| Age | Commit message (Collapse) | Author |
|---|
|
This is a security release.
See changelog https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
License-Update: Reformat COPYING file
0.8.8 is a security release to especially address CVE-2019-14889.
Thins includes the following changes from the 0.8.4 version:
7850307 Bump version to 0.8.8
30c0f0c cpack: Ignore patch files and other stuff
b0edec4 CVE-2019-14889: scp: Quote location to be used on shell
391c78d CVE-2019-14889: scp: Don't allow file path longer than 32kb
2ba1dea CVE-2019-14889: misc: Add function to quote file names
82c375b CVE-2019-14889: scp: Log SCP warnings received from the server
4aea835 CVE-2019-14889: scp: Reformat scp.c
2fbeb2a gitlab-ci: Mips is dead
e981113 doc: Add a note about OpenSSL linking
3736a03 libcrypto: Add missing includes for modes.h
be73335 sftp: Document how to free memory retruned by sftp_canonicalize_path()
5298611 Bump version to 0.8.7
7a49ee5 cmake: Bump API version to 4.7.4
c842bc2 Remove SHA384 HMAC
8892577 Use constant time comparison function for HMAC comparison
ac7c64a pki_gcrypt: Include missing stdbool.h
47014eb pki: Fix size type for len in privatekey_string_to_buffer()
2223106 connect: Fix size type for i an j in ssh_select()
4af7736 connector: Fallback on the socket output callback
f4a0fcc connector: Don't NULL connector (in|out) channels on event remove
fa150ef options: Removed outdated param annotations of ssh_options_set()
810dbd3 config: Avoid buffer overflow
fa6aa12 tests/pkd: repro rsa-sha2-{256,512} negotiation bug
a4948f6 kex: honor client preference for rsa-sha2-{256,512} host key algorithms
e05e4ae pki_crypto: plug pki_signature_from_blob leaks
b6d2755 pki: NULL check pki_signature_from_rsa_blob result
e69fb89 pki_container_openssh: Add padding to be compatible with OpenSSH
f9beb3c gitlab-ci: Disable debian cross mips runner
bfc39d5 kex: List also the SHA2 extension when ordering hostkey algorithms
0acfd81 server: Correctly handle extensions
d028b24 dh: Make sure we do not access uninitialized memory
68fc17c Bump version to 0.8.6
d327712 Bump SO version to 4.7.3
fded1fb channels: Don't call ssh_channel_close() twice
a6e055c packet: Allow SSH2_MSG_EXT_INFO when authenticated
32221ea channels: Send close if we received a remote close
917ba07 channels: Reformat ssh_channel_free()
bcdbc11 channel: Add SSH_CHANNEL_FLAG_CLOSED_LOCAL
79289dc channel: Reformat ssh_channel_close()
45172a7 sftp: Do not overwrite errors set by channel functions
7b0c80b tests: Test calling ssh_init() after ssh_finalize()
d5bc9a1 libcrypto: Fix access violation in ssh_init()
80d3e10 tests: Verify that signatures are sane and can not be verified by non-matching key
455d495 pki: Sanitize input to verification
b1bae1d pki: Return default RSA key type for DIGEST_AUTO
ad4f1db pki: Verify the provided public key has expected type
5ffe695 pki: Sanity-check signature matches base key type
230a437 tests: Do not require base RSA type for SHA2 extension whitelist
1df272c packet_cb: Properly verify the signature type
c3a57fe pki: Separate signature extraction and verification
a238df2 pki: Set correct type for imported signatures
f5e8fa5 pki: Use self-explanatory variable names
0a07266 The largest ECDSA key has 521 bits
953eae8 pki_gcrypt: Do not abort on bad signature
1d5215a server: Do not send SSH_MSG_EXT_INFO after rekey
2d06a83 kex: Do not negotiate extensions during rekey
fd844ca tests: Verify setting NULL knownhosts does not crash
a106a00 options: Do not crash when setting knownhosts to NULL (T108)
d8372c3 gcrypt: Bugfix for very slow ecdh
9462105 socket: Add missing braces
fe0331c socket: Remove redundant code
709c48e socket: Fix potential buffer overrun
3d56bda pki: Fix typos in documentation
8b4de1c packet: Fix timeout on hostkey type mismatch instead of proper error
906f63b packets: Fix ssh_send_keepalive()
26ea4f0 COPYING: Reformat the last paragraph
3b46198 tests: Fix chroot_wrapper location
3de3494 tests: Ensure the ssh session fd is read-/writeable in torture_proxycommand
69cb3c5 knownhosts: Take StrictHostKeyChecking option into account
5102b16 crypto: Fix compilation for OpenSSL without deprecated APIs
dc071dc cmake: Refresh the CMake Config files
a8d4fba tests: Improve error reporting in auth test
56b7d2d tests: Typo -- the flags should be checked according to the comment
a4b99ee knownhosts: Make sure we have both knownhosts files ready
8a8498b client: Reformat comment
44b32e9 tests/pkd: Properly clean up memory
0590795 session: Drop unused structure member (SSHv1)
f11be32 misc: Properly check for errors returned from getpwuid_r()
a9be4ab misc: Reformat ssh_get_user_home_dir and ssh_file_readaccess_ok
273fb4c Bump version to 0.8.5
56f7c27 Bump SO version to 4.7.2
1285b37 doc: fix up various typos and trailing whitespace
b7de358 libcrypto: Fix memory leak in evp_final()
bea6393 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
9158cc5 socket: Undouble socket fds
8ba10ef client: Send KEX as soon as banners are exchanged
2ff8a09 tests: Verify we can authenticate using ed25519 key
d52fa9a tests: Global known_hosts are used for host key verification
ec3fdb4 knownhosts: Consult also the global known hosts file
d877969 options: Set the global known_hosts file
b1a7bd2 tests: Verify the hostkey ordering for negotiation is correct
0831b85 tests: Generate valid known_hosts file, fixing the current test
34d1f5e tests: Verify the ecdsa key types are handled correctly
fcf2cd0 kex: Use all supported hostkey algorithms for negotiation
4a4ca44 kex: Honor more host key algorithms than the first one (ssh-ed25519)
17a6c3f knownhosts: Use the correct name for ECDSA keys for host key negotiation
e24bb93 tests: Do not trace sshd
5c2d444 tests: Add option tests for global and user specific known_hosts
9763563 options: Add support for getting the known_hosts locations
5f9d9f4 examples: Explicitly track auth state in samplesshd-kbdint
e8f3207 messages: Check that the requested service is 'ssh-connection'
e5cee20 server: Set correct state after sending INFO_REQUEST (Kbd Interactive)
63056d1 priv: Add ssize_t if not available with MSVC
09e4f3d packet: Add missing break in ssh_packet_incoming_filter()
4b886ac src: Fix typos
Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Fixes
TOPDIR/build/tmpfs/work/armv5te-yoe-linux-gnueabi/libssh/0.8.4-r0/git/src/channels.c:2632:1:
sorry, unimplemented: -fstack-check=specific for Thumb-1
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Paul Eggleton <paul.eggleton@linux.intel.com>
|
|
Notable changes since 0.7.3:
* Fixed CVE-2018-10933 authentication bypass
* Removed support for deprecated SSHv1 protocol
* Added support for OpenSSL 1.1
* Added support for chacha20-poly1305 cipher
* Added ECDSA support with gcrypt backend
* Improved threading support (note: libssh_threads is now gone)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Reorder recipe variables according to:
https://www.openembedded.org/wiki/Styleguide
Originally-conceived-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
The cmake.bbclass in oe-core now ensures that ${libdir}/cmake and
${datadir}/cmake end up in the dev package, so recipes no longer need to
provide custom packaging rules to handles these files.
http://git.openembedded.org/openembedded-core/commit/?id=d91dc4666683a96e9d03cbbd21b8a546f9069c93
Originally-conceived-by: Andre McCurdy <armccurdy@gmail.com>
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
|
|
Changelog:
version 0.7.3 (released 2016-01-23)
* Fixed CVE-2016-0739
* Fixed ssh-agent on big endian
* Fixed some documentation issues
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Set the correct LIB_SUFFIX to fix QA issue for multilib:
ERROR: QA Issue: libssh: Files/directories were installed but not shipped in any package:
/usr/lib
/usr/lib/libssh.so
/usr/lib/libssh_threads.so.4.5.0
/usr/lib/libssh.so.4
/usr/lib/libssh_threads.so.4
/usr/lib/libssh_threads.so
[snip]
Please set FILES such that these items are packaged. Alternatively if they are unneeded, avoid installing them or delete them within do_install. [installed-vs-shipped]
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
|
|
the default was to build with GSSAPI enabled.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Among other things, includes a fix for CVE-2014-8132.
(There are a couple of useful-looking fixes after 0.6.4 in the 0.6
branch, hence I have renamed the recipe to _git and set PV to the
standard format.)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Changes:
- rename SUMMARY with length > 80 to DESCRIPTION
- rename DESCRIPTION with length < 80 to (non present tag) SUMMARY
- drop final point character at the end of SUMMARY string
- remove trailing whitespace of SUMMARY line
Note: don't bump PR
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
cmake.bbclass as of oe-core 783fb88 defaults to out-of-tree builds. Use that
functionality instead of OECMAKE_BUILDPATH/_SOURCEPATH which are no longer used.
Signed-off-by: Ross Burton <ross.burton@intel.com>
Reviewed-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Commit based on:
https://raw.github.com/tworaz/oe-tworaz/master/meta-jlime/recipes-support/libssh/libssh_0.5.2.bb
Updated version to latest.
Signed-off-by: Andrei Gherzan <andrei@gherzan.ro>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
Pierre-Jean Texier
Khem Raj
Paul Eggleton
Trevor Woerner
Joshua Lock
Jackie Huang
Yi Zhao
Armin Kuster
Koen Kooi
Matthieu CRAPET
Ross Burton
Martin Jansa
Andrei Gherzan