Bug#693882: marked as done (unblock: libssh/0.5.3-1)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Wed, 21 Nov 2012 22:37:39 +0100
with message-id <20121121213739.GO17465@radis.cristau.org>
and subject line Re: Bug#693882: unblock: libssh/0.5.3-1
has caused the Debian Bug report #693882,
regarding unblock: libssh/0.5.3-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
693882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693882
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: libssh/0.5.3-1
• From: Laurent Bigonville <bigon@debian.org>
• Date: Wed, 21 Nov 2012 14:16:14 +0100
• Message-id: <[🔎] 20121121131614.27425.99290.reportbug@fornost.bigon.be>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Hello,

Please unblock package libssh

This version fixes 4 CVE and several other bugs

version 0.5.3 (released 2012-11-20)
  * CVE-2012-4559 Fixed multiple double free() flaws.
  * CVE-2012-4560 Fixed multiple buffer overflow flaws.
  * CVE-2012-4561 Fixed multiple invalid free() flaws.
  * BUG #84 - Fix bug in sftp_mkdir not returning on error.
  * BUG #85 - Fixed a possible channel infinite loop if the connection dropped.
  * BUG #88 - Added missing channel request_state and set it to accepted.
  * BUG #89 - Reset error state to no error on successful SSHv1 authentiction.
  * Fixed a possible use after free in ssh_free().
  * Fixed multiple possible NULL pointer dereferences.
  * Fixed multiple memory leaks in error paths.
  * Fixed timeout handling.
  * Fixed regression in pre-connected socket setting.
  * Handle all unknown global messages.

Diffstat:

$ debdiff --exclude '*.bak' --exclude '*.patch' /tmp/libssh_0.5.2-1.dsc libssh_0.5.3-1.dsc |diffstat 
 CMakeLists.txt           |    4 -
 CPackConfig.cmake        |    2 
 ChangeLog                |   15 ++++++
 README                   |  113 +++++++++++++++++++++++++++++++++++++++++------
 SECFIX_0.5.2.tar.asc     |    7 ++
 debian/changelog         |    8 +++
 doc/mainpage.dox         |  113 +++++++++++++++++++++++++++++++++++++++++------
 doc/threading.dox        |   18 +++----
 include/libssh/bind.h    |    7 --
 include/libssh/misc.h    |    1 
 include/libssh/priv.h    |   12 +++-
 include/libssh/session.h |   13 +++--
 include/libssh/socket.h  |    1 
 src/agent.c              |    3 +
 src/auth.c               |    1 
 src/auth1.c              |    1 
 src/bind.c               |    6 +-
 src/buffer.c             |   34 ++++++++++----
 src/callbacks.c          |    2 
 src/channels.c           |   21 +++++++-
 src/channels1.c          |    1 
 src/client.c             |    7 +-
 src/connect.c            |    2 
 src/crypt.c              |    1 
 src/dh.c                 |    5 ++
 src/error.c              |    9 ++-
 src/getpass.c            |    1 
 src/keyfiles.c           |   36 +++++++-------
 src/keys.c               |    5 ++
 src/known_hosts.c        |    1 
 src/log.c                |   64 ++++++++++++++++++--------
 src/messages.c           |   14 +++--
 src/misc.c               |   54 ++++++++++++++++------
 src/options.c            |   16 +++---
 src/packet.c             |    1 
 src/server.c             |    4 -
 src/session.c            |   69 ++++++++++++----------------
 src/sftp.c               |   41 ++++++++++++-----
 src/sftpserver.c         |    1 
 src/socket.c             |   27 ++++++++---
 src/string.c             |   26 +++++++---
 41 files changed, 558 insertions(+), 209 deletions(-)


unblock libssh/0.5.3-1

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/8 CPU cores)
Locale: LANG=fr_BE.utf8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Attachment: libssh.diff.gz
Description: GNU Zip compressed data

--- End Message ---

--- Begin Message ---

• To: Laurent Bigonville <bigon@debian.org>, 693882-done@bugs.debian.org
• Subject: Re: Bug#693882: unblock: libssh/0.5.3-1
• From: Julien Cristau <jcristau@debian.org>
• Date: Wed, 21 Nov 2012 22:37:39 +0100
• Message-id: <20121121213739.GO17465@radis.cristau.org>
• In-reply-to: <[🔎] 20121121212817.48a0f66d@fornost.bigon.be>
• References: <[🔎] 20121121131614.27425.99290.reportbug@fornost.bigon.be> <[🔎] 20121121192450.GK17465@radis.cristau.org> <[🔎] 20121121212817.48a0f66d@fornost.bigon.be>

On Wed, Nov 21, 2012 at 21:28:17 +0100, Laurent Bigonville wrote:

> Le Wed, 21 Nov 2012 20:24:50 +0100,
> Julien Cristau <jcristau@debian.org> a écrit :
> 
> > On Wed, Nov 21, 2012 at 14:16:14 +0100, Laurent Bigonville wrote:
> > 
> > > $ debdiff --exclude '*.bak' --exclude
> > > '*.patch' /tmp/libssh_0.5.2-1.dsc libssh_0.5.3-1.dsc |diffstat 
> > 
> > Why are these patch files included in the tarball?  Are they used at
> > all, or just cruft?
> 
> The patches are the one that fix the CVE, I'm not sure why they are
> present there, maybe for reference but they are not used at all.
> 
> The other .bak file is just leftover.
> 
There's also a bunch of tarballs that don't seem to belong inside this
one at all…

Anyway, unblocked.

Cheers,
Julien

Attachment: signature.asc
Description: Digital signature

--- End Message ---