summaryrefslogtreecommitdiffstats
path: root/package/libssh2/libssh2.hash
Commit message (Collapse)AuthorAgeFilesLines
* package/libssh2: security bump to latest gitPeter Korsgaard2019-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bump the version to latest git to fix the following security issues: CVE-2019-3855 Possible integer overflow in transport read allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3855.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch CVE-2019-3856 Possible integer overflow in keyboard interactive handling allows out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3856.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch CVE-2019-3857 Possible integer overflow leading to zero-byte allocation and out-of-bounds write URL: https://www.libssh2.org/CVE-2019-3857.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch CVE-2019-3858 Possible zero-byte allocation leading to an out-of-bounds read URL: https://www.libssh2.org/CVE-2019-3858.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch CVE-2019-3859 Out-of-bounds reads with specially crafted payloads due to unchecked use of `_libssh2_packet_require` and `_libssh2_packet_requirev` URL: https://www.libssh2.org/CVE-2019-3859.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch CVE-2019-3860 Out-of-bounds reads with specially crafted SFTP packets URL: https://www.libssh2.org/CVE-2019-3860.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch CVE-2019-3861 Out-of-bounds reads with specially crafted SSH packets URL: https://www.libssh2.org/CVE-2019-3861.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch CVE-2019-3862 Out-of-bounds memory comparison URL: https://www.libssh2.org/CVE-2019-3862.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch CVE-2019-3863 Integer overflow in user authenicate keyboard interactive allows out-of-bounds writes URL: https://www.libssh2.org/CVE-2019-3863.html Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that is now upstream. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> (cherry picked from commit f4f7dd9557cf139f6014ada77e947152d5a82fb3) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/libssh2: bump versionBernd Kuhls2018-09-121-1/+2
| | | | | | | | | | | | | | | | | | | | | | | Added license hash. This bump includes "ECDSA key types are now explicit" https://github.com/libssh2/libssh2/commit/62b825c8afb9e5efb6ea9c05b40b309590249fb6 which is needed by vlc since http://git.videolan.org/?p=vlc.git;a=commitdiff;h=afee1e72a8e08866bbe35d1a57e859cac81052b4 Fixes http://autobuild.buildroot.net/results/579/579e2418e59680ad4bf3dc85f2918457b6221bfa/ http://autobuild.buildroot.net/results/c73/c7348c442d3f585ace0bc62860f802dc08150776/ http://autobuild.buildroot.net/results/731/73187b883d7fe14b08a4903b326706c9d1f8b519/ http://autobuild.buildroot.net/results/f6d/f6d4fca6063c81a8e240fed4db89269e455f057e/ http://autobuild.buildroot.net/results/371/371f4f017f4a5af0ac6d6a8b1b8276858ad47f75/ http://autobuild.buildroot.net/results/d6a/d6a3b43211eb740bdebbb339668b854d26e878b7/ http://autobuild.buildroot.net/results/a05/a0576aeeb57a49958e5229d9ec08f2bd792d48b6/ http://autobuild.buildroot.net/results/57a/57a9ae2f157183a86fbf1b2cc5cbb38e948690ce/ Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/libssh2: update to newest versionSam Voss2017-11-011-3/+2
| | | | | | | | | | | | | Update libssh2 to use the newest version from git. This caused a transition from released version number to hash as it has not been version rev'd in over a year (see issue https://github.com/libssh2/libssh2/issues/220 for bump request). This brings in changes to the autoconf to correctly pick the crypto library. Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* libssh2: bump to version 1.8.0Baruch Siach2017-07-091-1/+2
| | | | | Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libssh2: security bump to version 1.7.0Gustavo Zacarias2016-02-241-1/+1
| | | | | | | | Fixes: CVE-2016-0787 - diffie_hellman_sha256: convert bytes to bits. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libssh2: bump to version 1.6.0Gustavo Zacarias2016-01-081-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* libssh2: security bump to version 1.5.0Gustavo Zacarias2015-03-111-0/+2
Fixes CVE-2015-1782 - kex: bail out on rubbish in the incoming packet. Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
OpenPOWER on IntegriCloud