libssh: bump to 0.7.6 CVE-2018-10933 fix 7209/head
authorKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Wed, 17 Oct 2018 07:12:48 +0000 (08:12 +0100)
committerKevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Mon, 29 Oct 2018 09:08:11 +0000 (09:08 +0000)
commit72096874d0b1aa03142424d71413b547f4fbd76e
tree1f7c6524e21a46e5fad33e1134ac0343f62c68fa
parent29eac13d8fe4b3147fd63840f1ff11875e87776d
libssh: bump to 0.7.6 CVE-2018-10933 fix

Bump from 0.7.5 to 0.7.6.  Upstream changelog:

Fixed CVE-2018-10933
Added support for OpenSSL 1.1
Added SHA256 support for ssh_get_publickey_hash()
Fixed config parsing
Fixed random memory corruption when importing pubkeys

Backported upstream patches since 0.7.6 to fix interactive
authentication issues amongst other things:

9d5cf209 libcrypto: Fix memory leak in evp_final()
10397321 gssapi: Set correct state after sending GSSAPI_RESPONSE (select mechanism OID)
7ad80ba1 server: Fix compile error
acb0e4f4 examples: Explicitly track auth state in samplesshd-kbdint
3fe7510b messages: Check that the requested service is 'ssh-connection'
734e3ce6 server: Set correct state after sending INFO_REQUEST (Kbd Interactive)
e4c6d591 packet: Add missing break in ssh_packet_incoming_filter()
f81ca616 misc: Add strndup implementation if not provides by the OS

Refresh patches.
Remove local backport for OpenSSL 1.1 support as is now in release
Remove PKG_INSTALL & CMAKE vars that are defaulted anyway
Add PKG_CPE_ID:=cpe:/a:libssh:libssh for CVE tracking
Remove BROKEN tag as is no longer broken

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
libs/libssh/Makefile
libs/libssh/patches/0001-misc-Add-strndup-implementation-if-not-provides-by-t.patch [new file with mode: 0644]
libs/libssh/patches/0002-packet-Add-missing-break-in-ssh_packet_incoming_filt.patch [new file with mode: 0644]
libs/libssh/patches/0003-server-Set-correct-state-after-sending-INFO_REQUEST-.patch [new file with mode: 0644]
libs/libssh/patches/0004-messages-Check-that-the-requested-service-is-ssh-con.patch [new file with mode: 0644]
libs/libssh/patches/0005-examples-Explicitly-track-auth-state-in-samplesshd-k.patch [new file with mode: 0644]
libs/libssh/patches/0006-server-Fix-compile-error.patch [new file with mode: 0644]
libs/libssh/patches/0007-gssapi-Set-correct-state-after-sending-GSSAPI_RESPON.patch [new file with mode: 0644]
libs/libssh/patches/0008-libcrypto-Fix-memory-leak-in-evp_final.patch [new file with mode: 0644]
libs/libssh/patches/001-compile.patch
libs/libssh/patches/005-openssl-1.1.patch [deleted file]