libssh: updated to 0.9.3
authorNikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Mon, 13 Jan 2020 22:12:35 +0000 (23:12 +0100)
committerNikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
Tue, 14 Jan 2020 21:21:48 +0000 (22:21 +0100)
This updates the library to address several CVEs, add modern
crypto, and eliminate legacy patches.

Signed-off-by: Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com>
18 files changed:
libs/libssh/Makefile
libs/libssh/patches/0001-misc-Add-strndup-implementation-if-not-provides-by-t.patch [deleted file]
libs/libssh/patches/0002-packet-Add-missing-break-in-ssh_packet_incoming_filt.patch [deleted file]
libs/libssh/patches/0003-server-Set-correct-state-after-sending-INFO_REQUEST-.patch [deleted file]
libs/libssh/patches/0004-messages-Check-that-the-requested-service-is-ssh-con.patch [deleted file]
libs/libssh/patches/0005-examples-Explicitly-track-auth-state-in-samplesshd-k.patch [deleted file]
libs/libssh/patches/0006-server-Fix-compile-error.patch [deleted file]
libs/libssh/patches/0007-gssapi-Set-correct-state-after-sending-GSSAPI_RESPON.patch [deleted file]
libs/libssh/patches/0008-libcrypto-Fix-memory-leak-in-evp_final.patch [deleted file]
libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch [deleted file]
libs/libssh/patches/001-compile.patch
libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch [deleted file]
libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch [deleted file]
libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch [deleted file]
libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch [deleted file]
libs/libssh/patches/002-disable-libssp.patch [deleted file]
libs/libssh/patches/010-openssl-11-deprecated.patch [deleted file]
libs/libssh/patches/020-openssl-threads.patch [deleted file]

index b7143c02a8f8f6dfb6f645fb019b6c073ab34d24..263548f5b6225da75ff3a1a0b4ef2c2410b6dbd5 100644 (file)
@@ -11,16 +11,17 @@ PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause
 PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
 
 PKG_NAME:=libssh
-PKG_VERSION:=0.7.6
-PKG_RELEASE:=4
+PKG_VERSION:=0.9.3
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=https://www.libssh.org/files/0.7/
-PKG_HASH:=1d607d3859274f755942324afb0f887ee22edd157f9596a2e69e3a28ec6d1092
+PKG_SOURCE_URL:=https://www.libssh.org/files/0.9/
+PKG_HASH:=2c8b5f894dced58b3d629f16f3afa6562c20b4bdc894639163cf657833688f0c
 
 PKG_CPE_ID:=cpe:/a:libssh:libssh
 
 CMAKE_INSTALL:=1
+CMAKE_BINARY_SUBDIR:=build
 
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
diff --git a/libs/libssh/patches/0001-misc-Add-strndup-implementation-if-not-provides-by-t.patch b/libs/libssh/patches/0001-misc-Add-strndup-implementation-if-not-provides-by-t.patch
deleted file mode 100644 (file)
index 5813704..0000000
+++ /dev/null
@@ -1,83 +0,0 @@
-From f81ca6161223e3566ce78a427571235fb6848fe9 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 29 Aug 2018 18:41:15 +0200
-Subject: [PATCH 1/8] misc: Add strndup implementation if not provides by the
- OS
-
-Fixes T112
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit 247983e9820fd264cb5a59c14cc12846c028bd08)
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- ConfigureChecks.cmake |  1 +
- config.h.cmake        |  3 +++
- include/libssh/priv.h |  4 ++++
- src/misc.c            | 21 +++++++++++++++++++++
- 4 files changed, 29 insertions(+)
-
---- a/ConfigureChecks.cmake
-+++ b/ConfigureChecks.cmake
-@@ -115,6 +115,7 @@ endif (NOT WITH_GCRYPT)
- check_function_exists(isblank HAVE_ISBLANK)
- check_function_exists(strncpy HAVE_STRNCPY)
-+check_function_exists(strndup HAVE_STRNDUP)
- check_function_exists(strtoull HAVE_STRTOULL)
- if (NOT WIN32)
---- a/config.h.cmake
-+++ b/config.h.cmake
-@@ -103,6 +103,9 @@
- /* Define to 1 if you have the `strncpy' function. */
- #cmakedefine HAVE_STRNCPY 1
-+/* Define to 1 if you have the `strndup' function. */
-+#cmakedefine HAVE_STRNDUP 1
-+
- /* Define to 1 if you have the `cfmakeraw' function. */
- #cmakedefine HAVE_CFMAKERAW 1
---- a/include/libssh/priv.h
-+++ b/include/libssh/priv.h
-@@ -43,6 +43,10 @@
- # endif
- #endif /* !defined(HAVE_STRTOULL) */
-+#if !defined(HAVE_STRNDUP)
-+char *strndup(const char *s, size_t n);
-+#endif /* ! HAVE_STRNDUP */
-+
- #ifdef HAVE_BYTESWAP_H
- #include <byteswap.h>
- #endif
---- a/src/misc.c
-+++ b/src/misc.c
-@@ -1028,6 +1028,27 @@ int ssh_match_group(const char *group, c
-     return 0;
- }
-+#if !defined(HAVE_STRNDUP)
-+char *strndup(const char *s, size_t n)
-+{
-+    char *x = NULL;
-+
-+    if (n + 1 < n) {
-+        return NULL;
-+    }
-+
-+    x = malloc(n + 1);
-+    if (x == NULL) {
-+        return NULL;
-+    }
-+
-+    memcpy(x, s, n);
-+    x[n] = '\0';
-+
-+    return x;
-+}
-+#endif /* ! HAVE_STRNDUP */
-+
- /** @} */
- /* vim: set ts=4 sw=4 et cindent: */
diff --git a/libs/libssh/patches/0002-packet-Add-missing-break-in-ssh_packet_incoming_filt.patch b/libs/libssh/patches/0002-packet-Add-missing-break-in-ssh_packet_incoming_filt.patch
deleted file mode 100644 (file)
index 1db276c..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-From e4c6d591df6a9c34c1ff3ec9f367c7257122bef3 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 17 Oct 2018 07:23:10 +0200
-Subject: [PATCH 2/8] packet: Add missing break in ssh_packet_incoming_filter()
-
-CID 1396239
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit fe618a35dc4be3e73ddf29d0c4a96b98d3b9c48f)
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/packet.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/packet.c
-+++ b/src/packet.c
-@@ -285,6 +285,7 @@ static enum ssh_packet_filter_result_e s
-             (session->dh_handshake_state != DH_STATE_FINISHED))
-         {
-             rc = SSH_PACKET_DENIED;
-+            break;
-         }
-         rc = SSH_PACKET_ALLOWED;
diff --git a/libs/libssh/patches/0003-server-Set-correct-state-after-sending-INFO_REQUEST-.patch b/libs/libssh/patches/0003-server-Set-correct-state-after-sending-INFO_REQUEST-.patch
deleted file mode 100644 (file)
index b5d0113..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-From 734e3ce6747a5ed120b93a1ff253b3fde5f20024 Mon Sep 17 00:00:00 2001
-From: Meng Tan <mtan@wallix.com>
-Date: Wed, 17 Oct 2018 14:50:08 +0200
-Subject: [PATCH 3/8] server: Set correct state after sending INFO_REQUEST (Kbd
- Interactive)
-
-Signed-off-by: Meng Tan <mtan@wallix.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit 4ea46eecce9f4e676150fe27fec34e1570b70ace)
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/server.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/server.c
-+++ b/src/server.c
-@@ -976,6 +976,7 @@ int ssh_message_auth_interactive_request
-     msg->session->kbdint->prompts = NULL;
-     msg->session->kbdint->echo = NULL;
-   }
-+  msg->session->auth.state = SSH_AUTH_STATE_INFO;
-   return rc;
- }
diff --git a/libs/libssh/patches/0004-messages-Check-that-the-requested-service-is-ssh-con.patch b/libs/libssh/patches/0004-messages-Check-that-the-requested-service-is-ssh-con.patch
deleted file mode 100644 (file)
index 059a69c..0000000
+++ /dev/null
@@ -1,37 +0,0 @@
-From 3fe7510b261098e3937ab5417935916a46e6727b Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Fri, 19 Oct 2018 11:40:44 +0200
-Subject: [PATCH 4/8] messages: Check that the requested service is
- 'ssh-connection'
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit 9c200d3ef4f62d724d3bae2563b81c38cc31e215)
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/messages.c | 8 ++++++++
- 1 file changed, 8 insertions(+)
-
---- a/src/messages.c
-+++ b/src/messages.c
-@@ -649,6 +649,7 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_
-   ssh_message msg = NULL;
-   char *service = NULL;
-   char *method = NULL;
-+  int cmp;
-   int rc;
-   (void)user;
-@@ -675,6 +676,13 @@ SSH_PACKET_CALLBACK(ssh_packet_userauth_
-       service, method,
-       msg->auth_request.username);
-+  cmp = strcmp(service, "ssh-connection");
-+  if (cmp != 0) {
-+      SSH_LOG(SSH_LOG_WARNING,
-+              "Invalid service request: %s",
-+              service);
-+      goto end;
-+  }
-   if (strcmp(method, "none") == 0) {
-     msg->auth_request.method = SSH_AUTH_METHOD_NONE;
diff --git a/libs/libssh/patches/0005-examples-Explicitly-track-auth-state-in-samplesshd-k.patch b/libs/libssh/patches/0005-examples-Explicitly-track-auth-state-in-samplesshd-k.patch
deleted file mode 100644 (file)
index 10bff43..0000000
+++ /dev/null
@@ -1,72 +0,0 @@
-From acb0e4f401440ca325e441064d2cb4b896fb9a3d Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 17 Oct 2018 17:32:54 +0200
-Subject: [PATCH 5/8] examples: Explicitly track auth state in
- samplesshd-kbdint
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit 0ff566b6dde5cd27653aa35280feceefad5d5224)
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- examples/samplesshd-kbdint.c | 20 ++++++++++++++++----
- 1 file changed, 16 insertions(+), 4 deletions(-)
-
---- a/examples/samplesshd-kbdint.c
-+++ b/examples/samplesshd-kbdint.c
-@@ -23,6 +23,7 @@ clients must be made or how a client sho
- #include <stdlib.h>
- #include <string.h>
- #include <stdio.h>
-+#include <stdbool.h>
- #define SSHD_USER "libssh"
- #define SSHD_PASSWORD "libssh"
-@@ -36,6 +37,7 @@ clients must be made or how a client sho
- #endif
- static int port = 22;
-+static bool authenticated = false;
- #ifdef WITH_PCAP
- static const char *pcap_file = "debug.server.pcap";
-@@ -61,11 +63,20 @@ static void cleanup_pcap(void) {
- #endif
--static int auth_password(const char *user, const char *password){
--    if(strcmp(user, SSHD_USER))
-+static int auth_password(const char *user, const char *password)
-+{
-+    int cmp;
-+
-+    cmp = strcmp(user, SSHD_USER);
-+    if (cmp != 0) {
-         return 0;
--    if(strcmp(password, SSHD_PASSWORD))
-+    }
-+    cmp = strcmp(password, SSHD_PASSWORD);
-+    if (cmp != 0) {
-         return 0;
-+    }
-+
-+    authenticated = true;
-     return 1; // authenticated
- }
- #ifdef HAVE_ARGP_H
-@@ -200,6 +211,7 @@ static int kbdint_check_response(ssh_ses
-         return 0;
-     }
-+    authenticated = true;
-     return 1;
- }
-@@ -328,7 +340,7 @@ int main(int argc, char **argv){
-     /* proceed to authentication */
-     auth = authenticate(session);
--    if(!auth){
-+    if (!auth || !authenticated) {
-         printf("Authentication error: %s\n", ssh_get_error(session));
-         ssh_disconnect(session);
-         return 1;
diff --git a/libs/libssh/patches/0006-server-Fix-compile-error.patch b/libs/libssh/patches/0006-server-Fix-compile-error.patch
deleted file mode 100644 (file)
index a60688c..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
-From 7ad80ba1cc48f7af1f192692d100a6255d97b843 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 24 Oct 2018 19:57:17 +0200
-Subject: [PATCH 6/8] server: Fix compile error
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/server.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/server.c
-+++ b/src/server.c
-@@ -976,7 +976,7 @@ int ssh_message_auth_interactive_request
-     msg->session->kbdint->prompts = NULL;
-     msg->session->kbdint->echo = NULL;
-   }
--  msg->session->auth.state = SSH_AUTH_STATE_INFO;
-+  msg->session->auth_state = SSH_AUTH_STATE_INFO;
-   return rc;
- }
diff --git a/libs/libssh/patches/0007-gssapi-Set-correct-state-after-sending-GSSAPI_RESPON.patch b/libs/libssh/patches/0007-gssapi-Set-correct-state-after-sending-GSSAPI_RESPON.patch
deleted file mode 100644 (file)
index b3a9804..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-From 103973215443f6e02e010114a3f7ac19eb6f3c8c Mon Sep 17 00:00:00 2001
-From: Meng Tan <mtan@wallix.com>
-Date: Thu, 25 Oct 2018 17:06:06 +0200
-Subject: [PATCH 7/8] gssapi: Set correct state after sending GSSAPI_RESPONSE
- (select mechanism OID)
-
-Signed-off-by: Meng Tan <mtan@wallix.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit bce8d567053232debd6ec490af5a7d27e1160f39)
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/gssapi.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/gssapi.c
-+++ b/src/gssapi.c
-@@ -120,6 +120,7 @@ static int ssh_gssapi_send_response(ssh_
-         ssh_set_error_oom(session);
-         return SSH_ERROR;
-     }
-+    session->auth_state = SSH_AUTH_STATE_GSSAPI_TOKEN;
-     packet_send(session);
-     SSH_LOG(SSH_LOG_PACKET,
diff --git a/libs/libssh/patches/0008-libcrypto-Fix-memory-leak-in-evp_final.patch b/libs/libssh/patches/0008-libcrypto-Fix-memory-leak-in-evp_final.patch
deleted file mode 100644 (file)
index 64f6e3f..0000000
+++ /dev/null
@@ -1,24 +0,0 @@
-From 9d5cf209df4c260546e1468cc15fbbbfba3097c6 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Sat, 27 Oct 2018 22:15:56 +0200
-Subject: [PATCH 8/8] libcrypto: Fix memory leak in evp_final()
-
-Fixes T116
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
-(cherry picked from commit a2807474621e51b386ea26ce2a01d2b1aa295c7b)
-Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
----
- src/libcrypto.c | 1 +
- 1 file changed, 1 insertion(+)
-
---- a/src/libcrypto.c
-+++ b/src/libcrypto.c
-@@ -165,6 +165,7 @@ void evp_update(EVPCTX ctx, const void *
- void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
- {
-     EVP_DigestFinal(ctx, md, mdlen);
-+    EVP_MD_CTX_free(ctx);
- }
- #endif
diff --git a/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch b/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
deleted file mode 100644 (file)
index e56a6c6..0000000
+++ /dev/null
@@ -1,83 +0,0 @@
-From a8523d83c242c6f71dbf69fab0ca91d768e78f05 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Sun, 6 Nov 2016 12:07:32 +0100
-Subject: [PATCH] threads: Use new API call for OpenSSL CRYPTO THREADID
-
-BUG: https://red.libssh.org/issues/222
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- ConfigureChecks.cmake |  4 ++++
- config.h.cmake        |  3 +++
- src/threads.c         | 19 +++++++++++++++++--
- 3 files changed, 24 insertions(+), 2 deletions(-)
-
-diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
-index 0a53c5b1..43179d8f 100644
---- a/ConfigureChecks.cmake
-+++ b/ConfigureChecks.cmake
-@@ -95,6 +95,10 @@ if (OPENSSL_FOUND)
-     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-     check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
-+
-+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
-+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
-+    check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
- endif()
- if (CMAKE_HAVE_PTHREAD_H)
-diff --git a/config.h.cmake b/config.h.cmake
-index 3e7f7939..b87fea5c 100644
---- a/config.h.cmake
-+++ b/config.h.cmake
-@@ -79,6 +79,9 @@
- /* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
- #cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
-+/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
-+#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
-+
- /* Define to 1 if you have the `snprintf' function. */
- #cmakedefine HAVE_SNPRINTF 1
-diff --git a/src/threads.c b/src/threads.c
-index 7f3a304e..062c3b84 100644
---- a/src/threads.c
-+++ b/src/threads.c
-@@ -116,6 +116,15 @@ static void libcrypto_lock_callback(int mode, int i, const char *file, int line)
-       }
- }
-+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
-+static void libcrypto_THREADID_callback(CRYPTO_THREADID *id)
-+{
-+    unsigned long thread_id = (*user_callbacks->thread_id)();
-+
-+    CRYPTO_THREADID_set_numeric(id, thread_id);
-+}
-+#endif /* HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK */
-+
- static int libcrypto_thread_init(void){
-       int n=CRYPTO_num_locks();
-       int i;
-@@ -127,8 +136,14 @@ static int libcrypto_thread_init(void){
-       for (i=0;i<n;++i){
-               user_callbacks->mutex_init(&libcrypto_mutexes[i]);
-       }
--  CRYPTO_set_id_callback(user_callbacks->thread_id);
--      CRYPTO_set_locking_callback(libcrypto_lock_callback);
-+
-+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
-+    CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback);
-+#else
-+    CRYPTO_set_id_callback(user_callbacks->thread_id);
-+#endif
-+
-+    CRYPTO_set_locking_callback(libcrypto_lock_callback);
-       return SSH_OK;
- }
--- 
-2.19.1
-
index b186bb421352e5ffce4e2cfaf1e147139e0f9e77..a0e57eff18a01ac0495aabcdd4d4724876d1c8f9 100644 (file)
@@ -1,27 +1,16 @@
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -35,10 +35,6 @@ include(DefineInstallationPaths)
- include(DefineOptions.cmake)
- include(CPackConfig.cmake)
--# disallow in-source build
--include(MacroEnsureOutOfSourceBuild)
--macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source build. Please create a separate build directory and run 'cmake /path/to/${PROJECT_NAME} [options]' there.")
--
- # search for libraries
- if (WITH_ZLIB)
-     find_package(ZLIB REQUIRED)
+diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
+index c8bb2aa..344ba59 100644
 --- a/ConfigureChecks.cmake
 +++ b/ConfigureChecks.cmake
 @@ -5,7 +5,6 @@ include(CheckFunctionExists)
  include(CheckLibraryExists)
  include(CheckTypeSize)
- include(CheckCXXSourceCompiles)
+ include(CheckStructHasMember)
 -include(TestBigEndian)
  
- set(PACKAGE ${APPLICATION_NAME})
- set(VERSION ${APPLICATION_VERSION})
-@@ -276,6 +275,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
+ set(PACKAGE ${PROJECT_NAME})
+ set(VERSION ${PROJECT_VERSION})
+@@ -465,6 +464,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
  endif (WITH_GSSAPI AND NOT GSSAPI_FOUND)
  
  # ENDIAN
@@ -29,7 +18,7 @@
 -    test_big_endian(WORDS_BIGENDIAN)
 -endif (NOT WIN32)
 +if (WITH_BIG_ENDIAN)
-+  set(WORDS_BIGENDIAN 1)
++    set(WORDS_BIGENDIAN 1)
 +else (WITH_BIG_ENDIAN)
-+  set(WORDS_BIGENDIAN 0)
++    set(WORDS_BIGENDIAN 0)
 +endif (WITH_BIG_ENDIAN)
diff --git a/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch b/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch
deleted file mode 100644 (file)
index 68d2e4f..0000000
+++ /dev/null
@@ -1,43 +0,0 @@
-From 8d5cf617d53d0545a0d141abf94396c28ca7e736 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Sun, 29 Oct 2017 16:06:14 +0100
-Subject: [PATCH] pki_crypto: Don't use deprecated function with newer
- OpenSSL
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/pki_crypto.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/src/pki_crypto.c b/src/pki_crypto.c
-index 9e27436c..34d6e81c 100644
---- a/src/pki_crypto.c
-+++ b/src/pki_crypto.c
-@@ -451,11 +451,24 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
- int pki_key_generate_dss(ssh_key key, int parameter){
-     int rc;
-+#if OPENSSL_VERSION_NUMBER > 0x10100000L
-+    rc = DSA_generate_parameters_ex(key->dsa,
-+                                    parameter,
-+                                    NULL,  /* seed */
-+                                    0,     /* seed_len */
-+                                    NULL,  /* counter_ret */
-+                                    NULL,  /* h_ret */
-+                                    NULL); /* cb */
-+    if (rc != 1) {
-+        return SSH_ERROR;
-+    }
-+#else
-     key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
-             NULL, NULL);
-     if(key->dsa == NULL){
-         return SSH_ERROR;
-     }
-+#endif
-     rc = DSA_generate_key(key->dsa);
-     if (rc != 1){
-         DSA_free(key->dsa);
--- 
-2.19.1
-
diff --git a/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch b/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch
deleted file mode 100644 (file)
index 9329eae..0000000
+++ /dev/null
@@ -1,29 +0,0 @@
-From ab67e42d6a0529f5fb81ee86049bf10abe99f839 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Tue, 7 Nov 2017 09:38:40 +0100
-Subject: [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/pki_crypto.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/pki_crypto.c b/src/pki_crypto.c
-index 34d6e81c..30f49a81 100644
---- a/src/pki_crypto.c
-+++ b/src/pki_crypto.c
-@@ -452,6 +452,10 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
- int pki_key_generate_dss(ssh_key key, int parameter){
-     int rc;
- #if OPENSSL_VERSION_NUMBER > 0x10100000L
-+    key->dsa = DSA_new();
-+    if (!key->dsa) {
-+        return SSH_ERROR;
-+    }
-     rc = DSA_generate_parameters_ex(key->dsa,
-                                     parameter,
-                                     NULL,  /* seed */
--- 
-2.19.1
-
diff --git a/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch b/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch
deleted file mode 100644 (file)
index d587276..0000000
+++ /dev/null
@@ -1,36 +0,0 @@
-From c39f7578765859d7416e4140c92d034c8cae3341 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Wed, 8 Nov 2017 15:35:08 +0100
-Subject: [PATCH] pki_crypto: Avoid potential memory leak
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/pki_crypto.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/pki_crypto.c b/src/pki_crypto.c
-index 30f49a81..d9f7753a 100644
---- a/src/pki_crypto.c
-+++ b/src/pki_crypto.c
-@@ -453,7 +453,7 @@ int pki_key_generate_dss(ssh_key key, int parameter){
-     int rc;
- #if OPENSSL_VERSION_NUMBER > 0x10100000L
-     key->dsa = DSA_new();
--    if (!key->dsa) {
-+    if (key->dsa == NULL) {
-         return SSH_ERROR;
-     }
-     rc = DSA_generate_parameters_ex(key->dsa,
-@@ -464,6 +464,8 @@ int pki_key_generate_dss(ssh_key key, int parameter){
-                                     NULL,  /* h_ret */
-                                     NULL); /* cb */
-     if (rc != 1) {
-+        DSA_free(key->dsa);
-+        key->dsa = NULL;
-         return SSH_ERROR;
-     }
- #else
--- 
-2.19.1
-
diff --git a/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch b/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch
deleted file mode 100644 (file)
index 9892c8c..0000000
+++ /dev/null
@@ -1,65 +0,0 @@
-From 8349ff1ec3d001aa85cc94a9004509cca8ebf036 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Wed, 7 Nov 2018 17:17:53 -0800
-Subject: [PATCH] crypto: Fix compilation for OpenSSL without deprecated
- APIs
-
-Added missing bn.h include.
-
-Made engine.h include conditional, otherwise it would fail.
-
-DSA_generate_parameters was deprecated long before 1.1.0.
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- src/libcrypto-compat.c | 5 ++++-
- src/libcrypto-compat.h | 1 +
- src/pki_crypto.c       | 2 +-
- 3 files changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
-index 4b1f36a5..b8b4f11a 100644
---- a/src/libcrypto-compat.c
-+++ b/src/libcrypto-compat.c
-@@ -8,9 +8,12 @@
-  */
- #include <string.h>
--#include <openssl/engine.h>
- #include "libcrypto-compat.h"
-+#ifndef OPENSSL_NO_ENGINE
-+#include <openssl/engine.h>
-+#endif
-+
- static void *OPENSSL_zalloc(size_t num)
- {
-     void *ret = OPENSSL_malloc(num);
-diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
-index 21542c65..00e4f2a3 100644
---- a/src/libcrypto-compat.h
-+++ b/src/libcrypto-compat.h
-@@ -10,6 +10,7 @@
- #include <openssl/dh.h>
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
-+#include <openssl/bn.h>
- int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
- int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-diff --git a/src/pki_crypto.c b/src/pki_crypto.c
-index d9f7753a..c1aac409 100644
---- a/src/pki_crypto.c
-+++ b/src/pki_crypto.c
-@@ -451,7 +451,7 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
- int pki_key_generate_dss(ssh_key key, int parameter){
-     int rc;
--#if OPENSSL_VERSION_NUMBER > 0x10100000L
-+#if OPENSSL_VERSION_NUMBER > 0x00908000L
-     key->dsa = DSA_new();
-     if (key->dsa == NULL) {
-         return SSH_ERROR;
--- 
-2.19.1
-
diff --git a/libs/libssh/patches/002-disable-libssp.patch b/libs/libssh/patches/002-disable-libssp.patch
deleted file mode 100644 (file)
index a4d9221..0000000
+++ /dev/null
@@ -1,22 +0,0 @@
---- a/cmake/Modules/DefineCompilerFlags.cmake
-+++ b/cmake/Modules/DefineCompilerFlags.cmake
-@@ -1,7 +1,6 @@
- # define system dependent compiler flags
- include(CheckCCompilerFlag)
--include(CheckCCompilerFlagSSP)
- if (UNIX AND NOT WIN32)
-     #
-@@ -21,11 +20,6 @@ if (UNIX AND NOT WIN32)
-             set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
-         endif (WITH_FPIC)
--        check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
--        if (WITH_STACK_PROTECTOR)
--            set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
--        endif (WITH_STACK_PROTECTOR)
--
-         if (CMAKE_BUILD_TYPE)
-             string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER)
-             if (CMAKE_BUILD_TYPE_LOWER MATCHES (release|relwithdebinfo|minsizerel))
diff --git a/libs/libssh/patches/010-openssl-11-deprecated.patch b/libs/libssh/patches/010-openssl-11-deprecated.patch
deleted file mode 100644 (file)
index 2a62d9d..0000000
+++ /dev/null
@@ -1,39 +0,0 @@
---- a/src/dh.c
-+++ b/src/dh.c
-@@ -131,11 +131,15 @@ int ssh_get_random(void *where, int len, int strong){
-   return 1;
- #elif defined HAVE_LIBCRYPTO
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-   if (strong) {
-     return RAND_bytes(where,len);
-   } else {
-     return RAND_pseudo_bytes(where,len);
-   }
-+#else
-+    return RAND_bytes(where,len);
-+#endif
- #endif
-   /* never reached */
-@@ -198,7 +202,9 @@ int ssh_crypto_init(void) {
-     }
-     bignum_bin2bn(p_group14_value, P_GROUP14_LEN, p_group14);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     OpenSSL_add_all_algorithms();
-+#endif
- #endif
-@@ -219,8 +225,10 @@ void ssh_crypto_finalize(void) {
- #ifdef HAVE_LIBGCRYPT
-     gcry_control(GCRYCTL_TERM_SECMEM);
- #elif defined HAVE_LIBCRYPTO
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     EVP_cleanup();
-     CRYPTO_cleanup_all_ex_data();
-+#endif
- #endif
-     ssh_crypto_initialized=0;
-   }
diff --git a/libs/libssh/patches/020-openssl-threads.patch b/libs/libssh/patches/020-openssl-threads.patch
deleted file mode 100644 (file)
index 1a801b3..0000000
+++ /dev/null
@@ -1,28 +0,0 @@
---- a/src/threads.c
-+++ b/src/threads.c
-@@ -106,6 +106,8 @@ static int libgcrypt_thread_init(void){
- static void **libcrypto_mutexes;
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
- static void libcrypto_lock_callback(int mode, int i, const char *file, int line){
-       (void)file;
-       (void)line;
-@@ -160,6 +162,16 @@ static void libcrypto_thread_finalize(void){
- }
-+#else
-+
-+static int libcrypto_thread_init(void){
-+      return SSH_OK;
-+}
-+
-+static void libcrypto_thread_finalize(void){
-+}
-+#endif
-+
- #endif
- /** @internal