libssh (0.6.1-0ubuntu3.5) trusty-security; urgency=medium

  * SECURITY REGRESSION: fix multiple regressions (LP: #1805348)
    - debian/patches/CVE-2018-10933-regression.patch: set correct state
      after sending INFO_REQUEST in src/server.c.
    - debian/patches/CVE-2018-10933-regression2.patch: add missing break in
      src/packet.c.
    - debian/patches/CVE-2018-10933-regression3.patch: set correct state
      after sending GSSAPI_RESPONSE in src/gssapi.c.

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 27 Nov 2018 10:05:25 -0500

libssh (0.6.1-0ubuntu3.4) trusty-security; urgency=medium

  * SECURITY UPDATE: authentication bypass vulnerability
    - debian/patches/CVE-2018-10933-*.patch: add upstream patches to
      correct the issue.
    - CVE-2018-10933

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 16 Oct 2018 15:38:00 -0400

libssh (0.6.1-0ubuntu3.3) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via incorrect SSH_MSG_NEWKEYS and
    KEXDH_REPLY packet handling
    - debian/patches/CVE-2015-3146.patch: fix state validation in
      src/packet_cb.c, src/server.c, src/buffer.c.
    - CVE-2015-3146
  * SECURITY UPDATE: weakness in diffie-hellman secret key generation
    - debian/patches/CVE-2016-0739.patch: fix bits/bytes confusion bug in
      src/dh.c.
    - CVE-2016-0739

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Tue, 23 Feb 2016 07:35:04 -0500

libssh (0.6.1-0ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted kexinit packet
    - debian/patches/CVE-2014-8132.patch: properly set slots to NULL in
      src/kex.c.
    - CVE-2014-8132

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 07 Jan 2015 12:03:32 -0500

libssh (0.6.1-0ubuntu3) trusty; urgency=medium

  * SECURITY UPDATE: PRNG state reuse on forking servers
    - debian/patches/CVE-2014-0017.patch: force reseed after fork in
      include/libssh/wrapper.h, src/bind.c, src/libcrypto.c,
      src/libgcrypt.c.
    - CVE-2014-0017

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Mon, 10 Mar 2014 09:47:11 -0400

libssh (0.6.1-0ubuntu2) trusty; urgency=medium

  * Fix .symbols file

 -- Jonathan Riddell <jriddell@ubuntu.com>  Thu, 13 Feb 2014 11:57:02 +0000

libssh (0.6.1-0ubuntu1) trusty; urgency=low

  * New upstream release.

 -- Scarlett Clark <scarlett@scarlettgatelyclark.com>  Wed, 12 Feb 2014 10:49:46 -0800

libssh (0.5.4-1) unstable; urgency=low

  * New upstream security release
    - Fix NULL dereference leads to denial of service
      (Closes: #698963, CVE-2013-0176)
  * debian/patches/0003-fix-typo.patch: Fix typo in error message

 -- Laurent Bigonville <bigon@debian.org>  Tue, 05 Feb 2013 01:06:40 +0100

libssh (0.5.3-1) unstable; urgency=high

  * New upstream security release
    - Fixes CVE-2012-4559, CVE-2012-4560, CVE-2012-4561, CVE-2012-4562
    - Fix regression in pre-connected socket setting (Closes: #688700)

 -- Laurent Bigonville <bigon@debian.org>  Wed, 21 Nov 2012 13:53:14 +0100

libssh (0.5.2-1) unstable; urgency=low

  * New upstream release
    - Fix bug with ssh_channel_write (Closes: #631950)
  * debian/watch: Use new tarball location

 -- Laurent Bigonville <bigon@debian.org>  Mon, 19 Sep 2011 12:01:26 +0200

libssh (0.5.1-1) unstable; urgency=low

  * New upstream release (Closes: #637445)
  * debian/patches/0001-rename-threads-static.patch,
    debian/patches/0002-Check-for-NULL-pointers-in-string-c.patch: Dropped
  * debian/rules:
    - Adjust rule that build documentation
  * debian/patches/0001-disable-latex-documentation.patch: Disable LaTeX
    documentation generation (Closes: #622108)
  * debian/control: Drop texlive-fonts-recommended build-dependency
  * debian/patches/0002-fix-html-doc-generation.patch: Fix HTML doc generation
    (LP: #821437)
  * debian/libssh-doc.doc-base: Refine Title and Files glob

 -- Laurent Bigonville <bigon@debian.org>  Fri, 19 Aug 2011 00:46:48 +0200

libssh (0.5.0-2) unstable; urgency=low

  * debian/patches/0002-Check-for-NULL-pointers-in-string-c.patch:
    Consolidate patch (Should fix previous REJECT)
  * Support multiarch spec

 -- Laurent Bigonville <bigon@debian.org>  Wed, 15 Jun 2011 15:48:07 +0200

libssh (0.5.0-1) unstable; urgency=low

  * New upstream release
  * debian/control:
    - Bump Standards-Version to 3.9.2 (no further changes)
    - Fix short description to please lintian
  * debian/libssh-dev.install:
    - Remove "static" from the static library name
    - Install pkg-config file
  * debian/libssh-4.symbols: Add new symbols to .symbols file
  * debian/patch/0001-rename-threads-static.patch:
    Rename libssh_threads_static.so to libssh_threads.so
  * debian/libssh-4.install, debian/libssh-dev.install, debian/libssh-4.symbols,
    debian/libssh-4.lintian-overrides: Install libssh_threads library
  * debian/patches/0002-Check-for-NULL-pointers-in-string-c.patch:
    Check if string is NULL.

 -- Laurent Bigonville <bigon@debian.org>  Fri, 10 Jun 2011 22:47:54 +0200

libssh (0.4.8-2) unstable; urgency=low

  * Upload to unstable
  * debian/control: Add texlive-fonts-recommended to Build-Depends-Indep
    (Closes: #608319)

 -- Laurent Bigonville <bigon@debian.org>  Sun, 13 Mar 2011 22:06:00 +0100

libssh (0.4.8-1) experimental; urgency=low

  * New upstream release
  * Bump debhelper compatibility to 8

 -- Laurent Bigonville <bigon@debian.org>  Mon, 17 Jan 2011 19:31:47 +0100

libssh (0.4.7-1) experimental; urgency=low

  * New upstream release
    - Drop all patches, applied upstream
  * debian/watch: Fix URL regex

 -- Laurent Bigonville <bigon@debian.org>  Tue, 04 Jan 2011 21:24:34 +0100

libssh (0.4.6-1) experimental; urgency=low

  * New upstream release

 -- Laurent Bigonville <bigon@debian.org>  Mon, 13 Dec 2010 23:30:03 +0100

libssh (0.4.5-3) unstable; urgency=low

  * d/p/0002-socket-Fixed-uninitialized-fd-revents-member.patch:
    Fix uninitialized memory use (Closes: #606347)

 -- Laurent Bigonville <bigon@debian.org>  Sat, 11 Dec 2010 01:33:45 +0100

libssh (0.4.5-2) unstable; urgency=low

  * Add d/p/0001-socket.c-Fixed-setting-max_fd-which-breaks-ssh_selec.patch:
    Fix slow response in Remmina SSH (Closes: #599687, LP: #663777)
  * debian/control: Bump Standards-Version to 3.9.1 (no futher changes)
  * debian/copyright: Update copyright file to please lintian

 -- Laurent Bigonville <bigon@debian.org>  Wed, 20 Oct 2010 20:45:48 +0200

libssh (0.4.5-1) unstable; urgency=low

  * New upstream release
  * Bump Standards-Version to 3.9.0 (no further changes)
  * Move doxygen to Build-Depends-Indep

 -- Laurent Bigonville <bigon@debian.org>  Sun, 18 Jul 2010 22:48:10 +0200

libssh (0.4.4-1) unstable; urgency=low

  * New upstream release
    - Should fix ~/.ssh directory access (Closes: #582461)

 -- Laurent Bigonville <bigon@debian.org>  Mon, 31 May 2010 20:10:56 +0200

libssh (0.4.3-1) unstable; urgency=low

  * New upstream release
    - Drop 0001-Fix-symbols-visibility.patch, applied upstream
    - Update debian/libssh-4.symbols: Add new symbol

 -- Laurent Bigonville <bigon@debian.org>  Tue, 18 May 2010 21:06:33 +0200

libssh (0.4.2-1) unstable; urgency=low

  * New upstream release
    - 0001-Fix-symbols-visibility.patch: Only export needed symbols
    - debian/libssh-4.symbols: Update symbols file

 -- Laurent Bigonville <bigon@debian.org>  Thu, 25 Mar 2010 13:38:35 +0100

libssh (0.4.1-1) unstable; urgency=low

  * New upstream release
  * debian/control: Bump Standards-Version (no further changes)
  * Use new source package format '3.0 (quilt)'

 -- Laurent Bigonville <bigon@debian.org>  Sat, 13 Feb 2010 20:18:18 +0100

libssh (0.4.0-1) unstable; urgency=low

  * New upstream release.
    - Bump soname
    - Adjust .symbols file
  * Readd static library in -dev package
  * Let dh_lintian install override file
  * debian/README.Debian: Update file
  * debian/rules: Add list-missing rule

 -- Laurent Bigonville <bigon@debian.org>  Sat, 12 Dec 2009 14:29:12 +0100

libssh (0.3.4-3) unstable; urgency=low

  * Add correct Conflicts/Replaces for -dev and -doc packages
    (Closes: #550996)

 -- Laurent Bigonville <bigon@debian.org>  Thu, 15 Oct 2009 09:59:57 +0200

libssh (0.3.4-2) unstable; urgency=low

  * debian/watch: Update the URL
  * debian/copyright: Add missing licence for some cmake/Modules files

 -- Laurent Bigonville <bigon@debian.org>  Mon, 12 Oct 2009 09:37:03 +0200

libssh (0.3.4-1) unstable; urgency=low

  * New upstream release (Closes: #467284).
    - Adjust build-deps and use cmake
    - Bump soname and adjust .symbols file
  * debian/control:
    - Use my debian.org address in Uploaders and takeover the package
      with Jean-Philippe permission
    - Use now official Vcs-* field
    - Use new Homepage field instead of old pseudo-field
    - Bump Standards-Version to 3.8.3 (no further changes)
    - Use debug section for -dbg package
    - Add ${misc:Depends} to please lintian
    - Remove duplicate section to please lintian
  * debian/libssh-2-doc.doc-base: Fix doc-base-uses-applications-section
  * Bump debhelper version to 7
  * debian/libssh-dev.install: do not install .la file and static
    library anymore
  * debian/libssh-3.lintian-overrides: Update override
  * debian/copyright: Update copyright file
  * debian/libssh-3.symbols: Add initial symbols file

 -- Laurent Bigonville <bigon@debian.org>  Fri, 09 Oct 2009 21:21:16 +0200

libssh (0.2+svn20070321-4) unstable; urgency=low

  * debian/control:
    - Add XS-Vcs-Svn and XS-Vcs-Browser fields.
    - Change to ${binary:Version} for versionized dependencies.
  * Add debian/README.Debian to disambiguate the package name 

 -- Laurent Bigonville <bigon@bigon.be>  Fri, 27 Jul 2007 15:00:06 +0200

libssh (0.2+svn20070321-3) unstable; urgency=low

  * Fix wrong versionized Replaces for -doc package

 -- Laurent Bigonville <bigon@bigon.be>  Thu,  5 Apr 2007 17:58:27 +0200

libssh (0.2+svn20070321-2) unstable; urgency=low

  * Split devel package into devel and documentation packages 

 -- Laurent Bigonville <bigon@bigon.be>  Mon, 26 Mar 2007 15:29:51 +0200

libssh (0.2+svn20070321-1) unstable; urgency=low

  * New svn snapshot:
    - Fix broken include in include/libssh/server.h (Closes: #410020)
    - Fix nasty bug in server side code

 -- Laurent Bigonville <bigon@bigon.be>  Mon, 26 Mar 2007 15:06:40 +0200

libssh (0.2-1) unstable; urgency=low

  * New upstream release. 

 -- Laurent Bigonville <bigon@bigon.be>  Fri, 29 Dec 2006 07:40:20 +0100

libssh (0.2~rc-1) unstable; urgency=low

  * Initial release (Closes: #316872)

 -- Jean-Philippe Garcia Ballester <giga@le-pec.org>  Wed, 20 Dec 2006 23:56:50 +0100
