Received: by mail.netbsd.org (Postfix, from userid 605) id B1D7384CEA; Tue, 7 Jan 2020 19:26:29 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 33B9084CE3 for ; Tue, 7 Jan 2020 19:26:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id b4s7GWZ3YdDj for ; Tue, 7 Jan 2020 19:26:28 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 831C084CE2 for ; Tue, 7 Jan 2020 19:26:28 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 772E4FBF4; Tue, 7 Jan 2020 19:26:28 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_15784251882460" MIME-Version: 1.0 Date: Tue, 7 Jan 2020 19:26:28 +0000 From: "Benny Siegert" Subject: CVS commit: [pkgsrc-2019Q4] pkgsrc/security/libssh To: pkgsrc-changes@NetBSD.org Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20200107192628.772E4FBF4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: pkgsrc-changes.NetBSD.org Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_15784251882460 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Tue Jan 7 19:26:28 UTC 2020 Modified Files: pkgsrc/security/libssh [pkgsrc-2019Q4]: Makefile PLIST distinfo Log Message: Pullup ticket #6107 - requested by is security/libssh: security fix Revisions pulled up: - security/libssh/Makefile 1.34 - security/libssh/PLIST 1.15 - security/libssh/distinfo 1.20 --- Module Name: pkgsrc Committed By: wiz Date: Tue Dec 31 12:27:03 UTC 2019 Modified Files: pkgsrc/security/libssh: Makefile PLIST distinfo Log Message: libssh: update to 0.93. version 0.9.3 (released 2019-12-10) * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer To generate a diff of this commit: cvs rdiff -u -r1.33 -r1.33.4.1 pkgsrc/security/libssh/Makefile cvs rdiff -u -r1.14 -r1.14.4.1 pkgsrc/security/libssh/PLIST cvs rdiff -u -r1.19 -r1.19.4.1 pkgsrc/security/libssh/distinfo Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_15784251882460 Content-Disposition: inline Content-Length: 2578 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/security/libssh/Makefile diff -u pkgsrc/security/libssh/Makefile:1.33 pkgsrc/security/libssh/Makefile:1.33.4.1 --- pkgsrc/security/libssh/Makefile:1.33 Thu Nov 28 09:25:52 2019 +++ pkgsrc/security/libssh/Makefile Tue Jan 7 19:26:28 2020 @@ -1,12 +1,11 @@ -# $NetBSD: Makefile,v 1.33 2019/11/28 09:25:52 bsiegert Exp $ +# $NetBSD: Makefile,v 1.33.4.1 2020/01/07 19:26:28 bsiegert Exp $ # # history: upstream renamed 0.11 to 0.1.1; # we have to use the old-style convention so that version compares work. -VER= 0.9.2 +VER= 0.9.3 DISTNAME= libssh-${VER} -PKGNAME= libssh-0.92 -PKGREVISION= 1 +PKGNAME= libssh-0.93 CATEGORIES= security MASTER_SITES= https://www.libssh.org/files/${VER:R}/ EXTRACT_SUFX= .tar.xz Index: pkgsrc/security/libssh/PLIST diff -u pkgsrc/security/libssh/PLIST:1.14 pkgsrc/security/libssh/PLIST:1.14.4.1 --- pkgsrc/security/libssh/PLIST:1.14 Wed Nov 13 11:49:08 2019 +++ pkgsrc/security/libssh/PLIST Tue Jan 7 19:26:28 2020 @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.14 2019/11/13 11:49:08 wiz Exp $ +@comment $NetBSD: PLIST,v 1.14.4.1 2020/01/07 19:26:28 bsiegert Exp $ include/libssh/callbacks.h include/libssh/legacy.h include/libssh/libssh.h @@ -11,5 +11,5 @@ lib/cmake/libssh/libssh-config-version.c lib/cmake/libssh/libssh-config.cmake lib/libssh.so lib/libssh.so.4 -lib/libssh.so.4.8.3 +lib/libssh.so.4.8.4 lib/pkgconfig/libssh.pc Index: pkgsrc/security/libssh/distinfo diff -u pkgsrc/security/libssh/distinfo:1.19 pkgsrc/security/libssh/distinfo:1.19.4.1 --- pkgsrc/security/libssh/distinfo:1.19 Wed Nov 13 11:49:08 2019 +++ pkgsrc/security/libssh/distinfo Tue Jan 7 19:26:28 2020 @@ -1,7 +1,7 @@ -$NetBSD: distinfo,v 1.19 2019/11/13 11:49:08 wiz Exp $ +$NetBSD: distinfo,v 1.19.4.1 2020/01/07 19:26:28 bsiegert Exp $ -SHA1 (libssh-0.9.2.tar.xz) = ad1430cacb01c1f4c0a3bfdc9c0d402e6f56e1ae -RMD160 (libssh-0.9.2.tar.xz) = c13dd04259d494cc59fe089793b551643b8699cd -SHA512 (libssh-0.9.2.tar.xz) = 93b689cd7f3bd32716d7821219e25f91214f71be3867c622ae0ae73cdb2d20af2daa9c3c8180b71434915154f2bc374df7193b3a67a9b9e8bf06e955419285d0 -Size (libssh-0.9.2.tar.xz) = 495876 bytes +SHA1 (libssh-0.9.3.tar.xz) = 24bb9d6f53691236f34cc8e6fec86dd659aef757 +RMD160 (libssh-0.9.3.tar.xz) = ef2f8e5564f7508db4829fe655644d959e35da5d +SHA512 (libssh-0.9.3.tar.xz) = 6e59718565daeca6d224426cc1095a112deff9af8e0b021917e04f08bb7409263c35724de95f591f38e26f0fb3bbbbc69b679b6775edc21dec158d241b076c6f +Size (libssh-0.9.3.tar.xz) = 500068 bytes SHA1 (patch-CompilerChecks.cmake) = 77b93572006132c557cb9a57698e8455f7874073 --_----------=_15784251882460--