diff --git a/libssh2-1.8.0.tar.gz b/libssh2-1.8.0.tar.gz deleted file mode 100644 index 731d860..0000000 --- a/libssh2-1.8.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:39f34e2f6835f4b992cafe8625073a88e5a28ba78f83e8099610a7b3af4676d4 -size 854916 diff --git a/libssh2-1.8.0.tar.gz.asc b/libssh2-1.8.0.tar.gz.asc deleted file mode 100644 index 1f51fa9..0000000 --- a/libssh2-1.8.0.tar.gz.asc +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQEcBAABCgAGBQJYDv9nAAoJEFzJCP23HhLCab4H/jwSaGTn1DWk8iaHk9P9Zcfe -65UKldQmI2uxd+ZNVl/DOvYU6nEa/0RRQmZ6ljM48gAit1HHOIRGQt6hvmlOSw2n -M00SDWDthftqn0OELD7jyTEEa0qzEgKqcrpGWQqgUvgfMHhuLkBpTCK4eAWLZlSe -nEeV4THdP9nh7AaAz05Ld6rS/B3hT+1TLZmGzxaEYUYRT9YqtCcmZbOf/YMzfojl -tG/5FAP8vMOPw4EzCk+5NLU1pow5Zhu5gOdUdhCaA+5j4LKRCUzMT2g5oESSQ5rg -KIMGM2EFuZ3vCqXcP/1cKPWfpNl2aABwP6zqt2+cAnG0rgYqVd6gPQtbRp99yFI= -=yFIi ------END PGP SIGNATURE----- diff --git a/libssh2-1.8.1.tar.gz b/libssh2-1.8.1.tar.gz new file mode 100644 index 0000000..da6ec8f --- /dev/null +++ b/libssh2-1.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:40b517f35b1bb869d0075b15125c7a015557f53a5a3a6a8bffb89b69fd70f159 +size 858088 diff --git a/libssh2-1.8.1.tar.gz.asc b/libssh2-1.8.1.tar.gz.asc new file mode 100644 index 0000000..459112a --- /dev/null +++ b/libssh2-1.8.1.tar.gz.asc @@ -0,0 +1,11 @@ +-----BEGIN PGP SIGNATURE----- + +iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlyQDgsACgkQXMkI/bce +EsLk4Af/QfYLkUS4CdH63bsuB6kI1k9UPL36MrIWs/8s/8l0kLZV3sXZezio1ec3 +YjYB+xCpQ8+OTgoCCQ5pmPZRhwjgUGQDVixzM04Nc27nCQQdF2G7bM/9yegIrJQU +fqEmv5Go8H8DssqepMp4uKjAp6qBeAW+lwQ9fwb0H8aa+wR2NNld2UMHqvX45/mM +OaHNDrq3VmTf0Tc3/zcQzp7NAu9+p1WbAi4oSh0IgoioTchxDrgrUFPDwPdPw4ih +iKFqGknDvvOYne5UXHvAGOYa8PY2fQmP/NHAajvC6einG9BayQwWr/f8rnPWS5BU +4/w79LbCFT2QCoJwIkydk5aiiVOF2g== +=Wstr +-----END PGP SIGNATURE----- diff --git a/libssh2_org.changes b/libssh2_org.changes index d658b3a..6093058 100644 --- a/libssh2_org.changes +++ b/libssh2_org.changes @@ -1,3 +1,26 @@ +------------------------------------------------------------------- +Tue Mar 19 09:30:12 UTC 2019 - Pedro Monreal Gonzalez + +- Version update to 1.8.1: + Bug Fixes: + * [bsc#1128471, CVE-2019-3855] Integer overflow when reading a specially + crafted packet + * [bsc#1128493, CVE-2019-3863] Integer overflow in userauth_keyboard_interactive + with a number of extremely long prompt strings + * [bsc#1128472, CVE-2019-3856] Integer overflow if the server sent an extremely + large number of keyboard prompts + * [bsc#1128490, CVE-2019-3861] Out of bounds read when processing a specially + crafted packet + * [bsc#1128474, CVE-2019-3857] Integer overflow when receiving a specially + crafted exit signal message channel packet + * [bsc#1128492, CVE-2019-3862] Out of bounds read when receiving a specially + crafted exit status message channel packet + * [bsc#1128476, CVE-2019-3858] Zero byte allocation when reading a specially + crafted SFTP packet + * [bsc#1128481, CVE-2019-3860] Out of bounds reads when processing specially + crafted SFTP packets + * [bsc#1128480, CVE-2019-3859] Out of bounds reads in _libssh2_packet_require(v) + ------------------------------------------------------------------- Tue Jan 16 18:51:36 UTC 2018 - dimstar@opensuse.org diff --git a/libssh2_org.spec b/libssh2_org.spec index e1ebfd5..31f1beb 100644 --- a/libssh2_org.spec +++ b/libssh2_org.spec @@ -1,7 +1,7 @@ # # spec file for package libssh2_org # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,20 +12,20 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # %define pkg_name libssh2 Name: libssh2_org -Version: 1.8.0 +Version: 1.8.1 Release: 0 Summary: A library implementing the SSH2 protocol License: BSD-3-Clause Group: Development/Libraries/C and C++ -Url: http://www.libssh2.org/ -Source0: http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz -Source1: http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz.asc +Url: https://www.libssh2.org/ +Source0: https://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz +Source1: https://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz.asc Source2: baselibs.conf Source3: libssh2_org.keyring Patch0: libssh2-ocloexec.patch