On Monday, 24 June 2019 14:20:11 CEST Max Reitz wrote: > On 23.06.19 19:18, Peter Maydell wrote: > > On Fri, 21 Jun 2019 at 14:23, Max Reitz <mre...@redhat.com> wrote: > >> > >> The following changes since commit > >> 33d609990621dea6c7d056c86f707b8811320ac1: > >> > >> Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into > >> staging (2019-06-18 17:00:52 +0100) > >> > >> are available in the Git repository at: > >> > >> https://github.com/XanClic/qemu.git tags/pull-block-2019-06-21 > >> > >> for you to fetch changes up to e2a76186f7948b8b75d1b2b52638de7c2f7f7472: > >> > >> iotests: Fix 205 for concurrent runs (2019-06-21 14:40:28 +0200) > >> > >> ---------------------------------------------------------------- > >> Block patches: > >> - The SSH block driver now uses libssh instead of libssh2 > >> - The VMDK block driver gets read-only support for the seSparse > >> subformat > >> - Various fixes > >> > > > > Hi; this failed to build on my s390 box: > > > > /home/linux1/qemu/block/ssh.c: In function ‘check_host_key_knownhosts’: > > /home/linux1/qemu/block/ssh.c:367:27: error: implicit declaration of > > function ‘ssh_get_fingerprint_hash’ > > [-Werror=implicit-function-declaration] > > fingerprint = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA1, > > ^ > > /home/linux1/qemu/block/ssh.c:367:13: error: nested extern declaration > > of ‘ssh_get_fingerprint_hash’ [-Werror=nested-externs] > > fingerprint = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA1, > > ^ > > /home/linux1/qemu/block/ssh.c:367:25: error: assignment makes pointer > > from integer without a cast [-Werror=int-conversion] > > fingerprint = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA1, > > ^ > > > > It looks like that function was introduced in libssh 0.8.3, and this box > > has 0.6.3. (configure has correctly not defined HAVE_LIBSSH_0_8 > > but this usage is inside a bit of code that's compiled even when > > that is not defined.)
Oops, sorry, I did not test the latest versions with that old libssh. > Pino, would you be OK with dropping that piece of code for pre-0.8 and > just replacing it with the else-error_setg()? Some the variables in check_host_key_knownhosts must be moved within the HAVE_LIBSSH_0_8 block now; attached fixup patch, please squash with my patch (I can submit a v12, if needed/wanted). -- Pino Toscano
diff --git a/block/ssh.c b/block/ssh.c index 048d0cc924..501933b855 100644 --- a/block/ssh.c +++ b/block/ssh.c @@ -277,14 +277,14 @@ static void ssh_parse_filename(const char *filename, QDict *options, static int check_host_key_knownhosts(BDRVSSHState *s, Error **errp) { int ret; +#ifdef HAVE_LIBSSH_0_8 + enum ssh_known_hosts_e state; int r; ssh_key pubkey; enum ssh_keytypes_e pubkey_type; unsigned char *server_hash = NULL; size_t server_hash_len; char *fingerprint = NULL; -#ifdef HAVE_LIBSSH_0_8 - enum ssh_known_hosts_e state; state = ssh_session_is_known_server(s->session); trace_ssh_server_status(state); @@ -356,30 +356,9 @@ static int check_host_key_knownhosts(BDRVSSHState *s, Error **errp) break; case SSH_SERVER_KNOWN_CHANGED: ret = -EINVAL; - r = ssh_get_publickey(s->session, &pubkey); - if (r == 0) { - r = ssh_get_publickey_hash(pubkey, SSH_PUBLICKEY_HASH_SHA1, - &server_hash, &server_hash_len); - pubkey_type = ssh_key_type(pubkey); - ssh_key_free(pubkey); - } - if (r == 0) { - fingerprint = ssh_get_fingerprint_hash(SSH_PUBLICKEY_HASH_SHA1, - server_hash, - server_hash_len); - ssh_clean_pubkey_hash(&server_hash); - } - if (fingerprint) { - error_setg(errp, - "host key (%s key with fingerprint %s) does not match " - "the one in known_hosts; this may be a possible attack", - ssh_key_type_to_char(pubkey_type), fingerprint); - ssh_string_free_char(fingerprint); - } else { - error_setg(errp, - "host key does not match the one in known_hosts; this " - "may be a possible attack"); - } + error_setg(errp, + "host key does not match the one in known_hosts; this " + "may be a possible attack"); goto out; case SSH_SERVER_FOUND_OTHER: ret = -EINVAL;
signature.asc
Description: This is a digitally signed message part.