summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
Commit message (Collapse)AuthorAgeFilesLines
* openssh: fix CVE-2010-5107Ross Burton2013-04-292-1/+52
| | | | | | | | | | | | | | | From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5107: "The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections." Integrate patches from upstream to enable "random early drop" by default./ (From OE-Core rev: 1d4f2d5ef65135e61d78ac0db90afe7f5d166d05) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: openssh's init fails to restart if sshd is not runningAmy Fong2012-08-171-1/+1
| | | | | | | | | | | | | | openssh: openssh's init fails to restart if sshd is not running Because of "set -e", it's necessary to specify the -o (or --oknodo) so that start-stop-daemon returns an exit status of 0 if no actions are taken. (From OE-Core rev: 7e44d2e8457c9c90932ce4f0fd95c67b74efb2e0) Signed-off-by: Amy Fong <amy.fong@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: cleanup update-alternatives deprecated codeSaul Wold2012-08-151-4/+0
| | | | | | | (From OE-Core rev: 11c169a9b289b0412e512c37d380a99fd1630df5) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: use ${localstatedir} instead of /var for packagingJavier Martinez Canillas2012-08-061-2/+2
| | | | | | | | | | It is considered good practice to use the build system provided variables instead of directly specify hardcoded paths. (From OE-Core rev: b7134e8f76026d15a5e35c6a2e5d77d5e48c2787) Signed-off-by: Javier Martinez Canillas <javier@dowhile0.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: replace CONFLICTS with RCONFLICTS_${PN}Martin Jansa2012-06-181-2/+2
| | | | | | | (From OE-Core rev: fbcda6eff010e0a39cc0145a514e7de99f475145) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: use new update-alternativesMark Hatle2012-05-301-20/+11
| | | | | | | (From OE-Core rev: b417ced0573acde896332827bcc13b0f7c5bd9fe) Signed-off-by: Mark Hatle <mark.hatle@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 6.0p1Scott Garman2012-05-086-4/+4
| | | | | | | | | | LICENSE checksum changed due to a trivial difference in the credits list. (From OE-Core rev: ce1fc60b0044bccf6cf8432700d6c0b6f042dae2) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* PR Bump for OpenSSL 1.0Saul Wold2011-11-301-1/+1
| | | | | | | (From OE-Core rev: 59923e66e85471acdb70d72082a8906c69b17720) Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 5.9p1Scott Garman2011-10-276-2/+2
| | | | | | | (From OE-Core rev: 47c7f5a6f022dca10ae63851c7d9c14ee06f0c0b) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Use useradd and update-rc.d classes in the OpenSSH recipeJulian Pidancet2011-10-101-21/+8
| | | | | | | | | | | | | | | | | The current sshd postinst and postrm scripts in the OpenSSH make the package dependant of the adduser/addgroup scripts which may not be available on all systems. This patch replaces the sshd postinst and postrm scripts with proper usage of the useradd and update-rc.d classes. This patch had been modified from the previous proposed version to use useradd long options for more clarity. (From OE-Core rev: 6b7f399d595ef58e759dab211f4ece155119a680) Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update init script to create ECDSA keys if neededMartin Jansa2011-09-162-1/+5
| | | | | | | | | | * Starting with openssh-5.8p1, the server will default to a newer key algorithm (ECDSA). (From OE-Core rev: 998e3acf0d38007fde10f47f98b71192685e19b9) Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Support PAMXiaofeng Yan2011-07-272-2/+21
| | | | | | | | | Adding configuration file "sshd" in /etc/pam.d/ for supporting pam. (From OE-Core rev: 8279f771a482d890ad897971cba1d656fdcaefe9) Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh/dropbear: No need for each to PROVIDE ssh/sshdRichard Purdie2011-07-071-1/+0
| | | | | | | | | | | | | | Nothing in the system actually uses the PROVIDES field for these recipes, its usually the runtime packages that are used. We can therefore remove the PROVIDES and hence quieten the associated warnings from bitbake. If these recipes do really need the PROVIDES, they would be better as virtuals and adding that to MULTI_PROVIDER_WHITELIST. (From OE-Core rev: 84f3ae92ab4345cc99b47e021ff960857f803d45) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* Drop PRIORITY variableRichard Purdie2011-07-011-1/+0
| | | | | | | | | | | | | | | | As discussed on the mailing list, this variable isn't useful and if wanted would be better implemented by distros using pn-X overrides. This patch executes: find . -regex ".*\.\(bb\|inc\)$" | xargs sed -i '/^PRIORITY = ".*"$/d' against the tree removing the referenced. Thanks to Phil Blundell for the command. (From OE-Core rev: d122343362669c683acc4af295971a62cbc823fc) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to v5.8p2Scott Garman2011-06-075-4/+5
| | | | | | | | | | LICENCE checksum updated due to a one-line change in the file (RedHat was added as a copyright holder). (From OE-Core rev: 969cdde4541819ef5123a77391d870843aff0b55) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* update patch upstream statusQing He2011-05-171-1/+2
| | | | | | | | | | for the following recipes: pcmciautils openssl udev apt gdm (From OE-Core rev: 552c9fa44c2a2bb94bcf83bff802773265a35a27) Signed-off-by: Qing He <qing.he@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Don't use ${libdir}execTom Rini2011-05-171-3/+3
| | | | | | | | | | This is 1259e0289ce53198cc6c57a9616c8a1623be502a in OE. [RP: Added PR bump] (From OE-Core rev: 49e8503acb8424979b12ec6b5ea17421a1edc80c) Signed-off-by: Tom Rini <tom_rini@mentor.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Add Upstream-Status to various recipe patchesScott Garman2011-05-171-3/+6
| | | | | | | | | | | | | | | | | | | Add Upstream-Status tag to patches for the following recipes: openssh dbus-glib expat opensp sgml-common at cpio (GPLv3 version) libpam icu (From OE-Core rev: 0702602332ad63c2cfaa207516497bb0b75bfdf3) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: allow the openssh meta package to be emptyScott Garman2011-03-101-1/+3
| | | | | | | | | | | This allows the openssh meta-package to be used in the poky-ssh task. Otherwise there will be no package named openssh to install during image creation. (From OE-Core rev: 9f4747a1e7e04e0b08b7b402bd8dd7cf8ccd0166) Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes-connectivity: Cleanup package descriptions and summariesMark Hatle2010-10-111-0/+1
| | | | | | | | | [BUGID #281] Evaluate and update each package in recipes-connectivity to ensure they have a consistent summary and description. Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
* openssh: new recipe additionScott Garman2010-09-025-0/+390
OpenSSH v5.6p1, derived from OpenEmbedded's recipe. Signed-off-by: Scott Garman <scott.a.garman@intel.com>