NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11cb72be57
kumquat-buildroot/package/libssh2/libssh2.mk
Fabrice Fontaine 8d76402ee1 package/libssh2: fix CVE-2019-17498 
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in
packet.c has an integer overflow in a bounds check, enabling an attacker
to specify an arbitrary (out-of-bounds) offset for a subsequent memory
read. A crafted SSH server may be able to disclose sensitive information
or cause a denial of service condition on the client system when a user
connects to the server.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-02-29 17:31:50 +01:00

56 lines
1.7 KiB
Makefile
Raw Blame History

################################################################################
#
# libssh2
#
################################################################################
LIBSSH2_VERSION = 1.9.0
LIBSSH2_SITE = https://www.libssh2.org/download
LIBSSH2_LICENSE = BSD
LIBSSH2_LICENSE_FILES = COPYING
LIBSSH2_INSTALL_STAGING = YES
LIBSSH2_CONF_OPTS = --disable-examples-build
# 0003-packet-c-improve-message-parsing.patch
LIBSSH2_IGNORE_CVES += CVE-2019-17498
# building from a git clone
LIBSSH2_AUTORECONF = YES
ifeq ($(BR2_PACKAGE_LIBSSH2_MBEDTLS),y)
LIBSSH2_DEPENDENCIES += mbedtls
LIBSSH2_CONF_OPTS += --with-libmbedcrypto-prefix=$(STAGING_DIR)/usr \
--with-crypto=mbedtls
else ifeq ($(BR2_PACKAGE_LIBSSH2_LIBGCRYPT),y)
LIBSSH2_DEPENDENCIES += libgcrypt
LIBSSH2_CONF_OPTS += --with-libgcrypt-prefix=$(STAGING_DIR)/usr \
--with-crypto=libgcrypt
# configure.ac forgets to link to dependent libraries of gcrypt breaking static
# linking
LIBSSH2_CONF_ENV += LIBS="`$(STAGING_DIR)/usr/bin/libgcrypt-config --libs`"
else ifeq ($(BR2_PACKAGE_LIBSSH2_OPENSSL),y)
LIBSSH2_DEPENDENCIES += host-pkgconf openssl
LIBSSH2_CONF_OPTS += --with-libssl-prefix=$(STAGING_DIR)/usr \
--with-crypto=openssl
# configure.ac forgets to link to dependent libraries of openssl breaking static
# linking
LIBSSH2_CONF_ENV += LIBS=`$(PKG_CONFIG_HOST_BINARY) --libs openssl`
endif
# Add zlib support if enabled
ifeq ($(BR2_PACKAGE_ZLIB),y)
LIBSSH2_DEPENDENCIES += zlib
LIBSSH2_CONF_OPTS += --with-libz \
--with-libz-prefix=$(STAGING_DIR)/usr
else
LIBSSH2_CONF_OPTS += --without-libz
endif
HOST_LIBSSH2_DEPENDENCIES += host-openssl
HOST_LIBSSH2_CONF_OPTS += --with-openssl \
--with-libssl-prefix=$(HOST_DIR) \
--without-libgcrypt
$(eval $(autotools-package))
$(eval $(host-autotools-package))
Reference in New Issue View Git Blame Copy Permalink