libssh: updated to 0.8.5 version 0.8.5: * Added support to get known_hosts locations with ssh_options_get() * Fixed preferred algorithm for known hosts negotiations * Fixed KEX with some server implementations (e.g. Cisco) * Fixed issues with MSVC * Fixed keyboard-interactive auth in server mode (regression from CVE-2018-10933) * Fixed gssapi auth in server mode (regression from CVE-2018-10933) * Fixed socket fd handling with proxy command * Fixed a memory leak with OpenSSL version 0.8.4: * Fixed CVE-2018-10933 * Fixed building without globbing support * Fixed possible memory leaks * Avoid SIGPIPE on sockets version 0.8.3: * Added support for rsa-sha2 * Added support to parse private keys in openssh container format (other than ed25519) * Added support for diffie-hellman-group18-sha512 and diffie-hellman-group16-sha512 * Added ssh_get_fingerprint_hash() * Added ssh_pki_export_privkey_base64() * Added support for Match keyword in config file * Improved performance and reduced memory footprint for sftp * Fixed ecdsa publickey auth * Fixed reading a closed channel * Added support to announce posix-rename@openssh.com and hardlink@openssh.com in the sftp server version 0.8.2: * Added sha256 fingerprints for pubkeys * Improved compiler flag detection * Fixed race condition in reading sftp messages * Fixed doxygen generation and added modern style * Fixed library initialization on Windows * Fixed __bounded__ attribute detection * Fixed a bug in the options parser * Fixed documentation for new knwon_hosts API version 0.8.1: * Fixed version number in the header * Fixed version number in pkg-config and cmake config * Fixed library initialization * Fixed attribute detection version 0.8.0: * Removed support for deprecated SSHv1 protocol * Added new connector API for clients * Added new known_hosts parsing API * Added support for OpenSSL 1.1 * Added support for chacha20-poly1305 cipher * Added crypto backend for mbedtls crypto library * Added ECDSA support with gcrypt backend * Added advanced client and server testing using cwrap.org * Added support for curve25519-sha256 alias * Added support for global known_hosts file * Added support for symbol versioning * Improved ssh_config parsing * Improved threading supportdiff -r1.24 -r1.25 pkgsrc/security/libssh/Makefile
(adam)
@@ -1,31 +1,36 @@ | @@ -1,31 +1,36 @@ | |||
1 | # $NetBSD: Makefile,v 1.24 2018/10/16 20:25:25 maya Exp $ | 1 | # $NetBSD: Makefile,v 1.25 2018/12/03 15:19:51 adam Exp $ | |
2 | # | 2 | # | |
3 | # history: upstream renamed 0.11 to 0.1.1; | 3 | # history: upstream renamed 0.11 to 0.1.1; | |
4 | # we have to use the old-style convention so that version compares work. | 4 | # we have to use the old-style convention so that version compares work. | |
5 | # | |||
6 | VER= 0.7.6 | |||
7 | DISTNAME= libssh-${VER} | |||
8 | PKGNAME= libssh-0.76 | |||
9 | CATEGORIES= security | |||
10 | MASTER_SITES= https://www.libssh.org/files/0.7/ | |||
11 | EXTRACT_SUFX= .tar.xz | |||
12 | ||||
13 | MAINTAINER= is@NetBSD.org | |||
14 | HOMEPAGE= http://www.libssh.org/ | |||
15 | COMMENT= SSHv2+v1 protocol library | |||
16 | LICENSE= 2-clause-bsd | |||
17 | 5 | |||
18 | DIST_SUBDIR= security | 6 | VER= 0.8.5 | |
7 | DISTNAME= libssh-${VER} | |||
8 | PKGNAME= libssh-0.85 | |||
9 | CATEGORIES= security | |||
10 | MASTER_SITES= https://www.libssh.org/files/${VER:R}/ | |||
11 | EXTRACT_SUFX= .tar.xz | |||
12 | ||||
13 | MAINTAINER= is@NetBSD.org | |||
14 | HOMEPAGE= http://www.libssh.org/ | |||
15 | COMMENT= SSHv2+v1 protocol library | |||
16 | LICENSE= 2-clause-bsd | |||
19 | 17 | |||
20 | USE_CMAKE= yes | 18 | USE_CMAKE= yes | |
21 | USE_LANGUAGES= c c++ | 19 | USE_LANGUAGES= c c++ | |
22 | CMAKE_ARGS+= WITH_TESTING=yes | |||
23 | ||||
24 | PKGCONFIG_OVERRIDE+= libssh.pc.in | 20 | PKGCONFIG_OVERRIDE+= libssh.pc.in | |
25 | TEST_TARGET= check | 21 | TEST_TARGET= test | |
22 | ||||
23 | CONFIGURE_DIRS= ${WRKDIR}/build | |||
24 | CMAKE_ARG_PATH= ${WRKSRC} | |||
25 | CMAKE_ARGS+= -DUNIT_TESTING=ON | |||
26 | 26 | |||
27 | .include "options.mk" | 27 | .include "options.mk" | |
28 | 28 | |||
29 | post-extract: | |||
30 | ${MKDIR} ${WRKDIR}/build | |||
31 | ||||
29 | .include "../../devel/argp/buildlink3.mk" | 32 | .include "../../devel/argp/buildlink3.mk" | |
33 | .include "../../devel/cmocka/buildlink3.mk" | |||
30 | .include "../../devel/zlib/buildlink3.mk" | 34 | .include "../../devel/zlib/buildlink3.mk" | |
35 | .include "../../mk/krb5.buildlink3.mk" | |||
31 | .include "../../mk/bsd.pkg.mk" | 36 | .include "../../mk/bsd.pkg.mk" |
@@ -1,18 +1,14 @@ | @@ -1,18 +1,14 @@ | |||
1 | @comment $NetBSD: PLIST,v 1.8 2018/10/16 20:25:25 maya Exp $ | 1 | @comment $NetBSD: PLIST,v 1.9 2018/12/03 15:19:51 adam Exp $ | |
2 | include/libssh/callbacks.h | 2 | include/libssh/callbacks.h | |
3 | include/libssh/legacy.h | 3 | include/libssh/legacy.h | |
4 | include/libssh/libssh.h | 4 | include/libssh/libssh.h | |
5 | include/libssh/libsshpp.hpp | 5 | include/libssh/libsshpp.hpp | |
6 | include/libssh/server.h | 6 | include/libssh/server.h | |
7 | include/libssh/sftp.h | 7 | include/libssh/sftp.h | |
8 | include/libssh/ssh2.h | 8 | include/libssh/ssh2.h | |
9 | lib/cmake/libssh/libssh-config-version.cmake | 9 | lib/cmake/libssh/libssh-config-version.cmake | |
10 | lib/cmake/libssh/libssh-config.cmake | 10 | lib/cmake/libssh/libssh-config.cmake | |
11 | lib/libssh.so | 11 | lib/libssh.so | |
12 | lib/libssh.so.4 | 12 | lib/libssh.so.4 | |
13 | lib/libssh.so.4.4.3 | 13 | lib/libssh.so.4.7.2 | |
14 | lib/libssh_threads.so | |||
15 | lib/libssh_threads.so.4 | |||
16 | lib/libssh_threads.so.4.4.3 | |||
17 | lib/pkgconfig/libssh.pc | 14 | lib/pkgconfig/libssh.pc | |
18 | lib/pkgconfig/libssh_threads.pc |
@@ -1,26 +1,24 @@ | @@ -1,26 +1,24 @@ | |||
1 | # $NetBSD: buildlink3.mk,v 1.17 2016/10/09 22:02:07 kamil Exp $ | 1 | # $NetBSD: buildlink3.mk,v 1.18 2018/12/03 15:19:51 adam Exp $ | |
2 | 2 | |||
3 | BUILDLINK_TREE+= libssh | 3 | BUILDLINK_TREE+= libssh | |
4 | 4 | |||
5 | .if !defined(LIBSSH_BUILDLINK3_MK) | 5 | .if !defined(LIBSSH_BUILDLINK3_MK) | |
6 | LIBSSH_BUILDLINK3_MK:= | 6 | LIBSSH_BUILDLINK3_MK:= | |
7 | 7 | |||
8 | BUILDLINK_API_DEPENDS.libssh+= libssh>=0.54 | 8 | BUILDLINK_API_DEPENDS.libssh+= libssh>=0.54 | |
9 | BUILDLINK_ABI_DEPENDS.libssh+= libssh>=0.73nb1 | 9 | BUILDLINK_ABI_DEPENDS.libssh+= libssh>=0.73nb1 | |
10 | BUILDLINK_PKGSRCDIR.libssh?= ../../security/libssh | 10 | BUILDLINK_PKGSRCDIR.libssh?= ../../security/libssh | |
11 | 11 | |||
12 | pkgbase := libssh | 12 | pkgbase := libssh | |
13 | .include "../../mk/pkg-build-options.mk" | 13 | .include "../../mk/pkg-build-options.mk" | |
14 | 14 | |||
15 | .if !empty(PKG_BUILD_OPTIONS.libssh:Mzlib) | |||
16 | .include "../../devel/zlib/buildlink3.mk" | |||
17 | .endif | |||
18 | ||||
19 | .if !empty(PKG_BUILD_OPTIONS.libssh:Mopenssl) | 15 | .if !empty(PKG_BUILD_OPTIONS.libssh:Mopenssl) | |
20 | .include "../../security/openssl/buildlink3.mk" | 16 | .include "../../security/openssl/buildlink3.mk" | |
21 | .endif | 17 | .endif | |
22 | 18 | |||
23 | .include "../../devel/argp/buildlink3.mk" | 19 | .include "../../devel/argp/buildlink3.mk" | |
20 | .include "../../devel/zlib/buildlink3.mk" | |||
21 | .include "../../mk/krb5.buildlink3.mk" | |||
24 | .endif # LIBSSH_BUILDLINK3_MK | 22 | .endif # LIBSSH_BUILDLINK3_MK | |
25 | 23 | |||
26 | BUILDLINK_TREE+= -libssh | 24 | BUILDLINK_TREE+= -libssh |
@@ -1,8 +1,7 @@ | @@ -1,8 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.13 2018/10/16 20:25:25 maya Exp $ | 1 | $NetBSD: distinfo,v 1.14 2018/12/03 15:19:51 adam Exp $ | |
2 | 2 | |||
3 | SHA1 (security/libssh-0.7.6.tar.xz) = 8e5f23a861f84fa214ca1da0e3f98b839ff7c051 | 3 | SHA1 (libssh-0.8.5.tar.xz) = b5564774f986e396a7288a593595455bf10d9ce8 | |
4 | RMD160 (security/libssh-0.7.6.tar.xz) = 7316fae4a5355cf2c511cd91a5a65d7354ab361f | 4 | RMD160 (libssh-0.8.5.tar.xz) = a118e08705257814531ce6c01d2d48cf0d6e59ce | |
5 | SHA512 (security/libssh-0.7.6.tar.xz) = 2a01402b5a9fab9ecc29200544ed45d3f2c40871ed1c8241ca793f8dc7fdb3ad2150f6a522c4321affa9b8778e280dc7ed10f76adfc4a73f0751ae735a42f56c | 5 | SHA512 (libssh-0.8.5.tar.xz) = f1e90a5046e006d44a48ab36675167761d8e308ada7a1d7a1f7ba2825d222a2fab7e19dbc78b1371fee9ba74d9c55d9856a623f97842c9b9ad4c79215e344124 | |
6 | Size (security/libssh-0.7.6.tar.xz) = 366556 bytes | 6 | Size (libssh-0.8.5.tar.xz) = 427372 bytes | |
7 | SHA1 (patch-aa) = 2f9a7c8a629188f40f3c94d4304b1e44720e45ae | 7 | SHA1 (patch-CompilerChecks.cmake) = 86de41ab778d25368691c1b0b9ecfa653f24cc5d | |
8 | SHA1 (patch-cmake_Modules_DefineCompilerFlags.cmake) = 9f140ad664363953e4c7ff4e3bede74c693da993 |
@@ -1,27 +1,20 @@ | @@ -1,27 +1,20 @@ | |||
1 | # $NetBSD: options.mk,v 1.3 2018/01/25 19:52:38 markd Exp $ | 1 | # $NetBSD: options.mk,v 1.4 2018/12/03 15:19:51 adam Exp $ | |
2 | 2 | |||
3 | PKG_OPTIONS_VAR= PKG_OPTIONS.libssh | 3 | PKG_OPTIONS_VAR= PKG_OPTIONS.libssh | |
4 | PKG_OPTIONS_REQUIRED_GROUPS= crypto | 4 | PKG_OPTIONS_REQUIRED_GROUPS= crypto | |
5 | PKG_OPTIONS_GROUP.crypto= openssl libgcrypt | 5 | PKG_OPTIONS_GROUP.crypto= openssl libgcrypt | |
6 | #PKG_SUPPORTED_OPTIONS= compression | 6 | PKG_SUGGESTED_OPTIONS= openssl | |
7 | PKG_SUGGESTED_OPTIONS= openssl # XXX zlib | |||
8 | 7 | |||
9 | .include "../../mk/bsd.options.mk" | 8 | .include "../../mk/bsd.options.mk" | |
10 | 9 | |||
11 | .if !empty(PKG_OPTIONS:Mzlib) | |||
12 | BUILDLINK_API_DEPENDS.zlib+= zlib>=1.2 | |||
13 | CONFIGURE_ARGS+= --with-libz=${BUILDLINK_PREFIX.zlib:Q} | |||
14 | .include "../../devel/zlib/buildlink3.mk" | |||
15 | .endif | |||
16 | ||||
17 | .if !empty(PKG_OPTIONS:Mopenssl) | 10 | .if !empty(PKG_OPTIONS:Mopenssl) | |
18 | BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.8 | 11 | BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.8 | |
19 | CMAKE_ARGS+= -DWITH_GCRYPT:BOOL=OFF | 12 | CMAKE_ARGS+= -DWITH_GCRYPT:BOOL=OFF | |
20 | .include "../../security/openssl/buildlink3.mk" | 13 | .include "../../security/openssl/buildlink3.mk" | |
21 | .endif | 14 | .endif | |
22 | 15 | |||
23 | .if !empty(PKG_OPTIONS:Mlibgcrypt) | 16 | .if !empty(PKG_OPTIONS:Mlibgcrypt) | |
24 | BUILDLINK_API_DEPENDS.libgcrypt+= libgcrypt>=1.4 | 17 | BUILDLINK_API_DEPENDS.libgcrypt+= libgcrypt>=1.4 | |
25 | CMAKE_ARGS+= -DWITH_GCRYPT:BOOL=ON | 18 | CMAKE_ARGS+= -DWITH_GCRYPT:BOOL=ON | |
26 | .include "../../security/libgcrypt/buildlink3.mk" | 19 | .include "../../security/libgcrypt/buildlink3.mk" | |
27 | .endif | 20 | .endif |
$NetBSD: patch-CompilerChecks.cmake,v 1.1 2018/12/03 15:19:51 adam Exp $
Let PkgSrc handle security features.
--- CompilerChecks.cmake.orig 2018-12-03 09:27:44.000000000 +0000
+++ CompilerChecks.cmake
@@ -62,20 +62,7 @@ if (UNIX)
endif()
endif()
- check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
- if (WITH_STACK_PROTECTOR_STRONG)
- list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
- else (WITH_STACK_PROTECTOR_STRONG)
- check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
- if (WITH_STACK_PROTECTOR)
- list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
- endif()
- endif (WITH_STACK_PROTECTOR_STRONG)
- check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION)
- if (WITH_STACK_CLASH_PROTECTION)
- list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection")
- endif()
if (PICKY_DEVELOPER)
add_c_compiler_flag("-Wno-error=deprecated-declarations" SUPPORTED_COMPILER_FLAGS)