Package: libssh / 0.5.4-3~bpo70+1

Metadata

Package Version Patches format
libssh 0.5.4-3~bpo70+1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0001 disable latex documentation.patch | (download)

doc/doxy.config.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 be sure we never build latex documentation
0002 fix html doc generation.patch | (download)

doc/doxy.config.in | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 do not exclude "*/build/*" directory as buildd use that path
0003 fix typo.patch | (download)

src/server.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix typo
0004 reset global request status.patch | (download)

src/channels.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 allow requesting more than one channel per session.
0005 multi reverse fwd.patch | (download)

include/libssh/libssh.h | 1 1 + 0 - 0 !
src/channels.c | 28 24 + 4 - 0 !
2 files changed, 25 insertions(+), 4 deletions(-)

 allow requesting multiple reverse port forwarding tunnels per connection
0006 ssh handle package zero timeouts.patch | (download)

src/channels.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 handle packet timeouts properly (speed improvement)
0007 security fix for vulnerability CVE 2014 0017.patch | (download)

include/libssh/wrapper.h | 1 1 + 0 - 0 !
src/bind.c | 3 2 + 1 - 0 !
src/libcrypto.c | 9 9 + 0 - 0 !
src/libgcrypt.c | 3 3 + 0 - 0 !
4 files changed, 15 insertions(+), 1 deletion(-)

 [patch] security: fix for vulnerability cve-2014-0017

When accepting a new connection, a forking server based on libssh forks
and the child process handles the request. The RAND_bytes() function of
openssl doesn't reset its state after the fork, but simply adds the
current process id (getpid) to the PRNG state, which is not guaranteed
to be unique.
This can cause several children to end up with same PRNG state which is
a security issue.

Conflicts:
	src/bind.c