[ELSA-2024-3233] libssh security update

[0.9.6-14]
- Fix CVE-2023-48795 Prefix truncation attack on Binary Packet Protocol (BPP)
- Fix CVE-2023-6918 Missing checks for return values for digests
- Fix CVE-2023-6004 ProxyCommand/ProxyJump features allow injection
of malicious code through hostname
- Note: version is bumped from 12 to 14 directly, as the z-stream
version in 8.9 also has 13. So bumping it to 14, will prevent
upgrade conflicts.
- Resolves:RHEL-19690, RHEL-17244, RHEL-19312

[0.9.6-12]
- Fix loglevel regression
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-11]
- .fmf/version is needed to run the tests
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-10]
- Add missing ci.fmf file
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-9]
- Fix covscan errors found at gating
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-8]
- Backport test fixing commits to make the build pass
- Related: rhbz#2182251, rhbz#2189742

[0.9.6-7]
- Fix NULL dereference during rekeying with algorithm guessing
GHSL-2023-032 / CVE-2023-1667
- Fix possible authentication bypass
GHSL 2023-085 / CVE-2023-2283
- Resolves: rhbz#2182251, rhbz#2189742

[0.9.6-6]
- Enable client and server testing build time
- Fix failing rekey test on arch s390x
- Resolves: rhbz#2126342

[0.9.6-5]
- Fix CI configuration for new TMT
- Resolves: rhbz#2149910

[0.9.6-4]
- Make VERBOSE and lower log levels less verbose
- Resolves: rhbz#2091512

[0.9.6-3]
- Remove STI tests

[0.9.6-2]
- Remove bad patch causing errors
- Adding BuildRequires for openssh (SSHD support)

[0.9.6-1]
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism
- Rebase to version 0.9.6
- Rename SSHD_EXECUTABLE to SSH_EXECUTABLE in tests/torture.c
- Resolves: rhbz#1896651, rhbz#1994600

[0.9.4-4]
- Revert previous commit as it is incorrect.

[0.9.6-1]
- Fix CVE-2021-3634: Fix possible heap-buffer overflow when
rekeying with different key exchange mechanism (#1978810)

[0.9.4-3]
- Fix CVE-2020-16135 NULL pointer dereference in sftpserver.c if
ssh_buffer_new returns NULL (#1862646)

[0.9.4-2]
- Do not return error when server properly closed the channel (#1849071)
- Add a test for CVE-2019-14889
- Do not parse configuration file in torture_knownhosts test

[0.9.4-1]
- Update to version 0.9.4
https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/
- Fixed CVE-2019-14889 (#1781782)
- Fixed CVE-2020-1730 (#1802422)
- Create missing directories in the path provided for known_hosts files (#1733914)
- Removed inclusion of OpenSSH server configuration file from
libssh_server.config (#1821339)

[0.9.0-4]
- Skip 1024 bits RSA key generation test in FIPS mode (#1734485)

[0.9.0-3]
- Add Obsoletes in libssh-config to avoid conflict with old libssh which
installed the configuration files.

[0.9.0-2]
- Eliminate circular dependency with libssh-config subpackage

[0.9.0-1]
- Update to version 0.9.0
https://www.libssh.org/2019/06/28/libssh-0-9-0/
- Added explicit Requires for crypto-policies
- Do not ignore known_hosts keys when SSH_OPTIONS_HOSTKEYS is set
- Provide the configuration files in a separate libssh-config subpackage

[0.8.91-0.1]
- Update to 0.9.0 pre release version (0.8.91)
- Added default configuration files for client and server
- Removed unused patch files left behind
- Fixed issues found to run upstream test suite with SELinux

[0.8.5-2]
- Fix more regressions introduced by the fixes for CVE-2018-10933

[0.8.5-1]
- Update to version 0.8.5
* Fixed an issue where global known_hosts file was ignored (#1649321)
* Fixed ssh_get_fd() to return writable file descriptor (#1649319)
* Fixed regression introduced in known_hosts parsing (#1649315)
* Fixed a regression which caused only the first algorithm in known_hosts to
be considered (#1638790)

[0.8.3-5]
- Fix regressions introduced by the fixes for CVE-2018-10933

[0.8.3-4]
- Fix for authentication bypass issue in server implementation (#1639926)

[0.8.3-3]
- Fixed errors found by static code analysis (#1602594)

[0.8.3-1]
- Update to version 0.8.3
* Added support for rsa-sha2 (#1610882)
* Added support to parse private keys in openssh container format (other than
ed25519) (#1622983)
* Added support for diffie-hellman-group18-sha512 and
diffie-hellman-group16-sha512 (#1610885)
* Added ssh_get_fingerprint_hash()
* Added ssh_pki_export_privkey_base64()
* Added support for Match keyword in config file
* Improved performance and reduced memory footprint for sftp
* Fixed ecdsa publickey auth
* Fixed reading a closed channel
* Added support to announce posix-rename@openssh.com and hardlink@openssh.com
in the sftp server
* Use -fstack-protector-strong if possible (#1624135)

[0.8.1-4]
- Fix the creation of symbolic links for libssh_threads.so.4

[0.8.1-3]
- Add missing Provides for libssh_threads.so.4

[0.8.1-2]
- Add Provides for libssh_threads.so to unbreak applications
- Fix ABIMap detection to not depend on python to build

[0.8.1-1]
- Update to version 0.8.1
https://www.libssh.org/2018/08/13/libssh-0-8-1/

[0.8.0-1]
- Update to version 0.8.0
https://www.libssh.org/2018/08/10/libssh-0-8-0/

[0.7.5-9]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[0.7.5-8]
- BR: gcc-c++, use %make_build

[0.7.5-7]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
- Related: bug#1614611

[0.7.5-6]
- resolves: #1540021 - Build against OpenSSL 1.1

[0.7.5-5]
- Switch to %ldconfig_scriptlets

[0.7.5-4]
- Fix parsing ssh_config

[0.7.5-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[0.7.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[0.7.5-1]
- Update to version 0.7.5

[0.7.4-2]
- BR: compat-openssl10-devel (f26+, #1423088)
- use %license
- -devel: drop hardcoded pkgconfig dep (let autodeps handle it)
- %files: track library sonames, simplify -devel
- %install: use 'install/fast' target
- .spec cosmetics, drop deprecated %clean section

[0.7.4-1]
- Update to version 0.7.4
* Added id_ed25519 to the default identity list
* Fixed sftp EOF packet handling
* Fixed ssh_send_banner() to confirm with RFC 4253
* Fixed some memory leaks
- resolves: #1419007

[0.7.3-1]
- resolves: #1311259 - Fix CVE-2016-0739
- resolves: #1311332 - Update to version 0.7.3
* Fixed CVE-2016-0739
* Fixed ssh-agent on big endian
* Fixed some documentation issues
- Enabled GSSAPI support

[0.7.2-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

[0.7.2-2]
- resolves: #1271230 - Fix ssh-agent support on big endian

[0.7.2-1]
- Update to version 0.7.2
* Fixed OpenSSL detection on Windows
* Fixed return status for ssh_userauth_agent()
* Fixed KEX to prefer hmac-sha2-256
* Fixed sftp packet handling
* Fixed return values of ssh_key_is_(public|private)
* Fixed bug in global success reply
- resolves: #1267346

[0.7.1-1]
- Update to version 0.7.1
* Fixed SSH_AUTH_PARTIAL auth with auto public key
* Fixed memory leak in session options
* Fixed allocation of ed25519 public keys
* Fixed channel exit-status and exit-signal
* Reintroduce ssh_forward_listen()

[0.7.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild

[0.7.0-2]
- Add patch to fix undefined symbol: ssh_forward_listen (bug #1221310)

[0.7.0-1]
- Update to version 0.7.0
* Added support for ed25519 keys
* Added SHA2 algorithms for HMAC
* Added improved and more secure buffer handling code
* Added callback for auth_none_function
* Added support for ECDSA private key signing
* Added more tests
* Fixed a lot of bugs
* Improved API documentation

[0.6.5-1]
- resolves: #1213775 - Security fix for CVE-2015-3146
- resolves: #1218076 - Security fix for CVE-2015-3146

[0.6.4-1]
- Security fix for CVE-2014-8132.

[0.6.3-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

[0.6.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild

[0.6.3-1]
- Fix CVE-2014-0017.

[0.6.1-1]
- Update to version 0.6.1.
- resolves: #1056757 - Fix scp mode.
- resolves: #1053305 - Fix known_hosts heuristic.

[0.6.0-1]
- Update to 0.6.0

[0.5.5-1]
- Update to 0.5.5.
- Clenup the spec file.

[0.5.4-5]
- Add EPEL 5 support.
- Add Debian patches to enable Doxygen documentation.

[0.5.4-4]
- Add patch for #982685.

[0.5.4-3]
- Clean up SPEC file and fix rpmlint complaints.

[0.5.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild

[0.5.4-1]
- update to security 0.5.4 release
- CVE-2013-0176 (#894407)

[0.5.3-1]
- update to security 0.5.3 release (#878465)

[0.5.2-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild

[0.5.2-1]
- update to 0.5.2 version (#730270)

[0.5.0-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild

[0.5.0-1]
- bounce versionn to 0.5.0 (#709785)
- the support for protocol v1 is disabled

[0.4.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild

[0.4.8-1]
- bounce versionn to 0.4.8 (#670456)

[0.4.6-1]
- bounce versionn to 0.4.6 (#630602)

[0.4.4-1]
- bounce versionn to 0.4.4 (#598592)

[0.4.3-1]
- bounce versionn to 0.4.3 (#593288)

[0.4.2-1]
- bounce versionn to 0.4.2 (#573972)

[0.4.1-1]
- bounce versionn to 0.4.1 (#565870)

[0.4.0-1]
- bounce versionn to 0.4.0 (#541010)

[0.3.92-2]
- typo in spec file

[0.3.92-1]
- bounce versionn to 0.3.92 (0.4 beta2) (#541010)

[0.2-4]
- rebuilt with new openssl

[0.2-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild

[0.2-2]
- Small changes during review

[0.2-1]
- Initial build