Accepting request 686382 from devel:libraries:c_c++

OBS-URL: https://build.opensuse.org/request/show/686382 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libssh2_org?expand=0&rev=37
2019-03-24 13:55:54 +00:00 · 2019-03-24 13:55:54 +00:00 · e653c808f8
commit e653c808f8
parent 97a9d137a9 95d1d4c548
6 changed files with 43 additions and 19 deletions
--- a/libssh2-1.8.0.tar.gz
+++ b/libssh2-1.8.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:39f34e2f6835f4b992cafe8625073a88e5a28ba78f83e8099610a7b3af4676d4
-size 854916
--- a/libssh2-1.8.0.tar.gz.asc
+++ b/libssh2-1.8.0.tar.gz.asc
@ -1,10 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQEcBAABCgAGBQJYDv9nAAoJEFzJCP23HhLCab4H/jwSaGTn1DWk8iaHk9P9Zcfe
-65UKldQmI2uxd+ZNVl/DOvYU6nEa/0RRQmZ6ljM48gAit1HHOIRGQt6hvmlOSw2n
-M00SDWDthftqn0OELD7jyTEEa0qzEgKqcrpGWQqgUvgfMHhuLkBpTCK4eAWLZlSe
-nEeV4THdP9nh7AaAz05Ld6rS/B3hT+1TLZmGzxaEYUYRT9YqtCcmZbOf/YMzfojl
-tG/5FAP8vMOPw4EzCk+5NLU1pow5Zhu5gOdUdhCaA+5j4LKRCUzMT2g5oESSQ5rg
-KIMGM2EFuZ3vCqXcP/1cKPWfpNl2aABwP6zqt2+cAnG0rgYqVd6gPQtbRp99yFI=
-=yFIi
-----END PGP SIGNATURE-----
--- a/libssh2-1.8.1.tar.gz
+++ b/libssh2-1.8.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:40b517f35b1bb869d0075b15125c7a015557f53a5a3a6a8bffb89b69fd70f159
+size 858088
--- a/libssh2-1.8.1.tar.gz.asc
+++ b/libssh2-1.8.1.tar.gz.asc
@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAABCgAdFiEEJ+3q8i86vOtQ25oSXMkI/bceEsIFAlyQDgsACgkQXMkI/bce
+EsLk4Af/QfYLkUS4CdH63bsuB6kI1k9UPL36MrIWs/8s/8l0kLZV3sXZezio1ec3
+YjYB+xCpQ8+OTgoCCQ5pmPZRhwjgUGQDVixzM04Nc27nCQQdF2G7bM/9yegIrJQU
+fqEmv5Go8H8DssqepMp4uKjAp6qBeAW+lwQ9fwb0H8aa+wR2NNld2UMHqvX45/mM
+OaHNDrq3VmTf0Tc3/zcQzp7NAu9+p1WbAi4oSh0IgoioTchxDrgrUFPDwPdPw4ih
+iKFqGknDvvOYne5UXHvAGOYa8PY2fQmP/NHAajvC6einG9BayQwWr/f8rnPWS5BU
+4/w79LbCFT2QCoJwIkydk5aiiVOF2g==
+=Wstr
+-----END PGP SIGNATURE-----
--- a/libssh2_org.changes
+++ b/libssh2_org.changes
@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Tue Mar 19 09:30:12 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
+
+- Version update to 1.8.1:
+  Bug Fixes:
+   * [bsc#1128471, CVE-2019-3855] Integer overflow when reading a specially
+     crafted packet
+   * [bsc#1128493, CVE-2019-3863] Integer overflow in userauth_keyboard_interactive
+     with a number of extremely long prompt strings
+   * [bsc#1128472, CVE-2019-3856] Integer overflow if the server sent an extremely
+     large number of keyboard prompts
+   * [bsc#1128490, CVE-2019-3861] Out of bounds read when processing a specially
+     crafted packet
+   * [bsc#1128474, CVE-2019-3857] Integer overflow when receiving a specially
+     crafted exit signal message channel packet
+   * [bsc#1128492, CVE-2019-3862] Out of bounds read when receiving a specially
+     crafted exit status message channel packet
+   * [bsc#1128476, CVE-2019-3858] Zero byte allocation when reading a specially
+     crafted SFTP packet
+   * [bsc#1128481, CVE-2019-3860] Out of bounds reads when processing specially
+     crafted SFTP packets
+   * [bsc#1128480, CVE-2019-3859] Out of bounds reads in _libssh2_packet_require(v) 
+
 -------------------------------------------------------------------
 Tue Jan 16 18:51:36 UTC 2018 - dimstar@opensuse.org

--- a/libssh2_org.spec
+++ b/libssh2_org.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libssh2_org
 #
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -12,20 +12,20 @@
 # license that conforms to the Open Source Definition (Version 1.9)
 # published by the Open Source Initiative.

-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
 #


 %define pkg_name libssh2
 Name:           libssh2_org
-Version:        1.8.0
+Version:        1.8.1
 Release:        0
 Summary:        A library implementing the SSH2 protocol
 License:        BSD-3-Clause
 Group:          Development/Libraries/C and C++
-Url:            http://www.libssh2.org/
-Source0:        http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz
-Source1:        http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz.asc
+Url:            https://www.libssh2.org/
+Source0:        https://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz
+Source1:        https://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz.asc
 Source2:        baselibs.conf
 Source3:        libssh2_org.keyring
 Patch0:         libssh2-ocloexec.patch