* Tue Jun 24 2025 asn@cryptomilk.org
- Update to version 0.11.2
* Security:
* CVE-2025-4877 - Write beyond bounds in binary to base64 conversion (bsc#1245309)
* CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
* CVE-2025-5318 - Likely read beyond bounds in sftp server handle management (bsc#1245311)
* CVE-2025-5351 - Double free in functions exporting keys (bsc#1245312)
* CVE-2025-5372 - ssh_kdf() returns a success code on certain failures (bsc#1245314)
* CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding (bsc#1245316)
* CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL (bsc#1245317)
* Compatibility
* Fixed compatibility with CPM.cmake
* Compatibility with OpenSSH 10.0
* Tests compatibility with new Dropbear releases
* Removed p11-kit remoting from the pkcs11 testsuite
* Bugfixes
* Implement missing packet filter for DH GEX
* Properly process the SSH2_MSG_DEBUG message
* Allow escaping quotes in quoted arguments to ssh configuration
* Do not fail with unknown match keywords in ssh configuration
* Process packets before selecting signature algorithm during authentication
* Do not fail hard when the SFTP status message is not sent by noncompliant
servers
- Removed libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch
- Removed libssh-misc-Fix-OpenSSH-banner-parsing.patch
* Thu May 29 2025 lucas.mulling@suse.com
- Fix hang in torture_session test (bsc#1243799)
* Add patch libssh-tests-Fix-an-issue-where-torture_session-request-a-SIGTERM-too-early.patch
* Wed Apr 23 2025 lucas.mulling@suse.com
- Fix build and tests with OpenSSH >= 10.0
* Use %make_build instead of naked make
* Add patches:
- libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch
- libssh-misc-Fix-OpenSSH-banner-parsing.patch
* Tue Feb 18 2025 lucas.mulling@suse.com
- Move global config dir to /usr/etc/libssh (bsc#1222716)
* Add patch libssh-cmake-Add-option-WITH_HERMETIC_USR.patch
* Tue Feb 04 2025 dimstar@opensuse.org
- Do not Require cmake from the devel package: there is no
requirement that consumers would be using cmake.
- Own %{_libdir}/cmake to not leave traces when uninstalling the
package and being the only one left installing files to that
directory.
* Fri Sep 13 2024 pmonreal@suse.com
- Update to version 0.11.1:
* Fixed default TTY modes that are set when stdin is not
connected to tty.
* Fixed zlib cleanup procedure, which could crash on i386.
* Various test fixes improving their stability.
* Remove 0001-disable-timeout-test-on-slow-buildsystems.patch
to enable slow tests also in s390 s390x ppc64le.
* Fri Sep 13 2024 pmonreal@suse.com
- Set BuildArch: noarch for the config package as it only ships
configuration files.
* Fri Aug 09 2024 asn@cryptomilk.org
- Update to version 0.11.0
https://www.libssh.org/2024/08/08/libssh-0-11-0-release/
- Updated 0001-disable-timeout-test-on-slow-buildsystems.patch
- Removed libssh-fix-ipv6-hostname-regression.patch
* Fri Apr 12 2024 pmonreal@suse.com
- Don't change the path for crypto-policies libssh.config (bsc#1222716)
* Sat Dec 23 2023 asn@cryptomilk.org
- Fix regression parsing IPv6 addresses provided as hostname
* Added libssh-fix-ipv6-hostname-regression.patch