diff --git a/libssh2-1.4.3.tar.gz b/libssh2-1.4.3.tar.gz deleted file mode 100644 index b3afab6..0000000 --- a/libssh2-1.4.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:eac6f85f9df9db2e6386906a6227eb2cd7b3245739561cad7d6dc1d5d021b96d -size 685712 diff --git a/libssh2-1.5.0.tar.gz b/libssh2-1.5.0.tar.gz new file mode 100644 index 0000000..fdf4ce3 --- /dev/null +++ b/libssh2-1.5.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:83196badd6868f5b926bdac8017a6f90fb8a90b16652d3bf02df0330d573d0fc +size 728222 diff --git a/libssh2-1.5.0.tar.gz.asc b/libssh2-1.5.0.tar.gz.asc new file mode 100644 index 0000000..c94f17f --- /dev/null +++ b/libssh2-1.5.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlT/6goACgkQeOEcayedXJFzngCg6lH4Ehxz8mm1nSCHpF4yzR9R +U9gAn0U8W8+SxLcpikzoVjZx5U8OTm/J +=vtPT +-----END PGP SIGNATURE----- diff --git a/libssh2_org.changes b/libssh2_org.changes index 23ab7cb..b15aceb 100644 --- a/libssh2_org.changes +++ b/libssh2_org.changes @@ -1,3 +1,80 @@ +------------------------------------------------------------------- +Wed Mar 11 14:00:34 UTC 2015 - vcizek@suse.com + +- update to 1.5.0 + * fixes CVE-2015-1782 (bnc#921070) +- tarball verification + * added libssh2_org.keyring + * added libssh2-1.5.0.tar.gz.asc +Changes in 1.5.0: + Added Windows Cryptography API: Next Generation based backend +Bug fixes: + Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782 + missing _libssh2_error in _libssh2_channel_write + knownhost: Fix DSS keys being detected as unknown. + knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. + libssh2.h: on Windows, a socket is of type SOCKET, not int + libssh2_priv.h: a 1 bit bit-field should be unsigned + windows build: do not export externals from static library + Fixed two potential use-after-frees of the payload buffer + Fixed a few memory leaks in error paths + userauth: Fixed an attempt to free from stack on error + agent_list_identities: Fixed memory leak on OOM + knownhosts: Abort if the hosts buffer is too small + sftp_close_handle: ensure the handle is always closed + channel_close: Close the channel even in the case of errors + docs: added missing libssh2_session_handshake.3 file + docs: fixed a bunch of typos + userauth_password: pass on the underlying error code + _libssh2_channel_forward_cancel: accessed struct after free + _libssh2_packet_add: avoid using uninitialized memory + _libssh2_channel_forward_cancel: avoid memory leaks on error + _libssh2_channel_write: client spins on write when window full + windows build: fix build errors + publickey_packet_receive: avoid junk in returned pointers + channel_receive_window_adjust: store windows size always + userauth_hostbased_fromfile: zero assign to avoid uninitialized use + configure: change LIBS not LDFLAGS when checking for libs + agent_connect_unix: make sure there's a trailing zero + MinGW build: Fixed redefine warnings. + sftpdir.c: added authentication method detection. + Watcom build: added support for WinCNG build. + configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS + sftp_statvfs: fix for servers not supporting statfvs extension + knownhost.c: use LIBSSH2_FREE macro instead of free + Fixed compilation using mingw-w64 + knownhost.c: fixed that 'key_type_len' may be used uninitialized + configure: Display individual crypto backends on separate lines + examples on Windows: check for WSAStartup return code + examples on Windows: check for socket return code + agent.c: check return code of MapViewOfFile + kex.c: fix possible NULL pointer de-reference with session->kex + packet.c: fix possible NULL pointer de-reference within listen_state + tests on Windows: check for WSAStartup return code + userauth.c: improve readability and clarity of for-loops + examples on Windows: use native SOCKET-type instead of int + packet.c: i < 256 was always true and i would overflow to 0 + kex.c: make sure mlist is not set to NULL + session.c: check return value of session_nonblock in debug mode + session.c: check return value of session_nonblock during startup + userauth.c: make sure that sp_len is positive and avoid overflows + knownhost.c: fix use of uninitialized argument variable wrote + openssl: initialise the digest context before calling EVP_DigestInit() + libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET + configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib + configure.ac: Rework crypto library detection + configure.ac: Reorder --with-* options in --help output + configure.ac: Call zlib zlib and not libz in text but keep option names + Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro + sftp: seek: Don't flush buffers on same offset + sftp: statvfs: Along error path, reset the correct 'state' variable. + sftp: Add support for fsync (OpenSSH extension). + _libssh2_channel_read: fix data drop when out of window + comp_method_zlib_decomp: Improve buffer growing algorithm + _libssh2_channel_read: Honour window_size_initial + window_size: redid window handling for flow control reasons + knownhosts: handle unknown key types + ------------------------------------------------------------------- Mon Jun 24 12:58:02 UTC 2013 - mvyskocil@suse.com diff --git a/libssh2_org.keyring b/libssh2_org.keyring new file mode 100644 index 0000000..71ba182 --- /dev/null +++ b/libssh2_org.keyring @@ -0,0 +1,28 @@ +pub 1024D/279D5C91 2003-04-28 +uid Daniel Stenberg (Haxx) +sub 1024g/B70B3510 2003-04-28 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.19 (GNU/Linux) + +mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ +QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV +0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 +EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch +soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje +f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL +gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo +SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 +m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 +ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iFkEExECABkFAj6tnnoECwcD +AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAn1gK6Q0qUTHwYJBAhIDmrRi0 +ebfDAJ4qDSHd6UU2MEkkFCgGfYgEBXKbb7kBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb +XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz +7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM +wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ +dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT +rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t +FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 +OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfx +=yTQx +-----END PGP PUBLIC KEY BLOCK----- diff --git a/libssh2_org.spec b/libssh2_org.spec index 78a06db..80b17e7 100644 --- a/libssh2_org.spec +++ b/libssh2_org.spec @@ -1,7 +1,7 @@ # # spec file for package libssh2_org # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,12 +21,14 @@ License: BSD-3-Clause Group: Development/Libraries/C and C++ Name: libssh2_org -Version: 1.4.3 +Version: 1.5.0 Release: 0 Url: http://www.libssh2.org/ %define pkg_name libssh2 Source0: http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz +Source1: http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz.asc Source2: baselibs.conf +Source3: libssh2_org.keyring BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: zlib-devel