Accepting request 755661 from devel:libraries:c_c++

- Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer - Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved for internal use. OBS-URL: https://build.opensuse.org/request/show/755661 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libssh?expand=0&rev=60
2019-12-23 21:35:26 +00:00 · 2019-12-23 21:35:26 +00:00 · 6989c920f0
commit 6989c920f0
parent fe6d4a935d b085ed6913
6 changed files with 48 additions and 24 deletions
--- a/libssh-0.9.2.tar.xz
+++ b/libssh-0.9.2.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:1970a8991374fc8cbdcb7fcc3683fe8f8824aa37d575f38cfb75fe0fe50fd9ad
-size 495876
--- a/libssh-0.9.2.tar.xz.asc
+++ b/libssh-0.9.2.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl3ENpkACgkQfuD8TcwB
-Tj1B1xAAuTtjxU3KHCQoSOpPUlLawwEfI/yk+nIGOAQtnsuP19rmWCSH9/VNnNy0
-OXnMMkf8EZIFT8Fy9q7TZPDNvQRIfxKzddTy8KXUV7FOQy/NwS1oy3JbztbqAmnX
-S4McCOHi6MePEya2pcnK6JcZyxD220kgPyCh/e21/XteKq8K+3f53+Tior0rkWDG
-XF2MBf2PPj77O3qJu436VOCJ8SODsGLajJc1ixLAogoGyxM0nGTE58JbUqqgWN0K
-AURDWxw7MUH7pIJIA1ujR/r6TmATxiyVyxxSeKhUODJJ3+kRUZeIYo6KbWFQLZHN
-gzkV/PqcOafwWPE7MTWc3KMb1R+CROfNRGpEUVAE4GUQWMSuXJ16b/WUDtI415Px
-ZrZc0AGK6Xg+dUPws+NfTs32PUpsR6a9+G1p++6eRFXjlmhO61zbuoHMxw27Wxby
-q+rXnELPv6lqX0B+P/CImDirzOBKKzalKZL3/H+RbX/Dxlj7MOEJJ3szL4wAkYpS
-4K0b6YIzJZs4CDm0Yhq3zeQvg90AXs293e+xV00jF63f98SkWi2AGK2C8WUJ/RLU
-S/A6M+rBTpb+vqtZ7TPHa7tIMFhNTitRHkKB94HcsStAe/dtT7DRoYLU68g6bO94
-vfJXZTKovyo1FcM1m6bqtQvJEZZ94dUIJxhH57YNHWGTjB7O0B4=
-=iBU5
-----END PGP SIGNATURE-----
--- a/libssh-0.9.3.tar.xz
+++ b/libssh-0.9.3.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2c8b5f894dced58b3d629f16f3afa6562c20b4bdc894639163cf657833688f0c
+size 500068
--- a/libssh-0.9.3.tar.xz.asc
+++ b/libssh-0.9.3.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAl3vjVUACgkQfuD8TcwB
+Tj3ySQ/+LBAr6/YNcOiVb+do+3+AXIIdX4Nsto3QRE0kETbDVhA0WPLu2gmyT2JQ
+B2DfMTYD8tCCNxWOFRlK4uJ+OHEYWy5/5ctvvPQ6ED1YZDBLFtiF7E61g84NZLrQ
+5LxD3Af1d+5uuDPU2yLEZ5SR43dM/vpZJ0IGasFHrhLqHAang2pFxix9hjujpgkH
+bAWOu3fu3pBIPK3MweW+gn9hqYeNSYlANBBnknQi53oFGmHWmvHS3CDsrxsSAu3N
+4zU6ROm9WVX3SfVVe+1/2u5+KJTAyc/+j05FUY7zRl1u0Bfdl5Z/ueOQaGEtMwBl
+dL8r+jd91ebdou0yR58/SURkgTK4ev8H2zrcVw9fihFXz/YdTiEXDj03zoDrci/d
+hnmVixKBrMt5dTHZ4qIGokQ4TdLSKQSs9YaRHqcUtiGwpv5phBUoDuV3fmL9qf2J
+siHd5d95ZXQesKWiGqSjpiGTdxvR4t1pehhlO6l/MvuRJABONXwrvJsFhypqvRKG
+IUt0jTwCQxg+cqOiO9ntWOO3ttY1BusSUa6WQVsC0rIvKolENSGLjUp9gCJ7VR+N
+BXgkyNEPHcx/HR6hW/nVdwj2H7b/lDxUetKGKI7mwmQ74MeFKk2idH7tSvHtnVLY
+X2p8AUgk87GaFfIkEtlQS0gfECDTrXInMtspba6oFpZ0+Wk9y6g=
+=31Yq
+-----END PGP SIGNATURE-----
--- a/libssh.changes
+++ b/libssh.changes
@ -1,3 +1,27 @@
+-------------------------------------------------------------------
+Tue Dec 10 19:08:47 UTC 2019 - Andreas Schneider <asn@cryptomilk.org>
+
+- Update to version 0.9.3
+  * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution
+  * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state
+  * SSH-01-006 General: Various unchecked Null-derefs cause DOS
+  * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys
+  * SSH-01-010 SSH: Deprecated hash function in fingerprinting
+  * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS
+  * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access
+  * SSH-01-001 State Machine: Initial machine states should be set explicitly
+  * SSH-01-002 Kex: Differently bound macros used to iterate same array
+  * SSH-01-005 Code-Quality: Integer sign confusion during assignments
+  * SSH-01-008 SCP: Protocol Injection via unescaped File Names
+  * SSH-01-009 SSH: Update documentation which RFCs are implemented
+  * SSH-01-012 PKI: Information leak via uninitialized stack buffer
+
+-------------------------------------------------------------------
+Mon Dec  9 09:25:43 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved
+  for internal use.
+
 -------------------------------------------------------------------
 Thu Nov  7 15:47:45 UTC 2019 - Andreas Schneider <asn@cryptomilk.org>

--- a/libssh.spec
+++ b/libssh.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libssh
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %global flavor @BUILD_FLAVOR@%{nil}
 %if "%{flavor}" == "test"
-%define suffix -test
+%define pkg_suffix -test
 %ifarch s390 s390x ppc64le
  %define slow_test_system "ON"
 %else
@ -26,11 +26,11 @@
 %endif
 %bcond_without test
 %else
-%define suffix %{nil}
+%define pkg_suffix %{nil}
 %bcond_with test
 %endif
-Name:           libssh%{suffix}
-Version:        0.9.2
+Name:           libssh%{pkg_suffix}
+Version:        0.9.3
 Release:        0
 Summary:        The SSH library
 License:        LGPL-2.1-or-later