From b085ed69138657313556cd59ccae182948243952c9c9d8f2abdd86083c25b84e Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Mon, 23 Dec 2019 21:35:26 +0000 Subject: [PATCH] Updating link to change in openSUSE:Factory/libssh revision 60.0 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh?expand=0&rev=5614eaf13872ea660f4048805f2d9a8f --- libssh-0.9.2.tar.xz | 3 --- libssh-0.9.2.tar.xz.asc | 16 ---------------- libssh-0.9.3.tar.xz | 3 +++ libssh-0.9.3.tar.xz.asc | 16 ++++++++++++++++ libssh.changes | 24 ++++++++++++++++++++++++ libssh.spec | 10 +++++----- 6 files changed, 48 insertions(+), 24 deletions(-) delete mode 100644 libssh-0.9.2.tar.xz delete mode 100644 libssh-0.9.2.tar.xz.asc create mode 100644 libssh-0.9.3.tar.xz create mode 100644 libssh-0.9.3.tar.xz.asc diff --git a/libssh-0.9.2.tar.xz b/libssh-0.9.2.tar.xz deleted file mode 100644 index adadf7a..0000000 --- a/libssh-0.9.2.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1970a8991374fc8cbdcb7fcc3683fe8f8824aa37d575f38cfb75fe0fe50fd9ad -size 495876 diff --git a/libssh-0.9.2.tar.xz.asc b/libssh-0.9.2.tar.xz.asc deleted file mode 100644 index 935bf24..0000000 --- a/libssh-0.9.2.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl3ENpkACgkQfuD8TcwB -Tj1B1xAAuTtjxU3KHCQoSOpPUlLawwEfI/yk+nIGOAQtnsuP19rmWCSH9/VNnNy0 -OXnMMkf8EZIFT8Fy9q7TZPDNvQRIfxKzddTy8KXUV7FOQy/NwS1oy3JbztbqAmnX -S4McCOHi6MePEya2pcnK6JcZyxD220kgPyCh/e21/XteKq8K+3f53+Tior0rkWDG -XF2MBf2PPj77O3qJu436VOCJ8SODsGLajJc1ixLAogoGyxM0nGTE58JbUqqgWN0K -AURDWxw7MUH7pIJIA1ujR/r6TmATxiyVyxxSeKhUODJJ3+kRUZeIYo6KbWFQLZHN -gzkV/PqcOafwWPE7MTWc3KMb1R+CROfNRGpEUVAE4GUQWMSuXJ16b/WUDtI415Px -ZrZc0AGK6Xg+dUPws+NfTs32PUpsR6a9+G1p++6eRFXjlmhO61zbuoHMxw27Wxby -q+rXnELPv6lqX0B+P/CImDirzOBKKzalKZL3/H+RbX/Dxlj7MOEJJ3szL4wAkYpS -4K0b6YIzJZs4CDm0Yhq3zeQvg90AXs293e+xV00jF63f98SkWi2AGK2C8WUJ/RLU -S/A6M+rBTpb+vqtZ7TPHa7tIMFhNTitRHkKB94HcsStAe/dtT7DRoYLU68g6bO94 -vfJXZTKovyo1FcM1m6bqtQvJEZZ94dUIJxhH57YNHWGTjB7O0B4= -=iBU5 ------END PGP SIGNATURE----- diff --git a/libssh-0.9.3.tar.xz b/libssh-0.9.3.tar.xz new file mode 100644 index 0000000..596cd7a --- /dev/null +++ b/libssh-0.9.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2c8b5f894dced58b3d629f16f3afa6562c20b4bdc894639163cf657833688f0c +size 500068 diff --git a/libssh-0.9.3.tar.xz.asc b/libssh-0.9.3.tar.xz.asc new file mode 100644 index 0000000..869ffed --- /dev/null +++ b/libssh-0.9.3.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl3vjVUACgkQfuD8TcwB +Tj3ySQ/+LBAr6/YNcOiVb+do+3+AXIIdX4Nsto3QRE0kETbDVhA0WPLu2gmyT2JQ +B2DfMTYD8tCCNxWOFRlK4uJ+OHEYWy5/5ctvvPQ6ED1YZDBLFtiF7E61g84NZLrQ +5LxD3Af1d+5uuDPU2yLEZ5SR43dM/vpZJ0IGasFHrhLqHAang2pFxix9hjujpgkH +bAWOu3fu3pBIPK3MweW+gn9hqYeNSYlANBBnknQi53oFGmHWmvHS3CDsrxsSAu3N +4zU6ROm9WVX3SfVVe+1/2u5+KJTAyc/+j05FUY7zRl1u0Bfdl5Z/ueOQaGEtMwBl +dL8r+jd91ebdou0yR58/SURkgTK4ev8H2zrcVw9fihFXz/YdTiEXDj03zoDrci/d +hnmVixKBrMt5dTHZ4qIGokQ4TdLSKQSs9YaRHqcUtiGwpv5phBUoDuV3fmL9qf2J +siHd5d95ZXQesKWiGqSjpiGTdxvR4t1pehhlO6l/MvuRJABONXwrvJsFhypqvRKG +IUt0jTwCQxg+cqOiO9ntWOO3ttY1BusSUa6WQVsC0rIvKolENSGLjUp9gCJ7VR+N +BXgkyNEPHcx/HR6hW/nVdwj2H7b/lDxUetKGKI7mwmQ74MeFKk2idH7tSvHtnVLY +X2p8AUgk87GaFfIkEtlQS0gfECDTrXInMtspba6oFpZ0+Wk9y6g= +=31Yq +-----END PGP SIGNATURE----- diff --git a/libssh.changes b/libssh.changes index c581483..2e8f133 100644 --- a/libssh.changes +++ b/libssh.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Tue Dec 10 19:08:47 UTC 2019 - Andreas Schneider + +- Update to version 0.9.3 + * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution + * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state + * SSH-01-006 General: Various unchecked Null-derefs cause DOS + * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys + * SSH-01-010 SSH: Deprecated hash function in fingerprinting + * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS + * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access + * SSH-01-001 State Machine: Initial machine states should be set explicitly + * SSH-01-002 Kex: Differently bound macros used to iterate same array + * SSH-01-005 Code-Quality: Integer sign confusion during assignments + * SSH-01-008 SCP: Protocol Injection via unescaped File Names + * SSH-01-009 SSH: Update documentation which RFCs are implemented + * SSH-01-012 PKI: Information leak via uninitialized stack buffer + +------------------------------------------------------------------- +Mon Dec 9 09:25:43 UTC 2019 - Dominique Leuenberger + +- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved + for internal use. + ------------------------------------------------------------------- Thu Nov 7 15:47:45 UTC 2019 - Andreas Schneider diff --git a/libssh.spec b/libssh.spec index 19b51be..34b40ae 100644 --- a/libssh.spec +++ b/libssh.spec @@ -1,7 +1,7 @@ # # spec file for package libssh # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %global flavor @BUILD_FLAVOR@%{nil} %if "%{flavor}" == "test" -%define suffix -test +%define pkg_suffix -test %ifarch s390 s390x ppc64le %define slow_test_system "ON" %else @@ -26,11 +26,11 @@ %endif %bcond_without test %else -%define suffix %{nil} +%define pkg_suffix %{nil} %bcond_with test %endif -Name: libssh%{suffix} -Version: 0.9.2 +Name: libssh%{pkg_suffix} +Version: 0.9.3 Release: 0 Summary: The SSH library License: LGPL-2.1-or-later