------------------------------------------------------------------- Mon Jan 13 15:37:28 UTC 2020 - James McDonough - Update to latest version of patch for CVE-2019-14889; (bsc#1158095) * Update CVE-2019-14889.patch ------------------------------------------------------------------- Tue Dec 03 14:03:12 UTC 2019 - James McDonough - Fix CVE-2019-14889: arbitrary command execution; (bsc#1158095) * Add CVE-2019-14889.patch ------------------------------------------------------------------- Tue Oct 9 20:55:31 UTC 2018 - jmcdonough@suse.com - Fix server authentication bypass; (bsc#1108020); (CVE-2018-10933) * CVE-2018-10933.patch ------------------------------------------------------------------- Fri May 20 06:57:55 UTC 2016 - lnussel@suse.de - fix popd syntax, new bash doesn't like it anymore ------------------------------------------------------------------- Tue Feb 9 21:01:03 UTC 2016 - lmuelle@suse.com - Fix CVE-2016-0739 - Weakness in diffie-hellman secret key generation; (bsc#965875). ------------------------------------------------------------------- Thu Apr 23 19:41:18 UTC 2015 - jmcdonough@suse.com - Fix CVE-2015-3146 - Potential null pointer dereference in packet handlers; (bsc#928323). ------------------------------------------------------------------- Fri Dec 19 13:33:29 UTC 2014 - jmcdonough@suse.com - Fix CVE-2014-8132 – Double free on dangling pointers in initial key exchange packet; (bsc#910790). ------------------------------------------------------------------- Tue Mar 4 17:20:09 UTC 2014 - asn@cryptomilk.org - Update to version 0.6.3 * Fix CVE-2014-0017. ------------------------------------------------------------------- Mon Feb 10 09:25:48 UTC 2014 - asn@cryptomilk.org - Update to version 0.6.1 * Added support for libgcrypt 1.6. * Added ssh_channel_accept_forward(). * Added known_hosts heuristic during connection (#138). * Added getters for session cipher names. * Fixed decrypt of zero length buffer. * Fixed padding in RSA signature blobs. * Fixed DSA signature extraction. * Fixed some memory leaks. * Fixed read of non-connected socket. * Fixed thread dectection. ------------------------------------------------------------------- Wed Jan 8 10:18:32 UTC 2014 - asn@cryptomilk.org - Update to version 0.6.0 * Added new publicy key API. * Added new userauth API. * Added ssh_get_publickey_hash() function. * Added ssh_get_poll_flags() function. * Added gssapi-mic userauth. * Added GSSAPIServerIdentity option. * Added GSSAPIClientIdentity option. * Added GSSAPIDelegateCredentials option. * Added new callback based server API. * Added Elliptic Curve DSA (ECDSA) support (with OpenSSL). * Added Elliptic Curve Diffie Hellman (ECDH) support. * Added Curve25519 for ECDH key exchange. * Added improved logging system. * Added SSH-agent forwarding. * Added key-reexchange. * Added more unit tests. * Improved documentation. * Fixed timeout handling. ------------------------------------------------------------------- Thu Dec 19 13:23:21 CET 2013 - kukuk@suse.de - Remove remove-pedantic-errors.diff, does not apply anymore and is not needed anymore. ------------------------------------------------------------------- Thu Oct 31 21:49:47 UTC 2013 - javier@opensuse.org - Update to version 0.6.0rc1 * Added new publicy key API. * Added new userauth API. * Added gssapi-mic userauth. * Added new callback based server API. * Added Elliptic Curve DSA (ECDSA) support (with OpenSSL). * Added Elliptic Curve Diffie Hellman (ECDH) support. * Added improved logging system. * Added SSH-agent forwarding. * Added key-reexchange. * Improved documentation. * Fixed timeout handling. ------------------------------------------------------------------- Mon Jul 29 08:17:19 UTC 2013 - asn@cryptomilk.org - Add baselibs.conf - Require xz to fix build on older distro versions. ------------------------------------------------------------------- Fri Jul 26 07:44:37 UTC 2013 - asn@cryptomilk.org - Update to version 0.5.5 * BUG 103: Fix ProxyCommand parsing. - Remove patch fix-proxycomand-parsing1.diff - Remove patch fix-proxy-command-none.diff * Fix setting -D_FORTIFY_SOURCE=2. * Fix pollset error return if emtpy. * Fix NULL pointer checks in channel functions. * Several bugfixes. ------------------------------------------------------------------- Thu Jul 25 19:56:12 UTC 2013 - lbeltrame@kde.org - Add fix-proxycomand-parsing1.diff: fix ProxyCommand parsing in libssh (upstream libssh bug 103) - Add fix-proxy-command-none.diff: fix ProxyCommand when it is "none" (upstream libssh bug 103) ------------------------------------------------------------------- Tue Jan 22 15:03:51 UTC 2013 - asn@cryptomilk.org - Update to version 0.5.4 * CVE-2013-0176 - NULL dereference leads to denial of service * Fixed several NULL pointer dereferences in SSHv1. * Fixed a free crash bug in options parsing. ------------------------------------------------------------------- Tue Nov 20 13:40:42 UTC 2012 - asn@cryptomilk.org - Update to version 0.5.3 * CVE-2012-4559 Fixed multiple double free() flaws. * CVE-2012-4560 Fixed multiple buffer overflow flaws. * CVE-2012-4561 Fixed multiple invalid free() flaws. * rlo #84 - Fix bug in sftp_mkdir not returning on error. * rlo #85 - Fixed a possible channel infinite loop if the connection dropped. * rlo #88 - Added missing channel request_state and set it to accepted. * rlo #89 - Reset error state to no error on successful SSHv1 authentiction. * Fixed a possible use after free in ssh_free(). * Fixed multiple possible NULL pointer dereferences. * Fixed multiple memory leaks in error paths. * Fixed timeout handling. * Fixed regression in pre-connected socket setting. * Handle all unknown global messages. ------------------------------------------------------------------- Tue Feb 7 13:34:00 UTC 2012 - jengelh@medozas.de - Ensure pkgconfig symbols are provided ------------------------------------------------------------------- Tue Jan 31 10:36:26 UTC 2012 - jengelh@medozas.de - Remove redundant tags/sections per specfile guideline suggestions - Parallel building using %_smp_mflags - Make pkgconfig provides available - Add patch to work around compilation problems on SLES11SP1 ------------------------------------------------------------------- Sat Sep 17 07:00:53 UTC 2011 - asn@cryptomilk.org - Update to version 0.5.2 * Increased window size x10. * Fixed SSHv1. * Fixed bugged lists. * Fixed use-after-free + inconsistent callbacks call in poll. * Fixed scp documentation. * Fixed possible infinite loop in channel_read(). * Fixed handling of short reads of sftp_async_read(). * Fixed handling request service timeout in blocking mode. * Fixed ssh_auth_list() documentation. * Fixed incorrect return values in ssh_channel_write(). * Fixed an infinite loop in the termination callback. * Fixed handling of SSH_AGAIN in channel_open(). * Fixed "status -5 inflating zlib packet" ------------------------------------------------------------------- Tue Sep 6 03:36:48 UTC 2011 - crrodriguez@opensuse.org - Build with OPENSSL_LOAD_CONF so we respect user's choice of which "openssl engine" to use for crypto (aes-ni,intel-accel) ------------------------------------------------------------------- Tue Aug 9 15:12:39 UTC 2011 - asn@cryptomilk.org - Update to version 0.5.1 * Added checks for NULL pointers in string.c. * Set the channel max packet size to 32768. * Don't (de)compress empty buffers. * Fixed ssh_scp_write so it works when doing recursive copy. * Fixed another source of endless wait. * Fixed an endless loop in case of a channel_open error. * Fixed session timeout handling. * Fixed ssh_channel_from_local() loop. * Fixed permissions of scp example when we copy a file. * Workaround ssh_get_user_home_dir on LDAP users. * Added pkg-config support for libssh_threads. * Fixed compilation without server and sftp modes. * Fix static .lib overwriting on Windows. ------------------------------------------------------------------- Tue May 31 14:32:09 UTC 2011 - asn@cryptomilk.org - Update to version 0.5.0 * Added ssh_ prefix to all functions. * Added complete Windows support. * Added improved server support. * Added unit tests for a lot of functions. * Added asynchronous service request. * Added a multiplatform ssh_getpass() function. * Added a tutorial. * Added a lot of documentation. * Fixed a lot of bugs. * Fixed several memory leaks. ------------------------------------------------------------------- Sat Jan 15 08:58:45 UTC 2011 - asn@cryptomilk.org - Update to version 0.4.8 * Fixed memory leaks in session signing. * Fixed memory leak in ssh_print_hexa. * Fixed problem with ssh_connect w/ timeout and fd > 1024. * Fixed some warnings on OS/2. * Fixed installation path for OS/2. ------------------------------------------------------------------- Mon Dec 27 20:12:23 CET 2010 - asn@cynapses.org - Update to version 0.4.7 * Fixed a possible memory leak in ssh_get_user_home(). * Fixed a memory leak in sftp_xstat. * Fixed uninitialized fd->revents member. * Fixed timout value in ssh_channel_accept(). * Fixed length checks in ssh_analyze_banner(). * Fixed a possible data overread and crash bug. * Fixed setting max_fd which breaks ssh_select(). * Fixed some pedantic build warnings. * Fixed a memory leak with session->bindaddr. ------------------------------------------------------------------- Sun Sep 5 19:30:28 CEST 2010 - asn@cynapses.org - Update to version 0.4.6 * Added a cleanup function to free the ws2_32 library. * Fixed build with gcc 3.4. * Fixed the Windows build on Vista and newer. * Fixed the usage of WSAPoll() on Windows. * Fixed "@deprecated" in doxygen * Fixed some mingw warnings. * Fixed handling of opened channels. * Fixed keepalive problem on older openssh servers. * Fixed testing for big endian on Windows. * Fixed the Windows preprocessor macros and defines. ------------------------------------------------------------------- Tue Jul 13 10:27:13 CEST 2010 - anschneider@exsuse.de - Update to version 0.4.5 * Added option to bind a client to an ip address. * Fixed the ssh socket polling function. * Fixed Windows related bugs in bsd_poll(). * Fixed serveral build warnings. ------------------------------------------------------------------- Mon May 31 14:13:55 CEST 2010 - anschneider@exsuse.de - Update to version 0.4.4 * Fixed some bugs ein path expand functions. ------------------------------------------------------------------- Mon May 17 23:50:11 CEST 2010 - anschneider@exsuse.de - Update to version 0.4.3 * Added global/keepalive responses. * Added runtime detection of WSAPoll(). * Added a select(2) based poll-emulation if poll(2) is not available. * Added a function to expand an escaped string. * Added a function to expand the tilde from a path. * Added a proxycommand support. * Added ssh_privatekey_type public function * Added the possibility to define _OPENSSL_DIR and _ZLIB_DIR. * Fixed sftp_chown. * Fixed sftp_rename on protocol version 3. * Fixed a blocking bug in channel_poll. * Fixed config parsing wich has overwritten user specified values. * Fixed hashed [host]:port format in knownhosts * Fixed Windows build. * Fixed doublefree happening after a negociation error. * Fixed aes*-ctr with <= OpenSSL 0.9.7b. * Fixed some documentation. * Fixed exec example which has broken read usage. * Fixed broken algorithm choice for server. * Fixed a typo that we don't export all symbols. * Removed the unneeded dependency to doxygen. * Build examples only on the Linux plattform. ------------------------------------------------------------------- Mon Mar 15 19:40:44 CET 2010 - anschneider@exsuse.de - Update to version 0.4.2 * Added owner and group information in sftp attributes. * Added missing SSH_OPTIONS_FD option. * Added printout of owner and group in the sftp example. * Added a prepend function for ssh_list. * Added send back replies to openssh's keepalives. * Fixed documentation in scp code * Fixed longname parsing, this only workings with readdir. * Fixed and added support for several identity files. * Fixed sftp_parse_longname() on Windows. * Fixed a race condition bug in ssh_scp_close() * Remove config support for SSHv1 Cipher variable. * Rename ssh_list_add to ssh_list_append. * Rename ssh_list_get_head to ssh_list_pop_head ------------------------------------------------------------------- Mon Feb 15 12:41:47 CET 2010 - anschneider@exsuse.de - Fixed Requires. ------------------------------------------------------------------- Sat Feb 13 15:29:14 CET 2010 - anschneider@exsuse.de - Update to version 0.4.1 * Added support for aes128-ctr, aes192-ctr and aes256-ctr encryption. * Added an example for exec. * Added private key type detection feature in privatekey_from_file(). * Fixed zlib compression fallback. * Fixed kex bug that client preference should be prioritary * Fixed known_hosts file set by the user. * Fixed a memleak in channel_accept(). * Fixed underflow when leave_function() are unbalanced * Fixed memory corruption in handle_channel_request_open(). * Fixed closing of a file handle case of errors in privatekey_from_file(). * Fixed ssh_get_user_home_dir() to be thread safe. * Fixed the doxygen documentation. ------------------------------------------------------------------- Thu Dec 10 23:43:19 CET 2009 - anschneider@exsuse.de - Update to version 0.4.0 * Added scp support. * Added support for sending signals (RFC 4254, section 6.9). * Added MSVC support. * Added support for ~/.ssh/config. * Added sftp extension support. * Added X11 forwarding support for client. * Added forward listening. * Added support for openssh extensions (statvfs, fstatvfs). * Added a cleaned up interface for setting options. * Added a generic way to handle sockets asynchronously. * Added logging of the sftp flags used to open a file. * Added full poll() support and poll-emulation for win32. * Added missing 64bit functions in sftp. * Added support for ~/ and SSH_DIR/ in filenames instead of %s/. * Fixed Fix channel_get_exit_status bug. * Fixed calltrace logging to make it optional. * Fixed compilation on Solaris. * Fixed resolving of ip addresses. * Fixed libssh compilation without server support. * Fixed possible memory corruptions (ticket #14). ------------------------------------------------------------------- Mon Sep 14 10:20:52 CEST 2009 - anschneider@exsuse.de - Update to version 0.3.4. * Added ssh_basename and ssh_dirname. * Added a portable ssh_mkdir function. * Added a sftp_tell64() function. * Added missing NULL pointer checks to crypt_set_algorithms_server. * Fixed ssh_write_knownhost if ~/.ssh doesn't exist. * Fixed a possible integer overflow in buffer_get_data(). * Fixed possible security bug in packet_decrypt(). ------------------------------------------------------------------- Tue Aug 18 15:28:06 CEST 2009 - anschneider@exsuse.de - Update to version 0.3.3. * Fixed double free pointer crash in dsa_public_to_string. * Fixed channel_get_exit_status bug. * Fixed ssh_finalize which didn't clear the flag. * Fixed memory leak introduced by previous bugfix. * Fixed channel_poll broken when delayed EOF recvd. * Fixed stupid "can't parse known host key" bug. * Fixed possible memory corruption (ticket #14). ------------------------------------------------------------------- Tue Aug 4 16:20:25 CEST 2009 - anschneider@exsuse.de - Update to version 0.3.2 * Added ssh_init() function. * Added sftp_readlink() function. * Added sftp_symlink() function. * Fixed ssh_write_knownhost(). * Fixed compilation on Solaris. * Fixed SSHv1 compilation. ------------------------------------------------------------------- Tue Jul 14 09:55:36 CEST 2009 - anschneider@exsuse.de - Update to version 0.3.1 * Added return code SSH_SERVER_FILE_NOT_FOUND. * Fixed compilation of SSHv1. * Fixed several memory leaks. * Fixed possible infinite loops. * Fixed a possible crash bug. * Fixed build warnings. * Fixed cmake on BSD. ------------------------------------------------------------------- Thu May 21 10:52:35 CEST 2009 - anschneider@exsuse.de - Update to version 0.3.0 * Added support for ssh-agent authentication. * Added POSIX like sftp implementation. * Added error checking to all functions. * Added const to arguments where it was needed. * Added a channel_get_exit_status() function. * Added a channel_read_buffer() function, channel_read() is now a POSIX like function. * Added a more generic auth callback function. * Added printf attribute checking for log and error functions. * Added runtime function tracer support. * Added NSIS build support with CPack. * Added openssh hashed host support. * Added API documentation for all public functions. * Added asynchronous SFTP read function. * Added a ssh_bind_set_fd() function. * Fixed known_hosts parsing. * Fixed a lot of build warnings. * Fixed the Windows build. * Fixed a lot of memory leaks. * Fixed a double free corruption in the server support. * Fixed the "ssh_accept:" bug in server support. * Fixed important channel bugs. * Refactored the socket handling. * Switched to CMake build system. * Improved performance. ------------------------------------------------------------------- Mon Nov 17 17:46:00 CET 2008 - anschneider@suse.de - Add 'Provides: libssh' to the library that the debuginfo package can be installed. - Fix channel performance by changing the window len. - Use libssh2 as name for the library package. - Remove rpmlintrc ------------------------------------------------------------------- Tue Oct 7 21:19:07 CEST 2008 - aj@suse.de - Disable parallel build since it breaks the build. ------------------------------------------------------------------- Tue Sep 30 14:02:58 CEST 2008 - ro@suse.de - Add rpmlintrc (desired package name is already taken by another package) ------------------------------------------------------------------- Tue Sep 30 13:49:00 CEST 2008 - ro@suse.de - Fix debug package requires ------------------------------------------------------------------- Tue Sep 30 12:41:19 CEST 2008 - ro@suse.de - Fixed filelist ------------------------------------------------------------------- Thu Aug 21 11:26:29 CEST 2008 - anschneider@suse.de - Map the permissions field to the type field for sftp v3. - Add errno mapping for sftp functions ------------------------------------------------------------------- Wed Aug 20 16:08:57 CEST 2008 - anschneider@suse.de - Initial libssh package