Hello community, here is the log from the commit of package libssh2_org for openSUSE:Factory checked in at 2015-03-16 09:38:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libssh2_org (Old) and /work/SRC/openSUSE:Factory/.libssh2_org.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh2_org" Changes: -------- --- /work/SRC/openSUSE:Factory/libssh2_org/libssh2_org.changes 2013-06-26 13:57:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libssh2_org.new/libssh2_org.changes 2015-03-16 09:38:08.000000000 +0100 @@ -1,0 +2,77 @@ +Wed Mar 11 14:00:34 UTC 2015 - [email protected] + +- update to 1.5.0 + * fixes CVE-2015-1782 (bnc#921070) +- tarball verification + * added libssh2_org.keyring + * added libssh2-1.5.0.tar.gz.asc +Changes in 1.5.0: + Added Windows Cryptography API: Next Generation based backend +Bug fixes: + Security Advisory: Using `SSH_MSG_KEXINIT` data unbounded, CVE-2015-1782 + missing _libssh2_error in _libssh2_channel_write + knownhost: Fix DSS keys being detected as unknown. + knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer. + libssh2.h: on Windows, a socket is of type SOCKET, not int + libssh2_priv.h: a 1 bit bit-field should be unsigned + windows build: do not export externals from static library + Fixed two potential use-after-frees of the payload buffer + Fixed a few memory leaks in error paths + userauth: Fixed an attempt to free from stack on error + agent_list_identities: Fixed memory leak on OOM + knownhosts: Abort if the hosts buffer is too small + sftp_close_handle: ensure the handle is always closed + channel_close: Close the channel even in the case of errors + docs: added missing libssh2_session_handshake.3 file + docs: fixed a bunch of typos + userauth_password: pass on the underlying error code + _libssh2_channel_forward_cancel: accessed struct after free + _libssh2_packet_add: avoid using uninitialized memory + _libssh2_channel_forward_cancel: avoid memory leaks on error + _libssh2_channel_write: client spins on write when window full + windows build: fix build errors + publickey_packet_receive: avoid junk in returned pointers + channel_receive_window_adjust: store windows size always + userauth_hostbased_fromfile: zero assign to avoid uninitialized use + configure: change LIBS not LDFLAGS when checking for libs + agent_connect_unix: make sure there's a trailing zero + MinGW build: Fixed redefine warnings. + sftpdir.c: added authentication method detection. + Watcom build: added support for WinCNG build. + configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS + sftp_statvfs: fix for servers not supporting statfvs extension + knownhost.c: use LIBSSH2_FREE macro instead of free + Fixed compilation using mingw-w64 + knownhost.c: fixed that 'key_type_len' may be used uninitialized + configure: Display individual crypto backends on separate lines + examples on Windows: check for WSAStartup return code + examples on Windows: check for socket return code + agent.c: check return code of MapViewOfFile + kex.c: fix possible NULL pointer de-reference with session->kex + packet.c: fix possible NULL pointer de-reference within listen_state + tests on Windows: check for WSAStartup return code + userauth.c: improve readability and clarity of for-loops + examples on Windows: use native SOCKET-type instead of int + packet.c: i < 256 was always true and i would overflow to 0 + kex.c: make sure mlist is not set to NULL + session.c: check return value of session_nonblock in debug mode + session.c: check return value of session_nonblock during startup + userauth.c: make sure that sp_len is positive and avoid overflows + knownhost.c: fix use of uninitialized argument variable wrote + openssl: initialise the digest context before calling EVP_DigestInit() + libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET + configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib + configure.ac: Rework crypto library detection + configure.ac: Reorder --with-* options in --help output + configure.ac: Call zlib zlib and not libz in text but keep option names + Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro + sftp: seek: Don't flush buffers on same offset + sftp: statvfs: Along error path, reset the correct 'state' variable. + sftp: Add support for fsync (OpenSSH extension). + _libssh2_channel_read: fix data drop when out of window + comp_method_zlib_decomp: Improve buffer growing algorithm + _libssh2_channel_read: Honour window_size_initial + window_size: redid window handling for flow control reasons + knownhosts: handle unknown key types + +------------------------------------------------------------------- Old: ---- libssh2-1.4.3.tar.gz New: ---- libssh2-1.5.0.tar.gz libssh2-1.5.0.tar.gz.asc libssh2_org.keyring ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libssh2_org.spec ++++++ --- /var/tmp/diff_new_pack.RrNgpD/_old 2015-03-16 09:38:09.000000000 +0100 +++ /var/tmp/diff_new_pack.RrNgpD/_new 2015-03-16 09:38:09.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libssh2_org # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,12 +21,14 @@ Group: Development/Libraries/C and C++ Name: libssh2_org -Version: 1.4.3 +Version: 1.5.0 Release: 0 Url: http://www.libssh2.org/ %define pkg_name libssh2 Source0: http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz +Source1: http://www.libssh2.org/download/%{pkg_name}-%{version}.tar.gz.asc Source2: baselibs.conf +Source3: libssh2_org.keyring BuildRequires: openssl-devel BuildRequires: pkgconfig BuildRequires: zlib-devel ++++++ libssh2-1.4.3.tar.gz -> libssh2-1.5.0.tar.gz ++++++ ++++ 17547 lines of diff (skipped) ++++++ libssh2_org.keyring ++++++ pub 1024D/279D5C91 2003-04-28 uid Daniel Stenberg (Haxx) <[email protected]> sub 1024g/B70B3510 2003-04-28 -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2.0.19 (GNU/Linux) mQGiBD6tnnoRBACRPnFBVoapBrTpPrCNZ2rq3DcmW6n/soQJW47+zP+vcrcxQ1WJ QiWSzLGO+QOIUZSYfnliR22r8HkFX9EUSW3IAcRMJMsaO3wMJ0a+78a9QqWLp6RV 0arcQkuuCvG79h+yJ6NnoAXe1geRt8vNGsaWtsS91CtYlTSs6JVtaRLnYwCg/Ly1 EFgvNZ6SJRc/8I5rRv0lrz8D/0goih2kZ5z4SI+r2hgABNcN7g565YwGKaQDbIch soh3OBzgETWc3wuAZqmCzQXPXMpMx+ziqX6XDzDKNiGL1CdrBJQd0II8UutWVDje f9UxLfo02YQ8diGYeq0u9k1RezC13w4TVUmQfg0Uqn4xM6DNzO1O6yCK8rlNwsvL gHNJA/9m1pfzjpvdxtmJNKRU3C4cRCjXhxNdM7laSEj0/wOGaR2QWWEge51orWwo SLQUIe4BDPvtRStQHC+tI7qr7d12rMMEBXviJC5EkGBOzlgWr9virjM/u/pkGMc2 m5r3pVuWH/JSsHsV952y2kWP64uP4zdLXOpVzX/xs0sYJ9nOPLQnRGFuaWVsIFN0 ZW5iZXJnIChIYXh4KSA8ZGFuaWVsQGhheHguc2U+iFkEExECABkFAj6tnnoECwcD AgMVAgMDFgIBAh4BAheAAAoJEHjhHGsnnVyRjngAn1gK6Q0qUTHwYJBAhIDmrRi0 ebfDAJ4qDSHd6UU2MEkkFCgGfYgEBXKbb7kBDQQ+rZ59EAQAmYsA8gPjJ75gOIPb XNg9Z31QzIz65qS9XdNsFNAdKxnY4b72nhc0oaS9/7Dcdf2Q+1mDa2p72DWk+9iz 7knmBL++csBP2z9eMe5h8oV53prqNOHDHyL3WLOa25ga9381gZnzWoQME74iSBBM wDw8vbLEgIZ34JaQ7Oe+9N3+6n8AAwcD/Av+Ms+3gCc5pLp4nx36qqi36fodaG9+ dwIcMbr9bivEtjmDHeuPsD6X1J9+Y/ikUBIDpMPv33lJxLoubOtpLhEuN2XN/ojT rueVPDKA1f+GyfHnyfpf/78IgX1hGVqu/3RBWKPpXFwSZA4q8vFR+FaPC5WbU68t FLJpYuC9ZO/LiEYEGBECAAYFAj6tnn0ACgkQeOEcayedXJGtPQCgxrbd59afemZ9 OIadZD8kUGC29dUAoJ94aGUkWCwoEiPyEZRGXv9XRlfx =yTQx -----END PGP PUBLIC KEY BLOCK----- -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
