diff --git a/libs/libssh/Makefile b/libs/libssh/Makefile index 6ffb70045..babc08973 100644 --- a/libs/libssh/Makefile +++ b/libs/libssh/Makefile @@ -12,7 +12,7 @@ PKG_MAINTAINER:=Mislav Novakovic PKG_NAME:=libssh PKG_VERSION:=0.7.6 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://www.libssh.org/files/0.7/ diff --git a/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch b/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch new file mode 100644 index 000000000..e56a6c602 --- /dev/null +++ b/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch @@ -0,0 +1,83 @@ +From a8523d83c242c6f71dbf69fab0ca91d768e78f05 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Sun, 6 Nov 2016 12:07:32 +0100 +Subject: [PATCH] threads: Use new API call for OpenSSL CRYPTO THREADID + +BUG: https://red.libssh.org/issues/222 + +Signed-off-by: Andreas Schneider +--- + ConfigureChecks.cmake | 4 ++++ + config.h.cmake | 3 +++ + src/threads.c | 19 +++++++++++++++++-- + 3 files changed, 24 insertions(+), 2 deletions(-) + +diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake +index 0a53c5b1..43179d8f 100644 +--- a/ConfigureChecks.cmake ++++ b/ConfigureChecks.cmake +@@ -95,6 +95,10 @@ if (OPENSSL_FOUND) + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) + check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT) ++ ++ set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) ++ set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) ++ check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK) + endif() + + if (CMAKE_HAVE_PTHREAD_H) +diff --git a/config.h.cmake b/config.h.cmake +index 3e7f7939..b87fea5c 100644 +--- a/config.h.cmake ++++ b/config.h.cmake +@@ -79,6 +79,9 @@ + /* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */ + #cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1 + ++/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */ ++#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1 ++ + /* Define to 1 if you have the `snprintf' function. */ + #cmakedefine HAVE_SNPRINTF 1 + +diff --git a/src/threads.c b/src/threads.c +index 7f3a304e..062c3b84 100644 +--- a/src/threads.c ++++ b/src/threads.c +@@ -116,6 +116,15 @@ static void libcrypto_lock_callback(int mode, int i, const char *file, int line) + } + } + ++#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK ++static void libcrypto_THREADID_callback(CRYPTO_THREADID *id) ++{ ++ unsigned long thread_id = (*user_callbacks->thread_id)(); ++ ++ CRYPTO_THREADID_set_numeric(id, thread_id); ++} ++#endif /* HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK */ ++ + static int libcrypto_thread_init(void){ + int n=CRYPTO_num_locks(); + int i; +@@ -127,8 +136,14 @@ static int libcrypto_thread_init(void){ + for (i=0;imutex_init(&libcrypto_mutexes[i]); + } +- CRYPTO_set_id_callback(user_callbacks->thread_id); +- CRYPTO_set_locking_callback(libcrypto_lock_callback); ++ ++#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK ++ CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback); ++#else ++ CRYPTO_set_id_callback(user_callbacks->thread_id); ++#endif ++ ++ CRYPTO_set_locking_callback(libcrypto_lock_callback); + + return SSH_OK; + } +-- +2.19.1 + diff --git a/libs/libssh/patches/001-compile.patch b/libs/libssh/patches/001-compile.patch index c89179247..b186bb421 100644 --- a/libs/libssh/patches/001-compile.patch +++ b/libs/libssh/patches/001-compile.patch @@ -21,7 +21,7 @@ set(PACKAGE ${APPLICATION_NAME}) set(VERSION ${APPLICATION_VERSION}) -@@ -272,6 +271,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND) +@@ -276,6 +275,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND) endif (WITH_GSSAPI AND NOT GSSAPI_FOUND) # ENDIAN diff --git a/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch b/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch new file mode 100644 index 000000000..68d2e4fd3 --- /dev/null +++ b/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch @@ -0,0 +1,43 @@ +From 8d5cf617d53d0545a0d141abf94396c28ca7e736 Mon Sep 17 00:00:00 2001 +From: Andreas Schneider +Date: Sun, 29 Oct 2017 16:06:14 +0100 +Subject: [PATCH] pki_crypto: Don't use deprecated function with newer + OpenSSL + +Signed-off-by: Andreas Schneider +--- + src/pki_crypto.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/src/pki_crypto.c b/src/pki_crypto.c +index 9e27436c..34d6e81c 100644 +--- a/src/pki_crypto.c ++++ b/src/pki_crypto.c +@@ -451,11 +451,24 @@ int pki_key_generate_rsa(ssh_key key, int parameter){ + + int pki_key_generate_dss(ssh_key key, int parameter){ + int rc; ++#if OPENSSL_VERSION_NUMBER > 0x10100000L ++ rc = DSA_generate_parameters_ex(key->dsa, ++ parameter, ++ NULL, /* seed */ ++ 0, /* seed_len */ ++ NULL, /* counter_ret */ ++ NULL, /* h_ret */ ++ NULL); /* cb */ ++ if (rc != 1) { ++ return SSH_ERROR; ++ } ++#else + key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL, + NULL, NULL); + if(key->dsa == NULL){ + return SSH_ERROR; + } ++#endif + rc = DSA_generate_key(key->dsa); + if (rc != 1){ + DSA_free(key->dsa); +-- +2.19.1 + diff --git a/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch b/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch new file mode 100644 index 000000000..9329eaef3 --- /dev/null +++ b/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch @@ -0,0 +1,29 @@ +From ab67e42d6a0529f5fb81ee86049bf10abe99f839 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Tue, 7 Nov 2017 09:38:40 +0100 +Subject: [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0 + +Signed-off-by: Jakub Jelen +Reviewed-by: Andreas Schneider +--- + src/pki_crypto.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/pki_crypto.c b/src/pki_crypto.c +index 34d6e81c..30f49a81 100644 +--- a/src/pki_crypto.c ++++ b/src/pki_crypto.c +@@ -452,6 +452,10 @@ int pki_key_generate_rsa(ssh_key key, int parameter){ + int pki_key_generate_dss(ssh_key key, int parameter){ + int rc; + #if OPENSSL_VERSION_NUMBER > 0x10100000L ++ key->dsa = DSA_new(); ++ if (!key->dsa) { ++ return SSH_ERROR; ++ } + rc = DSA_generate_parameters_ex(key->dsa, + parameter, + NULL, /* seed */ +-- +2.19.1 + diff --git a/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch b/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch new file mode 100644 index 000000000..d587276a2 --- /dev/null +++ b/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch @@ -0,0 +1,36 @@ +From c39f7578765859d7416e4140c92d034c8cae3341 Mon Sep 17 00:00:00 2001 +From: Jakub Jelen +Date: Wed, 8 Nov 2017 15:35:08 +0100 +Subject: [PATCH] pki_crypto: Avoid potential memory leak + +Signed-off-by: Jakub Jelen +Reviewed-by: Andreas Schneider +--- + src/pki_crypto.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/pki_crypto.c b/src/pki_crypto.c +index 30f49a81..d9f7753a 100644 +--- a/src/pki_crypto.c ++++ b/src/pki_crypto.c +@@ -453,7 +453,7 @@ int pki_key_generate_dss(ssh_key key, int parameter){ + int rc; + #if OPENSSL_VERSION_NUMBER > 0x10100000L + key->dsa = DSA_new(); +- if (!key->dsa) { ++ if (key->dsa == NULL) { + return SSH_ERROR; + } + rc = DSA_generate_parameters_ex(key->dsa, +@@ -464,6 +464,8 @@ int pki_key_generate_dss(ssh_key key, int parameter){ + NULL, /* h_ret */ + NULL); /* cb */ + if (rc != 1) { ++ DSA_free(key->dsa); ++ key->dsa = NULL; + return SSH_ERROR; + } + #else +-- +2.19.1 + diff --git a/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch b/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch new file mode 100644 index 000000000..9892c8c5b --- /dev/null +++ b/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch @@ -0,0 +1,65 @@ +From 8349ff1ec3d001aa85cc94a9004509cca8ebf036 Mon Sep 17 00:00:00 2001 +From: Rosen Penev +Date: Wed, 7 Nov 2018 17:17:53 -0800 +Subject: [PATCH] crypto: Fix compilation for OpenSSL without deprecated + APIs + +Added missing bn.h include. + +Made engine.h include conditional, otherwise it would fail. + +DSA_generate_parameters was deprecated long before 1.1.0. + +Signed-off-by: Rosen Penev +--- + src/libcrypto-compat.c | 5 ++++- + src/libcrypto-compat.h | 1 + + src/pki_crypto.c | 2 +- + 3 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c +index 4b1f36a5..b8b4f11a 100644 +--- a/src/libcrypto-compat.c ++++ b/src/libcrypto-compat.c +@@ -8,9 +8,12 @@ + */ + + #include +-#include + #include "libcrypto-compat.h" + ++#ifndef OPENSSL_NO_ENGINE ++#include ++#endif ++ + static void *OPENSSL_zalloc(size_t num) + { + void *ret = OPENSSL_malloc(num); +diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h +index 21542c65..00e4f2a3 100644 +--- a/src/libcrypto-compat.h ++++ b/src/libcrypto-compat.h +@@ -10,6 +10,7 @@ + #include + #include + #include ++#include + + int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); + int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +diff --git a/src/pki_crypto.c b/src/pki_crypto.c +index d9f7753a..c1aac409 100644 +--- a/src/pki_crypto.c ++++ b/src/pki_crypto.c +@@ -451,7 +451,7 @@ int pki_key_generate_rsa(ssh_key key, int parameter){ + + int pki_key_generate_dss(ssh_key key, int parameter){ + int rc; +-#if OPENSSL_VERSION_NUMBER > 0x10100000L ++#if OPENSSL_VERSION_NUMBER > 0x00908000L + key->dsa = DSA_new(); + if (key->dsa == NULL) { + return SSH_ERROR; +-- +2.19.1 +