summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch64
-rw-r--r--meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch119
-rw-r--r--meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch70
-rw-r--r--meta/recipes-connectivity/openssh/openssh_7.6p1.bb (renamed from meta/recipes-connectivity/openssh/openssh_7.5p1.bb)11
4 files changed, 25 insertions, 239 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
index adc25c668f..b8402a4dee 100644
--- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
+++ b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch
@@ -6,64 +6,42 @@ Adjust test cases to work with busybox.
6Signed-off-by: Maxin B. John <maxin.john@enea.com> 6Signed-off-by: Maxin B. John <maxin.john@enea.com>
7Upstream-Status: Pending 7Upstream-Status: Pending
8 8
9Index: openssh-6.8p1/regress/cipher-speed.sh 9Index: openssh-7.6p1/regress/cipher-speed.sh
10=================================================================== 10===================================================================
11--- openssh-6.8p1.orig/regress/cipher-speed.sh 11--- openssh-7.6p1.orig/regress/cipher-speed.sh
12+++ openssh-6.8p1/regress/cipher-speed.sh 12+++ openssh-7.6p1/regress/cipher-speed.sh
13@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for 13@@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for
14 printf "%-60s" "$c/$m:" 14 printf "%-60s" "$c/$m:"
15 ( ${SSH} -o 'compression no' \ 15 ( ${SSH} -o 'compression no' \
16 -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ 16 -F $OBJ/ssh_proxy -m $m -c $c somehost \
17- exec sh -c \'"dd of=/dev/null obs=32k"\' \ 17- exec sh -c \'"dd of=/dev/null obs=32k"\' \
18+ exec sh -c \'"dd of=/dev/null bs=32k"\' \ 18+ exec sh -c \'"dd of=/dev/null bs=32k"\' \
19 < ${DATA} ) 2>&1 | getbytes 19 < ${DATA} ) 2>&1 | getbytes
20 20
21 if [ $? -ne 0 ]; then 21 if [ $? -ne 0 ]; then
22@@ -42,7 +42,7 @@ for c in $ciphers; do 22Index: openssh-7.6p1/regress/transfer.sh
23 printf "%-60s" "$c:"
24 ( ${SSH} -o 'compression no' \
25 -F $OBJ/ssh_proxy -1 -c $c somehost \
26- exec sh -c \'"dd of=/dev/null obs=32k"\' \
27+ exec sh -c \'"dd of=/dev/null bs=32k"\' \
28 < ${DATA} ) 2>&1 | getbytes
29 if [ $? -ne 0 ]; then
30 fail "ssh -1 failed with cipher $c"
31Index: openssh-6.8p1/regress/transfer.sh
32===================================================================
33--- openssh-6.8p1.orig/regress/transfer.sh
34+++ openssh-6.8p1/regress/transfer.sh
35@@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do
36 for s in 10 100 1k 32k 64k 128k 256k; do
37 trace "proto $p dd-size ${s}"
38 rm -f ${COPY}
39- dd if=$DATA obs=${s} 2> /dev/null | \
40+ dd if=$DATA bs=${s} 2> /dev/null | \
41 ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
42 if [ $? -ne 0 ]; then
43 fail "ssh cat $DATA failed"
44Index: openssh-6.8p1/regress/yes-head.sh
45=================================================================== 23===================================================================
46--- openssh-6.8p1.orig/regress/yes-head.sh 24--- openssh-7.6p1.orig/regress/transfer.sh
47+++ openssh-6.8p1/regress/yes-head.sh 25+++ openssh-7.6p1/regress/transfer.sh
48@@ -4,7 +4,7 @@ 26@@ -13,7 +13,7 @@ cmp ${DATA} ${COPY} || fail "corrupted
49 tid="yes pipe head" 27 for s in 10 100 1k 32k 64k 128k 256k; do
50 28 trace "dd-size ${s}"
51 for p in ${SSH_PROTOCOLS}; do 29 rm -f ${COPY}
52- lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` 30- dd if=$DATA obs=${s} 2> /dev/null | \
53+ lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)` 31+ dd if=$DATA bs=${s} 2> /dev/null | \
32 ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}"
54 if [ $? -ne 0 ]; then 33 if [ $? -ne 0 ]; then
55 fail "yes|head test failed" 34 fail "ssh cat $DATA failed"
56 lines = 0; 35Index: openssh-7.6p1/regress/key-options.sh
57Index: openssh-6.8p1/regress/key-options.sh
58=================================================================== 36===================================================================
59--- openssh-6.8p1.orig/regress/key-options.sh 37--- openssh-7.6p1.orig/regress/key-options.sh
60+++ openssh-6.8p1/regress/key-options.sh 38+++ openssh-7.6p1/regress/key-options.sh
61@@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do 39@@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do
62 fi 40 fi
63 41
64 sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys 42 sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys
65- from=`head -1 $authkeys | cut -f1 -d ' '` 43- from=`head -1 $authkeys | cut -f1 -d ' '`
66+ from=`head -n 1 $authkeys | cut -f1 -d ' '` 44+ from=`head -n 1 $authkeys | cut -f1 -d ' '`
67 verbose "key option proto $p $from" 45 verbose "key option $from"
68 r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` 46 r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'`
69 if [ "$r" = "true" ]; then 47 if [ "$r" = "true" ]; then
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
deleted file mode 100644
index 1098b972ce..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
+++ /dev/null
@@ -1,119 +0,0 @@
1From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001
2From: Dengke Du <dengke.du@windriver.com>
3Date: Thu, 19 Jan 2017 03:00:08 -0500
4Subject: [PATCH 1/3] Remove des in cipher.
5
6Upstream-Status: Pending
7
8Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
9Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
10Signed-off-by: Dengke Du <dengke.du@windriver.com>
11---
12 cipher.c | 18 ++++++++++++++++++
13 1 file changed, 18 insertions(+)
14
15diff --git a/cipher.c b/cipher.c
16index 2def333..59f6792 100644
17--- a/cipher.c
18+++ b/cipher.c
19@@ -53,8 +53,10 @@
20
21 #ifdef WITH_SSH1
22 extern const EVP_CIPHER *evp_ssh1_bf(void);
23+#ifndef OPENSSL_NO_DES
24 extern const EVP_CIPHER *evp_ssh1_3des(void);
25 extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
26+#endif /* OPENSSL_NO_DES */
27 #endif
28
29 struct sshcipher_ctx {
30@@ -88,15 +90,19 @@ struct sshcipher {
31
32 static const struct sshcipher ciphers[] = {
33 #ifdef WITH_SSH1
34+#ifndef OPENSSL_NO_DES
35 { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
36 { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
37+#endif /* OPENSSL_NO_DES */
38 # ifndef OPENSSL_NO_BF
39 { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
40 # endif /* OPENSSL_NO_BF */
41 #endif /* WITH_SSH1 */
42 #ifdef WITH_OPENSSL
43+#ifndef OPENSSL_NO_DES
44 { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
45 { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
46+#endif /* OPENSSL_NO_DES */
47 # ifndef OPENSSL_NO_BF
48 { "blowfish-cbc",
49 SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
50@@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c)
51 u_int
52 cipher_seclen(const struct sshcipher *c)
53 {
54+#ifndef OPENSSL_NO_DES
55 if (strcmp("3des-cbc", c->name) == 0)
56 return 14;
57+#endif /* OPENSSL_NO_DES */
58 return cipher_keylen(c);
59 }
60
61@@ -230,11 +238,13 @@ u_int
62 cipher_mask_ssh1(int client)
63 {
64 u_int mask = 0;
65+#ifndef OPENSSL_NO_DES
66 mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */
67 mask |= 1 << SSH_CIPHER_BLOWFISH;
68 if (client) {
69 mask |= 1 << SSH_CIPHER_DES;
70 }
71+#endif /*OPENSSL_NO_DES*/
72 return mask;
73 }
74
75@@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
76 switch (c->number) {
77 #ifdef WITH_OPENSSL
78 case SSH_CIPHER_SSH2:
79+#ifndef OPENSSL_NO_DES
80 case SSH_CIPHER_DES:
81+#endif /* OPENSSL_NO_DES */
82 case SSH_CIPHER_BLOWFISH:
83 evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
84 if (evplen == 0)
85@@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
86 break;
87 #endif
88 #ifdef WITH_SSH1
89+#ifndef OPENSSL_NO_DES
90 case SSH_CIPHER_3DES:
91 return ssh1_3des_iv(cc->evp, 0, iv, 24);
92+#endif /* OPENSSL_NO_DES */
93 #endif
94 default:
95 return SSH_ERR_INVALID_ARGUMENT;
96@@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
97 switch (c->number) {
98 #ifdef WITH_OPENSSL
99 case SSH_CIPHER_SSH2:
100+#ifndef OPENSSL_NO_DES
101 case SSH_CIPHER_DES:
102+#endif /* OPENSSL_NO_DES */
103 case SSH_CIPHER_BLOWFISH:
104 evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
105 if (evplen <= 0)
106@@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
107 break;
108 #endif
109 #ifdef WITH_SSH1
110+#ifndef OPENSSL_NO_DES
111 case SSH_CIPHER_3DES:
112 return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24);
113+#endif /* OPENSSL_NO_DES */
114 #endif
115 default:
116 return SSH_ERR_INVALID_ARGUMENT;
117--
1182.8.1
119
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
deleted file mode 100644
index 47dc73ba10..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch
+++ /dev/null
@@ -1,70 +0,0 @@
1From e816fc06e4f8070b09e677ead4d21768784e4c99 Mon Sep 17 00:00:00 2001
2From: Dengke Du <dengke.du@windriver.com>
3Date: Thu, 19 Jan 2017 03:21:40 -0500
4Subject: [PATCH 2/3] remove des in pkcs11.
5
6Upstream-Status: Pending
7
8Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com>
9Signed-off-by: Dengke Du <dengke.du@windriver.com>
10---
11 pkcs11.h | 8 ++++++++
12 1 file changed, 8 insertions(+)
13
14diff --git a/pkcs11.h b/pkcs11.h
15index b01d58f..98b36e6 100644
16--- a/pkcs11.h
17+++ b/pkcs11.h
18@@ -342,9 +342,11 @@ typedef unsigned long ck_key_type_t;
19 #define CKK_GENERIC_SECRET (0x10)
20 #define CKK_RC2 (0x11)
21 #define CKK_RC4 (0x12)
22+#ifndef OPENSSL_NO_DES
23 #define CKK_DES (0x13)
24 #define CKK_DES2 (0x14)
25 #define CKK_DES3 (0x15)
26+#endif /* OPENSSL_NO_DES */
27 #define CKK_CAST (0x16)
28 #define CKK_CAST3 (0x17)
29 #define CKK_CAST128 (0x18)
30@@ -512,6 +514,7 @@ typedef unsigned long ck_mechanism_type_t;
31 #define CKM_RC2_CBC_PAD (0x105)
32 #define CKM_RC4_KEY_GEN (0x110)
33 #define CKM_RC4 (0x111)
34+#ifndef OPENSSL_NO_DES
35 #define CKM_DES_KEY_GEN (0x120)
36 #define CKM_DES_ECB (0x121)
37 #define CKM_DES_CBC (0x122)
38@@ -525,6 +528,7 @@ typedef unsigned long ck_mechanism_type_t;
39 #define CKM_DES3_MAC (0x134)
40 #define CKM_DES3_MAC_GENERAL (0x135)
41 #define CKM_DES3_CBC_PAD (0x136)
42+#endif /* OPENSSL_NO_DES */
43 #define CKM_CDMF_KEY_GEN (0x140)
44 #define CKM_CDMF_ECB (0x141)
45 #define CKM_CDMF_CBC (0x142)
46@@ -610,8 +614,10 @@ typedef unsigned long ck_mechanism_type_t;
47 #define CKM_MD5_KEY_DERIVATION (0x390)
48 #define CKM_MD2_KEY_DERIVATION (0x391)
49 #define CKM_SHA1_KEY_DERIVATION (0x392)
50+#ifndef OPENSSL_NO_DES
51 #define CKM_PBE_MD2_DES_CBC (0x3a0)
52 #define CKM_PBE_MD5_DES_CBC (0x3a1)
53+#endif /* OPENSSL_NO_DES */
54 #define CKM_PBE_MD5_CAST_CBC (0x3a2)
55 #define CKM_PBE_MD5_CAST3_CBC (0x3a3)
56 #define CKM_PBE_MD5_CAST5_CBC (0x3a4)
57@@ -620,8 +626,10 @@ typedef unsigned long ck_mechanism_type_t;
58 #define CKM_PBE_SHA1_CAST128_CBC (0x3a5)
59 #define CKM_PBE_SHA1_RC4_128 (0x3a6)
60 #define CKM_PBE_SHA1_RC4_40 (0x3a7)
61+#ifndef OPENSSL_NO_DES
62 #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8)
63 #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9)
64+#endif /* OPENSSL_NO_DES */
65 #define CKM_PBE_SHA1_RC2_128_CBC (0x3aa)
66 #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab)
67 #define CKM_PKCS5_PBKD2 (0x3b0)
68--
692.8.1
70
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
index 86ca6ff372..ebb9a5734d 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb
@@ -6,7 +6,7 @@ and for executing commands on a remote machine."
6HOMEPAGE = "http://www.openssh.com/" 6HOMEPAGE = "http://www.openssh.com/"
7SECTION = "console/network" 7SECTION = "console/network"
8LICENSE = "BSD" 8LICENSE = "BSD"
9LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" 9LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8"
10 10
11# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48 11# openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48
12DEPENDS = "zlib openssl10" 12DEPENDS = "zlib openssl10"
@@ -21,19 +21,16 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
21 file://sshd@.service \ 21 file://sshd@.service \
22 file://sshdgenkeys.service \ 22 file://sshdgenkeys.service \
23 file://volatiles.99_sshd \ 23 file://volatiles.99_sshd \
24 file://add-test-support-for-busybox.patch \
25 file://run-ptest \ 24 file://run-ptest \
26 file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
27 file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
28 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ 25 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
29 file://0001-openssh-Fix-syntax-error-on-x32.patch \
30 file://sshd_check_keys \ 26 file://sshd_check_keys \
27 file://add-test-support-for-busybox.patch \
31 " 28 "
32 29
33PAM_SRC_URI = "file://sshd" 30PAM_SRC_URI = "file://sshd"
34 31
35SRC_URI[md5sum] = "652fdc7d8392f112bef11cacf7e69e23" 32SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63"
36SRC_URI[sha256sum] = "9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0" 33SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723"
37 34
38inherit useradd update-rc.d update-alternatives systemd 35inherit useradd update-rc.d update-alternatives systemd
39 36