ID | 132904 |
Package Name | libssh2 |
Version | 1.9.0 |
Release | 3.fc32 |
Epoch | |
Source | git+https://src.fedoraproject.org/rpms/libssh2.git#41525baf3f2396b61f9ea90591deb1eb178912bc |
Summary |
Description |
Built by | davidlt |
State |
complete
|
Volume |
DEFAULT |
Started | Thu, 16 Jan 2020 07:38:10 UTC |
Completed | Thu, 16 Jan 2020 08:38:46 UTC |
Task | build (f32-candidate, /rpms/libssh2.git:41525baf3f2396b61f9ea90591deb1eb178912bc) |
Extra | {'source': {'original_url': 'git+https://src.fedoraproject.org/rpms/libssh2.git#41525baf3f2396b61f9ea90591deb1eb178912bc'}} |
Tags |
|
RPMs |
|
Logs |
|
Changelog |
* Wed Oct 30 2019 Kamil Dudka <kdudka@redhat.com> - 1.9.0-3
- fix integer overflow in SSH_MSG_DISCONNECT logic (CVE-2019-17498)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.9.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jun 20 2019 Paul Howarth <paul@city-fan.org> - 1.9.0-1
- Update to 1.9.0
- Fixed integer overflow leading to out-of-bounds read (CVE-2019-13115)
- Adds ECDSA keys and host key support when using OpenSSL
- Adds ED25519 key and host key support when using OpenSSL 1.1.1
- Adds OpenSSH style key file reading
- Adds AES CTR mode support when using WinCNG
- Adds PEM passphrase protected file support for libgcrypt and WinCNG
- Adds SHA256 hostkey fingerprint
- Adds libssh2_agent_get_identity_path() and libssh2_agent_set_identity_path()
- Adds explicit zeroing of sensitive data in memory
- Adds additional bounds checks to network buffer reads
- Adds the ability to use the server default permissions when creating sftp directories
- Adds support for building with OpenSSL no engine flag
- Adds support for building with LibreSSL
- Increased sftp packet size to 256k
- Fixed oversized packet handling in sftp
- Fixed building with OpenSSL 1.1
- Fixed a possible crash if sftp stat gets an unexpected response
- Fixed incorrect parsing of the KEX preference string value
- Fixed conditional RSA and AES-CTR support
- Fixed a small memory leak during the key exchange process
- Fixed a possible memory leak of the ssh banner string
- Fixed various small memory leaks in the backends
- Fixed possible out of bounds read when parsing public keys from the server
- Fixed possible out of bounds read when parsing invalid PEM files
- No longer null terminates the scp remote exec command
- Now handle errors when Diffie Hellman key pair generation fails
- Fixed compiling on Windows with the flag STDCALL=ON
- Improved building instructions
- Improved unit tests
- Needs OpenSSL ≥ 1.0.1 now as ECC support is assumed
- Modernize spec somewhat as EL-6 can no longer be supported
* Tue Mar 26 2019 Paul Howarth <paul@city-fan.org> - 1.8.2-1
- Update to 1.8.2
- Fixed the misapplied userauth patch that broke 1.8.1
- Moved the MAX size declarations from the public header
* Tue Mar 19 2019 Paul Howarth <paul@city-fan.org> - 1.8.1-1
- Update to 1.8.1
- Fixed possible integer overflow when reading a specially crafted packet
(CVE-2019-3855)
- Fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings (CVE-2019-3863)
- Fixed possible integer overflow if the server sent an extremely large
number of keyboard prompts (CVE-2019-3856)
- Fixed possible out of bounds read when processing a specially crafted
packet (CVE-2019-3861)
- Fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (CVE-2019-3857)
- Fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (CVE-2019-3862)
- Fixed possible zero byte allocation when reading a specially crafted SFTP
packet (CVE-2019-3858)
- Fixed possible out of bounds reads when processing specially crafted SFTP
packets (CVE-2019-3860)
- Fixed possible out of bounds reads in _libssh2_packet_require(v)
(CVE-2019-3859)
- Fix mis-applied patch in the fix of CVE-2019-3859
- https://github.com/libssh2/libssh2/issues/325
- https://github.com/libssh2/libssh2/pull/327
* Mon Feb 04 2019 Paul Howarth <paul@city-fan.org> - 1.8.0-10
- Explicitly run the test suite in the en_US.UTF-8 locale to work around flaky
locale settings in mock builders
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.8.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Feb 03 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.8.0-6
- Switch to %ldconfig_scriptlets
|