ELSA-2024-3233

Описание

[0.9.6-14]

• Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
• Fix CVE-2023-6918 Missing checks for return values for digests
• Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection of malicious code through hostname
• Note: version is bumped from 12 to 14 directly, as the z-stream version in 8.9 also has 13. So bumping it to 14, will prevent upgrade conflicts.
• Resolves:RHEL-19690, RHEL-17244, RHEL-19312

[0.9.6-12]

• Fix loglevel regression
• Related: rhbz#2182251, rhbz#2189742

[0.9.6-11]

• .fmf/version is needed to run the tests
• Related: rhbz#2182251, rhbz#2189742

[0.9.6-10]

• Add missing ci.fmf file
• Related: rhbz#2182251, rhbz#2189742

[0.9.6-9]

• Fix covscan errors found at gating
• Related: rhbz#2182251, rhbz#2189742

[0.9.6-8]

• Backport test fixing commits to make the build pass
• Related: rhbz#2182251, rhbz#2189742

[0.9.6-7]

• Fix NULL dereference during rekeying with algorithm guessing GHSL-2023-032 / CVE-2023-1667
• Fix possible authentication bypass GHSL 2023-085 / CVE-2023-2283
• Resolves: rhbz#2182251, rhbz#2189742

[0.9.6-6]

• Enable client and server testing build time
• Fix failing rekey test on arch s390x
• Resolves: rhbz#2126342

[0.9.6-5]

• Fix CI configuration for new TMT
• Resolves: rhbz#2149910

[0.9.6-4]

• Make VERBOSE and lower log levels less verbose
• Resolves: rhbz#2091512

[0.9.6-3]

• Remove STI tests

[0.9.6-2]

• Remove bad patch causing errors
• Adding BuildRequires for openssh (SSHD support)

[0.9.6-1]

• Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism
• Rebase to version 0.9.6
• Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
• Resolves: rhbz#1896651, rhbz#1994600

[0.9.4-4]

• Revert previous commit as it is incorrect.

[0.9.6-1]

• Fix CVE-2021-3634: Fix possible heap-buffer overflow when rekeying with different key exchange mechanism (#1978810)

[0.9.4-3]

• Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if ssh_buffer_new returns NULL (#1862646)

[0.9.4-2]

• Do not return error when server properly closed the channel (#1849071)
• Add a test for CVE-2019-14889
• Do not parse configuration file in torture_knownhosts test

[0.9.4-1]

• Update to version 0.9.4 https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
• Fixed CVE-2019-14889 (#1781782)
• Fixed CVE-2020-1730 (#1802422)
• Create missing directories in the path provided for known_hosts files (#1733914)
• Removed inclusion of OpenSSH server configuration file from libssh_server.config (#1821339)

[0.9.0-4]

• Skip 1024 bits RSA key generation test in FIPS mode (#1734485)

[0.9.0-3]

• Add Obsoletes in libssh-config to avoid conflict with old libssh which installed the configuration files.

[0.9.0-2]

• Eliminate circular dependency with libssh-config subpackage

[0.9.0-1]

• Update to version 0.9.0 https://www.libssh.org/2019/06/28/libssh-0-9-0/
• Added explicit Requires for crypto-policies
• Do not ignore known_hosts keys when SSH_OPTIONS_HOSTKEYS is set
• Provide the configuration files in a separate libssh-config subpackage

[0.8.91-0.1]

• Update to 0.9.0 pre release version (0.8.91)
• Added default configuration files for client and server
• Removed unused patch files left behind
• Fixed issues found to run upstream test suite with SELinux

[0.8.5-2]

• Fix more regressions introduced by the fixes for CVE-2018-10933

[0.8.5-1]

• Update to version 0.8.5
  • Fixed an issue where global known_hosts file was ignored (#1649321)
  • Fixed ssh_get_fd() to return writable file descriptor (#1649319)
  • Fixed regression introduced in known_hosts parsing (#1649315)
  • Fixed a regression which caused only the first algorithm in known_hosts to be considered (#1638790)

[0.8.3-5]

• Fix regressions introduced by the fixes for CVE-2018-10933

[0.8.3-4]

• Fix for authentication bypass issue in server implementation (#1639926)

[0.8.3-3]

• Fixed errors found by static code analysis (#1602594)

[0.8.3-1]

• Update to version 0.8.3
  • Added support for rsa-sha2 (#1610882)
  • Added support to parse private keys in openssh container format (other than ed25519) (#1622983)
  • Added support for diffie-hellman-group18-sha512 and diffie-hellman-group16-sha512 (#1610885)
  • Added ssh_get_fingerprint_hash()
  • Added ssh_pki_export_privkey_base64()
  • Added support for Match keyword in config file
  • Improved performance and reduced memory footprint for sftp
  • Fixed ecdsa publickey auth
  • Fixed reading a closed channel
  • Added support to announce posix-rename@openssh.com and hardlink@openssh.com in the sftp server
  • Use -fstack-protector-strong if possible (#1624135)

[0.8.1-4]

• Fix the creation of symbolic links for libssh_threads.so.4

[0.8.1-3]

• Add missing Provides for libssh_threads.so.4

[0.8.1-2]

• Add Provides for libssh_threads.so to unbreak applications
• Fix ABIMap detection to not depend on python to build

[0.8.1-1]

• Update to version 0.8.1 https://www.libssh.org/2018/08/13/libssh-0-8-1/

[0.8.0-1]

• Update to version 0.8.0 https://www.libssh.org/2018/08/10/libssh-0-8-0/

[0.7.5-9]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[0.7.5-8]

• BR: gcc-c++, use %make_build

[0.7.5-7]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
• Related: bug#1614611

[0.7.5-6]

• resolves: #1540021 - Build against OpenSSL 1.1

[0.7.5-5]

• Switch to %ldconfig_scriptlets

[0.7.5-4]

• Fix parsing ssh_config

[0.7.5-3]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[0.7.5-2]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[0.7.5-1]

• Update to version 0.7.5

[0.7.4-2]

• BR: compat-openssl10-devel (f26+, #1423088)
• use %license
• -devel: drop hardcoded pkgconfig dep (let autodeps handle it)
• %files: track library sonames, simplify -devel
• %install: use 'install/fast' target
• .spec cosmetics, drop deprecated %clean section

[0.7.4-1]

• Update to version 0.7.4
  • Added id_ed25519 to the default identity list
  • Fixed sftp EOF packet handling
  • Fixed ssh_send_banner() to confirm with RFC 4253
  • Fixed some memory leaks
• resolves: #1419007

[0.7.3-1]

• resolves: #1311259 - Fix CVE-2016-0739
• resolves: #1311332 - Update to version 0.7.3
  • Fixed CVE-2016-0739
  • Fixed ssh-agent on big endian
  • Fixed some documentation issues
• Enabled GSSAPI support

[0.7.2-3]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[0.7.2-2]

• resolves: #1271230 - Fix ssh-agent support on big endian

[0.7.2-1]

• Update to version 0.7.2
  • Fixed OpenSSL detection on Windows
  • Fixed return status for ssh_userauth_agent()
  • Fixed KEX to prefer hmac-sha2-256
  • Fixed sftp packet handling
  • Fixed return values of ssh_key_is_(public|private)
  • Fixed bug in global success reply
• resolves: #1267346

[0.7.1-1]

• Update to version 0.7.1
  • Fixed SSH_AUTH_PARTIAL auth with auto public key
  • Fixed memory leak in session options
  • Fixed allocation of ed25519 public keys
  • Fixed channel exit-status and exit-signal
  • Reintroduce ssh_forward_listen()

[0.7.0-3]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[0.7.0-2]

• Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310)

[0.7.0-1]

• Update to version 0.7.0
  • Added support for ed25519 keys
  • Added SHA2 algorithms for HMAC
  • Added improved and more secure buffer handling code
  • Added callback for auth_none_function
  • Added support for ECDSA private key signing
  • Added more tests
  • Fixed a lot of bugs
  • Improved API documentation

[0.6.5-1]

• resolves: #1213775 - Security fix for CVE-2015-3146
• resolves: #1218076 - Security fix for CVE-2015-3146

[0.6.4-1]

• Security fix for CVE-2014-8132.

[0.6.3-3]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[0.6.3-2]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[0.6.3-1]

• Fix CVE-2014-0017.

[0.6.1-1]

• Update to version 0.6.1.
• resolves: #1056757 - Fix scp mode.
• resolves: #1053305 - Fix known_hosts heuristic.

[0.6.0-1]

• Update to 0.6.0

[0.5.5-1]

• Update to 0.5.5.
• Clenup the spec file.

[0.5.4-5]

• Add EPEL 5 support.
• Add Debian patches to enable Doxygen documentation.

[0.5.4-4]

• Add patch for #982685.

[0.5.4-3]

• Clean up SPEC file and fix rpmlint complaints.

[0.5.4-2]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[0.5.4-1]

• update to security 0.5.4 release
• CVE-2013-0176 (#894407)

[0.5.3-1]

• update to security 0.5.3 release (#878465)

[0.5.2-2]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[0.5.2-1]

• update to 0.5.2 version (#730270)

[0.5.0-2]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[0.5.0-1]

• bounce versionn to 0.5.0 (#709785)
• the support for protocol v1 is disabled

[0.4.8-2]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[0.4.8-1]

• bounce versionn to 0.4.8 (#670456)

[0.4.6-1]

• bounce versionn to 0.4.6 (#630602)

[0.4.4-1]

• bounce versionn to 0.4.4 (#598592)

[0.4.3-1]

• bounce versionn to 0.4.3 (#593288)

[0.4.2-1]

• bounce versionn to 0.4.2 (#573972)

[0.4.1-1]

• bounce versionn to 0.4.1 (#565870)

[0.4.0-1]

• bounce versionn to 0.4.0 (#541010)

[0.3.92-2]

• typo in spec file

[0.3.92-1]

• bounce versionn to 0.3.92 (0.4 beta2) (#541010)

[0.2-4]

• rebuilt with new openssl

[0.2-3]

• Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[0.2-2]

• Small changes during review

[0.2-1]

• Initial build