| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bump the version to latest git to fix the following security issues:
CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
URL: https://www.libssh2.org/CVE-2019-3855.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3855.patch
CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
URL: https://www.libssh2.org/CVE-2019-3856.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3856.patch
CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
URL: https://www.libssh2.org/CVE-2019-3857.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3857.patch
CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
URL: https://www.libssh2.org/CVE-2019-3858.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3858.patch
CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
URL: https://www.libssh2.org/CVE-2019-3859.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3859.patch
CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
URL: https://www.libssh2.org/CVE-2019-3860.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3860.patch
CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
URL: https://www.libssh2.org/CVE-2019-3861.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3861.patch
CVE-2019-3862
Out-of-bounds memory comparison
URL: https://www.libssh2.org/CVE-2019-3862.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3862.patch
CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
URL: https://www.libssh2.org/CVE-2019-3863.html
Patch: https://libssh2.org/1.8.0-CVE/CVE-2019-3863.txt
Drop 0003-openssl-fix-dereferencing-ambiguity-potentially-caus.patch as that
is now upstream.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
(cherry picked from commit f4f7dd9557cf139f6014ada77e947152d5a82fb3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ferdinand van Aartsen <ferdinand@ombud.nl>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added license hash.
This bump includes "ECDSA key types are now explicit"
https://github.com/libssh2/libssh2/commit/62b825c8afb9e5efb6ea9c05b40b309590249fb6
which is needed by vlc since
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=afee1e72a8e08866bbe35d1a57e859cac81052b4
Fixes
http://autobuild.buildroot.net/results/579/579e2418e59680ad4bf3dc85f2918457b6221bfa/
http://autobuild.buildroot.net/results/c73/c7348c442d3f585ace0bc62860f802dc08150776/
http://autobuild.buildroot.net/results/731/73187b883d7fe14b08a4903b326706c9d1f8b519/
http://autobuild.buildroot.net/results/f6d/f6d4fca6063c81a8e240fed4db89269e455f057e/
http://autobuild.buildroot.net/results/371/371f4f017f4a5af0ac6d6a8b1b8276858ad47f75/
http://autobuild.buildroot.net/results/d6a/d6a3b43211eb740bdebbb339668b854d26e878b7/
http://autobuild.buildroot.net/results/a05/a0576aeeb57a49958e5229d9ec08f2bd792d48b6/
http://autobuild.buildroot.net/results/57a/57a9ae2f157183a86fbf1b2cc5cbb38e948690ce/
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
| |
|
|
|
|
|
| |
Allow build of host variant of libssh2, which depends on host-openssl.
Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, the selection of the backend is based on a priority order,
which is not always desirable: not all features are available for all
backends, as reported upstream:
https://github.com/libssh2/libssh2/issues/213
In that particular case, the problem is that libgcrypt is unable to
read encrypted certificates created with openssl, but it is likely
that other incompatibilities exist as well.
As such, allow a user to select the backend most appropriate to their
use-case.
Note that this changes the defaults: previously, if openssl was already
selected and we additionally select libssh2, openssl would be used as
a backend. Now, mbedtls is the default so if the user doesn't change
it, mbedtls will be used.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
[Arnout: remove now-unneeded comment in .mk file]
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Update libssh2 to use the newest version from git. This caused a
transition from released version number to hash as it has not been
version rev'd in over a year (see issue
https://github.com/libssh2/libssh2/issues/220 for bump request).
This brings in changes to the autoconf to correctly pick the crypto
library.
Signed-off-by: Sam Voss <sam.voss@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The --without-libgcrypt configure parameter is not enough to disable the
libgcrypt back-end. This breaks the build when mbedtls (default backend) is
enabled, and libgcrypt builds before libssh2. Seed ac_cv_libgcrypt to really
disable libgcrypt when it is not the selected crypto back-end.
Fixes:
http://autobuild.buildroot.net/results/b4e/b4e39890e003e9e590a5bf17c9300c653020d88c/
http://autobuild.buildroot.net/results/45a/45a9b3559ceea4e1399794f9612f717f7c57a4a3/
http://autobuild.buildroot.net/results/ae4/ae4afec62ca297df1cd02350601f1d62fc3cd1b7/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
libssh2 support mbedtls as crypto back-end library since version 1.8.0.
Default to mbedtls since it's smaller than either libgcrypt or openssl.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libssh2 uses the implicit 'yes' argument of the --with-libgcrypt parameter as
a library path prefix, which breaks the build. Pass the library path as
--with-libgcrypt argument to fix that. Drop the unneeded
--with-libgcrypt-prefix.
Fixes:
http://autobuild.buildroot.net/results/ac3/ac3a3f5871a6c20f5407a468809682ce491b9cb3/
http://autobuild.buildroot.net/results/ba3/ba31fa11b2ce2875649414dd9093e039dfc129e8/
http://autobuild.buildroot.net/results/b07/b07bbbf7fe164ba6dc435de6d8b41fadff7a3b08/
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since 2f89476 (package/libgpg-error: bump to version 1.23), libssh2 has
inherited the dependency from libgcrypt (propagated from libgpg-error).
However, since libssh2 can use either openssl or libgcrypt as a backend,
the dependency should be relaxed when openssl is available.
But the test is broken and inverted: it will make libssh unavailable as
soon as openssl is enabled.
Fix this dependenc byt doing what other similar packages do: select
openssl if the other crypto backend (here libgcrypt) is not enabled.
This also allows us to drop the propagated dependency on the arch
condition.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Romain Naour <romain.naour@openwide.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
| |
Fixes:
CVE-2016-0787 - diffie_hellman_sha256: convert bytes to bits.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
| |
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is often difficult to know exactly when make will expand the
variable, and usually it can only be expanded after the dependencies
have been built (e.g. pkg-config or the .pc file). Using a backtick
instead makes it very clear that it will be expanded only while
executing the command.
This change is useful for two cases:
1. The per-package staging (and host) directory will be created as part
of the configure step, so any $(shell ...) variable that is used in
the configure step will fail because the directory doesn't exist
yet.
2. 'make printvars' evaluates the variables it prints. It will therefore
trigger a lot of errors from missing .pc files and others. The
backticks, on the other hand, are not expanded, so with this change
the output of 'make printvars' becomes clean again.
This commit contains only the easy changes: replace $(shell ...) with
`...`, and also replace ' with " where needed. Follow-up commits will
tackle the more complicated cases that need additional explanation.
After this change, the following instances of $(shell ...) will remain:
- All assignments that use :=
- All variables that are used in make conditionals (which don't expand
the backticks).
- All variables that only refer to system executables and make
variables that don't change.
- The calls to check-host-* in dependencies.mk, because it is eval'ed.
[Original patch by Fabio Porcedda, but extended quite a bit by Arnout.]
Signed-off-by: Fabio Porcedda <fabio.porcedda@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
| |
Fixes CVE-2015-1782 - kex: bail out on rubbish in the incoming packet.
Also add hash file.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Like for lingcrypt and openssl, help the configure script to find
zlib installed in STAGING_DIR.
Otherwise, It might find the one installed on the host:
checking how to link with libz... /usr/lib/libz.so -Wl,-rpath -Wl,/usr/lib
Fixes:
http://autobuild.buildroot.net/results/93b/93b43e114f21a22f0f8b7d7dd6774c089c426cd1
Signed-off-by: Romain Naour <romain.naour@openwide.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
http://autobuild.buildroot.net/results/07e/07e50ba575b305b37e7a94a773c2b2e255393e9f/
http://autobuild.buildroot.net/results/072/07249f0a001a34ae608a8f8646b26a1152219252/
http://autobuild.buildroot.net/results/1c0/1c0447431e4c025732ea2eb8e9788e303f24fd04/
http://autobuild.buildroot.net/results/5e1/5e1f58c086e437b85b0d31310a93a3b2d0d70836/
And many more.
libgcrypt depends on libgpg-error and the configure script forgets to link
against it breaking static linking. Fix it by using libgcrypt-config
--libs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.
Sed command used:
find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'
Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since the trailing slash is stripped from $($(PKG)_SITE) by pkg-generic.mk:
$(call DOWNLOAD,$($(PKG)_SITE:/=)/$($(PKG)_SOURCE))
so it is redundant.
This patch removes it from $(PKG)_SITE variable for BR consistency.
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fix issues with some toolchains not finding libssl or libgcrypt.
Fixes http://autobuild.buildroot.net/results/eeaaf41c0c5f88357af8445750dce776774c2b5d
Fixes http://autobuild.buildroot.net/results/7a2590a7c3a1f52590f3e886b7cf9d04ad966a10
[Peter: indentation fixup]
Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|
|
|
[Peter: minor white space tweaks]
Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
|