head 1.4; access; symbols pkgsrc-2026Q1:1.4.0.10 pkgsrc-2026Q1-base:1.4 pkgsrc-2025Q4:1.4.0.8 pkgsrc-2025Q4-base:1.4 pkgsrc-2025Q3:1.4.0.6 pkgsrc-2025Q3-base:1.4 pkgsrc-2025Q2:1.4.0.4 pkgsrc-2025Q2-base:1.4 pkgsrc-2025Q1:1.4.0.2 pkgsrc-2025Q1-base:1.4 pkgsrc-2023Q1:1.2.0.30 pkgsrc-2023Q1-base:1.2 pkgsrc-2022Q4:1.2.0.28 pkgsrc-2022Q4-base:1.2 pkgsrc-2022Q3:1.2.0.26 pkgsrc-2022Q3-base:1.2 pkgsrc-2022Q2:1.2.0.24 pkgsrc-2022Q2-base:1.2 pkgsrc-2022Q1:1.2.0.22 pkgsrc-2022Q1-base:1.2 pkgsrc-2021Q4:1.2.0.20 pkgsrc-2021Q4-base:1.2 pkgsrc-2021Q3:1.2.0.18 pkgsrc-2021Q3-base:1.2 pkgsrc-2021Q2:1.2.0.16 pkgsrc-2021Q2-base:1.2 pkgsrc-2021Q1:1.2.0.14 pkgsrc-2021Q1-base:1.2 pkgsrc-2020Q4:1.2.0.12 pkgsrc-2020Q4-base:1.2 pkgsrc-2020Q3:1.2.0.10 pkgsrc-2020Q3-base:1.2 pkgsrc-2020Q2:1.2.0.8 pkgsrc-2020Q2-base:1.2 pkgsrc-2020Q1:1.2.0.4 pkgsrc-2020Q1-base:1.2 pkgsrc-2019Q4:1.2.0.6 pkgsrc-2019Q4-base:1.2 pkgsrc-2019Q3:1.2.0.2 pkgsrc-2019Q3-base:1.2 pkgsrc-2019Q2:1.1.0.6 pkgsrc-2019Q2-base:1.1 pkgsrc-2019Q1:1.1.0.4 pkgsrc-2019Q1-base:1.1 pkgsrc-2018Q4:1.1.0.2 pkgsrc-2018Q4-base:1.1; locks; strict; comment @# @; 1.4 date 2025.01.07.05.56.17; author pho; state Exp; branches; next 1.3; commitid YvW6bQKV0awU2wEF; 1.3 date 2023.04.15.21.36.14; author tnn; state dead; branches; next 1.2; commitid IoVGqUwhqdCKAflE; 1.2 date 2019.09.18.19.35.08; author nia; state Exp; branches; next 1.1; commitid e5cdoGCDAo04SwDB; 1.1 date 2018.12.03.15.19.51; author adam; state Exp; branches; next ; commitid VxIuOxbromFbKm2B; desc @@ 1.4 log @security/libssh: Fix build with option "libgcrypt" @ text @$NetBSD$ Fix build with option libgcrypt: src/libgcrypt/libgcrypt.c fails to compile with -Werror=unused-variable. --- CompilerChecks.cmake.orig 2025-01-07 05:51:07.479870562 +0000 +++ CompilerChecks.cmake @@@@ -48,7 +48,6 @@@@ if (UNIX) add_c_compiler_flag("-Werror=implicit-int" SUPPORTED_COMPILER_FLAGS) add_c_compiler_flag("-Wint-conversion" SUPPORTED_COMPILER_FLAGS) add_c_compiler_flag("-Werror=int-conversion" SUPPORTED_COMPILER_FLAGS) - add_c_compiler_flag("-Werror=unused-variable" SUPPORTED_COMPILER_FLAGS) check_c_compiler_flag("-Wformat" REQUIRED_FLAGS_WFORMAT) if (REQUIRED_FLAGS_WFORMAT) @ 1.3 log @libssh: update to 0.10.4 version 0.10.4 (released 2022-09-07) * Fixed issues with KDF on big endian version 0.10.3 (released 2022-09-05) * Fixed possible infinite loop in known hosts checking version 0.10.2 (released 2022-09-02) * Fixed tilde expansion when handling include directives * Fixed building the shared torture library * Made rekey test more robust (fixes running on i586 build systems e.g koji) version 0.10.1 (released 2022-08-30) * Fixed proxycommand support * Fixed musl libc support version 0.10.0 (released 2022-08-26) * Added support for OpenSSL 3.0 * Added support for mbedTLS 3 * Added support for Smart Cards (through openssl pkcs11 engine) * Added support for chacha20-poly1305@@openssh.com with libgcrypt * Added support ed25519 keys in PEM files * Added support for sk-ecdsa and sk-ed25519 (server side) * Added support for limiting RSA key sizes and not accepting small one by default * Added support for ssh-agent on Windows * Added ssh_userauth_publickey_auto_get_current_identity() API * Added ssh_vlog() API * Added ssh_send_issue_banner() API * Added ssh_session_set_disconnect_message() API * Added new configuration options: + IdentityAgent + ModuliFile * Provided X11 client example * Disabled DSA support at build time by default (will be removed in the next release) * Deprecated the SCP API! * Deprecated old pubkey, privatekey API * Avoided some needless large stack buffers to minimize memory footprint * Removed support for OpenSSL < 1.0.1 * Fixed parsing username@@host in login name * Free global init mutex in the destructor on Windows * Fixed PEM parsing in mbedtls to support both legacy and new PKCS8 formats @ text @d1 1 a1 1 $NetBSD: patch-CompilerChecks.cmake,v 1.2 2019/09/18 19:35:08 nia Exp $ d3 2 a4 1 Let PkgSrc handle security features. d6 1 a6 1 --- CompilerChecks.cmake.orig 2019-06-27 08:34:16.000000000 +0000 d8 5 a12 3 @@@@ -66,29 +66,6 @@@@ if (UNIX) endif() endif() d14 2 a15 26 - check_c_compiler_flag_ssp("-fstack-protector-strong" WITH_STACK_PROTECTOR_STRONG) - if (WITH_STACK_PROTECTOR_STRONG) - list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector-strong") - # This is needed as Solaris has a seperate libssp - if (SOLARIS) - list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector-strong") - endif() - else (WITH_STACK_PROTECTOR_STRONG) - check_c_compiler_flag_ssp("-fstack-protector" WITH_STACK_PROTECTOR) - if (WITH_STACK_PROTECTOR) - list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-protector") - # This is needed as Solaris has a seperate libssp - if (SOLARIS) - list(APPEND SUPPORTED_LINKER_FLAGS "-fstack-protector") - endif() - endif() - endif (WITH_STACK_PROTECTOR_STRONG) - - check_c_compiler_flag_ssp("-fstack-clash-protection" WITH_STACK_CLASH_PROTECTION) - if (WITH_STACK_CLASH_PROTECTION) - list(APPEND SUPPORTED_COMPILER_FLAGS "-fstack-clash-protection") - endif() - if (PICKY_DEVELOPER) add_c_compiler_flag("-Wno-error=deprecated-declarations" SUPPORTED_COMPILER_FLAGS) add_c_compiler_flag("-Wno-error=tautological-compare" SUPPORTED_COMPILER_FLAGS) @ 1.2 log @libssh: update patch @ text @d1 1 a1 1 $NetBSD: patch-CompilerChecks.cmake,v 1.1 2018/12/03 15:19:51 adam Exp $ @ 1.1 log @libssh: updated to 0.8.5 version 0.8.5: * Added support to get known_hosts locations with ssh_options_get() * Fixed preferred algorithm for known hosts negotiations * Fixed KEX with some server implementations (e.g. Cisco) * Fixed issues with MSVC * Fixed keyboard-interactive auth in server mode (regression from CVE-2018-10933) * Fixed gssapi auth in server mode (regression from CVE-2018-10933) * Fixed socket fd handling with proxy command * Fixed a memory leak with OpenSSL version 0.8.4: * Fixed CVE-2018-10933 * Fixed building without globbing support * Fixed possible memory leaks * Avoid SIGPIPE on sockets version 0.8.3: * Added support for rsa-sha2 * Added support to parse private keys in openssh container format (other than ed25519) * Added support for diffie-hellman-group18-sha512 and diffie-hellman-group16-sha512 * Added ssh_get_fingerprint_hash() * Added ssh_pki_export_privkey_base64() * Added support for Match keyword in config file * Improved performance and reduced memory footprint for sftp * Fixed ecdsa publickey auth * Fixed reading a closed channel * Added support to announce posix-rename@@openssh.com and hardlink@@openssh.com in the sftp server version 0.8.2: * Added sha256 fingerprints for pubkeys * Improved compiler flag detection * Fixed race condition in reading sftp messages * Fixed doxygen generation and added modern style * Fixed library initialization on Windows * Fixed __bounded__ attribute detection * Fixed a bug in the options parser * Fixed documentation for new knwon_hosts API version 0.8.1: * Fixed version number in the header * Fixed version number in pkg-config and cmake config * Fixed library initialization * Fixed attribute detection version 0.8.0: * Removed support for deprecated SSHv1 protocol * Added new connector API for clients * Added new known_hosts parsing API * Added support for OpenSSL 1.1 * Added support for chacha20-poly1305 cipher * Added crypto backend for mbedtls crypto library * Added ECDSA support with gcrypt backend * Added advanced client and server testing using cwrap.org * Added support for curve25519-sha256 alias * Added support for global known_hosts file * Added support for symbol versioning * Improved ssh_config parsing * Improved threading support @ text @d1 1 a1 1 $NetBSD$ d5 1 a5 1 --- CompilerChecks.cmake.orig 2018-12-03 09:27:44.000000000 +0000 d7 1 a7 1 @@@@ -62,20 +62,7 @@@@ if (UNIX) d14 4 d22 4 d28 1 a28 1 d33 1 a33 1 d36 1 @