All packages in the tree that depend on libssh2 _and_ have their own
dependency on a TLS library, depend on OpenSSL by default. It makes
sense for the libssh2 package to default to OpenSSL as well. This way it
does not pull in a second TLS library.
Also, the OpenSSL dependency is changed to
"+!LIBSSH2_MBEDTLS:libopenssl", which fixes build issues in case libssh2
is not selected but built anyway.
And last, Config.in file is removed and its content added to the
Makefile instead.
Closes#12108
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Removed PKG_FIXUP. It has no meaning with CMake.
Replaced PKG_INSTALL with CMAKE_INSTALL. Consequentially, removed
InstallDev section.
Added ABI_VERSION to force package rebuilds when it increases.
Added PKG_BUILD_PARALLEL for faster compilation.
Fixed license tag.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Recently added symbols CONFIG_LIBSSH2_MBEDTLS and CONFIG_LIBSSH2_OPENSSL
require a rerun of ./configure when their selection changes. So add them
to PKG_CONFIG_DEPENDS accordingly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
libssh2 already makes sure that the compiler emits position-independent
code. Adding $(FPIC) makes no difference. In addition the libssh2 build
system puts its own flag behind the CFLAGS, overriding whatever was set
before.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This adds a choice to menuselect so people can select if they would like
to compile libssh2 against mbedtls (default) or openssl.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
- Bump version to 1.8.0
- Switch from openssl crypto backend to mbedtls (the package is a lot
smaller size-wise compared to openssl and libgcrypt)
- mbedtls support was added in 1.8.0 release. Unfortunately the detection
doesn't work out of the box, so a patch is needed that fixes an m4
script. For that reason autoreconf must be run.
- Add --with-libz-prefix as without it zlib is not detected (currently
there is the zlib dependency but libssh2 never actually links to it).
- Add --disable-silent-rules to get verbose build output.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Sebastian Kemper
Rosen Penev
Jan Pavlinec
Etienne Champetier
Hsing-Wang Liao
Jiri Slachta