doc/doxy.config.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 be sure we never build latex documentation

doc/doxy.config.in | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 do not exclude "*/build/*" directory as buildd use that path

src/server.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix typo

include/libssh/wrapper.h | 1 1 + 0 - 0 !
src/bind.c | 3 2 + 1 - 0 !
src/libcrypto.c | 9 9 + 0 - 0 !
src/libgcrypt.c | 3 3 + 0 - 0 !
4 files changed, 15 insertions(+), 1 deletion(-)

 [patch] security: fix for vulnerability cve-2014-0017

When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.

Conflicts:
	src/bind.c

src/kex.c | 7 6 + 1 - 0 !
1 file changed, 6 insertions(+), 1 deletion(-)

 [patch] cve-2014-8132: fixup error path in ssh_packet_kexinit()

Before this change, dangling pointers can be unintentionally left in the
respective next_crypto kex methods slots.  Ensure to set all slots to
NULL in the error-out path.

Signed-off-by: Jon Simons <jon@jonsimons.org>

src/buffer.c | 6 6 + 0 - 0 !
src/client.c | 4 2 + 2 - 0 !
src/server.c | 1 1 + 0 - 0 !
3 files changed, 9 insertions(+), 2 deletions(-)

 [patch 1/2] cve-2015-3146: fix state validation in packet handlers

The state validation in the packet handlers for SSH_MSG_NEWKEYS and
SSH_MSG_KEXDH_REPLY had a bug which did not raise an error.

The issue has been found and reported by Mariusz Ziule.

Signed-off-by: Aris Adamantiadis <aris@0xbadc0de.be>

src/dh.c | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 cve-2016-0739: truncated diffie-hellman secret length