net-ssh 4.2.0 → 5.0.0.beta1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: a7f043776ede6127853a72ac22a342affbeb5957
-  data.tar.gz: 0cce99ffd89bbfc0e7a33e7edbfa61de23dc4e2f
+SHA256:
+  metadata.gz: bb60ae0c4c1ea03a94da3dcb5b35842280c1b0ab5454cebb8d456ff7a3160fde
+  data.tar.gz: 2bd1168668f3e93b472560d3b8fae9482ce91a10f1a7dd4b7235f6b7db67e6b6
 SHA512:
-  metadata.gz: a52dce1f0ce49e1bce2d7b563af80ca2c4f5564b2f19703f6e2a3cc418708ec5b23db2da7f3df7f011b0c48e0fc2bcf6d806852906d15c3c95efe663f67c1050
-  data.tar.gz: b53deca142ae02dd0bdf72c1c623956bea38cb19e197db293c1c7f850f3eaee9ea7f0d12253796a6040d7921afcfc0aad6d848da5c97ea889e6ca596b83b8ae8
+  metadata.gz: cdc3a433ce7ba44494eb5e52f9231359004afc9be010fdf60a62e9e846aa23230a556f38c549cc4d58f7b1ba98c72e53eb526b8a0f52313661cdf571d1c17a53
+  data.tar.gz: 0fc94c9dbc7f9e3ea106d53de363faf8cf2b3473857857c387512040b427dbf336ff4cf73d4eb696864ceac61a365571a756ef6b449552d7417b5db34fe19e95

data/.travis.yml

@@ -7,45 +7,46 @@ addon:
     gateway.netssh
 
 rvm:
-  - 2.0
-  - 2.1
   - 2.2
-  - 2.3.0
-  - 2.4.0
-  - jruby-9.1.6.0
-  - rbx-3.69
+  - 2.3.5
+  - 2.4.3
+  - 2.5.0
+  - jruby-9.1.13.0
+  - rbx-3.84
   - ruby-head
 env:
   NET_SSH_RUN_INTEGRATION_TESTS=1
 
 matrix:
   exclude:
-    - rvm: rbx-3.69
-    - rvm: jruby-9.1.6.0
+    - rvm: rbx-3.84
+    - rvm: jruby-9.1.13.0
   include:
-    - rvm: rbx-3.69
+    - rvm: rbx-3.84
       env: NET_SSH_RUN_INTEGRATION_TESTS=
-    - rvm: jruby-9.1.6.0
+    - rvm: jruby-9.1.13.0
       env: JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false' NET_SSH_RUN_INTEGRATION_TESTS=
   fast_finish: true
   allow_failures:
-    - rvm: rbx-3.69
-    - rvm: jruby-9.1.6.0
+    - rvm: rbx-3.84
+    - rvm: jruby-9.1.13.0
     - rvm: ruby-head
 
 install:
   - export JRUBY_OPTS='--client -J-XX:+TieredCompilation -J-XX:TieredStopAtLevel=1 -Xcext.enabled=false -J-Xss2m -Xcompile.invokedynamic=false'
   - sudo pip install ansible
-  - gem install bundler -v "= 1.13.7"
-  - bundle _1.13.7_ install
-  - BUNDLE_GEMFILE=./Gemfile.norbnacl bundle _1.13.7_ install
+  - gem install bundler -v "= 1.16"
+  - gem list bundler
+  - bundle _1.16_ install
+  - bundle _1.16_ -v
+  - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.16_ install
   - sudo ansible-galaxy install rvm_io.ruby
   - sudo chown -R travis:travis /home/travis/.ansible
   - ansible-playbook ./test/integration/playbook.yml -i "localhost," --become -c local -e 'no_rvm=true' -e 'myuser=travis' -e 'mygroup=travis' -e 'homedir=/home/travis'
 
 script:
   - ssh -V
-  - bundle _1.13.7_ exec rake test
-  - BUNDLE_GEMFILE=./Gemfile.norbnacl bundle _1.13.7_ exec rake test
-  - bundle _1.13.7_ exec rake test_test
-  - bundle _1.13.7_ exec rubocop
+  - bundle _1.16_ exec rake test
+  - BUNDLE_GEMFILE=./Gemfile.noed25519 bundle _1.16_ exec rake test
+  - bundle _1.16_ exec rake test_test
+  - bundle _1.16_ exec rubocop

data/CHANGES.txt

@@ -1,3 +1,11 @@
+=== 5.0.0.beta1
+
+ * Don't leave proxy command as zombie on timeout [DimitriosLisenko, #560]
+ * Use OpenSSL for aes*-ctr for up to 5x throughput improvement [Miklós Fazekas, Harald Sitter, #570]
+ * Optimize slice! usage in CTR for up to 2x throughput improvement [Harald Sitter, #569]
+ * Replace RbNaCl dependency with ed25519 gem [Tony Arcieri ,#563]
+ * Add initial Match support [Kasumi Hanazuki,  #553]
+
 === 4.2.0.rc2
 
  * Fix double close bug on auth failure (or ruby 2.2 or earlier) [#538]
@@ -183,7 +191,7 @@
 === 2.9.2-beta
 
 * Remove advertised algorithms that were not working (ssh-rsa-cert-* *ed25519 acm*-gcm@openssh.com) [mfazekas]
-* Unkown algorithms now ignored instead of failed [mfazekas]
+* Unknown algorithms now ignored instead of failed [mfazekas]
 * Configuration change: Asks for password with password auth (up to number_of_password_prompts) [mfazekas]
 * Removed warnings [amatsuda]
 

data/Gemfile

@@ -7,10 +7,6 @@ if !Gem.win_platform? && RUBY_ENGINE == "ruby"
   gem 'byebug', group: [:development, :test]
 end
 
-if (Gem::Version.new(RUBY_VERSION) <=> Gem::Version.new("2.2.6")) < 0
-  gem 'rbnacl', '< 4.0'
-end
-
 if ENV["CI"]
   gem 'codecov', require: false, group: :test
   gem 'simplecov', require: false, group: :test

data/{Gemfile.norbnacl → Gemfile.noed25519}

@@ -1,6 +1,6 @@
 source 'https://rubygems.org'
 
-ENV['NET_SSH_NO_RBNACL'] = 'true'
+ENV['NET_SSH_NO_ED25519'] = 'true'
 # Specify your gem's dependencies in mygem.gemspec
 gemspec
 

data/{Gemfile.norbnacl.lock → Gemfile.noed25519.lock}

@@ -1,33 +1,33 @@
 PATH
   remote: .
   specs:
-    net-ssh (4.0.0)
+    net-ssh (4.2.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
     ast (2.3.0)
     metaclass (0.0.4)
-    minitest (5.10.1)
-    mocha (1.2.1)
+    minitest (5.10.3)
+    mocha (1.3.0)
       metaclass (~> 0.0.1)
-    parser (2.3.3.1)
-      ast (~> 2.2)
+    parser (2.4.0.2)
+      ast (~> 2.3)
     powerpack (0.1.1)
-    rainbow (2.1.0)
-    rake (12.0.0)
-    rubocop (0.46.0)
-      parser (>= 2.3.1.1, < 3.0)
+    rainbow (2.2.2)
+      rake
+    rake (12.3.0)
+    rubocop (0.47.1)
+      parser (>= 2.3.3.1, < 3.0)
       powerpack (~> 0.1)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.0, >= 1.0.1)
-    ruby-progressbar (1.8.1)
-    unicode-display_width (1.1.2)
+    ruby-progressbar (1.9.0)
+    unicode-display_width (1.3.0)
 
 PLATFORMS
   ruby
-  x86-mingw32
 
 DEPENDENCIES
   bundler (~> 1.11)
@@ -35,7 +35,7 @@ DEPENDENCIES
   mocha (>= 1.2.1)
   net-ssh!
   rake (~> 12.0)
-  rubocop (~> 0.46.0)
+  rubocop (~> 0.47.0)
 
 BUNDLED WITH
-   1.13.6
+   1.14.6

data/README.rdoc

@@ -106,7 +106,7 @@ Then, when install the gem, do so with high security:
 
 If you don't add the public key, you'll see an error like "Couldn't verify data signature". If you're still having trouble let me know and I'll give you a hand.
 
-For ed25519 public key auth support your bundle file should contain ```rbnacl-libsodium```, ```rbnacl```, ```bcrypt_pbkdf``` dependencies.
+For ed25519 public key auth support your bundle file should contain ```ed25519```, ```bcrypt_pbkdf``` dependencies.
 
 == RUBY SUPPORT
 

data/Rakefile

@@ -43,6 +43,20 @@ RDoc::Task.new do |rdoc|
   }
 end
 
+namespace :cert do
+desc "Update public cert from private - only run if public is expired"
+task :update_public_when_expired do
+  require 'openssl'
+  require 'time'
+  raw = File.read "net-ssh-public_cert.pem"
+  certificate = OpenSSL::X509::Certificate.new raw
+  raise Exception, "Not yet expired: #{certificate.not_after}" unless certificate.not_after < Time.now
+  sh "gem cert --build netssh@solutious.com --days 365*5 --private-key /mnt/gem/net-ssh-private_key.pem"
+  sh "mv gem-public_cert.pem net-ssh-public_cert.pem"
+  sh "gem cert --add net-ssh-public_cert.pem"
+end
+end
+
 namespace :rdoc do
 desc "Update gh-pages branch"
 task :publish do

data/appveyor.yml

@@ -29,9 +29,9 @@ install:
   - if "%ruby_version%" == "jruby-9.1.2.0" ( cinst jruby --version 9.1.2.0 -i --allow-empty-checksums )
   - if "%ruby_version%" == "jruby-9.1.2.0" ( SET "PATH=C:\jruby-9.1.2.0\bin\;%PATH%" )
   - ruby --version
-  - gem install bundler --no-document -v 1.13.5
-  - SET BUNDLE_GEMFILE=Gemfile.norbnacl
-  - bundle _1.13.5_ install --retry=3
+  - gem install bundler --no-document --user-install -v 1.16
+  - SET BUNDLE_GEMFILE=Gemfile.noed25519
+  - bundle install --retry=3
   - cinst freesshd
   - cinst putty --allow-empty-checksums
   - ps: |
@@ -49,8 +49,8 @@ install:
           }
 
 test_script:
-  - SET BUNDLE_GEMFILE=Gemfile.norbnacl
+  - SET BUNDLE_GEMFILE=Gemfile.noed25519
   - SET NET_SSH_RUN_WIN_INTEGRATION_TESTS=YES
-  - bundle _1.13.5_ exec rake test
+  - bundle exec rake test
 
 build: off

data/lib/net/ssh.rb

@@ -192,7 +192,7 @@ module Net
     # * :password_prompt => a custom prompt object with ask method. See Net::SSH::Prompt
     #
     # * :agent_socket_factory => enables the user to pass a lambda/block that will serve as the socket factory
-    #    Net::SSH::start(user,host,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
+    #    Net::SSH.start(host,user,agent_socket_factory: ->{ UNIXSocket.open('/foo/bar') })
     #    example: ->{ UNIXSocket.open('/foo/bar')}
     # * :verify_host_key => either false, true, :very, or :secure specifying how
     #   strict host-key verification should be (in increasing order here).

data/lib/net/ssh/authentication/agent.rb

@@ -238,12 +238,12 @@ module Net; module SSH; module Authentication
         Net::SSH::Buffer.from(:string, priv_key.to_blob, :bignum, priv_key.key.private_key).to_s
       when /^ssh-ed25519$/
         Net::SSH::Buffer.from(:string, priv_key.public_key.verify_key.to_bytes,
-                              :string, priv_key.sign_key.keypair_bytes).to_s
+                              :string, priv_key.sign_key.keypair).to_s
       when /^ssh-ed25519-cert-v01@openssh\.com$/
         # Unlike the other certificate types, the public key is included after the certifiate.
         Net::SSH::Buffer.from(:string, priv_key.to_blob,
                               :string, priv_key.key.public_key.verify_key.to_bytes,
-                              :string, priv_key.key.sign_key.keypair_bytes).to_s
+                              :string, priv_key.key.sign_key.keypair).to_s
       when /^ssh-rsa$/
         # `n` and `e` are reversed compared to the ordering in `OpenSSL::PKey::RSA#to_blob`.
         Net::SSH::Buffer.from(:bignum, priv_key.n, :bignum, priv_key.e, :bignum, priv_key.d,

data/lib/net/ssh/authentication/ed25519.rb

@@ -1,16 +1,7 @@
-gem 'rbnacl', '>= 3.2.0', '< 5.0'
+gem 'ed25519', '~> 1.2'
 gem 'bcrypt_pbkdf', '~> 1.0' unless RUBY_PLATFORM == "java"
 
-begin
-  require 'rbnacl/libsodium'
-rescue LoadError # rubocop:disable Lint/HandleExceptions
-end
-
-require 'rbnacl'
-require 'rbnacl/signatures/ed25519/verify_key'
-require 'rbnacl/signatures/ed25519/signing_key'
-
-require 'rbnacl/hash'
+require 'ed25519'
 
 require 'base64'
 
@@ -19,10 +10,12 @@ require 'bcrypt_pbkdf' unless RUBY_PLATFORM == "java"
 
 module Net; module SSH; module Authentication
 module ED25519
-  class SigningKeyFromFile < RbNaCl::Signatures::Ed25519::SigningKey
+  class SigningKeyFromFile < SimpleDelegator
     def initialize(pk,sk)
-      @signing_key = sk
-      @verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(pk)
+      key = ::Ed25519::SigningKey.from_keypair(sk)
+      raise ArgumentError, "pk does not match sk" unless pk == key.verify_key.to_bytes
+
+      super(key)
     end
   end
 
@@ -30,7 +23,7 @@ module ED25519
     attr_reader :verify_key
 
     def initialize(data)
-      @verify_key = RbNaCl::Signatures::Ed25519::VerifyKey.new(data)
+      @verify_key = ::Ed25519::VerifyKey.new(data)
     end
 
     def self.read_keyblob(buffer)
@@ -151,10 +144,6 @@ module ED25519
     def self.read(data,password)
       self.new(data,password)
     end
-
-    def self.read_keyblob(buffer)
-      ED25519::PubKey.read_keyblob(buffer)
-    end
   end
 end
 end; end; end

data/lib/net/ssh/authentication/ed25519_loader.rb

@@ -21,10 +21,9 @@ end
 
 def self.dependenciesRequiredForED25519
   result = "net-ssh requires the following gems for ed25519 support:\n"
-  result << " * rbnacl (>= 3.2, < 5.0)\n"
-  result << " * rbnacl-libsodium, if your system doesn't have libsodium installed.\n"
+  result << " * ed25519 (>= 1.2, < 2.0)\n"
   result << " * bcrypt_pbkdf (>= 1.0, < 2.0)\n" unless RUBY_PLATFORM == "java"
-  result << "See https://github.com/net-ssh/net-ssh/issues/478 for more information\n"
+  result << "See https://github.com/net-ssh/net-ssh/issues/565 for more information\n"
 end
 
 end

data/lib/net/ssh/buffered_io.rb

@@ -113,7 +113,7 @@ module Net; module SSH
     def wait_for_pending_sends
       send_pending
       while output.length > 0
-        result = Net::SSH::Compat.io_select(nil, [self]) or next
+        result = IO.select(nil, [self]) or next
         next unless result[1].any?
         send_pending
       end

data/lib/net/ssh/config.rb

@@ -49,11 +49,11 @@ module Net; module SSH
       # Returns an array of locations of OpenSSH configuration files
       # to parse by default.
       def default_files
-        @@default_files
+        @@default_files.clone
       end
 
       def default_auth_methods
-        @@default_auth_methods
+        @@default_auth_methods.clone
       end
 
       # Loads the configuration data for the given +host+ from all of the
@@ -78,8 +78,8 @@ module Net; module SSH
         return settings unless File.readable?(file)
 
         globals = {}
-        host_matched = false
-        seen_host = false
+        block_matched = false
+        block_seen = false
         IO.foreach(file) do |line|
           next if line =~ /^\s*(?:#.*)?$/
 
@@ -112,14 +112,17 @@ module Net; module SSH
             negative_matched = negative_hosts.any? { |h| host =~ pattern2regex(h[1..-1]) }
 
             if negative_matched
-              host_matched = false
+              block_matched = false
             else
-              host_matched = positive_hosts.any? { |h| host =~ pattern2regex(h) }
+              block_matched = positive_hosts.any? { |h| host =~ pattern2regex(h) }
             end
 
-            seen_host = true
+            block_seen = true
             settings[key] = host
-          elsif !seen_host
+          elsif key == 'match'
+            block_matched = eval_match_condition(value, host, settings)
+            block_seen = true
+          elsif !block_seen
             case key
             when 'identityfile'
               (globals[key] ||= []) << value
@@ -130,7 +133,7 @@ module Net; module SSH
             else
               globals[key] = value unless settings.key?(key)
             end
-          elsif host_matched
+          elsif block_matched
             case key
             when 'identityfile'
               (settings[key] ||= []) << value
@@ -144,18 +147,14 @@ module Net; module SSH
           end
         end
 
-        if globals
-          settings = globals.merge(settings) do |key, oldval, newval|
-            case key
-            when 'identityfile'
-              oldval + newval
-            else
-              newval
-            end
+        globals.merge(settings) do |key, oldval, newval|
+          case key
+          when 'identityfile'
+            oldval + newval
+          else
+            newval
           end
         end
-
-        return settings
       end
 
       # Given a hash of OpenSSH configuration options, converts them into
@@ -323,6 +322,24 @@ module Net; module SSH
         def tokenize_config_value(str)
           str.scan(/([^"\s]+)?(?:"([^"]+)")?\s*/).map(&:join)
         end
+
+        def eval_match_condition(condition, host, settings)
+          if condition.start_with?('!')
+            negated = true
+            condition = condition[1..-1]
+          else
+            negated = false
+          end
+
+          condition_met =
+            case condition
+            when 'all'
+              true
+            end
+
+          # return false for unsupported conditions
+          condition_met.nil? ? false : (negated ^ condition_met)
+        end
     end
   end
 

data/lib/net/ssh/connection/event_loop.rb

@@ -64,7 +64,7 @@ module Net; module SSH; module Connection
         sw.each { |wi| owners[wi] = session }
       end
 
-      readers, writers, = Net::SSH::Compat.io_select(r, w, nil, minwait)
+      readers, writers, = IO.select(r, w, nil, minwait)
 
       fired_sessions = {}
 
@@ -105,7 +105,7 @@ module Net; module SSH; module Connection
       raise "Only one session expected" unless @sessions.count == 1
       session = @sessions.first
       sr,sw,actwait = session.ev_do_calculate_rw_wait(wait)
-      readers, writers, = Net::SSH::Compat.io_select(sr, sw, nil, actwait)
+      readers, writers, = IO.select(sr, sw, nil, actwait)
 
       session.ev_do_handle_events(readers,writers)
       session.ev_do_postprocess(!((readers.nil? || readers.empty?) && (writers.nil? || writers.empty?)))

data/lib/net/ssh/proxy/command.rb

@@ -23,6 +23,9 @@ module Net; module SSH; module Proxy
     # The command line for the session
     attr_reader :command_line
 
+    # Timeout in seconds in open, defaults to 60
+    attr_accessor :timeout
+
     # Create a new socket factory that tunnels via a command executed
     # with the user's shell, which is composed from the given command
     # template.  In the command template, `%h' will be substituted by
@@ -30,6 +33,7 @@ module Net; module SSH; module Proxy
     def initialize(command_line_template)
       @command_line_template = command_line_template
       @command_line = nil
+      @timeout = 60
     end
 
     # Return a new socket connected to the given host and port via the
@@ -56,13 +60,17 @@ module Net; module SSH; module Proxy
       }
       begin
         io = IO.popen(command_line, "r+")
-        if result = Net::SSH::Compat.io_select([io], nil, [io], 60)
-          if result.last.any? || io.eof?
-            io.close
-            raise "command failed"
+        begin
+          if result = IO.select([io], nil, [io], @timeout)
+            if result.last.any? || io.eof?
+              raise "command failed"
+            end
+          else
+            raise "command timed out"
           end
-        else
-          raise "command timed out"
+        rescue
+          close_on_error(io)
+          raise
         end
       rescue => e
         raise ConnectError, "#{e}: #{command_line}"
@@ -104,6 +112,12 @@ module Net; module SSH; module Proxy
       end
       io
     end
+
+    def close_on_error(io)
+      Process.kill('TERM', io.pid)
+      Thread.new { io.close }
+    end
+
   end
 
 end; end; end

data/lib/net/ssh/ruby_compat.rb

@@ -10,15 +10,3 @@ class String
     end
   end
 end
-
-module Net; module SSH
-  
-  # This class contains miscellaneous patches and workarounds
-  # for different ruby implementations.
-  class Compat
-    def self.io_select(*params)
-      IO.select(*params)
-    end
-  end
-  
-end; end

data/lib/net/ssh/transport/cipher_factory.rb

@@ -24,9 +24,10 @@ module Net; module SSH; module Transport
 
       "3des-ctr"                    => "des-ede3",
       "blowfish-ctr"                => "bf-ecb",
-      "aes256-ctr"                  => "aes-256-ecb",
-      "aes192-ctr"                  => "aes-192-ecb",
-      "aes128-ctr"                  => "aes-128-ecb",
+
+      "aes256-ctr"                  => "aes-256-ctr",
+      "aes192-ctr"                  => "aes-192-ctr",
+      "aes128-ctr"                  => "aes-128-ctr",
       "cast128-ctr"                 => "cast5-ecb",
 
       "none"                        => "none",
@@ -63,7 +64,13 @@ module Net; module SSH; module Transport
 
       cipher.padding = 0
 
-      cipher.extend(Net::SSH::Transport::CTR) if (name =~ /-ctr(@openssh.org)?$/)
+      if name =~ /-ctr(@openssh.org)?$/
+        if ossl_name !~ /-ctr/
+          cipher.extend(Net::SSH::Transport::CTR)
+        else
+          cipher = Net::SSH::Transport::OpenSSLAESCTR.new(cipher)
+        end
+      end
       cipher.iv = Net::SSH::Transport::KeyExpander.expand_key(cipher.iv_len, options[:iv], options) if ossl_name != "rc4"
 
       key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
@@ -89,7 +96,17 @@ module Net; module SSH; module Transport
         key_len = KEY_LEN_OVERRIDE[name] || cipher.key_len
         cipher.key_len = key_len
 
-        result = [key_len, ossl_name=="rc4" ? 8 : cipher.block_size]
+        block_size =
+          case ossl_name
+          when "rc4"
+            8
+          when /\-ctr/
+            Net::SSH::Transport::OpenSSLAESCTR.block_size
+          else
+            cipher.block_size
+          end
+
+        result = [key_len, block_size]
         result << cipher.iv_len if options[:iv_len]
       end
       result

data/lib/net/ssh/transport/ctr.rb

@@ -1,7 +1,32 @@
 require 'openssl'
+require 'delegate'
 
 module Net::SSH::Transport
+  #:nodoc:
+  class OpenSSLAESCTR < SimpleDelegator
+    def initialize(original)
+      super
+      @was_reset = false
+    end
+
+    def block_size
+      16
+    end
 
+    def self.block_size
+      16
+    end
+
+    def reset
+      @was_reset = true
+    end
+
+    def iv=(iv_s)
+      super unless @was_reset
+    end
+  end
+
+  #:nodoc:
   # Pure-Ruby implementation of Stateful Decryption Counter(SDCTR) Mode
   # for Block Ciphers. See RFC4344 for detail.
   module CTR
@@ -12,7 +37,7 @@ module Net::SSH::Transport
         @counter_len = orig.block_size
         orig.encrypt
         orig.padding = 0
-        
+
         singleton_class.send(:alias_method, :_update, :update)
         singleton_class.send(:private, :_update)
         singleton_class.send(:undef_method, :update)
@@ -50,11 +75,14 @@ module Net::SSH::Transport
 
           encrypted = ""
 
-          while @remaining.bytesize >= block_size
-            encrypted += xor!(@remaining.slice!(0, block_size),
+          offset = 0
+          while (@remaining.bytesize - offset) >= block_size
+            encrypted += xor!(@remaining.slice(offset, block_size),
                               _update(@counter))
             increment_counter!
+            offset += block_size
           end
+          @remaining = @remaining.slice(offset..-1)
 
           encrypted
         end

data/lib/net/ssh/transport/openssl.rb

@@ -109,12 +109,12 @@ module OpenSSL
            OpenSSL::ASN1::Integer(sig_r),
            OpenSSL::ASN1::Integer(sig_s)
         ])
-        return verify(OpenSSL::Digest::DSS1.new, a1sig.to_der, data)
+        return verify(OpenSSL::Digest::SHA1.new, a1sig.to_der, data)
       end
 
       # Signs the given data.
       def ssh_do_sign(data)
-        sig = sign( OpenSSL::Digest::DSS1.new, data)
+        sig = sign( OpenSSL::Digest::SHA1.new, data)
         a1sig = OpenSSL::ASN1.decode( sig )
 
         sig_r = a1sig.value[0].value.to_s(2)

data/lib/net/ssh/transport/packet_stream.rb

@@ -72,7 +72,7 @@ module Net; module SSH; module Transport
 
     # Returns true if the IO is available for reading, and false otherwise.
     def available_for_read?
-      result = Net::SSH::Compat.io_select([self], nil, nil, 0)
+      result = IO.select([self], nil, nil, 0)
       result && result.first.any?
     end
 
@@ -105,7 +105,7 @@ module Net; module SSH; module Transport
           return packet if packet
 
           loop do
-            result = Net::SSH::Compat.io_select([self]) or next
+            result = IO.select([self]) or next
             break if result.first.any?
           end
 

data/lib/net/ssh/version.rb

@@ -45,17 +45,17 @@ module Net; module SSH
     end
 
     # The major component of this version of the Net::SSH library
-    MAJOR = 4
+    MAJOR = 5
 
     # The minor component of this version of the Net::SSH library
-    MINOR = 2
+    MINOR = 0
 
     # The tiny component of this version of the Net::SSH library
     TINY  = 0
 
     # The prerelease component of this version of the Net::SSH library
     # nil allowed
-    PRE   = nil
+    PRE   = "beta1"
 
     # The current version of the Net::SSH library as a Version instance
     CURRENT = new(*[MAJOR, MINOR, TINY, PRE].compact)

data/net-ssh-public_cert.pem

@@ -1,7 +1,7 @@
 -----BEGIN CERTIFICATE-----
-MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQ8wDQYDVQQDDAZuZXRz
+MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMQ8wDQYDVQQDDAZuZXRz
 c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
-b20wHhcNMTYxMjE1MTgwNTIyWhcNMTcxMjE1MTgwNTIyWjBBMQ8wDQYDVQQDDAZu
+b20wHhcNMTgwMzExMDU0MzU1WhcNMTkwMzExMDU0MzU1WjBBMQ8wDQYDVQQDDAZu
 ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
 FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
 pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
@@ -12,10 +12,10 @@ KP4yMn+TzaXijyjRg7gECfJr3TGASaA4bQsILFGG5dAWcwO4OMrZedR7SHj/o0Kf
 3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
 BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
 b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
-9w0BAQUFAAOCAQEATd8If+Ytmhf5lELy24j76ahGv64m518WTCdV2nIViGXB2BnV
-uLQylGRb1rcgUS3Eh9TE28hqrfhotKS6a96qF9kN0mY2H6UwPWswJ+tj3gA1vLW8
-wlZNlYGJ91Ig9zULPSbATyOOprUZyggy5p1260BaaI3LQYDeGJOSqpHCVu+TuMcy
-k00ofiLT1crDSUl2WE/OIFK8AXpmd798AMsef8okHeoo+Dj7zCXn0VSimN+MO1mE
-L4d54WIy4HkZCqQXoTSiK5HZMIdXkPk3F1bZdJ8Dy1sMRru0rUkkM5mW7TQ75mfW
-Zp0QrZyNZhtitrXFbZneGRrIA/8G2Krft5Ly/A==
+9w0BAQsFAAOCAQEAnINf4yDsUx62QPKC2E+5Dj0hN2yUjcYzTGwxyz8x+nCiC0X3
+cyjftyEViuKvAKtZ0Uo4OG0x2SZ5O7I45OkUo1bAOFcuYRFYiD1JRlyvl8aB+2Vl
+pFyi/4ClnmjNxnplXL+mmScv/4VacBD1/LNBUVNluhLue2yIakAXFy0KthqLzIG8
+BYIiexqQMKfkw+auIcyXe1luZnCt6JFksW0BVoZGTj5Sj7sC2+cS4y9XYog1dSks
+ZFwoIuXKeDmTTpryd/vI7sdLXDuV6MbWOLGh6gXn9RDDXG1EqEXW0bjovATBMpdH
+9OGohJvAFzcvhDTWPwT6w3PG5B80pqb9j1hEAg==
 -----END CERTIFICATE-----

data/net-ssh.gemspec

@@ -16,7 +16,7 @@ Gem::Specification.new do |spec|
   spec.description   = %q{Net::SSH: a pure-Ruby implementation of the SSH2 client protocol. It allows you to write programs that invoke and interact with processes on remote servers, via SSH2.}
   spec.homepage      = "https://github.com/net-ssh/net-ssh"
   spec.license       = "MIT"
-  spec.required_ruby_version = Gem::Requirement.new(">= 2.0")
+  spec.required_ruby_version = Gem::Requirement.new(">= 2.2.6")
 
   spec.extra_rdoc_files = [
     "LICENSE.txt",
@@ -28,9 +28,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
-  unless ENV['NET_SSH_NO_RBNACL']
-    spec.add_development_dependency("rbnacl-libsodium", "~> 1.0.11")
-    spec.add_development_dependency("rbnacl", ['>= 3.2.0','< 5.0'])
+  unless ENV['NET_SSH_NO_ED25519']
+    spec.add_development_dependency("ed25519", "~> 1.2")
     spec.add_development_dependency("bcrypt_pbkdf", "~> 1.0") unless RUBY_PLATFORM == "java"
   end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: net-ssh
 version: !ruby/object:Gem::Version
-  version: 4.2.0
+  version: 5.0.0.beta1
 platform: ruby
 authors:
 - Jamis Buck
@@ -12,9 +12,9 @@ bindir: exe
 cert_chain:
 - |
   -----BEGIN CERTIFICATE-----
-  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQUFADBBMQ8wDQYDVQQDDAZuZXRz
+  MIIDeDCCAmCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMQ8wDQYDVQQDDAZuZXRz
   c2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZFgNj
-  b20wHhcNMTYxMjE1MTgwNTIyWhcNMTcxMjE1MTgwNTIyWjBBMQ8wDQYDVQQDDAZu
+  b20wHhcNMTgwMzExMDU0MzU1WhcNMTkwMzExMDU0MzU1WjBBMQ8wDQYDVQQDDAZu
   ZXRzc2gxGTAXBgoJkiaJk/IsZAEZFglzb2x1dGlvdXMxEzARBgoJkiaJk/IsZAEZ
   FgNjb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDGJ4TbZ9H+qZ08
   pQfJhPJTHaDCyQvCsKTFrL5O9z3tllQ7B/zksMMM+qFBpNYu9HCcg4yBATacE/PB
@@ -25,49 +25,29 @@ cert_chain:
   3gL7P0axAgMBAAGjezB5MAkGA1UdEwQCMAAwCwYDVR0PBAQDAgSwMB0GA1UdDgQW
   BBQF8qLA7Z4zg0SJGtUbv3eoQ8tjIzAfBgNVHREEGDAWgRRuZXRzc2hAc29sdXRp
   b3VzLmNvbTAfBgNVHRIEGDAWgRRuZXRzc2hAc29sdXRpb3VzLmNvbTANBgkqhkiG
-  9w0BAQUFAAOCAQEATd8If+Ytmhf5lELy24j76ahGv64m518WTCdV2nIViGXB2BnV
-  uLQylGRb1rcgUS3Eh9TE28hqrfhotKS6a96qF9kN0mY2H6UwPWswJ+tj3gA1vLW8
-  wlZNlYGJ91Ig9zULPSbATyOOprUZyggy5p1260BaaI3LQYDeGJOSqpHCVu+TuMcy
-  k00ofiLT1crDSUl2WE/OIFK8AXpmd798AMsef8okHeoo+Dj7zCXn0VSimN+MO1mE
-  L4d54WIy4HkZCqQXoTSiK5HZMIdXkPk3F1bZdJ8Dy1sMRru0rUkkM5mW7TQ75mfW
-  Zp0QrZyNZhtitrXFbZneGRrIA/8G2Krft5Ly/A==
+  9w0BAQsFAAOCAQEAnINf4yDsUx62QPKC2E+5Dj0hN2yUjcYzTGwxyz8x+nCiC0X3
+  cyjftyEViuKvAKtZ0Uo4OG0x2SZ5O7I45OkUo1bAOFcuYRFYiD1JRlyvl8aB+2Vl
+  pFyi/4ClnmjNxnplXL+mmScv/4VacBD1/LNBUVNluhLue2yIakAXFy0KthqLzIG8
+  BYIiexqQMKfkw+auIcyXe1luZnCt6JFksW0BVoZGTj5Sj7sC2+cS4y9XYog1dSks
+  ZFwoIuXKeDmTTpryd/vI7sdLXDuV6MbWOLGh6gXn9RDDXG1EqEXW0bjovATBMpdH
+  9OGohJvAFzcvhDTWPwT6w3PG5B80pqb9j1hEAg==
   -----END CERTIFICATE-----
-date: 2017-09-06 00:00:00.000000000 Z
+date: 2018-03-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rbnacl-libsodium
+  name: ed25519
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.11
+        version: '1.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.0.11
-- !ruby/object:Gem::Dependency
-  name: rbnacl
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.2.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 3.2.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   name: bcrypt_pbkdf
   requirement: !ruby/object:Gem::Requirement
@@ -169,8 +149,8 @@ files:
 - ".travis.yml"
 - CHANGES.txt
 - Gemfile
-- Gemfile.norbnacl
-- Gemfile.norbnacl.lock
+- Gemfile.noed25519
+- Gemfile.noed25519.lock
 - ISSUE_TEMPLATE.md
 - LICENSE.txt
 - Manifest
@@ -278,15 +258,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.0'
+      version: 2.2.6
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.10
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: 'Net::SSH: a pure-Ruby implementation of the SSH2 client protocol.'

metadata.gz.sig

@@ -1,2 +1 @@
-z�,���
ڒ|Rd�p+*ֶ
�!@�k�Ng�I!�`E"�	ﲡ�!a�
-8����l��Wؚ����po{C�m>V@;������?����y��(�=��긱#RW.�`*[]d��KhS�7�-�D�iO��N)�JԒW&h���0�N��tu���zKd�
+������������Z�p�t����3M3��s���G�`��O�d
!�t����\1a4��{���Q����J*&;E��<��Dx�=�^��(�9D��\�v�Π&{
���>���S�������ڸ���('�W�r�2#(�X�Z
�B�
�`����⽾w!ZZ�A
���Y�����e�D��r�� �{�1I�c���D��)�X��l���R}���NOB���j�p���K�