jeans/motioneyeos
jeans/motioneyeos
1
0
Fork 0
mirror of https://github.com/motioneye-project/motioneyeos.git synced 2025-07-29 06:06:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

libssh: security bump to version 0.8.4

Browse Source 
Fixes CVE-2018-10933: authentication bypass vulnerability in the server
code. By presenting the server an SSH2_MSG_USERAUTH_SUCCESS message in
place of the SSH2_MSG_USERAUTH_REQUEST message which the server would
expect to initiate authentication, the attacker could successfully
authenticate without any credentials.

  https://www.libssh.org/security/advisories/CVE-2018-10933.txt

Drop an upstream patch.

Cc: Scott Fan <fancp2007@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit de24e47d90f64f546978b6ec12f769dc4fd89587)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Baruch Siach 2018-10-16 15:31:08 +03:00 committed by Peter Korsgaard
parent a1bc7d71d7
commit 61b2dcb49e
3 changed files with 3 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
package/libssh/0001-config-Fix-building-without-globbing-support.patch
View File

@ -1,30 +0,0 @@
From 97b2a61d74edebad43ad09612c92a0341090f165 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Tue, 25 Sep 2018 14:35:43 +0200
Subject: [PATCH] config: Fix building without globbing support
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
(cherry picked from commit f709c3ac585f7b47317758b8693a6d104b30f951)
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
Upstream status: commit 97b2a61d74 (stable-0.8 branch)
src/config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/config.c b/src/config.c
index df6b48bf6d5e..3d87a1780a58 100644
--- a/src/config.c
+++ b/src/config.c
@@ -462,7 +462,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
p = ssh_config_get_str_tok(&s, NULL);
if (p && *parsing) {
-#ifdef HAVE_GLOB
+#if defined(HAVE_GLOB) && defined(HAVE_GLOB_GL_FLAGS_MEMBER)
local_parse_glob(session, p, parsing, seen);
#else
local_parse_file(session, p, parsing, seen);
--
2.19.1

4
package/libssh/libssh.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after checking pgp signature # Locally calculated after checking pgp signature
# https://www.libssh.org/files/0.8/libssh-0.8.3.tar.xz.asc # https://www.libssh.org/files/0.8/libssh-0.8.4.tar.xz.asc
# with key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D # with key 8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
sha256 302f31f606f2368cd3ce77d7a69f7464c18eae176e73e59102e0524401bd29d0 libssh-0.8.3.tar.xz sha256 6bb07713021a8586ba2120b2c36c468dc9ac8096d043f9b1726639aa4275b81b libssh-0.8.4.tar.xz
sha256 468cf08f784ef6fd3b3705b60dd8111e2b70fbb8f6549cd503665a6bbb3bc625 COPYING sha256 468cf08f784ef6fd3b3705b60dd8111e2b70fbb8f6549cd503665a6bbb3bc625 COPYING

2
package/libssh/libssh.mk
View File

@ -5,7 +5,7 @@
################################################################################ ################################################################################
LIBSSH_VERSION_MAJOR = 0.8 LIBSSH_VERSION_MAJOR = 0.8
LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).3 LIBSSH_VERSION = $(LIBSSH_VERSION_MAJOR).4
LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz LIBSSH_SOURCE = libssh-$(LIBSSH_VERSION).tar.xz
LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR) LIBSSH_SITE = https://www.libssh.org/files/$(LIBSSH_VERSION_MAJOR)
LIBSSH_LICENSE = LGPL-2.1 LIBSSH_LICENSE = LGPL-2.1