pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/libssh libssh: updated to 0.8.5



details:   https://anonhg.NetBSD.org/pkgsrc/rev/d1a773033547
branches:  trunk
changeset: 326306:d1a773033547
user:      adam <adam%pkgsrc.org@localhost>
date:      Mon Dec 03 15:19:51 2018 +0000

description:
libssh: updated to 0.8.5

version 0.8.5:
* Added support to get known_hosts locations with ssh_options_get()
* Fixed preferred algorithm for known hosts negotiations
* Fixed KEX with some server implementations (e.g. Cisco)
* Fixed issues with MSVC
* Fixed keyboard-interactive auth in server mode
  (regression from CVE-2018-10933)
* Fixed gssapi auth in server mode (regression from CVE-2018-10933)
* Fixed socket fd handling with proxy command
* Fixed a memory leak with OpenSSL

version 0.8.4:
* Fixed CVE-2018-10933
* Fixed building without globbing support
* Fixed possible memory leaks
* Avoid SIGPIPE on sockets

version 0.8.3:
* Added support for rsa-sha2
* Added support to parse private keys in openssh container format
  (other than ed25519)
* Added support for diffie-hellman-group18-sha512 and
  diffie-hellman-group16-sha512
* Added ssh_get_fingerprint_hash()
* Added ssh_pki_export_privkey_base64()
* Added support for Match keyword in config file
* Improved performance and reduced memory footprint for sftp
* Fixed ecdsa publickey auth
* Fixed reading a closed channel
* Added support to announce posix-rename%openssh.com@localhost and
  hardlink%openssh.com@localhost in the sftp server

version 0.8.2:
* Added sha256 fingerprints for pubkeys
* Improved compiler flag detection
* Fixed race condition in reading sftp messages
* Fixed doxygen generation and added modern style
* Fixed library initialization on Windows
* Fixed __bounded__ attribute detection
* Fixed a bug in the options parser
* Fixed documentation for new knwon_hosts API

version 0.8.1:
* Fixed version number in the header
* Fixed version number in pkg-config and cmake config
* Fixed library initialization
* Fixed attribute detection

version 0.8.0:
* Removed support for deprecated SSHv1 protocol
* Added new connector API for clients
* Added new known_hosts parsing API
* Added support for OpenSSL 1.1
* Added support for chacha20-poly1305 cipher
* Added crypto backend for mbedtls crypto library
* Added ECDSA support with gcrypt backend
* Added advanced client and server testing using cwrap.org
* Added support for curve25519-sha256 alias
* Added support for global known_hosts file
* Added support for symbol versioning
* Improved ssh_config parsing
* Improved threading support

diffstat:

 security/libssh/Makefile                                              |  37 +++++----
 security/libssh/PLIST                                                 |   8 +-
 security/libssh/buildlink3.mk                                         |   8 +-
 security/libssh/distinfo                                              |  13 +-
 security/libssh/options.mk                                            |  11 +--
 security/libssh/patches/patch-CompilerChecks.cmake                    |  27 +++++++
 security/libssh/patches/patch-aa                                      |  17 ----
 security/libssh/patches/patch-cmake_Modules_DefineCompilerFlags.cmake |  22 -----
 8 files changed, 61 insertions(+), 82 deletions(-)

diffs (224 lines):

diff -r 2dc6afef378d -r d1a773033547 security/libssh/Makefile
--- a/security/libssh/Makefile  Mon Dec 03 15:17:27 2018 +0000
+++ b/security/libssh/Makefile  Mon Dec 03 15:19:51 2018 +0000
@@ -1,31 +1,36 @@
-# $NetBSD: Makefile,v 1.24 2018/10/16 20:25:25 maya Exp $
+# $NetBSD: Makefile,v 1.25 2018/12/03 15:19:51 adam Exp $
 #
 # history: upstream renamed 0.11 to 0.1.1;
 # we have to use the old-style convention so that version compares work.
-#
-VER=                   0.7.6
-DISTNAME=              libssh-${VER}
-PKGNAME=               libssh-0.76
-CATEGORIES=            security
-MASTER_SITES=          https://www.libssh.org/files/0.7/
-EXTRACT_SUFX=          .tar.xz
 
-MAINTAINER=            is%NetBSD.org@localhost
-HOMEPAGE=              http://www.libssh.org/
-COMMENT=               SSHv2+v1 protocol library
-LICENSE=               2-clause-bsd
+VER=           0.8.5
+DISTNAME=      libssh-${VER}
+PKGNAME=       libssh-0.85
+CATEGORIES=    security
+MASTER_SITES=  https://www.libssh.org/files/${VER:R}/
+EXTRACT_SUFX=  .tar.xz
 
-DIST_SUBDIR=           security
+MAINTAINER=    is%NetBSD.org@localhost
+HOMEPAGE=      http://www.libssh.org/
+COMMENT=       SSHv2+v1 protocol library
+LICENSE=       2-clause-bsd
 
 USE_CMAKE=             yes
 USE_LANGUAGES=         c c++
-CMAKE_ARGS+=           WITH_TESTING=yes
+PKGCONFIG_OVERRIDE+=   libssh.pc.in
+TEST_TARGET=           test
 
-PKGCONFIG_OVERRIDE+=   libssh.pc.in
-TEST_TARGET=           check
+CONFIGURE_DIRS=                ${WRKDIR}/build
+CMAKE_ARG_PATH=                ${WRKSRC}
+CMAKE_ARGS+=           -DUNIT_TESTING=ON
 
 .include "options.mk"
 
+post-extract:
+       ${MKDIR} ${WRKDIR}/build
+
 .include "../../devel/argp/buildlink3.mk"
+.include "../../devel/cmocka/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
+.include "../../mk/krb5.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r 2dc6afef378d -r d1a773033547 security/libssh/PLIST
--- a/security/libssh/PLIST     Mon Dec 03 15:17:27 2018 +0000
+++ b/security/libssh/PLIST     Mon Dec 03 15:19:51 2018 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2018/10/16 20:25:25 maya Exp $
+@comment $NetBSD: PLIST,v 1.9 2018/12/03 15:19:51 adam Exp $
 include/libssh/callbacks.h
 include/libssh/legacy.h
 include/libssh/libssh.h
@@ -10,9 +10,5 @@
 lib/cmake/libssh/libssh-config.cmake
 lib/libssh.so
 lib/libssh.so.4
-lib/libssh.so.4.4.3
-lib/libssh_threads.so
-lib/libssh_threads.so.4
-lib/libssh_threads.so.4.4.3
+lib/libssh.so.4.7.2
 lib/pkgconfig/libssh.pc
-lib/pkgconfig/libssh_threads.pc
diff -r 2dc6afef378d -r d1a773033547 security/libssh/buildlink3.mk
--- a/security/libssh/buildlink3.mk     Mon Dec 03 15:17:27 2018 +0000
+++ b/security/libssh/buildlink3.mk     Mon Dec 03 15:19:51 2018 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.17 2016/10/09 22:02:07 kamil Exp $
+# $NetBSD: buildlink3.mk,v 1.18 2018/12/03 15:19:51 adam Exp $
 
 BUILDLINK_TREE+=       libssh
 
@@ -12,15 +12,13 @@
 pkgbase := libssh
 .include "../../mk/pkg-build-options.mk"
 
-.if !empty(PKG_BUILD_OPTIONS.libssh:Mzlib)
-.include "../../devel/zlib/buildlink3.mk"
-.endif
-
 .if !empty(PKG_BUILD_OPTIONS.libssh:Mopenssl)
 .include "../../security/openssl/buildlink3.mk"
 .endif
 
 .include "../../devel/argp/buildlink3.mk"
+.include "../../devel/zlib/buildlink3.mk"
+.include "../../mk/krb5.buildlink3.mk"
 .endif # LIBSSH_BUILDLINK3_MK
 
 BUILDLINK_TREE+=       -libssh
diff -r 2dc6afef378d -r d1a773033547 security/libssh/distinfo
--- a/security/libssh/distinfo  Mon Dec 03 15:17:27 2018 +0000
+++ b/security/libssh/distinfo  Mon Dec 03 15:19:51 2018 +0000
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.13 2018/10/16 20:25:25 maya Exp $
+$NetBSD: distinfo,v 1.14 2018/12/03 15:19:51 adam Exp $
 
-SHA1 (security/libssh-0.7.6.tar.xz) = 8e5f23a861f84fa214ca1da0e3f98b839ff7c051
-RMD160 (security/libssh-0.7.6.tar.xz) = 7316fae4a5355cf2c511cd91a5a65d7354ab361f
-SHA512 (security/libssh-0.7.6.tar.xz) = 2a01402b5a9fab9ecc29200544ed45d3f2c40871ed1c8241ca793f8dc7fdb3ad2150f6a522c4321affa9b8778e280dc7ed10f76adfc4a73f0751ae735a42f56c
-Size (security/libssh-0.7.6.tar.xz) = 366556 bytes
-SHA1 (patch-aa) = 2f9a7c8a629188f40f3c94d4304b1e44720e45ae
-SHA1 (patch-cmake_Modules_DefineCompilerFlags.cmake) = 9f140ad664363953e4c7ff4e3bede74c693da993
+SHA1 (libssh-0.8.5.tar.xz) = b5564774f986e396a7288a593595455bf10d9ce8
+RMD160 (libssh-0.8.5.tar.xz) = a118e08705257814531ce6c01d2d48cf0d6e59ce
+SHA512 (libssh-0.8.5.tar.xz) = f1e90a5046e006d44a48ab36675167761d8e308ada7a1d7a1f7ba2825d222a2fab7e19dbc78b1371fee9ba74d9c55d9856a623f97842c9b9ad4c79215e344124
+Size (libssh-0.8.5.tar.xz) = 427372 bytes
+SHA1 (patch-CompilerChecks.cmake) = 86de41ab778d25368691c1b0b9ecfa653f24cc5d
diff -r 2dc6afef378d -r d1a773033547 security/libssh/options.mk
--- a/security/libssh/options.mk        Mon Dec 03 15:17:27 2018 +0000
+++ b/security/libssh/options.mk        Mon Dec 03 15:19:51 2018 +0000
@@ -1,19 +1,12 @@
-# $NetBSD: options.mk,v 1.3 2018/01/25 19:52:38 markd Exp $
+# $NetBSD: options.mk,v 1.4 2018/12/03 15:19:51 adam Exp $
 
 PKG_OPTIONS_VAR=               PKG_OPTIONS.libssh
 PKG_OPTIONS_REQUIRED_GROUPS=   crypto
 PKG_OPTIONS_GROUP.crypto=      openssl libgcrypt
-#PKG_SUPPORTED_OPTIONS=                compression
-PKG_SUGGESTED_OPTIONS=         openssl # XXX zlib
+PKG_SUGGESTED_OPTIONS=         openssl
 
 .include "../../mk/bsd.options.mk"
 
-.if !empty(PKG_OPTIONS:Mzlib)
-BUILDLINK_API_DEPENDS.zlib+=   zlib>=1.2
-CONFIGURE_ARGS+=               --with-libz=${BUILDLINK_PREFIX.zlib:Q}
-.include "../../devel/zlib/buildlink3.mk"
-.endif
-
 .if !empty(PKG_OPTIONS:Mopenssl)
 BUILDLINK_API_DEPENDS.openssl+=        openssl>=0.9.8
 CMAKE_ARGS+=           -DWITH_GCRYPT:BOOL=OFF
diff -r 2dc6afef378d -r d1a773033547 security/libssh/patches/patch-CompilerChecks.cmake
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/libssh/patches/patch-CompilerChecks.cmake        Mon Dec 03 15:19:51 2018 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-CompilerChecks.cmake,v 1.1 2018/12/03 15:19:51 adam Exp $
+
+Let PkgSrc handle security features.
+
+--- CompilerChecks.cmake.orig  2018-12-03 09:27:44.000000000 +0000
++++ CompilerChecks.cmake
+@@ -62,20 +62,7 @@ if (UNIX)
+         endif()
+     endif()
+ 
+-    check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG)
+-    if (WITH_STACK_PROTECTOR_STRONG)
+-        list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong")
+-    else (WITH_STACK_PROTECTOR_STRONG)
+-        check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
+-        if (WITH_STACK_PROTECTOR)
+-            list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector")
+-        endif()
+-    endif (WITH_STACK_PROTECTOR_STRONG)
+ 
+-    check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION)
+-    if (WITH_STACK_CLASH_PROTECTION)
+-        list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection")
+-    endif()
+ 
+     if (PICKY_DEVELOPER)
+         add_c_compiler_flag("-Wno-error=deprecated-declarations" SUPPORTED_COMPILER_FLAGS)
diff -r 2dc6afef378d -r d1a773033547 security/libssh/patches/patch-aa
--- a/security/libssh/patches/patch-aa  Mon Dec 03 15:17:27 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,17 +0,0 @@
-$NetBSD: patch-aa,v 1.6 2015/11/18 21:00:51 christos Exp $
-
-Disable out of source build test
-
---- CMakeLists.txt.orig        2015-09-16 02:44:35.000000000 -0400
-+++ CMakeLists.txt     2015-11-17 10:44:55.000000000 -0500
-@@ -36,8 +36,8 @@
- include(CPackConfig.cmake)
- 
- # disallow in-source build
--include(MacroEnsureOutOfSourceBuild)
--macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source build. Please create a separate build directory and run 'cmake /path/to/${PROJECT_NAME} [options]' there.")
-+#include(MacroEnsureOutOfSourceBuild)
-+#macro_ensure_out_of_source_build("${PROJECT_NAME} requires an out of source build. Please create a separate build directory and run 'cmake /path/to/${PROJECT_NAME} [options]' there.")
- 
- # search for libraries
- if (WITH_ZLIB)
diff -r 2dc6afef378d -r d1a773033547 security/libssh/patches/patch-cmake_Modules_DefineCompilerFlags.cmake
--- a/security/libssh/patches/patch-cmake_Modules_DefineCompilerFlags.cmake     Mon Dec 03 15:17:27 2018 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,22 +0,0 @@
-$NetBSD: patch-cmake_Modules_DefineCompilerFlags.cmake,v 1.1 2018/02/02 09:31:29 jperkin Exp $
-
-Leave pkgsrc to handle security features.
-
---- cmake/Modules/DefineCompilerFlags.cmake.orig       2016-02-15 12:42:53.000000000 +0000
-+++ cmake/Modules/DefineCompilerFlags.cmake
-@@ -21,6 +21,7 @@ if (UNIX AND NOT WIN32)
-             set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC")
-         endif (WITH_FPIC)
- 
-+        if(0) 
-         check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR)
-         if (WITH_STACK_PROTECTOR)
-             set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fstack-protector")
-@@ -35,6 +36,7 @@ if (UNIX AND NOT WIN32)
-                 endif (WITH_FORTIFY_SOURCE)
-             endif()
-         endif()
-+        endif(0)
-     endif (${CMAKE_C_COMPILER_ID} MATCHES "(GNU|Clang)")
- 
-     #



Home | Main Index | Thread Index | Old Index