| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| | |
libssh2: Add PKG_CPE_ID for proper CVE tracking
|
| | |
| |
| |
| | |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |/
|
|
| |
Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- CVE-2019-3855
Possible integer overflow in transport read allows out-of-bounds write
- CVE-2019-3856
Possible integer overflow in keyboard interactive handling allows
out-of-bounds write
- CVE-2019-3857
Possible integer overflow leading to zero-byte allocation and out-of-bounds
write
- CVE-2019-3858
Possible zero-byte allocation leading to an out-of-bounds read
- CVE-2019-3859
Out-of-bounds reads with specially crafted payloads due to unchecked use of
`_libssh2_packet_require` and `_libssh2_packet_requirev`
- CVE-2019-3860
Out-of-bounds reads with specially crafted SFTP packets
- CVE-2019-3861
Out-of-bounds reads with specially crafted SSH packets
- CVE-2019-3862
Out-of-bounds memory comparison
- CVE-2019-3863
Integer overflow in user authenicate keyboard interactive allows
out-of-bounds writes
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
| |
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
| |
|
|
|
|
|
|
| |
Recently added symbols CONFIG_LIBSSH2_MBEDTLS and CONFIG_LIBSSH2_OPENSSL
require a rerun of ./configure when their selection changes. So add them
to PKG_CONFIG_DEPENDS accordingly.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
| |
Use $(INSTALL_DATA) for headers and pkgconfig file.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
| |
libssh2 already makes sure that the compiler emits position-independent
code. Adding $(FPIC) makes no difference. In addition the libssh2 build
system puts its own flag behind the CFLAGS, overriding whatever was set
before.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
| |
This adds a choice to menuselect so people can select if they would like
to compile libssh2 against mbedtls (default) or openssl.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Bump version to 1.8.0
- Switch from openssl crypto backend to mbedtls (the package is a lot
smaller size-wise compared to openssl and libgcrypt)
- mbedtls support was added in 1.8.0 release. Unfortunately the detection
doesn't work out of the box, so a patch is needed that fixes an m4
script. For that reason autoreconf must be run.
- Add --with-libz-prefix as without it zlib is not detected (currently
there is the zlib dependency but libssh2 never actually links to it).
- Add --disable-silent-rules to get verbose build output.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
|
| |
|
|
|
|
|
|
|
|
| |
fix Makefile chmod (644)
replace MD5SUM with HASH
add PKG_MIRROR_HASH when PKG_SOURCE_PROTO:=git
(PKG_SOURCE_PROTO:=svn tarballs are not reproducible for now)
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
|
| |
|
|
| |
Signed-off-by: Hsing-Wang Liao <kuoruan@gmail.com>
|
| |
|
|
| |
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
|
| |
|
|
| |
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
|
| |
|
|
| |
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
|
|
|
Signed-off-by: Jiri Slachta <slachta@cesnet.cz>
|