From eeae263f83d3ff0613efea991efbe4122b478c70 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 7 May 2019 05:38:27 -0400 Subject: [PATCH] import libssh-0.8.5-2.el8 --- .gitignore | 2 + .libssh.metadata | 2 + SOURCES/libssh-0.8.5-allow-kex-init.patch | 39 ++ SOURCES/libssh-0.8.5-allow-msg-ext-info.patch | 92 +++++ ...0.8.5-ensure-ssh-session-fd-writable.patch | 47 +++ ...8.5-make-sure-both-known-hosts-ready.patch | 37 ++ SOURCES/libssh-0.8.5.tar.xz.asc | 16 + SPECS/libssh.spec | 363 ++++++++++++++++++ 8 files changed, 598 insertions(+) create mode 100644 .gitignore create mode 100644 .libssh.metadata create mode 100644 SOURCES/libssh-0.8.5-allow-kex-init.patch create mode 100644 SOURCES/libssh-0.8.5-allow-msg-ext-info.patch create mode 100644 SOURCES/libssh-0.8.5-ensure-ssh-session-fd-writable.patch create mode 100644 SOURCES/libssh-0.8.5-make-sure-both-known-hosts-ready.patch create mode 100644 SOURCES/libssh-0.8.5.tar.xz.asc create mode 100644 SPECS/libssh.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cedfe7a --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/libssh-0.8.5.tar.xz +SOURCES/libssh.keyring diff --git a/.libssh.metadata b/.libssh.metadata new file mode 100644 index 0000000..19fd4e7 --- /dev/null +++ b/.libssh.metadata @@ -0,0 +1,2 @@ +b5564774f986e396a7288a593595455bf10d9ce8 SOURCES/libssh-0.8.5.tar.xz +3f2ab0bca02893402ba0ad172a6bd44456a65f86 SOURCES/libssh.keyring diff --git a/SOURCES/libssh-0.8.5-allow-kex-init.patch b/SOURCES/libssh-0.8.5-allow-kex-init.patch new file mode 100644 index 0000000..511283e --- /dev/null +++ b/SOURCES/libssh-0.8.5-allow-kex-init.patch @@ -0,0 +1,39 @@ +From e6e8335847d4870c99c07f511b4a24ae9e053326 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Thu, 15 Nov 2018 11:03:56 +0100 +Subject: [PATCH] packet: Adjust the packet filter to allow client-initialized + rekey + +If the rekey is initialized by client, it sends the first KEXINIT +message, changes to the INIT_SENT state and waits for the KEXINIT +message from the server. This was not covered in the current filter. + +Signed-off-by: Jakub Jelen +Reviewed-by: Daiki Ueno +--- + src/packet.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/packet.c b/src/packet.c +index 9b7b9b8f..86314961 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -292,6 +292,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se + * - session_state == SSH_SESSION_STATE_AUTHENTICATED + * or session_state == SSH_SESSION_STATE_INITIAL_KEX + * - dh_handshake_state == DH_STATE_INIT ++ * or dh_handshake_state == DH_STATE_INIT_SENT (re-exchange) + * or dh_handshake_state == DH_STATE_FINISHED (re-exchange) + * + * Transitions: +@@ -310,6 +311,7 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se + } + + if ((session->dh_handshake_state != DH_STATE_INIT) && ++ (session->dh_handshake_state != DH_STATE_INIT_SENT) && + (session->dh_handshake_state != DH_STATE_FINISHED)) + { + rc = SSH_PACKET_DENIED; +-- +2.19.1 + diff --git a/SOURCES/libssh-0.8.5-allow-msg-ext-info.patch b/SOURCES/libssh-0.8.5-allow-msg-ext-info.patch new file mode 100644 index 0000000..37f3d19 --- /dev/null +++ b/SOURCES/libssh-0.8.5-allow-msg-ext-info.patch @@ -0,0 +1,92 @@ +From a6e055c42b34ec50f55606312b09ec2e14990416 Mon Sep 17 00:00:00 2001 +From: Anderson Toshiyuki Sasaki +Date: Fri, 7 Dec 2018 18:19:33 +0100 +Subject: [PATCH] packet: Allow SSH2_MSG_EXT_INFO when authenticated + +When the server requests rekey, it can send the SSH2_MSG_EXT_INFO. This +message was being filtered out by the packet filtering. This includes a +test to enforce the filtering rules for this packet type. + +Signed-off-by: Anderson Toshiyuki Sasaki +Reviewed-by: Andreas Schneider +(cherry picked from commit fe309ba43fb904da4385fc40a338ecc7482f8388) +--- + src/packet.c | 6 ++++- + tests/unittests/torture_packet_filter.c | 31 +++++++++++++++++++++++++ + 2 files changed, 36 insertions(+), 1 deletion(-) + +diff --git a/src/packet.c b/src/packet.c +index 72e3c096..61a44237 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -263,13 +263,17 @@ static enum ssh_packet_filter_result_e ssh_packet_incoming_filter(ssh_session se + /* + * States required: + * - session_state == SSH_SESSION_STATE_AUTHENTICATING ++ * or session->session_state == SSH_SESSION_STATE_AUTHENTICATED ++ * (re-exchange) + * - dh_handshake_state == DH_STATE_FINISHED + * + * Transitions: + * - None + * */ + +- if (session->session_state != SSH_SESSION_STATE_AUTHENTICATING) { ++ if ((session->session_state != SSH_SESSION_STATE_AUTHENTICATING) && ++ (session->session_state != SSH_SESSION_STATE_AUTHENTICATED)) ++ { + rc = SSH_PACKET_DENIED; + break; + } +diff --git a/tests/unittests/torture_packet_filter.c b/tests/unittests/torture_packet_filter.c +index 72cbc4cd..44ee3598 100644 +--- a/tests/unittests/torture_packet_filter.c ++++ b/tests/unittests/torture_packet_filter.c +@@ -462,6 +462,36 @@ static void torture_packet_filter_check_auth_success(void **state) + assert_int_equal(rc, 0); + } + ++static void torture_packet_filter_check_msg_ext_info(void **state) ++{ ++ int rc; ++ ++ global_state accepted[] = { ++ { ++ .flags = (COMPARE_SESSION_STATE | ++ COMPARE_DH_STATE), ++ .session = SSH_SESSION_STATE_AUTHENTICATING, ++ .dh = DH_STATE_FINISHED, ++ }, ++ { ++ .flags = (COMPARE_SESSION_STATE | ++ COMPARE_DH_STATE), ++ .session = SSH_SESSION_STATE_AUTHENTICATED, ++ .dh = DH_STATE_FINISHED, ++ }, ++ }; ++ ++ int accepted_count = 2; ++ ++ /* Unused */ ++ (void) state; ++ ++ rc = check_message_in_all_states(accepted, accepted_count, ++ SSH2_MSG_EXT_INFO); ++ ++ assert_int_equal(rc, 0); ++} ++ + static void torture_packet_filter_check_channel_open(void **state) + { + int rc; +@@ -492,6 +522,7 @@ int torture_run_tests(void) + cmocka_unit_test(torture_packet_filter_check_auth_success), + cmocka_unit_test(torture_packet_filter_check_channel_open), + cmocka_unit_test(torture_packet_filter_check_unfiltered), ++ cmocka_unit_test(torture_packet_filter_check_msg_ext_info) + }; + + ssh_init(); +-- +2.19.1 + diff --git a/SOURCES/libssh-0.8.5-ensure-ssh-session-fd-writable.patch b/SOURCES/libssh-0.8.5-ensure-ssh-session-fd-writable.patch new file mode 100644 index 0000000..f0e2d82 --- /dev/null +++ b/SOURCES/libssh-0.8.5-ensure-ssh-session-fd-writable.patch @@ -0,0 +1,47 @@ +From 7f1d30de47d67c03cf895f0d4d4e68daf9d396c5 Mon Sep 17 00:00:00 2001 +From: Sanne Raymaekers +Date: Fri, 26 Oct 2018 14:58:34 +0200 +Subject: [PATCH] tests: Ensure the ssh session fd is read-/writeable in + torture_proxycommand + +Signed-off-by: Sanne Raymaekers +Reviewed-by: Andreas Schneider +Reviewed-by: Andreas Schneider +(cherry picked from commit 03c30e9c8ad34b3fa659a70e474a9b8cb248f85b) +(cherry picked from commit 3de34944ad11bf4e22fc981562f32cb4b3b90ba9) +--- + tests/client/torture_proxycommand.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/tests/client/torture_proxycommand.c b/tests/client/torture_proxycommand.c +index ea1e1838..9608e663 100644 +--- a/tests/client/torture_proxycommand.c ++++ b/tests/client/torture_proxycommand.c +@@ -9,6 +9,7 @@ + #include + #include + #include ++#include + + static int sshd_setup(void **state) + { +@@ -61,11 +62,16 @@ static void torture_options_set_proxycommand(void **state) { + struct torture_state *s = *state; + ssh_session session = s->ssh.session; + int rc; ++ socket_t fd; + + rc = ssh_options_set(session, SSH_OPTIONS_PROXYCOMMAND, "nc 127.0.0.10 22"); + assert_int_equal(rc, 0); + rc = ssh_connect(session); + assert_ssh_return_code(session, rc); ++ fd = ssh_get_fd(session); ++ assert_true(fd != SSH_INVALID_SOCKET); ++ rc = fcntl(fd, F_GETFL); ++ assert_int_equal(rc & O_RDWR, O_RDWR); + } + + static void torture_options_set_proxycommand_notexist(void **state) { +-- +2.19.1 + diff --git a/SOURCES/libssh-0.8.5-make-sure-both-known-hosts-ready.patch b/SOURCES/libssh-0.8.5-make-sure-both-known-hosts-ready.patch new file mode 100644 index 0000000..8206dc0 --- /dev/null +++ b/SOURCES/libssh-0.8.5-make-sure-both-known-hosts-ready.patch @@ -0,0 +1,37 @@ +From bed645ed5fca3ff776fd1997ec9d5c6b9065a7eb Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 30 Oct 2018 13:55:30 +0100 +Subject: [PATCH] knownhosts: Make sure we have both knownhosts files ready + +If either one is missing at this point, fill it with default vaules in +ssh_options_apply(). + +Previously, when setting up only knownhosts, global_knownhosts file +was left pointing to NULL and the ssh_known_hosts_read_entries() +was trying to open NULL file which is invalid. + +Signed-off-by: Jakub Jelen +Reviewed-by: Andreas Schneider +(cherry picked from commit 5159cd96e8b61c9f8f96786f70cf23167980b621) +(cherry picked from commit a4b99eedf2f0f993f10c31d9bea0f1ad9fa7737e) +--- + src/knownhosts.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/knownhosts.c b/src/knownhosts.c +index 23902a5f..546619aa 100644 +--- a/src/knownhosts.c ++++ b/src/knownhosts.c +@@ -306,7 +306,8 @@ struct ssh_list *ssh_known_hosts_get_algorithms(ssh_session session) + int list_error = 0; + int rc; + +- if (session->opts.knownhosts == NULL) { ++ if (session->opts.knownhosts == NULL || ++ session->opts.global_knownhosts == NULL) { + if (ssh_options_apply(session) < 0) { + ssh_set_error(session, + SSH_REQUEST_DENIED, +-- +2.19.1 + diff --git a/SOURCES/libssh-0.8.5.tar.xz.asc b/SOURCES/libssh-0.8.5.tar.xz.asc new file mode 100644 index 0000000..446b5b9 --- /dev/null +++ b/SOURCES/libssh-0.8.5.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAlvW3ZEACgkQfuD8TcwB +Tj0mPw/9HZty2xOzKekX8+cedyZbW2lAoG9YNVxgTvQ2+98+TBH6M8qr5EryuH/q +mAFq/TJOrM3yccr1kJXFOm6QBw0xMTpWcosXjKmZxvJwW6iFEP33shVDkZGJWwmM +bzr165NTdRMJiaBfk47j0e1H2U9MHyV7wKmb79+bFtMDhiJYmXR1Oxa1SjjeG42c +XmrcH559kZ1mKmai6jKwTRUKGu3RLdWrXQIobCrdQM8FYrbSx5luZtDjdfXTRRtv +K96alBYxuey1nsZVei1y2hJlLLLVqao997Q7iMI63+/IJpYTmEPciDnTDDu767X6 +rCXSuWbxcwk77zrt/dh7WJBOyLwh4aCFsSixBsONj4otwmFHNm/FAxV991ewcvQB +NMHPh3DcYLfoY/aUzwf160SfZu56mdVnFPLOnPUw3ARcPdgJG4OzqP9Jmz4Us+dS +ImZTduM62/+Af+LrODtRBRYJRSn38eBVVBYT01WsDSvvR2LaTn3gVAtY2m3Dr6wA +6sdMmYbn2zM+MNFE1+qlsaKmF+WmyCrBKBojBB+wh5G+dStJ7KGzlXjxNQudvWeA +VMlERLZYNBjSH1/XBH6VTnOl2xhExPv4eCUTVCXhlYUFEWjRunoxEed+b7r45iiu ++nRT+OfQZ8RFOLkFYxhB8iQNZAZ6T46ALSxo3V8PVEPDHZWdPTU= +=7iiz +-----END PGP SIGNATURE----- diff --git a/SPECS/libssh.spec b/SPECS/libssh.spec new file mode 100644 index 0000000..968f6a2 --- /dev/null +++ b/SPECS/libssh.spec @@ -0,0 +1,363 @@ +Name: libssh +Version: 0.8.5 +Release: 2%{?dist} +Summary: A library implementing the SSH protocol +License: LGPLv2+ +URL: http://www.libssh.org + +Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz +Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc +Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring + +Patch1: libssh-0.8.5-make-sure-both-known-hosts-ready.patch +Patch2: libssh-0.8.5-ensure-ssh-session-fd-writable.patch +Patch3: libssh-0.8.5-allow-msg-ext-info.patch +Patch4: libssh-0.8.5-allow-kex-init.patch + +BuildRequires: cmake +BuildRequires: doxygen +BuildRequires: gcc-c++ +BuildRequires: gnupg2 +BuildRequires: openssl-devel +BuildRequires: pkgconfig +BuildRequires: zlib-devel +BuildRequires: krb5-devel +BuildRequires: libcmocka-devel + +%ifarch aarch64 ppc64 ppc64le s390x x86_64 +Provides: libssh_threads.so()(64bit) +Provides: libssh_threads.so.4()(64bit) +%else +Provides: libssh_threads.so +Provides: libssh_threads.so.4 +%endif + +%description +The ssh library was designed to be used by programmers needing a working SSH +implementation by the mean of a library. The complete control of the client is +made by the programmer. With libssh, you can remotely execute programs, transfer +files, use a secure and transparent tunnel for your remote programs. With its +Secure FTP implementation, you can play with remote files easily, without +third-party programs others than libcrypto (from openssl). + +%package devel +Summary: Development files for %{name} +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for developing +applications that use %{name}. + +%prep +gpgv2 --quiet --keyring %{SOURCE2} %{SOURCE1} %{SOURCE0} +%autosetup -p1 + +%build +if test ! -e "obj"; then + mkdir obj +fi +pushd obj + +%cmake .. \ + -DUNIT_TESTING=ON + +%make_build VERBOSE=1 +make docs + +popd + +%install +make DESTDIR=%{buildroot} install/fast -C obj + +# +# Workaround for the removal of libssh_threads.so +# +# This will allow libraries which link against libssh_threads.so or packages +# requiring it to continue working. +# +pushd %{buildroot}%{_libdir} +for i in libssh.so.4*; +do + _target="${i}" + _link_name="${i%libssh*}libssh_threads${i##*libssh}" + if [ -L "${i}" ]; then + _target="$(readlink ${i})" + fi + ln -s "${_target}" "${_link_name}" +done; +popd + +%ldconfig_scriptlets + +%check +pushd obj +ctest --output-on-failure +popd + +%files +%doc AUTHORS BSD ChangeLog README +%license COPYING +%{_libdir}/libssh.so.4* +%{_libdir}/libssh_threads.so.4* + +%files devel +%doc obj/doc/html +%{_includedir}/libssh/ +# own this to avoid dep on cmake -- rex +%dir %{_libdir}/cmake/ +%{_libdir}/cmake/libssh/ +%{_libdir}/pkgconfig/libssh.pc +%{_libdir}/libssh.so + +%changelog +* Fri Dec 14 2018 Anderson Sasaki - 0.8.5-2 +- Fix more regressions introduced by the fixes for CVE-2018-10933 + +* Thu Nov 29 2018 Anderson Sasaki - 0.8.5-1 +- Update to version 0.8.5 + * Fixed an issue where global known_hosts file was ignored (#1649321) + * Fixed ssh_get_fd() to return writable file descriptor (#1649319) + * Fixed regression introduced in known_hosts parsing (#1649315) + * Fixed a regression which caused only the first algorithm in known_hosts to + be considered (#1638790) + +* Thu Nov 08 2018 Anderson Sasaki - 0.8.3-5 +- Fix regressions introduced by the fixes for CVE-2018-10933 + +* Wed Oct 17 2018 Nikos Mavrogiannopoulos - 0.8.3-4 +- Fix for authentication bypass issue in server implementation (#1639926) + +* Tue Oct 02 2018 Anderson Sasaki - 0.8.3-3 +- Fixed errors found by static code analysis (#1602594) + +* Fri Sep 21 2018 Anderson Sasaki - 0.8.3-1 +- Update to version 0.8.3 + * Added support for rsa-sha2 (#1610882) + * Added support to parse private keys in openssh container format (other than + ed25519) (#1622983) + * Added support for diffie-hellman-group18-sha512 and + diffie-hellman-group16-sha512 (#1610885) + * Added ssh_get_fingerprint_hash() + * Added ssh_pki_export_privkey_base64() + * Added support for Match keyword in config file + * Improved performance and reduced memory footprint for sftp + * Fixed ecdsa publickey auth + * Fixed reading a closed channel + * Added support to announce posix-rename@openssh.com and hardlink@openssh.com + in the sftp server + * Use -fstack-protector-strong if possible (#1624135) + +* Wed Aug 15 2018 Anderson Sasaki - 0.8.1-4 +- Fix the creation of symbolic links for libssh_threads.so.4 + +* Wed Aug 15 2018 Anderson Sasaki - 0.8.1-3 +- Add missing Provides for libssh_threads.so.4 + +* Tue Aug 14 2018 Anderson Sasaki - 0.8.1-2 +- Add Provides for libssh_threads.so to unbreak applications +- Fix ABIMap detection to not depend on python to build + +* Mon Aug 13 2018 Andreas Schneider - 0.8.1-1 +- Update to version 0.8.1 + https://www.libssh.org/2018/08/13/libssh-0-8-1/ + +* Fri Aug 10 2018 Andreas Schneider - 0.8.0-1 +- Update to version 0.8.0 + https://www.libssh.org/2018/08/10/libssh-0-8-0/ + +* Fri Jul 13 2018 Fedora Release Engineering - 0.7.5-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Mar 07 2018 Rex Dieter - 0.7.5-8 +- BR: gcc-c++, use %%make_build + +* Wed Feb 07 2018 Fedora Release Engineering - 0.7.5-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild +- Related: bug#1614611 + +* Thu Feb 01 2018 Andreas Schneider - 0.7.5-6 +- resolves: #1540021 - Build against OpenSSL 1.1 + +* Wed Jan 31 2018 Igor Gnatenko - 0.7.5-5 +- Switch to %%ldconfig_scriptlets + +* Fri Dec 29 2017 Andreas Schneider - 0.7.5-4 +- Fix parsing ssh_config + +* Thu Aug 03 2017 Fedora Release Engineering - 0.7.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.7.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Apr 26 2017 Peter Robinson 0.7.5-1 +- Update to version 0.7.5 + +* Sat Mar 11 2017 Rex Dieter - 0.7.4-2 +- BR: compat-openssl10-devel (f26+, #1423088) +- use %%license +- -devel: drop hardcoded pkgconfig dep (let autodeps handle it) +- %%files: track library sonames, simplify -devel +- %%install: use 'install/fast' target +- .spec cosmetics, drop deprecated %%clean section + +* Wed Feb 08 2017 Andreas Schneider - 0.7.4-1 +- Update to version 0.7.4 + * Added id_ed25519 to the default identity list + * Fixed sftp EOF packet handling + * Fixed ssh_send_banner() to confirm with RFC 4253 + * Fixed some memory leaks +- resolves: #1419007 + +* Wed Feb 24 2016 Andreas Schneider - 0.7.3-1 +- resolves: #1311259 - Fix CVE-2016-0739 +- resolves: #1311332 - Update to version 0.7.3 + * Fixed CVE-2016-0739 + * Fixed ssh-agent on big endian + * Fixed some documentation issues +- Enabled GSSAPI support + +* Thu Feb 04 2016 Fedora Release Engineering - 0.7.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Thu Oct 22 2015 Andreas Schneider - 0.7.2-2 +- resolves: #1271230 - Fix ssh-agent support on big endian + +* Wed Sep 30 2015 Andreas Schneider - 0.7.2-1 +- Update to version 0.7.2 + * Fixed OpenSSL detection on Windows + * Fixed return status for ssh_userauth_agent() + * Fixed KEX to prefer hmac-sha2-256 + * Fixed sftp packet handling + * Fixed return values of ssh_key_is_(public|private) + * Fixed bug in global success reply +- resolves: #1267346 + +* Tue Jun 30 2015 Andreas Schneider - 0.7.1-1 +- Update to version 0.7.1 + * Fixed SSH_AUTH_PARTIAL auth with auto public key + * Fixed memory leak in session options + * Fixed allocation of ed25519 public keys + * Fixed channel exit-status and exit-signal + * Reintroduce ssh_forward_listen() + +* Wed Jun 17 2015 Fedora Release Engineering - 0.7.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu May 21 2015 Orion Poplawski - 0.7.0-2 +- Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310) + +* Mon May 11 2015 Andreas Schneider - 0.7.0-1 +- Update to version 0.7.0 + * Added support for ed25519 keys + * Added SHA2 algorithms for HMAC + * Added improved and more secure buffer handling code + * Added callback for auth_none_function + * Added support for ECDSA private key signing + * Added more tests + * Fixed a lot of bugs + * Improved API documentation + +* Thu Apr 30 2015 Andreas Schneider - 0.6.5-1 +- resolves: #1213775 - Security fix for CVE-2015-3146 +- resolves: #1218076 - Security fix for CVE-2015-3146 + +* Fri Dec 19 2014 - Andreas Schneider - 0.6.4-1 +- Security fix for CVE-2014-8132. + +* Sun Aug 17 2014 Fedora Release Engineering - 0.6.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.6.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Mar 04 2014 - Andreas Schneider - 0.6.3-1 +- Fix CVE-2014-0017. + +* Mon Feb 10 2014 - Andreas Schneider - 0.6.1-1 +- Update to version 0.6.1. +- resolves: #1056757 - Fix scp mode. +- resolves: #1053305 - Fix known_hosts heuristic. + +* Wed Jan 08 2014 - Andreas Schneider - 0.6.0-1 +- Update to 0.6.0 + +* Fri Jul 26 2013 - Andreas Schneider - 0.5.5-1 +- Update to 0.5.5. +- Clenup the spec file. + +* Thu Jul 18 2013 Simone Caronni - 0.5.4-5 +- Add EPEL 5 support. +- Add Debian patches to enable Doxygen documentation. + +* Tue Jul 16 2013 Simone Caronni - 0.5.4-4 +- Add patch for #982685. + +* Mon Jun 10 2013 Simone Caronni - 0.5.4-3 +- Clean up SPEC file and fix rpmlint complaints. + +* Thu Feb 14 2013 Fedora Release Engineering - 0.5.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Wed Jan 23 2013 Petr Lautrbach 0.5.4-1 +- update to security 0.5.4 release +- CVE-2013-0176 (#894407) + +* Tue Nov 20 2012 Petr Lautrbach 0.5.3-1 +- update to security 0.5.3 release (#878465) + +* Thu Jul 19 2012 Fedora Release Engineering - 0.5.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Feb 02 2012 Petr Lautrbach 0.5.2-1 +- update to 0.5.2 version (#730270) + +* Fri Jan 13 2012 Fedora Release Engineering - 0.5.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Jun 1 2011 Jan F. Chadima - 0.5.0-1 +- bounce versionn to 0.5.0 (#709785) +- the support for protocol v1 is disabled + +* Tue Feb 08 2011 Fedora Release Engineering - 0.4.8-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jan 19 2011 Jan F. Chadima - 0.4.8-1 +- bounce versionn to 0.4.8 (#670456) + +* Mon Sep 6 2010 Jan F. Chadima - 0.4.6-1 +- bounce versionn to 0.4.6 (#630602) + +* Thu Jun 3 2010 Jan F. Chadima - 0.4.4-1 +- bounce versionn to 0.4.4 (#598592) + +* Wed May 19 2010 Jan F. Chadima - 0.4.3-1 +- bounce versionn to 0.4.3 (#593288) + +* Tue Mar 16 2010 Jan F. Chadima - 0.4.2-1 +- bounce versionn to 0.4.2 (#573972) + +* Tue Feb 16 2010 Jan F. Chadima - 0.4.1-1 +- bounce versionn to 0.4.1 (#565870) + +* Fri Dec 11 2009 Jan F. Chadima - 0.4.0-1 +- bounce versionn to 0.4.0 (#541010) + +* Thu Nov 26 2009 Jan F. Chadima - 0.3.92-2 +- typo in spec file + +* Thu Nov 26 2009 Jan F. Chadima - 0.3.92-1 +- bounce versionn to 0.3.92 (0.4 beta2) (#541010) + +* Fri Aug 21 2009 Tomas Mraz - 0.2-4 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 0.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue Jun 02 2009 Jan F. Chadima - 0.2-2 +- Small changes during review + +* Mon Jun 01 2009 Jan F. Chadima - 0.2-1 +- Initial build +