- Drop patches (already in version)
- Fix CVE-2020-16135: libssh 0.9.4 has a NULL pointer dereference in
tftpserver.c if ssh_buffer_new returns NULL.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Tested-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The libssh server is used by libnetconf2. With libssh version 0.9.4 a
regression was introduced that wrongly leads to session closed after the
poll timeout.
The patch comes from upstrem:
https://git.libssh.org/projects/libssh.git/commit/?id=6417f5a3cac8537ac6f6ff7fc1642dfaa0917fb4
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The released libssh package does wrongly reports the previous version.
This patch fixes the version field in the lib.
Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes CVE-2020-1730: Possible DoS in client and server when handling
AES-CTR keys with OpenSSL.
Format hash file with two spaces delimiter.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
At this point Buildroot doesn't allow to use mbedTLS crypto
backend even though libssh supports it. In case of fully statically
linked ELF executables the size difference between OpenSSL and mbedTLS
is significant: it matters for embedded targets with very limited
storage.
This patch adds support for compiling libssh with mbedTLS as a crypto
backend. It also allows the selection of the crypto backend libssh will use
through a choice in the package config, similar to libssh2.
Currently, the selection of the backend is based on a priority order,
which is not always desirable, as in some cases multiple backends
can exists at the same time for various reasons.
Signed-off-by: Mircea Gliga <gliga.mircea@gmail.com>
[Peter: use depends on rather can select for consistency with libssh2]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes the following security vulnerabilities:
- CVE-2019-14889: Unsanitized location in scp could lead to unwanted command
execution.
And adds various hardening improvements. For details, see the announcement:
https://www.libssh.org/2019/12/10/libssh-0-9-3-and-libssh-0-8-8-security-release/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This patch adds Config.in option for ssh server support.
Signed-off-by: Heiko Thiery <heiko.thiery@kontron.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Drop upstream patches.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Update license file hash; last paragraph text formatting change.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Drop an upstream patch.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop GNU glob detection patch; issue fixed upstream.
Add upstream patch that completes the build fix when GNU glob is not
present.
Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
The current download location fails, and Buildroot falls back to
sources.b.o:
--2018-08-20 23:41:39-- https://red.libssh.org/attachments/download/218/libssh-0.7.5.tar.xz
Resolving red.libssh.org (red.libssh.org)... 78.46.80.163
Connecting to red.libssh.org (red.libssh.org)|78.46.80.163|:443... connected.
The certificate's owner does not match hostname ‘red.libssh.org’
--2018-08-20 23:41:39-- http://sources.buildroot.net/libssh/libssh-0.7.5.tar.xz
Resolving sources.buildroot.net (sources.buildroot.net)... 104.25.211.19, 104.25.210.19, 2400:cb00:2048:1::6819:d313, ...
Connecting to sources.buildroot.net (sources.buildroot.net)|104.25.211.19|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-xz]
This commit fixes the download location:
--2018-08-20 23:43:04-- https://www.libssh.org/files/0.7/libssh-0.7.5.tar.xz
Resolving www.libssh.org (www.libssh.org)... 87.98.168.187, 2001:41d0:2:f80c::4
Connecting to www.libssh.org (www.libssh.org)|87.98.168.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 351632 (343K) [application/x-tar]
This patch is extracted from a contribution from Bernd Kuhls who was
also bumping the package at the same time
(http://patchwork.ozlabs.org/patch/959192/).
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for LGPLv2.1/LGPLv2.1+ is LGPL-2.1/LGPL-2.1+.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/LGPLv2.1(\+)?/LGPL-2.1\1/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Since 2f89476 (package/libgpg-error: bump to version 1.23), libssh has
inherited the dependency from libgcrypt (propagated from libgpg-error).
However, since libssh can use either openssl or libgcrypt as a backend,
the dependency should be relaxed when openssl is available.
But the test is broken and inverted: it will make libssh unavailable as
soon as openssl is enabled.
This in itself is already incorrect, but that can cause further issues,
as some packages (e.g. Kodi) will select (indirectly) openssl, and has
an option to select libssh; enabling that option causes unmet direct
dependencies of libssh:
warning: (BR2_PACKAGE_KODI_LIBSSH) selects BR2_PACKAGE_LIBSSH which
has unmet direct dependencies (BR2_USE_MMU && !BR2_STATIC_LIBS &&
BR2_TOOLCHAIN_HAS_THREADS && BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS
&& !BR2_PACKAGE_OPENSSL)
Fix this dependency by doing what other similar packages do: select
openssl if the other crypto backend (here libgcrypt) is not enabled.
This also allows us to drop the propagated dependency on the arch
condition.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Cc: Jörg Krause <joerg.krause@embedded.rocks>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Cc: Romain Naour <romain.naour@openwide.fr>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
This patch is based on a patch sent by Vicente Olivert Riera and commented by
Arnout Vandecappelle [1].
- Bump version to 1.23
- Add a hook to fix cross-compilation
- Fix license and license files
- Remove patch applied upstream
- Add a BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS variable
- Propagate the dependencies using that variable:
* package/cppcms
* package/crda
* package/gnupg2
- package/gcr
- package/midori
* package/kodi
* package/libaacs
* package/libassuan
* package/libgcrypt
* package/libgpgme
* package/libksba
* package/libmicrohttpd
- package/janus-gateway
- package/kodi
- package/ola
- package/systemd
* package/libssh
* package/libssh2
- package/php-ssh2
* package/netatalk
* package/network-manager
* package/ntfs-3g
* package/opkg
* package/php-gnupg
* package/rng-tools
* package/strongswan
* package/vpnc
[1] http://patchwork.ozlabs.org/patch/416427/
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
[Thomas:
- rebase on master
- changing systemd no longer needed, as it no longer selects
libgcrypt.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
[Maxime:
- rebase on master
- bump to new version
- propagate dependencies to missing packages]
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Romain Naour <romain.naour@gmail.com>
[Thomas:
- fix hash file.
- change the way to handle the various arch so that it works properly
for uClibc.
- add nios2 arch support.
- Maxime Hadjinlian learned some basic Emacs-fu to do the final fixups
of this commit.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Also, require threads support. cmake detects threads support correctly, but
libssh build system uses this information incorrectly.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
libssh2 and libssh both implement SSH and provide a library API for apps.
Both support SSH, SFTP, auth, channels etc. Both are 25K-30K lines of code.
[libssh2 vs libssh - A comparison]
http://www.libssh2.org/libssh2-vs-libssh.html
[Peter: add sha256 hash, fix typo in help text]
Signed-off-by: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>