kumquat-buildroot/package/libssh/libssh.mk
Fabrice Fontaine 88cb451446 package/libssh: security bump to version 0.9.6
Fix CVE-2021-3634: A flaw has been found in libssh in versions prior to
0.9.6. The SSH protocol keeps track of two shared secrets during the
lifetime of the session. One of them is called secret_hash and the other
session_id. Initially, both of them are the same, but after key
re-exchange, previous session_id is kept and used as an input to new
secret_hash. Historically, both of these buffers had shared length
variable, which worked as long as these buffers were same. But the key
re-exchange operation can also change the key exchange method, which can
be based on hash of different size, eventually creating "secret_hash" of
different size than the session_id has. This becomes an issue when the
session_id memory is zeroed or when it is used again during second key
re-exchange.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2021-09-13 22:36:57 +02:00

44 lines
1.2 KiB
Makefile

################################################################################
#
# libssh
#
################################################################################
LIBSSH_VERSION_MAJOR = 0.9
LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).6
LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
LIBSSH_LICENSE = LGPL-2.1
LIBSSH_LICENSE_FILES = COPYING
LIBSSH_CPE_ID_VENDOR = libssh
LIBSSH_INSTALL_STAGING = YES
LIBSSH_SUPPORTS_IN_SOURCE_BUILD = NO
LIBSSH_CONF_OPTS = \
-DWITH_STACK_PROTECTOR=OFF \
-DWITH_EXAMPLES=OFF
ifeq ($(BR2_PACKAGE_LIBSSH_SERVER),y)
LIBSSH_CONF_OPTS += -DWITH_SERVER=ON
else
LIBSSH_CONF_OPTS += -DWITH_SERVER=OFF
endif
ifeq ($(BR2_PACKAGE_ZLIB),y)
LIBSSH_CONF_OPTS += -DWITH_ZLIB=ON
LIBSSH_DEPENDENCIES += zlib
else
LIBSSH_CONF_OPTS += -DWITH_ZLIB=OFF
endif
ifeq ($(BR2_PACKAGE_LIBSSH_MBEDTLS),y)
LIBSSH_CONF_OPTS += -DWITH_MBEDTLS=ON
LIBSSH_DEPENDENCIES += mbedtls
else ifeq ($(BR2_PACKAGE_LIBSSH_LIBGCRYPT),y)
LIBSSH_CONF_OPTS += -DWITH_GCRYPT=ON
LIBSSH_DEPENDENCIES += libgcrypt
else ifeq ($(BR2_PACKAGE_LIBSSH_OPENSSL),y)
LIBSSH_DEPENDENCIES += openssl
endif
$(eval $(cmake-package))