libssh: update to 0.9.5

It seems none of the patches apply/are needed.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

diff --git a/libs/libssh/Makefile b/libs/libssh/Makefile
index ae20994309478cc76476d6e5e8a2cd53d0e48d95..d747bfa2def4bfdcb424ab189e8fcf96b4e02817 100644 (file)
--- a/libs/libssh/Makefile
+++ b/libs/libssh/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libssh
-PKG_VERSION:=0.9.4
-PKG_RELEASE:=3
+PKG_VERSION:=0.9.5
+PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.libssh.org/files/0.9/
-PKG_HASH:=150897a569852ac05aac831dc417a7ba8e610c86ca2e0154a99c6ade2486226b
+PKG_HASH:=acffef2da98e761fc1fd9c4fddde0f3af60ab44c4f5af05cd1b2d60a3fa08718
 
 PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
 PKG_LICENSE:=LGPL-2.1-or-later BSD-2-Clause

diff --git a/libs/libssh/patches/0001-libcrypto-compat-add-extra-functions.patch b/libs/libssh/patches/0001-libcrypto-compat-add-extra-functions.patch
deleted file mode 100644 (file)
index 53ceebe..0000000
--- a/libs/libssh/patches/0001-libcrypto-compat-add-extra-functions.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From ce7de0261f0c1f1640da5673dd24939a37e33bd9 Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 23 Jan 2020 18:53:06 -0800
-Subject: [PATCH 1/2] libcrypto-compat: add extra functions
-
-Changed the define to compare OPENSSL_API_COMPAT instead of version as
-OpenSSL can be compiled in different ways. One is to disable all
-deprecated APIs.
-
-Added extra functions. The next commit will switch to them.
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- src/libcrypto-compat.c | 14 ++++++++++++++
- src/libcrypto-compat.h |  8 +++++++-
- 2 files changed, 21 insertions(+), 1 deletion(-)
-
-diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
-index 048d1781..3604763f 100644
---- a/src/libcrypto-compat.c
-+++ b/src/libcrypto-compat.c
-@@ -280,6 +280,11 @@ void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-     OPENSSL_free(ctx);
- }
- 
-+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
-+{
-+      EVP_CIPHER_CTX_init(ctx);
-+}
-+
- HMAC_CTX *HMAC_CTX_new(void)
- {
-     HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
-@@ -394,3 +399,12 @@ int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-     }
-     return 1;
- }
-+
-+const char *OpenSSL_version(int type)
-+{
-+    return SSLeay_version(type);
-+}
-+unsigned long OpenSSL_version_num(void)
-+{
-+    return SSLeay();
-+}
-diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
-index bda0473e..44e14801 100644
---- a/src/libcrypto-compat.h
-+++ b/src/libcrypto-compat.h
-@@ -34,6 +34,8 @@ int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
- EVP_MD_CTX *EVP_MD_CTX_new(void);
- void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
- 
-+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx);
-+
- HMAC_CTX *HMAC_CTX_new(void);
- int HMAC_CTX_reset(HMAC_CTX *ctx);
- void HMAC_CTX_free(HMAC_CTX *ctx);
-@@ -44,6 +46,10 @@ int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
- void DH_get0_key(const DH *dh,
-                  const BIGNUM **pub_key, const BIGNUM **priv_key);
- int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-+
-+const char *OpenSSL_version(int type);
-+unsigned long OpenSSL_version_num(void);
-+
- #endif /* OPENSSL_VERSION_NUMBER */
- 
- #endif /* LIBCRYPTO_COMPAT_H */
--- 
-2.24.1
-

diff --git a/libs/libssh/patches/0002-libcrypto-remove-deprecated-API-usage.patch b/libs/libssh/patches/0002-libcrypto-remove-deprecated-API-usage.patch
deleted file mode 100644 (file)
index 7b0626d..0000000
--- a/libs/libssh/patches/0002-libcrypto-remove-deprecated-API-usage.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 73f0e186964126c9e2bfba43488f543ace54746b Mon Sep 17 00:00:00 2001
-From: Rosen Penev <rosenp@gmail.com>
-Date: Thu, 23 Jan 2020 18:54:51 -0800
-Subject: [PATCH 2/2] libcrypto: remove deprecated API usage
-
-EVP_CIPHER_CTX_init was replaced with _reset.
-
-Removed EVP_CIPHER_CTX_cleanup. The successive _free call handles that.
-
-Removed old SSLeay function usage.
-
-Signed-off-by: Rosen Penev <rosenp@gmail.com>
----
- src/libcrypto.c | 9 ++++-----
- 1 file changed, 4 insertions(+), 5 deletions(-)
-
-diff --git a/src/libcrypto.c b/src/libcrypto.c
-index b3792264..7ce7d93a 100644
---- a/src/libcrypto.c
-+++ b/src/libcrypto.c
-@@ -541,7 +541,7 @@ static int evp_cipher_set_encrypt_key(struct ssh_cipher_struct *cipher,
-     int rc;
- 
-     evp_cipher_init(cipher);
--    EVP_CIPHER_CTX_init(cipher->ctx);
-+    EVP_CIPHER_CTX_reset(cipher->ctx);
- 
-     rc = EVP_EncryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV);
-     if (rc != 1){
-@@ -574,7 +574,7 @@ static int evp_cipher_set_decrypt_key(struct ssh_cipher_struct *cipher,
-     int rc;
- 
-     evp_cipher_init(cipher);
--    EVP_CIPHER_CTX_init(cipher->ctx);
-+    EVP_CIPHER_CTX_reset(cipher->ctx);
- 
-     rc = EVP_DecryptInit_ex(cipher->ctx, cipher->cipher, NULL, key, IV);
-     if (rc != 1){
-@@ -657,7 +657,6 @@ static void evp_cipher_decrypt(struct ssh_cipher_struct *cipher,
- 
- static void evp_cipher_cleanup(struct ssh_cipher_struct *cipher) {
-     if (cipher->ctx != NULL) {
--        EVP_CIPHER_CTX_cleanup(cipher->ctx);
-         EVP_CIPHER_CTX_free(cipher->ctx);
-     }
- }
-@@ -1481,11 +1480,11 @@ int ssh_crypto_init(void)
-     if (libcrypto_initialized) {
-         return SSH_OK;
-     }
--    if (SSLeay() != OPENSSL_VERSION_NUMBER){
-+    if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER){
-         SSH_LOG(SSH_LOG_WARNING, "libssh compiled with %s "
-             "headers, currently running with %s.",
-             OPENSSL_VERSION_TEXT,
--            SSLeay_version(SSLeay())
-+            OpenSSL_version(OpenSSL_version_num())
-         );
-     }
- #ifdef CAN_DISABLE_AESNI
--- 
-2.24.1
-

diff --git a/libs/libssh/patches/0003-CVE-2020-16135.patch b/libs/libssh/patches/0003-CVE-2020-16135.patch
deleted file mode 100644 (file)
index f480e83..0000000
--- a/libs/libssh/patches/0003-CVE-2020-16135.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-From 1493b4466fa394b321d196ad63dd6a4fa395d337 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:04:09 +0200
-Subject: [PATCH 1/4] sftpserver: Add missing NULL check for ssh_buffer_new()
-
-Thanks to Ramin Farajpour Cami for spotting this.
-
-Fixes T232
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/sftpserver.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/sftpserver.c b/src/sftpserver.c
-index 5a2110e5..b639a2ce 100644
---- a/src/sftpserver.c
-+++ b/src/sftpserver.c
-@@ -67,6 +67,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
- 
-   /* take a copy of the whole packet */
-   msg->complete_message = ssh_buffer_new();
-+  if (msg->complete_message == NULL) {
-+      ssh_set_error_oom(session);
-+      sftp_client_message_free(msg);
-+      return NULL;
-+  }
-+
-   ssh_buffer_add_data(msg->complete_message,
-                       ssh_buffer_get(payload),
-                       ssh_buffer_get_len(payload));
--- 
-GitLab
-
-
-From dbfb7f44aa905a7103bdde9a198c1e9b0f480c2e Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:05:51 +0200
-Subject: [PATCH 2/4] sftpserver: Add missing return check for
- ssh_buffer_add_data()
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/sftpserver.c | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/src/sftpserver.c b/src/sftpserver.c
-index b639a2ce..9117f155 100644
---- a/src/sftpserver.c
-+++ b/src/sftpserver.c
-@@ -73,9 +73,14 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) {
-       return NULL;
-   }
- 
--  ssh_buffer_add_data(msg->complete_message,
--                      ssh_buffer_get(payload),
--                      ssh_buffer_get_len(payload));
-+  rc = ssh_buffer_add_data(msg->complete_message,
-+                           ssh_buffer_get(payload),
-+                           ssh_buffer_get_len(payload));
-+  if (rc < 0) {
-+      ssh_set_error_oom(session);
-+      sftp_client_message_free(msg);
-+      return NULL;
-+  }
- 
-   ssh_buffer_get_u32(payload, &msg->id);
- 
--- 
-GitLab
-
-
-From 65ae496222018221080dd753a52f6d70bf3ca5f3 Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:10:11 +0200
-Subject: [PATCH 3/4] buffer: Reformat ssh_buffer_add_data()
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/buffer.c | 35 ++++++++++++++++++-----------------
- 1 file changed, 18 insertions(+), 17 deletions(-)
-
-diff --git a/src/buffer.c b/src/buffer.c
-index a2e6246a..476bc135 100644
---- a/src/buffer.c
-+++ b/src/buffer.c
-@@ -299,28 +299,29 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
-  */
- int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
- {
--  buffer_verify(buffer);
-+    buffer_verify(buffer);
- 
--  if (data == NULL) {
--      return -1;
--  }
-+    if (data == NULL) {
-+        return -1;
-+    }
- 
--  if (buffer->used + len < len) {
--    return -1;
--  }
-+    if (buffer->used + len < len) {
-+        return -1;
-+    }
- 
--  if (buffer->allocated < (buffer->used + len)) {
--    if(buffer->pos > 0)
--      buffer_shift(buffer);
--    if (realloc_buffer(buffer, buffer->used + len) < 0) {
--      return -1;
-+    if (buffer->allocated < (buffer->used + len)) {
-+        if (buffer->pos > 0) {
-+            buffer_shift(buffer);
-+        }
-+        if (realloc_buffer(buffer, buffer->used + len) < 0) {
-+            return -1;
-+        }
-     }
--  }
- 
--  memcpy(buffer->data+buffer->used, data, len);
--  buffer->used+=len;
--  buffer_verify(buffer);
--  return 0;
-+    memcpy(buffer->data + buffer->used, data, len);
-+    buffer->used += len;
-+    buffer_verify(buffer);
-+    return 0;
- }
- 
- /**
--- 
-GitLab
-
-
-From df0acab3a077bd8ae015e3e8b4c71ff31b5900fe Mon Sep 17 00:00:00 2001
-From: Andreas Schneider <asn@cryptomilk.org>
-Date: Wed, 3 Jun 2020 10:11:21 +0200
-Subject: [PATCH 4/4] buffer: Add NULL check for 'buffer' argument
-
-Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
----
- src/buffer.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/buffer.c b/src/buffer.c
-index 476bc135..ce12f491 100644
---- a/src/buffer.c
-+++ b/src/buffer.c
-@@ -299,6 +299,10 @@ int ssh_buffer_reinit(struct ssh_buffer_struct *buffer)
-  */
- int ssh_buffer_add_data(struct ssh_buffer_struct *buffer, const void *data, uint32_t len)
- {
-+    if (buffer == NULL) {
-+        return -1;
-+    }
-+
-     buffer_verify(buffer);
- 
-     if (data == NULL) {
--- 
-GitLab
-

diff --git a/libs/libssh/patches/0004-channels-Avoid-returning-SSH_AGAIN-from-ssh_channel_.patch b/libs/libssh/patches/0004-channels-Avoid-returning-SSH_AGAIN-from-ssh_channel_.patch
deleted file mode 100644 (file)
index 8dd50ba..0000000
--- a/libs/libssh/patches/0004-channels-Avoid-returning-SSH_AGAIN-from-ssh_channel_.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 6417f5a3cac8537ac6f6ff7fc1642dfaa0917fb4 Mon Sep 17 00:00:00 2001
-From: Jakub Jelen <jjelen@redhat.com>
-Date: Thu, 16 Apr 2020 11:13:34 +0200
-Subject: [PATCH] channels: Avoid returning SSH_AGAIN from
- ssh_channel_poll_timeout()
-
-This addresses a regression introduced in 3bad0607, partially fixed in 022409e9,
-but the function was still able to return SSH_AGAIN, which was not expected by
-callers.
-
-Based on discussion in [1] and [2]
-
-[1] https://gitlab.com/libssh/libssh-mirror/-/merge_requests/101
-[2] https://www.libssh.org/archive/libssh/2020-03/0000029.html
-
-Signed-off-by: Jakub Jelen <jjelen@redhat.com>
-Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
----
- src/channels.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/channels.c b/src/channels.c
-index bcc1c207..9fe309d0 100644
---- a/src/channels.c
-+++ b/src/channels.c
-@@ -3116,6 +3116,12 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
-         session->session_state == SSH_SESSION_STATE_ERROR) {
-         rc = SSH_ERROR;
-         goto out;
-+    } else if (rc == SSH_AGAIN) {
-+        /* If the above timeout expired, it is ok and we do not need to
-+         * attempt to check the read buffer. The calling functions do not
-+         * expect us to return SSH_AGAIN either here. */
-+        rc = SSH_OK;
-+        goto out;
-     }
-     len = ssh_buffer_get_len(stdbuf);
-     if (len > 0) {
--- 
-2.26.2
-