diff options
author | Nicolas Viennot <nicolas@viennot.biz> | 2013-08-16 13:24:09 -0400 |
---|---|---|
committer | Nicolas Viennot <nicolas@viennot.biz> | 2013-08-16 13:32:26 -0400 |
commit | 246bec30bc92c8cbb08eed7cadc6257608cc8491 (patch) | |
tree | 671cf3d85eb2bbac507be383f1b339395ffde8d8 | |
parent | aab28e379685c1c2b839c105662047b606a3d595 (diff) |
Updated libssh
83 files changed, 4631 insertions, 1243 deletions
diff --git a/libssh/CMakeLists.txt b/libssh/CMakeLists.txt index 81ac5884..e783c2b4 100644 --- a/libssh/CMakeLists.txt +++ b/libssh/CMakeLists.txt @@ -67,6 +67,10 @@ endif(WITH_GCRYPT) set(CMAKE_THREAD_PREFER_PTHREADS ON) find_package(Threads) +if (WITH_GSSAPI) + find_package(GSSAPI) +endif (WITH_GSSAPI) + # config.h checks include(ConfigureChecks.cmake) configure_file(config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/config.h) @@ -122,6 +126,7 @@ message(STATUS "libgcrypt support: ${WITH_GCRYPT}") message(STATUS "SSH-1 support: ${WITH_SSH1}") message(STATUS "SFTP support: ${WITH_SFTP}") message(STATUS "Server support : ${WITH_SERVER}") +message(STATUS "GSSAPI support : ${WITH_GSSAPI}") message(STATUS "Pcap debugging support : ${WITH_PCAP}") message(STATUS "With static library: ${WITH_STATIC_LIB}") message(STATUS "Unit testing: ${WITH_TESTING}") diff --git a/libssh/CTestConfig.cmake b/libssh/CTestConfig.cmake index d8a41831..20d2e8f5 100644 --- a/libssh/CTestConfig.cmake +++ b/libssh/CTestConfig.cmake @@ -1,7 +1,7 @@ set(UPDATE_TYPE "true") set(CTEST_PROJECT_NAME "libssh") -set(CTEST_NIGHTLY_START_TIME "01:00:00 CET") +set(CTEST_NIGHTLY_START_TIME "01:00:00 UTC") set(CTEST_DROP_METHOD "http") set(CTEST_DROP_SITE "test.libssh.org") diff --git a/libssh/ChangeLog b/libssh/ChangeLog index 5bc0784a..6f4d906c 100644 --- a/libssh/ChangeLog +++ b/libssh/ChangeLog @@ -1,13 +1,75 @@ ChangeLog ========== -version 0.5.x (released 2012-xx-xx) - * Added new PKI infrastructure. - * Added simplified user auth functions. - * Added ECDSA pubkey support. - * Added ECDSA hostkey support. - * Added diffie-hellman-group14-sha1 support. - * Fixed a ton of bugs. +version 0.6.0 (released 2013-XX-XX) + * Added new publicy key API. + * Added new userauth API. + * Added gssapi-mic userauth. + * Added new callback based server API. + * Added Elliptic Curve DSA (ECDSA) support (with OpenSSL). + * Added Elliptic Curve Diffie Hellman (ECDH) support. + * Added improved logging system. + * Added SSH-agent forwarding. + * Added key-reexchange. + * Improved documentation. + * Fixed timeout handling. + +version 0.5.5 (released 2013-07-26) + * BUG 103: Fix ProxyCommand parsing. + * Fix setting -D_FORTIFY_SOURCE=2. + * Fix pollset error return if emtpy. + * Fix NULL pointer checks in channel functions. + * Several bugfixes. + +version 0.5.4 (released 2013-01-22) + * CVE-2013-0176 - NULL dereference leads to denial of service + * Fixed several NULL pointer dereferences in SSHv1. + * Fixed a free crash bug in options parsing. + +version 0.5.3 (released 2012-11-20) + * CVE-2012-4559 Fixed multiple double free() flaws. + * CVE-2012-4560 Fixed multiple buffer overflow flaws. + * CVE-2012-4561 Fixed multiple invalid free() flaws. + * BUG #84 - Fix bug in sftp_mkdir not returning on error. + * BUG #85 - Fixed a possible channel infinite loop if the connection dropped. + * BUG #88 - Added missing channel request_state and set it to accepted. + * BUG #89 - Reset error state to no error on successful SSHv1 authentiction. + * Fixed a possible use after free in ssh_free(). + * Fixed multiple possible NULL pointer dereferences. + * Fixed multiple memory leaks in error paths. + * Fixed timeout handling. + * Fixed regression in pre-connected socket setting. + * Handle all unknown global messages. + +version 0.5.2 (released 2011-09-17) + * Increased window size x10. + * Fixed SSHv1. + * Fixed bugged lists. + * Fixed use-after-free + inconsistent callbacks call in poll. + * Fixed scp documentation. + * Fixed possible infinite loop in channel_read(). + * Fixed handling of short reads of sftp_async_read(). + * Fixed handling request service timeout in blocking mode. + * Fixed ssh_auth_list() documentation. + * Fixed incorrect return values in ssh_channel_write(). + * Fixed an infinite loop in the termination callback. + * Fixed handling of SSH_AGAIN in channel_open(). + * Fixed "status -5 inflating zlib packet" + +version 0.5.1 (released 2011-08-09) + * Added checks for NULL pointers in string.c. + * Set the channel max packet size to 32768. + * Don't (de)compress empty buffers. + * Fixed ssh_scp_write so it works when doing recursive copy. + * Fixed another source of endless wait. + * Fixed an endless loop in case of a channel_open error. + * Fixed session timeout handling. + * Fixed ssh_channel_from_local() loop. + * Fixed permissions of scp example when we copy a file. + * Workaround ssh_get_user_home_dir on LDAP users. + * Added pkg-config support for libssh_threads. + * Fixed compilation without server and sftp modes. + * Fix static .lib overwriting on Windows. version 0.5.0 (released 2011-06-01) * Added ssh_ prefix to all functions. diff --git a/libssh/ConfigureChecks.cmake b/libssh/ConfigureChecks.cmake index b0485d98..1c89c4c7 100644 --- a/libssh/ConfigureChecks.cmake +++ b/libssh/ConfigureChecks.cmake @@ -49,6 +49,7 @@ endif(CMAKE_COMPILER_IS_GNUCC AND NOT MINGW AND NOT OS2) check_include_file(argp.h HAVE_ARGP_H) check_include_file(pty.h HAVE_PTY_H) check_include_file(termios.h HAVE_TERMIOS_H) +check_include_file(unistd.h HAVE_UNISTD_H) if (WIN32) check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H) @@ -56,12 +57,6 @@ if (WIN32) message(STATUS "WARNING: Without wspiapi.h, this build will only work on Windows XP and newer versions") endif (NOT HAVE_WSPIAPI_H) check_include_files("winsock2.h;ws2tcpip.h" HAVE_WS2TCPIP_H) - if (HAVE_WSPIAPI_H OR HAVE_WS2TCPIP_H) - set(HAVE_GETADDRINFO TRUE) - set(HAVE_GETHOSTBYNAME TRUE) - endif (HAVE_WSPIAPI_H OR HAVE_WS2TCPIP_H) - - set(HAVE_SELECT TRUE) endif (WIN32) set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIRS}) @@ -101,12 +96,30 @@ endif (NOT WITH_GCRYPT) check_function_exists(strncpy HAVE_STRNCPY) check_function_exists(vsnprintf HAVE_VSNPRINTF) check_function_exists(snprintf HAVE_SNPRINTF) +check_function_exists(poll HAVE_POLL) +check_function_exists(select HAVE_SELECT) +check_function_exists(getaddrinfo HAVE_GETADDRINFO) +check_function_exists(ntohll HAVE_NTOHLL) +check_function_exists(htonll HAVE_HTONLL) if (WIN32) + check_function_exists(_strtoui64 HAVE__STRTOUI64) + check_function_exists(_vsnprintf_s HAVE__VSNPRINTF_S) check_function_exists(_vsnprintf HAVE__VSNPRINTF) check_function_exists(_snprintf HAVE__SNPRINTF) check_function_exists(_snprintf_s HAVE__SNPRINTF_S) + + if (HAVE_WSPIAPI_H OR HAVE_WS2TCPIP_H) + set(HAVE_GETADDRINFO TRUE) + set(HAVE_GETHOSTBYNAME TRUE) + if (MSVC) + set(HAVE_NTOHLL TRUE) + set(HAVE_HTONLL TRUE) + endif (MSVC) + endif (HAVE_WSPIAPI_H OR HAVE_WS2TCPIP_H) + + set(HAVE_SELECT TRUE) endif (WIN32) if (UNIX) @@ -114,7 +127,8 @@ if (UNIX) # libsocket (Solaris) check_library_exists(socket getaddrinfo "" HAVE_LIBSOCKET) if (HAVE_LIBSOCKET) - set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} socket) + set(HAVE_GETADDRINFO TRUE) + set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES} socket) endif (HAVE_LIBSOCKET) # libnsl/inet_pton (Solaris) @@ -133,12 +147,7 @@ if (UNIX) endif (HAVE_LIBRT OR HAVE_CLOCK_GETTIME) check_library_exists(util forkpty "" HAVE_LIBUTIL) - check_function_exists(getaddrinfo HAVE_GETADDRINFO) - check_function_exists(poll HAVE_POLL) - check_function_exists(select HAVE_SELECT) check_function_exists(cfmakeraw HAVE_CFMAKERAW) - check_function_exists(ntohll HAVE_NTOHLL) - check_function_exists(htonll HAVE_HTONLL) check_function_exists(strtoull HAVE_STRTOULL) check_function_exists(__strtoull HAVE___STRTOULL) endif (UNIX) @@ -165,6 +174,32 @@ if (CMAKE_HAVE_THREADS_LIBRARY) endif (CMAKE_HAVE_THREADS_LIBRARY) # OPTIONS +check_c_source_compiles(" +__thread int tls; + +int main(void) { + return 0; +}" HAVE_GCC_THREAD_LOCAL_STORAGE) + +check_c_source_compiles(" +__declspec(thread) int tls; + +int main(void) { + return 0; +}" HAVE_MSC_THREAD_LOCAL_STORAGE) + +check_c_source_compiles(" +#include <string.h> + +int main(void) +{ + char buf[] = \"This is some content\"; + + memset(buf, '\\\\0', sizeof(buf)); __asm__ volatile(\"\" : : \"r\"(&buf) : \"memory\"); + + return 0; +}" HAVE_GCC_VOLATILE_MEMORY_PROTECTION) + if (WITH_DEBUG_CRYPTO) set(DEBUG_CRYPTO 1) endif (WITH_DEBUG_CRYPTO) @@ -173,6 +208,10 @@ if (WITH_DEBUG_CALLTRACE) set(DEBUG_CALLTRACE 1) endif (WITH_DEBUG_CALLTRACE) +if (WITH_GSSAPI AND NOT GSSAPI_FOUND) + set(WITH_GSSAPI 0) +endif (WITH_GSSAPI AND NOT GSSAPI_FOUND) + # ENDIAN if (NOT WIN32) test_big_endian(WORDS_BIGENDIAN) diff --git a/libssh/DefineOptions.cmake b/libssh/DefineOptions.cmake index ea8265c0..6913f040 100644 --- a/libssh/DefineOptions.cmake +++ b/libssh/DefineOptions.cmake @@ -1,3 +1,4 @@ +option(WITH_GSSAPI "Build with GSSAPI support" ON) option(WITH_ZLIB "Build with ZLIB support" ON) option(WITH_SSH1 "Build with SSH1 support" OFF) option(WITH_SFTP "Build with SFTP support" ON) diff --git a/libssh/INSTALL b/libssh/INSTALL index a772b824..25960367 100644 --- a/libssh/INSTALL +++ b/libssh/INSTALL @@ -21,7 +21,7 @@ build and run libssh successfully with an older version, please let us know. Windows binaries known to be working: - http://www.slproweb.com/products/Win32OpenSSL.html -- http://www.winimage.com/zLibDll/index.html +- http://zlib.net/ -> zlib compiled DLL We installed them in C:\Program Files @@ -34,7 +34,9 @@ GNU/Linux, MacOS X, MSYS/MinGW: cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Debug .. make -On Windows you should choose a makefile gernerator with -G. +On Windows you should choose a makefile gernerator with -G or use + + cmake-gui.exe .. ### CMake standard options Here is a list of the most interesting options provided out of the box by @@ -86,7 +88,7 @@ If you want to install libssh after compilation run: ## Running -The libssh binary can be found in the `build/libssh` directory. +The libssh binary can be found in the `build/src` directory. You can use `build/examples/samplessh` which is a sample client to test libssh on UNIX. diff --git a/libssh/cmake/Modules/DefineCompilerFlags.cmake b/libssh/cmake/Modules/DefineCompilerFlags.cmake index 582ea1ca..0ab8802c 100644 --- a/libssh/cmake/Modules/DefineCompilerFlags.cmake +++ b/libssh/cmake/Modules/DefineCompilerFlags.cmake @@ -28,10 +28,10 @@ if (UNIX AND NOT WIN32) if (CMAKE_BUILD_TYPE) string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER) - if (NOT CMAKE_BUILD_TYPE_LOWER MATCHES debug) - check_c_compiler_flag("-D_FORTIFY_SOURCE=2" WITH_FORTIFY_SOURCE) + if (CMAKE_BUILD_TYPE_LOWER MATCHES (release|relwithdebinfo|minsizerel)) + check_c_compiler_flag("-Wp,-D_FORTIFY_SOURCE=2" WITH_FORTIFY_SOURCE) if (WITH_FORTIFY_SOURCE) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_FORTIFY_SOURCE=2") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wp,-D_FORTIFY_SOURCE=2") endif (WITH_FORTIFY_SOURCE) endif() endif() diff --git a/libssh/cmake/Modules/FindCMocka.cmake b/libssh/cmake/Modules/FindCMocka.cmake index 2dd9fc5f..76b4ba74 100644 --- a/libssh/cmake/Modules/FindCMocka.cmake +++ b/libssh/cmake/Modules/FindCMocka.cmake @@ -21,6 +21,23 @@ #============================================================================= # +set(_CMOCKA_ROOT_HINTS +) + +set(_CMOCKA_ROOT_PATHS + "$ENV{PROGRAMFILES}/cmocka" +) + +find_path(CMOCKA_ROOT_DIR + NAMES + include/cmocka.h + HINTS + ${_CMOCKA_ROOT_HINTS} + PATHS + ${_CMOCKA_ROOT_PATHS} +) +mark_as_advanced(CMOCKA_ROOT_DIR) + find_path(CMOCKA_INCLUDE_DIR NAMES cmocka.h @@ -32,7 +49,7 @@ find_library(CMOCKA_LIBRARY NAMES cmocka PATHS - ${CMOCKA_ROOT_DIR}/include + ${CMOCKA_ROOT_DIR}/lib ) if (CMOCKA_LIBRARY) diff --git a/libssh/cmake/Modules/FindGSSAPI.cmake b/libssh/cmake/Modules/FindGSSAPI.cmake new file mode 100644 index 00000000..8520d35d --- /dev/null +++ b/libssh/cmake/Modules/FindGSSAPI.cmake @@ -0,0 +1,324 @@ +# - Try to find GSSAPI +# Once done this will define +# +# KRB5_CONFIG - Path to krb5-config +# GSSAPI_ROOT_DIR - Set this variable to the root installation of GSSAPI +# +# Read-Only variables: +# GSSAPI_FLAVOR_MIT - set to TURE if MIT Kerberos has been found +# GSSAPI_FLAVOR_HEIMDAL - set to TRUE if Heimdal Keberos has been found +# GSSAPI_FOUND - system has GSSAPI +# GSSAPI_INCLUDE_DIR - the GSSAPI include directory +# GSSAPI_LIBRARIES - Link these to use GSSAPI +# GSSAPI_DEFINITIONS - Compiler switches required for using GSSAPI +# +#============================================================================= +# Copyright (c) 2013 Andreas Schneider <asn@cryptomilk.org> +# +# Distributed under the OSI-approved BSD License (the "License"); +# see accompanying file Copyright.txt for details. +# +# This software is distributed WITHOUT ANY WARRANTY; without even the +# implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# See the License for more information. +#============================================================================= +# + +find_path(GSSAPI_ROOT_DIR + NAMES + include/gssapi.h + include/gssapi/gssapi.h + HINTS + ${_GSSAPI_ROOT_HINTS} + PATHS + ${_GSSAPI_ROOT_PATHS} +) +mark_as_advanced(GSSAPI_ROOT_DIR) + +if (UNIX) + find_program(KRB5_CONFIG + NAMES + krb5-config + PATHS + ${GSSAPI_ROOT_DIR}/bin + /opt/local/bin) + mark_as_advanced(KRB5_CONFIG) + + if (KRB5_CONFIG) + # Check if we have MIT KRB5 + execute_process( + COMMAND + ${KRB5_CONFIG} --vendor + RESULT_VARIABLE + _GSSAPI_VENDOR_RESULT + OUTPUT_VARIABLE + _GSSAPI_VENDOR_STRING) + + if (_GSSAPI_VENDOR_STRING MATCHES ".*Massachusetts.*") + set(GSSAPI_FLAVOR_MIT TRUE) + else() + execute_process( + COMMAND + ${KRB5_CONFIG} --libs gssapi + RESULT_VARIABLE + _GSSAPI_LIBS_RESULT + OUTPUT_VARIABLE + _GSSAPI_LIBS_STRING) + + if ( |