From: "Alexander Kanavin" <alex.kanavin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>
Subject: [PATCH 26/26] libssh2: update 1.9.0 -> 1.10.0
Date: Wed, 8 Sep 2021 20:01:25 +0200 [thread overview]
Message-ID: <20210908180125.103473-26-alex.kanavin@gmail.com> (raw)
In-Reply-To: <20210908180125.103473-1-alex.kanavin@gmail.com>
From: Alexander Kanavin <alex@linutronix.de>
0001-configure-Conditionally-undefine-backend-m4-macro.patch no
longer needed; code removed upstream.
License-Update: copyright years
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
...nviroment-to-decide-if-a-test-is-bui.patch | 6 +-
...ditionally-undefine-backend-m4-macro.patch | 30 ----
...EC-macro-outside-of-if-check-549-550.patch | 112 ---------------
.../libssh2/files/CVE-2019-17498.patch | 131 ------------------
.../{libssh2_1.9.0.bb => libssh2_1.10.0.bb} | 10 +-
5 files changed, 5 insertions(+), 284 deletions(-)
delete mode 100644 meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch
delete mode 100644 meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
delete mode 100644 meta/recipes-support/libssh2/files/CVE-2019-17498.patch
rename meta/recipes-support/libssh2/{libssh2_1.9.0.bb => libssh2_1.10.0.bb} (78%)
diff --git a/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch b/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
index 5ff9bf8462..b1204e49eb 100644
--- a/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
+++ b/meta/recipes-support/libssh2/files/0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch
@@ -1,4 +1,4 @@
-From f9e3e2ee7b18ba5bb8efe083171f3e701eb0a663 Mon Sep 17 00:00:00 2001
+From f6abce5ba41a412a247250dcd80e387e53474466 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 28 Dec 2020 02:08:03 +0000
Subject: [PATCH] Don't let host enviroment to decide if a test is build
@@ -9,6 +9,7 @@ don't use SSHD on host to decide weither to build a test
Upstream-Status: Inappropriate[oe specific]
Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
---
tests/Makefile.am | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
@@ -41,6 +42,3 @@ index dc0922f..6cbc35d 100644
-endif
\ No newline at end of file
+endif
---
-2.20.1
-
diff --git a/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch b/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch
deleted file mode 100644
index 1128c7ea0c..0000000000
--- a/meta/recipes-support/libssh2/files/0001-configure-Conditionally-undefine-backend-m4-macro.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From efe7101786193eaddb749c0583af6b54aec6f289 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 2 Feb 2021 18:45:16 -0800
-Subject: [PATCH] configure: Conditionally undefine backend m4 macro
-
-Unlike the M4 builtin, this macro fails if macro is not defined
-therefore recover the behavior of the builtin.
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- configure.ac | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configure.ac b/configure.ac
-index fe5054a..758f8c2 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -127,7 +127,7 @@ fi
- m4_set_foreach([crypto_backends], [backend],
- [AM_CONDITIONAL(m4_toupper(backend), test "$found_crypto" = "backend")]
- )
--m4_undefine([backend])
-+m4_ifdef([backend], [m4_undefine([backend])])
-
-
- # libz
---
-2.30.0
-
diff --git a/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch b/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
deleted file mode 100644
index b331c1bf81..0000000000
--- a/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From 1f76151c92e1b52e9c24ebf06adc77fbd6c062bc Mon Sep 17 00:00:00 2001
-From: Will Cosgrove <will@panic.com>
-Date: Tue, 26 Jan 2021 11:41:21 -0800
-Subject: [PATCH] kex.c: move EC macro outside of if check #549 (#550)
-
-File: kex.c
-
-Notes:
-Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code.
-
-Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up.
-
-Credit:
-Stefan-Ghinea
-
-Upstream-Status: Backport
-
-Reference to upstream patch:
-https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc
-
-Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
----
- src/kex.c | 66 +++++++++++++++++++++++++++----------------------------
- 1 file changed, 33 insertions(+), 33 deletions(-)
-
-diff --git a/src/kex.c b/src/kex.c
-index cb16639..19ab6ec 100644
---- a/src/kex.c
-+++ b/src/kex.c
-@@ -1885,39 +1885,6 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
- }
-
-
--#if LIBSSH2_ECDSA
--
--/* kex_session_ecdh_curve_type
-- * returns the EC curve type by name used in key exchange
-- */
--
--static int
--kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
--{
-- int ret = 0;
-- libssh2_curve_type type;
--
-- if(name == NULL)
-- return -1;
--
-- if(strcmp(name, "ecdh-sha2-nistp256") == 0)
-- type = LIBSSH2_EC_CURVE_NISTP256;
-- else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
-- type = LIBSSH2_EC_CURVE_NISTP384;
-- else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
-- type = LIBSSH2_EC_CURVE_NISTP521;
-- else {
-- ret = -1;
-- }
--
-- if(ret == 0 && out_type) {
-- *out_type = type;
-- }
--
-- return ret;
--}
--
--
- /* LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY
- *
- * Macro that create and verifies EC SHA hash with a given digest bytes
-@@ -2027,6 +1994,39 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
- } \
-
-
-+#if LIBSSH2_ECDSA
-+
-+/* kex_session_ecdh_curve_type
-+ * returns the EC curve type by name used in key exchange
-+ */
-+
-+static int
-+kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
-+{
-+ int ret = 0;
-+ libssh2_curve_type type;
-+
-+ if(name == NULL)
-+ return -1;
-+
-+ if(strcmp(name, "ecdh-sha2-nistp256") == 0)
-+ type = LIBSSH2_EC_CURVE_NISTP256;
-+ else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
-+ type = LIBSSH2_EC_CURVE_NISTP384;
-+ else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
-+ type = LIBSSH2_EC_CURVE_NISTP521;
-+ else {
-+ ret = -1;
-+ }
-+
-+ if(ret == 0 && out_type) {
-+ *out_type = type;
-+ }
-+
-+ return ret;
-+}
-+
-+
- /* ecdh_sha2_nistp
- * Elliptic Curve Diffie Hellman Key Exchange
- */
---
-2.17.1
-
diff --git a/meta/recipes-support/libssh2/files/CVE-2019-17498.patch b/meta/recipes-support/libssh2/files/CVE-2019-17498.patch
deleted file mode 100644
index 001080072b..0000000000
--- a/meta/recipes-support/libssh2/files/CVE-2019-17498.patch
+++ /dev/null
@@ -1,131 +0,0 @@
-From dedcbd106f8e52d5586b0205bc7677e4c9868f9c Mon Sep 17 00:00:00 2001
-From: Will Cosgrove <will@panic.com>
-Date: Fri, 30 Aug 2019 09:57:38 -0700
-Subject: [PATCH] packet.c: improve message parsing (#402)
-
-* packet.c: improve parsing of packets
-
-file: packet.c
-
-notes:
-Use _libssh2_get_string API in SSH_MSG_DEBUG/SSH_MSG_DISCONNECT. Additional uint32 bounds check in SSH_MSG_GLOBAL_REQUEST.
-
-Upstream-Status: Backport
-CVE: CVE-2019-17498
-Signed-off-by: Li Zhou <li.zhou@windriver.com>
----
- src/packet.c | 68 ++++++++++++++++++++++------------------------------
- 1 file changed, 29 insertions(+), 39 deletions(-)
-
-diff --git a/src/packet.c b/src/packet.c
-index 38ab629..2e01bfc 100644
---- a/src/packet.c
-+++ b/src/packet.c
-@@ -419,8 +419,8 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
- size_t datalen, int macstate)
- {
- int rc = 0;
-- char *message = NULL;
-- char *language = NULL;
-+ unsigned char *message = NULL;
-+ unsigned char *language = NULL;
- size_t message_len = 0;
- size_t language_len = 0;
- LIBSSH2_CHANNEL *channelp = NULL;
-@@ -472,33 +472,23 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
-
- case SSH_MSG_DISCONNECT:
- if(datalen >= 5) {
-- size_t reason = _libssh2_ntohu32(data + 1);
-+ uint32_t reason = 0;
-+ struct string_buf buf;
-+ buf.data = (unsigned char *)data;
-+ buf.dataptr = buf.data;
-+ buf.len = datalen;
-+ buf.dataptr++; /* advance past type */
-
-- if(datalen >= 9) {
-- message_len = _libssh2_ntohu32(data + 5);
-+ _libssh2_get_u32(&buf, &reason);
-+ _libssh2_get_string(&buf, &message, &message_len);
-+ _libssh2_get_string(&buf, &language, &language_len);
-
-- if(message_len < datalen-13) {
-- /* 9 = packet_type(1) + reason(4) + message_len(4) */
-- message = (char *) data + 9;
--
-- language_len =
-- _libssh2_ntohu32(data + 9 + message_len);
-- language = (char *) data + 9 + message_len + 4;
--
-- if(language_len > (datalen-13-message_len)) {
-- /* bad input, clear info */
-- language = message = NULL;
-- language_len = message_len = 0;
-- }
-- }
-- else
-- /* bad size, clear it */
-- message_len = 0;
-- }
- if(session->ssh_msg_disconnect) {
-- LIBSSH2_DISCONNECT(session, reason, message,
-- message_len, language, language_len);
-+ LIBSSH2_DISCONNECT(session, reason, (const char *)message,
-+ message_len, (const char *)language,
-+ language_len);
- }
-+
- _libssh2_debug(session, LIBSSH2_TRACE_TRANS,
- "Disconnect(%d): %s(%s)", reason,
- message, language);
-@@ -539,24 +529,24 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
- int always_display = data[1];
-
- if(datalen >= 6) {
-- message_len = _libssh2_ntohu32(data + 2);
--
-- if(message_len <= (datalen - 10)) {
-- /* 6 = packet_type(1) + display(1) + message_len(4) */
-- message = (char *) data + 6;
-- language_len = _libssh2_ntohu32(data + 6 +
-- message_len);
--
-- if(language_len <= (datalen - 10 - message_len))
-- language = (char *) data + 10 + message_len;
-- }
-+ struct string_buf buf;
-+ buf.data = (unsigned char *)data;
-+ buf.dataptr = buf.data;
-+ buf.len = datalen;
-+ buf.dataptr += 2; /* advance past type & always display */
-+
-+ _libssh2_get_string(&buf, &message, &message_len);
-+ _libssh2_get_string(&buf, &language, &language_len);
- }
-
- if(session->ssh_msg_debug) {
-- LIBSSH2_DEBUG(session, always_display, message,
-- message_len, language, language_len);
-+ LIBSSH2_DEBUG(session, always_display,
-+ (const char *)message,
-+ message_len, (const char *)language,
-+ language_len);
- }
- }
-+
- /*
- * _libssh2_debug will actually truncate this for us so
- * that it's not an inordinate about of data
-@@ -579,7 +569,7 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data,
- uint32_t len = 0;
- unsigned char want_reply = 0;
- len = _libssh2_ntohu32(data + 1);
-- if(datalen >= (6 + len)) {
-+ if((len <= (UINT_MAX - 6)) && (datalen >= (6 + len))) {
- want_reply = data[5 + len];
- _libssh2_debug(session,
- LIBSSH2_TRACE_CONN,
---
-2.17.1
-
diff --git a/meta/recipes-support/libssh2/libssh2_1.9.0.bb b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
similarity index 78%
rename from meta/recipes-support/libssh2/libssh2_1.9.0.bb
rename to meta/recipes-support/libssh2/libssh2_1.10.0.bb
index a0cbb6af6b..072d6819c0 100644
--- a/meta/recipes-support/libssh2/libssh2_1.9.0.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.10.0.bb
@@ -5,19 +5,15 @@ SECTION = "libs"
DEPENDS = "zlib"
LICENSE = "BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://COPYING;md5=c5cf34fc0acb44b082ef50ef5e4354ca"
+LIC_FILES_CHKSUM = "file://COPYING;md5=3e089ad0cf27edf1e7f261dfcd06acc7"
SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
- file://CVE-2019-17498.patch \
- file://0001-configure-Conditionally-undefine-backend-m4-macro.patch \
file://run-ptest \
- file://0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch \
-"
+ "
SRC_URI:append:ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch"
-SRC_URI[md5sum] = "1beefafe8963982adc84b408b2959927"
-SRC_URI[sha256sum] = "d5fb8bd563305fd1074dda90bd053fb2d29fc4bce048d182f96eaa466dfadafd"
+SRC_URI[sha256sum] = "2d64e90f3ded394b91d3a2e774ca203a4179f69aebee03003e5a6fa621e41d51"
inherit autotools pkgconfig ptest
--
2.31.1
next prev parent reply other threads:[~2021-09-08 18:01 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-08 18:01 [PATCH 01/26] meson: update 0.58.1 -> 0.59.1 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 02/26] libcap: update 2.51 -> 2.54 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 03/26] lua: add a recipe from meta-oe Alexander Kanavin
2021-09-09 5:11 ` [OE-core] " Khem Raj
2021-09-08 18:01 ` [PATCH 04/26] lua: update 5.3.6 -> 5.4.3 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 05/26] rpm: update 4.16.1.3 -> 4.17.0 Alexander Kanavin
2021-10-14 12:19 ` [OE-core] " Martin Jansa
2021-09-08 18:01 ` [PATCH 06/26] libdnf: fix the rpm sqlite-only target setup Alexander Kanavin
2021-09-08 18:01 ` [PATCH 07/26] libsolv: disable rpm bdb format support Alexander Kanavin
2021-09-08 18:01 ` [PATCH 08/26] perl: do not build berkeley db module by default Alexander Kanavin
2021-09-08 18:01 ` [PATCH 09/26] package_rpm: use zstd instead of xz Alexander Kanavin
2021-09-08 18:01 ` [PATCH 10/26] qemu: update 6.0.0 -> 6.1.0 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 11/26] runqemu: correct vga-virtio option to keep virgl enabled Alexander Kanavin
2021-09-08 18:01 ` [PATCH 12/26] gnupg: update 2.3.1 -> 2.3.2 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 13/26] pinentry: update 1.1.1 -> 1.2.0 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 14/26] spirv-tools: update 2021.2 -> 2021.3 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 15/26] glslang: update 11.5.0 -> 11.6.0 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 16/26] shaderc: update 2021.1 -> 2021.2 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 17/26] lttng: update 2.12 -> 2.13.0 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 18/26] core-image-ptest-all: bump RAM requirement to 4G Alexander Kanavin
2021-09-08 18:01 ` [PATCH 19/26] inetutils: update 2.1 -> 2.2 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 20/26] systemd: update 249.3 -> 249.4 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 21/26] lsof: update 4.91 -> 4.94.0 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 22/26] libpam: update 1.5.1 -> 1.5.2 Alexander Kanavin
2021-10-12 10:13 ` [OE-core] " Zoltan Boszormenyi
2021-09-08 18:01 ` [PATCH 23/26] libhandy: update 1.2.3 -> 1.4.0 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 24/26] rt-tests: update 2.1 -> 2.2 Alexander Kanavin
2021-09-08 18:01 ` [PATCH 25/26] libgit2: update 1.1.1 -> 1.2.0 Alexander Kanavin
2021-09-08 18:01 ` Alexander Kanavin [this message]
2021-09-09 9:01 ` [OE-core] [PATCH 01/26] meson: update 0.58.1 -> 0.59.1 Peter Kjellerstedt
2021-09-09 9:04 ` Alexander Kanavin
2021-10-11 2:47 ` Hsia-Jun Li
2021-10-11 8:05 ` Alexander Kanavin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210908180125.103473-26-alex.kanavin@gmail.com \
--to=alex.kanavin@gmail.com \
--cc=alex@linutronix.de \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.