Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libssh for openSUSE:Factory checked in at 2026-02-14 21:36:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libssh (Old) and /work/SRC/openSUSE:Factory/.libssh.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh" Sat Feb 14 21:36:17 2026 rev:81 rq:1332816 version:0.11.4 Changes: -------- --- /work/SRC/openSUSE:Factory/libssh/libssh.changes 2025-09-11 14:37:39.651536649 +0200 +++ /work/SRC/openSUSE:Factory/.libssh.new.1977/libssh.changes 2026-02-14 21:36:39.771027633 +0100 @@ -1,0 +2,18 @@ +Wed Feb 11 11:28:10 UTC 2026 - Pedro Monreal <[email protected]> + +- Update to 0.11.4: + * Security fixes: + - CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request() + (bsc#1258049) + - CVE-2026-0965: Possible Denial of Service when parsing unexpected + configuration files (bsc#1258045) + - CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input + (bsc#1258054) + - CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081) + - CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080) + - libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP extensions + * Other fixes: + - Stability and compatibility improvements of ProxyJump + * Remove patch upstream: libssh-cmake-Add-option-WITH_HERMETIC_USR.patch + +------------------------------------------------------------------- Old: ---- libssh-0.11.3.tar.xz libssh-0.11.3.tar.xz.asc libssh-cmake-Add-option-WITH_HERMETIC_USR.patch New: ---- libssh-0.11.4.tar.xz libssh-0.11.4.tar.xz.asc ----------(Old B)---------- Old: - Stability and compatibility improvements of ProxyJump * Remove patch upstream: libssh-cmake-Add-option-WITH_HERMETIC_USR.patch ----------(Old E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libssh.spec ++++++ --- /var/tmp/diff_new_pack.gcnDck/_old 2026-02-14 21:36:40.707066216 +0100 +++ /var/tmp/diff_new_pack.gcnDck/_new 2026-02-14 21:36:40.707066216 +0100 @@ -1,7 +1,7 @@ # # spec file for package libssh # -# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,7 +32,7 @@ %endif Name: libssh%{pkg_suffix} -Version: 0.11.3 +Version: 0.11.4 Release: 0 Summary: The SSH library License: LGPL-2.1-or-later @@ -44,8 +44,6 @@ Source3: libssh_client.config Source4: libssh_server.config Source99: baselibs.conf -# PATCH-FIX-UPSTREAM: libssh tries to read config from wrong crypto-policies location (bsc#1222716) -Patch0: libssh-cmake-Add-option-WITH_HERMETIC_USR.patch # PATCH-FIX-SUSE: fix hang in torture_channel tests (bsc#1243799) Patch1: libssh-tests-Fix-an-issue-where-torture_session-request-a-SIGTERM-too-early.patch BuildRequires: cmake ++++++ libssh-0.11.3.tar.xz -> libssh-0.11.4.tar.xz ++++++ ++++ 3198 lines of diff (skipped)
