* [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3
@ 2016-02-24 12:01 Gustavo Zacarias
2016-02-24 12:01 ` [Buildroot] [PATCH 2/2] libssh2: security bump to version 1.7.0 Gustavo Zacarias
2016-02-24 16:36 ` [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3 Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Gustavo Zacarias @ 2016-02-24 12:01 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2016-0739 - Bits/bytes confusion resulting in truncated
Difffie-Hellman secret length.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/libssh/libssh.hash | 6 +++---
package/libssh/libssh.mk | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/libssh/libssh.hash b/package/libssh/libssh.hash
index 49bf6c9..1eef804 100644
--- a/package/libssh/libssh.hash
+++ b/package/libssh/libssh.hash
@@ -1,4 +1,4 @@
# from https://red.libssh.org/projects/libssh/files/
-md5 5d7d468937649a6dfc6186edfff083db libssh-0.7.2.tar.xz
-# Locally calculated after checking signature on uncompressed libssh-0.7.2.tar
-sha256 a32c45b9674141cab4bde84ded7d53e931076c6b0f10b8fd627f3584faebae62 libssh-0.7.2.tar.xz
+md5 05465da8004f3258db946346213209de libssh-0.7.3.tar.xz
+# Locally calculated after checking signature on uncompressed libssh-0.7.3.tar
+sha256 26ef46be555da21112c01e4b9f5e3abba9194485c8822ab55ba3d6496222af98 libssh-0.7.3.tar.xz
diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
index d425ff0..29bbf4e 100644
--- a/package/libssh/libssh.mk
+++ b/package/libssh/libssh.mk
@@ -4,9 +4,9 @@
#
################################################################################
-LIBSSH_VERSION = 0.7.2
+LIBSSH_VERSION = 0.7.3
LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
-LIBSSH_SITE = https://red.libssh.org/attachments/download/177
+LIBSSH_SITE = https://red.libssh.org/attachments/download/195
LIBSSH_LICENSE = LGPLv2.1
LIBSSH_LICENSE_FILES = COPYING
LIBSSH_INSTALL_STAGING = YES
--
2.4.10
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] libssh2: security bump to version 1.7.0
2016-02-24 12:01 [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3 Gustavo Zacarias
@ 2016-02-24 12:01 ` Gustavo Zacarias
2016-02-24 16:36 ` Peter Korsgaard
2016-02-24 16:36 ` [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3 Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Gustavo Zacarias @ 2016-02-24 12:01 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2016-0787 - diffie_hellman_sha256: convert bytes to bits.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/libssh2/libssh2.hash | 2 +-
package/libssh2/libssh2.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libssh2/libssh2.hash b/package/libssh2/libssh2.hash
index 3bf7562..8f6268f 100644
--- a/package/libssh2/libssh2.hash
+++ b/package/libssh2/libssh2.hash
@@ -1,2 +1,2 @@
# Locally calculated after checking pgp signature
-sha256 5a202943a34a1d82a1c31f74094f2453c207bf9936093867f41414968c8e8215 libssh2-1.6.0.tar.gz
+sha256 e4561fd43a50539a8c2ceb37841691baf03ecb7daf043766da1b112e4280d584 libssh2-1.7.0.tar.gz
diff --git a/package/libssh2/libssh2.mk b/package/libssh2/libssh2.mk
index 51dcf0e..221fac4 100644
--- a/package/libssh2/libssh2.mk
+++ b/package/libssh2/libssh2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-LIBSSH2_VERSION = 1.6.0
+LIBSSH2_VERSION = 1.7.0
LIBSSH2_SITE = http://www.libssh2.org/download
LIBSSH2_LICENSE = BSD
LIBSSH2_LICENSE_FILES = COPYING
--
2.4.10
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3
2016-02-24 12:01 [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3 Gustavo Zacarias
2016-02-24 12:01 ` [Buildroot] [PATCH 2/2] libssh2: security bump to version 1.7.0 Gustavo Zacarias
@ 2016-02-24 16:36 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2016-02-24 16:36 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> Fixes:
> CVE-2016-0739 - Bits/bytes confusion resulting in truncated
> Difffie-Hellman secret length.
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 2/2] libssh2: security bump to version 1.7.0
2016-02-24 12:01 ` [Buildroot] [PATCH 2/2] libssh2: security bump to version 1.7.0 Gustavo Zacarias
@ 2016-02-24 16:36 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2016-02-24 16:36 UTC (permalink / raw)
To: buildroot
>>>>> "Gustavo" == Gustavo Zacarias <gustavo@zacarias.com.ar> writes:
> Fixes:
> CVE-2016-0787 - diffie_hellman_sha256: convert bytes to bits.
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-02-24 16:36 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-02-24 12:01 [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3 Gustavo Zacarias
2016-02-24 12:01 ` [Buildroot] [PATCH 2/2] libssh2: security bump to version 1.7.0 Gustavo Zacarias
2016-02-24 16:36 ` Peter Korsgaard
2016-02-24 16:36 ` [Buildroot] [PATCH 1/2] libssh: security bump to version 0.7.3 Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.