Merge pull request #9700 from ja-pa/libssh2-1.9.0

libssh2: update to version 1.9.0 (security fix)

diff --git a/libs/libssh2/Makefile b/libs/libssh2/Makefile
index c2d29ae3a3e75eea4959fd8550bd70a2d23fb379..7d438bbaaeb042eca0db5fe7bbc6368475c24cca 100644 (file)
--- a/libs/libssh2/Makefile
+++ b/libs/libssh2/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=libssh2
-PKG_VERSION:=1.8.2
+PKG_VERSION:=1.9.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.libssh2.org/download
-PKG_HASH:=088307d9f6b6c4b8c13f34602e8ff65d21c2dc4d55284dfe15d502c4ee190d67
+PKG_HASH:=d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd
 
 PKG_FIXUP:=autoreconf
 
@@ -28,6 +28,7 @@ PKG_CONFIG_DEPENDS:= \
        CONFIG_LIBSSH2_OPENSSL
 
 include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
 
 define Package/libssh2
   SECTION:=libs
@@ -46,12 +47,16 @@ define Package/libssh2/config
        source "$(SOURCE)/Config.in"
 endef
 
-CONFIGURE_ARGS += \
-       --disable-examples-build \
-       --disable-silent-rules \
-       $(if $(CONFIG_LIBSSH2_MBEDTLS),--with-mbedtls --with-libmbedtls-prefix=$(STAGING_DIR)/usr) \
-       $(if $(CONFIG_LIBSSH2_OPENSSL),--with-openssl --with-libssl-prefix=$(STAGING_DIR)/usr) \
-       --with-libz-prefix=$(STAGING_DIR)/usr
+CMAKE_OPTIONS += \
+       -DBUILD_SHARED_LIBS=ON \
+       -DENABLE_ZLIB_COMPRESSION=ON \
+       -DCLEAR_MEMORY=ON
+
+ifeq ($(CONFIG_LIBSSH2_OPENSSL),y)
+       CMAKE_OPTIONS += -DCRYPTO_BACKEND=OpenSSL
+else
+       CMAKE_OPTIONS += -DCRYPTO_BACKEND=mbedTLS
+endif
 
 define Build/InstallDev
        $(INSTALL_DIR) $(1)/usr/include

diff --git a/libs/libssh2/patches/01-fix-acinclude-m4.patch b/libs/libssh2/patches/01-fix-acinclude-m4.patch
deleted file mode 100644 (file)
index d4e1182..0000000
--- a/libs/libssh2/patches/01-fix-acinclude-m4.patch
+++ /dev/null
@@ -1,28 +0,0 @@
---- a/acinclude.m4
-+++ b/acinclude.m4
-@@ -386,9 +386,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_MBEDTLS], [
- 
-   old_LDFLAGS=$LDFLAGS
-   old_CFLAGS=$CFLAGS
--  if test -n "$use_mbedtls" && test "$use_mbedtls" != "no"; then
--    LDFLAGS="$LDFLAGS -L$use_mbedtls/lib"
--    CFLAGS="$CFLAGS -I$use_mbedtls/include"
-+  if test -n "$with_libmbedtls_prefix" && test "$use_mbedtls" != "no"; then
-+    LDFLAGS="$LDFLAGS -L$with_libmbedtls_prefix/lib"
-+    CFLAGS="$CFLAGS -I$with_libmbedtls_prefix/include"
-   fi
- 
-   AC_LIB_HAVE_LINKFLAGS([mbedtls], [], [
-@@ -412,9 +412,9 @@ AC_DEFUN([LIBSSH2_CHECKFOR_GCRYPT], [
- 
-   old_LDFLAGS=$LDFLAGS
-   old_CFLAGS=$CFLAGS
--  if test -n "$use_libgcrypt" && test "$use_libgcrypt" != "no"; then
--    LDFLAGS="$LDFLAGS -L$use_libgcrypt/lib"
--    CFLAGS="$CFLAGS -I$use_libgcrypt/include"
-+  if test -n "$with_libgcrypt_prefix" && test "$use_libgcrypt" != "no"; then
-+    LDFLAGS="$LDFLAGS -L$with_libgcrypt_prefix/lib"
-+    CFLAGS="$CFLAGS -I$with_libgcrypt_prefix/include"
-   fi
-   AC_LIB_HAVE_LINKFLAGS([gcrypt], [], [
-     #include <gcrypt.h>

diff --git a/libs/libssh2/patches/02-openssl-deprecated.patch b/libs/libssh2/patches/02-openssl-deprecated.patch
deleted file mode 100644 (file)
index eab0d86..0000000
--- a/libs/libssh2/patches/02-openssl-deprecated.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-diff --git a/src/openssl.c b/src/openssl.c
-index 4f63ef9..411f9f6 100644
---- a/src/openssl.c
-+++ b/src/openssl.c
-@@ -1062,6 +1062,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
-                               "Unable to extract public key from private key "
-                               "file: Unable to open private key file");
-     }
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     if (!EVP_get_cipherbyname("des")) {
-         /* If this cipher isn't loaded it's a pretty good indication that none
-          * are.  I have *NO DOUBT* that there's a better way to deal with this
-@@ -1070,6 +1071,7 @@ _libssh2_pub_priv_keyfile(LIBSSH2_SESSION *session,
-          */
-         OpenSSL_add_all_ciphers();
-     }
-+#endif
-     BIO_reset(bp);
-     pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
-     BIO_free(bp);
-@@ -1138,6 +1140,7 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
-     if (!bp) {
-         return -1;
-     }
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-     if (!EVP_get_cipherbyname("des")) {
-         /* If this cipher isn't loaded it's a pretty good indication that none
-          * are.  I have *NO DOUBT* that there's a better way to deal with this
-@@ -1146,6 +1149,7 @@ _libssh2_pub_priv_keyfilememory(LIBSSH2_SESSION *session,
-          */
-         OpenSSL_add_all_ciphers();
-     }
-+#endif
-     BIO_reset(bp);
-     pk = PEM_read_bio_PrivateKey(bp, NULL, NULL, (void*)passphrase);
-     BIO_free(bp);
-diff --git a/src/openssl.h b/src/openssl.h
-index 3ca71fa..7a89793 100644
---- a/src/openssl.h
-+++ b/src/openssl.h
-@@ -40,7 +40,9 @@
- #include <openssl/opensslconf.h>
- #include <openssl/sha.h>
- #include <openssl/rsa.h>
-+#ifndef OPENSSL_NO_ENGINE
- #include <openssl/engine.h>
-+#endif
- #ifndef OPENSSL_NO_DSA
- #include <openssl/dsa.h>
- #endif
-@@ -226,10 +228,18 @@ int _libssh2_md5_init(libssh2_md5_ctx *ctx);
- #define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx)
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#ifndef OPENSSL_NO_ENGINE
- #define libssh2_crypto_init() \
-   OpenSSL_add_all_algorithms(); \
-   ENGINE_load_builtin_engines(); \
-   ENGINE_register_all_complete()
-+#else
-+#define libssh2_crypto_init() OpenSSL_add_all_algorithms()
-+#endif
-+#else
-+#define libssh2_crypto_init()
-+#endif
- 
- #define libssh2_crypto_exit()
-