -9,6 +9,10 @@
 Source1:        https://www.libssh.org/files/0.9/%{name}-%{version}.tar.xz.asc
 Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
 
+Patch0:         backport-config-Escape-brackets-in-ProxyCommand-build-from.patch
+Patch1:         backport-packet-do-not-enqueue-outgoing-packets-after-sending.patch
+Patch2:         backport-examples-Fix-build-issue-with-new-clang-15.patch
+
 BuildRequires:  cmake gcc-c++ gnupg2 openssl-devel pkgconfig zlib-devel
 BuildRequires:  krb5-devel libcmocka-devel openssh-clients openssh-server
 BuildRequires:  nmap-ncat
@@ -93,6 +97,19 @@
 %doc CHANGELOG README
 
 %changelog
+* Mon Apr 3 2023 Chenxi Mao <chenxi.mao@suse.com> - 0.10.4-3
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:Backport patches to fix build error if compiler switch to clang.
+
+* Sat Mar 18 2023 renmingshuai <renmingshuai@huawei.com> - 0.10.4-2
+- Type:bugfix
+- Id:NA
+- SUG:NA
+- DESC:config: Escape brackets in ProxyCommand build from ProxyJump
+       packet: do not enqueue outgoing packets after sending
+
 * Thu Oct 20 2022 zengweifeng<zwfeng@huawei.com> - 0.10.4-1
 - Type:requirement
 - Id:NA

_service:tar_scm:backport-config-Escape-brackets-in-ProxyCommand-build-from.patch Added

@@ -0,0 +1,98 @@
+From bccb8513fa4a836aef0519d65eb33bb212606fe1 Mon Sep 17 00:00:00 2001
+From: Thomas Baag <libssh-git@spam.b2ag.de>
+Date: Wed, 21 Sep 2022 20:55:27 +0200
+Subject: PATCH config: Escape brackets in ProxyCommand build from
+ProxyJump
+
+Missing escaping results in syntax errors in Zsh shell because of square
+brackets getting interpreted as being a pattern for globbing.
+
+Signed-off-by: Thomas Baag <libssh-git@spam.b2ag.de>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Conflict:NA
+Reference:https://git.libssh.org/projects/libssh.git/commit?id=bccb8513fa
+---
+ src/config.c                     |  2 +-
+ tests/unittests/torture_config.c | 14 +++++++-------
+ 2 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/config.c b/src/config.c
+index 41ba105..592f1a2 100644
+--- a/src/config.c
++++ b/src/config.c
+@@ -491,7 +491,7 @@ ssh_config_parse_proxy_jump(ssh_session session, const char *s, bool do_parsing)
+     if (hostname != NULL && do_parsing) {
+         char com512 = {0};
+ 
+-        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W %%h:%%p %s",
++        rv = snprintf(com, sizeof(com), "ssh%s%s%s%s%s%s -W '%%h:%%p' %s",
+                       username ? " -l " : "",
+                       username ? username : "",
+                       port ? " -p " : "",
+diff --git a/tests/unittests/torture_config.c b/tests/unittests/torture_config.c
+index 31dadae..5ff20c9 100644
+--- a/tests/unittests/torture_config.c
++++ b/tests/unittests/torture_config.c
+@@ -649,7 +649,7 @@ static void torture_config_unknown(void **state,
+     /* test corner cases */
+     _parse_config(session, file, string, SSH_OK);
+     assert_string_equal(session->opts.ProxyCommand,
+-            "ssh -W %h:%p many-spaces.com");
++            "ssh -W '%h:%p' many-spaces.com");
+     assert_string_equal(session->opts.host, "equal.sign");
+ 
+     ret = ssh_config_parse_file(session, "/etc/ssh/ssh_config");
+@@ -945,28 +945,28 @@ static void torture_config_proxyjump(void **state,
+     torture_reset_config(session);
+     ssh_options_set(session, SSH_OPTIONS_HOST, "simple");
+     _parse_config(session, file, string, SSH_OK);
+-    assert_string_equal(session->opts.ProxyCommand, "ssh -W %h:%p jumpbox");
++    assert_string_equal(session->opts.ProxyCommand, "ssh -W '%h:%p' jumpbox");
+ 
+     /* With username */
+     torture_reset_config(session);
+     ssh_options_set(session, SSH_OPTIONS_HOST, "user");
+     _parse_config(session, file, string, SSH_OK);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -l user -W %h:%p jumpbox");
++                        "ssh -l user -W '%h:%p' jumpbox");
+ 
+     /* With port */
+     torture_reset_config(session);
+     ssh_options_set(session, SSH_OPTIONS_HOST, "port");
+     _parse_config(session, file, string, SSH_OK);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -p 2222 -W %h:%p jumpbox");
++                        "ssh -p 2222 -W '%h:%p' jumpbox");
+ 
+     /* Two step jump */
+     torture_reset_config(session);
+     ssh_options_set(session, SSH_OPTIONS_HOST, "two-step");
+     _parse_config(session, file, string, SSH_OK);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -l u1 -p 222 -J u2@second:33 -W %h:%p first");
++                        "ssh -l u1 -p 222 -J u2@second:33 -W '%h:%p' first");
+ 
+     /* none */
+     torture_reset_config(session);
+@@ -985,14 +985,14 @@ static void torture_config_proxyjump(void **state,
+     ssh_options_set(session, SSH_OPTIONS_HOST, "only-jump");
+     _parse_config(session, file, string, SSH_OK);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -W %h:%p jumpbox");
++                        "ssh -W '%h:%p' jumpbox");
+ 
+     /* IPv6 address */
+     torture_reset_config(session);
+     ssh_options_set(session, SSH_OPTIONS_HOST, "ipv6");
+     _parse_config(session, file, string, SSH_OK);
+     assert_string_equal(session->opts.ProxyCommand,
+-                        "ssh -W %h:%p 2620:52:0::fed");
++                        "ssh -W '%h:%p' 2620:52:0::fed");
+ 
+     /* In this part, we try various other config files and strings. */
+ 
+-- 
+2.23.0
+

_service:tar_scm:backport-examples-Fix-build-issue-with-new-clang-15.patch Added

@@ -0,0 +1,170 @@
+From 22f0f0dd60907ee7bcf30a5e32638ef12b8f0457 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 12 Oct 2022 13:03:45 +0200
+Subject: PATCH 1/1 examples: Fix build issue with new clang 15
+
+The error was  the following
+
+/builds/libssh/libssh-mirror/examples/sshnetcat.c:241:18: error: a function
+declaration without a prototype is deprecated in all versions of C
+-Werror,-Wstrict-prototypes
+void cleanup_pcap(){
+                 ^
+                  void
+
+and similar
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
+---
+ examples/ssh_X11_client.c |  2 +-
+ examples/sshnetcat.c      |  5 +++--
+ src/init.c                |  2 +-
+ tests/pkd/pkd_keyutil.c   | 24 ++++++++++++------------
+ 4 files changed, 17 insertions(+), 16 deletions(-)
+
+diff --git a/examples/ssh_X11_client.c b/examples/ssh_X11_client.c
+index 369b9b4a..6e785ee2 100644
+--- a/examples/ssh_X11_client.c
++++ b/examples/ssh_X11_client.c
+@@ -453,7 +453,7 @@ connect_local_xsocket(int display_number)
+ 
+ 
+ static int
+-x11_connect_display()
++x11_connect_display(void)
+ {
+ 	int display_number;
+ 	const char *display = NULL;
+diff --git a/examples/sshnetcat.c b/examples/sshnetcat.c
+index 9bc5d52e..59b0a289 100644
+--- a/examples/sshnetcat.c
++++ b/examples/sshnetcat.c
+@@ -238,9 +238,10 @@ void set_pcap(ssh_session session){
+ }
+ 
+ void cleanup_pcap(void);
+-void cleanup_pcap(){
++void cleanup_pcap(void)
++{
+ 	ssh_pcap_file_free(pcap);
+-	pcap=NULL;
++	pcap = NULL;
+ }
+ #endif
+ 
+diff --git a/src/init.c b/src/init.c
+index 7f184b9c..36911a42 100644
+--- a/src/init.c
++++ b/src/init.c
+@@ -278,7 +278,7 @@ BOOL WINAPI DllMain(HINSTANCE hinstDLL,
+  *
+  * @see ssh_init()
+  */
+-bool is_ssh_initialized() {
++bool is_ssh_initialized(void) {
+ 
+     bool is_initialized = false;
+ 
+diff --git a/tests/pkd/pkd_keyutil.c b/tests/pkd/pkd_keyutil.c
+index 3991bcbb..533d2788 100644
+--- a/tests/pkd/pkd_keyutil.c
++++ b/tests/pkd/pkd_keyutil.c
+@@ -22,7 +22,7 @@
+ #include "pkd_keyutil.h"
+ #include "pkd_util.h"
+ 
+-void setup_rsa_key() {
++void setup_rsa_key(void) {
+     int rc = 0;
+     if (access(LIBSSH_RSA_TESTKEY, F_OK) != 0) {
+         rc = system_checked(OPENSSH_KEYGEN " -t rsa -q -N \"\" -f "
+@@ -31,7 +31,7 @@ void setup_rsa_key() {
+     assert_int_equal(rc, 0);
+ }
+ 
+-void setup_ed25519_key() {
++void setup_ed25519_key(void) {
+     int rc = 0;
+     if (access(LIBSSH_ED25519_TESTKEY, F_OK) != 0) {
+         rc = system_checked(OPENSSH_KEYGEN " -t ed25519 -q -N \"\" -f "
+@@ -41,7 +41,7 @@ void setup_ed25519_key() {
+ }
+ 
+ #ifdef HAVE_DSA
+-void setup_dsa_key() {
++void setup_dsa_key(void) {
+     int rc = 0;
+     if (access(LIBSSH_DSA_TESTKEY, F_OK) != 0) {
+         rc = system_checked(OPENSSH_KEYGEN " -t dsa -q -N \"\" -f "
+@@ -51,7 +51,7 @@ void setup_dsa_key() {
+ }
+ #endif
+ 
+-void setup_ecdsa_keys() {
++void setup_ecdsa_keys(void) {
+     int rc = 0;
+ 
+     if (access(LIBSSH_ECDSA_256_TESTKEY, F_OK) != 0) {
+@@ -71,27 +71,27 @@ void setup_ecdsa_keys() {
+     }
+ }
+ 
+-void cleanup_rsa_key() {
++void cleanup_rsa_key(void) {
+     cleanup_key(LIBSSH_RSA_TESTKEY);
+ }
+ 
+-void cleanup_ed25519_key() {
++void cleanup_ed25519_key(void) {
+     cleanup_key(LIBSSH_ED25519_TESTKEY);
+ }
+ 
+ #ifdef HAVE_DSA
+-void cleanup_dsa_key() {
++void cleanup_dsa_key(void) {
+     cleanup_key(LIBSSH_DSA_TESTKEY);
+ }
+ #endif
+ 
+-void cleanup_ecdsa_keys() {
++void cleanup_ecdsa_keys(void) {
+     cleanup_key(LIBSSH_ECDSA_256_TESTKEY);
+     cleanup_key(LIBSSH_ECDSA_384_TESTKEY);
+     cleanup_key(LIBSSH_ECDSA_521_TESTKEY);
+ }
+ 
+-void setup_openssh_client_keys() {
++void setup_openssh_client_keys(void) {
+     int rc = 0;
+ 
+     if (access(OPENSSH_CA_TESTKEY, F_OK) != 0) {
+@@ -184,7 +184,7 @@ void setup_openssh_client_keys() {
+     }
+ }
+ 
+-void cleanup_openssh_client_keys() {
++void cleanup_openssh_client_keys(void) {
+     cleanup_key(OPENSSH_CA_TESTKEY);
+     cleanup_key(OPENSSH_RSA_TESTKEY);
+     cleanup_file(OPENSSH_RSA_TESTKEY "-sha256-cert.pub");
+@@ -199,7 +199,7 @@ void cleanup_openssh_client_keys() {
+     }
+ }
+ 
+-void setup_dropbear_client_rsa_key() {
++void setup_dropbear_client_rsa_key(void) {
+     int rc = 0;
+     if (access(DROPBEAR_RSA_TESTKEY, F_OK) != 0) {
+         rc = system_checked(DROPBEAR_KEYGEN " -t rsa -f "
+@@ -208,6 +208,6 @@ void setup_dropbear_client_rsa_key() {
+     assert_int_equal(rc, 0);
+ }
+ 
+-void cleanup_dropbear_client_rsa_key() {
++void cleanup_dropbear_client_rsa_key(void) {
+     unlink(DROPBEAR_RSA_TESTKEY);
+ }
+-- 
+2.33.0
+

_service:tar_scm:backport-packet-do-not-enqueue-outgoing-packets-after-sending.patch Added

@@ -0,0 +1,58 @@
+From 346e6db31824571727c0fb76bb5747d7e9a28f89 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Carlos=20Mart=C3=ADn=20Nieto?= <carlosmn@github.com>
+Date: Wed, 7 Sep 2022 15:26:01 +0200
+Subject: PATCH packet: do not enqueue outgoing packets after sending
+ SSH2_MSG_NEWKEYS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When we decide we need to rekey, we enqueue any further packets until we've sent
+our SSH2_MSG_NEWKEYS message, after which we dequeue these packets and send them
+to the other side. This enqueueing is done based on ssh_packet_in_rekey checking
+the session flags and whether DH handshake state is marked as finished.
+
+However, the handshake state is not reset to DH_STATE_FINISHED until the other
+side has sent us their new keys. This leaves a gap between sending our new keys
+and receiving the other side's new keys where we would still decide to enqueue a
+packet.
+
+These enqueued packets will not be dequeued as we've already sent our new keys.
+Once we've received the other side's new keys, we'll go back to a finished
+handshake and we will send out our caller's new data, skipping however much data
+we've enqueued.
+
+Fix this by changing ssh_packet_in_rekey to return false once we've sent our new
+keys.
+
+Signed-off-by: Carlos Martín Nieto <carlosmn@github.com>
+Reviewed-by: Jakub Jelen <jjelen@redhat.com>
+
+Conflict:NA
+Reference:https://git.libssh.org/projects/libssh.git/commit?id=346e6db318
+---
+ src/packet.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/packet.c b/src/packet.c
+index f9d37dea..353b04e1 100644
+--- a/src/packet.c
++++ b/src/packet.c
+@@ -1755,10 +1755,12 @@ static bool
+ ssh_packet_in_rekey(ssh_session session)
+ {
+     /* We know we are rekeying if we are authenticated and the DH
+-     * status is not finished
++     * status is not finished, but we only queue packets until we've
++     * sent our NEWKEYS.
+      */
+     return (session->flags & SSH_SESSION_FLAG_AUTHENTICATED) &&
+-           (session->dh_handshake_state != DH_STATE_FINISHED);
++           (session->dh_handshake_state != DH_STATE_FINISHED) &&
++           (session->dh_handshake_state != DH_STATE_NEWKEYS_SENT);
+ }
+ 
+ int ssh_packet_send(ssh_session session)
+-- 
+2.23.0
+