pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/libssh2 libssh2: update to 1.8.1.
details: https://anonhg.NetBSD.org/pkgsrc/rev/f66e4cab1df9
branches: trunk
changeset: 393841:f66e4cab1df9
user: wiz <wiz%pkgsrc.org@localhost>
date: Mon Mar 25 22:52:15 2019 +0000
description:
libssh2: update to 1.8.1.
Version 1.8.1 (14 Mar 2019)
Will Cosgrove (14 Mar 2019)
- [Michael Buckley brought this change]
More 1.8.0 security fixes (#316)
* Defend against possible integer overflows in comp_method_zlib_decomp.
* Defend against writing beyond the end of the payload in _libssh2_transport_read().
* Sanitize padding_length - _libssh2_transport_read(). https://libssh2.org/CVE-2019-3861.html
This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent.
* Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. https://libssh2.org/CVE-2019-3858.html
* Check the length of data passed to sftp_packet_add() to prevent out-of-bounds reads.
* Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. https://libssh2.org/CVE-2019-3860.html
* Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). https://libssh2.org/CVE-2019-3862.html
GitHub (14 Mar 2019)
- [Will Cosgrove brought this change]
1.8 Security fixes (#314)
* fixed possible integer overflow in packet_length
CVE https://www.libssh2.org/CVE-2019-3861.html
* fixed possible interger overflow with userauth_keyboard_interactive
CVE https://www.libssh2.org/CVE-2019-3856.html
* fixed possible out zero byte/incorrect bounds allocation
CVE https://www.libssh2.org/CVE-2019-3857.html
* bounds checks for response packets
* fixed integer overflow in userauth_keyboard_interactive
CVE https://www.libssh2.org/CVE-2019-3863.html
diffstat:
security/libssh2/Makefile | 4 ++--
security/libssh2/distinfo | 10 +++++-----
2 files changed, 7 insertions(+), 7 deletions(-)
diffs (27 lines):
diff -r 981a59002775 -r f66e4cab1df9 security/libssh2/Makefile
--- a/security/libssh2/Makefile Mon Mar 25 22:49:16 2019 +0000
+++ b/security/libssh2/Makefile Mon Mar 25 22:52:15 2019 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.15 2016/10/31 16:18:02 wiz Exp $
+# $NetBSD: Makefile,v 1.16 2019/03/25 22:52:15 wiz Exp $
-DISTNAME= libssh2-1.8.0
+DISTNAME= libssh2-1.8.1
CATEGORIES= security
MASTER_SITES= https://www.libssh2.org/download/
diff -r 981a59002775 -r f66e4cab1df9 security/libssh2/distinfo
--- a/security/libssh2/distinfo Mon Mar 25 22:49:16 2019 +0000
+++ b/security/libssh2/distinfo Mon Mar 25 22:52:15 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.9 2016/10/31 16:18:02 wiz Exp $
+$NetBSD: distinfo,v 1.10 2019/03/25 22:52:15 wiz Exp $
-SHA1 (libssh2-1.8.0.tar.gz) = baf2d1fb338eee531ba9b6b121c64235e089e0f5
-RMD160 (libssh2-1.8.0.tar.gz) = 84c91d81503510673386714b30630fb3cb169725
-SHA512 (libssh2-1.8.0.tar.gz) = 289aa45c4f99653bebf5f99565fe9c519abc204feb2084b47b7cc3badc8bf4ecdedd49ea6acdce8eb902b3c00995d5f92a3ca77b2508b92f04ae0e7de7287558
-Size (libssh2-1.8.0.tar.gz) = 854916 bytes
+SHA1 (libssh2-1.8.1.tar.gz) = a6c8334b1c31eecb335a7f7f43278636e2033e9f
+RMD160 (libssh2-1.8.1.tar.gz) = 312c85af0b98b86abf1750a76c67e921b7d14f95
+SHA512 (libssh2-1.8.1.tar.gz) = f09ad9ed04d25305b966e7f8c210082fe06c2b236dcd5018b009bd0bd6aaff123d16559d280892a5060760ed055ffe295bc02dc6e8dd1e7b8383c6c703f09290
+Size (libssh2-1.8.1.tar.gz) = 858088 bytes
Home |
Main Index |
Thread Index |
Old Index