diff options
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch | 64 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | 119 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch | 70 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_7.6p1.bb (renamed from meta/recipes-connectivity/openssh/openssh_7.5p1.bb) | 11 |
4 files changed, 25 insertions, 239 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch index adc25c668f..b8402a4dee 100644 --- a/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch +++ b/meta/recipes-connectivity/openssh/openssh/add-test-support-for-busybox.patch | |||
@@ -6,64 +6,42 @@ Adjust test cases to work with busybox. | |||
6 | Signed-off-by: Maxin B. John <maxin.john@enea.com> | 6 | Signed-off-by: Maxin B. John <maxin.john@enea.com> |
7 | Upstream-Status: Pending | 7 | Upstream-Status: Pending |
8 | 8 | ||
9 | Index: openssh-6.8p1/regress/cipher-speed.sh | 9 | Index: openssh-7.6p1/regress/cipher-speed.sh |
10 | =================================================================== | 10 | =================================================================== |
11 | --- openssh-6.8p1.orig/regress/cipher-speed.sh | 11 | --- openssh-7.6p1.orig/regress/cipher-speed.sh |
12 | +++ openssh-6.8p1/regress/cipher-speed.sh | 12 | +++ openssh-7.6p1/regress/cipher-speed.sh |
13 | @@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for | 13 | @@ -17,7 +17,7 @@ for c in `${SSH} -Q cipher`; do n=0; for |
14 | printf "%-60s" "$c/$m:" | 14 | printf "%-60s" "$c/$m:" |
15 | ( ${SSH} -o 'compression no' \ | 15 | ( ${SSH} -o 'compression no' \ |
16 | -F $OBJ/ssh_proxy -2 -m $m -c $c somehost \ | 16 | -F $OBJ/ssh_proxy -m $m -c $c somehost \ |
17 | - exec sh -c \'"dd of=/dev/null obs=32k"\' \ | 17 | - exec sh -c \'"dd of=/dev/null obs=32k"\' \ |
18 | + exec sh -c \'"dd of=/dev/null bs=32k"\' \ | 18 | + exec sh -c \'"dd of=/dev/null bs=32k"\' \ |
19 | < ${DATA} ) 2>&1 | getbytes | 19 | < ${DATA} ) 2>&1 | getbytes |
20 | 20 | ||
21 | if [ $? -ne 0 ]; then | 21 | if [ $? -ne 0 ]; then |
22 | @@ -42,7 +42,7 @@ for c in $ciphers; do | 22 | Index: openssh-7.6p1/regress/transfer.sh |
23 | printf "%-60s" "$c:" | ||
24 | ( ${SSH} -o 'compression no' \ | ||
25 | -F $OBJ/ssh_proxy -1 -c $c somehost \ | ||
26 | - exec sh -c \'"dd of=/dev/null obs=32k"\' \ | ||
27 | + exec sh -c \'"dd of=/dev/null bs=32k"\' \ | ||
28 | < ${DATA} ) 2>&1 | getbytes | ||
29 | if [ $? -ne 0 ]; then | ||
30 | fail "ssh -1 failed with cipher $c" | ||
31 | Index: openssh-6.8p1/regress/transfer.sh | ||
32 | =================================================================== | ||
33 | --- openssh-6.8p1.orig/regress/transfer.sh | ||
34 | +++ openssh-6.8p1/regress/transfer.sh | ||
35 | @@ -15,7 +15,7 @@ for p in ${SSH_PROTOCOLS}; do | ||
36 | for s in 10 100 1k 32k 64k 128k 256k; do | ||
37 | trace "proto $p dd-size ${s}" | ||
38 | rm -f ${COPY} | ||
39 | - dd if=$DATA obs=${s} 2> /dev/null | \ | ||
40 | + dd if=$DATA bs=${s} 2> /dev/null | \ | ||
41 | ${SSH} -q -$p -F $OBJ/ssh_proxy somehost "cat > ${COPY}" | ||
42 | if [ $? -ne 0 ]; then | ||
43 | fail "ssh cat $DATA failed" | ||
44 | Index: openssh-6.8p1/regress/yes-head.sh | ||
45 | =================================================================== | 23 | =================================================================== |
46 | --- openssh-6.8p1.orig/regress/yes-head.sh | 24 | --- openssh-7.6p1.orig/regress/transfer.sh |
47 | +++ openssh-6.8p1/regress/yes-head.sh | 25 | +++ openssh-7.6p1/regress/transfer.sh |
48 | @@ -4,7 +4,7 @@ | 26 | @@ -13,7 +13,7 @@ cmp ${DATA} ${COPY} || fail "corrupted |
49 | tid="yes pipe head" | 27 | for s in 10 100 1k 32k 64k 128k 256k; do |
50 | 28 | trace "dd-size ${s}" | |
51 | for p in ${SSH_PROTOCOLS}; do | 29 | rm -f ${COPY} |
52 | - lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -2000"' | (sleep 3 ; wc -l)` | 30 | - dd if=$DATA obs=${s} 2> /dev/null | \ |
53 | + lines=`${SSH} -$p -F $OBJ/ssh_proxy thishost 'sh -c "while true;do echo yes;done | _POSIX2_VERSION=199209 head -n 2000"' | (sleep 3 ; wc -l)` | 31 | + dd if=$DATA bs=${s} 2> /dev/null | \ |
32 | ${SSH} -q -F $OBJ/ssh_proxy somehost "cat > ${COPY}" | ||
54 | if [ $? -ne 0 ]; then | 33 | if [ $? -ne 0 ]; then |
55 | fail "yes|head test failed" | 34 | fail "ssh cat $DATA failed" |
56 | lines = 0; | 35 | Index: openssh-7.6p1/regress/key-options.sh |
57 | Index: openssh-6.8p1/regress/key-options.sh | ||
58 | =================================================================== | 36 | =================================================================== |
59 | --- openssh-6.8p1.orig/regress/key-options.sh | 37 | --- openssh-7.6p1.orig/regress/key-options.sh |
60 | +++ openssh-6.8p1/regress/key-options.sh | 38 | +++ openssh-7.6p1/regress/key-options.sh |
61 | @@ -54,7 +54,7 @@ for p in ${SSH_PROTOCOLS}; do | 39 | @@ -47,7 +47,7 @@ for f in 127.0.0.1 '127.0.0.0\/8'; do |
62 | fi | 40 | fi |
63 | 41 | ||
64 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys | 42 | sed 's/.*/from="'"$f"'" &/' $origkeys >$authkeys |
65 | - from=`head -1 $authkeys | cut -f1 -d ' '` | 43 | - from=`head -1 $authkeys | cut -f1 -d ' '` |
66 | + from=`head -n 1 $authkeys | cut -f1 -d ' '` | 44 | + from=`head -n 1 $authkeys | cut -f1 -d ' '` |
67 | verbose "key option proto $p $from" | 45 | verbose "key option $from" |
68 | r=`${SSH} -$p -q -F $OBJ/ssh_proxy somehost 'echo true'` | 46 | r=`${SSH} -q -F $OBJ/ssh_proxy somehost 'echo true'` |
69 | if [ "$r" = "true" ]; then | 47 | if [ "$r" = "true" ]; then |
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch deleted file mode 100644 index 1098b972ce..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch +++ /dev/null | |||
@@ -1,119 +0,0 @@ | |||
1 | From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001 | ||
2 | From: Dengke Du <dengke.du@windriver.com> | ||
3 | Date: Thu, 19 Jan 2017 03:00:08 -0500 | ||
4 | Subject: [PATCH 1/3] Remove des in cipher. | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
9 | Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | ||
10 | Signed-off-by: Dengke Du <dengke.du@windriver.com> | ||
11 | --- | ||
12 | cipher.c | 18 ++++++++++++++++++ | ||
13 | 1 file changed, 18 insertions(+) | ||
14 | |||
15 | diff --git a/cipher.c b/cipher.c | ||
16 | index 2def333..59f6792 100644 | ||
17 | --- a/cipher.c | ||
18 | +++ b/cipher.c | ||
19 | @@ -53,8 +53,10 @@ | ||
20 | |||
21 | #ifdef WITH_SSH1 | ||
22 | extern const EVP_CIPHER *evp_ssh1_bf(void); | ||
23 | +#ifndef OPENSSL_NO_DES | ||
24 | extern const EVP_CIPHER *evp_ssh1_3des(void); | ||
25 | extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); | ||
26 | +#endif /* OPENSSL_NO_DES */ | ||
27 | #endif | ||
28 | |||
29 | struct sshcipher_ctx { | ||
30 | @@ -88,15 +90,19 @@ struct sshcipher { | ||
31 | |||
32 | static const struct sshcipher ciphers[] = { | ||
33 | #ifdef WITH_SSH1 | ||
34 | +#ifndef OPENSSL_NO_DES | ||
35 | { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, | ||
36 | { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, | ||
37 | +#endif /* OPENSSL_NO_DES */ | ||
38 | # ifndef OPENSSL_NO_BF | ||
39 | { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, | ||
40 | # endif /* OPENSSL_NO_BF */ | ||
41 | #endif /* WITH_SSH1 */ | ||
42 | #ifdef WITH_OPENSSL | ||
43 | +#ifndef OPENSSL_NO_DES | ||
44 | { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, | ||
45 | { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, | ||
46 | +#endif /* OPENSSL_NO_DES */ | ||
47 | # ifndef OPENSSL_NO_BF | ||
48 | { "blowfish-cbc", | ||
49 | SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, | ||
50 | @@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c) | ||
51 | u_int | ||
52 | cipher_seclen(const struct sshcipher *c) | ||
53 | { | ||
54 | +#ifndef OPENSSL_NO_DES | ||
55 | if (strcmp("3des-cbc", c->name) == 0) | ||
56 | return 14; | ||
57 | +#endif /* OPENSSL_NO_DES */ | ||
58 | return cipher_keylen(c); | ||
59 | } | ||
60 | |||
61 | @@ -230,11 +238,13 @@ u_int | ||
62 | cipher_mask_ssh1(int client) | ||
63 | { | ||
64 | u_int mask = 0; | ||
65 | +#ifndef OPENSSL_NO_DES | ||
66 | mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ | ||
67 | mask |= 1 << SSH_CIPHER_BLOWFISH; | ||
68 | if (client) { | ||
69 | mask |= 1 << SSH_CIPHER_DES; | ||
70 | } | ||
71 | +#endif /*OPENSSL_NO_DES*/ | ||
72 | return mask; | ||
73 | } | ||
74 | |||
75 | @@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | ||
76 | switch (c->number) { | ||
77 | #ifdef WITH_OPENSSL | ||
78 | case SSH_CIPHER_SSH2: | ||
79 | +#ifndef OPENSSL_NO_DES | ||
80 | case SSH_CIPHER_DES: | ||
81 | +#endif /* OPENSSL_NO_DES */ | ||
82 | case SSH_CIPHER_BLOWFISH: | ||
83 | evplen = EVP_CIPHER_CTX_iv_length(cc->evp); | ||
84 | if (evplen == 0) | ||
85 | @@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) | ||
86 | break; | ||
87 | #endif | ||
88 | #ifdef WITH_SSH1 | ||
89 | +#ifndef OPENSSL_NO_DES | ||
90 | case SSH_CIPHER_3DES: | ||
91 | return ssh1_3des_iv(cc->evp, 0, iv, 24); | ||
92 | +#endif /* OPENSSL_NO_DES */ | ||
93 | #endif | ||
94 | default: | ||
95 | return SSH_ERR_INVALID_ARGUMENT; | ||
96 | @@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | ||
97 | switch (c->number) { | ||
98 | #ifdef WITH_OPENSSL | ||
99 | case SSH_CIPHER_SSH2: | ||
100 | +#ifndef OPENSSL_NO_DES | ||
101 | case SSH_CIPHER_DES: | ||
102 | +#endif /* OPENSSL_NO_DES */ | ||
103 | case SSH_CIPHER_BLOWFISH: | ||
104 | evplen = EVP_CIPHER_CTX_iv_length(cc->evp); | ||
105 | if (evplen <= 0) | ||
106 | @@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) | ||
107 | break; | ||
108 | #endif | ||
109 | #ifdef WITH_SSH1 | ||
110 | +#ifndef OPENSSL_NO_DES | ||
111 | case SSH_CIPHER_3DES: | ||
112 | return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24); | ||
113 | +#endif /* OPENSSL_NO_DES */ | ||
114 | #endif | ||
115 | default: | ||
116 | return SSH_ERR_INVALID_ARGUMENT; | ||
117 | -- | ||
118 | 2.8.1 | ||
119 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch deleted file mode 100644 index 47dc73ba10..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch +++ /dev/null | |||
@@ -1,70 +0,0 @@ | |||
1 | From e816fc06e4f8070b09e677ead4d21768784e4c99 Mon Sep 17 00:00:00 2001 | ||
2 | From: Dengke Du <dengke.du@windriver.com> | ||
3 | Date: Thu, 19 Jan 2017 03:21:40 -0500 | ||
4 | Subject: [PATCH 2/3] remove des in pkcs11. | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> | ||
9 | Signed-off-by: Dengke Du <dengke.du@windriver.com> | ||
10 | --- | ||
11 | pkcs11.h | 8 ++++++++ | ||
12 | 1 file changed, 8 insertions(+) | ||
13 | |||
14 | diff --git a/pkcs11.h b/pkcs11.h | ||
15 | index b01d58f..98b36e6 100644 | ||
16 | --- a/pkcs11.h | ||
17 | +++ b/pkcs11.h | ||
18 | @@ -342,9 +342,11 @@ typedef unsigned long ck_key_type_t; | ||
19 | #define CKK_GENERIC_SECRET (0x10) | ||
20 | #define CKK_RC2 (0x11) | ||
21 | #define CKK_RC4 (0x12) | ||
22 | +#ifndef OPENSSL_NO_DES | ||
23 | #define CKK_DES (0x13) | ||
24 | #define CKK_DES2 (0x14) | ||
25 | #define CKK_DES3 (0x15) | ||
26 | +#endif /* OPENSSL_NO_DES */ | ||
27 | #define CKK_CAST (0x16) | ||
28 | #define CKK_CAST3 (0x17) | ||
29 | #define CKK_CAST128 (0x18) | ||
30 | @@ -512,6 +514,7 @@ typedef unsigned long ck_mechanism_type_t; | ||
31 | #define CKM_RC2_CBC_PAD (0x105) | ||
32 | #define CKM_RC4_KEY_GEN (0x110) | ||
33 | #define CKM_RC4 (0x111) | ||
34 | +#ifndef OPENSSL_NO_DES | ||
35 | #define CKM_DES_KEY_GEN (0x120) | ||
36 | #define CKM_DES_ECB (0x121) | ||
37 | #define CKM_DES_CBC (0x122) | ||
38 | @@ -525,6 +528,7 @@ typedef unsigned long ck_mechanism_type_t; | ||
39 | #define CKM_DES3_MAC (0x134) | ||
40 | #define CKM_DES3_MAC_GENERAL (0x135) | ||
41 | #define CKM_DES3_CBC_PAD (0x136) | ||
42 | +#endif /* OPENSSL_NO_DES */ | ||
43 | #define CKM_CDMF_KEY_GEN (0x140) | ||
44 | #define CKM_CDMF_ECB (0x141) | ||
45 | #define CKM_CDMF_CBC (0x142) | ||
46 | @@ -610,8 +614,10 @@ typedef unsigned long ck_mechanism_type_t; | ||
47 | #define CKM_MD5_KEY_DERIVATION (0x390) | ||
48 | #define CKM_MD2_KEY_DERIVATION (0x391) | ||
49 | #define CKM_SHA1_KEY_DERIVATION (0x392) | ||
50 | +#ifndef OPENSSL_NO_DES | ||
51 | #define CKM_PBE_MD2_DES_CBC (0x3a0) | ||
52 | #define CKM_PBE_MD5_DES_CBC (0x3a1) | ||
53 | +#endif /* OPENSSL_NO_DES */ | ||
54 | #define CKM_PBE_MD5_CAST_CBC (0x3a2) | ||
55 | #define CKM_PBE_MD5_CAST3_CBC (0x3a3) | ||
56 | #define CKM_PBE_MD5_CAST5_CBC (0x3a4) | ||
57 | @@ -620,8 +626,10 @@ typedef unsigned long ck_mechanism_type_t; | ||
58 | #define CKM_PBE_SHA1_CAST128_CBC (0x3a5) | ||
59 | #define CKM_PBE_SHA1_RC4_128 (0x3a6) | ||
60 | #define CKM_PBE_SHA1_RC4_40 (0x3a7) | ||
61 | +#ifndef OPENSSL_NO_DES | ||
62 | #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) | ||
63 | #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) | ||
64 | +#endif /* OPENSSL_NO_DES */ | ||
65 | #define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) | ||
66 | #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) | ||
67 | #define CKM_PKCS5_PBKD2 (0x3b0) | ||
68 | -- | ||
69 | 2.8.1 | ||
70 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb index 86ca6ff372..ebb9a5734d 100644 --- a/meta/recipes-connectivity/openssh/openssh_7.5p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_7.6p1.bb | |||
@@ -6,7 +6,7 @@ and for executing commands on a remote machine." | |||
6 | HOMEPAGE = "http://www.openssh.com/" | 6 | HOMEPAGE = "http://www.openssh.com/" |
7 | SECTION = "console/network" | 7 | SECTION = "console/network" |
8 | LICENSE = "BSD" | 8 | LICENSE = "BSD" |
9 | LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507" | 9 | LIC_FILES_CHKSUM = "file://LICENCE;md5=429658c6612f3a9b1293782366ab29d8" |
10 | 10 | ||
11 | # openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48 | 11 | # openssl 1.1 patches are proposed at https://github.com/openssh/openssh-portable/pull/48 |
12 | DEPENDS = "zlib openssl10" | 12 | DEPENDS = "zlib openssl10" |
@@ -21,19 +21,16 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
21 | file://sshd@.service \ | 21 | file://sshd@.service \ |
22 | file://sshdgenkeys.service \ | 22 | file://sshdgenkeys.service \ |
23 | file://volatiles.99_sshd \ | 23 | file://volatiles.99_sshd \ |
24 | file://add-test-support-for-busybox.patch \ | ||
25 | file://run-ptest \ | 24 | file://run-ptest \ |
26 | file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \ | ||
27 | file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \ | ||
28 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ | 25 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ |
29 | file://0001-openssh-Fix-syntax-error-on-x32.patch \ | ||
30 | file://sshd_check_keys \ | 26 | file://sshd_check_keys \ |
27 | file://add-test-support-for-busybox.patch \ | ||
31 | " | 28 | " |
32 | 29 | ||
33 | PAM_SRC_URI = "file://sshd" | 30 | PAM_SRC_URI = "file://sshd" |
34 | 31 | ||
35 | SRC_URI[md5sum] = "652fdc7d8392f112bef11cacf7e69e23" | 32 | SRC_URI[md5sum] = "06a88699018e5fef13d4655abfed1f63" |
36 | SRC_URI[sha256sum] = "9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0" | 33 | SRC_URI[sha256sum] = "a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723" |
37 | 34 | ||
38 | inherit useradd update-rc.d update-alternatives systemd | 35 | inherit useradd update-rc.d update-alternatives systemd |
39 | 36 | ||