#
-# Copyright (C) 2015 OpenWrt.org
+# Copyright (C) 2015 - 2018 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
PKG_NAME:=libssh2
PKG_VERSION:=1.6.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://www.libssh2.org/download
+PKG_SOURCE_URL:=https://www.libssh2.org/download
PKG_MD5SUM:=00aabd6e714a5f42a4fb82ace20db1dd
PKG_INSTALL:=1
SECTION:=libs
CATEGORY:=Libraries
TITLE:=SSH2 library
- URL:=http://www.libssh2.org/
+ URL:=https://www.libssh2.org/
DEPENDS:=+libopenssl +zlib
- MAINTAINER:=Jiri Slachta <slachta@cesnet.cz>
+ MAINTAINER:=Jiri Slachta <jiri@slachta.eu>
endef
define Package/libssh2/description
CONFIGURE_ARGS += \
--disable-examples-build \
- --with-libssl-prefix=$(STAGING_DIR)/usr
+ --with-libssl-prefix=$(STAGING_DIR)/usr \
+ --with-libz-prefix=$(STAGING_DIR)/usr
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
--- /dev/null
+Description: CVE-2016-0787: Truncated Difffie-Hellman secret length
+ Convert bytes to bits in diffie_hellman_sha1. Otherwise we get far too
+ small numbers.
+Origin: backport, http://www.libssh2.org/CVE-2016-0787.patch
+Forwarded: not-needed
+Author: Daniel Stenberg <daniel@haxx.se>
+Reviewed-by: Salvatore Bonaccorso <carnil@debian.org>
+Last-Update: 2016-02-18
+Applied-Upstream: 1.7.0
+---
+
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -103,7 +103,7 @@ static int diffie_hellman_sha1(LIBSSH2_S
+ memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t));
+
+ /* Generate x and e */
+- _libssh2_bn_rand(exchange_state->x, group_order, 0, -1);
++ _libssh2_bn_rand(exchange_state->x, group_order * 8 - 1, 0, -1);
+ _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p,
+ exchange_state->ctx);
+