Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libssh2: update to version 1.9.0 (security fix)

Browse source 
Changes:
Fix CVE-2019-13115
Remove old patches
Switch to cmake

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
This commit is contained in:
Jan Pavlinec 2019-08-12 14:44:10 +02:00
parent cfce65696e
commit 9c1a23d977
No known key found for this signature in database
GPG key ID: 60244CCEFB39E584
3 changed files with 13 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
libs/libssh2/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=libssh2 PKG_NAME:=libssh2
PKG_VERSION:=1.8.2 PKG_VERSION:=1.9.0
PKG_RELEASE:=1 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://www.libssh2.org/download PKG_SOURCE_URL:=https://www.libssh2.org/download
PKG_HASH:=088307d9f6b6c4b8c13f34602e8ff65d21c2dc4d55284dfe15d502c4ee190d67 PKG_HASH:=d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd
PKG_FIXUP:=autoreconf PKG_FIXUP:=autoreconf
@ -28,6 +28,7 @@ PKG_CONFIG_DEPENDS:= \
CONFIG_LIBSSH2_OPENSSL CONFIG_LIBSSH2_OPENSSL
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/libssh2 define Package/libssh2
SECTION:=libs SECTION:=libs
@ -46,12 +47,16 @@ define Package/libssh2/config
source "$(SOURCE)/Config.in" source "$(SOURCE)/Config.in"
endef endef
CONFIGURE_ARGS += \ CMAKE_OPTIONS += \
--disable-examples-build \ -DBUILD_SHARED_LIBS=ON \
--disable-silent-rules \ -DENABLE_ZLIB_COMPRESSION=ON \
$(if $(CONFIG_LIBSSH2_MBEDTLS),--with-mbedtls --with-libmbedtls-prefix=$(STAGING_DIR)/usr) \ -DCLEAR_MEMORY=ON
$(if $(CONFIG_LIBSSH2_OPENSSL),--with-openssl --with-libssl-prefix=$(STAGING_DIR)/usr) \
--with-libz-prefix=$(STAGING_DIR)/usr ifeq ($(CONFIG_LIBSSH2_OPENSSL),y)
CMAKE_OPTIONS += -DCRYPTO_BACKEND=OpenSSL
else
CMAKE_OPTIONS += -DCRYPTO_BACKEND=mbedTLS
endif
define Build/InstallDev define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include $(INSTALL_DIR) $(1)/usr/include

28
libs/libssh2/patches/01-fix-acinclude-m4.patch
View file

@ -1,28 +0,0 @@
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -386,9 +386,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_MBEDTLS], [
old_LDFLAGS=$LDFLAGS
old_CFLAGS=$CFLAGS
- if test -n "$use_mbedtls" && test "$use_mbedtls" != "no"; then
- LDFLAGS="$LDFLAGS -L$use_mbedtls/lib"
- CFLAGS="$CFLAGS -I$use_mbedtls/include"
+ if test -n "$with_libmbedtls_prefix" && test "$use_mbedtls" != "no"; then
+ LDFLAGS="$LDFLAGS -L$with_libmbedtls_prefix/lib"
+ CFLAGS="$CFLAGS -I$with_libmbedtls_prefix/include"
fi
AC_LIB_HAVE_LINKFLAGS([mbedtls], [], [
@@ -412,9 +412,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [
old_LDFLAGS=$LDFLAGS
old_CFLAGS=$CFLAGS
- if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
- LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
- CFLAGS="$CFLAGS -I$use_libgcrypt/include"
+ if test -n "$with_libgcrypt_prefix" && test "$use_libgcrypt" != "no"; then
+ LDFLAGS="$LDFLAGS -L$with_libgcrypt_prefix/lib"
+ CFLAGS="$CFLAGS -I$with_libgcrypt_prefix/include"
fi
AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
#include <gcrypt.h>

69
libs/libssh2/patches/02-openssl-deprecated.patch
View file

@ -1,69 +0,0 @@
diff --git a/src/openssl.c b/src/openssl.c
index 4f63ef9..411f9f6 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -1062,6 +1062,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
"Unable to extract public key from private key "
"file: Unable to open private key file");
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none
* are. I have *NO DOUBT* that there's a better way to deal with this
@@ -1070,6 +1071,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
*/
OpenSSL_add_all_ciphers();
}
+#endif
BIO_reset(bp);
pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
BIO_free(bp);
@@ -1138,6 +1140,7 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
if (!bp) {
return -1;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
if (!EVP_get_cipherbyname("des")) {
/* If this cipher isn't loaded it's a pretty good indication that none
* are. I have *NO DOUBT* that there's a better way to deal with this
@@ -1146,6 +1149,7 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
*/
OpenSSL_add_all_ciphers();
}
+#endif
BIO_reset(bp);
pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
BIO_free(bp);
diff --git a/src/openssl.h b/src/openssl.h
index 3ca71fa..7a89793 100644
--- a/src/openssl.h
+++ b/src/openssl.h
@@ -40,7 +40,9 @@
#include <openssl/opensslconf.h>
#include <openssl/sha.h>
#include <openssl/rsa.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
#ifndef OPENSSL_NO_DSA
#include <openssl/dsa.h>
#endif
@@ -226,10 +228,18 @@ int _libssh2_md5_init(libssh2_md5_ctx *ctx);
#define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx)
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifndef OPENSSL_NO_ENGINE
#define libssh2_crypto_init() \
OpenSSL_add_all_algorithms(); \
ENGINE_load_builtin_engines(); \
ENGINE_register_all_complete()
+#else
+#define libssh2_crypto_init() OpenSSL_add_all_algorithms()
+#endif
+#else
+#define libssh2_crypto_init()
+#endif
#define libssh2_crypto_exit()