package: curl severity: wishlist tags: patch Hi,
I've found Fedora28 introduced change in curl to use libssh, instead of libssh2. I thought it would be nice to change in Debian, too. See https://docs.fedoraproject.org/f28/release-notes/sysadmin/Security.html Patch attached. -- Regards, Hideki Yamane henrich @ debian.org/iijmio-mail.jp
>From aef6f4a1762ca66e04736814132ab90dc8805bab Mon Sep 17 00:00:00 2001 From: Hideki Yamane <henr...@debian.org> Date: Sat, 5 May 2018 12:28:30 +0900 Subject: [PATCH] replace libssh2 to libssh >From https://fedoraproject.org//wiki/Changes/libssh-in-libcurl "libcurl currently uses libssh2 to implement the SSH layer of SCP and SFTP protocols. The libssh2 library uses outdated crypto algorithms and lacks important features like GSS-API authentication. After implementing this change, libcurl will use the libssh library instead, which is now more secure, feature-complete, and with more active upstream community." --- debian/control | 2 +- debian/rules | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 1cfa7fcd..fd9219e9 100644 --- a/debian/control +++ b/debian/control @@ -18,7 +18,7 @@ Build-Depends: debhelper (>= 11), libnss3-dev, libpsl-dev, librtmp-dev (>= 2.4+20131018.git79459a2-3~), - libssh2-1-dev, + libssh-dev, libssl-dev (>= 1.1), libtool, openssh-server <!nocheck>, diff --git a/debian/rules b/debian/rules index c205d4fd..8926c942 100755 --- a/debian/rules +++ b/debian/rules @@ -15,7 +15,7 @@ DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) CONFIGURE_ARGS = -- --disable-dependency-tracking \ --disable-symbol-hiding --enable-versioned-symbols \ --enable-threaded-resolver --with-lber-lib=lber \ - --with-gssapi=/usr --with-libssh2 --with-nghttp2 \ + --with-gssapi=/usr --with-libssh --with-nghttp2 \ --includedir=/usr/include/$(DEB_HOST_MULTIARCH) \ --with-zsh-functions-dir=/usr/share/zsh/vendor-completions -- 2.17.0