commit dropbear for openSUSE:Factory
Hello community,
here is the log from the commit of package dropbear for openSUSE:Factory checked in at 2016-03-16 10:36:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dropbear (Old)
and /work/SRC/openSUSE:Factory/.dropbear.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dropbear"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dropbear/dropbear.changes 2015-12-06 07:44:04.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.dropbear.new/dropbear.changes 2016-03-16 10:36:20.000000000 +0100
@@ -1,0 +2,8 @@
+Fri Mar 11 16:00:23 UTC 2016 - thardeck@suse.com
+
+- updated to upstream version 2016.72
+ * Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
+ found by github.com/tintinweb. Thanks for Damien Miller for a patch.
+- used as bug fix release for bnc#970633 - VUL-0: CVE-2016-3116
+
+-------------------------------------------------------------------
Old:
----
dropbear-2015.71.tar.bz2
dropbear-2015.71.tar.bz2.asc
New:
----
dropbear-2016.72.tar.bz2
dropbear-2016.72.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dropbear.spec ++++++
--- /var/tmp/diff_new_pack.1CF1SH/_old 2016-03-16 10:36:21.000000000 +0100
+++ /var/tmp/diff_new_pack.1CF1SH/_new 2016-03-16 10:36:21.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package dropbear
#
-# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,7 +21,7 @@
%endif
Name: dropbear
-Version: 2015.71
+Version: 2016.72
Release: 0
Summary: A relatively small SSH 2 server and client
License: MIT
++++++ dropbear-2015.71.tar.bz2 -> dropbear-2016.72.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2015.71/.hg_archival.txt new/dropbear-2016.72/.hg_archival.txt
--- old/dropbear-2015.71/.hg_archival.txt 2015-12-03 14:23:59.000000000 +0100
+++ new/dropbear-2016.72/.hg_archival.txt 2016-03-09 15:54:53.000000000 +0100
@@ -1,6 +1,6 @@
repo: d7da3b1e15401eb234ec866d5eac992fc4cd5878
-node: 9a944a243f08be6b22d32f166a0690eb4872462b
+node: 78b12b6549be08b0bea3da329b2578060a76ca31
branch: default
-latesttag: DROPBEAR_2015.70
-latesttagdistance: 10
-changessincelatesttag: 11
+latesttag: DROPBEAR_2015.71
+latesttagdistance: 3
+changessincelatesttag: 3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2015.71/CHANGES new/dropbear-2016.72/CHANGES
--- old/dropbear-2015.71/CHANGES 2015-12-03 14:23:59.000000000 +0100
+++ new/dropbear-2016.72/CHANGES 2016-03-09 15:54:53.000000000 +0100
@@ -1,3 +1,8 @@
+2016.72 - 9 March 2016
+
+- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
+ found by github.com/tintinweb. Thanks for Damien Miller for a patch.
+
2015.71 - 3 December 2015
- Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2015.71/debian/changelog new/dropbear-2016.72/debian/changelog
--- old/dropbear-2015.71/debian/changelog 2015-12-03 14:23:59.000000000 +0100
+++ new/dropbear-2016.72/debian/changelog 2016-03-09 15:54:53.000000000 +0100
@@ -1,8 +1,8 @@
-dropbear (2015.71-0.1) unstable; urgency=low
+dropbear (2016.72-0.1) unstable; urgency=low
* New upstream release.
- -- Matt Johnston
participants (1)
-
root@hilbert.suse.de