libssh-0.11.4-160000.1.1

- Update to 0.11.4:
  * Security fixes:
  - CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
    (bsc#1258049)
  - CVE-2026-0965: Possible Denial of Service when parsing unexpected
    configuration files (bsc#1258045)
  - CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
    (bsc#1258054)
  - CVE-2026-0967: Specially crafted patterns could cause DoS (bsc#1258081)
  - CVE-2026-0968: OOB Read in sftp_parse_longname() (bsc#1258080)
  - libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP extensions
  * Other fixes:
  - Stability and compatibility improvements of ProxyJump
  * Remove patch upstream: libssh-cmake-Add-option-WITH_HERMETIC_USR.patch

- Update to 0.11.3
  * Security:
  * CVE-2025-8114: Fix NULL pointer dereference after allocation failure (bsc#1246974)
  * CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX (bsc#1249375)
  * Potential UAF when send() fails during key exchange
  * Bugfixes:
  * Fix possible timeout during KEX if client sends authentication too early
  * Cleanup OpenSSL PKCS#11 provider when loaded
  * Zeroize buffers containing private key blobs during export

- Update to version 0.11.2
  * Security:
  * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion (bsc#1245309)
  * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() (bsc#1245310)
  * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management (bsc#1245311)
  * CVE-2025-5351 - Double free in functions exporting keys (bsc#1245312)
  * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures (bsc#1245314)
  * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding (bsc#1245316)
  * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL (bsc#1245317)
  * Compatibility
  * Fixed compatibility with CPM.cmake
  * Compatibility with OpenSSH 10.0
  * Tests compatibility with new Dropbear releases
  * Removed p11-kit remoting from the pkcs11 testsuite
  * Bugfixes
  * Implement missing packet filter for DH GEX
  * Properly process the SSH2_MSG_DEBUG message
  * Allow escaping quotes in quoted arguments to ssh configuration
  * Do not fail with unknown match keywords in ssh configuration
  * Process packets before selecting signature algorithm during authentication
  * Do not fail hard when the SFTP status message is not sent by noncompliant
    servers
- Removed libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch
- Removed libssh-misc-Fix-OpenSSH-banner-parsing.patch

- Fix hang in torture_session test (bsc#1243799)
  * Add patch libssh-tests-Fix-an-issue-where-torture_session-request-a-SIGTERM-too-early.patch

- Fix build and tests with OpenSSH >= 10.0
  * Use %make_build instead of naked make
  * Add patches:
  - libssh-CmakeLists-Fix-multiple-digit-major-version-for-OpenSSH.patch
  - libssh-misc-Fix-OpenSSH-banner-parsing.patch

- Move global config dir to /usr/etc/libssh (bsc#1222716)
  * Add patch libssh-cmake-Add-option-WITH_HERMETIC_USR.patch

- Do not Require cmake from the devel package: there is no
  requirement that consumers would be using cmake.
- Own %{_libdir}/cmake to not leave traces when uninstalling the
  package and being the only one left installing files to that
  directory.

- Update to version 0.11.1:
  * Fixed default TTY modes that are set when stdin is not
    connected to tty.
  * Fixed zlib cleanup procedure, which could crash on i386.
  * Various test fixes improving their stability.
  * Remove 0001-disable-timeout-test-on-slow-buildsystems.patch
    to enable slow tests also in s390 s390x ppc64le.

- Set BuildArch: noarch for the config package as it only ships
  configuration files.

- Update to version 0.11.0
  https://www.libssh.org/2024/08/08/libssh-0-11-0-release/
- Updated 0001-disable-timeout-test-on-slow-buildsystems.patch
- Removed libssh-fix-ipv6-hostname-regression.patch