From de03c6842e17fcbf018d54c765e715f40c048653 Mon Sep 17 00:00:00 2001 From: Paul Howarth Date: May 05 2023 09:52:23 +0000 Subject: Use SPDX-format license tag and drop hobbled CryptX support Prior to Fedora 36, the perl-CryptX package was hobbled in that it did not include ECC support. There is no longer any need to support this. --- diff --git a/Net-SSH-Perl-2.14-hobbled.patch b/Net-SSH-Perl-2.14-hobbled.patch deleted file mode 100644 index 2224594..0000000 --- a/Net-SSH-Perl-2.14-hobbled.patch +++ /dev/null @@ -1,110 +0,0 @@ ---- lib/Net/SSH/Perl/Constants.pm -+++ lib/Net/SSH/Perl/Constants.pm -@@ -131,7 +131,7 @@ use vars qw( %CONSTANTS ); - 'KEX_DH_GEX_SHA1' => 'diffie-hellman-group-exchange-sha1', - 'KEX_CURVE25519_SHA256' => 'curve25519-sha256@libssh.org', - 'KEX_CURVE25519_SHA256_ALIAS' => 'curve25519-sha256', -- 'KEX_DEFAULT_KEX' => 'curve25519-sha256@libssh.org,curve25519-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1', -+ 'KEX_DEFAULT_KEX' => 'diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1', - 'KEX_ALL_KEX' => 'diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,curve25519-sha256@libssh.org,curve25519-sha256', - 'KEX_DEFAULT_PK_ALG' => 'ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa', - 'KEX_ALL_PK_ALG' => 'ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,ssh-rsa,ssh-dss', ---- lib/Net/SSH/Perl/Kex.pm -+++ lib/Net/SSH/Perl/Kex.pm -@@ -220,9 +220,6 @@ sub choose_kex { - croak "No kex algorithm" unless $name; - $kex->{algorithm} = $name; - my %kexmap = ( -- &KEX_CURVE25519_SHA256 => 'C25519', -- &KEX_CURVE25519_SHA256_ALIAS -- => 'C25519', - &KEX_DH_GEX_SHA256 => 'DHGEXSHA256', - &KEX_DH_GEX_SHA1 => 'DHGEXSHA1', - &KEX_DH14_SHA1 => 'DH14SHA1', ---- lib/Net/SSH/Perl/Key.pm -+++ lib/Net/SSH/Perl/Key.pm -@@ -26,9 +26,6 @@ use vars qw( %KEY_TYPES ); - 'ssh-dss' => 'DSA', - 'ssh-rsa' => 'RSA', - 'ssh-ed25519' => 'Ed25519', -- 'ecdsa-sha2-nistp256' => 'ECDSA256', -- 'ecdsa-sha2-nistp384' => 'ECDSA384', -- 'ecdsa-sha2-nistp521' => 'ECDSA521', - ); - - sub new_from_blob { -@@ -95,7 +92,6 @@ use vars qw( %OBJ_MAP ); - 'SSH2 ENCRYPTED PRIVATE KEY' => [ 'DSA', [ 'SSH2' ] ], - 'RSA PRIVATE KEY' => [ 'RSA' ], - 'OPENSSH PRIVATE KEY' => [ 'Ed25519' ], -- 'EC PRIVATE KEY' => [ 'ECDSA' ], - ); - - sub read_private_pem { -@@ -167,8 +163,8 @@ Net::SSH::Perl::Key - Public or private - =head1 DESCRIPTION - - I implements an abstract base class interface --to key objects (either DSA, RSA, ECDSA, or Ed25519 keys, currently). --The underlying implementation for RSA, DSA, an ECDSA keys is the -+to key objects (either DSA, RSA, or Ed25519 keys, currently). -+The underlying implementation for RSA, and DSA keys is the - CryptX module. The Ed25519 implementation uses bundled XS and C code - from the SUPERCOP ref10 implementation. - -@@ -178,8 +174,7 @@ from the SUPERCOP ref10 implementation. - - Creates a new object of type I, - after loading the class implementing I<$key_type>. --should be C, C, C, C, C, C, --or C. -+should be C, C, C, or C. - - I<$blob>, if present, should be a string representation of the key, - from which the key object can be initialized. In fact, it should -@@ -209,11 +204,11 @@ passphrase, this might be a good time to - actual passphrase. :) - - Returns the new key object, which is blessed into the subclass --denoted by I<$key_type> (C, C, C or C). -+denoted by I<$key_type> (C, C or C). - - =head2 Net::SSH::Perl::Key->keygen($key_type, $bits) - --$key_type is one of RSA, DSA, or ECDSA256/ECDSA384/ECDSA521. -+$key_type is one of RSA or DSA. - Generates a new key and returns that key. The key returned is the - private key, which (presumably) contains all of the public key - data, as well. I<$bits> is the number of bits in the key. ---- lib/Net/SSH/Perl.pm -+++ lib/Net/SSH/Perl.pm -@@ -492,7 +492,7 @@ of the SSH protocol, and makes use of ex - the Crypt:: family of modules) to handle encryption of all data sent - across the insecure network. It can also read your existing SSH - configuration files (F, etc.), RSA identity files, --ECDSA identity files, Ed25519 identity files, known hosts files, etc. -+Ed25519 identity files, known hosts files, etc. - - One advantage to using I over wrapper-style - implementations of ssh clients is that it saves on process ---- MANIFEST -+++ MANIFEST -@@ -46,7 +46,6 @@ lib/Net/SSH/Perl/Constants.pm - lib/Net/SSH/Perl/Handle/SSH1.pm - lib/Net/SSH/Perl/Handle/SSH2.pm - lib/Net/SSH/Perl/Handle.pm --lib/Net/SSH/Perl/Kex/C25519.pm - lib/Net/SSH/Perl/Kex/DH.pm - lib/Net/SSH/Perl/Kex/DH1.pm - lib/Net/SSH/Perl/Kex/DH14SHA1.pm -@@ -58,10 +57,6 @@ lib/Net/SSH/Perl/Kex/DHGEXSHA1.pm - lib/Net/SSH/Perl/Kex/DHGEXSHA256.pm - lib/Net/SSH/Perl/Kex.pm - lib/Net/SSH/Perl/Key/DSA.pm --lib/Net/SSH/Perl/Key/ECDSA.pm --lib/Net/SSH/Perl/Key/ECDSA256.pm --lib/Net/SSH/Perl/Key/ECDSA384.pm --lib/Net/SSH/Perl/Key/ECDSA521.pm - lib/Net/SSH/Perl/Key/Ed25519.pm - lib/Net/SSH/Perl/Key/Ed25519.xs - lib/Net/SSH/Perl/Key/RSA.pm diff --git a/perl-Net-SSH-Perl.spec b/perl-Net-SSH-Perl.spec index d5680c4..7f3e24e 100644 --- a/perl-Net-SSH-Perl.spec +++ b/perl-Net-SSH-Perl.spec @@ -1,23 +1,10 @@ -# We have an older version of CryptX with ECC support stripped out -# so that we can unbundle libtomcrypt; as such, we need to remove the -# parts of Net-SSH-Perl that use this functionality -# https://bugzilla.redhat.com/show_bug.cgi?id=1545816 -# -# However, it has been un-hobbled since F-36 and in EPEL -%if 0%{?fedora} > 35 || 0%{?rhel:1} -%global hobbled_cryptx 0 -%else -%global hobbled_cryptx 1 -%endif - Summary: SSH (Secure Shell) client Name: perl-Net-SSH-Perl Version: 2.14 -Release: 19%{?dist} -License: GPL+ or Artistic +Release: 20%{?dist} +License: GPL-1.0-or-later OR Artistic-1.0-Perl URL: https://metacpan.org/release/Net-SSH-Perl Source0: https://cpan.metacpan.org/authors/id/S/SC/SCHWIGON/Net-SSH-Perl-%{version}.tar.gz -Patch0: Net-SSH-Perl-2.14-hobbled.patch # Module Build BuildRequires: coreutils BuildRequires: findutils @@ -36,9 +23,7 @@ BuildRequires: perl(constant) BuildRequires: perl(Crypt::Cipher::AES) BuildRequires: perl(Crypt::Cipher::Blowfish) BuildRequires: perl(Crypt::Cipher::DES) -%if ! %{hobbled_cryptx} BuildRequires: perl(Crypt::Curve25519) >= 0.05 -%endif BuildRequires: perl(Crypt::Digest::MD5) BuildRequires: perl(Crypt::Digest::SHA1) BuildRequires: perl(Crypt::Digest::SHA256) @@ -49,9 +34,7 @@ BuildRequires: perl(Crypt::Mac::HMAC) BuildRequires: perl(Crypt::Misc) BuildRequires: perl(Crypt::PK::DH) BuildRequires: perl(Crypt::PK::DSA) -%if ! %{hobbled_cryptx} BuildRequires: perl(Crypt::PK::ECC) -%endif BuildRequires: perl(Crypt::PK::RSA) BuildRequires: perl(Crypt::PRNG) BuildRequires: perl(CryptX) >= 0.032 @@ -88,7 +71,7 @@ BuildRequires: perl(Data::Dumper) BuildRequires: perl(lib) BuildRequires: perl(Test) BuildRequires: perl(Test::More) >= 0.61 -# Runtime +# Dependencies Requires: perl(Digest::BubbleBabble) Requires: perl(File::Basename) Requires: perl(File::Path) @@ -101,16 +84,6 @@ client. It is compatible with both the SSH-1 and SSH-2 protocols. %prep %setup -q -n Net-SSH-Perl-%{version} -# If we have a hobbled CryptX without ECC support, we have to remove some functionality -%if %{hobbled_cryptx} -rm lib/Net/SSH/Perl/Kex/C25519.pm -rm lib/Net/SSH/Perl/Key/ECDSA.pm -rm lib/Net/SSH/Perl/Key/ECDSA256.pm -rm lib/Net/SSH/Perl/Key/ECDSA384.pm -rm lib/Net/SSH/Perl/Key/ECDSA521.pm -%patch0 -%endif - %build # Protocol support (select one) # 1=SSH1 2=SSH2 3=Both @@ -133,6 +106,10 @@ make test %{_mandir}/man3/Net::SSH::Perl*.3* %changelog +* Fri May 5 2023 Paul Howarth - 2.14-20 +- Use SPDX-format license tag +- Drop support for using hobbled CryptX without ECC support + * Fri Jan 20 2023 Fedora Release Engineering - 2.14-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild