libssh2: version bump/CVE fixes

- CVE-2019-3855
  Possible integer overflow in transport read allows out-of-bounds write

- CVE-2019-3856
  Possible integer overflow in keyboard interactive handling allows
  out-of-bounds write

- CVE-2019-3857
  Possible integer overflow leading to zero-byte allocation and out-of-bounds
  write

- CVE-2019-3858
  Possible zero-byte allocation leading to an out-of-bounds read

- CVE-2019-3859
  Out-of-bounds reads with specially crafted payloads due to unchecked use of
  `_libssh2_packet_require` and `_libssh2_packet_requirev`

- CVE-2019-3860
  Out-of-bounds reads with specially crafted SFTP packets

- CVE-2019-3861
  Out-of-bounds reads with specially crafted SSH packets

- CVE-2019-3862
  Out-of-bounds memory comparison

- CVE-2019-3863
  Integer overflow in user authenicate keyboard interactive allows
  out-of-bounds writes

Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>

diff --git a/libs/libssh2/Makefile b/libs/libssh2/Makefile
index f591953bbcafb25f431a9e55635ff8456b1e4ea0..e0911f7238a3071972625aedb253b2658e468c93 100644 (file)
--- a/libs/libssh2/Makefile
+++ b/libs/libssh2/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libssh2
-PKG_VERSION:=1.7.0
-PKG_RELEASE:=2
+PKG_VERSION:=1.8.1
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.libssh2.org/download
-PKG_MD5SUM:=b01662a210e94cccf2f76094db7dac5c
+PKG_HASH:=40b517f35b1bb869d0075b15125c7a015557f53a5a3a6a8bffb89b69fd70f159
 
 PKG_INSTALL:=1
 
@@ -35,12 +35,11 @@ define Package/libssh2/description
  libssh2 is a client-side C library implementing the SSH2 protocol.
 endef
 
-TARGET_CFLAGS += $(FPIC)
-
 CONFIGURE_ARGS += \
        --disable-examples-build \
        --with-libssl-prefix=$(STAGING_DIR)/usr \
-       --with-libz-prefix=$(STAGING_DIR)/usr
+       --with-libz-prefix=$(STAGING_DIR)/usr \
+       --with-openssl
 
 define Build/InstallDev
        $(INSTALL_DIR) $(1)/usr/include