diff options
| author | Marvin Steadfast <marvin@xsteadfastx.org> | 2018-10-17 09:49:54 +0200 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-10-24 19:03:07 +0200 |
| commit | 7838ef4a7544c4d8c742eeaae9a6477f38a67313 (patch) | |
| tree | f0848a2bb1c5d7c0c918ace05b0b5400802becbc | |
| parent | 878af9b6555b9b812151e55fd3294c89cf0f53ba (diff) | |
| download | aports-7838ef4a7544c4d8c742eeaae9a6477f38a67313.tar.bz2 aports-7838ef4a7544c4d8c742eeaae9a6477f38a67313.tar.xz | |
main/libssh: security upgrade 0.7.6 (CVE-2018-10933)
fixes #9572
| -rw-r--r-- | main/libssh/APKBUILD | 27 | ||||
| -rw-r--r-- | main/libssh/libressl.patch | 42 |
2 files changed, 59 insertions, 10 deletions
diff --git a/main/libssh/APKBUILD b/main/libssh/APKBUILD index ba03c0ce74..d19642962f 100644 --- a/main/libssh/APKBUILD +++ b/main/libssh/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Carlo Landmeter <clandmeter@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libssh -pkgver=0.7.3 -pkgrel=1 +pkgver=0.7.6 +pkgrel=0 pkgdesc="Library for accessing ssh client services through C libraries" url="http://www.libssh.org/" arch="all" @@ -10,9 +10,9 @@ license="LGPL" depends= makedepends="zlib-dev libressl-dev cmake doxygen" subpackages="$pkgname-dev" -source="https://red.libssh.org/attachments/download/195/libssh-$pkgver.tar.xz +source="https://www.libssh.org/files/0.7/libssh-$pkgver.tar.xz fix-includes.patch - " + libressl.patch" _builddir="$srcdir"/$pkgname-$pkgver @@ -28,6 +28,10 @@ prepare() { done } +# secfixes: +# 0.7.6-r0: +# - CVE-2018-10933 + build() { cd "$srcdir" @@ -43,9 +47,12 @@ package() { make DESTDIR="$pkgdir" install } -md5sums="05465da8004f3258db946346213209de libssh-0.7.3.tar.xz -8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch" -sha256sums="26ef46be555da21112c01e4b9f5e3abba9194485c8822ab55ba3d6496222af98 libssh-0.7.3.tar.xz -d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch" -sha512sums="6797ea9492c9d07e0169163e6559a7880dd368ee763eff297b3cbddda5e892703cf32506f9513e7d9b5135984e1e888c4893b342df07da1b7ee30968c9185869 libssh-0.7.3.tar.xz -055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch" +md5sums="a1cc59079abc707d182f761ca5b6ac08 libssh-0.7.6.tar.xz +8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch +77703cb8398ec003f2379d4ed315aaaa libressl.patch" +sha256sums="1d607d3859274f755942324afb0f887ee22edd157f9596a2e69e3a28ec6d1092 libssh-0.7.6.tar.xz +d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch +e48893f225be683f013e09e16edb24db89fece94831c56f5571222e72a6dcf26 libressl.patch" +sha512sums="2a01402b5a9fab9ecc29200544ed45d3f2c40871ed1c8241ca793f8dc7fdb3ad2150f6a522c4321affa9b8778e280dc7ed10f76adfc4a73f0751ae735a42f56c libssh-0.7.6.tar.xz +055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch +c544406b353303f0569cb8ae63c88e58af68fbe065ad8076a2bb85662d4f5828832db0c97b015163ebf54b417ca883274d95ad0faec0100c80655d97bd64e297 libressl.patch" diff --git a/main/libssh/libressl.patch b/main/libssh/libressl.patch new file mode 100644 index 0000000000..c91744c1fe --- /dev/null +++ b/main/libssh/libressl.patch @@ -0,0 +1,42 @@ +diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt +index 20c0780..c1633f4 100644 +--- a/src/CMakeLists.txt ++++ b/src/CMakeLists.txt +@@ -164,9 +164,9 @@ else (WITH_GCRYPT) + pki_crypto.c + libcrypto.c + ) +- if(OPENSSL_VERSION VERSION_LESS "1.1.0") ++# if(OPENSSL_VERSION VERSION_LESS "1.1.0") + set(libssh_SRCS ${libssh_SRCS} libcrypto-compat.c) +- endif() ++# endif() + endif (WITH_GCRYPT) + + if (WITH_SFTP) +diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c +index 4b1f36a..4fa6537 100644 +--- a/src/libcrypto-compat.c ++++ b/src/libcrypto-compat.c +@@ -302,7 +302,7 @@ void HMAC_CTX_free(HMAC_CTX *ctx) + { + if (ctx != NULL) { + hmac_ctx_cleanup(ctx); +-#if OPENSSL_VERSION_NUMBER > 0x10100000L ++#if (OPENSSL_VERSION_NUMBER > 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER) + EVP_MD_CTX_free(&ctx->i_ctx); + EVP_MD_CTX_free(&ctx->o_ctx); + EVP_MD_CTX_free(&ctx->md_ctx); +diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h +index 21542c6..532b0fb 100644 +--- a/src/libcrypto-compat.h ++++ b/src/libcrypto-compat.h +@@ -2,7 +2,7 @@ + #define LIBCRYPTO_COMPAT_H + + #include <openssl/opensslv.h> +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + + #include <openssl/rsa.h> + #include <openssl/dsa.h> |