Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libssh2_org for openSUSE:Factory
checked in at 2024-11-14 16:07:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libssh2_org (Old)
and /work/SRC/openSUSE:Factory/.libssh2_org.new.2017 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh2_org"
Thu Nov 14 16:07:28 2024 rev:46 rq:1223874 version:1.11.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/libssh2_org/libssh2_org.changes 2024-04-03
17:18:42.881735109 +0200
+++ /work/SRC/openSUSE:Factory/.libssh2_org.new.2017/libssh2_org.changes
2024-11-14 16:07:44.588407574 +0100
@@ -1,0 +2,55 @@
+Tue Oct 22 07:29:06 UTC 2024 - Pedro Monreal <pmonr...@suse.com>
+
+- Update to 1.11.1:
+ * build: enable '-pedantic-errors'
+ * build: add 'LIBSSH2_NO_DEPRECATED' option
+ * build: stop requiring libssl from openssl
+ * disable DSA by default
+ * hostkey: do not advertise ssh-rsa when SHA1 is disabled
+ * kex: prevent possible double free of hostkey
+ * kex: always check for null pointers before calling _libssh2_bn_set_word
+ * kex: fix a memory leak in key exchange
+ * kex: always add extension indicators to kex_algorithms
+ * md5: allow disabling old-style encrypted private keys at build-time
+ * openssl: free allocated resources when using openssl3
+ * openssl: fix memory leaks in '_libssh2_ecdsa_curve_name_with_octal_new'
+ and '_libssh2_ecdsa_verify'
+ * openssl: fix calculating DSA public key with OpenSSL 3
+ * openssl: initialize BIGNUMs to NULL in 'gen_publickey_from_dsa' for
OpenSSL 3
+ * openssl: fix cppcheck found NULL dereferences
+ * openssl: delete internal 'read_openssh_private_key_from_memory()'
+ * openssl: use OpenSSL 3 HMAC API, add 'no-deprecated' CI job
+ * openssl: make a function static, add '#ifdef' comments
+ * openssl: fix DSA code to use OpenSSL 3 API
+ * openssl: fix 'EC_KEY' reference with OpenSSL 3 'no-deprecated' build
+ * openssl: use non-deprecated APIs with OpenSSL 3.x
+ * openssl: silence '-Wunused-value' warnings
+ * openssl: add missing check for 'LIBRESSL_VERSION_NUMBER' before use
+ * packet: properly bounds check packet_authagent_open()
+ * pem: fix private keys encrypted with AES-GCM methods
+ * reuse: provide SPDX identifiers
+ * scp: fix missing cast for targets without large file support
+ * session: support server banners up to 8192 bytes
+ * session: add 'libssh2_session_callback_set2()'
+ * session: handle EINTR from send/recv/poll/select to try again as the error
is not fatal
+ * sftp: increase SFTP_HANDLE_MAXLEN back to 4092
+ * sftp: implement posix-ren...@openssh.com
+ * src: implement chacha20-poly1...@openssh.com
+ * src: check the return value from '_libssh2_bn_*()' functions
+ * src: support RSA-SHA2 cert-based authentication (rsa-sha2-512_cert and
rsa-sha2-256_cert)
+ * src: check hash update/final success
+ * src: check hash init success
+ * src: add 'strict KEX' to fix CVE-2023-48795 "Terrapin Attack"
+ * transport: fix unstable connections over non-blocking sockets
+ * transport: check ETM on remote end when receiving
+ * transport: fix incorrect byte offset in debug message
+ * userauth: avoid oob with huge interactive kbd response
+ * userauth: add a new structure to separate memory read and file read
+ * userauth: check whether '*key_method' is a NULL pointer instead of
'key_method'
+ * Rebase libssh2-ocloexec.patch
+ * Remove patches fixed upstream:
+ - libssh2_org-CVE-2023-48795.patch
+ - libssh2_org-CVE-2023-48795-ext.patch
+ - libssh2_org-ETM-remote.patch
+
+-------------------------------------------------------------------
Old:
----
libssh2-1.11.0.tar.xz
libssh2-1.11.0.tar.xz.asc
libssh2_org-CVE-2023-48795-ext.patch
libssh2_org-CVE-2023-48795.patch
libssh2_org-ETM-remote.patch
New:
----
libssh2-1.11.1.tar.xz
libssh2-1.11.1.tar.xz.asc
BETA DEBUG BEGIN:
Old: - libssh2_org-CVE-2023-48795.patch
- libssh2_org-CVE-2023-48795-ext.patch
- libssh2_org-ETM-remote.patch
Old: * Remove patches fixed upstream:
- libssh2_org-CVE-2023-48795.patch
- libssh2_org-CVE-2023-48795-ext.patch
Old: - libssh2_org-CVE-2023-48795-ext.patch
- libssh2_org-ETM-remote.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libssh2_org.spec ++++++
--- /var/tmp/diff_new_pack.F6tW1F/_old 2024-11-14 16:07:45.312437432 +0100
+++ /var/tmp/diff_new_pack.F6tW1F/_new 2024-11-14 16:07:45.316437597 +0100
@@ -18,7 +18,7 @@
%define pkg_name libssh2
Name: libssh2_org
-Version: 1.11.0
+Version: 1.11.1
Release: 0
Summary: A library implementing the SSH2 protocol
License: BSD-3-Clause
@@ -29,12 +29,6 @@
Source2: baselibs.conf
Source3: libssh2_org.keyring
Patch0: libssh2-ocloexec.patch
-# PATCH-FIX-UPSTREAM bsc#1218127 CVE-2023-48795: Add 'strict KEX' to fix
Terrapin Attack
-Patch1: libssh2_org-CVE-2023-48795.patch
-# PATCH-FIX-SUSE bsc#1218971 Always add extension indicators to kex_algorithms
-Patch2: libssh2_org-CVE-2023-48795-ext.patch
-# PATCH-FIX-UPSTREAM bsc#1221622 Test ETM feature in remote end's config when
receiving data
-Patch3: libssh2_org-ETM-remote.patch
BuildRequires: libtool
BuildRequires: openssl-devel
BuildRequires: pkgconfig
++++++ libssh2-1.11.0.tar.xz -> libssh2-1.11.1.tar.xz ++++++
++++ 48077 lines of diff (skipped)
++++++ libssh2-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.F6tW1F/_old 2024-11-14 16:07:45.600449309 +0100
+++ /var/tmp/diff_new_pack.F6tW1F/_new 2024-11-14 16:07:45.604449474 +0100
@@ -9,11 +9,11 @@
src/userauth.c | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
-Index: libssh2-1.11.0/src/agent.c
+Index: libssh2-1.11.1/src/agent.c
===================================================================
---- libssh2-1.11.0.orig/src/agent.c
-+++ libssh2-1.11.0/src/agent.c
-@@ -177,7 +177,7 @@ agent_connect_unix(LIBSSH2_AGENT *agent)
+--- libssh2-1.11.1.orig/src/agent.c
++++ libssh2-1.11.1/src/agent.c
+@@ -183,7 +183,7 @@ agent_connect_unix(LIBSSH2_AGENT *agent)
"no auth sock variable");
}
@@ -22,11 +22,11 @@
if(agent->fd < 0)
return _libssh2_error(agent->session, LIBSSH2_ERROR_BAD_SOCKET,
"failed creating socket");
-Index: libssh2-1.11.0/src/knownhost.c
+Index: libssh2-1.11.1/src/knownhost.c
===================================================================
---- libssh2-1.11.0.orig/src/knownhost.c
-+++ libssh2-1.11.0/src/knownhost.c
-@@ -962,7 +962,7 @@ libssh2_knownhost_readfile(LIBSSH2_KNOWN
+--- libssh2-1.11.1.orig/src/knownhost.c
++++ libssh2-1.11.1/src/knownhost.c
+@@ -970,7 +970,7 @@ libssh2_knownhost_readfile(LIBSSH2_KNOWN
"Unsupported type of known-host information "
"store");
@@ -35,7 +35,7 @@
if(file) {
while(fgets(buf, sizeof(buf), file)) {
if(libssh2_knownhost_readline(hosts, buf, strlen(buf), type)) {
-@@ -1203,7 +1203,7 @@ libssh2_knownhost_writefile(LIBSSH2_KNOW
+@@ -1213,7 +1213,7 @@ libssh2_knownhost_writefile(LIBSSH2_KNOW
"Unsupported type of known-host information "
"store");
@@ -44,11 +44,11 @@
if(!file)
return _libssh2_error(hosts->session, LIBSSH2_ERROR_FILE,
"Failed to open file");
-Index: libssh2-1.11.0/src/userauth.c
+Index: libssh2-1.11.1/src/userauth.c
===================================================================
---- libssh2-1.11.0.orig/src/userauth.c
-+++ libssh2-1.11.0/src/userauth.c
-@@ -654,7 +654,7 @@ file_read_publickey(LIBSSH2_SESSION * se
+--- libssh2-1.11.1.orig/src/userauth.c
++++ libssh2-1.11.1/src/userauth.c
+@@ -658,7 +658,7 @@ file_read_publickey(LIBSSH2_SESSION * se
_libssh2_debug((session, LIBSSH2_TRACE_AUTH, "Loading public key file:
%s",
pubkeyfile));
/* Read Public Key */
@@ -57,11 +57,11 @@
if(!fd) {
return _libssh2_error(session, LIBSSH2_ERROR_FILE,
"Unable to open public key file");
-Index: libssh2-1.11.0/src/libssh2_priv.h
+Index: libssh2-1.11.1/src/libssh2_priv.h
===================================================================
---- libssh2-1.11.0.orig/src/libssh2_priv.h
-+++ libssh2-1.11.0/src/libssh2_priv.h
-@@ -1218,6 +1218,8 @@ size_t plain_method(char *method, size_t
+--- libssh2-1.11.1.orig/src/libssh2_priv.h
++++ libssh2-1.11.1/src/libssh2_priv.h
+@@ -1278,6 +1278,8 @@ size_t plain_method(char *method, size_t
#define FOPEN_READTEXT "r"
#define FOPEN_WRITETEXT "w"
#define FOPEN_APPENDTEXT "a"
@@ -69,5 +69,5 @@
+#define FOPEN_WRITETEXT_CLOEXEC "we"
#endif
- #endif /* __LIBSSH2_PRIV_H */
+ #endif /* LIBSSH2_PRIV_H */
