Commit 7838ef4a authored by Marvin Preuss's avatar Marvin Preuss Committed by Natanael Copa
Browse files

main/libssh: security upgrade 0.7.6 (CVE-2018-10933)

fixes #9572
parent 878af9b6
# Contributor: Carlo Landmeter <clandmeter@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libssh
pkgver=0.7.3
pkgrel=1
pkgver=0.7.6
pkgrel=0
pkgdesc="Library for accessing ssh client services through C libraries"
url="http://www.libssh.org/"
arch="all"
......@@ -10,9 +10,9 @@ license="LGPL"
depends=
makedepends="zlib-dev libressl-dev cmake doxygen"
subpackages="$pkgname-dev"
source="https://red.libssh.org/attachments/download/195/libssh-$pkgver.tar.xz
source="https://www.libssh.org/files/0.7/libssh-$pkgver.tar.xz
fix-includes.patch
"
libressl.patch"
_builddir="$srcdir"/$pkgname-$pkgver
......@@ -28,6 +28,10 @@ prepare() {
done
}
# secfixes:
# 0.7.6-r0:
# - CVE-2018-10933
build() {
cd "$srcdir"
......@@ -43,9 +47,12 @@ package() {
make DESTDIR="$pkgdir" install
}
md5sums="05465da8004f3258db946346213209de libssh-0.7.3.tar.xz
8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch"
sha256sums="26ef46be555da21112c01e4b9f5e3abba9194485c8822ab55ba3d6496222af98 libssh-0.7.3.tar.xz
d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch"
sha512sums="6797ea9492c9d07e0169163e6559a7880dd368ee763eff297b3cbddda5e892703cf32506f9513e7d9b5135984e1e888c4893b342df07da1b7ee30968c9185869 libssh-0.7.3.tar.xz
055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch"
md5sums="a1cc59079abc707d182f761ca5b6ac08 libssh-0.7.6.tar.xz
8257f5a2a6be16b158a83d76b5eed4fd fix-includes.patch
77703cb8398ec003f2379d4ed315aaaa libressl.patch"
sha256sums="1d607d3859274f755942324afb0f887ee22edd157f9596a2e69e3a28ec6d1092 libssh-0.7.6.tar.xz
d1798cd15d8682464a0b1b1853a9e17e63fed2fa732849570e595347d91b160c fix-includes.patch
e48893f225be683f013e09e16edb24db89fece94831c56f5571222e72a6dcf26 libressl.patch"
sha512sums="2a01402b5a9fab9ecc29200544ed45d3f2c40871ed1c8241ca793f8dc7fdb3ad2150f6a522c4321affa9b8778e280dc7ed10f76adfc4a73f0751ae735a42f56c libssh-0.7.6.tar.xz
055a8f6b97c65384a5a3ab8fe00c69d94cc30092fe926093dbbc122ce301fbe9d76127aa07b5e6107d7fa9dd2aad6b165fa0958b56520253b5d64428ff42a318 fix-includes.patch
c544406b353303f0569cb8ae63c88e58af68fbe065ad8076a2bb85662d4f5828832db0c97b015163ebf54b417ca883274d95ad0faec0100c80655d97bd64e297 libressl.patch"
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 20c0780..c1633f4 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -164,9 +164,9 @@ else (WITH_GCRYPT)
pki_crypto.c
libcrypto.c
)
- if(OPENSSL_VERSION VERSION_LESS "1.1.0")
+# if(OPENSSL_VERSION VERSION_LESS "1.1.0")
set(libssh_SRCS ${libssh_SRCS} libcrypto-compat.c)
- endif()
+# endif()
endif (WITH_GCRYPT)
if (WITH_SFTP)
diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
index 4b1f36a..4fa6537 100644
--- a/src/libcrypto-compat.c
+++ b/src/libcrypto-compat.c
@@ -302,7 +302,7 @@ void HMAC_CTX_free(HMAC_CTX *ctx)
{
if (ctx != NULL) {
hmac_ctx_cleanup(ctx);
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#if (OPENSSL_VERSION_NUMBER > 0x10100000L) && !defined(LIBRESSL_VERSION_NUMBER)
EVP_MD_CTX_free(&ctx->i_ctx);
EVP_MD_CTX_free(&ctx->o_ctx);
EVP_MD_CTX_free(&ctx->md_ctx);
diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
index 21542c6..532b0fb 100644
--- a/src/libcrypto-compat.h
+++ b/src/libcrypto-compat.h
@@ -2,7 +2,7 @@
#define LIBCRYPTO_COMPAT_H
#include <openssl/opensslv.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#include <openssl/rsa.h>
#include <openssl/dsa.h>
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment