------------------------------------------------------------------- Fri Apr 26 13:10:14 UTC 2019 - Pedro Monreal Gonzalez - Fix upstream patch for CVE-2019-3859 [bsc#1133528, bsc#1130103] - Added libssh2_org-CVE-2019-3859-fix.patch ------------------------------------------------------------------- Wed Mar 27 09:58:08 UTC 2019 - Pedro Monreal Gonzalez - Added COPYING file to %doc - Added baselibs.conf to sources ------------------------------------------------------------------- Wed Mar 13 15:24:11 UTC 2019 - Pedro Monreal Gonzalez - Store but don't use keys of unsupported types in the known_hosts file [bsc#1091236] * Added libssh2_org-knownhosts-handle-unknown-key-types.patch ------------------------------------------------------------------- Mon Mar 11 12:58:50 UTC 2019 - Pedro Monreal Gonzalez - Security fixes: * [bsc#1128471, CVE-2019-3855] Possible integer overflow in transport read allows out-of-bounds write with specially crafted payload - libssh2_org-CVE-2019-3855.patch * [bsc#1128472, CVE-2019-3856] Possible integer overflow in keyboard interactive handling allows out-of-bounds write with specially crafted payload - libssh2_org-CVE-2019-3856.patch * [bsc#1128474, CVE-2019-3857] Possible integer overflow leading to zero-byte allocation and out-of-bounds with specially crafted message channel request SSH packet - libssh2_org-CVE-2019-3857.patch * [bsc#1128476, CVE-2019-3858] Possible zero-byte allocation leading to an out-of-bounds read with a specially crafted SFTP packet - libssh2_org-CVE-2019-3858.patch * [bsc#1128480, CVE-2019-3859] Out-of-bounds reads with specially crafted payloads due to unchecked use of _libssh2_packet_require and _libssh2_packet_requirev - libssh2_org-CVE-2019-3859.patch * [bsc#1128481, CVE-2019-3860] Out-of-bounds reads with specially crafted SFTP packets - libssh2_org-CVE-2019-3860.patch * [bsc#1128490, CVE-2019-3861] Out-of-bounds reads with specially crafted SSH packets - libssh2_org-CVE-2019-3861.patch * [bsc#1128492, CVE-2019-3862] Out-of-bounds memory comparison with specially crafted message channel request SSH packet - libssh2_org-CVE-2019-3862.patch * [bsc#1128493, CVE-2019-3863] Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes with specially crafted keyboard responses - libssh2_org-CVE-2019-3863.patch ------------------------------------------------------------------- Tue Apr 26 15:16:27 UTC 2016 - pjanouch@suse.de - Fixed 0001-kex-Added-diffie-hellman-group-exchange-sha256-suppo.patch (as per CVE-2016-0787) ------------------------------------------------------------------- Wed Apr 20 12:16:47 UTC 2016 - pjanouch@suse.de - Fix segfaults in EVP_DigestInit_Ex() (bsc#976284) * add bsc976284.patch ------------------------------------------------------------------- Tue Feb 23 12:51:39 UTC 2016 - vcizek@suse.com - add SHA256 support for DH group exchange (fate#320343, bsc#961964) * add patches: 0001-Add-support-for-HMAC-SHA-256-and-HMAC-SHA-512.patch 0001-kex-Added-diffie-hellman-group-exchange-sha256-suppo.patch ------------------------------------------------------------------- Mon Feb 22 16:29:28 UTC 2016 - vcizek@suse.com - fix CVE-2016-0787 (bsc#967026) * Weakness in diffie-hellman secret key generation * add CVE-2016-0787.patch ------------------------------------------------------------------- Mon Mar 9 13:17:40 UTC 2015 - vcizek@suse.com - fix for CVE-2015-1782 (bnc#921070) * unbounded read when negotiating a new session * added CVE-2015-1782.patch ------------------------------------------------------------------- Fri Apr 13 08:47:12 UTC 2012 - vcizek@suse.com - update to 1.2.9 (fate#313284, bnc#756830) ------------------------------------------------------------------- Wed May 27 15:18:41 CEST 2009 - crrodriguez@suse.de - no not provide or obsolete libssh2 [bnc#507444] ------------------------------------------------------------------- Tue Oct 14 21:35:02 CEST 2008 - crrodriguez@suse.de - rename package to avoid all sorts of conflicts with the other "libssh" package ------------------------------------------------------------------- Thu Aug 14 06:20:14 CEST 2008 - crrodriguez@suse.de - update current snap , version 20080814 * Sean Peterson fixed a key re-exchange bug: http://daniel.haxx.se/projects/libssh2/mail/libssh2-devel-archive-2008-06/0002.shtml ------------------------------------------------------------------- Thu Jun 26 04:53:36 CEST 2008 - crrodriguez@suse.de - update to version 0.19.0-20080626, two bugfixes ------------------------------------------------------------------- Mon Jun 23 20:47:59 CEST 2008 - crrodriguez@suse.de - no longer needs fno-strict-aliasing ------------------------------------------------------------------- Mon Jun 23 02:11:56 CEST 2008 - crrodriguez@suse.de - update to libssh2-0.19.0-20080622 ------------------------------------------------------------------- Sun Dec 23 07:22:12 CET 2007 - crrodriguez@suse.de - update to 0.18 final ------------------------------------------------------------------- Fri Aug 31 23:12:41 CEST 2007 - crrodriguez@suse.de - update snap ------------------------------------------------------------------- Sat Apr 14 03:41:03 UTC 2007 - judas_iscariote@shorewall.net - update snapshot.