From 58ede4eefbd4fa1669c72be7d6c4932890dfc437 Mon Sep 17 00:00:00 2001
From: Alex Arslan <ararslan@comcast.net>
Date: Thu, 17 Aug 2023 10:03:39 -0700
Subject: [PATCH] Update libssh2 patches

We're now using libssh2 v1.11.0 which includes the two patches we were
carrying. These patches need to be dropped in order to build with
`USE_BINARYBUILDER=0`. We also need to include the patch for v1.11.0
used in Yggdrasil.
---
 deps/libssh2.mk                               |  16 +--
 .../patches/libssh2-fix-import-lib-name.patch |  26 -----
 deps/patches/libssh2-mbedtls-size_t.patch     | 105 ++++++++++++++++++
 deps/patches/libssh2-userauth-check.patch     |  30 -----
 4 files changed, 109 insertions(+), 68 deletions(-)
 delete mode 100644 deps/patches/libssh2-fix-import-lib-name.patch
 create mode 100644 deps/patches/libssh2-mbedtls-size_t.patch
 delete mode 100644 deps/patches/libssh2-userauth-check.patch

diff --git a/deps/libssh2.mk b/deps/libssh2.mk
index d0174c0c090e2..3f9738515e4a1 100644
--- a/deps/libssh2.mk
+++ b/deps/libssh2.mk
@@ -30,21 +30,13 @@ endif
 
 LIBSSH2_SRC_PATH := $(SRCCACHE)/$(LIBSSH2_SRC_DIR)
 
- # Apply patch to fix v1.10.0 CVE (https://github.com/libssh2/libssh2/issues/649), drop with v1.11
-$(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied: $(LIBSSH2_SRC_PATH)/source-extracted
+$(LIBSSH2_SRC_PATH)/libssh2-mbedtls-size_t.patch-applied: $(LIBSSH2_SRC_PATH)/source-extracted
 	cd $(LIBSSH2_SRC_PATH) && \
-		patch -p1 -f < $(SRCDIR)/patches/libssh2-userauth-check.patch
-	echo 1 > $@
-
-# issue:   https://github.com/JuliaLang/julia/issues/45645#issuecomment-1153214379
-# fix pr:  https://github.com/libssh2/libssh2/pull/711
-$(LIBSSH2_SRC_PATH)/libssh2-fix-import-lib-name.patch-applied: $(LIBSSH2_SRC_PATH)/libssh2-userauth-check.patch-applied
-	cd $(LIBSSH2_SRC_PATH) && \
-		patch -p1 -f < $(SRCDIR)/patches/libssh2-fix-import-lib-name.patch
+		patch -p1 -f < $(SRCDIR)/patches/libssh2-mbedtls-size_t.patch
 	echo 1 > $@
 
 $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: \
-	$(LIBSSH2_SRC_PATH)/libssh2-fix-import-lib-name.patch-applied
+	$(LIBSSH2_SRC_PATH)/libssh2-mbedtls-size_t.patch-applied
 
 $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(LIBSSH2_SRC_PATH)/source-extracted
 	mkdir -p $(dir $@)
@@ -53,7 +45,7 @@ $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured: $(LIBSSH2_SRC_PATH)/source-extr
 	echo 1 > $@
 
 $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-compiled: $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-configured
-	$(MAKE) -C $(dir $<) libssh2
+	$(MAKE) -C $(dir $<)
 	echo 1 > $@
 
 $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-checked: $(BUILDDIR)/$(LIBSSH2_SRC_DIR)/build-compiled
diff --git a/deps/patches/libssh2-fix-import-lib-name.patch b/deps/patches/libssh2-fix-import-lib-name.patch
deleted file mode 100644
index 15aafb58d2736..0000000000000
--- a/deps/patches/libssh2-fix-import-lib-name.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 3732420725efbf410df5863b91a09ca214ee18ba Mon Sep 17 00:00:00 2001
-From: "Y. Yang" <metab0t@users.noreply.github.com>
-Date: Thu, 16 Jun 2022 19:16:37 +0800
-Subject: [PATCH] Fix DLL import library name
-
-https://aur.archlinux.org/packages/mingw-w64-libssh2
-https://cmake.org/cmake/help/latest/prop_tgt/IMPORT_PREFIX.html
----
- src/CMakeLists.txt | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
-index cb8fee1..17ecefd 100644
---- a/src/CMakeLists.txt
-+++ b/src/CMakeLists.txt
-@@ -220,6 +220,7 @@ endif()
- add_library(libssh2 ${SOURCES})
- # we want it to be called libssh2 on all platforms
- set_target_properties(libssh2 PROPERTIES PREFIX "")
-+set_target_properties(libssh2 PROPERTIES IMPORT_PREFIX "")
- 
- target_compile_definitions(libssh2 PRIVATE ${PRIVATE_COMPILE_DEFINITIONS})
- target_include_directories(libssh2
--- 
-2.36.1
-
diff --git a/deps/patches/libssh2-mbedtls-size_t.patch b/deps/patches/libssh2-mbedtls-size_t.patch
new file mode 100644
index 0000000000000..502adf6bdf439
--- /dev/null
+++ b/deps/patches/libssh2-mbedtls-size_t.patch
@@ -0,0 +1,105 @@
+From 6cad964056848d3d78ccc74600fbff6298baddcb Mon Sep 17 00:00:00 2001
+From: Viktor Szakats <commit@vsz.me>
+Date: Tue, 30 May 2023 17:28:03 +0000
+Subject: [PATCH 1/1] mbedtls: use more size_t to sync up with crypto.h
+
+Ref: 5a96f494ee0b00282afb2db2e091246fc5e1774a #846 #879
+
+Fixes #1053
+Closes #1054
+---
+ src/mbedtls.c | 14 ++++++++------
+ src/mbedtls.h | 13 ++++++-------
+ 2 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/src/mbedtls.c b/src/mbedtls.c
+index e387cdb..cd14a4b 100644
+--- a/src/mbedtls.c
++++ b/src/mbedtls.c
+@@ -186,7 +186,7 @@ _libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx)
+ int
+ _libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
+                            mbedtls_md_type_t mdtype,
+-                           const unsigned char *key, unsigned long keylen)
++                           const unsigned char *key, size_t keylen)
+ {
+     const mbedtls_md_info_t *md_info;
+     int ret, hmac;
+@@ -221,7 +221,7 @@ _libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash)
+ }
+ 
+ int
+-_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen,
++_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen,
+                       mbedtls_md_type_t mdtype, unsigned char *hash)
+ {
+     const mbedtls_md_info_t *md_info;
+@@ -497,8 +497,9 @@ int
+ _libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
+                                  size_t hash_len,
+                                  const unsigned char *sig,
+-                                 unsigned long sig_len,
+-                                 const unsigned char *m, unsigned long m_len)
++                                 size_t sig_len,
++                                 const unsigned char *m,
++                                 size_t m_len)
+ {
+     int ret;
+     int md_type;
+@@ -548,8 +549,9 @@ _libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
+ int
+ _libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx * rsactx,
+                                  const unsigned char *sig,
+-                                 unsigned long sig_len,
+-                                 const unsigned char *m, unsigned long m_len)
++                                 size_t sig_len,
++                                 const unsigned char *m,
++                                 size_t m_len)
+ {
+     return _libssh2_mbedtls_rsa_sha2_verify(rsactx, SHA_DIGEST_LENGTH,
+                                             sig, sig_len, m, m_len);
+diff --git a/src/mbedtls.h b/src/mbedtls.h
+index d9592f7..03484da 100644
+--- a/src/mbedtls.h
++++ b/src/mbedtls.h
+@@ -478,12 +478,12 @@ _libssh2_mbedtls_cipher_dtor(_libssh2_cipher_ctx *ctx);
+ int
+ _libssh2_mbedtls_hash_init(mbedtls_md_context_t *ctx,
+                            mbedtls_md_type_t mdtype,
+-                           const unsigned char *key, unsigned long keylen);
++                           const unsigned char *key, size_t keylen);
+ 
+ int
+ _libssh2_mbedtls_hash_final(mbedtls_md_context_t *ctx, unsigned char *hash);
+ int
+-_libssh2_mbedtls_hash(const unsigned char *data, unsigned long datalen,
++_libssh2_mbedtls_hash(const unsigned char *data, size_t datalen,
+                       mbedtls_md_type_t mdtype, unsigned char *hash);
+ 
+ _libssh2_bn *
+@@ -526,9 +526,8 @@ _libssh2_mbedtls_rsa_new_private_frommemory(libssh2_rsa_ctx **rsa,
+ int
+ _libssh2_mbedtls_rsa_sha1_verify(libssh2_rsa_ctx *rsa,
+                                  const unsigned char *sig,
+-                                 unsigned long sig_len,
+-                                 const unsigned char *m,
+-                                 unsigned long m_len);
++                                 size_t sig_len,
++                                 const unsigned char *m, size_t m_len);
+ int
+ _libssh2_mbedtls_rsa_sha1_sign(LIBSSH2_SESSION *session,
+                                libssh2_rsa_ctx *rsa,
+@@ -540,8 +539,8 @@ int
+ _libssh2_mbedtls_rsa_sha2_verify(libssh2_rsa_ctx * rsactx,
+                                  size_t hash_len,
+                                  const unsigned char *sig,
+-                                 unsigned long sig_len,
+-                                 const unsigned char *m, unsigned long m_len);
++                                 size_t sig_len,
++                                 const unsigned char *m, size_t m_len);
+ int
+ _libssh2_mbedtls_rsa_sha2_sign(LIBSSH2_SESSION *session,
+                                libssh2_rsa_ctx *rsa,
+-- 
+2.31.0
+
diff --git a/deps/patches/libssh2-userauth-check.patch b/deps/patches/libssh2-userauth-check.patch
deleted file mode 100644
index 1dc6108ebece7..0000000000000
--- a/deps/patches/libssh2-userauth-check.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 37ee0aa214655b63e7869d1d74ff1ec9f9818a5e Mon Sep 17 00:00:00 2001
-From: Daniel Stenberg <daniel@haxx.se>
-Date: Fri, 17 Dec 2021 17:46:29 +0100
-Subject: [PATCH] userauth: check for too large userauth_kybd_auth_name_len
- (#650)
-
-... before using it.
-
-Reported-by: MarcoPoloPie
-Fixes #649
----
- src/userauth.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/userauth.c b/src/userauth.c
-index 40ef915..caa5635 100644
---- a/src/userauth.c
-+++ b/src/userauth.c
-@@ -1769,6 +1769,11 @@ userauth_keyboard_interactive(LIBSSH2_SESSION * session,
-             if(session->userauth_kybd_data_len >= 5) {
-                 /* string    name (ISO-10646 UTF-8) */
-                 session->userauth_kybd_auth_name_len = _libssh2_ntohu32(s);
-+                if(session->userauth_kybd_auth_name_len >
-+                   session->userauth_kybd_data_len - 5)
-+                    return _libssh2_error(session,
-+                                          LIBSSH2_ERROR_OUT_OF_BOUNDARY,
-+                                          "Bad keyboard auth name");
-                 s += 4;
-             }
-             else {