summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
Commit message (Collapse)AuthorAgeFilesLines
* openssh: depend on openssl 1.0Alexander Kanavin2017-08-131-1/+2
| | | | | | | | | | | | | | | | The proposed openssl 1.1 patches are here: https://github.com/openssh/openssh-portable/pull/48 Openssl maintainers are not in a hurry to get 1.1 support in; if it doesn't show up within reasonable time, we can take a patch from Fedora: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-November/035454.html (From OE-Core rev: 5ccf4a9786fc607a5838edb3bf409f83d7483ba6) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Remove deprecated sshd optionGary Thomas2017-06-281-1/+0
| | | | | | | | | | | | | The UsePrivilegeSeparation is no longer supported (recent SSHD always runs with previlege separation), so remove this option from the default config file to avoid this warning: /etc/ssh/sshd_config line 110: Deprecated option UsePrivilegeSeparation (From OE-Core rev: 8ee1c567b67ec55be0fa2fbcef3d5e8fb4e82709) Signed-off-by: Gary Thomas <gary@mlbassoc.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix malformed Upstream-Status tagsRoss Burton2017-06-271-1/+1
| | | | | | | | | | Fix a variety of spelling and format mistakes to improve the ease of reading the tags programatically. (From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Drop remnants of uclibc supportRichard Purdie2017-06-221-6/+0
| | | | | | | | | | | | | | uclibc support was removed a while ago and musl works much better. Start to remove the various overrides and patches related to uclibc which are no longer needed. uclibc support in a layer would still be possible. I have strong reasons to believe nobody is still using uclibc since patches are missing and I doubt the metadata even parses anymore. (From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: allow to override OpenSSL HostKeys when read-only-rootfsAndré Draszik2017-06-121-4/+42
| | | | | | | | | | | | | | With these changes it is possible to have a .bbappend that - sets SYSCONFDIR to some persistent storage - modifies SYSCONFDIR/sshd_config to use ssh host keys from the (writable) sysconfdir (From OE-Core rev: 106b59d9f96f70d133fa1421091ad280d27a5b6a) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 7.5p1Dengke Du2017-05-121-2/+2
| | | | | | | | (From OE-Core rev: 2e8b43d89c61b32e5fafd0f57eea2241316628e5) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-2/+2
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 7.4p1Dengke Du2017-01-264-67/+28
| | | | | | | | | | | | 1. Drop CVE patch: fix-CVE-2016-8858.patch, because the version 7.4p1 have been fixed it. 2. Rebase the remaining patchs on the version 7.4p1. (From OE-Core rev: b648b382046bd94f0cf5fe0aa4b77ab250f126cd) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix CVE-2016-8858Kai Kang2016-11-232-0/+40
| | | | | | | | | | | | | Backport patch to fix CVE-2016-8858 of openssh. Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1384860 (From OE-Core rev: 134a05616839d002970b2e7124ea38348d10209b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix potential signed overflow to enable compilation with -ftrapvYuanjie Huang2016-09-202-0/+100
| | | | | | | | | | | | | | | Pointer arithmatic results in implementation defined signed integer type, so that 's - src' in strlcpy and others may trigger signed overflow. In case of compilation by gcc or clang with -ftrapv option, the overflow would lead to program abort. Upstream-status: Submitted [https://bugzilla.mindrot.org/show_bug.cgi?id=2608] (From OE-Core rev: 2ce02941300aa3e826df0c59fd8d4ce19950028e) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.2p2 -> 7.3p1Jussi Kukkonen2016-08-233-56/+18
| | | | | | | | | | | Remove CVE-2015-8325.patch as it's included upstream. Rebase another patch. (From OE-Core rev: 4b695379dcf378e8d77deaf7e558e8cbd314683c) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: add ed25519 host key location to read-only sshd configAndré Draszik2016-08-181-0/+1
| | | | | | | | | | It's simply been missing. (From OE-Core rev: ebd1ea45e67211bd2ab0ec7affab409908126ef3) Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: add more missing patch tagsRoss Burton2016-08-042-2/+2
| | | | | | | (From OE-Core rev: 5e5a6145d844c2f6daa3258429a870c42475adff) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: conditional compile DES code.mingli.yu@windriver.com2016-07-263-0/+188
| | | | | | | | | | | | | After openssl disabled DES, openssh fails to build for some DES codes are not wrapped in conditional compile statement "#ifndef OPENSSL_NO_DES" and "#endif". (From OE-Core rev: cd9c62461e837967dd29a532d32990c23350acf8) Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix init script restart with read-only-rootfsMatthew Campbell2016-06-231-1/+1
| | | | | | | | | | | | restart in the init script uses the check_config() function which doesn't have the $SSHD_OPTS passed through. This causes it to check the wrong config (and fail when read-only-rootfs is enabled. (From OE-Core rev: cb6f78072deb8b8c22baf5c31c3bd19d7e0af236) Signed-off-by: Matthew Campbell <mcampbell@izotope.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update homepage and summaryStephano Cetola2016-05-201-2/+3
| | | | | | | | | | | | | The homepage variable is out of date and the summary does not mention ssh, making the recipe difficult to find. [ YOCTO #9610 ] (From OE-Core rev: ce84dc09172b98ce1162e536db17148a67ba2be1) Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Backport fix for CVE-2015-8325Jussi Kukkonen2016-05-192-0/+40
| | | | | | | | | PAM environment vars must be ignored when UseLogin=yes (From OE-Core rev: 0a06be81cb650def54a4c2059bd728c75954306f) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.1p2 -> 7.2p2Jussi Kukkonen2016-05-195-517/+2
| | | | | | | | | Remove patches that are in the release. (From OE-Core rev: 5e24780ac0fea9012f28f6e3f1040c431d3a742e) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: change URI to http:Ross Burton2016-05-171-1/+1
| | | | | | | | | | | | The OpenBSD FTP server isn't accepting connections from wget, which breaks fetches. Luckily they also have a HTTP server on the same host. [ YOCTO #9628 ] (From OE-Core rev: 8b10f0af3c434145b460fd5d7a9f394dc1284260) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Security Fix CVE-2016-3115Armin Kuster2016-04-292-1/+87
| | | | | | | | | opehssh <= 7.2 (From OE-Core rev: 7d6abd0b7b89f28343741c2188da22c6d1c6c8ea) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Properly skip ptrace test if tools are missingJussi Kukkonen2016-02-111-3/+3
| | | | | | | | | | | Without the exit there will be a SKIP and a FAIL for the same test. Also fix typo in a message. (From OE-Core rev: d44a2ec730fe52d2266c5e4d184cd4c881e172d1) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix regex that sets sftp-server path for testsJussi Kukkonen2016-02-111-1/+1
| | | | | | | | | | [YOCTO #9049] (From OE-Core rev: b4dc73b6d6d082cd9e907998ff61dc3da7df2018) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: CVE-2016-1907Armin Kuster2016-01-184-1/+431
| | | | | | | | | | | | This issue requires three commits: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0 (From OE-Core rev: a42229df424552955c0ac62da1063461f97f5938) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update to 7.1p2Alexander Kanavin2016-01-151-2/+2
| | | | | | | | | This fixes a number of security issues. (From OE-Core rev: b3b679d5be86f73d1a06c7230cb00872f0a407b5) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: redesign ssh-agent.sh regression test caseRoy Li2015-12-011-0/+37
| | | | | | | | | | | | ssh-agent regression test case should be run by non-root user, but non-root user will has issue to run other testcase, so rewrite it on run-ptest (From OE-Core rev: 5ca6bb9b73bf09c1847ec3e5a7477829bd3d77b5) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: enable X11Forwarding if distro feature x11 is setKai Kang2015-11-161-1/+5
| | | | | | | | | | | | | When distro feature x11 is set, it is better enable X11Forwarding for ssh daemon. For contrast, dropbear enable X11 forward by default. It does NOT need to modify ${WORKDIR}/sshd_config, so drop the modification. (From OE-Core rev: 0dc68d745f97753fc9fde896f6ee1943c1e071b3) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix file permission for /etc/pam.d/sshdChen Qi2015-10-211-1/+1
| | | | | | | | | | The file permission should be 0644 instead of 0755. (From OE-Core rev: 38567f910130f8559c2ba6935e0bfad61f6b1f4f) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix sshd key generation when systemd is in use and rootfs is readonlyAlexander Kanavin2015-10-012-6/+19
| | | | | | | | | [YOCTO #8365] (From OE-Core rev: d5ea131fe94939daabee1afe8219683de259b7a3) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.0p1 -> 7.1p1Jussi Kukkonen2015-09-011-2/+2
| | | | | | | | | This is a bugfix release. (From OE-Core rev: 6089c32738dc0979968bebda03c80450afe74be2) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: build regression test binariesJussi Kukkonen2015-08-242-1/+7
| | | | | | | | | | | | | | | | | | | | | ptests were failing and many more were being silently skipped because required binaries were not being built. Build the binaries in regress/ and set SUDO environment variable in run-ptests: after this all tests in regress/ are now run. Continue to skip building binaries in regress/unittests/: unittest runtime is excessive. On a NUC running intel-corei7-64 core-image-sato, new results are: PASS: 55, SKIP: 3, FAIL: 0 [YOCTO #8153] (From OE-Core rev: 1f7aaf76f4aa7875f05f4b838a5ec4594a4c35dc) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 6.9p1 -> 7.0p1Roy Li2015-08-191-2/+2
| | | | | | | | | | | 7.0p1 includes the fix for CVE-2015-5600, and release note is in: http://www.openssh.com/txt/release-7.0 (From OE-Core rev: a98f4aedb241aa4352e644b5ef7c275f467c0c48) Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 6.8p1 -> 6.9p1Jussi Kukkonen2015-08-161-2/+2
| | | | | | | | | | 6.9p1 is primarily a bugfix release. (From OE-Core rev: b971bdb52ab709b60b42be56b5175f43c96304b1) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix login fails for ssh -o Batchmode=yes with empty passwordsWenlin Kang2015-05-033-33/+2
| | | | | | | | | | | | | | | | The patch fixes the login fails for ssh -o Batchmode=yes when passwords is empty and without authorized_keys file even if set "PermitEmptyPasswords yes" in sshd_config file. Here, to fix this issue, we remove the file auth2-none.c-avoid-authenticate- empty-passwords-to-m.patch, that fixed broken pipe while sshd with pam, but it isn't needed any more now, because we make it has gone by change ChallengeResponseAuthentication value in sshd_config file. (From OE-Core rev: f879a7406d8fce37e8baf5fe724d7ed0042d57f8) Signed-off-by: Wenlin Kang <wenlin.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 6.7 - > 6.8Khem Raj2015-04-212-17/+25
| | | | | | | | | | | Its a major releaseof openssh, should be fully compatible with 6.7 additionally works with musl Change-Id: I903d31247b8a318b9be1c21f764ffe56b5971ca9 (From OE-Core rev: 4ac2974f463f8e2970d9e44e3b273c672a3cab8c) Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix non-deterministic build behaviourDan McGregor2015-02-081-0/+3
| | | | | | | | | | | If maillock.h is found, a dependency on liblockfile will be created. liblockfile is in meta-oe, so we don't want that in an oe-core recipe. (From OE-Core rev: b2cee9b9f08dff41e46e227b1ffa5e46e98faa89) Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: configuration updatesDan McGregor2015-02-033-9/+26
| | | | | | | | | | | Rebase sshd_config and ssh_config with openssh upstream. Check for the ed25519 key in the systemd keygen service. (From OE-Core rev: 046dd5567d9de0596023846e7f0c6df7f01a9f5b) Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: deliver ssh-copy-idKai Kang2015-01-161-0/+1
| | | | | | | | | | Deliver script ssh-copy-id from openssh which is useful to add an authorized ssh key. (From OE-Core rev: 16562034a2c28cbfc6c90f9324c42c08e0655b7d) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 6.7p1Paul Eggleton2015-01-074-172/+5
| | | | | | | | | | | | | | * Drop two CVE patches already handled upstream. * Drop nostrip.patch which no longer applies and use the existing --disable-strip configure option instead. * OpenSSH 6.7+ no longer supports tcp wrappers. We could apply the Debian patch to add support back in, but it seems best to follow upstream here unless we have a good reason to do otherwise. (From OE-Core rev: 59e0833e24e4945569d36928dc0f231e822670ba) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: move setting LD to allow for correct overrideSaul Wold2014-12-191-1/+1
| | | | | | | | | | | | | | | Using the export LD in the recipe does not allow for secodnary toolchain overriding LD later, by setting it in the do_configure_append the export is used by autotools setting LD based on the env, but would allow for override later. [YOCTO #6997] (From OE-Core rev: 9b37e630f5f6e37e928f825c4f67481cf58c98a1) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix using the original config files in srcdirZheng Junling2014-12-051-5/+2
| | | | | | | | | | | | | | | | | | | | | | | | Currently, we install our own ssh_config and sshd_config into ${S} in do_compile_append() task. So when finishing compiling, their .out files are generated by the original files, rather than by our own files. In most cases, installing "$(CONFIGFILES)" in Makefile will generate .out files again, and then installing "install-sysconf", which will install these two files into $(DESTDIR), thus we get what we expect. However, when parallel installing, "install-sysconf" may be installed before "$(CONFIGFILES)" sometimes. In this rare case, the .out files generated in the first time rather than those in the second time will be installed into $(DESTDIR), and thus we get an unexpect result. This patch fixes this bug through transfering the installing of our own files from do_compile_append() into do_configure_prepend(). (From OE-Core rev: 6a60a4ba8d8e529882daa33140c9a2fc08714fb2) Signed-off-by: Zheng Junling <zhengjunling@huawei.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: drop already applied patchPaul Eggleton2014-11-202-23/+0
| | | | | | | | | This patch was part of the 6.6p1 release. (From OE-Core rev: 45206510ab48bfee6e183f698f963fea8f03e2a5) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: avoid screen sessions being killed on disconnect with systemdPaul Eggleton2014-10-181-0/+1
| | | | | | | | | | | | | | | Tell systemd just to kill the sshd process when the ssh connection drops instead of the entire cgroup for sshd, so that any screen sessions (and more to the point, processes within them) do not get killed. (This is what the Fedora sshd service file does, and what we're already doing in the dropbear service file). (From OE-Core rev: 3c238dff41fbd3687457989c7b17d22b2cc844be) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: use pidfile in initscriptRichard Tollerton2014-07-191-5/+7
| | | | | | | | | | | | | | | | | | | | | | | | Stopping sshd must only kill the listening (top-level) daemon; it must not stop any other sshd process, because those are forked ssh connections which may include e.g. the connection that called /etc/init.d/sshd stop. This initscript uses "start-stop-daemon -x <exe>" for starting/stopping. When that is provided by busybox, this behavior is broken: `/etc/init.d/sshd stop` stops *all* sshd processes. This was caused by a fix to busybox 1.20: 17eedcad9406c43beddab3906c8c693626c351fb "ssd: compat: match -x EXECUTABLE by /proc/pid/exe too". The fix is to use a pidfile. All initscripts in upstream openssh do this, as does dropbear. Acked-by: Gratian Crisan <gratian.crisan@ni.com> Acked-by: Ken Sharp <ken.sharp@ni.com> (From OE-Core rev: 993405285e547403d5c753adfa91c26c43be13f6) Signed-off-by: Richard Tollerton <rich.tollerton@ni.com> Signed-off-by: Ben Shelton <ben.shelton@ni.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: avoid checking empty passwords to mess up with PAM modulesChen Qi2014-07-032-1/+32
| | | | | | | | | | | | | | | | | | | | | | | Previously, even if PAM is enabled for ssh, the daemon still tries to authenticate an empty password. This leads to authentication failure which would mess up with PAM modules. As a result, if 'UsePAM', 'PermitEmptyPasswords' and 'PasswordAuthentication' are enabled, no user can login correctly. We would meet the following error message at the client side. Write failed: Broken Pipe This patch fixes the above problem by checking whether PAM is enabled before authenticating an empty password. After all, if PAM is enabled, the task of authenticating passwords should be handled to PAM modules. [YOCTO #6466] (From OE-Core rev: e017ae71dad4837b0d22f291b0b0e0949075f822) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: move packaging definitions to the endPaul Eggleton2014-05-151-7/+7
| | | | | | | | (From OE-Core rev: 19efeb598c5fb527bd5bc473d7a7d78242ec05a0) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update to 6.6p1Paul Eggleton2014-05-151-2/+2
| | | | | | | | (From OE-Core rev: f091dbd6324a89682d29cac0bd0ba40899c8bdd5) Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix for CVE-2014-2653Chen Qi2014-05-132-1/+116
| | | | | | | | | | | The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. (From OE-Core rev: 7b2fff61b3d1c0566429793ee348fa8978ef0cba) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix for CVE-2014-2532Chen Qi2014-05-132-1/+24
| | | | | | | | | | | | sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. (From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: add /var/log/lastlog to volatile listSaul Wold2014-05-081-0/+1
| | | | | | | | | | | | The /var/log/messages reports /var/log/lastlog as missing, since openssh needs this file, create it as a volatile. [YOCTO #6172] (From OE-Core rev: a29af8c20187a65fbdbbedd0b7158c07d3e713cf) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador2014-04-251-5/+5
| | | | | | | | | | | The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. (From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b) Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-13 20:32:59 +0000