openssh: upgrade to 6.7p1

* Drop two CVE patches already handled upstream. * Drop nostrip.patch which no longer applies and use the existing --disable-strip configure option instead. * OpenSSH 6.7+ no longer supports tcp wrappers. We could apply the Debian patch to add support back in, but it seems best to follow upstream here unless we have a good reason to do otherwise. (From OE-Core rev: 59e0833e24e4945569d36928dc0f231e822670ba) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Paul Eggleton <paul.eggleton@linux.intel.com> 2014-12-26 15:05:36 +0000
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2015-01-07 23:35:06 +0000
commit: 3fb5191d4da52c6b352a23881c0ea63c2e348619 (patch)
tree: d64060e9d298fc5cf45e4650f11c615144bbfcc1 /meta/recipes-connectivity/openssh/openssh_6.6p1.bb
parent: 060e35492d5b4d416ede1fd18db3647796271aa6 (diff)
download: poky-3fb5191d4da52c6b352a23881c0ea63c2e348619.tar.gz
1 files changed, 0 insertions, 149 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
deleted file mode 100644
index abc302b90f..0000000000
--- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
+++ /dev/null
@@ -1,149 +0,0 @@
-SUMMARY = "Secure rlogin/rsh/rcp/telnet replacement"
-DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
-Ssh (Secure Shell) is a program for logging into a remote machine \
-and for executing commands on a remote machine."
-HOMEPAGE = "http://openssh.org"
-SECTION = "console/network"
-LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
-DEPENDS = "zlib openssl"
-DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
-SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
-           file://nostrip.patch \
-           file://sshd_config \
-           file://ssh_config \
-           file://init \
-           file://openssh-CVE-2011-4327.patch \
-           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
-           file://sshd.socket \
-           file://sshd@.service \
-           file://sshdgenkeys.service \
-           file://volatiles.99_sshd \
-           file://add-test-support-for-busybox.patch \
-           file://run-ptest \
-           file://openssh-CVE-2014-2653.patch \
-           file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
-PAM_SRC_URI = "file://sshd"
-SRC_URI[md5sum] = "3e9800e6bca1fbac0eea4d41baa7f239"
-SRC_URI[sha256sum] = "48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb"
-inherit useradd update-rc.d update-alternatives systemd
-USERADD_PACKAGES = "${PN}-sshd"
-USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
-INITSCRIPT_PACKAGES = "${PN}-sshd"
-INITSCRIPT_NAME_${PN}-sshd = "sshd"
-INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
-SYSTEMD_PACKAGES = "${PN}-sshd"
-SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
-PACKAGECONFIG ??= "tcp-wrappers"
-PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
-inherit autotools-brokensep ptest
-# LFS support:
-CFLAGS += "-D__FILE_OFFSET_BITS=64"
-# login path is hardcoded in sshd
-EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
-                ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
-                --without-zlib-version-check \
-                --with-privsep-path=/var/run/sshd \
-                --sysconfdir=${sysconfdir}/ssh \
-                --with-xauth=/usr/bin/xauth"
-# Since we do not depend on libbsd, we do not want configure to use it
-# just because it finds libutil.h.  But, specifying --disable-libutil
-# causes compile errors, so...
-CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
-# passwd path is hardcoded in sshd
-CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
-# This is a workaround for uclibc because including stdio.h
-# pulls in pthreads.h and causes conflicts in function prototypes.
-# This results in compilation failure, so unless this is fixed,
-# disable pam for uclibc.
-EXTRA_OECONF_append_libc-uclibc=" --without-pam"
-do_configure_prepend () {
-        export LD="${CC}"
-        install -m 0644 ${WORKDIR}/sshd_config ${B}/
-        install -m 0644 ${WORKDIR}/ssh_config ${B}/
-        if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
-                cp aclocal.m4 acinclude.m4
-        fi
-}
-do_install_append () {
-        if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
-                install -D -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
-                sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh/sshd_config
-        fi
-        install -d ${D}${sysconfdir}/init.d
-        install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
-        rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
-        rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
-        install -d ${D}/${sysconfdir}/default/volatiles
-        install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
-        # Create config files for read-only rootfs
-        install -d ${D}${sysconfdir}/ssh
-        install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
-        sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
-        echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
-        echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
-        echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
-        install -d ${D}${systemd_unitdir}/system
-        install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
-        install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
-        install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
-        sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
-                -e 's,@SBINDIR@,${sbindir},g' \
-                -e 's,@BINDIR@,${bindir},g' \
-                ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
-}
-do_install_ptest () {
-        sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libdir}/${PN}/sftp-server|" regress/test-exec.sh
-        cp -r regress ${D}${PTEST_PATH}
-}
-ALLOW_EMPTY_${PN} = "1"
-PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
-FILES_${PN}-scp = "${bindir}/scp.${BPN}"
-FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
-FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
-FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
-FILES_${PN}-sftp = "${bindir}/sftp"
-FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
-FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
-FILES_${PN}-keygen = "${bindir}/ssh-keygen"
-RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
-RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
-RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
-RPROVIDES_${PN}-ssh = "ssh"
-RPROVIDES_${PN}-sshd = "sshd"
-RCONFLICTS_${PN} = "dropbear"
-RCONFLICTS_${PN}-sshd = "dropbear"
-RCONFLICTS_${PN}-keygen = "ssh-keygen"
-CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
-CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
-ALTERNATIVE_PRIORITY = "90"
-ALTERNATIVE_${PN}-scp = "scp"
-ALTERNATIVE_${PN}-ssh = "ssh"
author	Paul Eggleton <paul.eggleton@linux.intel.com>	2014-12-26 15:05:36 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2015-01-07 23:35:06 +0000
commit	3fb5191d4da52c6b352a23881c0ea63c2e348619 (patch)
tree	d64060e9d298fc5cf45e4650f11c615144bbfcc1 /meta/recipes-connectivity/openssh/openssh_6.6p1.bb
parent	060e35492d5b4d416ede1fd18db3647796271aa6 (diff)
download	poky-3fb5191d4da52c6b352a23881c0ea63c2e348619.tar.gz

diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb deleted file mode 100644 index abc302b90f..0000000000 --- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb +++ /dev/null
@@ -1,149 +0,0 @@
1	SUMMARY = "Secure rlogin/rsh/rcp/telnet replacement"
2	DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
3	Ssh (Secure Shell) is a program for logging into a remote machine \
4	and for executing commands on a remote machine."
5	HOMEPAGE = "http://openssh.org"
6	SECTION = "console/network"
7	LICENSE = "BSD"
8	LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
9
10	DEPENDS = "zlib openssl"
11	DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
12
13	SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
14	file://nostrip.patch \
15	file://sshd_config \
16	file://ssh_config \
17	file://init \
18	file://openssh-CVE-2011-4327.patch \
19	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
20	file://sshd.socket \
21	file://sshd@.service \
22	file://sshdgenkeys.service \
23	file://volatiles.99_sshd \
24	file://add-test-support-for-busybox.patch \
25	file://run-ptest \
26	file://openssh-CVE-2014-2653.patch \
27	file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch"
28
29	PAM_SRC_URI = "file://sshd"
30
31	SRC_URI[md5sum] = "3e9800e6bca1fbac0eea4d41baa7f239"
32	SRC_URI[sha256sum] = "48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb"
33
34	inherit useradd update-rc.d update-alternatives systemd
35
36	USERADD_PACKAGES = "${PN}-sshd"
37	USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
38	INITSCRIPT_PACKAGES = "${PN}-sshd"
39	INITSCRIPT_NAME_${PN}-sshd = "sshd"
40	INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
41
42	SYSTEMD_PACKAGES = "${PN}-sshd"
43	SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
44
45	PACKAGECONFIG ??= "tcp-wrappers"
46	PACKAGECONFIG[tcp-wrappers] = "--with-tcp-wrappers,,tcp-wrappers"
47
48	inherit autotools-brokensep ptest
49
50	# LFS support:
51	CFLAGS += "-D__FILE_OFFSET_BITS=64"
52
53	# login path is hardcoded in sshd
54	EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
55	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
56	--without-zlib-version-check \
57	--with-privsep-path=/var/run/sshd \
58	--sysconfdir=${sysconfdir}/ssh \
59	--with-xauth=/usr/bin/xauth"
60
61	# Since we do not depend on libbsd, we do not want configure to use it
62	# just because it finds libutil.h. But, specifying --disable-libutil
63	# causes compile errors, so...
64	CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
65
66	# passwd path is hardcoded in sshd
67	CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
68
69	# This is a workaround for uclibc because including stdio.h
70	# pulls in pthreads.h and causes conflicts in function prototypes.
71	# This results in compilation failure, so unless this is fixed,
72	# disable pam for uclibc.
73	EXTRA_OECONF_append_libc-uclibc=" --without-pam"
74
75	do_configure_prepend () {
76	export LD="${CC}"
77	install -m 0644 ${WORKDIR}/sshd_config ${B}/
78	install -m 0644 ${WORKDIR}/ssh_config ${B}/
79	if [ ! -e acinclude.m4 -a -e aclocal.m4 ]; then
80	cp aclocal.m4 acinclude.m4
81	fi
82	}
83
84	do_install_append () {
85	if [ "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam', '', d)}" = "pam" ]; then
86	install -D -m 0755 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
87	sed -i -e 's:#UsePAM no:UsePAM yes:' ${WORKDIR}/sshd_config ${D}${sysconfdir}/ssh/sshd_config
88	fi
89
90	install -d ${D}${sysconfdir}/init.d
91	install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
92	rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
93	rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
94	install -d ${D}/${sysconfdir}/default/volatiles
95	install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
96
97	# Create config files for read-only rootfs
98	install -d ${D}${sysconfdir}/ssh
99	install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
100	sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
101	echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
102	echo "HostKey /var/run/ssh/ssh_host_dsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
103	echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
104
105	install -d ${D}${systemd_unitdir}/system
106	install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
107	install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
108	install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
109	sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
110	-e 's,@SBINDIR@,${sbindir},g' \
111	-e 's,@BINDIR@,${bindir},g' \
112	${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
113	}
114
115	do_install_ptest () {
116	sed -i -e "s\|^SFTPSERVER=.*\|SFTPSERVER=${libdir}/${PN}/sftp-server\|" regress/test-exec.sh
117	cp -r regress ${D}${PTEST_PATH}
118	}
119
120	ALLOW_EMPTY_${PN} = "1"
121
122	PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
123	FILES_${PN}-scp = "${bindir}/scp.${BPN}"
124	FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
125	FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
126	FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
127	FILES_${PN}-sftp = "${bindir}/sftp"
128	FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
129	FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
130	FILES_${PN}-keygen = "${bindir}/ssh-keygen"
131
132	RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
133	RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
134	RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make"
135
136	RPROVIDES_${PN}-ssh = "ssh"
137	RPROVIDES_${PN}-sshd = "sshd"
138
139	RCONFLICTS_${PN} = "dropbear"
140	RCONFLICTS_${PN}-sshd = "dropbear"
141	RCONFLICTS_${PN}-keygen = "ssh-keygen"
142
143	CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
144	CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
145
146	ALTERNATIVE_PRIORITY = "90"
147	ALTERNATIVE_${PN}-scp = "scp"
148	ALTERNATIVE_${PN}-ssh = "ssh"
149