Package: libssh2 | Debian Sources

Package: libssh2 / 1.4.3-4.1+deb8u1

Package	Version	Patches format
libssh2	1.4.3-4.1+deb8u1	3.0 (quilt)

Patch	File delta	Description
0001 Add lgpg error to .pc to facilitate static linking.patch \| (download)	libssh2.pc.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] add -lgpg-error to .pc to facilitate static linking Note that this patch is Debian-specific as we know that libssh2 is linked to gcrypt. Patching configure.ac to add gpg-error as a dependent library is not good, as it would cause overlinking of libssh2, and there is no separate variable for "static dependencies". All this mess ought to be solved in gcrypt inself by providing .pc file, but it is not.
0001 Do not expose private libraries nor link flags to us.patch \| (download)	libssh2.pc.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] do not expose private libraries nor link flags to users of libssh2 Reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747417
0002 Fix typos in manpages.patch \| (download)	docs/libssh2_base64_decode.3 \| 2 1 + 1 - 0 ! docs/libssh2_channel_get_exit_status.3 \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	[patch] fix typos in manpages
0003 CVE 2015 1782.patch \| (download)	src/kex.c \| 73 41 + 32 - 0 ! 1 file changed, 41 insertions(+), 32 deletions(-)	[patch] kex: bail out on rubbish in the incoming packet
0004 CVE 2016 0787.patch \| (download)	src/kex.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cve-2016-0787: truncated difffie-hellman secret length

Patch	File delta	Description
0001 Add lgpg error to .pc to facilitate static linking.patch \| (download)	libssh2.pc.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] add -lgpg-error to .pc to facilitate static linking Note that this patch is Debian-specific as we know that libssh2 is linked to gcrypt. Patching configure.ac to add gpg-error as a dependent library is not good, as it would cause overlinking of libssh2, and there is no separate variable for "static dependencies". All this mess ought to be solved in gcrypt inself by providing .pc file, but it is not.
0001 Do not expose private libraries nor link flags to us.patch \| (download)	libssh2.pc.in \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] do not expose private libraries nor link flags to users of libssh2 Reported in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747417
0002 Fix typos in manpages.patch \| (download)	docs/libssh2_base64_decode.3 \| 2 1 + 1 - 0 ! docs/libssh2_channel_get_exit_status.3 \| 2 1 + 1 - 0 ! 2 files changed, 2 insertions(+), 2 deletions(-)	[patch] fix typos in manpages
0003 CVE 2015 1782.patch \| (download)	src/kex.c \| 73 41 + 32 - 0 ! 1 file changed, 41 insertions(+), 32 deletions(-)	[patch] kex: bail out on rubbish in the incoming packet
0004 CVE 2016 0787.patch \| (download)	src/kex.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	cve-2016-0787: truncated difffie-hellman secret length