rpms
/
libssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add libssh 0.7.1-7 from RHEL/CentOS 7 to EPEL 7 (limited arch pkg) 

Package got part of rhel-7-{server,workstation}-extras-rpms repo,
however only for x86_64, but not for aarch64, ppc64 and ppc64le.
This commit is contained in:
Robert Scheck 2019-04-01 23:21:50 +02:00
parent e323d99437
commit dc7c7413c0
8 changed files with 2316 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
.gitignore vendored
View File

@ -1,21 +1 @@
libssh-0.4.4.tar.gz
libssh-0.4.4.tar.gz.asc
/libssh-0.4.6.tar.gz
/libssh-0.4.6.tar.gz.asc
/libssh-0.4.8.tar.gz
/libssh-0.4.8.tar.gz.asc
/libssh-0.5.0.tar.gz
/libssh-0.5.0.tar.gz.asc
/libssh-0.5.2.tar.gz
/libssh-0.5.2.tar.gz.asc
/libssh-0.5.3.tar.gz
/libssh-0.5.3.tar.asc
/libssh-0.5.4.tar.gz
/libssh-0.5.4.tar.asc
/libssh-0.5.5.tar.gz
/libssh-0.5.5.tar.asc
/libssh-0.6.0.tar.xz
/libssh-0.6.1.tar.xz
/libssh-0.6.3.tar.xz
/libssh-0.6.4.tar.gz
/libssh-0.6.5.tar.xz
/libssh-*.tar.xz

109
libssh-0.7.1-fix_agent_bigendian.patch Normal file
View File

@ -0,0 +1,109 @@
--- a/libssh-0.7.2-fix_agent_bigendian.patch
+++ a/libssh-0.7.2-fix_agent_bigendian.patch
@@ -0,0 +1,105 @@
+From 0425ac9ad0f8f1cefa12b448d31a400ced3e89b9 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Wed, 14 Oct 2015 20:45:49 +0200
+Subject: [PATCH] agent: Fix agent auth on big endian machines
+
+BUG: https://red.libssh.org/issues/204
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ ConfigureChecks.cmake | 1 +
+ include/libssh/priv.h | 10 ++++++++++
+ src/agent.c | 17 +++++++++++++----
+ 3 files changed, 24 insertions(+), 4 deletions(-)
+
+diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
+index c0326c2..3587b07 100644
+--- a/ConfigureChecks.cmake
++++ b/ConfigureChecks.cmake
+@@ -56,6 +56,7 @@ check_include_file(libutil.h HAVE_LIBUTIL_H)
+ check_include_file(sys/time.h HAVE_SYS_TIME_H)
+ check_include_file(sys/param.h HAVE_SYS_PARAM_H)
+ check_include_file(arpa/inet.h HAVE_ARPA_INET_H)
++check_include_file(byteswap.h HAVE_BYTESWAP_H)
+
+ if (WIN32)
+ check_include_files("winsock2.h;ws2tcpip.h;wspiapi.h" HAVE_WSPIAPI_H)
+diff --git a/include/libssh/priv.h b/include/libssh/priv.h
+index 95a22c6..b7a80fe 100644
+--- a/include/libssh/priv.h
++++ b/include/libssh/priv.h
+@@ -43,6 +43,16 @@
+ # endif
+ #endif /* !defined(HAVE_STRTOULL) */
+
++#ifdef HAVE_BYTESWAP_H
++#include <byteswap.h>
++#endif
++
++#ifndef bswap_32
++#define bswap_32(x) \
++ ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \
++ (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24))
++#endif
++
+ #ifdef _WIN32
+
+ /* Imitate define of inttypes.h */
+diff --git a/src/agent.c b/src/agent.c
+index 922d753..e520773 100644
+--- a/src/agent.c
++++ b/src/agent.c
+@@ -382,6 +382,9 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
+ ssh_buffer_free(reply);
+ return -1;
+ }
++#ifdef WORDS_BIGENDIAN
++ type = bswap_32(type);
++#endif
+
+ SSH_LOG(SSH_LOG_WARN,
+ "Answer type: %d, expected answer: %d",
+@@ -392,7 +395,7 @@ int ssh_agent_get_ident_count(struct ssh_session_struct *session) {
+ return 0;
+ } else if (type != c2) {
+ ssh_set_error(session, SSH_FATAL,
+- "Bad authentication reply message type: %d", type);
++ "Bad authentication reply message type: %u", type);
+ ssh_buffer_free(reply);
+ return -1;
+ }
+@@ -507,8 +510,8 @@ ssh_string ssh_agent_sign_data(ssh_session session,
+ ssh_buffer reply;
+ ssh_string key_blob;
+ ssh_string sig_blob;
+- int type = SSH2_AGENT_FAILURE;
+- int flags = 0;
++ unsigned int type = 0;
++ unsigned int flags = 0;
+ uint32_t dlen;
+ int rc;
+
+@@ -572,13 +575,19 @@ ssh_string ssh_agent_sign_data(ssh_session session,
+ ssh_buffer_free(reply);
+ return NULL;
+ }
++#ifdef WORDS_BIGENDIAN
++ type = bswap_32(type);
++#endif
+
+ if (agent_failed(type)) {
+ SSH_LOG(SSH_LOG_WARN, "Agent reports failure in signing the key");
+ ssh_buffer_free(reply);
+ return NULL;
+ } else if (type != SSH2_AGENT_SIGN_RESPONSE) {
+- ssh_set_error(session, SSH_FATAL, "Bad authentication response: %d", type);
++ ssh_set_error(session,
++ SSH_FATAL,
++ "Bad authentication response: %u",
++ type);
+ ssh_buffer_free(reply);
+ return NULL;
+ }
+--
+2.5.0
+

16
CVE-2016-0739-v0-6.patch → libssh-CVE-2016-0739.patch
View File

@ -1,22 +1,19 @@
From 1fd92622d87787d183099defb15a5e7bb4e2c875 Mon Sep 17 00:00:00 2001
From dc2eaa017fe77e53bd9f1d4327a480d9bfe6cc6a Mon Sep 17 00:00:00 2001
From: Aris Adamantiadis <aris@0xbadc0de.be>
Date: Tue, 9 Feb 2016 15:09:27 +0100
Subject: [PATCH] dh: Fix CVE-2016-0739
Subject: [PATCH] dh: fix CVE-2016-0739
Due to a byte/bit confusion, the DH secret was too short. This file was
completely reworked and will be commited in a future version.
Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/dh.c | 22 +++++++++++++++++-----
1 file changed, 17 insertions(+), 5 deletions(-)
diff --git a/src/dh.c b/src/dh.c
index 010a1dd..7a817e8 100644
index e489a1d..d27b66e 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -240,15 +240,21 @@ void ssh_print_bignum(const char *which, bignum num) {
@@ -227,15 +227,21 @@ void ssh_crypto_finalize(void) {
}
int dh_generate_x(ssh_session session) {
@ -40,7 +37,7 @@ index 010a1dd..7a817e8 100644
#endif
/* not harder than this */
@@ -261,15 +267,21 @@ int dh_generate_x(ssh_session session) {
@@ -248,15 +254,21 @@ int dh_generate_x(ssh_session session) {
/* used by server */
int dh_generate_y(ssh_session session) {
@ -66,5 +63,6 @@ index 010a1dd..7a817e8 100644
/* not harder than this */
--
2.5.0
2.7.1

1756
libssh-CVE-2018-10933.patch Normal file
View File

File diff suppressed because it is too large Load Diff

363
libssh-SHA256.patch Normal file
View File

@ -0,0 +1,363 @@
From f3f140e65f0e58fc37b04dbe4173d6ecda0127ac Mon Sep 17 00:00:00 2001
From: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Date: Thu, 9 Aug 2018 11:00:00 +0200
Subject: dh: Add SSH_PUBLICKEY_HASH_SHA256 to ssh_get_publickey_hash()
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 1499b38aef17beac8b438522535daf428600d529)
---
include/libssh/libssh.h | 3 ++-
src/dh.c | 23 +++++++++++++++++++++++
2 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 37214898..320dc032 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -444,7 +444,8 @@ LIBSSH_API int ssh_get_publickey(ssh_session session, ssh_key *key);
enum ssh_publickey_hash_type {
SSH_PUBLICKEY_HASH_SHA1,
- SSH_PUBLICKEY_HASH_MD5
+ SSH_PUBLICKEY_HASH_MD5,
+ SSH_PUBLICKEY_HASH_SHA256
};
LIBSSH_API int ssh_get_publickey_hash(const ssh_key key,
enum ssh_publickey_hash_type type,
diff --git a/src/dh.c b/src/dh.c
index d27b66eb..bf1ade8b 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -1039,6 +1039,29 @@ int ssh_get_publickey_hash(const ssh_key key,
*hlen = SHA_DIGEST_LEN;
}
break;
+ case SSH_PUBLICKEY_HASH_SHA256:
+ {
+ SHA256CTX ctx;
+
+ h = malloc(SHA256_DIGEST_LEN);
+ if (h == NULL) {
+ rc = -1;
+ goto out;
+ }
+
+ ctx = sha256_init();
+ if (ctx == NULL) {
+ free(h);
+ rc = -1;
+ goto out;
+ }
+
+ sha256_update(ctx, ssh_string_data(blob), ssh_string_len(blob));
+ sha256_final(h, ctx);
+
+ *hlen = SHA256_DIGEST_LEN;
+ }
+ break;
case SSH_PUBLICKEY_HASH_MD5:
{
MD5CTX ctx;
--
cgit v1.2.1
From 9c62d6dfcd798d28895f5dd1b76a28524bcf18d3 Mon Sep 17 00:00:00 2001
From: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Date: Thu, 9 Aug 2018 11:00:00 +0200
Subject: dh: Add ssh_print_hash() function which can deal with sha256
Signed-off-by: Jan-Niklas Burfeind <libssh@aiyionpri.me>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f32cb706752d8dc35ad53a64f51e432cc0bc41cd)
---
include/libssh/libssh.h | 1 +
src/dh.c | 80 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 81 insertions(+)
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index 320dc032..f6cce1e4 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -564,6 +564,7 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
+LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
LIBSSH_API int ssh_send_debug (ssh_session session, const char *message, int always_display);
diff --git a/src/dh.c b/src/dh.c
index bf1ade8b..66a0e704 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -1097,6 +1097,38 @@ out:
return rc;
}
+/**
+ * @internal
+ *
+ * @brief Convert a buffer into an unpadded base64 string.
+ * The caller has to free the memory.
+ *
+ * @param hash What should be converted to a base64 string.
+ *
+ * @param len Length of the buffer to convert.
+ *
+ * @return The base64 string or NULL on error.
+ *
+ * @see ssh_string_free_char()
+ */
+static char *ssh_get_b64_unpadded(const unsigned char *hash, size_t len)
+{
+ char *b64_padded = NULL;
+ char *b64_unpadded = NULL;
+ size_t k;
+
+ b64_padded = (char *)bin_to_base64(hash, (int)len);
+ if (b64_padded == NULL) {
+ return NULL;
+ }
+ for (k = strlen(b64_padded); k != 0 && b64_padded[k-1] == '='; k--);
+
+ b64_unpadded = strndup(b64_padded, k);
+ SAFE_FREE(b64_padded);
+
+ return b64_unpadded;
+}
+
/**
* @brief Convert a buffer into a colon separated hex string.
* The caller has to free the memory.
@@ -1134,6 +1166,54 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
return hexa;
}
+/**
+ * @brief Print a hash as a human-readable hex- or base64-string.
+ *
+ * This function prints hex strings if the given hash is a md5 sum.
+ * But prints unpadded base64 strings for sha sums.
+ * Either way, the output is prepended by the hash-type.
+ *
+ * @param type Which sort of hash is given.
+ *
+ * @param hash What should be converted to a base64 string.
+ *
+ * @param len Length of the buffer to convert.
+ */
+void ssh_print_hash(enum ssh_publickey_hash_type type,
+ unsigned char *hash,
+ size_t len) {
+ const char *prefix = "UNKNOWN";
+ char *fingerprint = NULL;
+
+ switch (type) {
+ case SSH_PUBLICKEY_HASH_SHA1:
+ case SSH_PUBLICKEY_HASH_SHA256:
+ fingerprint = ssh_get_b64_unpadded(hash, len);
+ break;
+ case SSH_PUBLICKEY_HASH_MD5:
+ fingerprint = ssh_get_hexa(hash, len);
+ break;
+ }
+ if (fingerprint == NULL) {
+ return;
+ }
+
+ switch (type) {
+ case SSH_PUBLICKEY_HASH_MD5:
+ prefix = "MD5";
+ break;
+ case SSH_PUBLICKEY_HASH_SHA1:
+ prefix = "SHA1";
+ break;
+ case SSH_PUBLICKEY_HASH_SHA256:
+ prefix = "SHA256";
+ break;
+ }
+ fprintf(stderr, "%s:%s\n", prefix, fingerprint);
+
+ SAFE_FREE(fingerprint);
+}
+
/**
* @brief Print a buffer as colon separated hex string.
*
--
cgit v1.2.1
From 7a7c0a54bc24391fcff0aaccd983de621cb3e60d Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sun, 2 Sep 2018 15:45:41 +0200
Subject: dh: Add ssh_get_fingerprint_hash()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit bbed139ecab26cb46b0bb3a21fa4cd2a4f12dadd)
---
include/libssh/libssh.h | 3 ++
src/dh.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 76 insertions(+)
diff --git a/include/libssh/libssh.h b/include/libssh/libssh.h
index f6cce1e4..7f59abe4 100644
--- a/include/libssh/libssh.h
+++ b/include/libssh/libssh.h
@@ -564,6 +564,9 @@ LIBSSH_API int ssh_pki_export_pubkey_file(const ssh_key key,
LIBSSH_API const char *ssh_pki_key_ecdsa_name(const ssh_key key);
+LIBSSH_API char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
+ unsigned char *hash,
+ size_t len);
LIBSSH_API void ssh_print_hash(enum ssh_publickey_hash_type type, unsigned char *hash, size_t len);
LIBSSH_API void ssh_print_hexa(const char *descr, const unsigned char *what, size_t len);
LIBSSH_API int ssh_send_ignore (ssh_session session, const char *data);
diff --git a/src/dh.c b/src/dh.c
index 66a0e704..38298b2d 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -1166,6 +1166,79 @@ char *ssh_get_hexa(const unsigned char *what, size_t len) {
return hexa;
}
+/**
+ * @brief Get a hash as a human-readable hex- or base64-string.
+ *
+ * This gets an allocated fingerprint hash. It is a hex strings if the given
+ * hash is a md5 sum. If it is a SHA sum, it will return an unpadded base64
+ * strings. Either way, the output is prepended by the hash-type.
+ *
+ * @param type Which sort of hash is given.
+ *
+ * @param hash What should be converted to a base64 string.
+ *
+ * @param len Length of the buffer to convert.
+ *
+ * @return Returns the allocated fingerprint hash or NULL on error.
+ *
+ * @see ssh_string_free_char()
+ */
+char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
+ unsigned char *hash,
+ size_t len)
+{
+ const char *prefix = "UNKNOWN";
+ char *fingerprint = NULL;
+ char *str = NULL;
+ size_t str_len;
+ int rc;
+
+ switch (type) {
+ case SSH_PUBLICKEY_HASH_SHA1:
+ case SSH_PUBLICKEY_HASH_SHA256:
+ fingerprint = ssh_get_b64_unpadded(hash, len);
+ break;
+ case SSH_PUBLICKEY_HASH_MD5:
+ fingerprint = ssh_get_hexa(hash, len);
+ break;
+ }
+ if (fingerprint == NULL) {
+ return NULL;
+ }
+
+ switch (type) {
+ case SSH_PUBLICKEY_HASH_MD5:
+ prefix = "MD5";
+ break;
+ case SSH_PUBLICKEY_HASH_SHA1:
+ prefix = "SHA1";
+ break;
+ case SSH_PUBLICKEY_HASH_SHA256:
+ prefix = "SHA256";
+ break;
+ }
+
+ str_len = strlen(prefix);
+ if (str_len + 1 + strlen(fingerprint) + 1 < str_len) {
+ SAFE_FREE(fingerprint);
+ return NULL;
+ }
+ str_len += 1 + strlen(fingerprint) + 1;
+
+ str = malloc(str_len);
+ if (str == NULL) {
+ SAFE_FREE(fingerprint);
+ return NULL;
+ }
+ rc = snprintf(str, str_len, "%s:%s", prefix, fingerprint);
+ SAFE_FREE(fingerprint);
+ if (rc < 0 || rc < (int)(str_len - 1)) {
+ SAFE_FREE(str);
+ }
+
+ return str;
+}
+
/**
* @brief Print a hash as a human-readable hex- or base64-string.
*
--
cgit v1.2.1
From e765c1400a724cc5009fd03395ef54b28de9c296 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sun, 2 Sep 2018 15:47:41 +0200
Subject: dh: Use ssh_get_fingerprint_hash() in ssh_print_hash()
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit 92aa2cf4963b714d0f30d4fb0f9e609200224f7a)
---
src/dh.c | 29 ++++++-----------------------
1 file changed, 6 insertions(+), 23 deletions(-)
diff --git a/src/dh.c b/src/dh.c
index 38298b2d..d7182798 100644
--- a/src/dh.c
+++ b/src/dh.c
@@ -1254,35 +1254,18 @@ char *ssh_get_fingerprint_hash(enum ssh_publickey_hash_type type,
*/
void ssh_print_hash(enum ssh_publickey_hash_type type,
unsigned char *hash,
- size_t len) {
- const char *prefix = "UNKNOWN";
+ size_t len)
+{
char *fingerprint = NULL;
- switch (type) {
- case SSH_PUBLICKEY_HASH_SHA1:
- case SSH_PUBLICKEY_HASH_SHA256:
- fingerprint = ssh_get_b64_unpadded(hash, len);
- break;
- case SSH_PUBLICKEY_HASH_MD5:
- fingerprint = ssh_get_hexa(hash, len);
- break;
- }
+ fingerprint = ssh_get_fingerprint_hash(type,
+ hash,
+ len);
if (fingerprint == NULL) {
return;
}
- switch (type) {
- case SSH_PUBLICKEY_HASH_MD5:
- prefix = "MD5";
- break;
- case SSH_PUBLICKEY_HASH_SHA1:
- prefix = "SHA1";
- break;
- case SSH_PUBLICKEY_HASH_SHA256:
- prefix = "SHA256";
- break;
- }
- fprintf(stderr, "%s:%s\n", prefix, fingerprint);
+ fprintf(stderr, "%s\n", fingerprint);
SAFE_FREE(fingerprint);
}
--
cgit v1.2.1

27
libssh-fix-kbdint.patch Normal file
View File

@ -0,0 +1,27 @@
From 4ea46eecce9f4e676150fe27fec34e1570b70ace Mon Sep 17 00:00:00 2001
From: Meng Tan <mtan@wallix.com>
Date: Wed, 17 Oct 2018 14:50:08 +0200
Subject: server: Set correct state after sending INFO_REQUEST (Kbd
Interactive)
Signed-off-by: Meng Tan <mtan@wallix.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/server.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/server.c b/src/server.c
index e14636ec..84cc4f7a 100644
--- a/src/server.c
+++ b/src/server.c
@@ -1039,6 +1039,7 @@ int ssh_message_auth_interactive_request(ssh_message msg, const char *name,
msg->session->kbdint->prompts = NULL;
msg->session->kbdint->echo = NULL;
}
+ msg->session->auth_state = SSH_AUTH_STATE_INFO;
return rc;
}
--
cgit v1.2.1

65
libssh.spec
View File

@ -1,15 +1,21 @@
%define _hardened_build 1
Name: libssh
Version: 0.6.5
Release: 2%{?dist}
Version: 0.7.1
Release: 0.7%{?dist}
Summary: A library implementing the SSH protocol
License: LGPLv2+
URL: http://www.libssh.org
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source0: https://red.libssh.org/attachments/download/121/libssh-0.6.5.tar.xz
Source0: https://red.libssh.org/attachments/download/154/libssh-0.7.1.tar.xz
Patch0: CVE-2016-0739-v0-6.patch
Patch1: libssh-CVE-2016-0739.patch
Patch2: libssh-0.7.1-fix_agent_bigendian.patch
Patch3: libssh-CVE-2018-10933.patch
Patch4: libssh-SHA256.patch
Patch5: libssh-fix-kbdint.patch
BuildRequires: cmake
BuildRequires: doxygen
@ -38,12 +44,16 @@ applications that use %{name}.
%prep
%setup -q
%patch0 -p1 -b .CVE-2016-0739-v0-6.patch
%patch1 -p1
%patch2 -p1 -b .libssh-0.7.2-fix_agent_bigendian.patch
%patch3 -p1 -b .libssh-CVE-2018-10933.patch
%patch4 -p1 -b .libssh-SHA256.patch
%patch5 -p1 -b .libssh-fix-kbdint.patch
# Remove examples, they are not packaged and do not build on EPEL 5
sed -i -e 's|add_subdirectory(examples)||g' CMakeLists.txt
rm -rf examples
sed -i -e 's| -pedantic-errors||g' cmake/Modules/DefineCompilerFlags.cmake
%build
if test ! -e "obj"; then
@ -53,7 +63,7 @@ pushd obj
%cmake \
%{_builddir}/%{name}-%{version}
make %{?_smp_mflags} VERBOSE=1
make %{?_smp_mflags} VERBOSE=1 CFLAGS="-no-pedantic-errors"
make doc
popd
@ -93,14 +103,43 @@ rm -rf %{buildroot}
%{_libdir}/libssh_threads.so
%changelog
* Thu Feb 25 2016 Andreas Schneider <asn@redhat.com> - 0.6.5-2
- resolves: #1311259 - Fix CVE-2016-0739
* Mon Apr 01 2019 Robert Scheck <robert@fedoraproject.org> - 0.7.1-0.7
- Add libssh 0.7.1-7 from RHEL/CentOS 7 to EPEL 7 (limited arch pkg)
* Thu Apr 30 2015 Andreas Schneider <asn@redhat.com> - 0.6.5-1
- resolves: #1213775 - Security fix for CVE-2015-3146
- resolves: #1218077 - Security fix for CVE-2015-3146
* Sun Oct 28 2018 Martin Pitt <mpitt@redhat.com> - 0.7.1-7
- resolves: #1637182 - Add SHA256 fingerprint support
- Fix regression with keyboard interactive authentication introduced in
previous update
* Fri Dec 19 2014 - Andreas Schneider <asn@redhat.com> - 0.6.4-1
* Tue Oct 09 2018 Andreas Schneider <asn@redhat.com> - 0.7.1-6
- resolves: #1637257 - Fix CVE-2018-10933
* Thu May 03 2018 - Lokesh Mandvekar <lsm5@redhat.com> - 0.7.1-5
- correct bogus date annoyance
* Thu May 03 2018 - Lokesh Mandvekar <lsm5@redhat.com> - 0.7.1-4
- Resolves: #1574670 - bump release tag to have build shipped to
client/workstation repos
* Wed Mar 22 2017 - Dominik Perpeet <dperpeet@redhat.com> - 0.7.1-3
- Fix agent auth on big endian machines
* Mon Feb 22 2016 - Stef Walter <stefw@redhat.com> - 0.7.1-2
- Security fix for CVE-2016-0739 rhbz#1305971
* Mon Jul 06 2015 - Stef Walter <stefw@redhat.com> - 0.7.1-1
- Updated to 0.7.1 release rhbz#1239085
* Wed Apr 22 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-4
- Updated patch for CVE-2015-3146
* Wed Apr 22 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-3
- Enable _hardened_build
* Tue Apr 21 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-2
- Security fix for CVE-2015-3145.
* Wed Apr 01 2015 - Stef Walter <stefw@redhat.com> - 0.6.4-1
- Security fix for CVE-2014-8132.
* Tue Mar 04 2014 - Andreas Schneider <asn@redhat.com> - 0.6.3-1

2
sources
View File

@ -1 +1 @@
fdf107011ae1847d86620b39ae37d4f3 libssh-0.6.5.tar.xz
SHA512 (libssh-0.7.1.tar.xz) = c7cea829e97c9f37c23b5d331e02ea5b8c8bea1a0b28fad62a273b252040a30ea9631b502ea165a1e041b6e23c3bf6746d49800875fa492d8f42c7d1e232ebb9