From Fedora Project Wiki
No edit summary
 
(5 intermediate revisions by 2 users not shown)
Line 8: Line 8:
* Name: [[User:kdudka| Kamil Dudka]]
* Name: [[User:kdudka| Kamil Dudka]]
* Email: kdudka@redhat.com
* Email: kdudka@redhat.com
* Release notes owner: N/A
* Release notes ticket: [https://pagure.io/fedora-docs/release-notes/issue/112 #112]
* FESCo shepherd: N/A
* FESCo shepherd: N/A
* Product: Fedora
* Product: Fedora
Line 24: Line 24:
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
CLOSED as NEXTRELEASE -> change is completed and verified and will be delivered in next release under development
-->
-->
* Tracker bug: <will be assigned by the Wrangler>
* Tracker bug: [https://bugzilla.redhat.com/show_bug.cgi?id=1531483 #1531483]


== Detailed Description ==
== Detailed Description ==
Line 37: Line 37:
* Proposal owners: kdudka (will switch the SSH library in the curl package once it is supported upstream)
* Proposal owners: kdudka (will switch the SSH library in the curl package once it is supported upstream)
* Other developers: nmav (currently working on the related pull-request with curl upstream)
* Other developers: nmav (currently working on the related pull-request with curl upstream)
* Release engineering: No action from release engineering is needed for this change (libcurl ABI is kept).
* Release engineering: No action from release engineering is needed for this change (libcurl ABI is kept), releng review requested at https://pagure.io/releng/issue/7193
* Policies and guidelines: unaffected
* Policies and guidelines: unaffected
* Trademark approval: not needed
* Trademark approval: not needed
Line 66: Line 66:
We can mention the new features (stronger crypto, GSS-API auth) in case they work as expected.
We can mention the new features (stronger crypto, GSS-API auth) in case they work as expected.


[[Category:ChangeReadyForWrangler]]
[[Category:ChangeAcceptedF28]]
[[Category:SystemWideChange]]
[[Category:SystemWideChange]]

Latest revision as of 15:07, 2 March 2018

Switch libcurl to use libssh instead of libssh2

Summary

libcurl currently uses libssh2 to implement the SSH layer of SCP and SFTP protocols. After implementing this change, libcurl will use the libssh library instead.


Owner

  • Name: Kamil Dudka
  • Email: kdudka@redhat.com
  • Release notes ticket: #112
  • FESCo shepherd: N/A
  • Product: Fedora
  • Responsible WG: kdudka

Current status

  • Targeted release: Fedora 28
  • Last updated: 2018-03-02
  • Tracker bug: #1531483

Detailed Description

libcurl currently uses libssh2 to implement the SSH layer of SCP and SFTP protocols. The libssh2 library uses outdated crypto algorithms and lacks important features like GSS-API authentication. After implementing this change, libcurl will use the libssh library instead, which is now more secure, feature-complete, and with more active upstream community.

Benefit to Fedora

  • More secure and feature-complete implementation of SCP and SFTP in (lib)curl.
  • Fewer system-critical crypto libraries to maintain.

Scope

  • Proposal owners: kdudka (will switch the SSH library in the curl package once it is supported upstream)
  • Other developers: nmav (currently working on the related pull-request with curl upstream)
  • Release engineering: No action from release engineering is needed for this change (libcurl ABI is kept), releng review requested at https://pagure.io/releng/issue/7193
  • Policies and guidelines: unaffected
  • Trademark approval: not needed

Upgrade/compatibility impact

  • This change will mainly affect applications and libraries which use implementation of the SCP or SFTP protocols in (lib)curl.

How To Test

All direct and indirect dependencies of libcurl should be tested.

User Experience

Unless the change reveals bugs elsewhere, users will not know about it.

Dependencies

anaconda, dracut, etc.

Contingency Plan

  • Contingency mechanism: switch libcurl back to libssh2
  • Contingency deadline: Fedora 28 Beta freeze
  • Blocks release? No.
  • Blocks product? No.

Documentation

Needless to document.

Release Notes

We can mention the new features (stronger crypto, GSS-API auth) in case they work as expected.