summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh_7.9p1.bb
Commit message (Collapse)AuthorAgeFilesLines
* openssh: backport patch to fix "cert not yet valid" testAnuj Mittal2020-04-091-0/+1
| | | | | | | | | | | | Fixes [YOCTO #13796] (From OE-Core rev: f830a6df31b4232e2a481c2c27148ff70ebb0a13) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> [Fix up for warrior context] Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Add sudo dependency for ptestRichard Purdie2019-06-071-1/+1
| | | | | | | | | | Without this we see test failures due to the sudo binary being missing. (From OE-Core rev: e9ec74e10b9c65ac4c014bce57b2d28806766df1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Avoid PROVIDES warning from rng-tools dependencyRichard Purdie2019-06-071-1/+1
| | | | | | | | | | | | Avoid the warning: WARNING: Nothing RPROVIDES 'nativesdk-rng-tools' (but virtual:nativesdk:/home/pokybuild/yocto-worker/build-appliance/build/meta/recipes-connectivity/openssh/openssh_7.9p1.bb RDEPENDS on or otherwise requires it) (From OE-Core rev: 5d70ab1ba3570ff24d5d118805ed0d9bafad022d) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: recommend rng-tools with sshdMikko Rapeli2019-06-071-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since openssl 1.1.1 and openssh which uses it, sshd startup is delayed. The delays range from few seconds to minutes and even to hours. The delays are visible in host keys generation and when sshd process is started in response to incoming TCP connection but is failing to provide SSH version string and clients or tests time out. In all cases traces show that sshd is waiting for getentropy() system call to return from Linux kernel, which returns only after kernel side random number pool is initialized. The pool is initialized via various entropy source which may be missing on embedded development boards or via rngd from rng-tools package from userspace. HW random number generation and kernel support help but rngd is till needed to feed that data back to the Linux kernel. Example from an NXP imx8 board shows that kernel random number pool initialization can take over 400 seconds without rngd, and with rngd it is initialized at around 4 seconds after boot. The completion of initialization is visible in kernel dmesg with line "random: crng init done". More details are available from: * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33 * http://www.man7.org/linux/man-pages/man2/getrandom.2.html (From OE-Core rev: 24d9e370e88a775486f9d6569bf1ba9c3b9e3b8a) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Cc: Mark Hatle <mark.hatle@windriver.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Cc: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix CVE-2018-20685, CVE-2019-6109, CVE-2019-6111Anuj Mittal2019-05-121-0/+4
| | | | | | | | | | | Also backport a patch to fix issues introduced by fix for CVE-2019-6109. (From OE-Core rev: b4068ea6887299cddada1f8842d8323b8aca2acc) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh/util-linux/python*: Ensure ptest output is unbufferedRichard Purdie2019-04-091-1/+1
| | | | | | | | | | | | | We need to run sed with the -u option to ensure the output is unbuffered else ptest-runner may timeout thinkig things were idle. Busybox doesn't have the -u option so we need to RDEPEND on sed (which is a good thing to do if we use it anyway). Alex Kanavin should get credit for discovering the problem. (From OE-Core rev: d3ffbebf43c23faa43af81c9ecf6fcaef36d675b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: use tarballs instead of gitAlexander Kanavin2019-01-111-0/+162
This was change to git recently to obtain openssl 1.1 compatible pre-release code (before 7.9 was out), however tarballs are preferred, and with them upstream version checks work (openssh uses a weird git tag scheme). (From OE-Core rev: a921a96e84f4d0b3f3d29a571981de08eb148e15) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-17 18:29:28 +0000