head	1.3;
access;
symbols
	pkgsrc-2026Q1:1.3.0.2
	pkgsrc-2026Q1-base:1.3
	pkgsrc-2025Q4:1.2.0.6
	pkgsrc-2025Q4-base:1.2
	pkgsrc-2025Q3:1.2.0.4
	pkgsrc-2025Q3-base:1.2
	pkgsrc-2025Q2:1.2.0.2
	pkgsrc-2025Q2-base:1.2
	pkgsrc-2025Q1:1.1.0.38
	pkgsrc-2025Q1-base:1.1
	pkgsrc-2024Q4:1.1.0.36
	pkgsrc-2024Q4-base:1.1
	pkgsrc-2024Q3:1.1.0.34
	pkgsrc-2024Q3-base:1.1
	pkgsrc-2024Q2:1.1.0.32
	pkgsrc-2024Q2-base:1.1
	pkgsrc-2024Q1:1.1.0.30
	pkgsrc-2024Q1-base:1.1
	pkgsrc-2023Q4:1.1.0.28
	pkgsrc-2023Q4-base:1.1
	pkgsrc-2023Q3:1.1.0.26
	pkgsrc-2023Q3-base:1.1
	pkgsrc-2023Q2:1.1.0.24
	pkgsrc-2023Q2-base:1.1
	pkgsrc-2023Q1:1.1.0.22
	pkgsrc-2023Q1-base:1.1
	pkgsrc-2022Q4:1.1.0.20
	pkgsrc-2022Q4-base:1.1
	pkgsrc-2022Q3:1.1.0.18
	pkgsrc-2022Q3-base:1.1
	pkgsrc-2022Q2:1.1.0.16
	pkgsrc-2022Q2-base:1.1
	pkgsrc-2022Q1:1.1.0.14
	pkgsrc-2022Q1-base:1.1
	pkgsrc-2021Q4:1.1.0.12
	pkgsrc-2021Q4-base:1.1
	pkgsrc-2021Q3:1.1.0.10
	pkgsrc-2021Q3-base:1.1
	pkgsrc-2021Q2:1.1.0.8
	pkgsrc-2021Q2-base:1.1
	pkgsrc-2021Q1:1.1.0.6
	pkgsrc-2021Q1-base:1.1
	pkgsrc-2020Q4:1.1.0.4
	pkgsrc-2020Q4-base:1.1
	pkgsrc-2020Q3:1.1.0.2
	pkgsrc-2020Q3-base:1.1;
locks; strict;
comment	@# @;


1.3
date	2026.03.17.19.33.33;	author bsiegert;	state Exp;
branches;
next	1.2;
commitid	N2D70hl4TVAmCmyG;

1.2
date	2025.05.01.18.19.22;	author tnn;	state Exp;
branches;
next	1.1;
commitid	68X1B6dqmRUxueTF;

1.1
date	2020.09.13.18.45.36;	author otis;	state Exp;
branches;
next	;
commitid	Riene5uYnEQqZUnC;


desc
@@


1.3
log
@libssh: update to 0.11.4

This is a stable release in the 0.11 series. There is also 0.12.0
available, but this has less potential for breakage, I assume.

version 0.11.4 (released 2026-02-10)
 * Security:
   * CVE-2025-14821: libssh loads configuration files from the C:\etc directory
     on Windows
   * CVE-2026-0964: SCP Protocol Path Traversal in ssh_scp_pull_request()
   * CVE-2026-0965: Possible Denial of Service when parsing unexpected
     configuration files
   * CVE-2026-0966: Buffer underflow in ssh_get_hexa() on invalid input
   * CVE-2026-0967: Specially crafted patterns could cause DoS
   * CVE-2026-0968: OOB Read in sftp_parse_longname()
   * libssh-2026-sftp-extensions: Read buffer overrun when handling SFTP
     extensions
 * Stability and compatibility improvements of ProxyJump

version 0.11.3 (released 2025-09-09)
 * Security:
   * CVE-2025-8114: Fix NULL pointer dereference after allocation failure
   * CVE-2025-8277: Fix memory leak of ephemeral key pair during repeated wrong KEX
   * Potential UAF when send() fails during key exchange
 * Fix possible timeout during KEX if client sends authentication too early (#311)
 * Cleanup OpenSSL PKCS#11 provider when loaded
 * Zeroize buffers containing private key blobs during export

version 0.11.2 (released 2025-06-24)
 * Security:
   * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion
   * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file()
   * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management
   * CVE-2025-5351 - Double free in functions exporting keys
   * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures
   * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding
   * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL
 * Compatibility
   * Fixed compatibility with CPM.cmake
   * Compatibility with OpenSSH 10.0
   * Tests compatibility with new Dropbear releases
   * Removed p11-kit remoting from the pkcs11 testsuite
 * Bugfixes
   * Implement missing packet filter for DH GEX
   * Properly process the SSH2_MSG_DEBUG message
   * Allow escaping quotes in quoted arguments to ssh configuration
   * Do not fail with unknown match keywords in ssh configuration
   * Process packets before selecting signature algorithm during authentication
   * Do not fail hard when the SFTP status message is not sent by noncompliant
     servers
@
text
@$NetBSD: patch-tests_CMakeLists.txt,v 1.2 2025/05/01 18:19:22 tnn Exp $

* OpenSSH 10 support
* Search for sshd also in /usr/lib/ssh where it is located
  in SunOS/SmartOS.

--- tests/CMakeLists.txt.orig	2026-02-10 09:47:00.000000000 +0000
+++ tests/CMakeLists.txt
@@@@ -192,7 +192,8 @@@@ find_program(SSHD_EXECUTABLE
              PATHS
                 /sbin
                 /usr/sbin
-                /usr/local/sbin)
+                /usr/local/sbin
+                /usr/lib/ssh)
 
 if (WITH_PKCS11_URI)
     find_package(softhsm)
@


1.2
log
@libssh: support OpenSSH major version 10. Bump.
@
text
@d1 1
a1 1
$NetBSD: patch-tests_CMakeLists.txt,v 1.1 2020/09/13 18:45:36 otis Exp $
d7 1
a7 1
--- tests/CMakeLists.txt.orig	2024-08-29 13:01:56.000000000 +0000
d9 1
a9 12
@@@@ -100,8 +100,8 @@@@ add_subdirectory(unittests)
 find_program(SSH_EXECUTABLE NAMES ssh)
 if (SSH_EXECUTABLE)
     execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR)
-    string(REGEX REPLACE "^.*OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
-    string(REGEX REPLACE "^.*OpenSSH_[0-9].([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
+    string(REGEX REPLACE "^.*OpenSSH_([0-9]+)[.]([0-9]+).*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
+    string(REGEX REPLACE "^.*OpenSSH_([0-9]+)[.]([0-9]+).*$" "\\2" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
     set(OPENSSH_VERSION "${OPENSSH_VERSION_MAJOR}.${OPENSSH_VERSION_MINOR}")
     if("${OPENSSH_VERSION}" VERSION_LESS "6.3")
         # ssh - Q was introduced in 6.3
@@@@ -168,7 +168,8 @@@@ find_program(SSHD_EXECUTABLE
d17 2
a18 13
 if (CLIENT_TESTING OR SERVER_TESTING)
     find_package(socket_wrapper 1.1.5 REQUIRED)
@@@@ -212,8 +213,8 @@@@ if (CLIENT_TESTING OR SERVER_TESTING)
     find_program(SSH_EXECUTABLE NAMES ssh)
     if (SSH_EXECUTABLE)
         execute_process(COMMAND ${SSH_EXECUTABLE} -V ERROR_VARIABLE OPENSSH_VERSION_STR)
-        string(REGEX REPLACE "^.*OpenSSH_([0-9]).[0-9].*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
-        string(REGEX REPLACE "^.*OpenSSH_[0-9].([0-9]).*$" "\\1" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
+        string(REGEX REPLACE "^.*OpenSSH_([0-9]+)[.]([0-9]+).*$" "\\1" OPENSSH_VERSION_MAJOR "${OPENSSH_VERSION_STR}")
+        string(REGEX REPLACE "^.*OpenSSH_([0-9]+)[.]([0-9]+).*$" "\\2" OPENSSH_VERSION_MINOR "${OPENSSH_VERSION_STR}")
         add_definitions(-DOPENSSH_VERSION_MAJOR=${OPENSSH_VERSION_MAJOR} -DOPENSSH_VERSION_MINOR=${OPENSSH_VERSION_MINOR})
     endif()
 
@


1.1
log
@libssh: Fix build on SunOS/SmartOS

Instruct cmake to look for sshd executable also in /usr/lib/ssh
@
text
@d1 1
a1 1
$NetBSD$
d3 3
a5 2
Search for sshd also in /usr/lib/ssh where it is located
in SunOS/SmartOS.
d7 1
a7 1
--- tests/CMakeLists.txt.orig	2020-09-10 12:43:04.000000000 +0000
d9 12
a20 1
@@@@ -117,7 +117,8 @@@@ find_program(SSHD_EXECUTABLE
d30 11
@