Merge pull request #9700 from ja-pa/libssh2-1.9.0

libssh2: update to version 1.9.0 (security fix)
2019-08-24 21:42:17 +02:00 · 2019-08-24 21:42:17 +02:00 · 7acdb96b5f
parent 8fecab45bd 9c1a23d977
commit 7acdb96b5f
3 changed files with 13 additions and 105 deletions
--- a/libs/libssh2/Makefile
+++ b/libs/libssh2/Makefile
@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=libssh2
-PKG_VERSION:=1.8.2
+PKG_VERSION:=1.9.0
 PKG_RELEASE:=1

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.libssh2.org/download
-PKG_HASH:=088307d9f6b6c4b8c13f34602e8ff65d21c2dc4d55284dfe15d502c4ee190d67
+PKG_HASH:=d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd

 PKG_FIXUP:=autoreconf

@ -28,6 +28,7 @@ PKG_CONFIG_DEPENDS:= \
 	CONFIG_LIBSSH2_OPENSSL

 include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk

 define Package/libssh2
  SECTION:=libs
@ -46,12 +47,16 @@ define Package/libssh2/config
 	source "$(SOURCE)/Config.in"
 endef

-CONFIGURE_ARGS += \
-	--disable-examples-build \
-	--disable-silent-rules \
-	$(if $(CONFIG_LIBSSH2_MBEDTLS),--with-mbedtls --with-libmbedtls-prefix=$(STAGING_DIR)/usr) \
-	$(if $(CONFIG_LIBSSH2_OPENSSL),--with-openssl --with-libssl-prefix=$(STAGING_DIR)/usr) \
-	--with-libz-prefix=$(STAGING_DIR)/usr
+CMAKE_OPTIONS += \
+	-DBUILD_SHARED_LIBS=ON \
+	-DENABLE_ZLIB_COMPRESSION=ON \
+	-DCLEAR_MEMORY=ON
+
+ifeq ($(CONFIG_LIBSSH2_OPENSSL),y)
+	CMAKE_OPTIONS += -DCRYPTO_BACKEND=OpenSSL
+else
+	CMAKE_OPTIONS += -DCRYPTO_BACKEND=mbedTLS
+endif

 define Build/InstallDev
 	$(INSTALL_DIR) $(1)/usr/include
--- a/libs/libssh2/patches/01-fix-acinclude-m4.patch
+++ b/libs/libssh2/patches/01-fix-acinclude-m4.patch
@ -1,28 +0,0 @@
--- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -386,9 +386,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_MBEDTLS], [
- 
-   old_LDFLAGS=$LDFLAGS
-   old_CFLAGS=$CFLAGS
-  if test -n "$use_mbedtls" && test "$use_mbedtls" != "no"; then
-    LDFLAGS="$LDFLAGS -L$use_mbedtls/lib"
-    CFLAGS="$CFLAGS -I$use_mbedtls/include"
-+  if test -n "$with_libmbedtls_prefix" && test "$use_mbedtls" != "no"; then
-+    LDFLAGS="$LDFLAGS -L$with_libmbedtls_prefix/lib"
-+    CFLAGS="$CFLAGS -I$with_libmbedtls_prefix/include"
-   fi
- 
-   AC_LIB_HAVE_LINKFLAGS([mbedtls], [], [
-@@ -412,9 +412,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [
- 
-   old_LDFLAGS=$LDFLAGS
-   old_CFLAGS=$CFLAGS
-  if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
-    LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
-    CFLAGS="$CFLAGS -I$use_libgcrypt/include"
-+  if test -n "$with_libgcrypt_prefix" && test "$use_libgcrypt" != "no"; then
-+    LDFLAGS="$LDFLAGS -L$with_libgcrypt_prefix/lib"
-+    CFLAGS="$CFLAGS -I$with_libgcrypt_prefix/include"
-   fi
-   AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
-     #include <gcrypt.h>
--- a/libs/libssh2/patches/02-openssl-deprecated.patch
+++ b/libs/libssh2/patches/02-openssl-deprecated.patch
@ -1,69 +0,0 @@
-diff --git a/src/openssl.c b/src/openssl.c
-index 4f63ef9..411f9f6 100644
--- a/src/openssl.c
-+++ b/src/openssl.c
-@@ -1062,6 +1062,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
-                               "Unable to extract public key from private key "
-                               "file: Unable to open private key file");
-     }
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     if (!EVP_get_cipherbyname("des")) {
-         /* If this cipher isn't loaded it's a pretty good indication that none
-          * are.  I have *NO DOUBT* that there's a better way to deal with this
-@@ -1070,6 +1071,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
-          */
-         OpenSSL_add_all_ciphers();
-     }
-+#endif
-     BIO_reset(bp);
-     pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
-     BIO_free(bp);
-@@ -1138,6 +1140,7 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
-     if (!bp) {
-         return -1;
-     }
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     if (!EVP_get_cipherbyname("des")) {
-         /* If this cipher isn't loaded it's a pretty good indication that none
-          * are.  I have *NO DOUBT* that there's a better way to deal with this
-@@ -1146,6 +1149,7 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
-          */
-         OpenSSL_add_all_ciphers();
-     }
-+#endif
-     BIO_reset(bp);
-     pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
-     BIO_free(bp);
-diff --git a/src/openssl.h b/src/openssl.h
-index 3ca71fa..7a89793 100644
--- a/src/openssl.h
-+++ b/src/openssl.h
-@@ -40,7 +40,9 @@
- #include <openssl/opensslconf.h>
- #include <openssl/sha.h>
- #include <openssl/rsa.h>
-+#ifndef OPENSSL_NO_ENGINE
- #include <openssl/engine.h>
-+#endif
- #ifndef OPENSSL_NO_DSA
- #include <openssl/dsa.h>
- #endif
-@@ -226,10 +228,18 @@ int _libssh2_md5_init(libssh2_md5_ctx *ctx);
- #define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx)
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#ifndef OPENSSL_NO_ENGINE
- #define libssh2_crypto_init() \
-   OpenSSL_add_all_algorithms(); \
-   ENGINE_load_builtin_engines(); \
-   ENGINE_register_all_complete()
-+#else
-+#define libssh2_crypto_init() OpenSSL_add_all_algorithms()
-+#endif
-+#else
-+#define libssh2_crypto_init()
-+#endif
- 
- #define libssh2_crypto_exit()
-