Hello community, here is the log from the commit of package libssh.1119 for openSUSE:12.2:Update checked in at 2012-12-07 10:49:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/libssh.1119 (Old) and /work/SRC/openSUSE:12.2:Update/.libssh.1119.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libssh.1119", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2012-11-30 12:21:47.308011256 +0100 +++ /work/SRC/openSUSE:12.2:Update/.libssh.1119.new/libssh.changes 2012-12-07 10:49:38.000000000 +0100 @@ -0,0 +1,354 @@ +------------------------------------------------------------------- +Tue Nov 20 15:36:29 UTC 2012 - jmcdonough@suse.com + +- Fix multiple vulernabilities (bnc#789827): + * CVE-2012-4559 – Fix multiple double free() flaws + 0007-CVE-2012-4559-Ensure-we-don-t-free-blob-or-request-t.patch + 0008-CVE-2012-4559-Ensure-that-we-don-t-free-req-twice.patch + 0009-CVE-2012-4559-Make-sure-we-don-t-free-name-and-longn.patch + * CVE-2012-4560 – Fix multiple buffer overflow flaws + 0005-CVE-2012-4560-Fix-a-write-one-past-the-end-of-the-u-.patch + 0006-CVE-2012-4560-Fix-a-write-one-past-the-end-of-buf.patch + * CVE-2012-4561 – Fix multiple invalid free() flaws + 0010-CVE-2012-4561-Fix-error-handling-of-try_publickey_fr.patch + 0011-CVE-2012-4561-Fix-possible-free-s-on-invalid-pointer.patch + * CVE-2012-4562 – Fix multiple improper overflow checks + 0001-CVE-2012-4562-Fix-possible-integer-overflow-in-ssh_g.patch + 0002-CVE-2012-4562-Fix-multiple-integer-overflows-in-buff.patch + 0003-CVE-2012-4562-Fix-a-possible-infinite-loop-in-buffer.patch + 0004-CVE-2012-4562-Fix-possible-string-related-integer-ov.patch + +------------------------------------------------------------------- +Tue Feb 7 13:34:00 UTC 2012 - jengelh@medozas.de + +- Ensure pkgconfig symbols are provided + +------------------------------------------------------------------- +Tue Jan 31 10:36:26 UTC 2012 - jengelh@medozas.de + +- Remove redundant tags/sections per specfile guideline suggestions +- Parallel building using %_smp_mflags +- Make pkgconfig provides available +- Add patch to work around compilation problems on SLES11SP1 + +------------------------------------------------------------------- +Sat Sep 17 07:00:53 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.2 + * Increased window size x10. + * Fixed SSHv1. + * Fixed bugged lists. + * Fixed use-after-free + inconsistent callbacks call in poll. + * Fixed scp documentation. + * Fixed possible infinite loop in channel_read(). + * Fixed handling of short reads of sftp_async_read(). + * Fixed handling request service timeout in blocking mode. + * Fixed ssh_auth_list() documentation. + * Fixed incorrect return values in ssh_channel_write(). + * Fixed an infinite loop in the termination callback. + * Fixed handling of SSH_AGAIN in channel_open(). + * Fixed "status -5 inflating zlib packet" + +------------------------------------------------------------------- +Tue Sep 6 03:36:48 UTC 2011 - crrodriguez@opensuse.org + +- Build with OPENSSL_LOAD_CONF so we respect user's choice + of which "openssl engine" to use for crypto (aes-ni,intel-accel) + +------------------------------------------------------------------- +Tue Aug 9 15:12:39 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.1 + * Added checks for NULL pointers in string.c. + * Set the channel max packet size to 32768. + * Don't (de)compress empty buffers. + * Fixed ssh_scp_write so it works when doing recursive copy. + * Fixed another source of endless wait. + * Fixed an endless loop in case of a channel_open error. + * Fixed session timeout handling. + * Fixed ssh_channel_from_local() loop. + * Fixed permissions of scp example when we copy a file. + * Workaround ssh_get_user_home_dir on LDAP users. + * Added pkg-config support for libssh_threads. + * Fixed compilation without server and sftp modes. + * Fix static .lib overwriting on Windows. + +------------------------------------------------------------------- +Tue May 31 14:32:09 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.5.0 + * Added ssh_ prefix to all functions. + * Added complete Windows support. + * Added improved server support. + * Added unit tests for a lot of functions. + * Added asynchronous service request. + * Added a multiplatform ssh_getpass() function. + * Added a tutorial. + * Added a lot of documentation. + * Fixed a lot of bugs. + * Fixed several memory leaks. + +------------------------------------------------------------------- +Sat Jan 15 08:58:45 UTC 2011 - asn@cryptomilk.org + +- Update to version 0.4.8 + * Fixed memory leaks in session signing. + * Fixed memory leak in ssh_print_hexa. + * Fixed problem with ssh_connect w/ timeout and fd > 1024. + * Fixed some warnings on OS/2. + * Fixed installation path for OS/2. + +------------------------------------------------------------------- +Mon Dec 27 20:12:23 CET 2010 - asn@cynapses.org + +- Update to version 0.4.7 + * Fixed a possible memory leak in ssh_get_user_home(). + * Fixed a memory leak in sftp_xstat. + * Fixed uninitialized fd->revents member. + * Fixed timout value in ssh_channel_accept(). + * Fixed length checks in ssh_analyze_banner(). + * Fixed a possible data overread and crash bug. + * Fixed setting max_fd which breaks ssh_select(). + * Fixed some pedantic build warnings. + * Fixed a memory leak with session->bindaddr. + +------------------------------------------------------------------- +Sun Sep 5 19:30:28 CEST 2010 - asn@cynapses.org + +- Update to version 0.4.6 + * Added a cleanup function to free the ws2_32 library. + * Fixed build with gcc 3.4. + * Fixed the Windows build on Vista and newer. + * Fixed the usage of WSAPoll() on Windows. + * Fixed "@deprecated" in doxygen + * Fixed some mingw warnings. + * Fixed handling of opened channels. + * Fixed keepalive problem on older openssh servers. + * Fixed testing for big endian on Windows. + * Fixed the Windows preprocessor macros and defines. + +------------------------------------------------------------------- +Tue Jul 13 10:27:13 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.5 + * Added option to bind a client to an ip address. + * Fixed the ssh socket polling function. + * Fixed Windows related bugs in bsd_poll(). + * Fixed serveral build warnings. + +------------------------------------------------------------------- +Mon May 31 14:13:55 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.4 + * Fixed some bugs ein path expand functions. + +------------------------------------------------------------------- +Mon May 17 23:50:11 CEST 2010 - anschneider@exsuse.de + +- Update to version 0.4.3 + * Added global/keepalive responses. + * Added runtime detection of WSAPoll(). + * Added a select(2) based poll-emulation if poll(2) is not available. + * Added a function to expand an escaped string. + * Added a function to expand the tilde from a path. + * Added a proxycommand support. + * Added ssh_privatekey_type public function + * Added the possibility to define _OPENSSL_DIR and _ZLIB_DIR. + * Fixed sftp_chown. + * Fixed sftp_rename on protocol version 3. + * Fixed a blocking bug in channel_poll. + * Fixed config parsing wich has overwritten user specified values. + * Fixed hashed [host]:port format in knownhosts + * Fixed Windows build. + * Fixed doublefree happening after a negociation error. + * Fixed aes*-ctr with <= OpenSSL 0.9.7b. + * Fixed some documentation. + * Fixed exec example which has broken read usage. + * Fixed broken algorithm choice for server. + * Fixed a typo that we don't export all symbols. + * Removed the unneeded dependency to doxygen. + * Build examples only on the Linux plattform. + +------------------------------------------------------------------- +Mon Mar 15 19:40:44 CET 2010 - anschneider@exsuse.de + +- Update to version 0.4.2 + * Added owner and group information in sftp attributes. + * Added missing SSH_OPTIONS_FD option. + * Added printout of owner and group in the sftp example. + * Added a prepend function for ssh_list. + * Added send back replies to openssh's keepalives. + * Fixed documentation in scp code + * Fixed longname parsing, this only workings with readdir. + * Fixed and added support for several identity files. + * Fixed sftp_parse_longname() on Windows. + * Fixed a race condition bug in ssh_scp_close() + * Remove config support for SSHv1 Cipher variable. + * Rename ssh_list_add to ssh_list_append. + * Rename ssh_list_get_head to ssh_list_pop_head + +------------------------------------------------------------------- +Mon Feb 15 12:41:47 CET 2010 - anschneider@exsuse.de + +- Fixed Requires. + +------------------------------------------------------------------- +Sat Feb 13 15:29:14 CET 2010 - anschneider@exsuse.de + ++++ 157 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.libssh.1119.new/libssh.changes New: ---- 0001-CVE-2012-4562-Fix-possible-integer-overflow-in-ssh_g.patch 0002-CVE-2012-4562-Fix-multiple-integer-overflows-in-buff.patch 0003-CVE-2012-4562-Fix-a-possible-infinite-loop-in-buffer.patch 0004-CVE-2012-4562-Fix-possible-string-related-integer-ov.patch 0005-CVE-2012-4560-Fix-a-write-one-past-the-end-of-the-u-.patch 0006-CVE-2012-4560-Fix-a-write-one-past-the-end-of-buf.patch 0007-CVE-2012-4559-Ensure-we-don-t-free-blob-or-request-t.patch 0008-CVE-2012-4559-Ensure-that-we-don-t-free-req-twice.patch 0009-CVE-2012-4559-Make-sure-we-don-t-free-name-and-longn.patch 0010-CVE-2012-4561-Fix-error-handling-of-try_publickey_fr.patch 0011-CVE-2012-4561-Fix-possible-free-s-on-invalid-pointer.patch libssh-0.5.2.tar.bz2 libssh.changes libssh.spec remove-pedantic-errors.diff ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libssh.spec ++++++ # # spec file for package libssh # # Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Url: http://www.libssh.org Name: libssh BuildRequires: cmake BuildRequires: doxygen BuildRequires: gcc-c++ BuildRequires: openssl-devel BuildRequires: pkgconfig Version: 0.5.2 Release: 0 Summary: SSH library License: LGPL-2.1+ Group: System/Libraries Source0: %{name}-%{version}.tar.bz2 Patch1: remove-pedantic-errors.diff Patch2: 0001-CVE-2012-4562-Fix-possible-integer-overflow-in-ssh_g.patch Patch3: 0002-CVE-2012-4562-Fix-multiple-integer-overflows-in-buff.patch Patch4: 0003-CVE-2012-4562-Fix-a-possible-infinite-loop-in-buffer.patch Patch5: 0004-CVE-2012-4562-Fix-possible-string-related-integer-ov.patch Patch6: 0005-CVE-2012-4560-Fix-a-write-one-past-the-end-of-the-u-.patch Patch7: 0006-CVE-2012-4560-Fix-a-write-one-past-the-end-of-buf.patch Patch8: 0007-CVE-2012-4559-Ensure-we-don-t-free-blob-or-request-t.patch Patch9: 0008-CVE-2012-4559-Ensure-that-we-don-t-free-req-twice.patch Patch10: 0009-CVE-2012-4559-Make-sure-we-don-t-free-name-and-longn.patch Patch11: 0010-CVE-2012-4561-Fix-error-handling-of-try_publickey_fr.patch Patch12: 0011-CVE-2012-4561-Fix-possible-free-s-on-invalid-pointer.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl). This package provides libssh from http://www.libssh.org that should not be confused with libssh2 available from http://www.libssh2.org (libssh2 package) %package -n libssh4 Summary: SSH library Group: System/Libraries %description -n libssh4 The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl). This package provides libssh from http://www.libssh.org that should not be confused with libssh2 available from http://www.libssh2.org (libssh2 package) %package devel Summary: SSH library development headers Group: Development/Libraries/C and C++ Requires: libssh4 = %{version} %description devel Development headers for the SSH library. %package devel-doc Summary: SSH library api documentation Group: Development/Languages/C and C++ %description devel-doc Documentation for libssh development. %prep %setup -q %if "%{?sles_version}" == "11" %patch -P 1 -p1 %endif %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %build if test ! -e "build"; then mkdir build fi pushd build cmake \ -DCMAKE_C_FLAGS:STRING="%{optflags} -DOPENSSL_LOAD_CONF" \ -DCMAKE_BUILD_TYPE=RelWithDebInfo \ -DCMAKE_SKIP_RPATH=ON \ -DCMAKE_INSTALL_PREFIX=%{_prefix} \ %if %{_lib} == lib64 -DLIB_SUFFIX=64 \ %endif %{_builddir}/%{name}-%{version} make %{?_smp_mflags} VERBOSE=1 %__make doc popd build %install pushd build %if 0%{?suse_version} %makeinstall %else %__make DESTDIR=%{buildroot} install %endif popd build %post -n libssh4 -p /sbin/ldconfig %postun -n libssh4 -p /sbin/ldconfig %files -n libssh4 %defattr(-,root,root) %doc AUTHORS README ChangeLog %{_libdir}/libssh.so.* %{_libdir}/libssh_threads.so.* %files devel %defattr(-,root,root) %{_includedir}/libssh %{_libdir}/libssh.so %{_libdir}/libssh_threads.so %{_libdir}/pkgconfig/libssh.pc %{_libdir}/pkgconfig/libssh_threads.pc %files devel-doc %defattr(-,root,root) %doc build/doc/html %changelog ++++++ 0001-CVE-2012-4562-Fix-possible-integer-overflow-in-ssh_g.patch ++++++
From 8489521c0d7a9d1336b23a4a64e5df2d0f3ba57a Mon Sep 17 00:00:00 2001 From: Xi Wang
Date: Fri, 25 Nov 2011 23:02:06 -0500 Subject: [PATCH 01/13] CVE-2012-4562: Fix possible integer overflow in ssh_get_hexa().
No exploit known, but it is better to check the string length.
Signed-off-by: Andreas Schneider
From db81310d719878cc04b23e4033fbe19fa0b1f8a3 Mon Sep 17 00:00:00 2001 From: Xi Wang
Date: Mon, 28 Nov 2011 04:42:54 -0500 Subject: [PATCH 02/13] CVE-2012-4562: Fix multiple integer overflows in buffer-related functions.
Signed-off-by: Andreas Schneider
From 1699adfa036ffc66c62fdbb784610445cbebfc6e Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 12 Oct 2012 11:35:20 +0200 Subject: [PATCH 03/13] CVE-2012-4562: Fix a possible infinite loop in buffer_reinit().
If needed is bigger than the highest power of two or a which fits in an
integer we will loop forever.
Signed-off-by: Andreas Schneider
From e3d9501b31a11b427afe1cc1cba5208adc2c3c39 Mon Sep 17 00:00:00 2001 From: Xi Wang
Date: Fri, 25 Nov 2011 23:02:57 -0500 Subject: [PATCH 04/13] CVE-2012-4562: Fix possible string related integer overflows.
Signed-off-by: Andreas Schneider
From 64fca8a7ed83c3315781a77aac1ea36d52ff0c7e Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 5 Oct 2012 11:37:09 +0200 Subject: [PATCH 05/13] CVE-2012-4560: Fix a write one past the end of the 'u' buffer.
Signed-off-by: Andreas Schneider
From b485463197cd220aa654e7fc34a18d68af37e6e7 Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 5 Oct 2012 11:39:47 +0200 Subject: [PATCH 06/13] CVE-2012-4560: Fix a write one past the end of 'buf'.
Signed-off-by: Andreas Schneider
From 1471f2c67a23602898e783c97b65aea9cc6356a4 Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 5 Oct 2012 14:33:29 +0200 Subject: [PATCH 07/13] CVE-2012-4559: Ensure we don't free blob or request twice.
Signed-off-by: Andreas Schneider
From 6236001ff4f9017c9f842d6548baba9760c95f5c Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 5 Oct 2012 14:39:51 +0200 Subject: [PATCH 08/13] CVE-2012-4559: Ensure that we don't free req twice.
Signed-off-by: Andreas Schneider
From 46b2eb3c147a29478809f1ab95e924e1bb7e3768 Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 5 Oct 2012 14:46:36 +0200 Subject: [PATCH 09/13] CVE-2012-4559: Make sure we don't free name and longname twice on error.
From 455da60846d68c508f7fed5b381097b364647425 Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 5 Oct 2012 14:56:56 +0200 Subject: [PATCH 10/13] CVE-2012-4561: Fix error handling of
From d63f19c3000f8bc699ba99814bec9d7ddf6a5b20 Mon Sep 17 00:00:00 2001 From: Andreas Schneider
Date: Fri, 5 Oct 2012 15:07:17 +0200 Subject: [PATCH 11/13] CVE-2012-4561: Fix possible free's on invalid
Signed-off-by: Andreas Schneider