Hello community, here is the log from the commit of package libssh for openSUSE:Factory checked in at 2019-12-23 22:35:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libssh (Old) and /work/SRC/openSUSE:Factory/.libssh.new.6675 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh" Mon Dec 23 22:35:26 2019 rev:60 rq:755661 version:0.9.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libssh/libssh.changes 2019-11-18 20:03:15.985807520 +0100 +++ /work/SRC/openSUSE:Factory/.libssh.new.6675/libssh.changes 2019-12-23 22:37:01.897809581 +0100 @@ -1,0 +2,24 @@ +Tue Dec 10 19:08:47 UTC 2019 - Andreas Schneider <[email protected]> + +- Update to version 0.9.3 + * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution + * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state + * SSH-01-006 General: Various unchecked Null-derefs cause DOS + * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys + * SSH-01-010 SSH: Deprecated hash function in fingerprinting + * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS + * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access + * SSH-01-001 State Machine: Initial machine states should be set explicitly + * SSH-01-002 Kex: Differently bound macros used to iterate same array + * SSH-01-005 Code-Quality: Integer sign confusion during assignments + * SSH-01-008 SCP: Protocol Injection via unescaped File Names + * SSH-01-009 SSH: Update documentation which RFCs are implemented + * SSH-01-012 PKI: Information leak via uninitialized stack buffer + +------------------------------------------------------------------- +Mon Dec 9 09:25:43 UTC 2019 - Dominique Leuenberger <[email protected]> + +- Rename suffix define to pkg_suffix: rpm 4.15 has suffix reserved + for internal use. + +------------------------------------------------------------------- Old: ---- libssh-0.9.2.tar.xz libssh-0.9.2.tar.xz.asc New: ---- libssh-0.9.3.tar.xz libssh-0.9.3.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libssh.spec ++++++ --- /var/tmp/diff_new_pack.j3j86Q/_old 2019-12-23 22:37:02.789809968 +0100 +++ /var/tmp/diff_new_pack.j3j86Q/_new 2019-12-23 22:37:02.809809977 +0100 @@ -1,7 +1,7 @@ # # spec file for package libssh # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %global flavor @BUILD_FLAVOR@%{nil} %if "%{flavor}" == "test" -%define suffix -test +%define pkg_suffix -test %ifarch s390 s390x ppc64le %define slow_test_system "ON" %else @@ -26,11 +26,11 @@ %endif %bcond_without test %else -%define suffix %{nil} +%define pkg_suffix %{nil} %bcond_with test %endif -Name: libssh%{suffix} -Version: 0.9.2 +Name: libssh%{pkg_suffix} +Version: 0.9.3 Release: 0 Summary: The SSH library License: LGPL-2.1-or-later ++++++ libssh-0.9.2.tar.xz -> libssh-0.9.3.tar.xz ++++++ ++++ 9032 lines of diff (skipped)
