Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package rubygem-net-ssh for openSUSE:Factory
checked in at 2023-11-05 12:18:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/rubygem-net-ssh (Old)
and /work/SRC/openSUSE:Factory/.rubygem-net-ssh.new.17445 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-net-ssh"
Sun Nov 5 12:18:43 2023 rev:36 rq:1123183 version:7.2.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/rubygem-net-ssh/rubygem-net-ssh.changes
2022-09-27 20:13:08.845723369 +0200
+++
/work/SRC/openSUSE:Factory/.rubygem-net-ssh.new.17445/rubygem-net-ssh.changes
2023-11-05 12:18:57.117484946 +0100
@@ -1,0 +2,39 @@
+Fri Nov 3 07:47:49 UTC 2023 - Dan Äermák <[email protected]>
+
+- === 7.2.0
+
+ * Add debugging information for algorithm of pubkey in use [#918]
+
+=== 7.2.0 rc1
+
+ * Allow IdentityAgent as option to Net::SSH.start [#912]
+
+=== 7.2.0 beta1
+
+ * Support `[email protected]` cypher if `RbNaCl` gem is
installed [#908]
+
+=== 7.1.0
+
+ * Accept pubkey_algorithms option when starting a new connection [#891]
+
+=== 7.1.0 beta1
+
+ * Don't use the deprecated set_XXX methods on RSA keys. [#875]
+ * Raise error when BCryptPbkdf fails [#876]
+
+=== 7.0.1
+
+ * Drop leftover debug statement [#866]
+
+=== 7.0.0
+
+ * BREAKING: Drop support for Ruby 2.5
+ * Fix decoding of ecdsa-sha2-nistp256 private keys [#657, #854]
+ * Fix missing require [#855]
+ * Support `~` in the path to the SSH agent's unix socket [#850]
+ * Add support for RSA client authentication with SHA-2 [a45f54]
+ * openssl: DSA: don't hardcode expected signature size, see ruby/openssl#483
[23a15c]
+ * Internal housekeeping (rubocop, codecov, remove travis, adding/improving
tests)
+
+
+-------------------------------------------------------------------
Old:
----
net-ssh-7.0.1.gem
New:
----
net-ssh-7.2.0.gem
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ rubygem-net-ssh.spec ++++++
--- /var/tmp/diff_new_pack.lViEYw/_old 2023-11-05 12:18:57.917514294 +0100
+++ /var/tmp/diff_new_pack.lViEYw/_new 2023-11-05 12:18:57.917514294 +0100
@@ -1,7 +1,7 @@
#
# spec file for package rubygem-net-ssh
#
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
#
Name: rubygem-net-ssh
-Version: 7.0.1
+Version: 7.2.0
Release: 0
%define mod_name net-ssh
%define mod_full_name %{mod_name}-%{version}
@@ -34,16 +34,14 @@
%define rb_build_ruby_abis ruby:3.1.0 ruby:2.7.0
%endif
# /MANUAL
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: ruby-macros >= 5
BuildRequires: %{ruby >= 2.6}
BuildRequires: %{rubygem gem2rpm}
-BuildRequires: ruby-macros >= 5
URL: https://github.com/net-ssh/net-ssh
Source: https://rubygems.org/gems/%{mod_full_name}.gem
Source1: gem2rpm.yml
Summary: Net::SSH: a pure-Ruby implementation of the SSH2 client
protocol
License: MIT
-Group: Development/Languages/Ruby
%description
Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows
@@ -56,7 +54,7 @@
%install
%gem_install \
- --no-document \
+ --no-rdoc --no-ri \
--doc-files="CHANGES.txt LICENSE.txt README.md" \
-f
++++++ net-ssh-7.0.1.gem -> net-ssh-7.2.0.gem ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.github/FUNDING.yml new/.github/FUNDING.yml
--- old/.github/FUNDING.yml 1970-01-01 01:00:00.000000000 +0100
+++ new/.github/FUNDING.yml 2023-07-30 12:54:48.000000000 +0200
@@ -0,0 +1 @@
+github: [mfazekas]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.github/workflows/ci-with-docker.yml
new/.github/workflows/ci-with-docker.yml
--- old/.github/workflows/ci-with-docker.yml 2022-06-26 07:02:04.000000000
+0200
+++ new/.github/workflows/ci-with-docker.yml 2023-07-30 12:54:48.000000000
+0200
@@ -12,7 +12,7 @@
steps:
- name: Checkout code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Build docker images
run: docker-compose build
@@ -35,7 +35,7 @@
steps:
- name: Checkout code
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Build docker images
run: docker build -t netssh_openssl3 -f Dockerfile.openssl3 .
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.github/workflows/ci.yml new/.github/workflows/ci.yml
--- old/.github/workflows/ci.yml 2022-06-26 07:02:04.000000000 +0200
+++ new/.github/workflows/ci.yml 2023-07-30 12:54:48.000000000 +0200
@@ -4,12 +4,12 @@
push: { branches: master }
jobs:
test:
- runs-on: ubuntu-18.04
+ runs-on: ubuntu-22.04
strategy:
matrix:
- ruby-version: [2.6.6, 2.7.2, 3.0.1, 3.1.1]
+ ruby-version: [2.6.10, 2.7.7, 3.0.6, 3.1.3, 3.2.1]
steps:
- - uses: actions/checkout@v1
+ - uses: actions/checkout@v3
- name: Set up Ruby ${{ matrix.ruby-version }}
uses: ruby/setup-ruby@v1
@@ -77,6 +77,12 @@
env:
NET_SSH_RUN_INTEGRATION_TESTS: 1
CI: 1
+ - name: Run tests (without rbnacl)
+ run: bundle exec rake test
+ env:
+ BUNDLE_GEMFILE: ./Gemfile.norbnacl
+ NET_SSH_RUN_INTEGRATION_TESTS: 1
+ CI: 1
- name: Run Tests (without ed25519)
run: bundle exec rake test
env:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.github/workflows/rubocop.yml
new/.github/workflows/rubocop.yml
--- old/.github/workflows/rubocop.yml 2022-06-26 07:02:04.000000000 +0200
+++ new/.github/workflows/rubocop.yml 2023-07-30 12:54:48.000000000 +0200
@@ -6,8 +6,11 @@
build:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@v2
- - name: Rubocop Linter Action
- uses: andrewmcodes/[email protected]
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ - uses: actions/checkout@v3
+ - name: Set up Ruby 3.1
+ uses: ruby/setup-ruby@v1
+ with:
+ ruby-version: 3.1
+ bundler-cache: true
+ - name: Run RuboCop
+ run: bundle exec rubocop
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/.rubocop_todo.yml new/.rubocop_todo.yml
--- old/.rubocop_todo.yml 2022-06-26 07:02:04.000000000 +0200
+++ new/.rubocop_todo.yml 2023-07-30 12:54:48.000000000 +0200
@@ -251,7 +251,7 @@
# Offense count: 33
# Configuration parameters: CountComments, CountAsOne.
Metrics/ClassLength:
- Max: 488
+ Max: 350
# Offense count: 38
# Configuration parameters: IgnoredMethods.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/CHANGES.txt new/CHANGES.txt
--- old/CHANGES.txt 2022-06-26 07:02:04.000000000 +0200
+++ new/CHANGES.txt 2023-07-30 12:54:48.000000000 +0200
@@ -1,3 +1,38 @@
+=== 7.2.0
+
+ * Add debugging information for algorithm of pubkey in use [#918]
+
+=== 7.2.0 rc1
+
+ * Allow IdentityAgent as option to Net::SSH.start [#912]
+
+=== 7.2.0 beta1
+
+ * Support `[email protected]` cypher if `RbNaCl` gem is
installed [#908]
+
+=== 7.1.0
+
+ * Accept pubkey_algorithms option when starting a new connection [#891]
+
+=== 7.1.0 beta1
+
+ * Don't use the deprecated set_XXX methods on RSA keys. [#875]
+ * Raise error when BCryptPbkdf fails [#876]
+
+=== 7.0.1
+
+ * Drop leftover debug statement [#866]
+
+=== 7.0.0
+
+ * BREAKING: Drop support for Ruby 2.5
+ * Fix decoding of ecdsa-sha2-nistp256 private keys [#657, #854]
+ * Fix missing require [#855]
+ * Support `~` in the path to the SSH agent's unix socket [#850]
+ * Add support for RSA client authentication with SHA-2 [a45f54]
+ * openssl: DSA: don't hardcode expected signature size, see ruby/openssl#483
[23a15c]
+ * Internal housekeeping (rubocop, codecov, remove travis, adding/improving
tests)
+
=== 6.3.0 beta1
* Support cert based host key auth, fix asterisk in known_hosts [#833]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/DEVELOPMENT.md new/DEVELOPMENT.md
--- old/DEVELOPMENT.md 1970-01-01 01:00:00.000000000 +0100
+++ new/DEVELOPMENT.md 2023-07-30 12:54:48.000000000 +0200
@@ -0,0 +1,23 @@
+### Development notes
+
+## Building/running ssh server in debug mode
+
+clone the openssh server from `https://github.com/openssh/openssh-portable`
+
+```sh
+brew install openssl
+/usr/local/Cellar/openssl@3/3.1.0/bin/openssl
+
+autoreconf
+./configure --with-ssl-dir=/usr/local/Cellar/openssl@3/3.1.0/
--with-audit=debug --enable-debug CPPFLAGS="-DDEBUG -DPACKET_DEBUG" CFLAGS="-g
-O0"
+make
+```
+
+To run server in debug mode:
+```sh
+echo '#' > /tmp/sshd_config
+ssh-keygen -t rsa -f /tmp/ssh_host_rsa_key
+# /Users/boga/Work/OSS/NetSSH/openssh-portable/sshd -p 2222 -D -d -d -d -e -f
/tmp/sshd_config
+/Users/boga/Work/OSS/NetSSH/openssh-portable/sshd -p 2222 -D -d -d -d -e -f
/tmp/sshd_config -h /tmp/ssh_host_rsa_key
+
+```
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Dockerfile new/Dockerfile
--- old/Dockerfile 2022-06-26 07:02:04.000000000 +0200
+++ new/Dockerfile 2023-07-30 12:54:48.000000000 +0200
@@ -1,7 +1,7 @@
ARG RUBY_VERSION=3.1
FROM ruby:${RUBY_VERSION}
-RUN apt update && apt install -y openssh-server sudo netcat \
+RUN apt update && apt install -y openssh-server sudo netcat-openbsd \
&& useradd --create-home --shell '/bin/bash' --comment 'NetSSH' 'net_ssh_1' \
&& useradd --create-home --shell '/bin/bash' --comment 'NetSSH' 'net_ssh_2' \
&& echo net_ssh_1:foopwd | chpasswd \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Gemfile.norbnacl new/Gemfile.norbnacl
--- old/Gemfile.norbnacl 1970-01-01 01:00:00.000000000 +0100
+++ new/Gemfile.norbnacl 2023-07-30 12:54:48.000000000 +0200
@@ -0,0 +1,12 @@
+source 'https://rubygems.org'
+
+ENV['NET_SSH_NO_RBNACL'] = 'true'
+# Specify your gem's dependencies in mygem.gemspec
+gemspec
+
+if ENV["CI"] && !Gem.win_platform?
+ gem 'simplecov', require: false, group: :test
+ gem 'codecov', require: false, group: :test
+end
+
+gem 'webrick', group: %i[development test] if RUBY_VERSION.split(".")[0].to_i
>= 3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/README.md new/README.md
--- old/README.md 2022-06-26 07:02:04.000000000 +0200
+++ new/README.md 2023-07-30 12:54:48.000000000 +0200
@@ -5,7 +5,7 @@
[](#backers])
[](#sponsors)
-# Net::SSH 6.x
+# Net::SSH 7.x
* Docs: http://net-ssh.github.io/net-ssh
* Issues: https://github.com/net-ssh/net-ssh/issues
@@ -33,7 +33,7 @@
It is possible to return to the previous behavior by adding the option :
`append_all_supported_algorithms: true`
-Unsecure algoritms will definitely be removed in Net::SSH 7.*.
+Unsecure algoritms will definitely be removed in Net::SSH 8.*.
### Host Keys
@@ -44,7 +44,7 @@
| ecdsa-sha2-nistp521 | OK | [using weak elliptic
curves](https://safecurves.cr.yp.to/) |
| ecdsa-sha2-nistp384 | OK | [using weak elliptic
curves](https://safecurves.cr.yp.to/) |
| ecdsa-sha2-nistp256 | OK | [using weak elliptic
curves](https://safecurves.cr.yp.to/) |
-| ssh-dss | Deprecated in 6.0 | unsecure, will be removed in
7.0 |
+| ssh-dss | Deprecated in 6.0 | unsecure, will be removed in
8.0 |
### Key Exchange
@@ -54,9 +54,9 @@
| ecdh-sha2-nistp521 | OK | [using weak
elliptic curves](https://safecurves.cr.yp.to/) |
| ecdh-sha2-nistp384 | OK | [using weak
elliptic curves](https://safecurves.cr.yp.to/) |
| ecdh-sha2-nistp256 | OK | [using weak
elliptic curves](https://safecurves.cr.yp.to/) |
-| diffie-hellman-group1-sha1 | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
+| diffie-hellman-group1-sha1 | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
| diffie-hellman-group14-sha1 | OK | |
-| diffie-hellman-group-exchange-sha1 | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
+| diffie-hellman-group-exchange-sha1 | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
| diffie-hellman-group-exchange-sha256 | OK | |
### Encryption algorithms (ciphers)
@@ -64,13 +64,14 @@
| Name | Support | Details |
|--------------------------------------|-----------------------|----------|
| aes256-ctr / aes192-ctr / aes128-ctr | OK | |
-| aes256-cbc / aes192-cbc / aes128-cbc | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
-| [email protected] | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
-| blowfish-ctr blowfish-cbc | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
-| cast128-ctr cast128-cbc | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
-| 3des-ctr 3des-cbc | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
-| idea-cbc | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
-| none | Deprecated in 6.0 | unsecure,
will be removed in 7.0 |
+| [email protected] | OK. | Requires the
gem `rbnacl` |
+| aes256-cbc / aes192-cbc / aes128-cbc | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
+| [email protected] | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
+| blowfish-ctr blowfish-cbc | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
+| cast128-ctr cast128-cbc | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
+| 3des-ctr 3des-cbc | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
+| idea-cbc | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
+| none | Deprecated in 6.0 | unsecure,
will be removed in 8.0 |
### Message Authentication Code algorithms
@@ -80,14 +81,14 @@
| hmac-sha2-256-etm | OK | |
| hmac-sha2-512 | OK | |
| hmac-sha2-256 | OK | |
-| hmac-sha2-512-96 | Deprecated in 6.0 | removed from the
specification, will be removed in 7.0 |
-| hmac-sha2-256-96 | Deprecated in 6.0 | removed from the
specification, will be removed in 7.0 |
+| hmac-sha2-512-96 | Deprecated in 6.0 | removed from the
specification, will be removed in 8.0 |
+| hmac-sha2-256-96 | Deprecated in 6.0 | removed from the
specification, will be removed in 8.0 |
| hmac-sha1 | OK | for backward compatibility
|
-| hmac-sha1-96 | Deprecated in 6.0 | unsecure, will be removed in
7.0 |
-| hmac-ripemd160 | Deprecated in 6.0 | unsecure, will be removed in
7.0 |
-| hmac-md5 | Deprecated in 6.0 | unsecure, will be removed in
7.0 |
-| hmac-md5-96 | Deprecated in 6.0 | unsecure, will be removed in
7.0 |
-| none | Deprecated in 6.0 | unsecure, will be removed in
7.0 |
+| hmac-sha1-96 | Deprecated in 6.0 | unsecure, will be removed in
8.0 |
+| hmac-ripemd160 | Deprecated in 6.0 | unsecure, will be removed in
8.0 |
+| hmac-md5 | Deprecated in 6.0 | unsecure, will be removed in
8.0 |
+| hmac-md5-96 | Deprecated in 6.0 | unsecure, will be removed in
8.0 |
+| none | Deprecated in 6.0 | unsecure, will be removed in
8.0 |
## SYNOPSIS:
@@ -247,6 +248,10 @@
gem cert --add net-ssh-public_cert.pem
```
+## Security contact information
+
+See [SECURITY.md](SECURITY.md)
+
## CREDITS
### Contributors
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Rakefile new/Rakefile
--- old/Rakefile 2022-06-26 07:02:04.000000000 +0200
+++ new/Rakefile 2023-07-30 12:54:48.000000000 +0200
@@ -55,6 +55,60 @@
end
end
+def change_version(&block)
+ version_file = 'lib/net/ssh/version.rb'
+ require_relative version_file
+ pre = Net::SSH::Version::PRE
+ result = block[pre: pre]
+ raise "Version change logic should always return a pre", ArgumentError
unless result.key?(:pre)
+
+ new_pre = result[:pre]
+ found = false
+ File.open("#{version_file}.new", "w") do |f|
+ File.readlines(version_file).each do |line|
+ match = /^(\s+PRE\s+=\s+")#{pre}("\s*)$/.match(line)
+ if match
+ prefix = match[1]
+ postfix = match[2]
+ if new_pre.nil?
+ prefix.delete_suffix!('"')
+ postfix.delete_prefix!('"')
+ end
+ new_line = "#{prefix}#{new_pre.inspect}#{postfix}"
+ puts "Changing:\n - #{line} + #{new_line}"
+ line = new_line
+ found = true
+ end
+ f.write(line)
+ end
+ raise ArugmentError, "Cound not find line: PRE = \"#{pre}\" in
#{version_file}" unless found
+ end
+
+ FileUtils.mv version_file, "#{version_file}.old"
+ FileUtils.mv "#{version_file}.new", version_file
+end
+
+namespace :vbump do
+ desc "Final release"
+ task :final do
+ change_version do |pre:|
+ raise ArgumentError, "Unexpected pre: #{pre}" if pre.nil?
+
+ { pre: nil }
+ end
+ end
+
+ desc "Increment prerelease"
+ task :pre do
+ change_version do |pre:|
+ match = /^([a-z]+)(\d+)/.match(pre)
+ raise ArgumentError, "Unexpected pre: #{pre}" if match.nil?
+
+ { pre: "#{match[1]}#{match[2].to_i + 1}" }
+ end
+ end
+end
+
namespace :rdoc do
desc "Update gh-pages branch"
task :publish do
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/SECURITY.md new/SECURITY.md
--- old/SECURITY.md 1970-01-01 01:00:00.000000000 +0100
+++ new/SECURITY.md 2023-07-30 12:54:48.000000000 +0200
@@ -0,0 +1,4 @@
+## Security contact information
+
+To report a security vulnerability, please use the
+[GitHub private vulnerability reporting
feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ
Binary files old/checksums.yaml.gz.sig and new/checksums.yaml.gz.sig differ
Binary files old/data.tar.gz.sig and new/data.tar.gz.sig differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/authentication/certificate.rb
new/lib/net/ssh/authentication/certificate.rb
--- old/lib/net/ssh/authentication/certificate.rb 2022-06-26
07:02:04.000000000 +0200
+++ new/lib/net/ssh/authentication/certificate.rb 2023-07-30
12:54:48.000000000 +0200
@@ -102,8 +102,8 @@
# Checks whether the certificate's signature was signed by signature
key.
def signature_valid?
buffer = Buffer.new(signature)
- buffer.read_string # skip signature format
- signature_key.ssh_do_verify(buffer.read_string,
to_blob_without_signature)
+ sig_format = buffer.read_string
+ signature_key.ssh_do_verify(buffer.read_string,
to_blob_without_signature, host_key: sig_format)
end
def self.read_options(buffer)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/authentication/ed25519.rb
new/lib/net/ssh/authentication/ed25519.rb
--- old/lib/net/ssh/authentication/ed25519.rb 2022-06-26 07:02:04.000000000
+0200
+++ new/lib/net/ssh/authentication/ed25519.rb 2023-07-30 12:54:48.000000000
+0200
@@ -77,6 +77,7 @@
raise "BCryptPbkdf is not implemented for jruby" if
RUBY_PLATFORM == "java"
key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
+ raise DecryptError.new("BCyryptPbkdf failed", encrypted_key:
true) unless key
else
key = '\x00' * (keylen + ivlen)
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/authentication/methods/publickey.rb
new/lib/net/ssh/authentication/methods/publickey.rb
--- old/lib/net/ssh/authentication/methods/publickey.rb 2022-06-26
07:02:04.000000000 +0200
+++ new/lib/net/ssh/authentication/methods/publickey.rb 2023-07-30
12:54:48.000000000 +0200
@@ -44,7 +44,7 @@
end
def authenticate_with_alg(identity, next_service, username, alg,
sig_alg = nil)
- debug { "trying publickey (#{identity.fingerprint})" }
+ debug { "trying publickey (#{identity.fingerprint}) alg #{alg}" }
send_request(identity, username, next_service, alg)
message = session.next_message
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/buffer.rb new/lib/net/ssh/buffer.rb
--- old/lib/net/ssh/buffer.rb 2022-06-26 07:02:04.000000000 +0200
+++ new/lib/net/ssh/buffer.rb 2023-07-30 12:54:48.000000000 +0200
@@ -251,7 +251,6 @@
def read_private_keyblob(type)
case type
when /^ssh-rsa$/
- key = OpenSSL::PKey::RSA.new
n = read_bignum
e = read_bignum
d = read_bignum
@@ -262,27 +261,28 @@
_unkown2 = read_bignum
dmp1 = d % (p - 1)
dmq1 = d % (q - 1)
- if key.respond_to?(:set_key)
- key.set_key(n, e, d)
- else
- key.e = e
- key.n = n
- key.d = d
+ # Public key
+ data_sequence = OpenSSL::ASN1::Sequence([
+ OpenSSL::ASN1::Integer(n),
+ OpenSSL::ASN1::Integer(e)
+ ])
+
+ if d && p && q && dmp1 && dmq1 && iqmp
+ data_sequence = OpenSSL::ASN1::Sequence([
+
OpenSSL::ASN1::Integer(0),
+
OpenSSL::ASN1::Integer(n),
+
OpenSSL::ASN1::Integer(e),
+
OpenSSL::ASN1::Integer(d),
+
OpenSSL::ASN1::Integer(p),
+
OpenSSL::ASN1::Integer(q),
+
OpenSSL::ASN1::Integer(dmp1),
+
OpenSSL::ASN1::Integer(dmq1),
+
OpenSSL::ASN1::Integer(iqmp)
+ ])
end
- if key.respond_to?(:set_factors)
- key.set_factors(p, q)
- else
- key.p = p
- key.q = q
- end
- if key.respond_to?(:set_crt_params)
- key.set_crt_params(dmp1, dmq1, iqmp)
- else
- key.dmp1 = dmp1
- key.dmq1 = dmq1
- key.iqmp = iqmp
- end
- key
+
+ asn1 = OpenSSL::ASN1::Sequence(data_sequence)
+ OpenSSL::PKey::RSA.new(asn1.to_der)
when /^ecdsa\-sha2\-(\w*)$/
OpenSSL::PKey::EC.read_keyblob($1, self)
else
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/connection/session.rb
new/lib/net/ssh/connection/session.rb
--- old/lib/net/ssh/connection/session.rb 2022-06-26 07:02:04.000000000
+0200
+++ new/lib/net/ssh/connection/session.rb 2023-07-30 12:54:48.000000000
+0200
@@ -416,7 +416,7 @@
#
# matches = ssh.exec!("grep something /some/files")
#
- # the returned string has an exitstatus method to query it's exit satus
+ # the returned string has an exitstatus method to query its exit status
def exec!(command, status: nil, &block)
block_or_concat = block || Proc.new do |ch, type, data|
ch[:result] ||= String.new
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/transport/algorithms.rb
new/lib/net/ssh/transport/algorithms.rb
--- old/lib/net/ssh/transport/algorithms.rb 2022-06-26 07:02:04.000000000
+0200
+++ new/lib/net/ssh/transport/algorithms.rb 2023-07-30 12:54:48.000000000
+0200
@@ -51,6 +51,11 @@
hmac-sha1]
}.freeze
+ if Net::SSH::Transport::ChaCha20Poly1305CipherLoader::LOADED
+ DEFAULT_ALGORITHMS[:encryption].unshift(
+ '[email protected]'
+ )
+ end
if Net::SSH::Authentication::ED25519Loader::LOADED
DEFAULT_ALGORITHMS[:host_key].unshift(
'[email protected]',
@@ -437,12 +442,13 @@
def exchange_keys
debug { "exchanging keys" }
+ need_bytes = kex_byte_requirement
algorithm = Kex::MAP[kex].new(self, session,
client_version_string:
Net::SSH::Transport::ServerVersion::PROTO_VERSION,
server_version_string:
session.server_version.version,
server_algorithm_packet:
@server_packet,
client_algorithm_packet:
@client_packet,
- need_bytes: kex_byte_requirement,
+ need_bytes: need_bytes,
minimum_dh_bits:
options[:minimum_dh_bits],
logger: logger)
result = algorithm.exchange_keys
@@ -464,11 +470,27 @@
parameters = { shared: secret, hash: hash, digester: digester }
- cipher_client = CipherFactory.get(encryption_client,
parameters.merge(iv: iv_client, key: key_client, encrypt: true))
- cipher_server = CipherFactory.get(encryption_server,
parameters.merge(iv: iv_server, key: key_server, decrypt: true))
+ cipher_client = CipherFactory.get(
+ encryption_client,
+ parameters.merge(iv: iv_client, key: key_client, encrypt: true)
+ )
+ cipher_server = CipherFactory.get(
+ encryption_server,
+ parameters.merge(iv: iv_server, key: key_server, decrypt: true)
+ )
- mac_client = HMAC.get(hmac_client, mac_key_client, parameters)
- mac_server = HMAC.get(hmac_server, mac_key_server, parameters)
+ mac_client =
+ if cipher_client.implicit_mac?
+ cipher_client.implicit_mac
+ else
+ HMAC.get(hmac_client, mac_key_client, parameters)
+ end
+ mac_server =
+ if cipher_server.implicit_mac?
+ cipher_server.implicit_mac
+ else
+ HMAC.get(hmac_server, mac_key_server, parameters)
+ end
session.configure_client cipher: cipher_client, hmac: mac_client,
compression:
normalize_compression_name(compression_client),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/transport/chacha20_poly1305_cipher.rb
new/lib/net/ssh/transport/chacha20_poly1305_cipher.rb
--- old/lib/net/ssh/transport/chacha20_poly1305_cipher.rb 1970-01-01
01:00:00.000000000 +0100
+++ new/lib/net/ssh/transport/chacha20_poly1305_cipher.rb 2023-07-30
12:54:48.000000000 +0200
@@ -0,0 +1,117 @@
+require 'rbnacl'
+require 'net/ssh/loggable'
+
+module Net
+ module SSH
+ module Transport
+ ## Implements the chacha20-poly1305@openssh cipher
+ class ChaCha20Poly1305Cipher
+ include Net::SSH::Loggable
+
+ # Implicit HMAC, no need to do anything
+ class ImplicitHMac
+ def etm
+ # TODO: ideally this shouln't be called
+ true
+ end
+
+ def key_length
+ 64
+ end
+ end
+
+ def initialize(encrypt:, key:)
+ @chacha_hdr = OpenSSL::Cipher.new("chacha20")
+ key_len = @chacha_hdr.key_len
+ @chacha_main = OpenSSL::Cipher.new("chacha20")
+ @poly = RbNaCl::OneTimeAuths::Poly1305
+ if key.size < key_len * 2
+ error { "chacha20_poly1305: keylength doesn't match" }
+ raise "chacha20_poly1305: keylength doesn't match"
+ end
+ if encrypt
+ @chacha_hdr.encrypt
+ @chacha_main.encrypt
+ else
+ @chacha_hdr.decrypt
+ @chacha_main.decrypt
+ end
+ main_key = key[0...key_len]
+ @chacha_main.key = main_key
+ hdr_key = key[key_len...(2 * key_len)]
+ @chacha_hdr.key = hdr_key
+ end
+
+ def update_cipher_mac(payload, sequence_number)
+ iv_data = [0, 0, 0, sequence_number].pack("NNNN")
+ @chacha_main.iv = iv_data
+ poly_key = @chacha_main.update(([0] * 32).pack('C32'))
+
+ packet_length = payload.size
+ length_data = [packet_length].pack("N")
+ @chacha_hdr.iv = iv_data
+ packet = @chacha_hdr.update(length_data)
+
+ iv_data[0] = 1.chr
+ @chacha_main.iv = iv_data
+ unencrypted_data = payload
+ packet += @chacha_main.update(unencrypted_data)
+
+ packet += @poly.auth(poly_key, packet)
+ return packet
+ end
+
+ def read_length(data, sequence_number)
+ iv_data = [0, 0, 0, sequence_number].pack("NNNN")
+ @chacha_hdr.iv = iv_data
+ @chacha_hdr.update(data).unpack1("N")
+ end
+
+ def read_and_mac(data, mac, sequence_number)
+ iv_data = [0, 0, 0, sequence_number].pack("NNNN")
+ @chacha_main.iv = iv_data
+ poly_key = @chacha_main.update(([0] * 32).pack('C32'))
+
+ iv_data[0] = 1.chr
+ @chacha_main.iv = iv_data
+ unencrypted_data = @chacha_main.update(data[4..])
+ begin
+ ok = @poly.verify(poly_key, mac, data[0..])
+ raise Net::SSH::Exception, "corrupted hmac detected #{name}"
unless ok
+ rescue RbNaCl::BadAuthenticatorError
+ raise Net::SSH::Exception, "corrupted hmac detected #{name}"
+ end
+ return unencrypted_data
+ end
+
+ def mac_length
+ 16
+ end
+
+ def block_size
+ 8
+ end
+
+ def name
+ "[email protected]"
+ end
+
+ def implicit_mac?
+ true
+ end
+
+ def implicit_mac
+ return ImplicitHMac.new
+ end
+
+ def self.block_size
+ 8
+ end
+
+ def self.key_length
+ 64
+ end
+ end
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb
new/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb
--- old/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb
1970-01-01 01:00:00.000000000 +0100
+++ new/lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb
2023-07-30 12:54:48.000000000 +0200
@@ -0,0 +1,17 @@
+module Net
+ module SSH
+ module Transport
+ # Loads chacha20 poly1305 support which requires optinal dependency
rbnacl
+ module ChaCha20Poly1305CipherLoader
+ begin
+ require 'net/ssh/transport/chacha20_poly1305_cipher'
+ LOADED = true
+ ERROR = nil
+ rescue LoadError => e
+ ERROR = e
+ LOADED = false
+ end
+ end
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/transport/cipher_factory.rb
new/lib/net/ssh/transport/cipher_factory.rb
--- old/lib/net/ssh/transport/cipher_factory.rb 2022-06-26 07:02:04.000000000
+0200
+++ new/lib/net/ssh/transport/cipher_factory.rb 2023-07-30 12:54:48.000000000
+0200
@@ -2,6 +2,8 @@
require 'net/ssh/transport/ctr.rb'
require 'net/ssh/transport/key_expander'
require 'net/ssh/transport/identity_cipher'
+require 'net/ssh/transport/chacha20_poly1305_cipher_loader'
+require 'net/ssh/transport/openssl_cipher_extensions'
module Net
module SSH
@@ -29,13 +31,25 @@
'none' => 'none'
}
+ SSH_TO_CLASS =
+ if Net::SSH::Transport::ChaCha20Poly1305CipherLoader::LOADED
+ {
+ '[email protected]' =>
Net::SSH::Transport::ChaCha20Poly1305Cipher
+ }
+ else
+ {
+ }
+ end
+
# Returns true if the underlying OpenSSL library supports the given
cipher,
# and false otherwise.
def self.supported?(name)
+ return true if SSH_TO_CLASS.key?(name)
+
ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError,
"unimplemented cipher `#{name}'"
return true if ossl_name == "none"
- return OpenSSL::Cipher.ciphers.include?(ossl_name)
+ return SSH_TO_CLASS.key?(name) ||
OpenSSL::Cipher.ciphers.include?(ossl_name)
end
# Retrieves a new instance of the named algorithm. The new instance
@@ -44,6 +58,13 @@
# cipher will be put into encryption or decryption mode, based on the
# value of the +encrypt+ parameter.
def self.get(name, options = {})
+ klass = SSH_TO_CLASS[name]
+ unless klass.nil?
+ key_len = klass.key_length
+ key = Net::SSH::Transport::KeyExpander.expand_key(key_len,
options[:key], options)
+ return klass.new(encrypt: options[:encrypt], key: key)
+ end
+
ossl_name = SSH_TO_OSSL[name] or raise NotImplementedError,
"unimplemented cipher `#{name}'"
return IdentityCipher if ossl_name == "none"
@@ -53,6 +74,7 @@
cipher.padding = 0
+ cipher.extend(Net::SSH::Transport::OpenSSLCipherExtensions)
if name =~ /-ctr(@openssh.org)?$/
if ossl_name !~ /-ctr/
cipher.extend(Net::SSH::Transport::CTR)
@@ -75,6 +97,9 @@
# of the tuple.
# if :iv_len option is supplied the third return value will be ivlen
def self.get_lengths(name, options = {})
+ klass = SSH_TO_CLASS[name]
+ return [klass.key_length, klass.block_size] unless klass.nil?
+
ossl_name = SSH_TO_OSSL[name]
if ossl_name.nil? || ossl_name == "none"
result = [0, 0]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/transport/identity_cipher.rb
new/lib/net/ssh/transport/identity_cipher.rb
--- old/lib/net/ssh/transport/identity_cipher.rb 2022-06-26
07:02:04.000000000 +0200
+++ new/lib/net/ssh/transport/identity_cipher.rb 2023-07-30
12:54:48.000000000 +0200
@@ -11,6 +11,10 @@
8
end
+ def key_length
+ 0
+ end
+
# Returns an arbitrary integer.
def iv_len
4
@@ -50,6 +54,10 @@
def reset
self
end
+
+ def implicit_mac?
+ false
+ end
end
end
end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/transport/openssl_cipher_extensions.rb
new/lib/net/ssh/transport/openssl_cipher_extensions.rb
--- old/lib/net/ssh/transport/openssl_cipher_extensions.rb 1970-01-01
01:00:00.000000000 +0100
+++ new/lib/net/ssh/transport/openssl_cipher_extensions.rb 2023-07-30
12:54:48.000000000 +0200
@@ -0,0 +1,8 @@
+module Net::SSH::Transport
+ # we add those mehtods to OpenSSL::Chipher instances
+ module OpenSSLCipherExtensions
+ def implicit_mac?
+ false
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/transport/packet_stream.rb
new/lib/net/ssh/transport/packet_stream.rb
--- old/lib/net/ssh/transport/packet_stream.rb 2022-06-26 07:02:04.000000000
+0200
+++ new/lib/net/ssh/transport/packet_stream.rb 2023-07-30 12:54:48.000000000
+0200
@@ -12,7 +12,7 @@
# module. It adds SSH encryption, compression, and packet validation, as
# per the SSH2 protocol. It also adds an abstraction for polling packets,
# to allow for both blocking and non-blocking reads.
- module PacketStream
+ module PacketStream # rubocop:disable Metrics/ModuleLength
PROXY_COMMAND_HOST_IP = '<no hostip for proxy command>'.freeze
include BufferedIo
@@ -123,7 +123,7 @@
# Enqueues a packet to be sent, but does not immediately send the
packet.
# The given payload is pre-processed according to the algorithms
specified
# in the client state (compression, cipher, and hmac).
- def enqueue_packet(payload)
+ def enqueue_packet(payload) # rubocop:disable Metrics/AbcSize
# try to compress the packet
payload = client.compress(payload)
@@ -144,7 +144,10 @@
padding = Array.new(padding_length) { rand(256) }.pack("C*")
- if client.hmac.etm
+ if client.cipher.implicit_mac?
+ unencrypted_data = [padding_length, payload, padding].pack("CA*A*")
+ message = client.cipher.update_cipher_mac(unencrypted_data,
client.sequence_number)
+ elsif client.hmac.etm
debug { "using encrypt-then-mac" }
# Encrypt padding_length, payload, and padding. Take MAC
@@ -225,7 +228,11 @@
data = read_available(minimum + aad_length)
# decipher it
- if server.hmac.etm
+ if server.cipher.implicit_mac?
+ @packet_length = server.cipher.read_length(data[0...4],
server.sequence_number)
+ @packet = Net::SSH::Buffer.new
+ @mac_data = data
+ elsif server.hmac.etm
@packet_length = data.unpack("N").first
@mac_data = data
@packet =
Net::SSH::Buffer.new(server.update_cipher(data[aad_length..-1]))
@@ -238,31 +245,45 @@
need = @packet_length + 4 - aad_length - server.block_size
raise Net::SSH::Exception, "padding error, need #{need} block
#{server.block_size}" if need % server.block_size != 0
- return nil if available < need + server.hmac.mac_length
+ if server.cipher.implicit_mac?
+ return nil if available < need + server.cipher.mac_length
+ else
+ return nil if available < need + server.hmac.mac_length #
rubocop:disable Style/IfInsideElse
+ end
if need > 0
# read the remainder of the packet and decrypt it.
data = read_available(need)
- @mac_data += data if server.hmac.etm
- @packet.append(server.update_cipher(data))
+ @mac_data += data if server.hmac.etm || server.cipher.implicit_mac?
+ unless server.cipher.implicit_mac?
+ @packet.append(
+ server.update_cipher(data)
+ )
+ end
end
- # get the hmac from the tail of the packet (if one exists), and
- # then validate it.
- real_hmac = read_available(server.hmac.mac_length) || ""
-
- @packet.append(server.final_cipher)
- padding_length = @packet.read_byte
-
- payload = @packet.read(@packet_length - padding_length - 1)
-
- my_computed_hmac = if server.hmac.etm
- server.hmac.digest([server.sequence_number,
@mac_data].pack("NA*"))
- else
- server.hmac.digest([server.sequence_number,
@packet.content].pack("NA*"))
- end
- raise Net::SSH::Exception, "corrupted hmac detected
#{server.hmac.class}" if real_hmac != my_computed_hmac
-
+ if server.cipher.implicit_mac?
+ real_hmac = read_available(server.cipher.mac_length) || ""
+ @packet =
Net::SSH::Buffer.new(server.cipher.read_and_mac(@mac_data, real_hmac,
server.sequence_number))
+ padding_length = @packet.read_byte
+ payload = @packet.read(@packet_length - padding_length - 1)
+ else
+ # get the hmac from the tail of the packet (if one exists), and
+ # then validate it.
+ real_hmac = read_available(server.hmac.mac_length) || ""
+
+ @packet.append(server.final_cipher)
+ padding_length = @packet.read_byte
+
+ payload = @packet.read(@packet_length - padding_length - 1)
+
+ my_computed_hmac = if server.hmac.etm
+ server.hmac.digest([server.sequence_number,
@mac_data].pack("NA*"))
+ else
+ server.hmac.digest([server.sequence_number,
@packet.content].pack("NA*"))
+ end
+ raise Net::SSH::Exception, "corrupted hmac detected
#{server.hmac.class}" if real_hmac != my_computed_hmac
+ end
# try to decompress the payload, in case compression is active
payload = server.decompress(payload)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/version.rb new/lib/net/ssh/version.rb
--- old/lib/net/ssh/version.rb 2022-06-26 07:02:04.000000000 +0200
+++ new/lib/net/ssh/version.rb 2023-07-30 12:54:48.000000000 +0200
@@ -49,10 +49,10 @@
MAJOR = 7
# The minor component of this version of the Net::SSH library
- MINOR = 0
+ MINOR = 2
# The tiny component of this version of the Net::SSH library
- TINY = 1
+ TINY = 0
# The prerelease component of this version of the Net::SSH library
# nil allowed
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh/version.rb.old
new/lib/net/ssh/version.rb.old
--- old/lib/net/ssh/version.rb.old 1970-01-01 01:00:00.000000000 +0100
+++ new/lib/net/ssh/version.rb.old 2023-07-30 12:54:48.000000000 +0200
@@ -0,0 +1,68 @@
+module Net
+ module SSH
+ # A class for describing the current version of a library. The version
+ # consists of three parts: the +major+ number, the +minor+ number, and the
+ # +tiny+ (or +patch+) number.
+ #
+ # Two Version instances may be compared, so that you can test that a
version
+ # of a library is what you require:
+ #
+ # require 'net/ssh/version'
+ #
+ # if Net::SSH::Version::CURRENT < Net::SSH::Version[2,1,0]
+ # abort "your software is too old!"
+ # end
+ class Version
+ include Comparable
+
+ # A convenience method for instantiating a new Version instance with the
+ # given +major+, +minor+, and +tiny+ components.
+ def self.[](major, minor, tiny, pre = nil)
+ new(major, minor, tiny, pre)
+ end
+
+ attr_reader :major, :minor, :tiny
+
+ # Create a new Version object with the given components.
+ def initialize(major, minor, tiny, pre = nil)
+ @major, @minor, @tiny, @pre = major, minor, tiny, pre
+ end
+
+ # Compare this version to the given +version+ object.
+ def <=>(version)
+ to_i <=> version.to_i
+ end
+
+ # Converts this version object to a string, where each of the three
+ # version components are joined by the '.' character. E.g., 2.0.0.
+ def to_s
+ @to_s ||= [@major, @minor, @tiny, @pre].compact.join(".")
+ end
+
+ # Converts this version to a canonical integer that may be compared
+ # against other version objects.
+ def to_i
+ @to_i ||= @major * 1_000_000 + @minor * 1_000 + @tiny
+ end
+
+ # The major component of this version of the Net::SSH library
+ MAJOR = 7
+
+ # The minor component of this version of the Net::SSH library
+ MINOR = 2
+
+ # The tiny component of this version of the Net::SSH library
+ TINY = 0
+
+ # The prerelease component of this version of the Net::SSH library
+ # nil allowed
+ PRE = "rc1"
+
+ # The current version of the Net::SSH library as a Version instance
+ CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)
+
+ # The current version of the Net::SSH library as a String
+ STRING = CURRENT.to_s
+ end
+ end
+end
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/lib/net/ssh.rb new/lib/net/ssh.rb
--- old/lib/net/ssh.rb 2022-06-26 07:02:04.000000000 +0200
+++ new/lib/net/ssh.rb 2023-07-30 12:54:48.000000000 +0200
@@ -64,7 +64,7 @@
# Net::SSH.start for a description of each option.
VALID_OPTIONS = %i[
auth_methods bind_address compression compression_level config
- encryption forward_agent hmac host_key remote_user
+ encryption forward_agent hmac host_key identity_agent remote_user
keepalive keepalive_interval keepalive_maxcount kex keys key_data
keycerts languages logger paranoid password port proxy
rekey_blocks_limit rekey_limit rekey_packet_limit timeout verbose
@@ -73,7 +73,7 @@
max_win_size send_env set_env use_agent number_of_password_prompts
append_all_supported_algorithms non_interactive password_prompt
agent_socket_factory minimum_dh_bits verify_host_key
- fingerprint_hash check_host_ip
+ fingerprint_hash check_host_ip pubkey_algorithms
]
# The standard means of starting a new SSH connection. When used with a
@@ -170,6 +170,11 @@
# * :properties => a hash of key/value pairs to add to the new connection's
# properties (see Net::SSH::Connection::Session#properties)
# * :proxy => a proxy instance (see Proxy) to use when connecting
+ # * :pubkey_algorithms => the public key authentication algorithms to use
for
+ # this connection. Valid values are '[email protected]',
+ # '[email protected]', 'rsa-sha2-256', 'ssh-rsa'. Currently,
this
+ # option is only used for RSA public key authentication and ignored for
other
+ # types.
# * :rekey_blocks_limit => the max number of blocks to process before
rekeying
# * :rekey_limit => the max number of bytes to process before rekeying
# * :rekey_packet_limit => the max number of packets to process before
rekeying
@@ -187,6 +192,7 @@
# Defaults to %w(~/.ssh/known_hosts ~/.ssh/known_hosts2).
# * :use_agent => Set false to disable the use of ssh-agent. Defaults to
# true
+ # * :identity_agent => the path to the ssh-agent's UNIX socket
# * :verbose => how verbose to be (Logger verbosity constants,
Logger::DEBUG
# is very verbose, Logger::FATAL is all but silent). Logger::FATAL is the
# default. The symbols :debug, :info, :warn, :error, and :fatal are also
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/metadata new/metadata
--- old/metadata 2022-06-26 07:02:04.000000000 +0200
+++ new/metadata 2023-07-30 12:54:48.000000000 +0200
@@ -1,7 +1,7 @@
--- !ruby/object:Gem::Specification
name: net-ssh
version: !ruby/object:Gem::Version
- version: 7.0.1
+ version: 7.2.0
platform: ruby
authors:
- Jamis Buck
@@ -13,8 +13,8 @@
- |
-----BEGIN CERTIFICATE-----
MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
- c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMTA4MTAwODMyMzBaFw0yMjA4MTAw
- ODMyMzBaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
+ c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
+ MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
@@ -24,14 +24,14 @@
AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
- ggEBABRChgo0Jo+iXSnTpODNongzZoU0sWqwx3/FQVo8nyAyr1qFuiqpSPb4bDbU
- DsVnUn3t0X/gGA8qJhutlmfTpEQCjUeyj2x9rWpD3lvttlGWV6btQ0qN4Dfc2gsw
- rCp9Jpful0HGWhiwfjWfsarqAdtLzIG0UC47IN7LGeCMRJIijOsXQhiZ915eNBEw
- g9+WSSGHkMFt/7vi2pFkvXSC0+RF8ovvRWf4Zw2aYXtJ1GElgi4ZS/s6ZU0gmv20
- i4SfC5m5UXIVZvOBYiMuZ/1B2m6R9xU41027zfOVwRFNtlVDiNfQRq6sDmz44At/
- dv8pkxXDgySe41vzlRXFsgIgz5A=
+ ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
+ XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
+ 3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
+ ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
+ v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
+ 6tfjgZ6OvGSScvbCMHkCE9XjonE=
-----END CERTIFICATE-----
-date: 2022-06-26 00:00:00.000000000 Z
+date: 2023-07-30 00:00:00.000000000 Z
dependencies:
- !ruby/object:Gem::Dependency
name: bcrypt_pbkdf
@@ -76,6 +76,20 @@
- !ruby/object:Gem::Version
version: '0'
- !ruby/object:Gem::Dependency
+ name: rbnacl
+ requirement: !ruby/object:Gem::Requirement
+ requirements:
+ - - "~>"
+ - !ruby/object:Gem::Version
+ version: '7.1'
+ type: :development
+ prerelease: false
+ version_requirements: !ruby/object:Gem::Requirement
+ requirements:
+ - - "~>"
+ - !ruby/object:Gem::Version
+ version: '7.1'
+- !ruby/object:Gem::Dependency
name: bundler
requirement: !ruby/object:Gem::Requirement
requirements:
@@ -95,28 +109,28 @@
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: '5.10'
+ version: '5.19'
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: '5.10'
+ version: '5.19'
- !ruby/object:Gem::Dependency
name: mocha
requirement: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: 1.11.2
+ version: 2.1.0
type: :development
prerelease: false
version_requirements: !ruby/object:Gem::Requirement
requirements:
- - "~>"
- !ruby/object:Gem::Version
- version: 1.11.2
+ version: 2.1.0
- !ruby/object:Gem::Dependency
name: rake
requirement: !ruby/object:Gem::Requirement
@@ -157,6 +171,7 @@
- README.md
files:
- ".dockerignore"
+- ".github/FUNDING.yml"
- ".github/config/rubocop_linter_action.yml"
- ".github/workflows/ci-with-docker.yml"
- ".github/workflows/ci.yml"
@@ -165,15 +180,18 @@
- ".rubocop.yml"
- ".rubocop_todo.yml"
- CHANGES.txt
+- DEVELOPMENT.md
- Dockerfile
- Dockerfile.openssl3
- Gemfile
- Gemfile.noed25519
+- Gemfile.norbnacl
- ISSUE_TEMPLATE.md
- LICENSE.txt
- Manifest
- README.md
- Rakefile
+- SECURITY.md
- THANKS.txt
- appveyor.yml
- docker-compose.yml
@@ -226,6 +244,8 @@
- lib/net/ssh/test/script.rb
- lib/net/ssh/test/socket.rb
- lib/net/ssh/transport/algorithms.rb
+- lib/net/ssh/transport/chacha20_poly1305_cipher.rb
+- lib/net/ssh/transport/chacha20_poly1305_cipher_loader.rb
- lib/net/ssh/transport/cipher_factory.rb
- lib/net/ssh/transport/constants.rb
- lib/net/ssh/transport/ctr.rb
@@ -259,6 +279,7 @@
- lib/net/ssh/transport/kex/ecdh_sha2_nistp521.rb
- lib/net/ssh/transport/key_expander.rb
- lib/net/ssh/transport/openssl.rb
+- lib/net/ssh/transport/openssl_cipher_extensions.rb
- lib/net/ssh/transport/packet_stream.rb
- lib/net/ssh/transport/server_version.rb
- lib/net/ssh/transport/session.rb
@@ -268,6 +289,7 @@
- lib/net/ssh/verifiers/always.rb
- lib/net/ssh/verifiers/never.rb
- lib/net/ssh/version.rb
+- lib/net/ssh/version.rb.old
- net-ssh-public_cert.pem
- net-ssh.gemspec
- support/ssh_tunnel_bug.rb
@@ -291,7 +313,7 @@
- !ruby/object:Gem::Version
version: '0'
requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.3
signing_key:
specification_version: 4
summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
Binary files old/metadata.gz.sig and new/metadata.gz.sig differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/net-ssh-public_cert.pem new/net-ssh-public_cert.pem
--- old/net-ssh-public_cert.pem 2022-06-26 07:02:04.000000000 +0200
+++ new/net-ssh-public_cert.pem 2023-07-30 12:54:48.000000000 +0200
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
-c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMTA4MTAwODMyMzBaFw0yMjA4MTAw
-ODMyMzBaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
+c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
+MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
@@ -11,10 +11,10 @@
AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
-ggEBABRChgo0Jo+iXSnTpODNongzZoU0sWqwx3/FQVo8nyAyr1qFuiqpSPb4bDbU
-DsVnUn3t0X/gGA8qJhutlmfTpEQCjUeyj2x9rWpD3lvttlGWV6btQ0qN4Dfc2gsw
-rCp9Jpful0HGWhiwfjWfsarqAdtLzIG0UC47IN7LGeCMRJIijOsXQhiZ915eNBEw
-g9+WSSGHkMFt/7vi2pFkvXSC0+RF8ovvRWf4Zw2aYXtJ1GElgi4ZS/s6ZU0gmv20
-i4SfC5m5UXIVZvOBYiMuZ/1B2m6R9xU41027zfOVwRFNtlVDiNfQRq6sDmz44At/
-dv8pkxXDgySe41vzlRXFsgIgz5A=
+ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
+XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
+3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
+ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
+v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
+6tfjgZ6OvGSScvbCMHkCE9XjonE=
-----END CERTIFICATE-----
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/net-ssh.gemspec new/net-ssh.gemspec
--- old/net-ssh.gemspec 2022-06-26 07:02:04.000000000 +0200
+++ new/net-ssh.gemspec 2023-07-30 12:54:48.000000000 +0200
@@ -36,9 +36,11 @@
spec.add_development_dependency('x25519') unless RUBY_PLATFORM == 'java'
end
+ spec.add_development_dependency('rbnacl', '~> 7.1') unless
ENV['NET_SSH_NO_RBNACL']
+
spec.add_development_dependency "bundler", ">= 1.17"
- spec.add_development_dependency "minitest", "~> 5.10"
- spec.add_development_dependency "mocha", "~> 1.11.2"
+ spec.add_development_dependency "minitest", "~> 5.19"
+ spec.add_development_dependency "mocha", "~> 2.1.0"
spec.add_development_dependency "rake", "~> 12.0"
spec.add_development_dependency "rubocop", "~> 1.28.0"
end
