- New upstream release 1.8.1
- Fixed possible integer overflow when reading a specially crafted packet
(CVE-2019-3855)
- Fixed possible integer overflow in userauth_keyboard_interactive with a
number of extremely long prompt strings (CVE-2019-3863)
- Fixed possible integer overflow if the server sent an extremely large
number of keyboard prompts (CVE-2019-3856)
- Fixed possible out of bounds read when processing a specially crafted
packet (CVE-2019-3861)
- Fixed possible integer overflow when receiving a specially crafted exit
signal message channel packet (CVE-2019-3857)
- Fixed possible out of bounds read when receiving a specially crafted exit
status message channel packet (CVE-2019-3862)
- Fixed possible zero byte allocation when reading a specially crafted SFTP
packet (CVE-2019-3858)
- Fixed possible out of bounds reads when processing specially crafted SFTP
packets (CVE-2019-3860)
- Fixed possible out of bounds reads in _libssh2_packet_require(v)
(CVE-2019-3859)
- Fix mis-applied patch in the fix of CVE-2019-3859
- https://github.com/libssh2/libssh2/issues/325
- https://github.com/libssh2/libssh2/pull/327
- scp: Do not NUL-terminate the command for remote exec (#1489736, GH#208)
- Make devel package dependency on main package arch-specific
- Drop EL-5 support
- noarch sub-packages always available now
- Drop legacy Group: and BuildRoot: tags
- Drop explicit buildroot cleaning
- %{__isa_bits} always defined now
- New upstream release 1.8.0
- Added a basic dockerised test suite
- crypto: Add support for the mbedTLS backend
- See RELEASE-NOTES for details of bug fixes
- New upstream release 1.7.0
- diffie_hellman_sha256: Convert bytes to bits (CVE-2016-0787); see
http://www.libssh2.org/adv_20160223.html
- libssh2_session_set_last_error: Add function
- See RELEASE-NOTES for details of bug fixes
- New upstream release 1.5.0
- See RELEASE-NOTES for details of bug fixes and enhancements
- Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
- New upstream release 1.4.3
- compression: add support for zlib@openssh.com
- sftp_read: return error if a too large package arrives
- libssh2_hostkey_hash.3: update the description of return value
- Fixed MSVC NMakefile
- examples: use stderr for messages, stdout for data
- openssl: do not leak memory when handling errors
- improved handling of disabled MD5 algorithm in OpenSSL
- known_hosts: Fail when parsing unknown keys in known_hosts file
- configure: gcrypt doesn't come with pkg-config support
- session_free: wrong variable used for keeping state
- libssh2_userauth_publickey_fromfile_ex.3: mention publickey == NULL
- comp_method_zlib_decomp: handle Z_BUF_ERROR when inflating
- Drop upstreamed patches
Paul Howarth
Fedora Release Engineering
Igor Gnatenko
Kamil Dudka
Tomas Mraz
Peter Robinson
Dennis Gilmore
Peter Robinson
Tom Callaway
Karsten Hopp
Richard W.M. Jones