diff -Nru libssh-0.5.4/debian/changelog libssh-0.5.4/debian/changelog
--- libssh-0.5.4/debian/changelog	2014-02-21 13:17:55.000000000 +0000
+++ libssh-0.5.4/debian/changelog	2014-05-15 06:07:45.000000000 +0000
@@ -1,4 +1,26 @@
-libssh (0.5.4-2) lucid; urgency=low
+libssh (0.5.4-3~12.04.1) precise; urgency=low
+
+  * Rebuild for Ubuntu 12.04.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Fri, 09 May 2014 16:17:05 +0200
+
+libssh (0.5.4-3) unstable; urgency=high
+
+  [ Mike Gabriel ]
+  * debian/rules:
+    + Add get-orig-source rule.
+  * debian/watch:
+    + Handle tar.gz and tar.xz upstream tarballs alike.
+  * debian/copyright.in:
+    + Ship auto-generated copyright file in debian/ folder.
+
+  [ Laurent Bigonville ]
+  * debian/patches/0007-security-fix-for-vulnerability-CVE-2014-0017.patch:
+    Reset the PRNG state after acception a new connection (CVE-2014-0017)
+
+ -- Laurent Bigonville <bigon@debian.org>  Wed, 05 Mar 2014 22:42:19 +0100
+
+libssh (0.5.4-2) unstable; urgency=low
 
   * debian/control:
     + Add myself to Uploaders: field as discussed with current
diff -Nru libssh-0.5.4/debian/control libssh-0.5.4/debian/control
--- libssh-0.5.4/debian/control	2014-02-18 12:34:16.000000000 +0000
+++ libssh-0.5.4/debian/control	2014-05-09 14:16:21.000000000 +0000
@@ -4,7 +4,7 @@
 Maintainer: Laurent Bigonville <bigon@debian.org>
 Uploaders:
  Mike Gabriel <sunweaver@debian.org>,
-Build-Depends: cdbs (>= 0.4.93~), debhelper (>= 8.1.3~), cmake (>= 2.6), libssl-dev, libz-dev
+Build-Depends: cdbs, debhelper, cmake (>= 2.6), libssl-dev, libz-dev
 Build-Depends-Indep: doxygen
 Standards-Version: 3.9.2
 Vcs-Git: git://anonscm.debian.org/collab-maint/libssh.git
diff -Nru libssh-0.5.4/debian/copyright.in libssh-0.5.4/debian/copyright.in
--- libssh-0.5.4/debian/copyright.in	1970-01-01 00:00:00.000000000 +0000
+++ libssh-0.5.4/debian/copyright.in	2014-03-05 21:42:25.000000000 +0000
@@ -0,0 +1,196 @@
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: FIXME
+Upstream-Contact: FIXME
+Source: FIXME
+Disclaimer: Autogenerated by CDBS
+
+Files: include/libssh/auth.h
+ include/libssh/bind.h
+ include/libssh/buffer.h
+ include/libssh/channels.h
+ include/libssh/crypto.h
+ include/libssh/dh.h
+ include/libssh/kex.h
+ include/libssh/keyfiles.h
+ include/libssh/keys.h
+ include/libssh/legacy.h
+ include/libssh/libcrypto.h
+ include/libssh/libgcrypt.h
+ include/libssh/libssh.h
+ include/libssh/libsshpp.hpp
+ include/libssh/messages.h
+ include/libssh/misc.h
+ include/libssh/packet.h
+ include/libssh/pki.h
+ include/libssh/poll.h
+ include/libssh/priv.h
+ include/libssh/scp.h
+ include/libssh/server.h
+ include/libssh/session.h
+ include/libssh/sftp.h
+ include/libssh/socket.h
+ include/libssh/string.h
+ include/libssh/threads.h
+ include/libssh/wrapper.h
+ src/auth1.c
+ src/base64.c
+ src/bind.c
+ src/buffer.c
+ src/client.c
+ src/connect.c
+ src/crc32.c
+ src/crypt.c
+ src/error.c
+ src/gcrypt_missing.c
+ src/init.c
+ src/kex.c
+ src/keys.c
+ src/legacy.c
+ src/libcrypto.c
+ src/libgcrypt.c
+ src/log.c
+ src/messages.c
+ src/packet.c
+ src/packet1.c
+ src/pcap.c
+ src/pki.c
+ src/server.c
+ src/session.c
+ src/sftpserver.c
+ src/socket.c
+ src/string.c
+ src/threads.c
+ src/threads/pthread.c
+ src/wrapper.c
+ tests/benchmarks/bench_raw.c
+ tests/benchmarks/bench_scp.c
+ tests/benchmarks/benchmarks.c
+ tests/benchmarks/benchmarks.h
+ tests/benchmarks/latency.c
+ tests/client/torture_algorithms.c
+ tests/client/torture_auth.c
+ tests/client/torture_connect.c
+ tests/client/torture_knownhosts.c
+ tests/test_pcap.c
+ tests/test_socket.c
+Copyright: 2003, Aris Adamantiadis
+  2003,2009, Aris Adamantiadis
+  2003-2005, Aris Adamantiadis
+  2003-2006, Aris Adamantiadis
+  2003-2008, Aris Adamantiadis
+  2003-2009, Aris Adamantiadis
+  2004-2005, Aris Adamantiadis
+  2005, Aris Adamantiadis
+  2005-2005, Aris Adamantiadis
+  2005-2008, Aris Adamantiadis
+  2008, Aris Adamantiadis
+  2008-2010, Aris Adamantiadis
+  2009, Aris Adamantiadis
+  2010, Aris Adamantiadis
+License: LGPL-2.1+
+ FIXME
+
+Files: examples/exec.c
+ examples/senddata.c
+ include/libssh/agent.h
+ include/libssh/pcap.h
+ include/libssh/ssh1.h
+ include/libssh/ssh2.h
+ tests/authentication.c
+ tests/benchmarks/bench1.sh
+ tests/benchmarks/bench2.sh
+ tests/chmodtest.c
+ tests/client/torture_proxycommand.c
+ tests/client/torture_sftp_dir.c
+ tests/client/torture_sftp_static.c
+ tests/cmdline.c
+ tests/connection.c
+ tests/generate.py
+ tests/sftp_stress/main.c
+ tests/test_exec.c
+ tests/test_tunnel.c
+ tests/tests.h
+ tests/unittests/torture_buffer.c
+ tests/unittests/torture_callbacks.c
+ tests/unittests/torture_init.c
+ tests/unittests/torture_isipaddr.c
+ tests/unittests/torture_keyfiles.c
+ tests/unittests/torture_list.c
+ tests/unittests/torture_misc.c
+ tests/unittests/torture_options.c
+ tests/unittests/torture_rand.c
+Copyright: *No copyright*
+License: UNKNOWN
+ FIXME
+
+Files: examples/authentication.c
+ examples/connect_ssh.c
+ examples/examples_common.h
+ examples/knownhosts.c
+ examples/libssh_scp.c
+ examples/libsshpp.cpp
+ examples/libsshpp_noexcept.cpp
+ examples/sample.c
+ examples/samplesftp.c
+ examples/samplesshd.c
+ examples/scp_download.c
+ examples/sshnetcat.c
+Copyright: 2003-2009, Aris Adamantiadis
+  2009, Aris Adamantiadis
+  2010, Aris Adamantiadis
+License: UNKNOWN
+ FIXME
+
+Files: src/auth.c
+ src/channels.c
+ src/channels1.c
+ src/dh.c
+ src/gzip.c
+ src/keyfiles.c
+ src/known_hosts.c
+ src/misc.c
+ src/options.c
+ src/sftp.c
+Copyright: 2003, Aris Adamantiadis
+  2003-2008, Aris Adamantiadis
+  2003-2009, Aris Adamantiadis
+  2005-2008, Aris Adamantiadis
+  2008-2009, Andreas Schneider <mail@cynapses.org>
+  2009, Andreas Schneider <mail@cynapses.org>
+License: LGPL-2.1+
+ FIXME
+
+Files: src/agent.c
+ src/callbacks.c
+ src/config.c
+ tests/torture.c
+ tests/torture.h
+Copyright: 2008-2009, Andreas Schneider <mail@cynapses.org>
+  2009, Andreas Schneider <mail@cynapses.org>
+License: LGPL-2.1+
+ FIXME
+
+Files: include/libssh/callbacks.h
+ src/scp.c
+Copyright: 2009, Aris Adamantiadis <aris@0xbadc0de.be>
+License: LGPL-2.1+
+ FIXME
+
+Files: src/match.c
+Copyright: 1995, Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+  2000, Markus Friedl.
+License: BSD (2 clause)
+ FIXME
+
+Files: src/poll.c
+Copyright: 2003-2009, Aris Adamantiadis
+  2009, Aleksandar Kanchev
+  2009-2010, Andreas Schneider <mail@cynapses.org>
+License: LGPL-2.1+
+ FIXME
+
+Files: src/getpass.c
+Copyright: 2011, Andreas Schneider <mail@cryptomilk.org>
+License: LGPL-2.1+
+ FIXME
+
diff -Nru libssh-0.5.4/debian/patches/0007-security-fix-for-vulnerability-CVE-2014-0017.patch libssh-0.5.4/debian/patches/0007-security-fix-for-vulnerability-CVE-2014-0017.patch
--- libssh-0.5.4/debian/patches/0007-security-fix-for-vulnerability-CVE-2014-0017.patch	1970-01-01 00:00:00.000000000 +0000
+++ libssh-0.5.4/debian/patches/0007-security-fix-for-vulnerability-CVE-2014-0017.patch	2014-03-05 21:42:25.000000000 +0000
@@ -0,0 +1,98 @@
+From 48f0bfc70363ca31c8889ca68759e587bc6d7cbd Mon Sep 17 00:00:00 2001
+From: Aris Adamantiadis <aris@0xbadc0de.be>
+Date: Wed, 5 Feb 2014 21:24:12 +0100
+Subject: [PATCH] security: fix for vulnerability CVE-2014-0017
+
+When accepting a new connection, a forking server based on libssh forks
+and the child process handles the request. The RAND_bytes() function of
+openssl doesn't reset its state after the fork, but simply adds the
+current process id (getpid) to the PRNG state, which is not guaranteed
+to be unique.
+This can cause several children to end up with same PRNG state which is
+a security issue.
+
+Conflicts:
+	src/bind.c
+---
+ include/libssh/wrapper.h | 1 +
+ src/bind.c               | 3 ++-
+ src/libcrypto.c          | 9 +++++++++
+ src/libgcrypt.c          | 3 +++
+ 4 files changed, 15 insertions(+), 1 deletion(-)
+
+diff --git a/include/libssh/wrapper.h b/include/libssh/wrapper.h
+index 8c03497..b8cd4d2 100644
+--- a/include/libssh/wrapper.h
++++ b/include/libssh/wrapper.h
+@@ -44,5 +44,6 @@ int crypt_set_algorithms_server(ssh_session session);
+ struct ssh_crypto_struct *crypto_new(void);
+ void crypto_free(struct ssh_crypto_struct *crypto);
+ 
++void ssh_reseed(void);
+ 
+ #endif /* WRAPPER_H_ */
+diff --git a/src/bind.c b/src/bind.c
+index cc79f8e..cdcdabe 100644
+--- a/src/bind.c
++++ b/src/bind.c
+@@ -374,7 +374,8 @@ int ssh_bind_accept(ssh_bind sshbind, ssh_session session) {
+   ssh_socket_get_poll_handle_out(session->socket);
+   session->dsa_key = dsa;
+   session->rsa_key = rsa;
+-
++  /* force PRNG to change state in case we fork after ssh_bind_accept */
++  ssh_reseed();
+   return SSH_OK;
+ }
+ 
+diff --git a/src/libcrypto.c b/src/libcrypto.c
+index f43a91e..0932cbe 100644
+--- a/src/libcrypto.c
++++ b/src/libcrypto.c
+@@ -23,6 +23,7 @@
+ #include <stdlib.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <sys/time.h>
+ 
+ #include "libssh/priv.h"
+ #include "libssh/session.h"
+@@ -38,6 +39,8 @@
+ #include <openssl/rsa.h>
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
++#include <openssl/rand.h>
++
+ #ifdef HAVE_OPENSSL_AES_H
+ #define HAS_AES
+ #include <openssl/aes.h>
+@@ -66,6 +69,12 @@ static int alloc_key(struct crypto_struct *cipher) {
+     return 0;
+ }
+ 
++void ssh_reseed(void){
++    struct timeval tv;
++    gettimeofday(&tv, NULL);
++    RAND_add(&tv, sizeof(tv), 0.0);
++}
++
+ SHACTX sha1_init(void) {
+   SHACTX c = malloc(sizeof(*c));
+   if (c == NULL) {
+diff --git a/src/libgcrypt.c b/src/libgcrypt.c
+index f8fe96f..9a7ea43 100644
+--- a/src/libgcrypt.c
++++ b/src/libgcrypt.c
+@@ -41,6 +41,9 @@ static int alloc_key(struct crypto_struct *cipher) {
+     return 0;
+ }
+ 
++void ssh_reseed(void){
++	}
++
+ SHACTX sha1_init(void) {
+   SHACTX ctx = NULL;
+   gcry_md_open(&ctx, GCRY_MD_SHA1, 0);
+-- 
+1.9.0
+
diff -Nru libssh-0.5.4/debian/patches/series libssh-0.5.4/debian/patches/series
--- libssh-0.5.4/debian/patches/series	2014-02-18 12:34:16.000000000 +0000
+++ libssh-0.5.4/debian/patches/series	2014-03-05 21:42:25.000000000 +0000
@@ -4,3 +4,4 @@
 0004-reset-global-request-status.patch
 0005-multi-reverse-fwd.patch
 0006-ssh-handle-package-zero-timeouts.patch
+0007-security-fix-for-vulnerability-CVE-2014-0017.patch
diff -Nru libssh-0.5.4/debian/rules libssh-0.5.4/debian/rules
--- libssh-0.5.4/debian/rules	2014-02-18 12:34:16.000000000 +0000
+++ libssh-0.5.4/debian/rules	2014-03-05 21:42:25.000000000 +0000
@@ -15,3 +15,6 @@
 
 build/libssh-doc::
 	$(MAKE) -C $(DEB_BUILDDIR) doc
+
+get-orig-source:
+	uscan --noconf --force-download --rename --download-current-version --destdir=..
\ No newline at end of file
diff -Nru libssh-0.5.4/debian/watch libssh-0.5.4/debian/watch
--- libssh-0.5.4/debian/watch	2014-02-18 12:34:16.000000000 +0000
+++ libssh-0.5.4/debian/watch	2014-03-05 21:42:25.000000000 +0000
@@ -1,3 +1,3 @@
 version=3
 https://red.libssh.org/projects/libssh/files \
-    /attachments/download/\d+/libssh-(.*)\.tar.gz
+    /attachments/download/\d+/libssh-(.*)\.tar\.(?:gz|xz)