Upload page content

You can upload content for the page named below. If you change the page name, you can also upload content for another page. If the page name is empty, we derive the page name from the file name.

File to load page content from
Page name
Comment

    PaulHowarth/Blog/2015-03-11

Wednesday 11th March 2015

Fedora Project

  • Updated libssh2 to 1.5.0 in F-20, F-21, F-22 and Rawhide:

    • Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded

    • Missing _libssh2_error in _libssh2_channel_write

    • knownhost: Fix DSS keys being detected as unknown

    • knownhost: Restore behaviour of 'libssh2_knownhost_writeline' with short buffer

    • libssh2.h: On Windows, a socket is of type SOCKET, not int

    • libssh2_priv.h: A 1 bit bit-field should be unsigned

    • Windows build: Do not export externals from static library

    • Fixed two potential use-after-frees of the payload buffer

    • Fixed a few memory leaks in error paths

    • userauth: Fixed an attempt to free from stack on error

    • agent_list_identities: Fixed memory leak on OOM

    • knownhosts: Abort if the hosts buffer is too small

    • sftp_close_handle: Ensure the handle is always closed

    • channel_close: Close the channel even in the case of errors

    • Docs: Added missing libssh2_session_handshake.3 file

    • Docs: Fixed a bunch of typos

    • userauth_password: Pass on the underlying error code

    • _libssh2_channel_forward_cancel: Accessed struct after free

    • _libssh2_packet_add: Avoid using uninitialized memory

    • _libssh2_channel_forward_cancel: Avoid memory leaks on error

    • _libssh2_channel_write: Client spins on write when window full

    • Windows build: Fix build errors

    • publickey_packet_receive: Avoid junk in returned pointers

    • channel_receive_window_adjust: Store windows size always

    • userauth_hostbased_fromfile: Zero assign to avoid uninitialized use

    • configure: Change LIBS not LDFLAGS when checking for libs

    • agent_connect_unix: Make sure there's a trailing zero

    • MinGW build: Fixed redefine warnings

    • sftpdir.c: Added authentication method detection

    • Watcom build: Added support for WinCNG build

    • configure.ac: Replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS

    • sftp_statvfs: Fix for servers not supporting statfvs extension

    • knownhost.c: Use LIBSSH2_FREE macro instead of free

    • Fixed compilation using mingw-w64

    • knownhost.c: Fixed that 'key_type_len' may be used uninitialized

    • configure: Display individual crypto backends on separate lines

    • Examples on Windows: Check for WSAStartup return code

    • Examples on Windows: Check for socket return code

    • agent.c: Check return code of MapViewOfFile

    • kex.c: Fix possible NULL pointer de-reference with session->kex

    • packet.c: Fix possible NULL pointer de-reference within listen_state

    • Tests on Windows: Check for WSAStartup return code

    • userauth.c: Improve readability and clarity of for-loops

    • Examples on Windows: Use native SOCKET-type instead of int

    • packet.c: i < 256 was always true and i would overflow to 0

    • kex.c: Make sure mlist is not set to NULL

    • session.c: Check return value of session_nonblock in debug mode

    • session.c: Check return value of session_nonblock during startup

    • userauth.c: Make sure that sp_len is positive and avoid overflows

    • knownhost.c: Fix use of uninitialized argument variable wrote

    • openssl: Initialise the digest context before calling EVP_DigestInit()

    • libssh2_agent_init: Init ->fd to LIBSSH2_INVALID_SOCKET

    • configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib`

    • configure.ac: Rework crypto library detection

    • configure.ac: Reorder --with-* options in --help output

    • configure.ac: Call zlib zlib and not libz in text but keep option names

    • Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro

    • sftp: seek: Don't flush buffers on same offset

    • sftp: statvfs: Along error path, reset the correct 'state' variable

    • sftp: Add support for fsync (OpenSSH extension)

    • _libssh2_channel_read: Fix data drop when out of window

    • comp_method_zlib_decomp: Improve buffer growing algorithm

    • _libssh2_channel_read: Honour window_size_initial

    • window_size: Redid window handling for flow control reasons

    • knownhosts: Handle unknown key types

Local Packages

  • Updated libssh2 to 1.5.0 as per the Fedora version

  • Updated perl-Variable-Magic to 0.56:

    • Remove lvalue uses of ERRSV (CPAN RT#101410)

    • Test: $ENV{$Config{ldlibpthname}} is now preserved on all platforms, which will address failures of t/17-ctl.t with unusual compilers (like icc) that link all their compiled objects to their own libraries

    • Test: The global destruction test is now only run on perl 5.13.4 and higher, and only if either Perl::Destruct::Level is installed or PERL_DESTRUCT_LEVEL is set and the perl is a debugging perl; this will solve rare crashes of t/15-self.t on perl 5.13.3 and older

  • Updated sendmail (8.15.1) to drop the sysvinit sub-package (FESCO #615)

Recent