block/ssh: Bump minimum libssh version to 0.8.7
It has been over two years since RHEL-8 was released, and thus per the platform build policy, we no longer need to support RHEL-7 as a build target. So from the RHEL-7 perspective, we do not have to support libssh v0.7 anymore now. Let's look at the versions from other distributions and operating systems - according to repology.org, current shipping versions are: RHEL-8: 0.9.4 Debian Buster: 0.8.7 openSUSE Leap 15.2: 0.8.7 Ubuntu LTS 18.04: 0.8.0 * Ubuntu LTS 20.04: 0.9.3 FreeBSD: 0.9.5 Fedora 33: 0.9.5 Fedora 34: 0.9.5 OpenBSD: 0.9.5 macOS HomeBrew: 0.9.5 HaikuPorts: 0.9.5 * The version of libssh in Ubuntu 18.04 claims to be 0.8.0 from the name of the package, but in reality it is a 0.7 patched up as a Frankenstein monster with patches from the 0.8 development branch. This gave us some headaches in the past already and so it never worked with QEMU. All attempts to get it supported have failed in the past, patches for QEMU have never been merged and a request to Ubuntu to fix it in their 18.04 distro has been ignored: https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/1847514 Thus we really should ignore the libssh in Ubuntu 18.04 in QEMU, too. Fix it by bumping the minimum libssh version to something that is greater than 0.8.0 now. Debian Buster and openSUSE Leap have the oldest version and so 0.8.7 is the new minimum. Signed-off-by: Thomas Huth <thuth@redhat.com> Tested-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Acked-by: Richard W.M. Jones <rjones@redhat.com> Message-Id: <20210519155859.344569-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
This commit is contained in:
parent
13cb12f619
commit
b4c10fc6fe
59
block/ssh.c
59
block/ssh.c
@ -277,7 +277,6 @@ static void ssh_parse_filename(const char *filename, QDict *options,
|
||||
static int check_host_key_knownhosts(BDRVSSHState *s, Error **errp)
|
||||
{
|
||||
int ret;
|
||||
#ifdef HAVE_LIBSSH_0_8
|
||||
enum ssh_known_hosts_e state;
|
||||
int r;
|
||||
ssh_key pubkey;
|
||||
@ -343,46 +342,6 @@ static int check_host_key_knownhosts(BDRVSSHState *s, Error **errp)
|
||||
error_setg(errp, "error while checking for known server (%d)", state);
|
||||
goto out;
|
||||
}
|
||||
#else /* !HAVE_LIBSSH_0_8 */
|
||||
int state;
|
||||
|
||||
state = ssh_is_server_known(s->session);
|
||||
trace_ssh_server_status(state);
|
||||
|
||||
switch (state) {
|
||||
case SSH_SERVER_KNOWN_OK:
|
||||
/* OK */
|
||||
trace_ssh_check_host_key_knownhosts();
|
||||
break;
|
||||
case SSH_SERVER_KNOWN_CHANGED:
|
||||
ret = -EINVAL;
|
||||
error_setg(errp,
|
||||
"host key does not match the one in known_hosts; this "
|
||||
"may be a possible attack");
|
||||
goto out;
|
||||
case SSH_SERVER_FOUND_OTHER:
|
||||
ret = -EINVAL;
|
||||
error_setg(errp,
|
||||
"host key for this server not found, another type exists");
|
||||
goto out;
|
||||
case SSH_SERVER_FILE_NOT_FOUND:
|
||||
ret = -ENOENT;
|
||||
error_setg(errp, "known_hosts file not found");
|
||||
goto out;
|
||||
case SSH_SERVER_NOT_KNOWN:
|
||||
ret = -EINVAL;
|
||||
error_setg(errp, "no host key was found in known_hosts");
|
||||
goto out;
|
||||
case SSH_SERVER_ERROR:
|
||||
ret = -EINVAL;
|
||||
error_setg(errp, "server error");
|
||||
goto out;
|
||||
default:
|
||||
ret = -EINVAL;
|
||||
error_setg(errp, "error while checking for known server (%d)", state);
|
||||
goto out;
|
||||
}
|
||||
#endif /* !HAVE_LIBSSH_0_8 */
|
||||
|
||||
/* known_hosts checking successful. */
|
||||
ret = 0;
|
||||
@ -438,11 +397,7 @@ check_host_key_hash(BDRVSSHState *s, const char *hash,
|
||||
unsigned char *server_hash;
|
||||
size_t server_hash_len;
|
||||
|
||||
#ifdef HAVE_LIBSSH_0_8
|
||||
r = ssh_get_server_publickey(s->session, &pubkey);
|
||||
#else
|
||||
r = ssh_get_publickey(s->session, &pubkey);
|
||||
#endif
|
||||
if (r != SSH_OK) {
|
||||
session_error_setg(errp, s, "failed to read remote host key");
|
||||
return -EINVAL;
|
||||
@ -1233,8 +1188,6 @@ static void unsafe_flush_warning(BDRVSSHState *s, const char *what)
|
||||
}
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBSSH_0_8
|
||||
|
||||
static coroutine_fn int ssh_flush(BDRVSSHState *s, BlockDriverState *bs)
|
||||
{
|
||||
int r;
|
||||
@ -1271,18 +1224,6 @@ static coroutine_fn int ssh_co_flush(BlockDriverState *bs)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#else /* !HAVE_LIBSSH_0_8 */
|
||||
|
||||
static coroutine_fn int ssh_co_flush(BlockDriverState *bs)
|
||||
{
|
||||
BDRVSSHState *s = bs->opaque;
|
||||
|
||||
unsafe_flush_warning(s, "libssh >= 0.8.0");
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* !HAVE_LIBSSH_0_8 */
|
||||
|
||||
static int64_t ssh_getlength(BlockDriverState *bs)
|
||||
{
|
||||
BDRVSSHState *s = bs->opaque;
|
||||
|
19
configure
vendored
19
configure
vendored
@ -3529,7 +3529,7 @@ fi
|
||||
##########################################
|
||||
# libssh probe
|
||||
if test "$libssh" != "no" ; then
|
||||
if $pkg_config --exists libssh; then
|
||||
if $pkg_config --exists "libssh >= 0.8.7"; then
|
||||
libssh_cflags=$($pkg_config libssh --cflags)
|
||||
libssh_libs=$($pkg_config libssh --libs)
|
||||
libssh=yes
|
||||
@ -3541,23 +3541,6 @@ if test "$libssh" != "no" ; then
|
||||
fi
|
||||
fi
|
||||
|
||||
##########################################
|
||||
# Check for libssh 0.8
|
||||
# This is done like this instead of using the LIBSSH_VERSION_* and
|
||||
# SSH_VERSION_* macros because some distributions in the past shipped
|
||||
# snapshots of the future 0.8 from Git, and those snapshots did not
|
||||
# have updated version numbers (still referring to 0.7.0).
|
||||
|
||||
if test "$libssh" = "yes"; then
|
||||
cat > $TMPC <<EOF
|
||||
#include <libssh/libssh.h>
|
||||
int main(void) { return ssh_get_server_publickey(NULL, NULL); }
|
||||
EOF
|
||||
if compile_prog "$libssh_cflags" "$libssh_libs"; then
|
||||
libssh_cflags="-DHAVE_LIBSSH_0_8 $libssh_cflags"
|
||||
fi
|
||||
fi
|
||||
|
||||
##########################################
|
||||
# linux-aio probe
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user