diff -Nru libssh-0.6.1/ChangeLog libssh-0.6.3/ChangeLog --- libssh-0.6.1/ChangeLog 2014-02-10 09:17:43.000000000 +0000 +++ libssh-0.6.3/ChangeLog 2014-03-04 12:16:49.000000000 +0000 @@ -1,6 +1,13 @@ ChangeLog ========== +version 0.6.3 (released 2014-03-04) + * Fixed CVE-2014-0017. + * Fixed memory leak with ecdsa signatures. + +version 0.6.2 (released 2014-03-04) + * security: fix for vulnerability CVE-2014-0017 + version 0.6.1 (released 2014-02-08) * Added support for libgcrypt 1.6. * Added ssh_channel_accept_forward(). diff -Nru libssh-0.6.1/CMakeLists.txt libssh-0.6.3/CMakeLists.txt --- libssh-0.6.1/CMakeLists.txt 2014-02-10 09:17:34.000000000 +0000 +++ libssh-0.6.3/CMakeLists.txt 2014-03-04 12:20:38.000000000 +0000 @@ -8,7 +8,7 @@ set(APPLICATION_VERSION_MAJOR "0") set(APPLICATION_VERSION_MINOR "6") -set(APPLICATION_VERSION_PATCH "1") +set(APPLICATION_VERSION_PATCH "3") set(APPLICATION_VERSION "${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}") @@ -19,7 +19,7 @@ # Increment AGE. Set REVISION to 0 # If the source code was changed, but there were no interface changes: # Increment REVISION. -set(LIBRARY_VERSION "4.4.0") +set(LIBRARY_VERSION "4.4.1") set(LIBRARY_SOVERSION "4") # where to look first for cmake modules, before ${CMAKE_ROOT}/Modules/ is checked diff -Nru libssh-0.6.1/debian/changelog libssh-0.6.3/debian/changelog --- libssh-0.6.1/debian/changelog 2014-03-10 13:50:05.000000000 +0000 +++ libssh-0.6.3/debian/changelog 2017-07-03 16:57:31.000000000 +0000 @@ -1,24 +1,151 @@ -libssh (0.6.1-0ubuntu3) trusty; urgency=medium +libssh (0.6.3-4.3~trusty1) trusty; urgency=medium - * SECURITY UPDATE: PRNG state reuse on forking servers - - debian/patches/CVE-2014-0017.patch: force reseed after fork in - include/libssh/wrapper.h, src/bind.c, src/libcrypto.c, - src/libgcrypt.c. - - CVE-2014-0017 + * Rebuild for Trusty - -- Marc Deslauriers Mon, 10 Mar 2014 09:47:11 -0400 + -- Balint Reczey Mon, 03 Jul 2017 18:57:31 +0200 -libssh (0.6.1-0ubuntu2) trusty; urgency=medium +libssh (0.6.3-4.3) unstable; urgency=medium - * Fix .symbols file + * Non-maintainer upload. + * CVE-2016-0739: Truncated Diffie-Hellman secret length (Closes: #815663) - -- Jonathan Riddell Thu, 13 Feb 2014 11:57:02 +0000 + -- Salvatore Bonaccorso Tue, 23 Feb 2016 19:54:04 +0100 -libssh (0.6.1-0ubuntu1) trusty; urgency=low +libssh (0.6.3-4.2) unstable; urgency=medium + + * Non-maintainer upload. + * debian/patches: Add 0002_CVE-2015-3146.patch from 0.6.5 release upstream + (Closes: #784404) + + -- Christopher Knadle Mon, 16 Nov 2015 04:26:51 -0500 + +libssh (0.6.3-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix "ftbfs with GCC-5": add patch from Matthias Klose/Ubuntu: + add __extension__ to __FUNCTION__. + (Closes: #777975) + + -- gregor herrmann Sat, 18 Jul 2015 20:38:30 +0200 + +libssh (0.6.3-4) unstable; urgency=medium + + * Add debian/patches/0001_CVE-2014-8132.patch: Fixup error path in + ssh_packet_kexinit() (Closes: #773577, CVE-2014-8132) + + -- Laurent Bigonville Tue, 27 Jan 2015 00:28:01 +0100 + +libssh (0.6.3-3) unstable; urgency=low + + [ Sebastian Ramacher ] + * Build gcrypt flavor. (Closes: #676650) + * d/control: + - Add Build-Dep on libgcrypt-dev. + - Bump Build-Dep on debhelper to >= 9 and remove cdbs. + - Add libssh-gcrypt-dev and libssh-gcrypt-4 packages. + - Add Conflicts to libssh-dev and libssh-gcrypt-dev against each other. + - Add Depends on libssh-gcrypt-4 to libssh-dbg and break incompatible + versions. + - Update libssh-4 and libssh-dev Description. + * d/compat: Bump to 9. + * d/rules: Convert to dh and build gcrypt flavor. + * d/libssh-doc.docs: Update location of documentation. + + d/patches/1003-custom-lib-names.patch: Allow to overwrite libssh's + OUTPUT_NAME. + + [ Laurent Bigonville ] + * debian/libssh-gcrypt-4.lintian-overrides: Add an override for + the dev-pkg-without-shlib-symlink lintian warning + * debian/control, debian/rules: Enable the tests at build time, really + (Closes: #744403) + * debian/control: Add pkg-config to the build-dependencies + * d/p/2003-disable-expand_tilde_unix-test.patch: Disable + torture_path_expand_tilde_unix it's not working well on the buildd + * d/p/0007-security-fix-for-vulnerability-CVE-2014-0017.patch: Drop obsolete + patch, merged upstream in 0.6.3 + * debian/rules: Pass -Wl,-z,defs -Wl,-O1 -Wl,--as-needed to the LDFLAGS + * Enable GSSAPI support + - debian/control: Add libkrb5-dev | heimdal-dev to the build-dependencies + - debian/rules: Pass -DWITH_GSSAPI=ON to the CMake flags + - Adjust the .symbols file + + -- Laurent Bigonville Sat, 30 Aug 2014 17:31:14 +0200 + +libssh (0.6.3-2) unstable; urgency=low + + [ Mike Gabriel ] + * debian/rules: + + Enable tests during package build. (Closes: #744403). + + -- Mike Gabriel Wed, 14 May 2014 10:19:23 +0200 + +libssh (0.6.3-1) unstable; urgency=low + + * Upload to unstable without changes. + + -- Mike Gabriel Wed, 14 May 2014 09:43:04 +0200 + +libssh (0.6.3-1~exp1) experimental; urgency=medium + + * New upstream release. + - Reset the PRNG state after accepting a new connection (CVE-2014-0017) + + -- Laurent Bigonville Wed, 05 Mar 2014 23:02:10 +0100 + +libssh (0.6.1-1~exp1) experimental; urgency=low * New upstream release. + * debian/control: + + Bump Standards: to 3.9.5. No changes needed. + * debian/patches: + + Remove obsolete patches (all applied upstream). + + Add patch for fixing typos in upstream error messages. + * Provide upstream signing key in package. + * Update debian/libssh-4.symbols file. + * Update debian/copyright.in file. + * Update debian/copyright file. + + -- Mike Gabriel Wed, 19 Feb 2014 12:54:32 +0100 + +libssh (0.5.4-3) unstable; urgency=high + + [ Mike Gabriel ] + * debian/rules: + + Add get-orig-source rule. + * debian/watch: + + Handle tar.gz and tar.xz upstream tarballs alike. + * debian/copyright.in: + + Ship auto-generated copyright file in debian/ folder. + + [ Laurent Bigonville ] + * debian/patches/0007-security-fix-for-vulnerability-CVE-2014-0017.patch: + Reset the PRNG state after accepting a new connection (CVE-2014-0017) + + -- Laurent Bigonville Wed, 05 Mar 2014 22:42:19 +0100 + +libssh (0.5.4-2) unstable; urgency=low + + * debian/control: + + Add myself to Uploaders: field as discussed with current + maintainer on IRC (#debian-devel) on 2014-02-17. + + Alioth-canonicalize Vcs-* fields. + * debian/copyright: + + Make copyright file DEP-5 compliant. + + Relicense debian/* files under all licenses used by upstream. + Copyright holders' agreements can be found in the related + bug report in Debian BTS. (Closes: #739372). + * debian/patches: + + Add patch 0004-reset-global-request-status.patch: Allow requesting + more than one channel per session. + + Add patch 0005-multi-reverse-fwd.patch: Ease handling of multiple + reverse port forwarding requests per session. (Closes: #736231). + + Add patch 0006-ssh-handle-package-zero-timeouts.patch: Handle + zero timeouts as such. Improves speed on libssh issued + connections. (Closes: #738667). + * Update libssh-4.symbols file with new symbol introduced by patch + 0005-multi-reverse-fwd.patch. - -- Scarlett Clark Wed, 12 Feb 2014 10:49:46 -0800 + -- Mike Gabriel Tue, 18 Feb 2014 13:34:13 +0100 libssh (0.5.4-1) unstable; urgency=low diff -Nru libssh-0.6.1/debian/compat libssh-0.6.3/debian/compat --- libssh-0.6.1/debian/compat 2013-02-05 00:12:09.000000000 +0000 +++ libssh-0.6.3/debian/compat 2016-02-23 18:54:50.000000000 +0000 @@ -1 +1 @@ -8 +9 diff -Nru libssh-0.6.1/debian/control libssh-0.6.3/debian/control --- libssh-0.6.1/debian/control 2014-02-13 11:36:37.000000000 +0000 +++ libssh-0.6.3/debian/control 2016-02-23 18:54:50.000000000 +0000 @@ -1,48 +1,95 @@ Source: libssh Section: libs Priority: optional -Maintainer: Kubuntu Developers -XSBC-Original-Maintainer: Laurent Bigonville -Build-Depends: cdbs (>= 0.4.93~), debhelper (>= 8.1.3~), cmake (>= 2.6), libssl-dev, libz-dev +Maintainer: Laurent Bigonville +Uploaders: Mike Gabriel , +Build-Depends: cmake (>= 2.6), + debhelper (>= 9), + libcmocka-dev, + libgcrypt-dev, + libkrb5-dev | heimdal-dev, + libssl-dev, + libz-dev, + openssh-client, + pkg-config Build-Depends-Indep: doxygen -Standards-Version: 3.9.2 -Vcs-Git: git://git.debian.org/git/collab-maint/libssh.git -Vcs-Browser: http://git.debian.org/?p=collab-maint/libssh.git +Standards-Version: 3.9.5 +Vcs-Git: git://anonscm.debian.org/collab-maint/libssh.git +Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/libssh.git Homepage: http://www.libssh.org/ Package: libssh-4 Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends} +Depends: ${misc:Depends}, ${shlibs:Depends} Pre-Depends: ${misc:Pre-Depends} Multi-Arch: same -Description: tiny C SSH library +Description: tiny C SSH library (OpenSSL flavor) The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its SFTP implementation, you can play with remote files easily. + . + This package contains shared libraries linked against OpenSSL. + +Package: libssh-gcrypt-4 +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Pre-Depends: ${misc:Pre-Depends} +Multi-Arch: same +Description: tiny C SSH library (gcrypt flavor) + The ssh library was designed to be used by programmers needing a working SSH + implementation by the mean of a library. The complete control of the client + is made by the programmer. With libssh, you can remotely execute programs, + transfer files, use a secure and transparent tunnel for your remote programs. + With its SFTP implementation, you can play with remote files easily. + . + This package contains shared libraries linked against gcrypt. Package: libssh-dev Section: libdevel Architecture: any -Depends: libssh-4 (= ${binary:Version}), ${misc:Depends}, libssl-dev, zlib1g-dev +Depends: libssh-4 (= ${binary:Version}), + libssl-dev, + zlib1g-dev, + ${misc:Depends} +Suggests: libssh-doc +Conflicts: libssh-2-dev, libssh-gcrypt-dev +Replaces: libssh-2-dev +Description: tiny C SSH library. Development files (OpenSSL flavor) + The ssh library was designed to be used by programmers needing a working SSH + implementation by the mean of a library. The complete control of the client + is made by the programmer. With libssh, you can remotely execute programs, + transfer files, use a secure and transparent tunnel for your remote programs. + With its SFTP implementation, you can play with remote files easily. + . + This package contains development files to build the OpenSSL flavor. + +Package: libssh-gcrypt-dev +Section: libdevel +Architecture: any +Depends: libgcrypt-dev, + libssh-gcrypt-4 (= ${binary:Version}), + zlib1g-dev, + ${misc:Depends} Suggests: libssh-doc -Conflicts: libssh-2-dev +Conflicts: libssh-2-dev, libssh-dev Replaces: libssh-2-dev -Description: tiny C SSH library. Development files +Description: tiny C SSH library. Development files (gcrypt flavor) The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its SFTP implementation, you can play with remote files easily. . - This package contains development files. + This package contains development files to build the gcrypt flavor. Package: libssh-dbg Priority: extra Section: debug Architecture: any -Depends: libssh-4 (= ${binary:Version}), ${misc:Depends} +Depends: libssh-4 (= ${binary:Version}) | libssh-gcrypt-4 (= ${binary:Version}), + ${misc:Depends} Multi-Arch: same Description: tiny C SSH library. Debug symbols The ssh library was designed to be used by programmers needing a working SSH diff -Nru libssh-0.6.1/debian/copyright libssh-0.6.3/debian/copyright --- libssh-0.6.1/debian/copyright 2013-02-05 00:12:09.000000000 +0000 +++ libssh-0.6.3/debian/copyright 2016-02-23 18:54:50.000000000 +0000 @@ -1,39 +1,308 @@ -This package was debianized by Laurent Bigonville on -Thu, 16 Nov 2006 20:34:01 +0100. +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: libssh +Upstream-Contact: libssh@libssh.org + Andreas Schneider +Source: https://red.libssh.org/projects/libssh/files -It was downloaded from http://www.libssh.org/ +Files: include/libssh/auth.h + include/libssh/bind.h + include/libssh/buffer.h + include/libssh/channels.h + include/libssh/crc32.h + include/libssh/crypto.h + include/libssh/dh.h + include/libssh/ecdh.h + include/libssh/gssapi.h + include/libssh/kex.h + include/libssh/keys.h + include/libssh/legacy.h + include/libssh/libcrypto.h + include/libssh/libgcrypt.h + include/libssh/libssh.h + include/libssh/libsshpp.hpp + include/libssh/messages.h + include/libssh/misc.h + include/libssh/packet.h + include/libssh/pcap.h + include/libssh/pki.h + include/libssh/pki_priv.h + include/libssh/poll.h + include/libssh/priv.h + include/libssh/scp.h + include/libssh/server.h + include/libssh/session.h + include/libssh/sftp.h + include/libssh/socket.h + include/libssh/string.h + include/libssh/threads.h + include/libssh/wrapper.h + src/auth1.c + src/base64.c + src/bind.c + src/buffer.c + src/client.c + src/connect.c + src/crc32.c + src/ecdh.c + src/error.c + src/gcrypt_missing.c + src/init.c + src/kex.c + src/kex1.c + src/legacy.c + src/libcrypto.c + src/libgcrypt.c + src/log.c + src/messages.c + src/packet.c + src/packet1.c + src/packet_cb.c + src/packet_crypt.c + src/pcap.c + src/server.c + src/session.c + src/sftpserver.c + src/socket.c + src/string.c + src/threads.c + src/threads/pthread.c + src/wrapper.c + tests/benchmarks/bench_raw.c + tests/benchmarks/bench_scp.c + tests/benchmarks/bench_sftp.c + tests/benchmarks/benchmarks.c + tests/benchmarks/benchmarks.h + tests/benchmarks/latency.c + tests/client/torture_algorithms.c + tests/client/torture_auth.c + tests/client/torture_connect.c + tests/client/torture_knownhosts.c + tests/client/torture_session.c + tests/test_pcap.c + tests/test_socket.c +Copyright: 2003-2013, Aris Adamantiadis +License: LGPL-2.1+~OpenSSL -Upstream Author: - Aris Adamantiadis (aka spacewalker) - Andreas Schneider - Nick Zitzmann - Norbert Kiesel - Jean-Philippe Garcia Ballester - -Files: * -Copyright: - Copyright © 2003-2008 Aris Adamantiadis - Copyright © 2008-2009 Andreas Schneider -License: LGPL-2.1+ with OpenSSL exemption +Files: examples/exec.c + examples/senddata.c + include/libssh/ssh1.h + include/libssh/ssh2.h + src/curve25519_ref.c + tests/authentication.c + tests/benchmarks/bench1.sh + tests/benchmarks/bench2.sh + tests/chmodtest.c + tests/client/torture_proxycommand.c + tests/client/torture_sftp_dir.c + tests/client/torture_sftp_read.c + tests/client/torture_sftp_static.c + tests/cmdline.c + tests/connection.c + tests/generate.py + tests/sftp_stress/main.c + tests/test_exec.c + tests/test_ssh_bind_accept_fd.c + tests/test_tunnel.c + tests/tests.h + tests/unittests/torture_buffer.c + tests/unittests/torture_callbacks.c + tests/unittests/torture_channel.c + tests/unittests/torture_init.c + tests/unittests/torture_isipaddr.c + tests/unittests/torture_keyfiles.c + tests/unittests/torture_list.c + tests/unittests/torture_misc.c + tests/unittests/torture_options.c + tests/unittests/torture_pki.c + tests/unittests/torture_rand.c +Copyright: *No copyright* +License: LGPL-2.1+~OpenSSL +Comment: + Using license from COPYING file. + +Files: examples/authentication.c + examples/connect_ssh.c + examples/examples_common.h + examples/knownhosts.c + examples/libssh_scp.c + examples/libsshpp.cpp + examples/libsshpp_noexcept.cpp + examples/proxy.c + examples/sample.c + examples/samplesftp.c + examples/samplesshd-cb.c + examples/samplesshd-kbdint.c + examples/samplesshd-tty.c + examples/samplesshd.c + examples/scp_download.c + examples/sshnetcat.c +Copyright: 2003-2013, Aris Adamantiadis +License: + You are free to copy this file, modify it in any way, consider it being public + domain. This does not apply to the rest of the library though, but it is + allowed to cut-and-paste working code from this file to any license of + program. + +Files: src/channels.c + src/channels1.c + src/gzip.c + src/known_hosts.c + src/misc.c + src/options.c + src/pki.c + src/pki_crypto.c + src/pki_gcrypt.c + src/sftp.c +Copyright: 2003-2013, Aris Adamantiadis + 2008-2013, Andreas Schneider +License: LGPL-2.1+~OpenSSL + +Files: include/libssh/agent.h + include/libssh/options.h + src/agent.c + src/callbacks.c + src/config.c + tests/client/torture_forward.c + tests/client/torture_request_env.c + tests/torture.c + tests/torture.c + tests/torture.h +Copyright: 2008-2013, Andreas Schneider +License: LGPL-2.1+~OpenSSL + +Files: include/libssh/curve25519.h + src/curve25519.c +Copyright: 2013, Aris Adamantiadis +License: LGPL-2.1 +Comment: + Upstream has been notified about the license incongruity with + all the other files. (Is: LGPL-2.1, should be: LGPL-2.1+~OpenSSL). + +Files: include/libssh/callbacks.h + src/scp.c +Copyright: 2009, Aris Adamantiadis +License: LGPL-2.1+~OpenSSL + +Files: src/match.c +Copyright: 1995, Tatu Ylonen , Espoo, Finland + 2000, Markus Friedl +License: BSD-2-clause + +Files: include/libssh/knownhosts.h +Copyright: 2014, Aris Adamantiadis +License: LGPL-2.1 +Comment: + File header gives 20014 as the copyright year. Assuming + a typo (20014 -> 2014). + . + Upstream has been notified about the license incongruity with + all the other files. (Is: LGPL-2.1, should be: LGPL-2.1+~OpenSSL). + +Files: src/poll.c +Copyright: 2003-2013, Aris Adamantiadis + 2009, Aleksandar Kanchev + 2009-2013, Andreas Schneider +License: LGPL-2.1+~OpenSSL + +Files: src/dh.c +Copyright: 2003-2013, Aris Adamantiadis + 2009-2013, Andreas Schneider + 2012, Dmitriy Kuznetsov +License: LGPL-2.1+~OpenSSL + +Files: src/auth.c +Copyright: 2003-2013, Aris Adamantiadis + 2008-2013, Andreas Schneider +License: LGPL-2.1+~OpenSSL + +Files: src/getpass.c +Copyright: 2011-2013, Andreas Schneider +License: LGPL-2.1+~OpenSSL + +Files: src/gssapi.c +Copyright: 2013, Aris Adamantiadis +License: LGPL-2.1+~OpenSSL + +Files: cmake/Modules/DefineCMakeDefaults.cmake + cmake/Modules/DefineCompilerFlags.cmake + cmake/Modules/DefineInstallationPaths.cmake + cmake/Modules/DefinePlatformDefaults.cmake +Copyright: *No copyright* +License: BSD-3-clause +Comment: + Using license from cmake/Modules/COPYING-CMAKE-SCRIPTS + +Files: cmake/Modules/FindGCrypt.cmake + cmake/Modules/FindOpenSSL.cmake + cmake/Modules/FindZLIB.cmake + cmake/Modules/MacroEnsureOutOfSourceBuild.cmake +Copyright: 2009, Andreas Schneider + 2006, Oswald Buddenhagen + 2006, Alexander Neundorf + 2006, Laurent Montel + 2006-2007 Wengo +License: BSD-3-clause + + +Files: debian/* +Copyright: 2005-2006, Jean-Philippe Garcia Ballester + 2006-2013, Laurent Bigonville + 2014, Mike Gabriel +License: LGPL-2.1+~OpenSSL or BSD-2-clause or BSD-3-clause + +License: LGPL-2.1+~OpenSSL + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the complete text of the GNU Library + Public License version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1". + . In addition, as a special exception, the author of this - program gives permission to link the code of its + program gives permission to link the code of its release with the OpenSSL project's "OpenSSL" library (or with modified versions of it that use the same license as the "OpenSSL" library), and distribute the linked - executables. You must obey the GNU General Public - License in all respects for all of the code used other + executables. You must obey the GNU General Public + License in all respects for all of the code used other than "OpenSSL". If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. -Files: libssh/match.c -Copyright: - Copyright © 2000 Markus Friedl -License: BSD-C2 +License: LGPL-2.1 + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License. + . + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the complete text of the GNU Library + Public License version 2.1 can be found in "/usr/share/common-licenses/LGPL-2.1". + +License: BSD-2-clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: + . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright @@ -51,22 +320,11 @@ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -Files: cmake/Modules/FindGCrypt.cmake, cmake/Modules/FindOpenSSL.cmake, - cmake/Modules/FindZLIB.cmake, cmake/Modules/MacroAddCompileFlags.cmake, - cmake/Modules/MacroAddLinkFlags.cmake, - cmake/Modules/MacroAddPlugin.cmake, cmake/Modules/MacroCopyFile.cmake, - cmake/Modules/MacroEnsureOutOfSourceBuild.cmake -Copyright: - Copyright © 2009 Andreas Schneider - Copyright © 2006, Oswald Buddenhagen - Copyright © 2006, Alexander Neundorf - Copyright © 2006, Laurent Montel - Copyright © 2006-2007 Wengo -License: BSD-C3 -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions -are met: - +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . 1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the copyright @@ -85,11 +343,3 @@ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -Files: debian/* -Copyright: - Copyright © 2005-2006, Jean-Philippe Garcia Ballester , - Copyright © 2006-2009, Laurent Bigonville and -License: GPL-2+ - On Debian systems, the complete text of the GPL can be found in - /usr/share/common-licenses/GPL. diff -Nru libssh-0.6.1/debian/copyright.in libssh-0.6.3/debian/copyright.in --- libssh-0.6.1/debian/copyright.in 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/copyright.in 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,257 @@ +Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: FIXME +Upstream-Contact: FIXME +Source: FIXME +Disclaimer: Autogenerated by CDBS + +Files: include/libssh/auth.h + include/libssh/bind.h + include/libssh/buffer.h + include/libssh/channels.h + include/libssh/crc32.h + include/libssh/crypto.h + include/libssh/dh.h + include/libssh/ecdh.h + include/libssh/gssapi.h + include/libssh/kex.h + include/libssh/keys.h + include/libssh/legacy.h + include/libssh/libcrypto.h + include/libssh/libgcrypt.h + include/libssh/libssh.h + include/libssh/libsshpp.hpp + include/libssh/messages.h + include/libssh/misc.h + include/libssh/packet.h + include/libssh/pcap.h + include/libssh/pki.h + include/libssh/pki_priv.h + include/libssh/poll.h + include/libssh/priv.h + include/libssh/scp.h + include/libssh/server.h + include/libssh/session.h + include/libssh/sftp.h + include/libssh/socket.h + include/libssh/string.h + include/libssh/threads.h + include/libssh/wrapper.h + src/auth1.c + src/base64.c + src/bind.c + src/buffer.c + src/client.c + src/connect.c + src/crc32.c + src/ecdh.c + src/error.c + src/gcrypt_missing.c + src/init.c + src/kex.c + src/kex1.c + src/legacy.c + src/libcrypto.c + src/libgcrypt.c + src/log.c + src/messages.c + src/packet.c + src/packet1.c + src/packet_cb.c + src/packet_crypt.c + src/pcap.c + src/server.c + src/session.c + src/sftpserver.c + src/socket.c + src/string.c + src/threads.c + src/threads/pthread.c + src/wrapper.c + tests/benchmarks/bench_raw.c + tests/benchmarks/bench_scp.c + tests/benchmarks/bench_sftp.c + tests/benchmarks/benchmarks.c + tests/benchmarks/benchmarks.h + tests/benchmarks/latency.c + tests/client/torture_algorithms.c + tests/client/torture_auth.c + tests/client/torture_connect.c + tests/client/torture_knownhosts.c + tests/client/torture_session.c + tests/test_pcap.c + tests/test_socket.c +Copyright: 2003, Aris Adamantiadis + 2003-2006, Aris Adamantiadis + 2003-2008, Aris Adamantiadis + 2003-2009, Aris Adamantiadis + 2003-2013, Aris Adamantiadis + 2004-2005, Aris Adamantiadis + 2004-2013, Aris Adamantiadis + 2005, Aris Adamantiadis + 2005-2005, Aris Adamantiadis + 2005-2008, Aris Adamantiadis + 2005-2013, Aris Adamantiadis + 2008-2010, Aris Adamantiadis + 2008-2013, Aris Adamantiadis + 2009, Aris Adamantiadis + 2010, Aris Adamantiadis + 2011, Aris Adamantiadis + 2011-2013, Aris Adamantiadis + 2012, Aris Adamantiadis + 2013, Aris Adamantiadis +License: LGPL-2.1+ + FIXME + +Files: examples/exec.c + examples/senddata.c + include/libssh/ssh1.h + include/libssh/ssh2.h + src/curve25519_ref.c + tests/authentication.c + tests/benchmarks/bench1.sh + tests/benchmarks/bench2.sh + tests/chmodtest.c + tests/client/torture_proxycommand.c + tests/client/torture_sftp_dir.c + tests/client/torture_sftp_read.c + tests/client/torture_sftp_static.c + tests/cmdline.c + tests/connection.c + tests/generate.py + tests/sftp_stress/main.c + tests/test_exec.c + tests/test_ssh_bind_accept_fd.c + tests/test_tunnel.c + tests/tests.h + tests/unittests/torture_buffer.c + tests/unittests/torture_callbacks.c + tests/unittests/torture_channel.c + tests/unittests/torture_init.c + tests/unittests/torture_isipaddr.c + tests/unittests/torture_keyfiles.c + tests/unittests/torture_list.c + tests/unittests/torture_misc.c + tests/unittests/torture_options.c + tests/unittests/torture_pki.c + tests/unittests/torture_rand.c +Copyright: *No copyright* +License: UNKNOWN + FIXME + +Files: examples/authentication.c + examples/connect_ssh.c + examples/examples_common.h + examples/knownhosts.c + examples/libssh_scp.c + examples/libsshpp.cpp + examples/libsshpp_noexcept.cpp + examples/proxy.c + examples/sample.c + examples/samplesftp.c + examples/samplesshd-cb.c + examples/samplesshd-kbdint.c + examples/samplesshd-tty.c + examples/samplesshd.c + examples/scp_download.c + examples/sshnetcat.c +Copyright: 2003-2009, Aris Adamantiadis + 2003-2011, Aris Adamantiadis + 2003-2013, Aris Adamantiadis + 2009, Aris Adamantiadis + 2010, Aris Adamantiadis +License: UNKNOWN + FIXME + +Files: src/channels.c + src/channels1.c + src/gzip.c + src/known_hosts.c + src/misc.c + src/options.c + src/pki.c + src/pki_crypto.c + src/pki_gcrypt.c + src/sftp.c +Copyright: 2003, Aris Adamantiadis + 2003-2008, Aris Adamantiadis + 2003-2009, Aris Adamantiadis + 2003-2013, Aris Adamantiadis + 2005-2008, Aris Adamantiadis + 2008-2009, Andreas Schneider + 2009, Andreas Schneider + 2009-2011, Andreas Schneider + 2009-2013, Andreas Schneider + 2010, Aris Adamantiadis + 2011-2013, Andreas Schneider +License: LGPL-2.1+ + FIXME + +Files: include/libssh/agent.h + include/libssh/options.h + src/agent.c + src/callbacks.c + src/config.c + tests/client/torture_forward.c + tests/client/torture_request_env.c + tests/torture.c + tests/torture.h +Copyright: 2008-2009, Andreas Schneider + 2008-2013, Andreas Schneider + 2009-2013, Andreas Schneider + 2011, Andreas Schneider + 2013, Andreas Schneider +License: LGPL-2.1+ + FIXME + +Files: include/libssh/curve25519.h + src/curve25519.c +Copyright: 2013, Aris Adamantiadis +License: LGPL-2.1 + FIXME + +Files: include/libssh/callbacks.h + src/scp.c +Copyright: 2009, Aris Adamantiadis +License: LGPL-2.1+ + FIXME + +Files: src/match.c +Copyright: 1995, Tatu Ylonen , Espoo, Finland + 2000, Markus Friedl. +License: BSD (2 clause) + FIXME + +Files: include/libssh/knownhosts.h +Copyright: 20014 Aris Adamantiadis +License: LGPL + FIXME + +Files: src/poll.c +Copyright: 2003-2013, Aris Adamantiadis + 2009, Aleksandar Kanchev + 2009-2013, Andreas Schneider +License: LGPL-2.1+ + FIXME + +Files: src/dh.c +Copyright: 2003-2013, Aris Adamantiadis + 2009-2013, Andreas Schneider + 2012, Dmitriy Kuznetsov +License: LGPL-2.1+ + FIXME + +Files: src/auth.c +Copyright: 2003-2013, Aris Adamantiadis + 2008-2013, Andreas Schneider +License: LGPL-2.1+ + FIXME + +Files: src/getpass.c +Copyright: 2011-2013, Andreas Schneider +License: LGPL-2.1+ + FIXME + +Files: src/gssapi.c +Copyright: 2013, Aris Adamantiadis +License: LGPL-2.1+ + FIXME diff -Nru libssh-0.6.1/debian/.directory libssh-0.6.3/debian/.directory --- libssh-0.6.1/debian/.directory 2014-02-12 16:45:00.000000000 +0000 +++ libssh-0.6.3/debian/.directory 1970-01-01 00:00:00.000000000 +0000 @@ -1,6 +0,0 @@ -[Dolphin] -Timestamp=2014,2,12,8,45,0 -Version=3 - -[Settings] -HiddenFilesShown=true diff -Nru libssh-0.6.1/debian/libssh-4.symbols libssh-0.6.3/debian/libssh-4.symbols --- libssh-0.6.1/debian/libssh-4.symbols 2014-02-13 11:56:58.000000000 +0000 +++ libssh-0.6.3/debian/libssh-4.symbols 2016-02-23 18:54:50.000000000 +0000 @@ -117,7 +117,7 @@ ssh_buffer_get_begin@Base 0.5.0 ssh_buffer_get_len@Base 0.5.0 ssh_buffer_new@Base 0.5.0 - ssh_channel_accept_forward@Base 0.6.1 + ssh_channel_accept_forward@Base 0.5.4-2~ ssh_channel_accept_x11@Base 0.5.0 ssh_channel_change_pty_size@Base 0.5.0 ssh_channel_close@Base 0.5.0 @@ -196,6 +196,8 @@ ssh_get_status@Base 0.3.4 ssh_get_version@Base 0.3.4 ssh_getpass@Base 0.5.0 + ssh_gssapi_get_creds@Base 0.6.3-3~ + ssh_gssapi_set_creds@Base 0.6.3-3~ ssh_handle_key_exchange@Base 0.5.0 ssh_init@Base 0.3.4 ssh_is_blocking@Base 0.5.0 diff -Nru libssh-0.6.1/debian/libssh-dev.install libssh-0.6.3/debian/libssh-dev.install --- libssh-0.6.1/debian/libssh-dev.install 2014-02-13 11:41:33.000000000 +0000 +++ libssh-0.6.3/debian/libssh-dev.install 2016-02-23 18:54:50.000000000 +0000 @@ -1,8 +1,6 @@ debian/tmp/usr/include/libssh/ -debian/tmp/usr/lib/*/libssh.so debian/tmp/usr/lib/*/libssh.a -debian/tmp/usr/lib/*/libssh_threads.so +debian/tmp/usr/lib/*/libssh.so debian/tmp/usr/lib/*/libssh_threads.a +debian/tmp/usr/lib/*/libssh_threads.so debian/tmp/usr/lib/*/pkgconfig/ -debian/tmp/usr/lib/*/cmake/libssh-config.cmake -debian/tmp/usr/lib/*/cmake/libssh-config-version.cmake diff -Nru libssh-0.6.1/debian/libssh-doc.docs libssh-0.6.3/debian/libssh-doc.docs --- libssh-0.6.1/debian/libssh-doc.docs 2013-02-05 00:12:09.000000000 +0000 +++ libssh-0.6.3/debian/libssh-doc.docs 2016-02-23 18:54:50.000000000 +0000 @@ -1 +1 @@ -obj*/doc/html +build-openssl/doc/html diff -Nru libssh-0.6.1/debian/libssh-gcrypt-4.install libssh-0.6.3/debian/libssh-gcrypt-4.install --- libssh-0.6.1/debian/libssh-gcrypt-4.install 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/libssh-gcrypt-4.install 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,2 @@ +usr/lib/*/libssh-gcrypt.so.* +usr/lib/*/libssh-gcrypt_threads.so.* diff -Nru libssh-0.6.1/debian/libssh-gcrypt-4.lintian-overrides libssh-0.6.3/debian/libssh-gcrypt-4.lintian-overrides --- libssh-0.6.1/debian/libssh-gcrypt-4.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/libssh-gcrypt-4.lintian-overrides 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,4 @@ +libssh-gcrypt-4: package-name-doesnt-match-sonames libssh-gcrypt4 libssh-gcrypt-threads4 +# The development symlink is not renamed to add the "-gcrypt" suffix +libssh-gcrypt-4: dev-pkg-without-shlib-symlink usr/lib/x86_64-linux-gnu/libssh-gcrypt.so.4.4.1 usr/lib/x86_64-linux-gnu/libssh-gcrypt.so +libssh-gcrypt-4: dev-pkg-without-shlib-symlink usr/lib/x86_64-linux-gnu/libssh-gcrypt_threads.so.4.4.1 usr/lib/x86_64-linux-gnu/libssh-gcrypt_threads.so diff -Nru libssh-0.6.1/debian/libssh-gcrypt-4.symbols libssh-0.6.3/debian/libssh-gcrypt-4.symbols --- libssh-0.6.1/debian/libssh-gcrypt-4.symbols 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/libssh-gcrypt-4.symbols 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,366 @@ +libssh-gcrypt.so.4 libssh-gcrypt-4 #MINVER# + _ssh_log@Base 0.6.1 + buffer_free@Base 0.3.4 + buffer_get@Base 0.3.4 + buffer_get_len@Base 0.3.4 + buffer_new@Base 0.3.4 + channel_accept_x11@Base 0.3.91 + channel_change_pty_size@Base 0.3.4 + channel_close@Base 0.3.4 + channel_forward_accept@Base 0.3.91 + channel_forward_cancel@Base 0.3.91 + channel_forward_listen@Base 0.3.91 + channel_free@Base 0.3.4 + channel_get_exit_status@Base 0.3.4 + channel_get_session@Base 0.3.4 + channel_is_closed@Base 0.3.4 + channel_is_eof@Base 0.3.4 + channel_is_open@Base 0.3.4 + channel_new@Base 0.3.4 + channel_open_forward@Base 0.3.4 + channel_open_session@Base 0.3.4 + channel_poll@Base 0.3.4 + channel_read@Base 0.3.4 + channel_read_buffer@Base 0.3.4 + channel_read_nonblocking@Base 0.3.4 + channel_request_env@Base 0.3.4 + channel_request_exec@Base 0.3.4 + channel_request_pty@Base 0.3.4 + channel_request_pty_size@Base 0.3.4 + channel_request_send_signal@Base 0.3.91 + channel_request_sftp@Base 0.3.4 + channel_request_shell@Base 0.3.4 + channel_request_subsystem@Base 0.3.4 + channel_request_x11@Base 0.3.91 + channel_select@Base 0.3.4 + channel_send_eof@Base 0.3.4 + channel_set_blocking@Base 0.3.4 + channel_write@Base 0.3.4 + channel_write_stderr@Base 0.3.91 + privatekey_free@Base 0.3.4 + privatekey_from_file@Base 0.3.4 + publickey_free@Base 0.3.4 + publickey_from_file@Base 0.3.4 + publickey_from_privatekey@Base 0.3.4 + publickey_to_string@Base 0.3.4 + sftp_async_read@Base 0.3.4 + sftp_async_read_begin@Base 0.3.4 + sftp_attributes_free@Base 0.3.4 + sftp_canonicalize_path@Base 0.3.4 + sftp_chmod@Base 0.3.4 + sftp_chown@Base 0.3.4 + sftp_client_message_free@Base 0.6.1 + sftp_client_message_get_data@Base 0.6.1 + sftp_client_message_get_filename@Base 0.6.1 + sftp_client_message_get_flags@Base 0.6.1 + sftp_client_message_get_type@Base 0.6.1 + sftp_client_message_set_filename@Base 0.6.1 + sftp_close@Base 0.3.4 + sftp_closedir@Base 0.3.4 + sftp_dir_eof@Base 0.3.4 + sftp_extension_supported@Base 0.3.91 + sftp_extensions_get_count@Base 0.3.91 + sftp_extensions_get_data@Base 0.3.91 + sftp_extensions_get_name@Base 0.3.91 + sftp_file_set_blocking@Base 0.3.4 + sftp_file_set_nonblocking@Base 0.3.4 + sftp_free@Base 0.3.4 + sftp_fstat@Base 0.3.4 + sftp_fstatvfs@Base 0.3.91 + sftp_get_client_message@Base 0.6.1 + sftp_get_error@Base 0.3.4 + sftp_init@Base 0.3.4 + sftp_lstat@Base 0.3.4 + sftp_mkdir@Base 0.3.4 + sftp_new@Base 0.3.4 + sftp_new_channel@Base 0.6.1 + sftp_open@Base 0.3.4 + sftp_opendir@Base 0.3.4 + sftp_read@Base 0.3.4 + sftp_readdir@Base 0.3.4 + sftp_readlink@Base 0.3.4 + sftp_rename@Base 0.3.4 + sftp_rewind@Base 0.3.4 + sftp_rmdir@Base 0.3.4 + sftp_seek64@Base 0.3.4 + sftp_seek@Base 0.3.4 + sftp_send_client_message@Base 0.6.1 + sftp_server_init@Base 0.3.4 + sftp_server_new@Base 0.3.4 + sftp_server_version@Base 0.3.4 + sftp_setstat@Base 0.3.4 + sftp_stat@Base 0.3.4 + sftp_statvfs@Base 0.3.91 + sftp_statvfs_free@Base 0.3.91 + sftp_symlink@Base 0.3.4 + sftp_tell64@Base 0.3.4 + sftp_tell@Base 0.3.4 + sftp_unlink@Base 0.3.4 + sftp_utimes@Base 0.3.4 + sftp_write@Base 0.3.4 + ssh_accept@Base 0.3.4 + ssh_auth_list@Base 0.3.4 + ssh_basename@Base 0.3.4 + ssh_bind_accept@Base 0.3.4 + ssh_bind_accept_fd@Base 0.6.1 + ssh_bind_fd_toaccept@Base 0.3.4 + ssh_bind_free@Base 0.3.4 + ssh_bind_get_fd@Base 0.3.4 + ssh_bind_listen@Base 0.3.4 + ssh_bind_new@Base 0.3.4 + ssh_bind_options_set@Base 0.3.91 + ssh_bind_set_blocking@Base 0.3.4 + ssh_bind_set_callbacks@Base 0.5.0 + ssh_bind_set_fd@Base 0.3.4 + ssh_blocking_flush@Base 0.5.0 + ssh_buffer_free@Base 0.5.0 + ssh_buffer_get_begin@Base 0.5.0 + ssh_buffer_get_len@Base 0.5.0 + ssh_buffer_new@Base 0.5.0 + ssh_channel_accept_forward@Base 0.5.4-2~ + ssh_channel_accept_x11@Base 0.5.0 + ssh_channel_change_pty_size@Base 0.5.0 + ssh_channel_close@Base 0.5.0 + ssh_channel_free@Base 0.5.0 + ssh_channel_get_exit_status@Base 0.5.0 + ssh_channel_get_session@Base 0.5.0 + ssh_channel_is_closed@Base 0.5.0 + ssh_channel_is_eof@Base 0.5.0 + ssh_channel_is_open@Base 0.5.0 + ssh_channel_new@Base 0.5.0 + ssh_channel_open_auth_agent@Base 0.6.1 + ssh_channel_open_forward@Base 0.5.0 + ssh_channel_open_reverse_forward@Base 0.5.0 + ssh_channel_open_session@Base 0.5.0 + ssh_channel_open_x11@Base 0.6.1 + ssh_channel_poll@Base 0.5.0 + ssh_channel_poll_timeout@Base 0.6.1 + ssh_channel_read@Base 0.5.0 + ssh_channel_read_nonblocking@Base 0.5.0 + ssh_channel_read_timeout@Base 0.6.1 + ssh_channel_request_env@Base 0.5.0 + ssh_channel_request_exec@Base 0.5.0 + ssh_channel_request_pty@Base 0.5.0 + ssh_channel_request_pty_size@Base 0.5.0 + ssh_channel_request_send_exit_signal@Base 0.5.0 + ssh_channel_request_send_exit_status@Base 0.5.0 + ssh_channel_request_send_signal@Base 0.5.0 + ssh_channel_request_sftp@Base 0.5.0 + ssh_channel_request_shell@Base 0.5.0 + ssh_channel_request_subsystem@Base 0.5.0 + ssh_channel_request_x11@Base 0.5.0 + ssh_channel_select@Base 0.5.0 + ssh_channel_send_eof@Base 0.5.0 + ssh_channel_set_blocking@Base 0.5.0 + ssh_channel_window_size@Base 0.5.0 + ssh_channel_write@Base 0.5.0 + ssh_channel_write_stderr@Base 0.5.0 + ssh_clean_pubkey_hash@Base 0.3.91 + ssh_connect@Base 0.3.4 + ssh_copyright@Base 0.3.4 + ssh_dirname@Base 0.3.4 + ssh_disconnect@Base 0.3.4 + ssh_event_add_fd@Base 0.6.1 + ssh_event_add_session@Base 0.6.1 + ssh_event_dopoll@Base 0.6.1 + ssh_event_free@Base 0.6.1 + ssh_event_new@Base 0.6.1 + ssh_event_remove_fd@Base 0.6.1 + ssh_event_remove_session@Base 0.6.1 + ssh_execute_message_callbacks@Base 0.5.0 + ssh_finalize@Base 0.3.4 + ssh_forward_accept@Base 0.5.0 + ssh_forward_cancel@Base 0.5.0 + ssh_forward_listen@Base 0.5.0 + ssh_free@Base 0.3.91 + ssh_get_cipher_in@Base 0.6.1 + ssh_get_cipher_out@Base 0.6.1 + ssh_get_clientbanner@Base 0.6.1 + ssh_get_disconnect_message@Base 0.3.4 + ssh_get_error@Base 0.3.4 + ssh_get_error_code@Base 0.3.4 + ssh_get_fd@Base 0.3.4 + ssh_get_hexa@Base 0.3.4 + ssh_get_issue_banner@Base 0.3.4 + ssh_get_log_callback@Base 0.6.1 + ssh_get_log_level@Base 0.6.1 + ssh_get_log_userdata@Base 0.6.1 + ssh_get_openssh_version@Base 0.3.4 + ssh_get_poll_flags@Base 0.6.1 + ssh_get_pubkey@Base 0.3.4 + ssh_get_pubkey_hash@Base 0.3.4 + ssh_get_publickey@Base 0.6.1 + ssh_get_publickey_hash@Base 0.6.1 + ssh_get_random@Base 0.3.4 + ssh_get_serverbanner@Base 0.6.1 + ssh_get_status@Base 0.3.4 + ssh_get_version@Base 0.3.4 + ssh_getpass@Base 0.5.0 + ssh_gssapi_get_creds@Base 0.6.3-3~ + ssh_gssapi_set_creds@Base 0.6.3-3~ + ssh_handle_key_exchange@Base 0.5.0 + ssh_init@Base 0.3.4 + ssh_is_blocking@Base 0.5.0 + ssh_is_connected@Base 0.5.0 + ssh_is_server_known@Base 0.3.4 + ssh_key_cmp@Base 0.6.1 + ssh_key_free@Base 0.6.1 + ssh_key_is_private@Base 0.6.1 + ssh_key_is_public@Base 0.6.1 + ssh_key_new@Base 0.6.1 + ssh_key_type@Base 0.6.1 + ssh_key_type_from_name@Base 0.6.1 + ssh_key_type_to_char@Base 0.6.1 + ssh_log@Base 0.3.4 + ssh_message_auth_interactive_request@Base 0.6.1 + ssh_message_auth_kbdint_is_response@Base 0.6.1 + ssh_message_auth_password@Base 0.3.4 + ssh_message_auth_pubkey@Base 0.6.1 + ssh_message_auth_publickey@Base 0.3.91 + ssh_message_auth_publickey_state@Base 0.5.0 + ssh_message_auth_reply_pk_ok@Base 0.3.91 + ssh_message_auth_reply_pk_ok_simple@Base 0.5.0 + ssh_message_auth_reply_success@Base 0.3.4 + ssh_message_auth_set_methods@Base 0.3.4 + ssh_message_auth_user@Base 0.3.4 + ssh_message_channel_request_channel@Base 0.3.91 + ssh_message_channel_request_command@Base 0.3.91 + ssh_message_channel_request_env_name@Base 0.3.91 + ssh_message_channel_request_env_value@Base 0.3.91 + ssh_message_channel_request_open_destination@Base 0.3.91 + ssh_message_channel_request_open_destination_port@Base 0.3.91 + ssh_message_channel_request_open_originator@Base 0.3.91 + ssh_message_channel_request_open_originator_port@Base 0.3.91 + ssh_message_channel_request_open_reply_accept@Base 0.3.4 + ssh_message_channel_request_pty_height@Base 0.3.91 + ssh_message_channel_request_pty_pxheight@Base 0.3.91 + ssh_message_channel_request_pty_pxwidth@Base 0.3.91 + ssh_message_channel_request_pty_term@Base 0.3.91 + ssh_message_channel_request_pty_width@Base 0.3.91 + ssh_message_channel_request_reply_success@Base 0.3.4 + ssh_message_channel_request_subsystem@Base 0.3.4 + ssh_message_channel_request_x11_auth_cookie@Base 0.6.1 + ssh_message_channel_request_x11_auth_protocol@Base 0.6.1 + ssh_message_channel_request_x11_screen_number@Base 0.6.1 + ssh_message_channel_request_x11_single_connection@Base 0.6.1 + ssh_message_free@Base 0.3.4 + ssh_message_get@Base 0.3.4 + ssh_message_global_request_address@Base 0.5.0 + ssh_message_global_request_port@Base 0.5.0 + ssh_message_global_request_reply_success@Base 0.5.0 + ssh_message_reply_default@Base 0.3.4 + ssh_message_retrieve@Base 0.3.91 + ssh_message_service_reply_success@Base 0.3.91 + ssh_message_service_service@Base 0.3.91 + ssh_message_subtype@Base 0.3.4 + ssh_message_type@Base 0.3.4 + ssh_mkdir@Base 0.3.4 + ssh_new@Base 0.3.4 + ssh_options_copy@Base 0.3.4 + ssh_options_get@Base 0.6.1 + ssh_options_get_port@Base 0.6.1 + ssh_options_getopt@Base 0.3.4 + ssh_options_parse_config@Base 0.3.91 + ssh_options_set@Base 0.3.91 + ssh_pcap_file_close@Base 0.5.0 + ssh_pcap_file_free@Base 0.5.0 + ssh_pcap_file_new@Base 0.5.0 + ssh_pcap_file_open@Base 0.5.0 + ssh_pki_export_privkey_file@Base 0.6.1 + ssh_pki_export_privkey_to_pubkey@Base 0.6.1 + ssh_pki_export_pubkey_base64@Base 0.6.1 + ssh_pki_export_pubkey_file@Base 0.6.1 + ssh_pki_generate@Base 0.6.1 + ssh_pki_import_privkey_base64@Base 0.6.1 + ssh_pki_import_privkey_file@Base 0.6.1 + ssh_pki_import_pubkey_base64@Base 0.6.1 + ssh_pki_import_pubkey_file@Base 0.6.1 + ssh_print_hexa@Base 0.3.4 + ssh_privatekey_type@Base 0.4.3 + ssh_publickey_to_file@Base 0.4.2 + ssh_scp_accept_request@Base 0.3.91 + ssh_scp_close@Base 0.3.91 + ssh_scp_deny_request@Base 0.3.91 + ssh_scp_free@Base 0.3.91 + ssh_scp_init@Base 0.3.91 + ssh_scp_leave_directory@Base 0.3.91 + ssh_scp_new@Base 0.3.91 + ssh_scp_pull_request@Base 0.3.91 + ssh_scp_push_directory@Base 0.3.91 + ssh_scp_push_file64@Base 0.6.1 + ssh_scp_push_file@Base 0.3.91 + ssh_scp_read@Base 0.3.91 + ssh_scp_request_get_filename@Base 0.3.91 + ssh_scp_request_get_permissions@Base 0.3.91 + ssh_scp_request_get_size64@Base 0.6.1 + ssh_scp_request_get_size@Base 0.3.91 + ssh_scp_request_get_warning@Base 0.3.91 + ssh_scp_write@Base 0.3.91 + ssh_select@Base 0.3.4 + ssh_send_debug@Base 0.6.1 + ssh_send_ignore@Base 0.6.1 + ssh_send_keepalive@Base 0.6.1 + ssh_service_request@Base 0.3.4 + ssh_set_agent_channel@Base 0.6.1 + ssh_set_auth_methods@Base 0.6.1 + ssh_set_blocking@Base 0.3.4 + ssh_set_callbacks@Base 0.3.91 + ssh_set_channel_callbacks@Base 0.5.0 + ssh_set_fd_except@Base 0.3.4 + ssh_set_fd_toread@Base 0.3.4 + ssh_set_fd_towrite@Base 0.3.4 + ssh_set_log_callback@Base 0.6.1 + ssh_set_log_level@Base 0.6.1 + ssh_set_log_userdata@Base 0.6.1 + ssh_set_message_callback@Base 0.3.91 + ssh_set_pcap_file@Base 0.5.0 + ssh_set_server_callbacks@Base 0.6.1 + ssh_silent_disconnect@Base 0.3.4 + ssh_string_burn@Base 0.5.0 + ssh_string_copy@Base 0.5.0 + ssh_string_data@Base 0.5.0 + ssh_string_fill@Base 0.5.0 + ssh_string_free@Base 0.5.0 + ssh_string_free_char@Base 0.5.0 + ssh_string_from_char@Base 0.5.0 + ssh_string_get_char@Base 0.6.1 + ssh_string_len@Base 0.5.0 + ssh_string_new@Base 0.5.0 + ssh_string_to_char@Base 0.5.0 + ssh_threads_get_noop@Base 0.5.0 + ssh_threads_set_callbacks@Base 0.5.0 + ssh_try_publickey_from_file@Base 0.4.2 + ssh_userauth_agent@Base 0.6.1 + ssh_userauth_agent_pubkey@Base 0.3.4 + ssh_userauth_autopubkey@Base 0.3.4 + ssh_userauth_gssapi@Base 0.6.1 + ssh_userauth_kbdint@Base 0.3.4 + ssh_userauth_kbdint_getanswer@Base 0.6.1 + ssh_userauth_kbdint_getinstruction@Base 0.3.4 + ssh_userauth_kbdint_getname@Base 0.3.4 + ssh_userauth_kbdint_getnanswers@Base 0.6.1 + ssh_userauth_kbdint_getnprompts@Base 0.3.4 + ssh_userauth_kbdint_getprompt@Base 0.3.4 + ssh_userauth_kbdint_setanswer@Base 0.3.4 + ssh_userauth_list@Base 0.3.4 + ssh_userauth_none@Base 0.3.4 + ssh_userauth_offer_pubkey@Base 0.3.4 + ssh_userauth_password@Base 0.3.4 + ssh_userauth_privatekey_file@Base 0.5.0 + ssh_userauth_pubkey@Base 0.3.4 + ssh_userauth_publickey@Base 0.6.1 + ssh_userauth_publickey_auto@Base 0.6.1 + ssh_userauth_try_publickey@Base 0.6.1 + ssh_version@Base 0.3.4 + ssh_write_knownhost@Base 0.3.4 + string_burn@Base 0.3.4 + string_copy@Base 0.3.4 + string_data@Base 0.3.4 + string_fill@Base 0.3.4 + string_free@Base 0.3.4 + string_from_char@Base 0.3.4 + string_len@Base 0.3.4 + string_new@Base 0.3.4 + string_to_char@Base 0.3.4 +libssh-gcrypt_threads.so.4 libssh-gcrypt-4 #MINVER# + ssh_threads_get_pthread@Base 0.5.0 diff -Nru libssh-0.6.1/debian/libssh-gcrypt-dev.install libssh-0.6.3/debian/libssh-gcrypt-dev.install --- libssh-0.6.1/debian/libssh-gcrypt-dev.install 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/libssh-gcrypt-dev.install 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,6 @@ +usr/include/libssh/ +usr/lib/*/libssh.a +usr/lib/*/libssh.so +usr/lib/*/libssh_threads.a +usr/lib/*/libssh_threads.so +usr/lib/*/pkgconfig/ diff -Nru libssh-0.6.1/debian/patches/0001_CVE-2014-8132.patch libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch --- libssh-0.6.1/debian/patches/0001_CVE-2014-8132.patch 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/0001_CVE-2014-8132.patch 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,39 @@ +commit 87ae95eb3c2f35d3e8e00eca43d0711ab2737ef5 +Author: Jon Simons +Date: Sat Oct 18 23:23:26 2014 -0700 + + CVE-2014-8132: Fixup error path in ssh_packet_kexinit() + + Before this change, dangling pointers can be unintentionally left in the + respective next_crypto kex methods slots. Ensure to set all slots to + NULL in the error-out path. + + Signed-off-by: Jon Simons + Reviewed-by: Andreas Schneider + (cherry picked from commit 2ced24ddd67a261dc364ad4d8958c068c1671ae7) + +diff --git a/src/kex.c b/src/kex.c +index 563c6a5..fab6bad 100644 +--- a/src/kex.c ++++ b/src/kex.c +@@ -315,7 +315,7 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){ + for (i = 0; i < KEX_METHODS_SIZE; i++) { + str = buffer_get_ssh_string(packet); + if (str == NULL) { +- break; ++ goto error; + } + + if (buffer_add_ssh_string(session->in_hashbuf, str) < 0) { +@@ -350,6 +350,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexinit){ + error: + ssh_string_free(str); + for (i = 0; i < SSH_KEX_METHODS; i++) { ++ if (server_kex) { ++ session->next_crypto->client_kex.methods[i] = NULL; ++ } else { /* client */ ++ session->next_crypto->server_kex.methods[i] = NULL; ++ } + SAFE_FREE(strings[i]); + } + diff -Nru libssh-0.6.1/debian/patches/0001-disable-latex-documentation.patch libssh-0.6.3/debian/patches/0001-disable-latex-documentation.patch --- libssh-0.6.1/debian/patches/0001-disable-latex-documentation.patch 2013-02-05 00:12:09.000000000 +0000 +++ libssh-0.6.3/debian/patches/0001-disable-latex-documentation.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,15 +0,0 @@ -Description: Be sure we never build LaTeX documentation -Author: Laurent Bigonville -Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622108 - ---- a/doc/doxy.config.in -+++ b/doc/doxy.config.in -@@ -1014,7 +1014,7 @@ - # If the GENERATE_LATEX tag is set to YES (the default) Doxygen will - # generate Latex output. - --GENERATE_LATEX = @DOXYFILE_LATEX@ -+GENERATE_LATEX = NO - - # The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put. - # If a relative path is entered the value of OUTPUT_DIRECTORY will be diff -Nru libssh-0.6.1/debian/patches/0002_CVE-2015-3146.patch libssh-0.6.3/debian/patches/0002_CVE-2015-3146.patch --- libssh-0.6.1/debian/patches/0002_CVE-2015-3146.patch 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/0002_CVE-2015-3146.patch 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,129 @@ +From 94f6955fbaee6fda9385a23e505497efe21f5b4f Mon Sep 17 00:00:00 2001 +From: Aris Adamantiadis +Date: Wed, 15 Apr 2015 16:08:37 +0200 +Subject: [PATCH 1/2] CVE-2015-3146: Fix state validation in packet handlers + +The state validation in the packet handlers for SSH_MSG_NEWKEYS and +SSH_MSG_KEXDH_REPLY had a bug which did not raise an error. + +The issue has been found and reported by Mariusz Ziule. + +Signed-off-by: Aris Adamantiadis +Reviewed-by: Andreas Schneider +(cherry picked from commit bf0c7ae0aeb0ebe661d11ea6785fff2cbf4f3dbe) +--- + src/packet_cb.c | 16 ++++++++++------ + src/server.c | 8 +++++--- + 2 files changed, 15 insertions(+), 9 deletions(-) + +diff --git a/src/packet_cb.c b/src/packet_cb.c +index a10dd1a..e6c613f 100644 +--- a/src/packet_cb.c ++++ b/src/packet_cb.c +@@ -94,7 +94,7 @@ SSH_PACKET_CALLBACK(ssh_packet_dh_reply){ + (void)type; + (void)user; + SSH_LOG(SSH_LOG_PROTOCOL,"Received SSH_KEXDH_REPLY"); +- if(session->session_state!= SSH_SESSION_STATE_DH && ++ if (session->session_state != SSH_SESSION_STATE_DH || + session->dh_handshake_state != DH_STATE_INIT_SENT){ + ssh_set_error(session,SSH_FATAL,"ssh_packet_dh_reply called in wrong state : %d:%d", + session->session_state,session->dh_handshake_state); +@@ -135,12 +135,16 @@ SSH_PACKET_CALLBACK(ssh_packet_newkeys){ + (void)user; + (void)type; + SSH_LOG(SSH_LOG_PROTOCOL, "Received SSH_MSG_NEWKEYS"); +- if(session->session_state!= SSH_SESSION_STATE_DH && +- session->dh_handshake_state != DH_STATE_NEWKEYS_SENT){ +- ssh_set_error(session,SSH_FATAL,"ssh_packet_newkeys called in wrong state : %d:%d", +- session->session_state,session->dh_handshake_state); +- goto error; ++ ++ if (session->session_state != SSH_SESSION_STATE_DH || ++ session->dh_handshake_state != DH_STATE_NEWKEYS_SENT) { ++ ssh_set_error(session, ++ SSH_FATAL, ++ "ssh_packet_newkeys called in wrong state : %d:%d", ++ session->session_state,session->dh_handshake_state); ++ goto error; + } ++ + if(session->server){ + /* server things are done in server.c */ + session->dh_handshake_state=DH_STATE_FINISHED; +diff --git a/src/server.c b/src/server.c +index 35281ca..1637cce 100644 +--- a/src/server.c ++++ b/src/server.c +@@ -165,7 +165,7 @@ static int ssh_server_kexdh_init(ssh_session session, ssh_buffer packet){ + } + + SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){ +- int rc; ++ int rc = SSH_ERROR; + (void)type; + (void)user; + +@@ -193,9 +193,11 @@ SSH_PACKET_CALLBACK(ssh_packet_kexdh_init){ + ssh_set_error(session,SSH_FATAL,"Wrong kex type in ssh_packet_kexdh_init"); + rc = SSH_ERROR; + } +- if (rc == SSH_ERROR) ++ ++error: ++ if (rc == SSH_ERROR) { + session->session_state = SSH_SESSION_STATE_ERROR; +- error: ++ } + + return SSH_PACKET_USED; + } +-- +2.3.5 + + +From e9d16bd3439205ce7e75017405b1ac6ed5ead062 Mon Sep 17 00:00:00 2001 +From: Aris Adamantiadis +Date: Wed, 15 Apr 2015 16:25:29 +0200 +Subject: [PATCH 2/2] buffers: Fix a possible null pointer dereference + +This is an addition to CVE-2015-3146 to fix the null pointer +dereference. The patch is not required to fix the CVE but prevents +issues in future. + +Signed-off-by: Aris Adamantiadis +Reviewed-by: Andreas Schneider +(cherry picked from commit 309102547208281215e6799336b42d355cdd7c5d) +--- + src/buffer.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/buffer.c b/src/buffer.c +index ca12086..3bb6ec4 100644 +--- a/src/buffer.c ++++ b/src/buffer.c +@@ -188,6 +188,10 @@ int buffer_reinit(struct ssh_buffer_struct *buffer) { + int buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len) { + buffer_verify(buffer); + ++ if (data == NULL) { ++ return -1; ++ } ++ + if (buffer->used + len < len) { + return -1; + } +@@ -221,6 +225,10 @@ int buffer_add_ssh_string(struct ssh_buffer_struct *buffer, + struct ssh_string_struct *string) { + uint32_t len = 0; + ++ if (string == NULL) { ++ return -1; ++ } ++ + len = ssh_string_len(string); + if (buffer_add_data(buffer, string, len + sizeof(uint32_t)) < 0) { + return -1; +-- +2.3.5 + diff -Nru libssh-0.6.1/debian/patches/0002-fix-html-doc-generation.patch libssh-0.6.3/debian/patches/0002-fix-html-doc-generation.patch --- libssh-0.6.1/debian/patches/0002-fix-html-doc-generation.patch 2014-02-12 19:00:37.000000000 +0000 +++ libssh-0.6.3/debian/patches/0002-fix-html-doc-generation.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,18 +0,0 @@ -Description: Do not exclude "*/build/*" directory as buildd use that path -Author: Laurent Bigonville -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/821437 - -Index: libssh-0.6.1/doc/doxy.config.in -=================================================================== ---- libssh-0.6.1.orig/doc/doxy.config.in 2014-02-12 11:00:37.500190171 -0800 -+++ libssh-0.6.1/doc/doxy.config.in 2014-02-12 11:00:37.500190171 -0800 -@@ -720,8 +720,7 @@ - - EXCLUDE_PATTERNS = */.git/* \ - */.svn/* \ -- */cmake/* \ -- */build/* -+ */cmake/* - - # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names - # (namespaces, classes, functions, etc.) that should be excluded from the diff -Nru libssh-0.6.1/debian/patches/0003_CVE-2016-0739.patch libssh-0.6.3/debian/patches/0003_CVE-2016-0739.patch --- libssh-0.6.1/debian/patches/0003_CVE-2016-0739.patch 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/0003_CVE-2016-0739.patch 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,64 @@ +Description: CVE-2016-0739: Truncated Diffie-Hellman secret length +Origin: upstream, https://git.libssh.org/projects/libssh.git/commit/?id=f8d0026c65fc8a55748ae481758e2cf376c26c86 +Bug-Debian: https://bugs.debian.org/815663 +Forwarded: not-needed +Author: Aris Adamantiadis +Reviewed-by: Salvatore Bonaccorso +Last-Update: 2016-02-22 +Applied-Upstream: 0.7.3 + +--- + src/dh.c | 22 +++++++++++++++++----- + 1 file changed, 17 insertions(+), 5 deletions(-) + +--- a/src/dh.c ++++ b/src/dh.c +@@ -240,15 +240,21 @@ void ssh_print_bignum(const char *which, + } + + int dh_generate_x(ssh_session session) { ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } + session->next_crypto->x = bignum_new(); + if (session->next_crypto->x == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->x, 128); ++ bignum_rand(session->next_crypto->x, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->x, 128, 0, -1); ++ bignum_rand(session->next_crypto->x, keysize, -1, 0); + #endif + + /* not harder than this */ +@@ -261,15 +267,21 @@ int dh_generate_x(ssh_session session) { + + /* used by server */ + int dh_generate_y(ssh_session session) { +- session->next_crypto->y = bignum_new(); ++ int keysize; ++ if (session->next_crypto->kex_type == SSH_KEX_DH_GROUP1_SHA1) { ++ keysize = 1023; ++ } else { ++ keysize = 2047; ++ } ++ session->next_crypto->y = bignum_new(); + if (session->next_crypto->y == NULL) { + return -1; + } + + #ifdef HAVE_LIBGCRYPT +- bignum_rand(session->next_crypto->y, 128); ++ bignum_rand(session->next_crypto->y, keysize); + #elif defined HAVE_LIBCRYPTO +- bignum_rand(session->next_crypto->y, 128, 0, -1); ++ bignum_rand(session->next_crypto->y, keysize, -1, 0); + #endif + + /* not harder than this */ diff -Nru libssh-0.6.1/debian/patches/0003-fix-typo.patch libssh-0.6.3/debian/patches/0003-fix-typo.patch --- libssh-0.6.1/debian/patches/0003-fix-typo.patch 2013-02-05 00:12:09.000000000 +0000 +++ libssh-0.6.3/debian/patches/0003-fix-typo.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -Subject: Fix typo -From: Laurent Bigonville - ---- a/src/server.c -+++ b/src/server.c -@@ -186,7 +186,7 @@ static int dh_handshake_server(ssh_sessi - default: - ssh_set_error(session, - SSH_FATAL, -- "Could determine the specified hostkey"); -+ "Could not determine the specified hostkey"); - ssh_string_free(f); - return -1; - } diff -Nru libssh-0.6.1/debian/patches/1001_error-msg-typo-fix.patch libssh-0.6.3/debian/patches/1001_error-msg-typo-fix.patch --- libssh-0.6.1/debian/patches/1001_error-msg-typo-fix.patch 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/1001_error-msg-typo-fix.patch 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,33 @@ +Description: Fix spelling error in pki_* code +Author: Mike Gabriel +--- a/src/pki_crypto.c ++++ b/src/pki_crypto.c +@@ -628,7 +628,7 @@ + #endif + case SSH_KEYTYPE_UNKNOWN: + BIO_free(mem); +- ssh_pki_log("Unkown or invalid private key type %d", key->type); ++ ssh_pki_log("Unknown or invalid private key type %d", key->type); + return NULL; + } + +@@ -751,7 +751,7 @@ + #endif + case SSH_KEYTYPE_UNKNOWN: + BIO_free(mem); +- ssh_pki_log("Unkown or invalid private key type %d", type); ++ ssh_pki_log("Unknown or invalid private key type %d", type); + return NULL; + } + +--- a/src/pki_gcrypt.c ++++ b/src/pki_gcrypt.c +@@ -668,7 +668,7 @@ + break; + case SSH_KEYTYPE_ECDSA: + case SSH_KEYTYPE_UNKNOWN: +- ssh_pki_log("Unkown or invalid private key type %d", type); ++ ssh_pki_log("Unknown or invalid private key type %d", type); + return NULL; + } + diff -Nru libssh-0.6.1/debian/patches/1003-custom-lib-names.patch libssh-0.6.3/debian/patches/1003-custom-lib-names.patch --- libssh-0.6.1/debian/patches/1003-custom-lib-names.patch 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/1003-custom-lib-names.patch 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,38 @@ +Description: Allow to overwrite libssh's OUTPUT_NAME. +Author: Sebastian Ramacher +Last-Update: 2012-06-19 + +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -93,6 +93,11 @@ set(LIBSSH_LINK_LIBRARIES + CACHE INTERNAL "libssh link libraries" + ) + ++set(LIBSSH_LIBRARY_NAME ++ ssh ++ CACHE INTERNAL "libssh library name" ++) ++ + set(LIBSSH_SHARED_LIBRARY + ssh_shared + CACHE INTERNAL "libssh shared library" +@@ -229,7 +234,7 @@ set_target_properties( + SOVERSION + ${LIBRARY_SOVERSION} + OUTPUT_NAME +- ssh ++ ${LIBSSH_LIBRARY_NAME} + DEFINE_SYMBOL + LIBSSH_EXPORTS + ) +--- a/src/threads/CMakeLists.txt ++++ b/src/threads/CMakeLists.txt +@@ -65,7 +65,7 @@ set_target_properties( + SOVERSION + ${LIBRARY_SOVERSION} + OUTPUT_NAME +- ssh_threads ++ ${LIBSSH_LIBRARY_NAME}_threads + DEFINE_SYMBOL + LIBSSH_EXPORTS + ) diff -Nru libssh-0.6.1/debian/patches/2002-fix-html-doc-generation.patch libssh-0.6.3/debian/patches/2002-fix-html-doc-generation.patch --- libssh-0.6.1/debian/patches/2002-fix-html-doc-generation.patch 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/2002-fix-html-doc-generation.patch 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,16 @@ +Description: Do not exclude "*/build/*" directory as buildd use that path +Author: Laurent Bigonville +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libssh/+bug/821437 + +--- a/doc/doxy.config.in ++++ b/doc/doxy.config.in +@@ -720,8 +720,7 @@ + + EXCLUDE_PATTERNS = */.git/* \ + */.svn/* \ +- */cmake/* \ +- */build/* ++ */cmake/* + + # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names + # (namespaces, classes, functions, etc.) that should be excluded from the diff -Nru libssh-0.6.1/debian/patches/2003-disable-expand_tilde_unix-test.patch libssh-0.6.3/debian/patches/2003-disable-expand_tilde_unix-test.patch --- libssh-0.6.1/debian/patches/2003-disable-expand_tilde_unix-test.patch 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/2003-disable-expand_tilde_unix-test.patch 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,24 @@ +Description: Disable torture_path_expand_tilde_unix, its not working well on buildd + On buildd, the HOME is set to a non-existing directory, this makes + torture_path_expand_tilde_unix fail +Author: Laurent Bigonville + +--- a/tests/unittests/torture_misc.c ++++ b/tests/unittests/torture_misc.c +@@ -192,11 +192,11 @@ int torture_run_tests(void) { + unit_test(torture_basename), + unit_test(torture_dirname), + unit_test(torture_ntohll), +-#ifdef _WIN32 +- unit_test(torture_path_expand_tilde_win), +-#else +- unit_test(torture_path_expand_tilde_unix), +-#endif ++//#ifdef _WIN32 ++// unit_test(torture_path_expand_tilde_win), ++//#else ++// unit_test(torture_path_expand_tilde_unix), ++//#endif + unit_test_setup_teardown(torture_path_expand_escape, setup, teardown), + unit_test_setup_teardown(torture_path_expand_known_hosts, setup, teardown), + unit_test(torture_timeout_elapsed), diff -Nru libssh-0.6.1/debian/patches/CVE-2014-0017.patch libssh-0.6.3/debian/patches/CVE-2014-0017.patch --- libssh-0.6.1/debian/patches/CVE-2014-0017.patch 2014-03-10 13:47:07.000000000 +0000 +++ libssh-0.6.3/debian/patches/CVE-2014-0017.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,87 +0,0 @@ -From e99246246b4061f7e71463f8806b9dcad65affa0 Mon Sep 17 00:00:00 2001 -From: Aris Adamantiadis -Date: Wed, 05 Feb 2014 20:24:12 +0000 -Subject: security: fix for vulnerability CVE-2014-0017 - -When accepting a new connection, a forking server based on libssh forks -and the child process handles the request. The RAND_bytes() function of -openssl doesn't reset its state after the fork, but simply adds the -current process id (getpid) to the PRNG state, which is not guaranteed -to be unique. -This can cause several children to end up with same PRNG state which is -a security issue. ---- -diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h -index 7374a88..e8ff32c 100644 ---- a/include/libssh/wrapper.h -+++ b/include/libssh/wrapper.h -@@ -70,5 +70,6 @@ int crypt_set_algorithms_server(ssh_session session); - struct ssh_crypto_struct *crypto_new(void); - void crypto_free(struct ssh_crypto_struct *crypto); - -+void ssh_reseed(void); - - #endif /* WRAPPER_H_ */ -diff --git a/src/bind.c b/src/bind.c -index 8d82d0d..03d3403 100644 ---- a/src/bind.c -+++ b/src/bind.c -@@ -458,6 +458,8 @@ int ssh_bind_accept_fd(ssh_bind sshbind, ssh_session session, socket_t fd){ - return SSH_ERROR; - } - } -+ /* force PRNG to change state in case we fork after ssh_bind_accept */ -+ ssh_reseed(); - return SSH_OK; - } - -diff --git a/src/libcrypto.c b/src/libcrypto.c -index bb1d96a..d8cc795 100644 ---- a/src/libcrypto.c -+++ b/src/libcrypto.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - #include "libssh/priv.h" - #include "libssh/session.h" -@@ -38,6 +39,8 @@ - #include - #include - #include -+#include -+ - #ifdef HAVE_OPENSSL_AES_H - #define HAS_AES - #include -@@ -74,6 +77,12 @@ static int alloc_key(struct ssh_cipher_struct *cipher) { - return 0; - } - -+void ssh_reseed(void){ -+ struct timeval tv; -+ gettimeofday(&tv, NULL); -+ RAND_add(&tv, sizeof(tv), 0.0); -+} -+ - SHACTX sha1_init(void) { - SHACTX c = malloc(sizeof(*c)); - if (c == NULL) { -diff --git a/src/libgcrypt.c b/src/libgcrypt.c -index 899bccd..4617901 100644 ---- a/src/libgcrypt.c -+++ b/src/libgcrypt.c -@@ -45,6 +45,9 @@ static int alloc_key(struct ssh_cipher_struct *cipher) { - return 0; - } - -+void ssh_reseed(void){ -+ } -+ - SHACTX sha1_init(void) { - SHACTX ctx = NULL; - gcry_md_open(&ctx, GCRY_MD_SHA1, 0); --- -cgit v0.9.1 diff -Nru libssh-0.6.1/debian/patches/gcc-5.diff libssh-0.6.3/debian/patches/gcc-5.diff --- libssh-0.6.1/debian/patches/gcc-5.diff 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/gcc-5.diff 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,61 @@ +Index: b/include/libssh/pki_priv.h +=================================================================== +--- a/include/libssh/pki_priv.h ++++ b/include/libssh/pki_priv.h +@@ -29,7 +29,7 @@ + #define ECDSA_HEADER_END "-----END EC PRIVATE KEY-----" + + #define ssh_pki_log(...) \ +- _ssh_pki_log(__FUNCTION__, __VA_ARGS__) ++ _ssh_pki_log(__extension__ __FUNCTION__, __VA_ARGS__) + void _ssh_pki_log(const char *function, + const char *format, ...) PRINTF_ATTRIBUTE(2, 3); + +Index: b/include/libssh/priv.h +=================================================================== +--- a/include/libssh/priv.h ++++ b/include/libssh/priv.h +@@ -179,7 +179,7 @@ void ssh_log_function(int verbosity, + const char *function, + const char *buffer); + #define SSH_LOG(priority, ...) \ +- _ssh_log(priority, __FUNCTION__, __VA_ARGS__) ++ _ssh_log(priority, __extension__ __FUNCTION__, __VA_ARGS__) + + /* LEGACY */ + void ssh_log_common(struct ssh_common_struct *common, +@@ -197,18 +197,18 @@ struct error_struct { + }; + + #define ssh_set_error(error, code, ...) \ +- _ssh_set_error(error, code, __FUNCTION__, __VA_ARGS__) ++ _ssh_set_error(error, code, __extension__ __FUNCTION__, __VA_ARGS__) + void _ssh_set_error(void *error, + int code, + const char *function, + const char *descr, ...) PRINTF_ATTRIBUTE(4, 5); + + #define ssh_set_error_oom(error) \ +- _ssh_set_error_oom(error, __FUNCTION__) ++ _ssh_set_error_oom(error, __extension__ __FUNCTION__) + void _ssh_set_error_oom(void *error, const char *function); + + #define ssh_set_error_invalid(error) \ +- _ssh_set_error_invalid(error, __FUNCTION__) ++ _ssh_set_error_invalid(error, __extension__ __FUNCTION__) + void _ssh_set_error_invalid(void *error, const char *function); + + +Index: b/src/auth.c +=================================================================== +--- a/src/auth.c ++++ b/src/auth.c +@@ -1907,7 +1907,7 @@ int ssh_userauth_kbdint(ssh_session sess + * This should not happen + */ + rc = SSH_AUTH_ERROR; +- ssh_set_error(session,SSH_FATAL,"Invalid state in %s", __FUNCTION__); ++ ssh_set_error(session,SSH_FATAL,"Invalid state in %s", __extension__ __FUNCTION__); + } + return rc; + } diff -Nru libssh-0.6.1/debian/patches/README libssh-0.6.3/debian/patches/README --- libssh-0.6.1/debian/patches/README 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/patches/README 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,3 @@ +0xxx: Grabbed from upstream development. +1xxx: Possibly relevant for upstream adoption. +2xxx: Only relevant for official Debian release. diff -Nru libssh-0.6.1/debian/patches/series libssh-0.6.3/debian/patches/series --- libssh-0.6.1/debian/patches/series 2014-03-10 13:47:07.000000000 +0000 +++ libssh-0.6.3/debian/patches/series 2016-02-23 18:54:50.000000000 +0000 @@ -1,2 +1,8 @@ -0002-fix-html-doc-generation.patch -CVE-2014-0017.patch +0001_CVE-2014-8132.patch +0002_CVE-2015-3146.patch +0003_CVE-2016-0739.patch +1001_error-msg-typo-fix.patch +1003-custom-lib-names.patch +2002-fix-html-doc-generation.patch +2003-disable-expand_tilde_unix-test.patch +gcc-5.diff diff -Nru libssh-0.6.1/debian/rules libssh-0.6.3/debian/rules --- libssh-0.6.1/debian/rules 2013-02-05 00:12:09.000000000 +0000 +++ libssh-0.6.3/debian/rules 2016-02-23 18:54:50.000000000 +0000 @@ -1,17 +1,53 @@ #!/usr/bin/make -f -DEB_AUTO_CLEANUP_RCS := yes +DEB_CMAKE_EXTRA_FLAGS := -DWITH_STATIC_LIB=ON -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) -DWITH_TESTING=ON -DWITH_GSSAPI=ON -DEB_CMAKE_EXTRA_FLAGS := -DWITH_STATIC_LIB=ON -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) +export DEB_LDFLAGS_MAINT_APPEND = -Wl,-z,defs -Wl,-O1 -Wl,--as-needed -include /usr/share/cdbs/1/class/cmake.mk -include /usr/share/cdbs/1/rules/debhelper.mk +%: + dh $@ -DEB_DBG_PACKAGE_libssh-4 = libssh-dbg +override_dh_clean: + rm -rf debian/tmp-gcrypt + rm -rf debian/home-openssl + rm -rf debian/home-gcrypt + dh_clean + +override_dh_auto_clean: + dh_auto_clean -Bbuild-openssl + dh_auto_clean -Bbuild-gcrypt + +override_dh_auto_configure: + dh_auto_configure -Bbuild-openssl -- \ + $(DEB_CMAKE_EXTRA_FLAGS) + dh_auto_configure -Bbuild-gcrypt -- \ + $(DEB_CMAKE_EXTRA_FLAGS) \ + -DWITH_GCRYPT=ON \ + -DLIBSSH_LIBRARY_NAME=ssh-gcrypt + +override_dh_auto_build: + dh_auto_build -Bbuild-openssl + $(MAKE) -Cbuild-openssl doc + dh_auto_build -Bbuild-gcrypt + +override_dh_auto_install: + dh_auto_install -Bbuild-openssl + dh_auto_install -Bbuild-gcrypt --destdir=debian/tmp-gcrypt + +override_dh_auto_test: + mkdir debian/home-openssl + mkdir debian/home-gcrypt + HOME=debian/home-openssl dh_auto_test -Bbuild-openssl + HOME=debian/home-gcrypt dh_auto_test -Bbuild-gcrypt + +override_dh_install: + find debian/tmp-gcrypt -name libssh-gcrypt.so -execdir mv '{}' libssh.so \; + find debian/tmp-gcrypt -name libssh-gcrypt_threads.so -execdir mv '{}' libssh_threads.so \; + dh_install -plibssh-gcrypt-4 -plibssh-gcrypt-dev --sourcedir=debian/tmp-gcrypt + dh_install --remaining-packages -# List any files which are not installed -include /usr/share/cdbs/1/rules/utils.mk -common-binary-post-install-arch:: list-missing +override_dh_strip: + dh_strip --dbg-package=libssh-dbg -build/libssh-doc:: - $(MAKE) -C $(DEB_BUILDDIR) doc +get-orig-source: + uscan --noconf --force-download --rename --download-current-version --destdir=.. diff -Nru libssh-0.6.1/debian/upstream-signing-key.pgp libssh-0.6.3/debian/upstream-signing-key.pgp --- libssh-0.6.1/debian/upstream-signing-key.pgp 1970-01-01 00:00:00.000000000 +0000 +++ libssh-0.6.3/debian/upstream-signing-key.pgp 2016-02-23 18:54:50.000000000 +0000 @@ -0,0 +1,75 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.12 (GNU/Linux) + +mQINBFJPzkEBEADJ9TlY0WFt+O9DKqUY73DKZsjRQ3rsQ0bJGcOLjKb9ESLp+doU +Zx/GhqqmfuD8/gnKhEf3//PI+GJiGl7hNsaDhrLHxbRf15QKOxSNUtl9p1mpxYBZ ++c6+Ymmh3dxrsvs5VzMAVwVbSLvPIs+v9WWxd0FAscZilsvInVk+R9F7WUkAL3/c +Rq5A+QkeX4egfW0OI1WzfMua/lL5uBgkzmP//x4A2apAzx8fqaV4JqyhNJuDtsXd +LOus20VQqGUBWj4wLaCmMiFGbod9u2+Uj6fOFPB+2LLnfnNJtA04b+0Awjzm0zZc +APMnbUaIAs54UW6/1wGY8g4rbN1DAbPQpAQy601sHF20CsRqvelfy9dV/Z2almA7 +zVGlfTYw8JRcSUgtIWIcXE4DsXaN6y/UzKT9o/vpYM1Dk+t3K4K0O+KyX4B1xcyI +Jn2Pq0QKFSHm6x1+lrLgF+bDO/HcX0YAOiE0/3VkBaLSH6gO2Ot1YFN2KIaEcKuM +LplZkNeD7yzIL9jTbj0UVvcHh18GRnrtR/a6r84VoMBrolFJuN7IpiuIwZqxvtnh +NRrBVfl1edFiWyeA+xhxVoodxPwJKdF4f7k++fF3XvMaLk556xnz60QfHJTj95S3 +H0dgAFhS5I/3vHF3qK+C5oGiSEdOW3MqjjtRJZpzCA+btBxDWg4LufEU1QARAQAB +tCFBbmRyZWFzIFNjaG5laWRlciA8YXNuQHNhbWJhLm9yZz6IRgQQEQIABgUCUk/S +tgAKCRB/3j6P8z4/xhBfAJ46XKrZLIOPtkGMHfvcxjL5KsED3ACfbHPTqBUw3HSg +ypVDQGidwWNsgDqIRgQQEQIABgUCUk/TIwAKCRAATrVWi360uL81AKCuFkV6Uv3q +tyINQb6FIyKNMyQe7QCgv4BPrM2M2zxrHhqvNkCQpy0Xc+6IawQQEQIAKwUCUlKK +YAWDAeKFAB4aaHR0cDovL3d3dy5jYWNlcnQub3JnL2Nwcy5waHAACgkQ0rsNAWXQ +/VihrACfZaGBGZ4z34QRu3mzoB/jCUusj+IAniq/5FVevvL0otHCK8zxMv3SSnvl +iQI5BBMBAgAjAhsDBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AFAlJP0pAACgkQ +fuD8TcwBTj2ISg//VhkoxyruOfYaEbvVQRxKXxDzoBZV5bf6C7yNopuEGjF2VNCC +TwKKcSg3q/bHRq/imF0iBgkEtOfRWlhSHsQWw0oSzZhgxcKF7wkD3OeU/BqGXIox +0XrkbrtYmlodrQLqpDcZUSy6YYtKISwk+5ksrPcgzuoQXvWYc+3fE9Wh7dHNMzDX +Xye+IHNeNJAhSdyiLAPsMM9KTR+c1tEyVAKn2StskGq4pQl3PMQptaa7/3WyKFfC ++U5Bs46Nrfmut+GIhdvohbftVs0wbXgDZRnXEW++etGW0jDXOtAsZSineAv5Yl+I +EPNTaIQVhqfD/I5eFnP0DOsY93ZF2FswCdsjH6rZAX8vK0B4EPuzxOAOrrsSgIYQ +V1eaBytsOi6PxS8SJGoOtU4N9cC40vOLfVYmnsE3WV38pZyooVEf17+gFbkrWu7J +n6VZopyCjG3L1uQeb6SgbcSFrRaZCAxOukFYX9Agaw5Lj5iei/j5TjNnTh7Yogzx +DYs8GW+ttEl550kUem9xi01LzBswsdJNULuMYcXYcmOj1lDtC1zlDlgF1DKmaK27 +L/lKmuWMzgK+q3bC7PDhN4wz6ghIdRA9W0XNC75Hjsp+7l/eta+HHZDjNROHXS+V +Ri1z9CNO46+OjrznXLwjjC1H+KFPXHtOSj+BGhn1lWfyNIb2wZpN/kuYLz+0JkFu +ZHJlYXMgU2NobmVpZGVyIDxhc25AY3J5cHRvbWlsay5vcmc+iEYEEBECAAYFAlJP +0rEACgkQf94+j/M+P8ZRSQCfTIu8Eh8WwQ2IKFDx2Yn0uzABSQQAn0U2Pgahzmrf +GAJdaUO9YMgseUILiEYEEBECAAYFAlJP0x8ACgkQAE61Vot+tLhFDwCePZ7h4Fz6 +fg6YcEjoLbVcScv6HnUAoPBbg7QFxc1OEN9wbuJ7h5WsGrR5iGsEEBECACsFAlJS +imAFgwHihQAeGmh0dHA6Ly93d3cuY2FjZXJ0Lm9yZy9jcHMucGhwAAoJENK7DQFl +0P1YXrIAoIDv9ylEVuEaZELBDsuQS5ftJi1wAJ4qplJnufkNi3DUsQVED/+Nsu/A +uokCPAQTAQIAJgIbAwcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheABQJST9KQAhkB +AAoJEH7g/E3MAU49eDAQAKfz9jKUUnVOCAdD/oelkjlfMdGokIyE61RJBBvqMh7L +fCZhEi+Zy6EGqBIVYtqfmvIiSVT1K6mqxOiTGe8cCTGHrcN9ChXzTa1SQk3c+NOm +s4yKXEShN/58MFb2D9sjGR4RC0d4YMjn99DFC3PSOL3e1OrgDTN+D6KsEc89hhyN +Xk6wZ1weblRjdxCVeZgX7nIt0fbyY28JYhGD2b5ghLteehVTWSADRamPZdJwohol +11+RxFj95OqjrN89iNewMAYQmFY2CC1XiyCBG9eLlGf4Je7/P7j3/3eEWcj8EsB0 ++kIBPFWewdopsdmF5+Y4uJiTMt/SyyK76lx9nSB2dBDX06S6gRhnzB6s2z3UCCdo +GgXHP8Jj7i7ZF6uNCh6TYMGn8CaF63K5tr6W0EYauuXuKnRM8M2/kK8OEktI/PBt +hkEeyd/hisbywtrOxFxUKjaBoOH4mLzT7in6T6f9O6EnpADmaQ9qxjCJnnH94VAO +zxkK8f0ocuri5tQwsAoH3oZ1l0jZ4NabL/QEYKjMH0IYBYyTxCThDxVwN5c/hzFL +/limyAAm9uQeu50/jTbGeyZdiZ3e1aH47Dp87El7t+ZQXOFnGtgJGzWt7rGLkecx +2hRwokcD5rtI8Vwc7Jx3GfwjUiDpIz9La7WU0YBSXVKG3sPinpn7hxlqoCwd5uRD +uQINBFJPzkEBEADR2fuEOYObnoTkK9GdQc9M4PvtsmYDdY7rf2wJxE3fFeXWqrZm +bfTBjrhnfCwvgUFmVSz4FPUehTCoowuqbTZvf56W9MbbbPdYZ6yNbToFZX87drEH +RO09RLCtMd1S+q97NorPXuefoCX0bkZbF/7Vjq0gyGggeMradk6QezNEPHVRaO0h +R7iav+/Y6tM0YVMFD/Nqqom2kVQ2cnJCVmPAdkRWhwuW2PqIC+nqZ+DOzCpUu85R +UvDzie920HUJULhmAIU6dPeoAEOsf1zElm1yTcTMXBJAlKX0w6VbhaIjx0BuXW+I +wgpc25CrtZmpjZxo+44mHa5+YSt8nIW3i92lZuKfr+nHt+yoFQTdPOLfnnxbjQ6a +8xOMbrb9+OUcFb8l0Ch2vy2ifmTki2oQli1aABul3/kz6x/O7txCSUsQ6qjKZqg9 +ZJSa8xstsZuKZOiruuryHhp/2TWs0wYAiBIB9K5Ud/YdGSi+3Yn+WcdkIndDG19T +2epK4SBN+XTC5K/4ZJnavfiWpJu8rNWETZMMbiaclrijNkxa+MnK1KT4uTLdejL6 +K0LbHstP6hqYlflHhs0WV8liTZNkyGNxjp0yPRHP6xpdKfDX8pZmIbwsqtZvBeSU +WpCyBlLjIed0D3a4LUlEb81AgEIyogWI+2o0kyBvz2cx9+jdCp3s8chwWwARAQAB +iQIfBBgBAgAJBQJST85BAhsMAAoJEH7g/E3MAU49cNIP/jo1BFnTPruYK/ndQTi0 +umdPyyyRkYSKc0IusdOaZbytCKDtrV7CYw3pK326LadZusa6VDyRIeIKa3B8O7wv +UDlCmSMXmnPmqDpp7DRi5NxVb8TJbMYUk/WdeTq/Dom7f4HxYjLv49ULNebZizBg +UDog2liRRwPEARl+XzDTsAoTinyv8zqBdEutIHlhr4KpwEL24u9VRUsByipG/s1f +zMsJOIX0NCAOQui3naHtEIfMEkodHEO9/OhbU0fQgNMzJo3M+O2xUfbYukP5VJNv +42iegiuzwhvcfCRhKkNHQW4DgzpG5v9e+92Fq3kNU+5/QPrKIh+65dmrGW9ffD3F +EkK97ubbp+NctRK2ZqddDIjqlf2KpqS3IRpjLuZdcjWL+R73ud6IBk9Q8k2Ig58G +Vu61wxFXGwnnl+OL3n332XCjlH9tS8X1aQigLqMt3g05EFHj9UhSxopHY8J/eTWC +53ktD6BpM9tPRtX2CU6HwdyDo8OC6DDIpLSrgs3hFLGfEH0VS3KgWg5Y5lfbR1UU +phKnxdM/64khKQV9MWC9QlMY73Vbx9yAeFMz6qX1GE83WBiJIYglSZm8jtQRvCrE +bOwGLizQ9RLQoPprXaFOCErIv0iHBUltlLHSHUOzBrwGx+Lvw2IIPy9sMoa6VnEx +tGM9CbcGhfjwwetiEboCkn+z +=IS4m +-----END PGP PUBLIC KEY BLOCK----- diff -Nru libssh-0.6.1/debian/watch libssh-0.6.3/debian/watch --- libssh-0.6.1/debian/watch 2014-02-12 18:44:15.000000000 +0000 +++ libssh-0.6.3/debian/watch 2016-02-23 18:54:50.000000000 +0000 @@ -1,3 +1,3 @@ version=3 https://red.libssh.org/projects/libssh/files \ - /attachments/download/\d+/libssh-(.*)\.tar.xz + /attachments/download/\d+/libssh-(.*)\.tar\.(?:gz|xz) diff -Nru libssh-0.6.1/include/libssh/libssh.h libssh-0.6.3/include/libssh/libssh.h --- libssh-0.6.1/include/libssh/libssh.h 2014-02-10 09:17:34.000000000 +0000 +++ libssh-0.6.3/include/libssh/libssh.h 2014-03-04 12:20:48.000000000 +0000 @@ -78,7 +78,7 @@ /* libssh version */ #define LIBSSH_VERSION_MAJOR 0 #define LIBSSH_VERSION_MINOR 6 -#define LIBSSH_VERSION_MICRO 1 +#define LIBSSH_VERSION_MICRO 3 #define LIBSSH_VERSION_INT SSH_VERSION_INT(LIBSSH_VERSION_MAJOR, \ LIBSSH_VERSION_MINOR, \ diff -Nru libssh-0.6.1/include/libssh/wrapper.h libssh-0.6.3/include/libssh/wrapper.h --- libssh-0.6.1/include/libssh/wrapper.h 2013-12-21 17:37:12.000000000 +0000 +++ libssh-0.6.3/include/libssh/wrapper.h 2014-03-04 10:14:27.000000000 +0000 @@ -70,5 +70,6 @@ struct ssh_crypto_struct *crypto_new(void); void crypto_free(struct ssh_crypto_struct *crypto); +void ssh_reseed(void); #endif /* WRAPPER_H_ */ diff -Nru libssh-0.6.1/src/bind.c libssh-0.6.3/src/bind.c --- libssh-0.6.1/src/bind.c 2014-02-06 09:20:57.000000000 +0000 +++ libssh-0.6.3/src/bind.c 2014-03-04 10:14:27.000000000 +0000 @@ -458,6 +458,8 @@ return SSH_ERROR; } } + /* force PRNG to change state in case we fork after ssh_bind_accept */ + ssh_reseed(); return SSH_OK; } diff -Nru libssh-0.6.1/src/libcrypto.c libssh-0.6.3/src/libcrypto.c --- libssh-0.6.1/src/libcrypto.c 2013-12-21 17:37:12.000000000 +0000 +++ libssh-0.6.3/src/libcrypto.c 2014-03-04 10:14:27.000000000 +0000 @@ -23,6 +23,7 @@ #include #include #include +#include #include "libssh/priv.h" #include "libssh/session.h" @@ -38,6 +39,8 @@ #include #include #include +#include + #ifdef HAVE_OPENSSL_AES_H #define HAS_AES #include @@ -74,6 +77,12 @@ return 0; } +void ssh_reseed(void){ + struct timeval tv; + gettimeofday(&tv, NULL); + RAND_add(&tv, sizeof(tv), 0.0); +} + SHACTX sha1_init(void) { SHACTX c = malloc(sizeof(*c)); if (c == NULL) { diff -Nru libssh-0.6.1/src/libgcrypt.c libssh-0.6.3/src/libgcrypt.c --- libssh-0.6.1/src/libgcrypt.c 2013-12-21 17:37:12.000000000 +0000 +++ libssh-0.6.3/src/libgcrypt.c 2014-03-04 10:14:27.000000000 +0000 @@ -45,6 +45,9 @@ return 0; } +void ssh_reseed(void){ + } + SHACTX sha1_init(void) { SHACTX ctx = NULL; gcry_md_open(&ctx, GCRY_MD_SHA1, 0); diff -Nru libssh-0.6.1/src/pki.c libssh-0.6.3/src/pki.c --- libssh-0.6.1/src/pki.c 2014-02-10 09:17:34.000000000 +0000 +++ libssh-0.6.3/src/pki.c 2014-03-04 10:14:20.000000000 +0000 @@ -331,6 +331,10 @@ #endif break; case SSH_KEYTYPE_ECDSA: +#if defined(HAVE_LIBCRYPTO) && defined(HAVE_OPENSSL_ECC) + ECDSA_SIG_free(sig->ecdsa_sig); +#endif + break; case SSH_KEYTYPE_UNKNOWN: break; }