summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
diff options
context:
space:
mode:
authorJussi Kukkonen <jussi.kukkonen@intel.com>2016-05-18 15:11:55 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-19 09:05:19 +0100
commit4d72f506311b81653df703e00c370155e6870cd8 (patch)
treea74e3cfdb1f27de43408a00692341cafbaf6d7b0 /meta/recipes-connectivity/openssh
parentce2dd24cedfa19f64b04c6b6e640918ab8c3de8b (diff)
downloadpoky-4d72f506311b81653df703e00c370155e6870cd8.tar.gz
openssh: Upgrade 7.1p2 -> 7.2p2
Remove patches that are in the release. (From OE-Core rev: 5e24780ac0fea9012f28f6e3f1040c431d3a742e) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch65
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch329
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch33
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch84
-rw-r--r--meta/recipes-connectivity/openssh/openssh_7.2p2.bb (renamed from meta/recipes-connectivity/openssh/openssh_7.1p2.bb)8
5 files changed, 2 insertions, 517 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
deleted file mode 100644
index 9fac69c3dd..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_2.patch
+++ /dev/null
@@ -1,65 +0,0 @@
1From f98a09cacff7baad8748c9aa217afd155a4d493f Mon Sep 17 00:00:00 2001
2From: "mmcc@openbsd.org" <mmcc@openbsd.org>
3Date: Tue, 20 Oct 2015 03:36:35 +0000
4Subject: [PATCH] upstream commit
5
6Replace a function-local allocation with stack memory.
7
8ok djm@
9
10Upstream-ID: c09fbbab637053a2ab9f33ca142b4e20a4c5a17e
11Upstream-Status: Backport
12CVE: CVE-2016-1907
13
14[YOCTO #8935]
15
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 clientloop.c | 9 ++-------
20 1 file changed, 2 insertions(+), 7 deletions(-)
21
22diff --git a/clientloop.c b/clientloop.c
23index 87ceb3d..1e05cba 100644
24--- a/clientloop.c
25+++ b/clientloop.c
26@@ -1,4 +1,4 @@
27-/* $OpenBSD: clientloop.c,v 1.275 2015/07/10 06:21:53 markus Exp $ */
28+/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
29 /*
30 * Author: Tatu Ylonen <ylo@cs.hut.fi>
31 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
32@@ -311,11 +311,10 @@ client_x11_get_proto(const char *display, const char *xauth_path,
33 static char proto[512], data[512];
34 FILE *f;
35 int got_data = 0, generated = 0, do_unlink = 0, i;
36- char *xauthdir, *xauthfile;
37+ char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
38 struct stat st;
39 u_int now, x11_timeout_real;
40
41- xauthdir = xauthfile = NULL;
42 *_proto = proto;
43 *_data = data;
44 proto[0] = data[0] = '\0';
45@@ -343,8 +342,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
46 display = xdisplay;
47 }
48 if (trusted == 0) {
49- xauthdir = xmalloc(PATH_MAX);
50- xauthfile = xmalloc(PATH_MAX);
51 mktemp_proto(xauthdir, PATH_MAX);
52 /*
53 * The authentication cookie should briefly outlive
54@@ -407,8 +404,6 @@ client_x11_get_proto(const char *display, const char *xauth_path,
55 unlink(xauthfile);
56 rmdir(xauthdir);
57 }
58- free(xauthdir);
59- free(xauthfile);
60
61 /*
62 * If we didn't get authentication data, just make up some
63--
641.9.1
65
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch
deleted file mode 100644
index 3dfc51af79..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_3.patch
+++ /dev/null
@@ -1,329 +0,0 @@
1From ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Wed, 13 Jan 2016 23:04:47 +0000
4Subject: [PATCH] upstream commit
5
6eliminate fallback from untrusted X11 forwarding to trusted
7 forwarding when the X server disables the SECURITY extension; Reported by
8 Thomas Hoger; ok deraadt@
9
10Upstream-ID: f76195bd2064615a63ef9674a0e4096b0713f938
11Upstream-Status: Backport
12CVE: CVE-2016-1907
13
14[YOCTO #8935]
15
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 clientloop.c | 114 ++++++++++++++++++++++++++++++++++++-----------------------
20 clientloop.h | 4 +--
21 mux.c | 22 ++++++------
22 ssh.c | 23 +++++-------
23 4 files changed, 93 insertions(+), 70 deletions(-)
24
25Index: openssh-7.1p2/clientloop.c
26===================================================================
27--- openssh-7.1p2.orig/clientloop.c
28+++ openssh-7.1p2/clientloop.c
29@@ -1,4 +1,4 @@
30-/* $OpenBSD: clientloop.c,v 1.276 2015/10/20 03:36:35 mmcc Exp $ */
31+/* $OpenBSD: clientloop.c,v 1.279 2016/01/13 23:04:47 djm Exp $ */
32 /*
33 * Author: Tatu Ylonen <ylo@cs.hut.fi>
34 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
35@@ -288,6 +288,9 @@ client_x11_display_valid(const char *dis
36 {
37 size_t i, dlen;
38
39+ if (display == NULL)
40+ return 0;
41+
42 dlen = strlen(display);
43 for (i = 0; i < dlen; i++) {
44 if (!isalnum((u_char)display[i]) &&
45@@ -301,34 +304,33 @@ client_x11_display_valid(const char *dis
46
47 #define SSH_X11_PROTO "MIT-MAGIC-COOKIE-1"
48 #define X11_TIMEOUT_SLACK 60
49-void
50+int
51 client_x11_get_proto(const char *display, const char *xauth_path,
52 u_int trusted, u_int timeout, char **_proto, char **_data)
53 {
54- char cmd[1024];
55- char line[512];
56- char xdisplay[512];
57+ char cmd[1024], line[512], xdisplay[512];
58+ char xauthfile[PATH_MAX], xauthdir[PATH_MAX];
59 static char proto[512], data[512];
60 FILE *f;
61- int got_data = 0, generated = 0, do_unlink = 0, i;
62- char xauthdir[PATH_MAX] = "", xauthfile[PATH_MAX] = "";
63+ int got_data = 0, generated = 0, do_unlink = 0, i, r;
64 struct stat st;
65 u_int now, x11_timeout_real;
66
67 *_proto = proto;
68 *_data = data;
69- proto[0] = data[0] = '\0';
70+ proto[0] = data[0] = xauthfile[0] = xauthdir[0] = '\0';
71
72- if (xauth_path == NULL ||(stat(xauth_path, &st) == -1)) {
73- debug("No xauth program.");
74- } else if (!client_x11_display_valid(display)) {
75- logit("DISPLAY '%s' invalid, falling back to fake xauth data",
76+ if (!client_x11_display_valid(display)) {
77+ logit("DISPLAY \"%s\" invalid; disabling X11 forwarding",
78 display);
79- } else {
80- if (display == NULL) {
81- debug("x11_get_proto: DISPLAY not set");
82- return;
83- }
84+ return -1;
85+ }
86+ if (xauth_path != NULL && stat(xauth_path, &st) == -1) {
87+ debug("No xauth program.");
88+ xauth_path = NULL;
89+ }
90+
91+ if (xauth_path != NULL) {
92 /*
93 * Handle FamilyLocal case where $DISPLAY does
94 * not match an authorization entry. For this we
95@@ -337,43 +339,60 @@ client_x11_get_proto(const char *display
96 * is not perfect.
97 */
98 if (strncmp(display, "localhost:", 10) == 0) {
99- snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
100- display + 10);
101+ if ((r = snprintf(xdisplay, sizeof(xdisplay), "unix:%s",
102+ display + 10)) < 0 ||
103+ (size_t)r >= sizeof(xdisplay)) {
104+ error("%s: display name too long", __func__);
105+ return -1;
106+ }
107 display = xdisplay;
108 }
109 if (trusted == 0) {
110- mktemp_proto(xauthdir, PATH_MAX);
111 /*
112+ * Generate an untrusted X11 auth cookie.
113+ *
114 * The authentication cookie should briefly outlive
115 * ssh's willingness to forward X11 connections to
116 * avoid nasty fail-open behaviour in the X server.
117 */
118+ mktemp_proto(xauthdir, sizeof(xauthdir));
119+ if (mkdtemp(xauthdir) == NULL) {
120+ error("%s: mkdtemp: %s",
121+ __func__, strerror(errno));
122+ return -1;
123+ }
124+ do_unlink = 1;
125+ if ((r = snprintf(xauthfile, sizeof(xauthfile),
126+ "%s/xauthfile", xauthdir)) < 0 ||
127+ (size_t)r >= sizeof(xauthfile)) {
128+ error("%s: xauthfile path too long", __func__);
129+ unlink(xauthfile);
130+ rmdir(xauthdir);
131+ return -1;
132+ }
133+
134 if (timeout >= UINT_MAX - X11_TIMEOUT_SLACK)
135 x11_timeout_real = UINT_MAX;
136 else
137 x11_timeout_real = timeout + X11_TIMEOUT_SLACK;
138- if (mkdtemp(xauthdir) != NULL) {
139- do_unlink = 1;
140- snprintf(xauthfile, PATH_MAX, "%s/xauthfile",
141- xauthdir);
142- snprintf(cmd, sizeof(cmd),
143- "%s -f %s generate %s " SSH_X11_PROTO
144- " untrusted timeout %u 2>" _PATH_DEVNULL,
145- xauth_path, xauthfile, display,
146- x11_timeout_real);
147- debug2("x11_get_proto: %s", cmd);
148- if (x11_refuse_time == 0) {
149- now = monotime() + 1;
150- if (UINT_MAX - timeout < now)
151- x11_refuse_time = UINT_MAX;
152- else
153- x11_refuse_time = now + timeout;
154- channel_set_x11_refuse_time(
155- x11_refuse_time);
156- }
157- if (system(cmd) == 0)
158- generated = 1;
159+ if ((r = snprintf(cmd, sizeof(cmd),
160+ "%s -f %s generate %s " SSH_X11_PROTO
161+ " untrusted timeout %u 2>" _PATH_DEVNULL,
162+ xauth_path, xauthfile, display,
163+ x11_timeout_real)) < 0 ||
164+ (size_t)r >= sizeof(cmd))
165+ fatal("%s: cmd too long", __func__);
166+ debug2("%s: %s", __func__, cmd);
167+ if (x11_refuse_time == 0) {
168+ now = monotime() + 1;
169+ if (UINT_MAX - timeout < now)
170+ x11_refuse_time = UINT_MAX;
171+ else
172+ x11_refuse_time = now + timeout;
173+ channel_set_x11_refuse_time(x11_refuse_time);
174 }
175+ if (system(cmd) == 0)
176+ generated = 1;
177 }
178
179 /*
180@@ -395,9 +414,7 @@ client_x11_get_proto(const char *display
181 got_data = 1;
182 if (f)
183 pclose(f);
184- } else
185- error("Warning: untrusted X11 forwarding setup failed: "
186- "xauth key data not generated");
187+ }
188 }
189
190 if (do_unlink) {
191@@ -405,6 +422,13 @@ client_x11_get_proto(const char *display
192 rmdir(xauthdir);
193 }
194
195+ /* Don't fall back to fake X11 data for untrusted forwarding */
196+ if (!trusted && !got_data) {
197+ error("Warning: untrusted X11 forwarding setup failed: "
198+ "xauth key data not generated");
199+ return -1;
200+ }
201+
202 /*
203 * If we didn't get authentication data, just make up some
204 * data. The forwarding code will check the validity of the
205@@ -427,6 +451,8 @@ client_x11_get_proto(const char *display
206 rnd >>= 8;
207 }
208 }
209+
210+ return 0;
211 }
212
213 /*
214Index: openssh-7.1p2/clientloop.h
215===================================================================
216--- openssh-7.1p2.orig/clientloop.h
217+++ openssh-7.1p2/clientloop.h
218@@ -1,4 +1,4 @@
219-/* $OpenBSD: clientloop.h,v 1.31 2013/06/02 23:36:29 dtucker Exp $ */
220+/* $OpenBSD: clientloop.h,v 1.32 2016/01/13 23:04:47 djm Exp $ */
221
222 /*
223 * Author: Tatu Ylonen <ylo@cs.hut.fi>
224@@ -39,7 +39,7 @@
225
226 /* Client side main loop for the interactive session. */
227 int client_loop(int, int, int);
228-void client_x11_get_proto(const char *, const char *, u_int, u_int,
229+int client_x11_get_proto(const char *, const char *, u_int, u_int,
230 char **, char **);
231 void client_global_request_reply_fwd(int, u_int32_t, void *);
232 void client_session2_setup(int, int, int, const char *, struct termios *,
233Index: openssh-7.1p2/mux.c
234===================================================================
235--- openssh-7.1p2.orig/mux.c
236+++ openssh-7.1p2/mux.c
237@@ -1,4 +1,4 @@
238-/* $OpenBSD: mux.c,v 1.54 2015/08/19 23:18:26 djm Exp $ */
239+/* $OpenBSD: mux.c,v 1.58 2016/01/13 23:04:47 djm Exp $ */
240 /*
241 * Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
242 *
243@@ -1354,16 +1354,18 @@ mux_session_confirm(int id, int success,
244 char *proto, *data;
245
246 /* Get reasonable local authentication information. */
247- client_x11_get_proto(display, options.xauth_location,
248+ if (client_x11_get_proto(display, options.xauth_location,
249 options.forward_x11_trusted, options.forward_x11_timeout,
250- &proto, &data);
251- /* Request forwarding with authentication spoofing. */
252- debug("Requesting X11 forwarding with authentication "
253- "spoofing.");
254- x11_request_forwarding_with_spoofing(id, display, proto,
255- data, 1);
256- client_expect_confirm(id, "X11 forwarding", CONFIRM_WARN);
257- /* XXX exit_on_forward_failure */
258+ &proto, &data) == 0) {
259+ /* Request forwarding with authentication spoofing. */
260+ debug("Requesting X11 forwarding with authentication "
261+ "spoofing.");
262+ x11_request_forwarding_with_spoofing(id, display, proto,
263+ data, 1);
264+ /* XXX exit_on_forward_failure */
265+ client_expect_confirm(id, "X11 forwarding",
266+ CONFIRM_WARN);
267+ }
268 }
269
270 if (cctx->want_agent_fwd && options.forward_agent) {
271Index: openssh-7.1p2/ssh.c
272===================================================================
273--- openssh-7.1p2.orig/ssh.c
274+++ openssh-7.1p2/ssh.c
275@@ -1,4 +1,4 @@
276-/* $OpenBSD: ssh.c,v 1.420 2015/07/30 00:01:34 djm Exp $ */
277+/* $OpenBSD: ssh.c,v 1.433 2016/01/13 23:04:47 djm Exp $ */
278 /*
279 * Author: Tatu Ylonen <ylo@cs.hut.fi>
280 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
281@@ -1604,6 +1604,7 @@ ssh_session(void)
282 struct winsize ws;
283 char *cp;
284 const char *display;
285+ char *proto = NULL, *data = NULL;
286
287 /* Enable compression if requested. */
288 if (options.compression) {
289@@ -1674,13 +1675,9 @@ ssh_session(void)
290 display = getenv("DISPLAY");
291 if (display == NULL && options.forward_x11)
292 debug("X11 forwarding requested but DISPLAY not set");
293- if (options.forward_x11 && display != NULL) {
294- char *proto, *data;
295- /* Get reasonable local authentication information. */
296- client_x11_get_proto(display, options.xauth_location,
297- options.forward_x11_trusted,
298- options.forward_x11_timeout,
299- &proto, &data);
300+ if (options.forward_x11 && client_x11_get_proto(display,
301+ options.xauth_location, options.forward_x11_trusted,
302+ options.forward_x11_timeout, &proto, &data) == 0) {
303 /* Request forwarding with authentication spoofing. */
304 debug("Requesting X11 forwarding with authentication "
305 "spoofing.");
306@@ -1770,6 +1767,7 @@ ssh_session2_setup(int id, int success,
307 extern char **environ;
308 const char *display;
309 int interactive = tty_flag;
310+ char *proto = NULL, *data = NULL;
311
312 if (!success)
313 return; /* No need for error message, channels code sens one */
314@@ -1777,12 +1775,9 @@ ssh_session2_setup(int id, int success,
315 display = getenv("DISPLAY");
316 if (display == NULL && options.forward_x11)
317 debug("X11 forwarding requested but DISPLAY not set");
318- if (options.forward_x11 && display != NULL) {
319- char *proto, *data;
320- /* Get reasonable local authentication information. */
321- client_x11_get_proto(display, options.xauth_location,
322- options.forward_x11_trusted,
323- options.forward_x11_timeout, &proto, &data);
324+ if (options.forward_x11 && client_x11_get_proto(display,
325+ options.xauth_location, options.forward_x11_trusted,
326+ options.forward_x11_timeout, &proto, &data) == 0) {
327 /* Request forwarding with authentication spoofing. */
328 debug("Requesting X11 forwarding with authentication "
329 "spoofing.");
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch
deleted file mode 100644
index f3d132e43d..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2016-1907_upstream_commit.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From d77148e3a3ef6c29b26ec74331455394581aa257 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Sun, 8 Nov 2015 21:59:11 +0000
4Subject: [PATCH] upstream commit
5
6fix OOB read in packet code caused by missing return
7 statement found by Ben Hawkes; ok markus@ deraadt@
8
9Upstream-ID: a3e3a85434ebfa0690d4879091959591f30efc62
10
11Upstream-Status: Backport
12CVE: CVE-2016-1907
13
14[YOCTO #8935]
15
16Signed-off-by: Armin Kuster <akuster@mvista.com>
17
18---
19 packet.c | 1 +
20 1 file changed, 1 insertion(+)
21
22Index: openssh-7.1p2/packet.c
23===================================================================
24--- openssh-7.1p2.orig/packet.c
25+++ openssh-7.1p2/packet.c
26@@ -1855,6 +1855,7 @@ ssh_packet_process_incoming(struct ssh *
27 if (len >= state->packet_discard) {
28 if ((r = ssh_packet_stop_discard(ssh)) != 0)
29 return r;
30+ return SSH_ERR_CONN_CORRUPT;
31 }
32 state->packet_discard -= len;
33 return 0;
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch
deleted file mode 100644
index 9a9ad776ce..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/CVE-2016-3115.patch
+++ /dev/null
@@ -1,84 +0,0 @@
1From 4b4bfb01cd40b9ddb948e6026ddd287cc303d871 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Thu, 10 Mar 2016 11:47:57 +0000
4Subject: [PATCH] upstream commit
5
6sanitise characters destined for xauth reported by
7 github.com/tintinweb feedback and ok deraadt and markus
8
9Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261
10
11Upstream-Status: Backport
12CVE: CVE-2016-3115
13https://anongit.mindrot.org/openssh.git/commit/?id=4b4bfb01cd40b9ddb948e6026ddd287cc303d871
14
15Signed-off-by: Armin Kuster <akuster@mvista.com>
16
17---
18 session.c | 34 +++++++++++++++++++++++++++++++---
19 1 file changed, 31 insertions(+), 3 deletions(-)
20
21Index: openssh-7.1p2/session.c
22===================================================================
23--- openssh-7.1p2.orig/session.c
24+++ openssh-7.1p2/session.c
25@@ -46,6 +46,7 @@
26
27 #include <arpa/inet.h>
28
29+#include <ctype.h>
30 #include <errno.h>
31 #include <fcntl.h>
32 #include <grp.h>
33@@ -273,6 +274,21 @@ do_authenticated(Authctxt *authctxt)
34 do_cleanup(authctxt);
35 }
36
37+/* Check untrusted xauth strings for metacharacters */
38+static int
39+xauth_valid_string(const char *s)
40+{
41+ size_t i;
42+
43+ for (i = 0; s[i] != '\0'; i++) {
44+ if (!isalnum((u_char)s[i]) &&
45+ s[i] != '.' && s[i] != ':' && s[i] != '/' &&
46+ s[i] != '-' && s[i] != '_')
47+ return 0;
48+ }
49+ return 1;
50+}
51+
52 /*
53 * Prepares for an interactive session. This is called after the user has
54 * been successfully authenticated. During this message exchange, pseudo
55@@ -346,7 +362,13 @@ do_authenticated1(Authctxt *authctxt)
56 s->screen = 0;
57 }
58 packet_check_eom();
59- success = session_setup_x11fwd(s);
60+ if (xauth_valid_string(s->auth_proto) &&
61+ xauth_valid_string(s->auth_data))
62+ success = session_setup_x11fwd(s);
63+ else {
64+ success = 0;
65+ error("Invalid X11 forwarding data");
66+ }
67 if (!success) {
68 free(s->auth_proto);
69 free(s->auth_data);
70@@ -2181,7 +2203,13 @@ session_x11_req(Session *s)
71 s->screen = packet_get_int();
72 packet_check_eom();
73
74- success = session_setup_x11fwd(s);
75+ if (xauth_valid_string(s->auth_proto) &&
76+ xauth_valid_string(s->auth_data))
77+ success = session_setup_x11fwd(s);
78+ else {
79+ success = 0;
80+ error("Invalid X11 forwarding data");
81+ }
82 if (!success) {
83 free(s->auth_proto);
84 free(s->auth_data);
diff --git a/meta/recipes-connectivity/openssh/openssh_7.1p2.bb b/meta/recipes-connectivity/openssh/openssh_7.2p2.bb
index 92bc006bb2..173f80a2af 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.1p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.2p2.bb
@@ -21,16 +21,12 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
21 file://volatiles.99_sshd \ 21 file://volatiles.99_sshd \
22 file://add-test-support-for-busybox.patch \ 22 file://add-test-support-for-busybox.patch \
23 file://run-ptest \ 23 file://run-ptest \
24 file://CVE-2016-1907_upstream_commit.patch \
25 file://CVE-2016-1907_2.patch \
26 file://CVE-2016-1907_3.patch \
27 file://CVE-2016-3115.patch \
28 " 24 "
29 25
30PAM_SRC_URI = "file://sshd" 26PAM_SRC_URI = "file://sshd"
31 27
32SRC_URI[md5sum] = "4d8547670e2a220d5ef805ad9e47acf2" 28SRC_URI[md5sum] = "13009a9156510d8f27e752659075cced"
33SRC_URI[sha256sum] = "dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd" 29SRC_URI[sha256sum] = "a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c"
34 30
35inherit useradd update-rc.d update-alternatives systemd 31inherit useradd update-rc.d update-alternatives systemd
36 32