openssh: update to 7.6

LICENSE changed do to name being added removed patches included in some form (From OE-Core rev: 88770be201678bf1906e27d72e840de2cd4c43f0) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Armin Kuster <akuster808@gmail.com> 2017-11-03 12:54:49 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-11-07 13:25:31 +0000
commit: e2d49ce3c4fb7186de6589231193a18102b68447 (patch)
tree: 3a7b9f3d37ea2122dedec7595975b4277248005b /meta/recipes-connectivity/openssh
parent: f5aa5aaa32ae14780ec35ecb13a2bbb244c5c207 (diff)
download: poky-e2d49ce3c4fb7186de6589231193a18102b68447.tar.gz
4 files changed, 25 insertions, 239 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
index adc25c668f..b8402a4dee 100644
--- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
+++ b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
@@ -6,64 +6,42 @@ Adjust test cases to work with busybox.
 Signed-off-by: Maxin B. John <maxin.john@enea.com>
 Upstream-Status: Pending
-Index: openssh-6.8p1/regress/cipher-speed.sh
+Index: openssh-7.6p1/regress/cipher-speed.sh
 ===================================================================
--- openssh-6.8p1.orig/regress/cipher-speed.sh
+--- openssh-7.6p1.orig/regress/cipher-speed.sh
-+++ openssh-6.8p1/regress/cipher-speed.sh
+++ openssh-7.6p1/regress/cipher-speed.sh
 @@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
                printf "%-60s" "$c/$m:"
                ( ${SSH} -o 'compression no' \
-                        -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \
+                        -F $OBJ/ssh_proxy -m $m -c $c somehost \
 -                       exec sh -c \'"dd of=/dev/null obs=32k"\' \
 +                       exec sh -c \'"dd of=/dev/null bs=32k"\' \
                < ${DATA} ) 2>&1 | getbytes
 
                if [ $? -ne 0 ]; then
-@@ -42,7 +42,7 @@ for c in $ciphers; do
+Index: openssh-7.6p1/regress/transfer.sh
-                printf "%-60s" "$c:"
-                ( ${SSH} -o 'compression no' \
-                        -F $OBJ/ssh_proxy -1 -c $c somehost \
-                       exec sh -c \'"dd of=/dev/null obs=32k"\' \
-+                       exec sh -c \'"dd of=/dev/null bs=32k"\' \
-                < ${DATA} ) 2>&1 | getbytes
-                if [ $? -ne 0 ]; then
-                        fail "ssh -1 failed with cipher $c"
-Index: openssh-6.8p1/regress/transfer.sh
-===================================================================
--- openssh-6.8p1.orig/regress/transfer.sh
-+++ openssh-6.8p1/regress/transfer.sh
-@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do
-        for s in 10 100 1k 32k 64k 128k 256k; do
-                trace "proto $p dd-size ${s}"
-                rm -f ${COPY}
-               dd if=$DATA obs=${s} 2> /dev/null | \
-+               dd if=$DATA bs=${s} 2> /dev/null | \
-                        ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
-                if [ $? -ne 0 ]; then
-                        fail "ssh cat $DATA failed"
-Index: openssh-6.8p1/regress/yes-head.sh
 ===================================================================
--- openssh-6.8p1.orig/regress/yes-head.sh
+--- openssh-7.6p1.orig/regress/transfer.sh
-+++ openssh-6.8p1/regress/yes-head.sh
+++ openssh-7.6p1/regress/transfer.sh
-@@ -4,7 +4,7 @@
+@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY}           || fail "corrupted
- tid="yes pipe head"
+ for s in 10 100 1k 32k 64k 128k 256k; do
- 
+        trace "dd-size ${s}"
- for p in ${SSH_PROTOCOLS}; do
+        rm -f ${COPY}
-       lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)`
+-       dd if=$DATA obs=${s} 2> /dev/null | \
-+       lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)`
+       dd if=$DATA bs=${s} 2> /dev/null | \
+                ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
        if [ $? -ne 0 ]; then
-                fail "yes|head test failed"
+                fail "ssh cat $DATA failed"
-                lines = 0;
+Index: openssh-7.6p1/regress/key-options.sh
-Index: openssh-6.8p1/regress/key-options.sh
 ===================================================================
--- openssh-6.8p1.orig/regress/key-options.sh
+--- openssh-7.6p1.orig/regress/key-options.sh
-+++ openssh-6.8p1/regress/key-options.sh
+++ openssh-7.6p1/regress/key-options.sh
-@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do
+@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
        fi
 
        sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
 -       from=`head -1 $authkeys | cut -f1 -d ' '`
 +       from=`head -n 1 $authkeys | cut -f1 -d ' '`
-        verbose "key option proto $p $from"
+        verbose "key option $from"
-        r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`
+        r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
        if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
deleted file mode 100644
index 1098b972ce..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001
-From: Dengke Du <dengke.du@windriver.com>
-Date: Thu, 19 Jan 2017 03:00:08 -0500
-Subject: [PATCH 1/3] Remove des in cipher.
-Upstream-Status: Pending
-Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
---
- cipher.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-diff --git a/cipher.c b/cipher.c
-index 2def333..59f6792 100644
--- a/cipher.c
-+++ b/cipher.c
-@@ -53,8 +53,10 @@
- 
- #ifdef WITH_SSH1
- extern const EVP_CIPHER *evp_ssh1_bf(void);
-+#ifndef OPENSSL_NO_DES
- extern const EVP_CIPHER *evp_ssh1_3des(void);
- extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
-+#endif /* OPENSSL_NO_DES */
- #endif
- 
- struct sshcipher_ctx {
-@@ -88,15 +90,19 @@ struct sshcipher {
- 
- static const struct sshcipher ciphers[] = {
- #ifdef WITH_SSH1
-+#ifndef OPENSSL_NO_DES
-        { "des",        SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
-        { "3des",       SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
-+#endif /* OPENSSL_NO_DES */
- # ifndef OPENSSL_NO_BF
-        { "blowfish",   SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
- # endif /* OPENSSL_NO_BF */
- #endif /* WITH_SSH1 */
- #ifdef WITH_OPENSSL
-+#ifndef OPENSSL_NO_DES
-        { "none",       SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
-        { "3des-cbc",   SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
-+#endif /* OPENSSL_NO_DES */
- # ifndef OPENSSL_NO_BF
-        { "blowfish-cbc",
-                        SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
-@@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c)
- u_int
- cipher_seclen(const struct sshcipher *c)
- {
-+#ifndef OPENSSL_NO_DES
-        if (strcmp("3des-cbc", c->name) == 0)
-                return 14;
-+#endif /* OPENSSL_NO_DES */
-        return cipher_keylen(c);
- }
- 
-@@ -230,11 +238,13 @@ u_int
- cipher_mask_ssh1(int client)
- {
-        u_int mask = 0;
-+#ifndef OPENSSL_NO_DES
-        mask |= 1 << SSH_CIPHER_3DES;           /* Mandatory */
-        mask |= 1 << SSH_CIPHER_BLOWFISH;
-        if (client) {
-                mask |= 1 << SSH_CIPHER_DES;
-        }
-+#endif /*OPENSSL_NO_DES*/
-        return mask;
- }
- 
-@@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
-        switch (c->number) {
- #ifdef WITH_OPENSSL
-        case SSH_CIPHER_SSH2:
-+#ifndef OPENSSL_NO_DES
-        case SSH_CIPHER_DES:
-+#endif /* OPENSSL_NO_DES */
-        case SSH_CIPHER_BLOWFISH:
-                evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
-                if (evplen == 0)
-@@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
-                break;
- #endif
- #ifdef WITH_SSH1
-+#ifndef OPENSSL_NO_DES
-        case SSH_CIPHER_3DES:
-                return ssh1_3des_iv(cc->evp, 0, iv, 24);
-+#endif /* OPENSSL_NO_DES */
- #endif
-        default:
-                return SSH_ERR_INVALID_ARGUMENT;
-@@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
-        switch (c->number) {
- #ifdef WITH_OPENSSL
-        case SSH_CIPHER_SSH2:
-+#ifndef OPENSSL_NO_DES
-        case SSH_CIPHER_DES:
-+#endif /* OPENSSL_NO_DES */
-        case SSH_CIPHER_BLOWFISH:
-                evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
-                if (evplen <= 0)
-@@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
-                break;
- #endif
- #ifdef WITH_SSH1
-+#ifndef OPENSSL_NO_DES
-        case SSH_CIPHER_3DES:
-                return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24);
-+#endif /* OPENSSL_NO_DES */
- #endif
-        default:
-                return SSH_ERR_INVALID_ARGUMENT;
-- 
-2.8.1
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
deleted file mode 100644
index 47dc73ba10..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From e816fc06e4f8070b09e677ead4d21768784e4c99 Mon Sep 17 00:00:00 2001
-From: Dengke Du <dengke.du@windriver.com>
-Date: Thu, 19 Jan 2017 03:21:40 -0500
-Subject: [PATCH 2/3] remove des in pkcs11.
-Upstream-Status: Pending
-Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
-Signed-off-by: Dengke Du <dengke.du@windriver.com>
---
- pkcs11.h | 8 ++++++++
- 1 file changed, 8 insertions(+)
-diff --git a/pkcs11.h b/pkcs11.h
-index b01d58f..98b36e6 100644
--- a/pkcs11.h
-+++ b/pkcs11.h
-@@ -342,9 +342,11 @@ typedef unsigned long ck_key_type_t;
- #define CKK_GENERIC_SECRET     (0x10)
- #define CKK_RC2                        (0x11)
- #define CKK_RC4                        (0x12)
-+#ifndef OPENSSL_NO_DES
- #define CKK_DES                        (0x13)
- #define CKK_DES2               (0x14)
- #define CKK_DES3               (0x15)
-+#endif /* OPENSSL_NO_DES */
- #define CKK_CAST               (0x16)
- #define CKK_CAST3              (0x17)
- #define CKK_CAST128            (0x18)
-@@ -512,6 +514,7 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_RC2_CBC_PAD                        (0x105)
- #define CKM_RC4_KEY_GEN                        (0x110)
- #define CKM_RC4                                (0x111)
-+#ifndef OPENSSL_NO_DES
- #define CKM_DES_KEY_GEN                        (0x120)
- #define CKM_DES_ECB                    (0x121)
- #define CKM_DES_CBC                    (0x122)
-@@ -525,6 +528,7 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_DES3_MAC                   (0x134)
- #define CKM_DES3_MAC_GENERAL           (0x135)
- #define CKM_DES3_CBC_PAD               (0x136)
-+#endif /* OPENSSL_NO_DES */
- #define CKM_CDMF_KEY_GEN               (0x140)
- #define CKM_CDMF_ECB                   (0x141)
- #define CKM_CDMF_CBC                   (0x142)
-@@ -610,8 +614,10 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_MD5_KEY_DERIVATION         (0x390)
- #define CKM_MD2_KEY_DERIVATION         (0x391)
- #define CKM_SHA1_KEY_DERIVATION                (0x392)
-+#ifndef OPENSSL_NO_DES
- #define CKM_PBE_MD2_DES_CBC            (0x3a0)
- #define CKM_PBE_MD5_DES_CBC            (0x3a1)
-+#endif /* OPENSSL_NO_DES */
- #define CKM_PBE_MD5_CAST_CBC           (0x3a2)
- #define CKM_PBE_MD5_CAST3_CBC          (0x3a3)
- #define CKM_PBE_MD5_CAST5_CBC          (0x3a4)
-@@ -620,8 +626,10 @@ typedef unsigned long ck_mechanism_type_t;
- #define CKM_PBE_SHA1_CAST128_CBC       (0x3a5)
- #define CKM_PBE_SHA1_RC4_128           (0x3a6)
- #define CKM_PBE_SHA1_RC4_40            (0x3a7)
-+#ifndef OPENSSL_NO_DES
- #define CKM_PBE_SHA1_DES3_EDE_CBC      (0x3a8)
- #define CKM_PBE_SHA1_DES2_EDE_CBC      (0x3a9)
-+#endif /* OPENSSL_NO_DES */
- #define CKM_PBE_SHA1_RC2_128_CBC       (0x3aa)
- #define CKM_PBE_SHA1_RC2_40_CBC                (0x3ab)
- #define CKM_PKCS5_PBKD2                        (0x3b0)
-- 
-2.8.1
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
index 86ca6ff372..ebb9a5734d 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
@@ -6,7 +6,7 @@ and for executing commands on a remote machine."
 HOMEPAGE = "http://www.openssh.com/"
 SECTION = "console/network"
 LICENSE = "BSD"
-LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8"
 # openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48
 DEPENDS = "zlib openssl10"
@@ -21,19 +21,16 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
           file://sshd@.service \
           file://sshdgenkeys.service \
           file://volatiles.99_sshd \
-           file://add-test-support-for-busybox.patch \
           file://run-ptest \
-           file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
-           file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
           file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
-           file://0001-openssh-Fix-syntax-error-on-x32.patch \
           file://sshd_check_keys \
+           file://add-test-support-for-busybox.patch \
           "
 PAM_SRC_URI = "file://sshd"
-SRC_URI[md5sum] = "652fdc7d8392f112bef11cacf7e69e23"
+SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63"
-SRC_URI[sha256sum] = "9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0"
+SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723"
 inherit useradd update-rc.d update-alternatives systemd
author	Armin Kuster <akuster808@gmail.com>	2017-11-03 12:54:49 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-11-07 13:25:31 +0000
commit	e2d49ce3c4fb7186de6589231193a18102b68447 (patch)
tree	3a7b9f3d37ea2122dedec7595975b4277248005b /meta/recipes-connectivity/openssh
parent	f5aa5aaa32ae14780ec35ecb13a2bbb244c5c207 (diff)
download	poky-e2d49ce3c4fb7186de6589231193a18102b68447.tar.gz

diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch index adc25c668f..b8402a4dee 100644 --- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch +++ b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
@@ -6,64 +6,42 @@ Adjust test cases to work with busybox.
6	Signed-off-by: Maxin B. John <maxin.john@enea.com>	6	Signed-off-by: Maxin B. John <maxin.john@enea.com>
7	Upstream-Status: Pending	7	Upstream-Status: Pending
8		8
9	Index: openssh-6.8p1/regress/cipher-speed.sh	9	Index: openssh-7.6p1/regress/cipher-speed.sh
10	===================================================================	10	===================================================================
11	--- openssh-6.8p1.orig/regress/cipher-speed.sh	11	--- openssh-7.6p1.orig/regress/cipher-speed.sh
12	+++ openssh-6.8p1/regress/cipher-speed.sh	12	+++ openssh-7.6p1/regress/cipher-speed.sh
13	@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for	13	@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
14	printf "%-60s" "$c/$m:"	14	printf "%-60s" "$c/$m:"
15	( ${SSH} -o 'compression no' \	15	( ${SSH} -o 'compression no' \
16	-F $OBJ/ssh_proxy -2 -m $m -c $c somehost \	16	-F $OBJ/ssh_proxy -m $m -c $c somehost \
17	- exec sh -c \'"dd of=/dev/null obs=32k"\' \	17	- exec sh -c \'"dd of=/dev/null obs=32k"\' \
18	+ exec sh -c \'"dd of=/dev/null bs=32k"\' \	18	+ exec sh -c \'"dd of=/dev/null bs=32k"\' \
19	< ${DATA} ) 2>&1 \| getbytes	19	< ${DATA} ) 2>&1 \| getbytes
20		20
21	if [ $? -ne 0 ]; then	21	if [ $? -ne 0 ]; then
22	@@ -42,7 +42,7 @@ for c in $ciphers; do	22	Index: openssh-7.6p1/regress/transfer.sh
23	printf "%-60s" "$c:"
24	( ${SSH} -o 'compression no' \
25	-F $OBJ/ssh_proxy -1 -c $c somehost \
26	- exec sh -c \'"dd of=/dev/null obs=32k"\' \
27	+ exec sh -c \'"dd of=/dev/null bs=32k"\' \
28	< ${DATA} ) 2>&1 \| getbytes
29	if [ $? -ne 0 ]; then
30	fail "ssh -1 failed with cipher $c"
31	Index: openssh-6.8p1/regress/transfer.sh
32	===================================================================
33	--- openssh-6.8p1.orig/regress/transfer.sh
34	+++ openssh-6.8p1/regress/transfer.sh
35	@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do
36	for s in 10 100 1k 32k 64k 128k 256k; do
37	trace "proto $p dd-size ${s}"
38	rm -f ${COPY}
39	- dd if=$DATA obs=${s} 2> /dev/null \| \
40	+ dd if=$DATA bs=${s} 2> /dev/null \| \
41	${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
42	if [ $? -ne 0 ]; then
43	fail "ssh cat $DATA failed"
44	Index: openssh-6.8p1/regress/yes-head.sh
45	===================================================================	23	===================================================================
46	--- openssh-6.8p1.orig/regress/yes-head.sh	24	--- openssh-7.6p1.orig/regress/transfer.sh
47	+++ openssh-6.8p1/regress/yes-head.sh	25	+++ openssh-7.6p1/regress/transfer.sh
48	@@ -4,7 +4,7 @@	26	@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY} \|\| fail "corrupted
49	tid="yes pipe head"	27	for s in 10 100 1k 32k 64k 128k 256k; do
50		28	trace "dd-size ${s}"
51	for p in ${SSH_PROTOCOLS}; do	29	rm -f ${COPY}
52	- lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done \| _POSIX2_VERSION=199209 head -2000"' \| (sleep 3 ; wc -l)`	30	- dd if=$DATA obs=${s} 2> /dev/null \| \
53	+ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done \| _POSIX2_VERSION=199209 head -n 2000"' \| (sleep 3 ; wc -l)`	31	+ dd if=$DATA bs=${s} 2> /dev/null \| \
		32	${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
54	if [ $? -ne 0 ]; then	33	if [ $? -ne 0 ]; then
55	fail "yes\|head test failed"	34	fail "ssh cat $DATA failed"
56	lines = 0;	35	Index: openssh-7.6p1/regress/key-options.sh
57	Index: openssh-6.8p1/regress/key-options.sh
58	===================================================================	36	===================================================================
59	--- openssh-6.8p1.orig/regress/key-options.sh	37	--- openssh-7.6p1.orig/regress/key-options.sh
60	+++ openssh-6.8p1/regress/key-options.sh	38	+++ openssh-7.6p1/regress/key-options.sh
61	@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do	39	@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
62	fi	40	fi
63		41
64	sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys	42	sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
65	- from=`head -1 $authkeys \| cut -f1 -d ' '`	43	- from=`head -1 $authkeys \| cut -f1 -d ' '`
66	+ from=`head -n 1 $authkeys \| cut -f1 -d ' '`	44	+ from=`head -n 1 $authkeys \| cut -f1 -d ' '`
67	verbose "key option proto $p $from"	45	verbose "key option $from"
68	r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'`	46	r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
69	if [ "$r" = "true" ]; then	47	if [ "$r" = "true" ]; then


diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch deleted file mode 100644 index 1098b972ce..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch +++ /dev/null
@@ -1,119 +0,0 @@
1	From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001
2	From: Dengke Du <dengke.du@windriver.com>
3	Date: Thu, 19 Jan 2017 03:00:08 -0500
4	Subject: [PATCH 1/3] Remove des in cipher.
5
6	Upstream-Status: Pending
7
8	Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
9	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
10	Signed-off-by: Dengke Du <dengke.du@windriver.com>
11	---
12	cipher.c \| 18 ++++++++++++++++++
13	1 file changed, 18 insertions(+)
14
15	diff --git a/cipher.c b/cipher.c
16	index 2def333..59f6792 100644
17	--- a/cipher.c
18	+++ b/cipher.c
19	@@ -53,8 +53,10 @@
20
21	#ifdef WITH_SSH1
22	extern const EVP_CIPHER *evp_ssh1_bf(void);
23	+#ifndef OPENSSL_NO_DES
24	extern const EVP_CIPHER *evp_ssh1_3des(void);
25	extern int ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);
26	+#endif /* OPENSSL_NO_DES */
27	#endif
28
29	struct sshcipher_ctx {
30	@@ -88,15 +90,19 @@ struct sshcipher {
31
32	static const struct sshcipher ciphers[] = {
33	#ifdef WITH_SSH1
34	+#ifndef OPENSSL_NO_DES
35	{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
36	{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
37	+#endif /* OPENSSL_NO_DES */
38	# ifndef OPENSSL_NO_BF
39	{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
40	# endif /* OPENSSL_NO_BF */
41	#endif /* WITH_SSH1 */
42	#ifdef WITH_OPENSSL
43	+#ifndef OPENSSL_NO_DES
44	{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
45	{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
46	+#endif /* OPENSSL_NO_DES */
47	# ifndef OPENSSL_NO_BF
48	{ "blowfish-cbc",
49	SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
50	@@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c)
51	u_int
52	cipher_seclen(const struct sshcipher *c)
53	{
54	+#ifndef OPENSSL_NO_DES
55	if (strcmp("3des-cbc", c->name) == 0)
56	return 14;
57	+#endif /* OPENSSL_NO_DES */
58	return cipher_keylen(c);
59	}
60
61	@@ -230,11 +238,13 @@ u_int
62	cipher_mask_ssh1(int client)
63	{
64	u_int mask = 0;
65	+#ifndef OPENSSL_NO_DES
66	mask \|= 1 << SSH_CIPHER_3DES; /* Mandatory */
67	mask \|= 1 << SSH_CIPHER_BLOWFISH;
68	if (client) {
69	mask \|= 1 << SSH_CIPHER_DES;
70	}
71	+#endif /OPENSSL_NO_DES/
72	return mask;
73	}
74
75	@@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx cc, u_char iv, u_int len)
76	switch (c->number) {
77	#ifdef WITH_OPENSSL
78	case SSH_CIPHER_SSH2:
79	+#ifndef OPENSSL_NO_DES
80	case SSH_CIPHER_DES:
81	+#endif /* OPENSSL_NO_DES */
82	case SSH_CIPHER_BLOWFISH:
83	evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
84	if (evplen == 0)
85	@@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx cc, u_char iv, u_int len)
86	break;
87	#endif
88	#ifdef WITH_SSH1
89	+#ifndef OPENSSL_NO_DES
90	case SSH_CIPHER_3DES:
91	return ssh1_3des_iv(cc->evp, 0, iv, 24);
92	+#endif /* OPENSSL_NO_DES */
93	#endif
94	default:
95	return SSH_ERR_INVALID_ARGUMENT;
96	@@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx cc, const u_char iv)
97	switch (c->number) {
98	#ifdef WITH_OPENSSL
99	case SSH_CIPHER_SSH2:
100	+#ifndef OPENSSL_NO_DES
101	case SSH_CIPHER_DES:
102	+#endif /* OPENSSL_NO_DES */
103	case SSH_CIPHER_BLOWFISH:
104	evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
105	if (evplen <= 0)
106	@@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx cc, const u_char iv)
107	break;
108	#endif
109	#ifdef WITH_SSH1
110	+#ifndef OPENSSL_NO_DES
111	case SSH_CIPHER_3DES:
112	return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24);
113	+#endif /* OPENSSL_NO_DES */
114	#endif
115	default:
116	return SSH_ERR_INVALID_ARGUMENT;
117	--
118	2.8.1
119


diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch deleted file mode 100644 index 47dc73ba10..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch +++ /dev/null
@@ -1,70 +0,0 @@
1	From e816fc06e4f8070b09e677ead4d21768784e4c99 Mon Sep 17 00:00:00 2001
2	From: Dengke Du <dengke.du@windriver.com>
3	Date: Thu, 19 Jan 2017 03:21:40 -0500
4	Subject: [PATCH 2/3] remove des in pkcs11.
5
6	Upstream-Status: Pending
7
8	Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
9	Signed-off-by: Dengke Du <dengke.du@windriver.com>
10	---
11	pkcs11.h \| 8 ++++++++
12	1 file changed, 8 insertions(+)
13
14	diff --git a/pkcs11.h b/pkcs11.h
15	index b01d58f..98b36e6 100644
16	--- a/pkcs11.h
17	+++ b/pkcs11.h
18	@@ -342,9 +342,11 @@ typedef unsigned long ck_key_type_t;
19	#define CKK_GENERIC_SECRET (0x10)
20	#define CKK_RC2 (0x11)
21	#define CKK_RC4 (0x12)
22	+#ifndef OPENSSL_NO_DES
23	#define CKK_DES (0x13)
24	#define CKK_DES2 (0x14)
25	#define CKK_DES3 (0x15)
26	+#endif /* OPENSSL_NO_DES */
27	#define CKK_CAST (0x16)
28	#define CKK_CAST3 (0x17)
29	#define CKK_CAST128 (0x18)
30	@@ -512,6 +514,7 @@ typedef unsigned long ck_mechanism_type_t;
31	#define CKM_RC2_CBC_PAD (0x105)
32	#define CKM_RC4_KEY_GEN (0x110)
33	#define CKM_RC4 (0x111)
34	+#ifndef OPENSSL_NO_DES
35	#define CKM_DES_KEY_GEN (0x120)
36	#define CKM_DES_ECB (0x121)
37	#define CKM_DES_CBC (0x122)
38	@@ -525,6 +528,7 @@ typedef unsigned long ck_mechanism_type_t;
39	#define CKM_DES3_MAC (0x134)
40	#define CKM_DES3_MAC_GENERAL (0x135)
41	#define CKM_DES3_CBC_PAD (0x136)
42	+#endif /* OPENSSL_NO_DES */
43	#define CKM_CDMF_KEY_GEN (0x140)
44	#define CKM_CDMF_ECB (0x141)
45	#define CKM_CDMF_CBC (0x142)
46	@@ -610,8 +614,10 @@ typedef unsigned long ck_mechanism_type_t;
47	#define CKM_MD5_KEY_DERIVATION (0x390)
48	#define CKM_MD2_KEY_DERIVATION (0x391)
49	#define CKM_SHA1_KEY_DERIVATION (0x392)
50	+#ifndef OPENSSL_NO_DES
51	#define CKM_PBE_MD2_DES_CBC (0x3a0)
52	#define CKM_PBE_MD5_DES_CBC (0x3a1)
53	+#endif /* OPENSSL_NO_DES */
54	#define CKM_PBE_MD5_CAST_CBC (0x3a2)
55	#define CKM_PBE_MD5_CAST3_CBC (0x3a3)
56	#define CKM_PBE_MD5_CAST5_CBC (0x3a4)
57	@@ -620,8 +626,10 @@ typedef unsigned long ck_mechanism_type_t;
58	#define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
59	#define CKM_PBE_SHA1_RC4_128 (0x3a6)
60	#define CKM_PBE_SHA1_RC4_40 (0x3a7)
61	+#ifndef OPENSSL_NO_DES
62	#define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
63	#define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
64	+#endif /* OPENSSL_NO_DES */
65	#define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
66	#define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
67	#define CKM_PKCS5_PBKD2 (0x3b0)
68	--
69	2.8.1
70


diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb index 86ca6ff372..ebb9a5734d 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
@@ -6,7 +6,7 @@ and for executing commands on a remote machine."
6	HOMEPAGE = "http://www.openssh.com/"	6	HOMEPAGE = "http://www.openssh.com/"
7	SECTION = "console/network"	7	SECTION = "console/network"
8	LICENSE = "BSD"	8	LICENSE = "BSD"
9	LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"	9	LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8"
10		10
11	# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48	11	# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48
12	DEPENDS = "zlib openssl10"	12	DEPENDS = "zlib openssl10"
@@ -21,19 +21,16 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
21	file://sshd@.service \	21	file://sshd@.service \
22	file://sshdgenkeys.service \	22	file://sshdgenkeys.service \
23	file://volatiles.99_sshd \	23	file://volatiles.99_sshd \
24	file://add-test-support-for-busybox.patch \
25	file://run-ptest \	24	file://run-ptest \
26	file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
27	file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
28	file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \	25	file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
29	file://0001-openssh-Fix-syntax-error-on-x32.patch \
30	file://sshd_check_keys \	26	file://sshd_check_keys \
		27	file://add-test-support-for-busybox.patch \
31	"	28	"
32		29
33	PAM_SRC_URI = "file://sshd"	30	PAM_SRC_URI = "file://sshd"
34		31
35	SRC_URI[md5sum] = "652fdc7d8392f112bef11cacf7e69e23"	32	SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63"
36	SRC_URI[sha256sum] = "9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0"	33	SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723"
37		34
38	inherit useradd update-rc.d update-alternatives systemd	35	inherit useradd update-rc.d update-alternatives systemd
39		36