Hello community,
here is the log from the commit of package libssh2_org for openSUSE:Factory checked in at 2019-04-12 09:13:02
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libssh2_org (Old)
and /work/SRC/openSUSE:Factory/.libssh2_org.new.27019 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh2_org"
Fri Apr 12 09:13:02 2019 rev:38 rq:692646 version:1.8.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/libssh2_org/libssh2_org.changes 2019-03-24 14:55:56.903208736 +0100
+++ /work/SRC/openSUSE:Factory/.libssh2_org.new.27019/libssh2_org.changes 2019-04-12 09:13:06.385631691 +0200
@@ -1,0 +2,8 @@
+Tue Apr 9 09:10:26 UTC 2019 - Pedro Monreal Gonzalez
+
+- Version update to 1.8.2: [bsc#1130103]
+ Bug fixes:
+ * Fixed the misapplied userauth patch that broke 1.8.1
+ * moved the MAX size declarations from the public header
+
+-------------------------------------------------------------------
Old:
----
libssh2-1.8.1.tar.gz
libssh2-1.8.1.tar.gz.asc
New:
----
libssh2-1.8.2.tar.gz
libssh2-1.8.2.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libssh2_org.spec ++++++
--- /var/tmp/diff_new_pack.Zml8hk/_old 2019-04-12 09:13:07.145632018 +0200
+++ /var/tmp/diff_new_pack.Zml8hk/_new 2019-04-12 09:13:07.145632018 +0200
@@ -18,7 +18,7 @@
%define pkg_name libssh2
Name: libssh2_org
-Version: 1.8.1
+Version: 1.8.2
Release: 0
Summary: A library implementing the SSH2 protocol
License: BSD-3-Clause
++++++ libssh2-1.8.1.tar.gz -> libssh2-1.8.2.tar.gz ++++++
++++ 3684 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libssh2-1.8.1/NEWS new/libssh2-1.8.2/NEWS
--- old/libssh2-1.8.1/NEWS 2019-03-18 22:30:26.000000000 +0100
+++ new/libssh2-1.8.2/NEWS 2019-03-25 20:29:58.000000000 +0100
@@ -1,5 +1,20 @@
Changelog for the libssh2 project. Generated with git2news.pl
+Version 1.8.2 (25 Mar 2019)
+
+Daniel Stenberg (25 Mar 2019)
+- RELEASE-NOTES: version 1.8.2
+
+- [Will Cosgrove brought this change]
+
+ moved MAX size declarations #330
+
+- [Will Cosgrove brought this change]
+
+ Fixed misapplied patch (#327)
+
+ Fixes for user auth
+
Version 1.8.1 (14 Mar 2019)
Will Cosgrove (14 Mar 2019)
@@ -5521,12 +5536,3 @@
Reported by Steven Van Ingelgem
in http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2566.
-
-- Mention libssh2-style.el.
-
-- Use memmove instead of memcpy on overlapping memory areas.
-
- Reported by Bob Alexander in
- http://thread.gmane.org/gmane.network.ssh.libssh2.devel/2530.
-
-- Add.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libssh2-1.8.1/RELEASE-NOTES new/libssh2-1.8.2/RELEASE-NOTES
--- old/libssh2-1.8.1/RELEASE-NOTES 2019-03-18 22:03:35.000000000 +0100
+++ new/libssh2-1.8.2/RELEASE-NOTES 2019-03-25 20:28:55.000000000 +0100
@@ -1,29 +1,12 @@
-libssh2 1.8.1
+libssh2 1.8.2
This release includes the following bugfixes:
-
- o fixed possible integer overflow when reading a specially crafted packet
- (https://www.libssh2.org/CVE-2019-3855.html)
- o fixed possible integer overflow in userauth_keyboard_interactive with a
- number of extremely long prompt strings
- (https://www.libssh2.org/CVE-2019-3863.html)
- o fixed possible integer overflow if the server sent an extremely large number
- of keyboard prompts (https://www.libssh2.org/CVE-2019-3856.html)
- o fixed possible out of bounds read when processing a specially crafted packet
- (https://www.libssh2.org/CVE-2019-3861.html)
- o fixed possible integer overflow when receiving a specially crafted exit
- signal message channel packet (https://www.libssh2.org/CVE-2019-3857.html)
- o fixed possible out of bounds read when receiving a specially crafted exit
- status message channel packet (https://www.libssh2.org/CVE-2019-3862.html)
- o fixed possible zero byte allocation when reading a specially crafted SFTP
- packet (https://www.libssh2.org/CVE-2019-3858.html)
- o fixed possible out of bounds reads when processing specially crafted SFTP
- packets (https://www.libssh2.org/CVE-2019-3860.html)
- o fixed possible out of bounds reads in _libssh2_packet_require(v)
- (https://www.libssh2.org/CVE-2019-3859.html)
+
+ o Fixed the misapplied userauth patch that broke 1.8.1
+ o moved the MAX size declarations from the public header
This release would not have looked like this without help, code, reports and
advice from friends like these:
- Chris Coulson, Michael Buckley, Will Cosgrove, Daniel Stenberg
- (4 contributors)
+ Will Cosgrove
+ (1 contributors)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libssh2-1.8.1/include/libssh2.h new/libssh2-1.8.2/include/libssh2.h
--- old/libssh2-1.8.1/include/libssh2.h 2019-03-18 22:30:26.000000000 +0100
+++ new/libssh2-1.8.2/include/libssh2.h 2019-03-25 20:29:58.000000000 +0100
@@ -46,13 +46,13 @@
to make the BANNER define (used by src/session.c) be a valid SSH
banner. Release versions have no appended strings and may of course not
have dashes either. */
-#define LIBSSH2_VERSION "1.8.1"
+#define LIBSSH2_VERSION "1.8.2"
/* The numeric version number is also available "in parts" by using these
defines: */
#define LIBSSH2_VERSION_MAJOR 1
#define LIBSSH2_VERSION_MINOR 8
-#define LIBSSH2_VERSION_PATCH 1
+#define LIBSSH2_VERSION_PATCH 2
/* This is the numeric version of the libssh2 version number, meant for easier
parsing and comparions by programs. The LIBSSH2_VERSION_NUM define will
@@ -69,7 +69,7 @@
and it is always a greater number in a more recent release. It makes
comparisons with greater than and less than work.
*/
-#define LIBSSH2_VERSION_NUM 0x010801
+#define LIBSSH2_VERSION_NUM 0x010802
/*
* This is the date and time when the full source package was created. The
@@ -80,7 +80,7 @@
*
* "Mon Feb 12 11:35:33 UTC 2007"
*/
-#define LIBSSH2_TIMESTAMP "Mon Mar 18 21:30:25 UTC 2019"
+#define LIBSSH2_TIMESTAMP "Mon Mar 25 19:29:57 UTC 2019"
#ifndef RC_INVOKED
@@ -145,18 +145,6 @@
#define LIBSSH2_INVALID_SOCKET -1
#endif /* WIN32 */
-#ifndef SIZE_MAX
-#if _WIN64
-#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
-#else
-#define SIZE_MAX 0xFFFFFFFF
-#endif
-#endif
-
-#ifndef UINT_MAX
-#define UINT_MAX 0xFFFFFFFF
-#endif
-
/*
* Determine whether there is small or large file support on windows.
*/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libssh2-1.8.1/src/libssh2_priv.h new/libssh2-1.8.2/src/libssh2_priv.h
--- old/libssh2-1.8.1/src/libssh2_priv.h 2019-03-18 22:30:01.000000000 +0100
+++ new/libssh2-1.8.2/src/libssh2_priv.h 2019-03-25 20:26:48.000000000 +0100
@@ -146,6 +146,18 @@
#endif
+#ifndef SIZE_MAX
+#if _WIN64
+#define SIZE_MAX 0xFFFFFFFFFFFFFFFF
+#else
+#define SIZE_MAX 0xFFFFFFFF
+#endif
+#endif
+
+#ifndef UINT_MAX
+#define UINT_MAX 0xFFFFFFFF
+#endif
+
/* RFC4253 section 6.1 Maximum Packet Length says:
*
* "All implementations MUST be able to process packets with
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libssh2-1.8.1/src/userauth.c new/libssh2-1.8.2/src/userauth.c
--- old/libssh2-1.8.1/src/userauth.c 2019-03-18 22:30:01.000000000 +0100
+++ new/libssh2-1.8.2/src/userauth.c 2019-03-25 20:26:48.000000000 +0100
@@ -107,7 +107,7 @@
LIBSSH2_FREE(session, session->userauth_list_data);
session->userauth_list_data = NULL;
- if (rc || (session->userauth_list_data_len < 1)) {
+ if (rc) {
_libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND,
"Unable to send userauth-none request");
session->userauth_list_state = libssh2_NB_state_idle;
@@ -127,7 +127,7 @@
_libssh2_error(session, LIBSSH2_ERROR_EAGAIN,
"Would block requesting userauth list");
return NULL;
- } else if (rc) {
+ } else if (rc || (session->userauth_list_data_len < 1)) {
_libssh2_error(session, rc, "Failed getting response");
session->userauth_list_state = libssh2_NB_state_idle;
return NULL;
@@ -1172,7 +1172,7 @@
NULL, 0);
if (rc == LIBSSH2_ERROR_EAGAIN)
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
- else if (rc || (session->userauth_pblc_data_len < 1)) {
+ else if (rc) {
LIBSSH2_FREE(session, session->userauth_pblc_packet);
session->userauth_pblc_packet = NULL;
LIBSSH2_FREE(session, session->userauth_pblc_method);
@@ -1195,7 +1195,7 @@
if (rc == LIBSSH2_ERROR_EAGAIN) {
return _libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block");
}
- else if (rc) {
+ else if (rc || (session->userauth_pblc_data_len < 1)) {
LIBSSH2_FREE(session, session->userauth_pblc_packet);
session->userauth_pblc_packet = NULL;
LIBSSH2_FREE(session, session->userauth_pblc_method);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libssh2-1.8.1/test-driver new/libssh2-1.8.2/test-driver
--- old/libssh2-1.8.1/test-driver 2013-09-17 23:36:24.000000000 +0200
+++ new/libssh2-1.8.2/test-driver 2019-03-21 10:27:09.000000000 +0100
@@ -1,9 +1,9 @@
#! /bin/sh
# test-driver - basic testsuite driver script.
-scriptversion=2012-06-27.10; # UTC
+scriptversion=2018-03-07.03; # UTC
-# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+# Copyright (C) 2011-2018 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -16,7 +16,7 @@
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
-# along with this program. If not, see http://www.gnu.org/licenses/.
+# along with this program. If not, see https://www.gnu.org/licenses/.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@@ -44,13 +44,12 @@
Usage:
test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
[--expect-failure={yes|no}] [--color-tests={yes|no}]
- [--enable-hard-errors={yes|no}] [--] TEST-SCRIPT
+ [--enable-hard-errors={yes|no}] [--]
+ TEST-SCRIPT [TEST-SCRIPT-ARGUMENTS]
The '--test-name', '--log-file' and '--trs-file' options are mandatory.
END
}
-# TODO: better error handling in option parsing (in particular, ensure
-# TODO: $log_file, $trs_file and $test_name are defined).
test_name= # Used for reporting.
log_file= # Where to save the output of the test script.
trs_file= # Where to save the metadata of the test run.
@@ -69,10 +68,23 @@
--enable-hard-errors) enable_hard_errors=$2; shift;;
--) shift; break;;
-*) usage_error "invalid option: '$1'";;
+ *) break;;
esac
shift
done
+missing_opts=
+test x"$test_name" = x && missing_opts="$missing_opts --test-name"
+test x"$log_file" = x && missing_opts="$missing_opts --log-file"
+test x"$trs_file" = x && missing_opts="$missing_opts --trs-file"
+if test x"$missing_opts" != x; then
+ usage_error "the following mandatory options are missing:$missing_opts"
+fi
+
+if test $# -eq 0; then
+ usage_error "missing argument"
+fi
+
if test $color_tests = yes; then
# Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
red='[0;31m' # Red.
@@ -94,11 +106,14 @@
# Test script is run here.
"$@" >$log_file 2>&1
estatus=$?
+
if test $enable_hard_errors = no && test $estatus -eq 99; then
- estatus=1
+ tweaked_estatus=1
+else
+ tweaked_estatus=$estatus
fi
-case $estatus:$expect_failure in
+case $tweaked_estatus:$expect_failure in
0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
0:*) col=$grn res=PASS recheck=no gcopy=no;;
77:*) col=$blu res=SKIP recheck=no gcopy=yes;;
@@ -107,6 +122,12 @@
*:*) col=$red res=FAIL recheck=yes gcopy=yes;;
esac
+# Report the test outcome and exit status in the logs, so that one can
+# know whether the test passed or failed simply by looking at the '.log'
+# file, without the need of also peaking into the corresponding '.trs'
+# file (automake bug#11814).
+echo "$res $test_name (exit status: $estatus)" >>$log_file
+
# Report outcome to console.
echo "${col}${res}${std}: $test_name"
@@ -119,9 +140,9 @@
# Local Variables:
# mode: shell-script
# sh-indentation: 2
-# eval: (add-hook 'write-file-hooks 'time-stamp)
+# eval: (add-hook 'before-save-hook 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
-# time-stamp-time-zone: "UTC"
+# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End: