net-ssh 7.0.1 → 7.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/.github/workflows/ci-with-docker.yml +2 -2
  4. data/.github/workflows/ci.yml +1 -1
  5. data/.github/workflows/rubocop.yml +8 -5
  6. data/CHANGES.txt +24 -0
  7. data/README.md +5 -1
  8. data/Rakefile +54 -0
  9. data/SECURITY.md +4 -0
  10. data/lib/net/ssh/authentication/certificate.rb +2 -2
  11. data/lib/net/ssh/authentication/ed25519.rb +1 -0
  12. data/lib/net/ssh/buffer.rb +21 -21
  13. data/lib/net/ssh/connection/session.rb +1 -1
  14. data/lib/net/ssh/version.rb +2 -2
  15. data/lib/net/ssh.rb +6 -1
  16. data/net-ssh-public_cert.pem +8 -8
  17. data.tar.gz.sig +0 -0
  18. metadata +12 -11
  19. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '001243685ec6a8113bb04e55c5f75b50fb0386636ca40da012e6b0206844e793'
4
- data.tar.gz: 6e4da1daaf0d6fc152df30865ec8ace047440b33323fa4a1abf947336876dd17
3
+ metadata.gz: 69f379018d9756042dedb6948dda7f92b8d866a0fd3beb7745a11ab1da739001
4
+ data.tar.gz: 8e5b659e405ea5403ce34fec03e05c1abe1d3dcf6b8962610d7b6c62c6df7794
5
5
  SHA512:
6
- metadata.gz: 448b9447c97a464fa3c6431a15748dbb25bf79b3ac9ade31c0272a5558eec3180276ed0614c531b3f38910ef6af609e8f696fbb65fffc2288085b9268e7d1086
7
- data.tar.gz: 8a425c4dc43f5657ae1391cce0aab1aa828fd3c03b6f3659a1dedb78e62ed08bd74696a86d8bf301bf2a093db9fc355f2f74d6e1e05117fa80e59bb136a55f58
6
+ metadata.gz: 065e5076a1d6ed2af0ca3b51f6dc885cf05d09b93ba8a9f5ad003031b5ab3b652e1289b4c5ff9b2e9865db3c12f58874b1ec504044ee17fe1551396e4081daa9
7
+ data.tar.gz: c27bb7b11148313012628ada70d22e5e425ef4b36c7645e40bd422ad86a2b9495de1b71fa70ad8ae2b9584d4cbbe8fef3030883f29df0c7551f8e3d8eddc4339
checksums.yaml.gz.sig CHANGED
Binary file
data/.github/workflows/ci-with-docker.yml CHANGED
@@ -12,7 +12,7 @@ jobs:
12
12
 
13
13
  steps:
14
14
  - name: Checkout code
15
- uses: actions/checkout@v2
15
+ uses: actions/checkout@v3
16
16
 
17
17
  - name: Build docker images
18
18
  run: docker-compose build
@@ -35,7 +35,7 @@ jobs:
35
35
 
36
36
  steps:
37
37
  - name: Checkout code
38
- uses: actions/checkout@v2
38
+ uses: actions/checkout@v3
39
39
 
40
40
  - name: Build docker images
41
41
  run: docker build -t netssh_openssl3 -f Dockerfile.openssl3 .
data/.github/workflows/ci.yml CHANGED
@@ -9,7 +9,7 @@ jobs:
9
9
  matrix:
10
10
  ruby-version: [2.6.6, 2.7.2, 3.0.1, 3.1.1]
11
11
  steps:
12
- - uses: actions/checkout@v1
12
+ - uses: actions/checkout@v3
13
13
 
14
14
  - name: Set up Ruby ${{ matrix.ruby-version }}
15
15
  uses: ruby/setup-ruby@v1
data/.github/workflows/rubocop.yml CHANGED
@@ -6,8 +6,11 @@ jobs:
6
6
  build:
7
7
  runs-on: ubuntu-latest
8
8
  steps:
9
- - uses: actions/checkout@v2
10
- - name: Rubocop Linter Action
11
- uses: andrewmcodes/rubocop-linter-action@v3.0.0.rc2
12
- env:
13
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9
+ - uses: actions/checkout@v3
10
+ - name: Set up Ruby 3.1
11
+ uses: ruby/setup-ruby@v1
12
+ with:
13
+ ruby-version: 3.1
14
+ bundler-cache: true
15
+ - name: Run RuboCop
16
+ run: bundle exec rubocop
data/CHANGES.txt CHANGED
@@ -1,3 +1,27 @@
1
+
2
+ === 7.1.0
3
+
4
+ * Accept pubkey_algorithms option when starting a new connection [#891]
5
+
6
+ === 7.1.0 beta1
7
+
8
+ * Don't use the deprecated set_XXX methods on RSA keys. [#875]
9
+ * Raise error when BCryptPbkdf fails [#876]
10
+
11
+ === 7.0.1
12
+
13
+ * Drop leftover debug statement [#866]
14
+
15
+ === 7.0.0
16
+
17
+ * BREAKING: Drop support for Ruby 2.5
18
+ * Fix decoding of ecdsa-sha2-nistp256 private keys [#657, #854]
19
+ * Fix missing require [#855]
20
+ * Support `~` in the path to the SSH agent's unix socket [#850]
21
+ * Add support for RSA client authentication with SHA-2 [a45f54]
22
+ * openssl: DSA: don't hardcode expected signature size, see ruby/openssl#483 [23a15c]
23
+ * Internal housekeeping (rubocop, codecov, remove travis, adding/improving tests)
24
+
1
25
  === 6.3.0 beta1
2
26
 
3
27
  * Support cert based host key auth, fix asterisk in known_hosts [#833]
data/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![Backers on Open Collective](https://opencollective.com/net-ssh/backers/badge.svg)](#backers])
6
6
  [![Sponsors on Open Collective](https://opencollective.com/net-ssh/sponsors/badge.svg)](#sponsors)
7
7
 
8
- # Net::SSH 6.x
8
+ # Net::SSH 7.x
9
9
 
10
10
  * Docs: http://net-ssh.github.io/net-ssh
11
11
  * Issues: https://github.com/net-ssh/net-ssh/issues
@@ -247,6 +247,10 @@ mv gem-public_cert.pem net-ssh-public_cert.pem
247
247
  gem cert --add net-ssh-public_cert.pem
248
248
  ```
249
249
 
250
+ ## Security contact information
251
+
252
+ See [SECURITY.md](SECURITY.md)
253
+
250
254
  ## CREDITS
251
255
 
252
256
  ### Contributors
data/Rakefile CHANGED
@@ -55,6 +55,60 @@ namespace :cert do
55
55
  end
56
56
  end
57
57
 
58
+ def change_version(&block)
59
+ version_file = 'lib/net/ssh/version.rb'
60
+ require_relative version_file
61
+ pre = Net::SSH::Version::PRE
62
+ result = block[pre: pre]
63
+ raise "Version change logic should always return a pre", ArgumentError unless result.key?(:pre)
64
+
65
+ new_pre = result[:pre]
66
+ found = false
67
+ File.open("#{version_file}.new", "w") do |f|
68
+ File.readlines(version_file).each do |line|
69
+ match = /^(\s+PRE\s+=\s+")#{pre}("\s*)$/.match(line)
70
+ if match
71
+ prefix = match[1]
72
+ postfix = match[2]
73
+ if new_pre.nil?
74
+ prefix.delete_suffix!('"')
75
+ postfix.delete_prefix!('"')
76
+ end
77
+ new_line = "#{prefix}#{new_pre.inspect}#{postfix}"
78
+ puts "Changing:\n - #{line} + #{new_line}"
79
+ line = new_line
80
+ found = true
81
+ end
82
+ f.write(line)
83
+ end
84
+ raise ArugmentError, "Cound not find line: PRE = \"#{pre}\" in #{version_file}" unless found
85
+ end
86
+
87
+ FileUtils.mv version_file, "#{version_file}.old"
88
+ FileUtils.mv "#{version_file}.new", version_file
89
+ end
90
+
91
+ namespace :vbump do
92
+ desc "Final release"
93
+ task :final do
94
+ change_version do |pre:|
95
+ raise ArgumentError, "Unexpected pre: #{pre}" if pre.nil?
96
+
97
+ { pre: nil }
98
+ end
99
+ end
100
+
101
+ desc "Increment prerelease"
102
+ task :pre do
103
+ change_version do |pre:|
104
+ match = /^([a-z]+)(\d+)/.match(pre)
105
+ raise ArgumentError, "Unexpected pre: #{pre}" if match.nil?
106
+
107
+ { pre: "#{match[1]}#{match[2].to_i + 1}" }
108
+ end
109
+ end
110
+ end
111
+
58
112
  namespace :rdoc do
59
113
  desc "Update gh-pages branch"
60
114
  task :publish do
data/SECURITY.md ADDED
@@ -0,0 +1,4 @@
1
+ ## Security contact information
2
+
3
+ To report a security vulnerability, please use the
4
+ [GitHub private vulnerability reporting feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
data/lib/net/ssh/authentication/certificate.rb CHANGED
@@ -102,8 +102,8 @@ module Net
102
102
  # Checks whether the certificate's signature was signed by signature key.
103
103
  def signature_valid?
104
104
  buffer = Buffer.new(signature)
105
- buffer.read_string # skip signature format
106
- signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
105
+ sig_format = buffer.read_string
106
+ signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature, host_key: sig_format)
107
107
  end
108
108
 
109
109
  def self.read_options(buffer)
data/lib/net/ssh/authentication/ed25519.rb CHANGED
@@ -77,6 +77,7 @@ module Net
77
77
  raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java"
78
78
 
79
79
  key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
80
+ raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key
80
81
  else
81
82
  key = '\x00' * (keylen + ivlen)
82
83
  end
data/lib/net/ssh/buffer.rb CHANGED
@@ -251,7 +251,6 @@ module Net
251
251
  def read_private_keyblob(type)
252
252
  case type
253
253
  when /^ssh-rsa$/
254
- key = OpenSSL::PKey::RSA.new
255
254
  n = read_bignum
256
255
  e = read_bignum
257
256
  d = read_bignum
@@ -262,27 +261,28 @@ module Net
262
261
  _unkown2 = read_bignum
263
262
  dmp1 = d % (p - 1)
264
263
  dmq1 = d % (q - 1)
265
- if key.respond_to?(:set_key)
266
- key.set_key(n, e, d)
267
- else
268
- key.e = e
269
- key.n = n
270
- key.d = d
271
- end
272
- if key.respond_to?(:set_factors)
273
- key.set_factors(p, q)
274
- else
275
- key.p = p
276
- key.q = q
264
+ # Public key
265
+ data_sequence = OpenSSL::ASN1::Sequence([
266
+ OpenSSL::ASN1::Integer(n),
267
+ OpenSSL::ASN1::Integer(e)
268
+ ])
269
+
270
+ if d && p && q && dmp1 && dmq1 && iqmp
271
+ data_sequence = OpenSSL::ASN1::Sequence([
272
+ OpenSSL::ASN1::Integer(0),
273
+ OpenSSL::ASN1::Integer(n),
274
+ OpenSSL::ASN1::Integer(e),
275
+ OpenSSL::ASN1::Integer(d),
276
+ OpenSSL::ASN1::Integer(p),
277
+ OpenSSL::ASN1::Integer(q),
278
+ OpenSSL::ASN1::Integer(dmp1),
279
+ OpenSSL::ASN1::Integer(dmq1),
280
+ OpenSSL::ASN1::Integer(iqmp)
281
+ ])
277
282
  end
278
- if key.respond_to?(:set_crt_params)
279
- key.set_crt_params(dmp1, dmq1, iqmp)
280
- else
281
- key.dmp1 = dmp1
282
- key.dmq1 = dmq1
283
- key.iqmp = iqmp
284
- end
285
- key
283
+
284
+ asn1 = OpenSSL::ASN1::Sequence(data_sequence)
285
+ OpenSSL::PKey::RSA.new(asn1.to_der)
286
286
  when /^ecdsa\-sha2\-(\w*)$/
287
287
  OpenSSL::PKey::EC.read_keyblob($1, self)
288
288
  else
data/lib/net/ssh/connection/session.rb CHANGED
@@ -416,7 +416,7 @@ module Net
416
416
  #
417
417
  # matches = ssh.exec!("grep something /some/files")
418
418
  #
419
- # the returned string has an exitstatus method to query it's exit satus
419
+ # the returned string has an exitstatus method to query its exit status
420
420
  def exec!(command, status: nil, &block)
421
421
  block_or_concat = block || Proc.new do |ch, type, data|
422
422
  ch[:result] ||= String.new
data/lib/net/ssh/version.rb CHANGED
@@ -49,10 +49,10 @@ module Net
49
49
  MAJOR = 7
50
50
 
51
51
  # The minor component of this version of the Net::SSH library
52
- MINOR = 0
52
+ MINOR = 1
53
53
 
54
54
  # The tiny component of this version of the Net::SSH library
55
- TINY = 1
55
+ TINY = 0
56
56
 
57
57
  # The prerelease component of this version of the Net::SSH library
58
58
  # nil allowed
data/lib/net/ssh.rb CHANGED
@@ -73,7 +73,7 @@ module Net
73
73
  max_win_size send_env set_env use_agent number_of_password_prompts
74
74
  append_all_supported_algorithms non_interactive password_prompt
75
75
  agent_socket_factory minimum_dh_bits verify_host_key
76
- fingerprint_hash check_host_ip
76
+ fingerprint_hash check_host_ip pubkey_algorithms
77
77
  ]
78
78
 
79
79
  # The standard means of starting a new SSH connection. When used with a
@@ -170,6 +170,11 @@ module Net
170
170
  # * :properties => a hash of key/value pairs to add to the new connection's
171
171
  # properties (see Net::SSH::Connection::Session#properties)
172
172
  # * :proxy => a proxy instance (see Proxy) to use when connecting
173
+ # * :pubkey_algorithms => the public key authentication algorithms to use for
174
+ # this connection. Valid values are 'rsa-sha2-256-cert-v01@openssh.com',
175
+ # 'ssh-rsa-cert-v01@openssh.com', 'rsa-sha2-256', 'ssh-rsa'. Currently, this
176
+ # option is only used for RSA public key authentication and ignored for other
177
+ # types.
173
178
  # * :rekey_blocks_limit => the max number of blocks to process before rekeying
174
179
  # * :rekey_limit => the max number of bytes to process before rekeying
175
180
  # * :rekey_packet_limit => the max number of packets to process before rekeying
data/net-ssh-public_cert.pem CHANGED
@@ -1,7 +1,7 @@
1
1
  -----BEGIN CERTIFICATE-----
2
2
  MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
3
- c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMTA4MTAwODMyMzBaFw0yMjA4MTAw
4
- ODMyMzBaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
3
+ c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
4
+ MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
5
5
  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
6
6
  wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
7
7
  x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
@@ -11,10 +11,10 @@ fBbmDnsMLAtAtauMOxORrbx3EOY7sHku/kSrMg3FXFay7jc6BkbbUij+MjJ/k82l
11
11
  AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
12
12
  M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
13
13
  HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
14
- ggEBABRChgo0Jo+iXSnTpODNongzZoU0sWqwx3/FQVo8nyAyr1qFuiqpSPb4bDbU
15
- DsVnUn3t0X/gGA8qJhutlmfTpEQCjUeyj2x9rWpD3lvttlGWV6btQ0qN4Dfc2gsw
16
- rCp9Jpful0HGWhiwfjWfsarqAdtLzIG0UC47IN7LGeCMRJIijOsXQhiZ915eNBEw
17
- g9+WSSGHkMFt/7vi2pFkvXSC0+RF8ovvRWf4Zw2aYXtJ1GElgi4ZS/s6ZU0gmv20
18
- i4SfC5m5UXIVZvOBYiMuZ/1B2m6R9xU41027zfOVwRFNtlVDiNfQRq6sDmz44At/
19
- dv8pkxXDgySe41vzlRXFsgIgz5A=
14
+ ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
15
+ XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
16
+ 3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
17
+ ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
18
+ v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
19
+ 6tfjgZ6OvGSScvbCMHkCE9XjonE=
20
20
  -----END CERTIFICATE-----
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: net-ssh
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.1
4
+ version: 7.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jamis Buck
@@ -13,8 +13,8 @@ cert_chain:
13
13
  - |
14
14
  -----BEGIN CERTIFICATE-----
15
15
  MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
16
- c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMTA4MTAwODMyMzBaFw0yMjA4MTAw
17
- ODMyMzBaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
16
+ c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
17
+ MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
18
18
  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
19
19
  wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
20
20
  x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
@@ -24,14 +24,14 @@ cert_chain:
24
24
  AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
25
25
  M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
26
26
  HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
27
- ggEBABRChgo0Jo+iXSnTpODNongzZoU0sWqwx3/FQVo8nyAyr1qFuiqpSPb4bDbU
28
- DsVnUn3t0X/gGA8qJhutlmfTpEQCjUeyj2x9rWpD3lvttlGWV6btQ0qN4Dfc2gsw
29
- rCp9Jpful0HGWhiwfjWfsarqAdtLzIG0UC47IN7LGeCMRJIijOsXQhiZ915eNBEw
30
- g9+WSSGHkMFt/7vi2pFkvXSC0+RF8ovvRWf4Zw2aYXtJ1GElgi4ZS/s6ZU0gmv20
31
- i4SfC5m5UXIVZvOBYiMuZ/1B2m6R9xU41027zfOVwRFNtlVDiNfQRq6sDmz44At/
32
- dv8pkxXDgySe41vzlRXFsgIgz5A=
27
+ ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
28
+ XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
29
+ 3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
30
+ ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
31
+ v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
32
+ 6tfjgZ6OvGSScvbCMHkCE9XjonE=
33
33
  -----END CERTIFICATE-----
34
- date: 2022-06-26 00:00:00.000000000 Z
34
+ date: 2023-03-12 00:00:00.000000000 Z
35
35
  dependencies:
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: bcrypt_pbkdf
@@ -174,6 +174,7 @@ files:
174
174
  - Manifest
175
175
  - README.md
176
176
  - Rakefile
177
+ - SECURITY.md
177
178
  - THANKS.txt
178
179
  - appveyor.yml
179
180
  - docker-compose.yml
@@ -291,7 +292,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
291
292
  - !ruby/object:Gem::Version
292
293
  version: '0'
293
294
  requirements: []
294
- rubygems_version: 3.1.6
295
+ rubygems_version: 3.3.3
295
296
  signing_key:
296
297
  specification_version: 4
297
298
  summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
metadata.gz.sig CHANGED
Binary file