Accepting request 1085234 from devel:libraries:c_c++

- update to 0.10.5:
  * Fix CVE-2023-1667: a NULL dereference during rekeying with
    algorithm guessing
  * Fix CVE-2023-2283: a possible authorization bypass in
    pki_verify_data_signature under low-memory conditions.
  * Fix several memory leaks in GSSAPI handling code
  * Escape braces in ProxyCommand created from ProxyJump options
    for zsh compatibility.
  * Fix pkg-config path relocation for MinGW
  * Improve doxygen documentation
  * Fix build with cygwin due to the glob support
  * Do not enqueue outgoing packets after sending
    SSH2_MSG_NEWKEYS
  * Add support for SSH_SUPPRESS_DEPRECATED
  * Avoid functions declarations without prototype to build with
    clang 15
  * Fix spelling issues
  * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles
    repetitively
  * Add support sk-* keys through configuration
  * Improve checking for Argp library
  * Log information about received extensions
  * Correctly handle rekey with delayed compression
  * Move the EC keys handling to OpenSSL 3.0 API
  * Record peer disconnect message
  * Avoid deadlock when write buffering occurs and we call poll
    recursively to flush the output buffer
  * Disable preauthentication compression by default
  * Add accidentally removed default compile flags
  * Solve incorrect parsing of ProxyCommand option

OBS-URL: https://build.opensuse.org/request/show/1085234
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libssh?expand=0&rev=69

libssh-0.10.4.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:07392c54ab61476288d1c1f0a7c557b50211797ad00c34c3af2bbc4dbc4bd97d
-size 554920

libssh-0.10.4.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmMYnSEACgkQfuD8TcwB
-Tj2qGBAAn/40MU/7PcyCRK9U+MhLo28peRpTF+i1/k0V5czVLiFubeFofsa6sjy8
-C6VyQsz0NYiTf6wXLlq9jO1p31LWQ13Z3K0d7Lg2eyftsVrGM1Ue9dTLlJrZ570d
-JjcBR/J3dpO9w5fz4HawWE8GIBBstZQnZYdoT75+tIeSMJ/tnovKfE1RGYc4kRJs
-quC7tyej7Y+t86U8psFSy2iUCajS82b+ddZEhuxwamel+RBRJZsmi5B2OvhkEaOj
-mhJOIkx3UD9XAjxeooVcTlzAaJ5JFZ7Im97o+DRbQYvJYe4ZqDo17lrzBh6wruLC
-vBo+/lwh9FbCqxbDpFfqwpf8qYsWu3m0Qlu5f+BZ/9WvjFCVoRmScNHJo42tu18r
-xcX2Txis8oWysgqhvIgTFRnLq010ErL8iE9WeZwrNJgcTnf+AQLolKQiVAHumMvk
-Djv0No+ZTBG03Hsb0tbvA8kVtxI0ZZtzPcRkRqmUwiLCtcO9oo1hInhu+D1sPZwI
-Q1xK6hI6LKsF80yPKGexZxlgV/vZYhIKtD0SIoZCpx7MSBxXqHYZARtTFUAXBSqF
-tIn800/pPhGuY1/x3ho4BeWCGj1eWG5zy7dr0q/d/OiqBj3OiUfxtTl4drqrYhca
-goNhzNTs0Ps+iYbVQlk4nEAjg54M8ru1jfcuNRgrhTqCI8yiESk=
-=AG91
------END PGP SIGNATURE-----

libssh-0.10.5.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b60e2ff7f367b9eee2b5634d3a63303ddfede0e6a18dfca88c44a8770e7e4234
+size 557776

libssh-0.10.5.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAmRTm30ACgkQfuD8TcwB
+Tj0TBQ/+MS5qNXgV8I/3s0k6jpzTsEMdozOZ7RYiJg9i9UzCGsIuJ0aiMl+G1aFH
+UJOkLlHgGXTSCeZk4aoSTky2jEOezcFgsi0v9j8nmxRTjlDDAY0KxOoA//wc5nQ0
+fgQKUbX0SrtIbe9qpffoGBjaEap2ICAiM7a5PJ+Js0RQ944TqmkWmhGP/2XhxsF9
+0TJ6e4ilSg/mTBV5GemLTRSc+MgFoh5jJiV1+zmkOw5bBvPx7/KgsdmhoZ63prFI
+8LvfChEEx50lyTXC8eLW4uSvO5tMHyAwDNBJcKOccp5yqEr147S1pZL8iNS0C2EF
+/vG7zRDa3dv81xJjuPVdO40/GE77omp1IWC3i4ZskaAocGOmHo7KSwJ/7MjtAuJT
+QgqeTPHjENRYbB6FvyesHpWzesORFIxQtCMxugVpEPcc3WLIRNLvJGa7rofAGJJf
+u5uLyzmBuyAWm5gpPMyLRy2ysAgBi7NVusnAuR4v28r8YYpGrwTG+epJ1fV6MKWV
+tlV8aCY51H7WVmDNJlwyJOwEZWzRdi9n3e22hEm79+cj3WKY3uwYwJI4s0CgcsUw
+OzEZt97Yy+pSvdOokgNHRz0tGoDXZw55PF4+mcyvXSQfZJ2QCL7q7dJ/7DmibGgY
+LtsN5bSfzXgEBqpty/sD5HSSt1/fNICJjfuiTKtjKXMD45wBUkE=
+=IAN/
+-----END PGP SIGNATURE-----

libssh.changes

@@ -1,3 +1,37 @@
+-------------------------------------------------------------------
+Sat May  6 01:05:17 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 0.10.5:
+  * Fix CVE-2023-1667: a NULL dereference during rekeying with
+    algorithm guessing
+  * Fix CVE-2023-2283: a possible authorization bypass in
+    pki_verify_data_signature under low-memory conditions.
+  * Fix several memory leaks in GSSAPI handling code
+  * Escape braces in ProxyCommand created from ProxyJump options
+    for zsh compatibility.
+  * Fix pkg-config path relocation for MinGW
+  * Improve doxygen documentation
+  * Fix build with cygwin due to the glob support
+  * Do not enqueue outgoing packets after sending
+    SSH2_MSG_NEWKEYS
+  * Add support for SSH_SUPPRESS_DEPRECATED
+  * Avoid functions declarations without prototype to build with
+    clang 15
+  * Fix spelling issues
+  * Avoid expanding KnownHosts, ProxyCommands and IdentityFiles
+    repetitively
+  * Add support sk-* keys through configuration
+  * Improve checking for Argp library
+  * Log information about received extensions
+  * Correctly handle rekey with delayed compression
+  * Move the EC keys handling to OpenSSL 3.0 API
+  * Record peer disconnect message
+  * Avoid deadlock when write buffering occurs and we call poll
+    recursively to flush the output buffer
+  * Disable preauthentication compression by default
+  * Add accidentally removed default compile flags
+  * Solve incorrect parsing of ProxyCommand option
+
 -------------------------------------------------------------------
 Wed Sep  7 13:32:34 UTC 2022 - Andreas Schneider <asn@cryptomilk.org>
 

libssh.spec

@@ -1,7 +1,7 @@
 #
 # spec file
 #
-# Copyright (c) 2022 SUSE LLC
+# Copyright (c) 2023 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -30,14 +30,14 @@
 %bcond_with test
 %endif
 Name:           libssh%{pkg_suffix}
-Version:        0.10.4
+Version:        0.10.5
 Release:        0
 Summary:        The SSH library
 License:        LGPL-2.1-or-later
 Group:          Development/Libraries/C and C++
 URL:            https://www.libssh.org
-Source0:        https://www.libssh.org/files/0.9/libssh-%{version}.tar.xz
-Source1:        https://www.libssh.org/files/0.9/libssh-%{version}.tar.xz.asc
+Source0:        https://www.libssh.org/files/0.10/libssh-%{version}.tar.xz
+Source1:        https://www.libssh.org/files/0.10/libssh-%{version}.tar.xz.asc
 Source2:        https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/libssh.keyring
 Source3:        libssh_client.config
 Source4:        libssh_server.config