net-ssh 7.0.1 → 7.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (19) hide show
  1. checksums.yaml +4 -4
  2. checksums.yaml.gz.sig +0 -0
  3. data/.github/workflows/ci-with-docker.yml +2 -2
  4. data/.github/workflows/ci.yml +1 -1
  5. data/.github/workflows/rubocop.yml +8 -5
  6. data/CHANGES.txt +24 -0
  7. data/README.md +5 -1
  8. data/Rakefile +54 -0
  9. data/SECURITY.md +4 -0
  10. data/lib/net/ssh/authentication/certificate.rb +2 -2
  11. data/lib/net/ssh/authentication/ed25519.rb +1 -0
  12. data/lib/net/ssh/buffer.rb +21 -21
  13. data/lib/net/ssh/connection/session.rb +1 -1
  14. data/lib/net/ssh/version.rb +2 -2
  15. data/lib/net/ssh.rb +6 -1
  16. data/net-ssh-public_cert.pem +8 -8
  17. data.tar.gz.sig +0 -0
  18. metadata +12 -11
  19. metadata.gz.sig +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: '001243685ec6a8113bb04e55c5f75b50fb0386636ca40da012e6b0206844e793'
4
- data.tar.gz: 6e4da1daaf0d6fc152df30865ec8ace047440b33323fa4a1abf947336876dd17
3
+ metadata.gz: 69f379018d9756042dedb6948dda7f92b8d866a0fd3beb7745a11ab1da739001
4
+ data.tar.gz: 8e5b659e405ea5403ce34fec03e05c1abe1d3dcf6b8962610d7b6c62c6df7794
5
5
  SHA512:
6
- metadata.gz: 448b9447c97a464fa3c6431a15748dbb25bf79b3ac9ade31c0272a5558eec3180276ed0614c531b3f38910ef6af609e8f696fbb65fffc2288085b9268e7d1086
7
- data.tar.gz: 8a425c4dc43f5657ae1391cce0aab1aa828fd3c03b6f3659a1dedb78e62ed08bd74696a86d8bf301bf2a093db9fc355f2f74d6e1e05117fa80e59bb136a55f58
6
+ metadata.gz: 065e5076a1d6ed2af0ca3b51f6dc885cf05d09b93ba8a9f5ad003031b5ab3b652e1289b4c5ff9b2e9865db3c12f58874b1ec504044ee17fe1551396e4081daa9
7
+ data.tar.gz: c27bb7b11148313012628ada70d22e5e425ef4b36c7645e40bd422ad86a2b9495de1b71fa70ad8ae2b9584d4cbbe8fef3030883f29df0c7551f8e3d8eddc4339
checksums.yaml.gz.sig CHANGED
Binary file
data/.github/workflows/ci-with-docker.yml CHANGED
@@ -12,7 +12,7 @@ jobs:
12
12
 
13
13
  steps:
14
14
  - name: Checkout code
15
- uses: actions/checkout@v2
15
+ uses: actions/checkout@v3
16
16
 
17
17
  - name: Build docker images
18
18
  run: docker-compose build
@@ -35,7 +35,7 @@ jobs:
35
35
 
36
36
  steps:
37
37
  - name: Checkout code
38
- uses: actions/checkout@v2
38
+ uses: actions/checkout@v3
39
39
 
40
40
  - name: Build docker images
41
41
  run: docker build -t netssh_openssl3 -f Dockerfile.openssl3 .
data/.github/workflows/ci.yml CHANGED
@@ -9,7 +9,7 @@ jobs:
9
9
  matrix:
10
10
  ruby-version: [2.6.6, 2.7.2, 3.0.1, 3.1.1]
11
11
  steps:
12
- - uses: actions/checkout@v1
12
+ - uses: actions/checkout@v3
13
13
 
14
14
  - name: Set up Ruby ${{ matrix.ruby-version }}
15
15
  uses: ruby/setup-ruby@v1
data/.github/workflows/rubocop.yml CHANGED
@@ -6,8 +6,11 @@ jobs:
6
6
  build:
7
7
  runs-on: ubuntu-latest
8
8
  steps:
9
- - uses: actions/checkout@v2
10
- - name: Rubocop Linter Action
11
- uses: andrewmcodes/rubocop-linter-action@v3.0.0.rc2
12
- env:
13
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9
+ - uses: actions/checkout@v3
10
+ - name: Set up Ruby 3.1
11
+ uses: ruby/setup-ruby@v1
12
+ with:
13
+ ruby-version: 3.1
14
+ bundler-cache: true
15
+ - name: Run RuboCop
16
+ run: bundle exec rubocop
data/CHANGES.txt CHANGED
@@ -1,3 +1,27 @@
1
+
2
+ === 7.1.0
3
+
4
+ * Accept pubkey_algorithms option when starting a new connection [#891]
5
+
6
+ === 7.1.0 beta1
7
+
8
+ * Don't use the deprecated set_XXX methods on RSA keys. [#875]
9
+ * Raise error when BCryptPbkdf fails [#876]
10
+
11
+ === 7.0.1
12
+
13
+ * Drop leftover debug statement [#866]
14
+
15
+ === 7.0.0
16
+
17
+ * BREAKING: Drop support for Ruby 2.5
18
+ * Fix decoding of ecdsa-sha2-nistp256 private keys [#657, #854]
19
+ * Fix missing require [#855]
20
+ * Support `~` in the path to the SSH agent's unix socket [#850]
21
+ * Add support for RSA client authentication with SHA-2 [a45f54]
22
+ * openssl: DSA: don't hardcode expected signature size, see ruby/openssl#483 [23a15c]
23
+ * Internal housekeeping (rubocop, codecov, remove travis, adding/improving tests)
24
+
1
25
  === 6.3.0 beta1
2
26
 
3
27
  * Support cert based host key auth, fix asterisk in known_hosts [#833]
data/README.md CHANGED
@@ -5,7 +5,7 @@
5
5
  [![Backers on Open Collective](https://opencollective.com/net-ssh/backers/badge.svg)](#backers])
6
6
  [![Sponsors on Open Collective](https://opencollective.com/net-ssh/sponsors/badge.svg)](#sponsors)
7
7
 
8
- # Net::SSH 6.x
8
+ # Net::SSH 7.x
9
9
 
10
10
  * Docs: http://net-ssh.github.io/net-ssh
11
11
  * Issues: https://github.com/net-ssh/net-ssh/issues
@@ -247,6 +247,10 @@ mv gem-public_cert.pem net-ssh-public_cert.pem
247
247
  gem cert --add net-ssh-public_cert.pem
248
248
  ```
249
249
 
250
+ ## Security contact information
251
+
252
+ See [SECURITY.md](SECURITY.md)
253
+
250
254
  ## CREDITS
251
255
 
252
256
  ### Contributors
data/Rakefile CHANGED
@@ -55,6 +55,60 @@ namespace :cert do
55
55
  end
56
56
  end
57
57
 
58
+ def change_version(&block)
59
+ version_file = 'lib/net/ssh/version.rb'
60
+ require_relative version_file
61
+ pre = Net::SSH::Version::PRE
62
+ result = block[pre: pre]
63
+ raise "Version change logic should always return a pre", ArgumentError unless result.key?(:pre)
64
+
65
+ new_pre = result[:pre]
66
+ found = false
67
+ File.open("#{version_file}.new", "w") do |f|
68
+ File.readlines(version_file).each do |line|
69
+ match = /^(\s+PRE\s+=\s+")#{pre}("\s*)$/.match(line)
70
+ if match
71
+ prefix = match[1]
72
+ postfix = match[2]
73
+ if new_pre.nil?
74
+ prefix.delete_suffix!('"')
75
+ postfix.delete_prefix!('"')
76
+ end
77
+ new_line = "#{prefix}#{new_pre.inspect}#{postfix}"
78
+ puts "Changing:\n - #{line} + #{new_line}"
79
+ line = new_line
80
+ found = true
81
+ end
82
+ f.write(line)
83
+ end
84
+ raise ArugmentError, "Cound not find line: PRE = \"#{pre}\" in #{version_file}" unless found
85
+ end
86
+
87
+ FileUtils.mv version_file, "#{version_file}.old"
88
+ FileUtils.mv "#{version_file}.new", version_file
89
+ end
90
+
91
+ namespace :vbump do
92
+ desc "Final release"
93
+ task :final do
94
+ change_version do |pre:|
95
+ raise ArgumentError, "Unexpected pre: #{pre}" if pre.nil?
96
+
97
+ { pre: nil }
98
+ end
99
+ end
100
+
101
+ desc "Increment prerelease"
102
+ task :pre do
103
+ change_version do |pre:|
104
+ match = /^([a-z]+)(\d+)/.match(pre)
105
+ raise ArgumentError, "Unexpected pre: #{pre}" if match.nil?
106
+
107
+ { pre: "#{match[1]}#{match[2].to_i + 1}" }
108
+ end
109
+ end
110
+ end
111
+
58
112
  namespace :rdoc do
59
113
  desc "Update gh-pages branch"
60
114
  task :publish do
data/SECURITY.md ADDED
@@ -0,0 +1,4 @@
1
+ ## Security contact information
2
+
3
+ To report a security vulnerability, please use the
4
+ [GitHub private vulnerability reporting feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).
data/lib/net/ssh/authentication/certificate.rb CHANGED
@@ -102,8 +102,8 @@ module Net
102
102
  # Checks whether the certificate's signature was signed by signature key.
103
103
  def signature_valid?
104
104
  buffer = Buffer.new(signature)
105
- buffer.read_string # skip signature format
106
- signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature)
105
+ sig_format = buffer.read_string
106
+ signature_key.ssh_do_verify(buffer.read_string, to_blob_without_signature, host_key: sig_format)
107
107
  end
108
108
 
109
109
  def self.read_options(buffer)
data/lib/net/ssh/authentication/ed25519.rb CHANGED
@@ -77,6 +77,7 @@ module Net
77
77
  raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java"
78
78
 
79
79
  key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
80
+ raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key
80
81
  else
81
82
  key = '\x00' * (keylen + ivlen)
82
83
  end
data/lib/net/ssh/buffer.rb CHANGED
@@ -251,7 +251,6 @@ module Net
251
251
  def read_private_keyblob(type)
252
252
  case type
253
253
  when /^ssh-rsa$/
254
- key = OpenSSL::PKey::RSA.new
255
254
  n = read_bignum
256
255
  e = read_bignum
257
256
  d = read_bignum
@@ -262,27 +261,28 @@ module Net
262
261
  _unkown2 = read_bignum
263
262
  dmp1 = d % (p - 1)
264
263
  dmq1 = d % (q - 1)
265
- if key.respond_to?(:set_key)
266
- key.set_key(n, e, d)
267
- else
268
- key.e = e
269
- key.n = n
270
- key.d = d
271
- end
272
- if key.respond_to?(:set_factors)
273
- key.set_factors(p, q)
274
- else
275
- key.p = p
276
- key.q = q
264
+ # Public key
265
+ data_sequence = OpenSSL::ASN1::Sequence([
266
+ OpenSSL::ASN1::Integer(n),
267
+ OpenSSL::ASN1::Integer(e)
268
+ ])
269
+
270
+ if d && p && q && dmp1 && dmq1 && iqmp
271
+ data_sequence = OpenSSL::ASN1::Sequence([
272
+ OpenSSL::ASN1::Integer(0),
273
+ OpenSSL::ASN1::Integer(n),
274
+ OpenSSL::ASN1::Integer(e),
275
+ OpenSSL::ASN1::Integer(d),
276
+ OpenSSL::ASN1::Integer(p),
277
+ OpenSSL::ASN1::Integer(q),
278
+ OpenSSL::ASN1::Integer(dmp1),
279
+ OpenSSL::ASN1::Integer(dmq1),
280
+ OpenSSL::ASN1::Integer(iqmp)
281
+ ])
277
282
  end
278
- if key.respond_to?(:set_crt_params)
279
- key.set_crt_params(dmp1, dmq1, iqmp)
280
- else
281
- key.dmp1 = dmp1
282
- key.dmq1 = dmq1
283
- key.iqmp = iqmp
284
- end
285
- key
283
+
284
+ asn1 = OpenSSL::ASN1::Sequence(data_sequence)
285
+ OpenSSL::PKey::RSA.new(asn1.to_der)
286
286
  when /^ecdsa\-sha2\-(\w*)$/
287
287
  OpenSSL::PKey::EC.read_keyblob($1, self)
288
288
  else
data/lib/net/ssh/connection/session.rb CHANGED
@@ -416,7 +416,7 @@ module Net
416
416
  #
417
417
  # matches = ssh.exec!("grep something /some/files")
418
418
  #
419
- # the returned string has an exitstatus method to query it's exit satus
419
+ # the returned string has an exitstatus method to query its exit status
420
420
  def exec!(command, status: nil, &block)
421
421
  block_or_concat = block || Proc.new do |ch, type, data|
422
422
  ch[:result] ||= String.new
data/lib/net/ssh/version.rb CHANGED
@@ -49,10 +49,10 @@ module Net
49
49
  MAJOR = 7
50
50
 
51
51
  # The minor component of this version of the Net::SSH library
52
- MINOR = 0
52
+ MINOR = 1
53
53
 
54
54
  # The tiny component of this version of the Net::SSH library
55
- TINY = 1
55
+ TINY = 0
56
56
 
57
57
  # The prerelease component of this version of the Net::SSH library
58
58
  # nil allowed
data/lib/net/ssh.rb CHANGED
@@ -73,7 +73,7 @@ module Net
73
73
  max_win_size send_env set_env use_agent number_of_password_prompts
74
74
  append_all_supported_algorithms non_interactive password_prompt
75
75
  agent_socket_factory minimum_dh_bits verify_host_key
76
- fingerprint_hash check_host_ip
76
+ fingerprint_hash check_host_ip pubkey_algorithms
77
77
  ]
78
78
 
79
79
  # The standard means of starting a new SSH connection. When used with a
@@ -170,6 +170,11 @@ module Net
170
170
  # * :properties => a hash of key/value pairs to add to the new connection's
171
171
  # properties (see Net::SSH::Connection::Session#properties)
172
172
  # * :proxy => a proxy instance (see Proxy) to use when connecting
173
+ # * :pubkey_algorithms => the public key authentication algorithms to use for
174
+ # this connection. Valid values are 'rsa-sha2-256-cert-v01@openssh.com',
175
+ # 'ssh-rsa-cert-v01@openssh.com', 'rsa-sha2-256', 'ssh-rsa'. Currently, this
176
+ # option is only used for RSA public key authentication and ignored for other
177
+ # types.
173
178
  # * :rekey_blocks_limit => the max number of blocks to process before rekeying
174
179
  # * :rekey_limit => the max number of bytes to process before rekeying
175
180
  # * :rekey_packet_limit => the max number of packets to process before rekeying
data/net-ssh-public_cert.pem CHANGED
@@ -1,7 +1,7 @@
1
1
  -----BEGIN CERTIFICATE-----
2
2
  MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
3
- c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMTA4MTAwODMyMzBaFw0yMjA4MTAw
4
- ODMyMzBaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
3
+ c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
4
+ MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
5
5
  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
6
6
  wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
7
7
  x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
@@ -11,10 +11,10 @@ fBbmDnsMLAtAtauMOxORrbx3EOY7sHku/kSrMg3FXFay7jc6BkbbUij+MjJ/k82l
11
11
  AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
12
12
  M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
13
13
  HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
14
- ggEBABRChgo0Jo+iXSnTpODNongzZoU0sWqwx3/FQVo8nyAyr1qFuiqpSPb4bDbU
15
- DsVnUn3t0X/gGA8qJhutlmfTpEQCjUeyj2x9rWpD3lvttlGWV6btQ0qN4Dfc2gsw
16
- rCp9Jpful0HGWhiwfjWfsarqAdtLzIG0UC47IN7LGeCMRJIijOsXQhiZ915eNBEw
17
- g9+WSSGHkMFt/7vi2pFkvXSC0+RF8ovvRWf4Zw2aYXtJ1GElgi4ZS/s6ZU0gmv20
18
- i4SfC5m5UXIVZvOBYiMuZ/1B2m6R9xU41027zfOVwRFNtlVDiNfQRq6sDmz44At/
19
- dv8pkxXDgySe41vzlRXFsgIgz5A=
14
+ ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
15
+ XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
16
+ 3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
17
+ ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
18
+ v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
19
+ 6tfjgZ6OvGSScvbCMHkCE9XjonE=
20
20
  -----END CERTIFICATE-----
data.tar.gz.sig CHANGED
Binary file
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: net-ssh
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.0.1
4
+ version: 7.1.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jamis Buck
@@ -13,8 +13,8 @@ cert_chain:
13
13
  - |
14
14
  -----BEGIN CERTIFICATE-----
15
15
  MIIDQDCCAiigAwIBAgIBATANBgkqhkiG9w0BAQsFADAlMSMwIQYDVQQDDBpuZXRz
16
- c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMTA4MTAwODMyMzBaFw0yMjA4MTAw
17
- ODMyMzBaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
16
+ c2gvREM9c29sdXRpb3VzL0RDPWNvbTAeFw0yMzAxMjQwMzE3NTVaFw0yNDAxMjQw
17
+ MzE3NTVaMCUxIzAhBgNVBAMMGm5ldHNzaC9EQz1zb2x1dGlvdXMvREM9Y29tMIIB
18
18
  IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxieE22fR/qmdPKUHyYTyUx2g
19
19
  wskLwrCkxay+Tvc97ZZUOwf85LDDDPqhQaTWLvRwnIOMgQE2nBPzwalVclK6a+pW
20
20
  x/18KDeZY15vm3Qn5p42b0wi9hUxOqPm3J2hdCLCcgtENgdX21nVzejn39WVqFJO
@@ -24,14 +24,14 @@ cert_chain:
24
24
  AQABo3sweTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIEsDAdBgNVHQ4EFgQUBfKiwO2e
25
25
  M4NEiRrVG793qEPLYyMwHwYDVR0RBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20w
26
26
  HwYDVR0SBBgwFoEUbmV0c3NoQHNvbHV0aW91cy5jb20wDQYJKoZIhvcNAQELBQAD
27
- ggEBABRChgo0Jo+iXSnTpODNongzZoU0sWqwx3/FQVo8nyAyr1qFuiqpSPb4bDbU
28
- DsVnUn3t0X/gGA8qJhutlmfTpEQCjUeyj2x9rWpD3lvttlGWV6btQ0qN4Dfc2gsw
29
- rCp9Jpful0HGWhiwfjWfsarqAdtLzIG0UC47IN7LGeCMRJIijOsXQhiZ915eNBEw
30
- g9+WSSGHkMFt/7vi2pFkvXSC0+RF8ovvRWf4Zw2aYXtJ1GElgi4ZS/s6ZU0gmv20
31
- i4SfC5m5UXIVZvOBYiMuZ/1B2m6R9xU41027zfOVwRFNtlVDiNfQRq6sDmz44At/
32
- dv8pkxXDgySe41vzlRXFsgIgz5A=
27
+ ggEBAHyOSaOUji+EJFWZ46g+2EZ/kG7EFloFtIQUz8jDJIWGE+3NV5po1M0Z6EqH
28
+ XmG3BtMLfgOV9NwMQRqIdKnZDfKsqM/FOu+9IqrP+OieAde5OrXR2pzQls60Xft7
29
+ 3qNVaQS99woQRqiUiDQQ7WagOYrZjuVANqTDNt4myzGSjS5sHcKlz3PRn0LJRMe5
30
+ ouuLwQ7BCXityv5RRXex2ibCOyY7pB5ris6xDnPe1WdlyCfUf1Fb+Yqxpy6a8QmH
31
+ v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
32
+ 6tfjgZ6OvGSScvbCMHkCE9XjonE=
33
33
  -----END CERTIFICATE-----
34
- date: 2022-06-26 00:00:00.000000000 Z
34
+ date: 2023-03-12 00:00:00.000000000 Z
35
35
  dependencies:
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: bcrypt_pbkdf
@@ -174,6 +174,7 @@ files:
174
174
  - Manifest
175
175
  - README.md
176
176
  - Rakefile
177
+ - SECURITY.md
177
178
  - THANKS.txt
178
179
  - appveyor.yml
179
180
  - docker-compose.yml
@@ -291,7 +292,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
291
292
  - !ruby/object:Gem::Version
292
293
  version: '0'
293
294
  requirements: []
294
- rubygems_version: 3.1.6
295
+ rubygems_version: 3.3.3
295
296
  signing_key:
296
297
  specification_version: 4
297
298
  summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'
metadata.gz.sig CHANGED
Binary file