From: "Anuj Mittal" <anuj.mittal@intel.com>
To: openembedded-core@lists.openembedded.org
Subject: [hardknott][PATCH 02/10] libssh2: fix build failure with option no-ecdsa
Date: Thu, 29 Apr 2021 12:40:59 +0800 [thread overview]
Message-ID: <d70cf4cd57d61f7db7179673b211e631c944e0e6.1619667368.git.anuj.mittal@intel.com> (raw)
In-Reply-To: <cover.1619667368.git.anuj.mittal@intel.com>
From: Stefan Ghinea <stefan.ghinea@windriver.com>
libssh2 fails at do_compile if
DEPRECATED_CRYPTO_FLAGS = "no-ecdsa" is set in recipe:
../src/.libs/libssh2.so: undefined reference to
`LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY'
References:
https://github.com/libssh2/libssh2/issues/549
Upstream patches:
https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc
Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2bb146e7315f8080cb49a95212231ccb76a4a822)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
---
...EC-macro-outside-of-if-check-549-550.patch | 112 ++++++++++++++++++
meta/recipes-support/libssh2/libssh2_1.9.0.bb | 1 +
2 files changed, 113 insertions(+)
create mode 100644 meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
diff --git a/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch b/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
new file mode 100644
index 0000000000..b331c1bf81
--- /dev/null
+++ b/meta/recipes-support/libssh2/files/0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch
@@ -0,0 +1,112 @@
+From 1f76151c92e1b52e9c24ebf06adc77fbd6c062bc Mon Sep 17 00:00:00 2001
+From: Will Cosgrove <will@panic.com>
+Date: Tue, 26 Jan 2021 11:41:21 -0800
+Subject: [PATCH] kex.c: move EC macro outside of if check #549 (#550)
+
+File: kex.c
+
+Notes:
+Moved the macro LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY outside of the LIBSSH2_ECDSA since it's also now used by the ED25519 code.
+
+Sha 256, 384 and 512 need to be defined for all backends now even if they aren't used directly. I believe this is already the case, but just a heads up.
+
+Credit:
+Stefan-Ghinea
+
+Upstream-Status: Backport
+
+Reference to upstream patch:
+https://github.com/libssh2/libssh2/commit/1f76151c92e1b52e9c24ebf06adc77fbd6c062bc
+
+Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com>
+---
+ src/kex.c | 66 +++++++++++++++++++++++++++----------------------------
+ 1 file changed, 33 insertions(+), 33 deletions(-)
+
+diff --git a/src/kex.c b/src/kex.c
+index cb16639..19ab6ec 100644
+--- a/src/kex.c
++++ b/src/kex.c
+@@ -1885,39 +1885,6 @@ kex_method_diffie_hellman_group_exchange_sha256_key_exchange
+ }
+
+
+-#if LIBSSH2_ECDSA
+-
+-/* kex_session_ecdh_curve_type
+- * returns the EC curve type by name used in key exchange
+- */
+-
+-static int
+-kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
+-{
+- int ret = 0;
+- libssh2_curve_type type;
+-
+- if(name == NULL)
+- return -1;
+-
+- if(strcmp(name, "ecdh-sha2-nistp256") == 0)
+- type = LIBSSH2_EC_CURVE_NISTP256;
+- else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
+- type = LIBSSH2_EC_CURVE_NISTP384;
+- else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
+- type = LIBSSH2_EC_CURVE_NISTP521;
+- else {
+- ret = -1;
+- }
+-
+- if(ret == 0 && out_type) {
+- *out_type = type;
+- }
+-
+- return ret;
+-}
+-
+-
+ /* LIBSSH2_KEX_METHOD_EC_SHA_HASH_CREATE_VERIFY
+ *
+ * Macro that create and verifies EC SHA hash with a given digest bytes
+@@ -2027,6 +1994,39 @@ kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
+ } \
+
+
++#if LIBSSH2_ECDSA
++
++/* kex_session_ecdh_curve_type
++ * returns the EC curve type by name used in key exchange
++ */
++
++static int
++kex_session_ecdh_curve_type(const char *name, libssh2_curve_type *out_type)
++{
++ int ret = 0;
++ libssh2_curve_type type;
++
++ if(name == NULL)
++ return -1;
++
++ if(strcmp(name, "ecdh-sha2-nistp256") == 0)
++ type = LIBSSH2_EC_CURVE_NISTP256;
++ else if(strcmp(name, "ecdh-sha2-nistp384") == 0)
++ type = LIBSSH2_EC_CURVE_NISTP384;
++ else if(strcmp(name, "ecdh-sha2-nistp521") == 0)
++ type = LIBSSH2_EC_CURVE_NISTP521;
++ else {
++ ret = -1;
++ }
++
++ if(ret == 0 && out_type) {
++ *out_type = type;
++ }
++
++ return ret;
++}
++
++
+ /* ecdh_sha2_nistp
+ * Elliptic Curve Diffie Hellman Key Exchange
+ */
+--
+2.17.1
+
diff --git a/meta/recipes-support/libssh2/libssh2_1.9.0.bb b/meta/recipes-support/libssh2/libssh2_1.9.0.bb
index 0b8ccbd217..a5451628e7 100644
--- a/meta/recipes-support/libssh2/libssh2_1.9.0.bb
+++ b/meta/recipes-support/libssh2/libssh2_1.9.0.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \
file://CVE-2019-17498.patch \
file://0001-configure-Conditionally-undefine-backend-m4-macro.patch \
file://run-ptest \
+ file://0001-kex.c-move-EC-macro-outside-of-if-check-549-550.patch \
"
SRC_URI_append_ptest = " file://0001-Don-t-let-host-enviroment-to-decide-if-a-test-is-bui.patch"
--
2.30.2
next prev parent reply other threads:[~2021-04-29 4:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-29 4:40 [hardknott][PATCH 00/10] review request Anuj Mittal
2021-04-29 4:40 ` [hardknott][PATCH 01/10] glib-2.0: fix CVE-2021-28153 Anuj Mittal
2021-04-29 4:40 ` Anuj Mittal [this message]
2021-04-29 4:41 ` [hardknott][PATCH 03/10] yocto-check-layer: Avoid bug when iterating and autoadding dependencies Anuj Mittal
2021-04-29 4:41 ` [hardknott][PATCH 04/10] kernel-yocto.bbclass: chdir to ${WORKDIR} for do_kernel_checkout Anuj Mittal
2021-04-29 4:41 ` [hardknott][PATCH 05/10] cmake.bbclass: remove ${B} before cmake_do_configure Anuj Mittal
2021-04-29 4:41 ` [hardknott][PATCH 06/10] oeqa: tear down oeqa decorators if one of them raises an exception in setup Anuj Mittal
2021-04-29 4:41 ` [hardknott][PATCH 07/10] meta/lib/oeqa/core/tests/cases/timeout.py: add a testcase for the previous fix Anuj Mittal
2021-04-29 4:41 ` [hardknott][PATCH 08/10] weston: fix build failure due to race condition Anuj Mittal
2021-04-29 4:41 ` [hardknott][PATCH 09/10] patchelf: Backport fix from upstream for note section overlap error Anuj Mittal
2021-04-29 4:41 ` [hardknott][PATCH 10/10] rsync: fix CVE-2020-14387 Anuj Mittal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d70cf4cd57d61f7db7179673b211e631c944e0e6.1619667368.git.anuj.mittal@intel.com \
--to=anuj.mittal@intel.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.