[pkgsrc/trunk]: pkgsrc/security/libssh2 Update libssh2 to 1.5.0 to address CV...

[nros <nros%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f77a7e4eb0ee
branches:  trunk
changeset: 648906:f77a7e4eb0ee
user:      nros <nros%pkgsrc.org@localhost>
date:      Mon Mar 23 09:14:53 2015 +0000

description:
Update libssh2 to 1.5.0 to address CVE-2015-1782.
http://www.libssh2.org/adv_20150311.html

Set LICENSE.

Changelog:

This release includes the following changes:

 o Added Windows Cryptography API: Next Generation based backend

This release includes the following bugfixes:

 o Security Advisory for CVE-2015-1782, using SSH_MSG_KEXINIT data unbounded
 o missing _libssh2_error in _libssh2_channel_write
 o knownhost: Fix DSS keys being detected as unknown.
 o knownhost: Restore behaviour of `libssh2_knownhost_writeline` with short buffer.
 o libssh2.h: on Windows, a socket is of type SOCKET, not int
 o libssh2_priv.h: a 1 bit bit-field should be unsigned
 o windows build: do not export externals from static library
 o Fixed two potential use-after-frees of the payload buffer
 o Fixed a few memory leaks in error paths
 o userauth: Fixed an attempt to free from stack on error
 o agent_list_identities: Fixed memory leak on OOM
 o knownhosts: Abort if the hosts buffer is too small
 o sftp_close_handle: ensure the handle is always closed
 o channel_close: Close the channel even in the case of errors
 o docs: added missing libssh2_session_handshake.3 file
 o docs: fixed a bunch of typos
 o userauth_password: pass on the underlying error code
 o _libssh2_channel_forward_cancel: accessed struct after free
 o _libssh2_packet_add: avoid using uninitialized memory
 o _libssh2_channel_forward_cancel: avoid memory leaks on error
 o _libssh2_channel_write: client spins on write when window full
 o windows build: fix build errors
 o publickey_packet_receive: avoid junk in returned pointers
 o channel_receive_window_adjust: store windows size always
 o userauth_hostbased_fromfile: zero assign to avoid uninitialized use
 o configure: change LIBS not LDFLAGS when checking for libs
 o agent_connect_unix: make sure there's a trailing zero
 o MinGW build: Fixed redefine warnings.
 o sftpdir.c: added authentication method detection.
 o Watcom build: added support for WinCNG build.
 o configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
 o sftp_statvfs: fix for servers not supporting statfvs extension
 o knownhost.c: use LIBSSH2_FREE macro instead of free
 o Fixed compilation using mingw-w64
 o knownhost.c: fixed that 'key_type_len' may be used uninitialized
 o configure: Display individual crypto backends on separate lines
 o examples on Windows: check for WSAStartup return code
 o examples on Windows: check for socket return code
 o agent.c: check return code of MapViewOfFile
 o kex.c: fix possible NULL pointer de-reference with session->kex
 o packet.c: fix possible NULL pointer de-reference within listen_state
 o tests on Windows: check for WSAStartup return code
 o userauth.c: improve readability and clarity of for-loops
 o examples on Windows: use native SOCKET-type instead of int
 o packet.c: i < 256 was always true and i would overflow to 0
 o kex.c: make sure mlist is not set to NULL
 o session.c: check return value of session_nonblock in debug mode
 o session.c: check return value of session_nonblock during startup
 o userauth.c: make sure that sp_len is positive and avoid overflows
 o knownhost.c: fix use of uninitialized argument variable wrote
 o openssl: initialise the digest context before calling EVP_DigestInit()
 o libssh2_agent_init: init ->fd to LIBSSH2_INVALID_SOCKET
 o configure.ac: Add zlib to Requires.private in libssh2.pc if using zlib
 o configure.ac: Rework crypto library detection
 o configure.ac: Reorder --with-* options in --help output
 o configure.ac: Call zlib zlib and not libz in text but keep option names
 o Fix non-autotools builds: Always define the LIBSSH2_OPENSSL CPP macro
 o sftp: seek: Don't flush buffers on same offset
 o sftp: statvfs: Along error path, reset the correct 'state' variable.
 o sftp: Add support for fsync (OpenSSH extension).
 o _libssh2_channel_read: fix data drop when out of window
 o comp_method_zlib_decomp: Improve buffer growing algorithm
 o _libssh2_channel_read: Honour window_size_initial
 o window_size: redid window handling for flow control reasons
 o knownhosts: handle unknown key types

diffstat:

 security/libssh2/Makefile      |  5 +++--
 security/libssh2/PLIST         |  4 +++-
 security/libssh2/buildlink3.mk |  4 ++--
 security/libssh2/distinfo      |  8 ++++----
 4 files changed, 12 insertions(+), 9 deletions(-)

diffs (76 lines):

diff -r e62fc2f6ecc2 -r f77a7e4eb0ee security/libssh2/Makefile
--- a/security/libssh2/Makefile Sun Mar 22 20:17:04 2015 +0000
+++ b/security/libssh2/Makefile Mon Mar 23 09:14:53 2015 +0000
@@ -1,13 +1,14 @@
-# $NetBSD: Makefile,v 1.10 2014/07/20 22:02:58 schnoebe Exp $
+# $NetBSD: Makefile,v 1.11 2015/03/23 09:14:53 nros Exp $
 #
 
-DISTNAME=      libssh2-1.4.3
+DISTNAME=      libssh2-1.5.0
 CATEGORIES=    security
 MASTER_SITES=  http://www.libssh2.org/download/
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
 HOMEPAGE=      http://www.libssh2.org/
 COMMENT=       SSH2 protocol library
+LICENSE=       modified-bsd
 
 GNU_CONFIGURE= yes
 USE_LIBTOOL=   yes
diff -r e62fc2f6ecc2 -r f77a7e4eb0ee security/libssh2/PLIST
--- a/security/libssh2/PLIST    Sun Mar 22 20:17:04 2015 +0000
+++ b/security/libssh2/PLIST    Mon Mar 23 09:14:53 2015 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2014/07/20 22:02:58 schnoebe Exp $
+@comment $NetBSD: PLIST,v 1.5 2015/03/23 09:14:53 nros Exp $
 include/libssh2.h
 include/libssh2_publickey.h
 include/libssh2_sftp.h
@@ -103,6 +103,7 @@
 man/man3/libssh2_session_free.3
 man/man3/libssh2_session_get_blocking.3
 man/man3/libssh2_session_get_timeout.3
+man/man3/libssh2_session_handshake.3
 man/man3/libssh2_session_hostkey.3
 man/man3/libssh2_session_init.3
 man/man3/libssh2_session_init_ex.3
@@ -121,6 +122,7 @@
 man/man3/libssh2_sftp_fstat.3
 man/man3/libssh2_sftp_fstat_ex.3
 man/man3/libssh2_sftp_fstatvfs.3
+man/man3/libssh2_sftp_fsync.3
 man/man3/libssh2_sftp_get_channel.3
 man/man3/libssh2_sftp_init.3
 man/man3/libssh2_sftp_last_error.3
diff -r e62fc2f6ecc2 -r f77a7e4eb0ee security/libssh2/buildlink3.mk
--- a/security/libssh2/buildlink3.mk    Sun Mar 22 20:17:04 2015 +0000
+++ b/security/libssh2/buildlink3.mk    Mon Mar 23 09:14:53 2015 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: buildlink3.mk,v 1.6 2014/02/12 23:18:33 tron Exp $
+# $NetBSD: buildlink3.mk,v 1.7 2015/03/23 09:14:53 nros Exp $
 
 BUILDLINK_TREE+=       libssh2
 
@@ -6,7 +6,7 @@
 LIBSSH2_BUILDLINK3_MK:=
 
 BUILDLINK_API_DEPENDS.libssh2+=        libssh2>=0.18
-BUILDLINK_ABI_DEPENDS.libssh2+=        libssh2>=1.2.2nb3
+BUILDLINK_ABI_DEPENDS.libssh2+=        libssh2>=1.5.0
 BUILDLINK_PKGSRCDIR.libssh2?=  ../../security/libssh2
 
 .include "../../devel/zlib/buildlink3.mk"
diff -r e62fc2f6ecc2 -r f77a7e4eb0ee security/libssh2/distinfo
--- a/security/libssh2/distinfo Sun Mar 22 20:17:04 2015 +0000
+++ b/security/libssh2/distinfo Mon Mar 23 09:14:53 2015 +0000
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.4 2014/07/20 22:02:58 schnoebe Exp $
+$NetBSD: distinfo,v 1.5 2015/03/23 09:14:53 nros Exp $
 
-SHA1 (libssh2-1.4.3.tar.gz) = c27ca83e1ffeeac03be98b6eef54448701e044b0
-RMD160 (libssh2-1.4.3.tar.gz) = 9664d05973f62a3b1716c9a07dcdddf0374a604c
-Size (libssh2-1.4.3.tar.gz) = 685712 bytes
+SHA1 (libssh2-1.5.0.tar.gz) = d9a97a04aef8bcf835b22a7a2e8e869782baa3aa
+RMD160 (libssh2-1.5.0.tar.gz) = 34c05d24f33c3ac402e9bdefa9c2346f90ad3f50
+Size (libssh2-1.5.0.tar.gz) = 728222 bytes