net-ssh 7.1.0.beta1 → 7.1.0.beta2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b8455b47f7ee1f86fdf471c0698d72400df29cf22f9dd91ee99b6d00c12220b0
-  data.tar.gz: a735ad5416dab3d5b7517ceef2915c78a144a555140eede2c1a41187cd3038cb
+  metadata.gz: e4dc08515948324af346caddea61529c95353644dc99e709719f5e320775b7fc
+  data.tar.gz: 81dcce4739c85398d13a2f272bf49083cb3790d9b7e9faa3501f2cff792e2a8c
 SHA512:
-  metadata.gz: 8fb0bb0ecb59dd39d87b4c08f40d5e87670e8a0888c817a947c86675f6542ebf8b15fa221b01f642457b1f75eb1c97526fb0022ee04dba204e630af80a0f3ce5
-  data.tar.gz: 88996fe27056be54e5425a27caa973a5b487f7f9ff82b1cb77e02b5270141c076819545ffe9a127bb97abe0b4fd0d4a1f13ac2c27d0b8a2cc042c687e85b437e
+  metadata.gz: fbb1176178c014d7f8477d7c498151ce06d8858413bb5d145543e7be1a11fd8a37ff713e3bf3f4287f5999ccc29e92934d1da26c573dd8d0ef1c667633d5a696
+  data.tar.gz: e718b4989312a5d1c12c93ebcde7925a5e8609c8ac790f3dd23c2210d4d9ab40adefa73c6ba63c3d861e662827e7bf6df87d40a37c5edc326000e541bd273163

data/CHANGES.txt

@@ -1,3 +1,23 @@
+
+=== 7.1.0 beta1
+
+  * Don't use the deprecated set_XXX methods on RSA keys. [#875]
+  * Raise error when BCryptPbkdf fails [#876]
+
+=== 7.0.1
+
+  * Drop leftover debug statement [#866]
+
+=== 7.0.0
+
+  * BREAKING: Drop support for Ruby 2.5
+  * Fix decoding of ecdsa-sha2-nistp256 private keys [#657, #854]
+  * Fix missing require [#855]
+  * Support `~` in the path to the SSH agent's unix socket [#850]
+  * Add support for RSA client authentication with SHA-2 [a45f54]
+  * openssl: DSA: don't hardcode expected signature size, see ruby/openssl#483 [23a15c]
+  * Internal housekeeping (rubocop, codecov, remove travis, adding/improving tests)
+
 === 6.3.0 beta1
 
   * Support cert based host key auth, fix asterisk in known_hosts [#833]

data/README.md

@@ -5,7 +5,7 @@
 [![Backers on Open Collective](https://opencollective.com/net-ssh/backers/badge.svg)](#backers])
 [![Sponsors on Open Collective](https://opencollective.com/net-ssh/sponsors/badge.svg)](#sponsors)
 
-# Net::SSH 6.x
+# Net::SSH 7.x
 
 * Docs: http://net-ssh.github.io/net-ssh
 * Issues: https://github.com/net-ssh/net-ssh/issues
@@ -247,6 +247,10 @@ mv gem-public_cert.pem net-ssh-public_cert.pem
 gem cert --add net-ssh-public_cert.pem
 ```
 
+## Security contact information
+
+See [SECURITY.md](SECURITY.md)
+
 ## CREDITS
 
 ### Contributors

data/Rakefile

@@ -55,6 +55,37 @@ namespace :cert do
   end
 end
 
+namespace :vbump do
+  desc "Increment prerelease"
+  task :pre do
+    version_file = 'lib/net/ssh/version.rb'
+    require_relative version_file
+    pre = Net::SSH::Version::PRE
+    if pre =~ /^([a-z]+)(\d+)/
+      new_pre = "#{$1}#{$2.to_i+1}"
+      found = false
+
+      File.open("#{version_file}.new", "w") do |f|
+        File.readlines(version_file).each do |line|
+          if line =~ /^(\s+PRE\s+=\s+")#{pre}("\s*)$/
+            new_line = "#{$1}#{new_pre}#{$2}"
+            puts "Changing:\n  - #{line}  + #{new_line}"
+            line = new_line
+            found = true
+          end
+          f.write(line)
+        end
+        raise ArugmentError, 'Cound not find line: PRE = \"#{pre}\" in #{version_file}"' unless found
+      end
+
+      FileUtils.mv version_file, "#{version_file}.old"
+      FileUtils.mv "#{version_file}.new", version_file
+    else
+      raise ArgumentError, "Unepexeted pre string: #{pre}"
+    end
+  end
+end
+
 namespace :rdoc do
   desc "Update gh-pages branch"
   task :publish do

data/SECURITY.md

@@ -0,0 +1,4 @@
+## Security contact information
+
+To report a security vulnerability, please use the
+[GitHub private vulnerability reporting feature](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability).

data/lib/net/ssh/authentication/ed25519.rb

@@ -77,6 +77,7 @@ module Net
               raise "BCryptPbkdf is not implemented for jruby" if RUBY_PLATFORM == "java"
 
               key = BCryptPbkdf::key(password, salt, keylen + ivlen, rounds)
+              raise DecryptError.new("BCyryptPbkdf failed", encrypted_key: true) unless key
             else
               key = '\x00' * (keylen + ivlen)
             end

data/lib/net/ssh/buffer.rb

@@ -251,7 +251,6 @@ module Net
       def read_private_keyblob(type)
         case type
         when /^ssh-rsa$/
-          key = OpenSSL::PKey::RSA.new
           n = read_bignum
           e = read_bignum
           d = read_bignum
@@ -262,27 +261,28 @@ module Net
           _unkown2 = read_bignum
           dmp1 = d % (p - 1)
           dmq1 = d % (q - 1)
-          if key.respond_to?(:set_key)
-            key.set_key(n, e, d)
-          else
-            key.e = e
-            key.n = n
-            key.d = d
-          end
-          if key.respond_to?(:set_factors)
-            key.set_factors(p, q)
-          else
-            key.p = p
-            key.q = q
+          # Public key
+          data_sequence = OpenSSL::ASN1::Sequence([
+                                                    OpenSSL::ASN1::Integer(n),
+                                                    OpenSSL::ASN1::Integer(e)
+                                                  ])
+
+          if d && p && q && dmp1 && dmq1 && iqmp
+            data_sequence = OpenSSL::ASN1::Sequence([
+                                                      OpenSSL::ASN1::Integer(0),
+                                                      OpenSSL::ASN1::Integer(n),
+                                                      OpenSSL::ASN1::Integer(e),
+                                                      OpenSSL::ASN1::Integer(d),
+                                                      OpenSSL::ASN1::Integer(p),
+                                                      OpenSSL::ASN1::Integer(q),
+                                                      OpenSSL::ASN1::Integer(dmp1),
+                                                      OpenSSL::ASN1::Integer(dmq1),
+                                                      OpenSSL::ASN1::Integer(iqmp)
+                                                    ])
           end
-          if key.respond_to?(:set_crt_params)
-            key.set_crt_params(dmp1, dmq1, iqmp)
-          else
-            key.dmp1 = dmp1
-            key.dmq1 = dmq1
-            key.iqmp = iqmp
-          end
-          key
+
+          asn1 = OpenSSL::ASN1::Sequence(data_sequence)
+          OpenSSL::PKey::RSA.new(asn1.to_der)
         when /^ecdsa\-sha2\-(\w*)$/
           OpenSSL::PKey::EC.read_keyblob($1, self)
         else

data/lib/net/ssh/version.rb

@@ -56,7 +56,7 @@ module Net
 
       # The prerelease component of this version of the Net::SSH library
       # nil allowed
-      PRE   = "beta1"
+      PRE   = "beta2"
 
       # The current version of the Net::SSH library as a Version instance
       CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 7.1.0.beta1
+  version: 7.1.0.beta2
 platform: ruby
 authors:
 - Jamis Buck
@@ -31,7 +31,7 @@ cert_chain:
   v84waVXQ2i5M7pJaHVBF7DxxeW/q8W3VCnsq8vmmvULSThD18QqYGaFDJeN8sTR4
   6tfjgZ6OvGSScvbCMHkCE9XjonE=
   -----END CERTIFICATE-----
-date: 2023-01-24 00:00:00.000000000 Z
+date: 2023-02-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
@@ -174,6 +174,7 @@ files:
 - Manifest
 - README.md
 - Rakefile
+- SECURITY.md
 - THANKS.txt
 - appveyor.yml
 - docker-compose.yml
@@ -291,7 +292,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: 1.3.1
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.3.3
 signing_key: 
 specification_version: 4
 summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'