| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 19efeb598c5fb527bd5bc473d7a7d78242ec05a0)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: f091dbd6324a89682d29cac0bd0ba40899c8bdd5)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and
earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking
by presenting an unacceptable HostCertificate.
(From OE-Core rev: 7b2fff61b3d1c0566429793ee348fa8978ef0cba)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
sshd in OpenSSH before 6.6 does not properly support wildcards on
AcceptEnv lines in sshd_config, which allows remote attackers to
bypass intended environment restrictions by using a substring located
before a wildcard character.
(From OE-Core rev: a8d3b8979c27a8dc87971b66a1d9d9282f660596)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The /var/log/messages reports /var/log/lastlog as missing, since openssh
needs this file, create it as a volatile.
[YOCTO #6172]
(From OE-Core rev: a29af8c20187a65fbdbbedd0b7158c07d3e713cf)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
The base_contains is kept as a compatibility method and we ought to
not use it in OE-Core so we can remove it from base metadata in
future.
(From OE-Core rev: d83b16dbf0862be387f84228710cb165c6d2b03b)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Install openssh test-suite and run it as ptest.
(From OE-Core rev: 4d0ecccae671bffb40c870a6e33d20be869b89bc)
Signed-off-by: Maxin B. John <maxin.john@enea.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd
You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries.
First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac),
second needs a cached variable definition.
(From OE-Core rev: 2127c80d0cc2a3a4d676bd3c0890454a175fba8e)
Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The readonly sshd config sshd_config_readonly needs to be created from
the installed sshd_config as make install will adjust the paths in
the config file. This fixes the path for sftp-server being correct
in sshd_config but incorrect in sshd_config_readonly.
(From OE-Core rev: 400b4bce34ffb76e500e2195104cc200218aa4c3)
Signed-off-by: Jonathan Liu <net147@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We do not DEPEND on libbsd, so we do not want to
build with it just because libutil.h is found by configure.
As noted in the patch, specifying --disable-libutil to
configure does not work, so we provide "cached" configure
variables.
(From OE-Core rev: 103ef2295c728e427acc27bb071e786946c459f2)
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
[YOCTO #5983]
(From OE-Core rev: c859f9a9f765654a292d57a2bfcea8b4f4c65087)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: ea86d4ccc56f7933f988f0b24f09c5b6888d51ed)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch goes through the OE-Core recipes and marks those which use autotools
but don't support a separate build directory (${S} != ${B}). A new class,
autotools-brokensep is used for this purpose.
This doesn't introduce any change in behaviour in its own right.
(From OE-Core rev: 006b8a7808a58713af16c326dc37d07765334b12)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Everything is setup to use PAM except for the server config. If 'pam' is
in DISTRO_FEATURES the configs will be changed to enable it.
Syslog will now show:
Feb 19 09:28:36 beast sshd[2980]: pam_unix(sshd:session): session opened for user koen by (uid=0)
And more importantly:
koen@beast:~$ loginctl
SESSION UID USER SEAT
c1 1000 koen seat0
c3 1000 koen seat0
c13 1000 koen
3 sessions listed.
Systemd now registers the session properly so it won't kill things like 'screen'
and 'tmux' when disconnecting the ssh session.
(From OE-Core rev: 08c523daec0f5161803d2a6704402490c18ff6ca)
Signed-off-by: Koen Kooi <koen.kooi@linaro.org>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
/etc/pam.d/opensshd lists keyinit and uid as required, so add them to
RDEPENDS when PAM is enabled.
(From OE-Core rev: b2f49f9d2d8cd033611108c2bfe4871d02df0887)
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Without this PAM integration is broken after installing openssh-sshd
(From OE-Core rev: 2ba31c0f0fad6a1917e282dc381e8632db08200c)
Signed-off-by: Koen Kooi <koen@dominion.thruhere.net>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of manually adding initscripts to RDEPENDS of each package,
we should make it automatically handled by the update-rc.d.bbclass.
This solution would have the benefit of backward compatibility. In
other words, users need not modify their recipes.
This reverts commit 16080a3485bd793edd66ed8361f1e8b86a9e19ea.
(From OE-Core rev: f9f193219bd510160b6b09bae652a9dc8ea01e7b)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch contains a few fixes for the systemd unit files of openssh.
The fixes use the same unit files in Fedora 20 as a reference.
1) Remove sshdgenkeys.service and sshd@.service from SYSTEMD_SERVICE.
2) Fix the dependency and logic of sshdgenkeys.service.
(From OE-Core rev: 4379e6f3096c893db5fa6a0b4569a0440e4494fe)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
Now that the initscripts-functions has been packaged separately,
packages which may use the functions script should have a runtime
dependency on it.
(From OE-Core rev: 6690c12cb1977f6bf93f3eb6d471dbd7db81bf28)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
ssh-rand-helper was removed in OpenSSH 6.0 according to the upstream
changelog, so the configure option to enable/disable it was removed.
Fixes the following warning:
WARNING: QA Issue: openssh: configure was passed unrecognised options: --with-rand-helper
(From OE-Core rev: 77d0e383303e9209ea2cd74f2eb98e3ed516b67c)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Using the contains function results in more optimal sstate checksums
resulting in better cache reuse as we as more consistent code.
(From OE-Core rev: 9c93526756e7cbbff027c88eb972f877bcb1f057)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 19a483c157e783ded40e8dacac338a4d770a2d1a)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Removed the following backported patch(es):
* mac.patch
(From OE-Core rev: ce04ba6a5385ad2d021d472cf9236787c6ea7357)
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sshd status command results in error prompt:
root@qemu0:~# /etc/init.d/sshd status
/usr/sbin/sshd (pid 1199) is running...
/etc/init.d/sshd: line 100: return: can only `return' from a
function or sourced script
"service --status-all" command also display wrong status for sshd.
This commit fix this error prompt and make service command display
right status for sshd.
(From OE-Core rev: e7cf83ec3f39a7c41e38c6030b0d903fa7d37b2a)
Signed-off-by: Qiang Chen <qiang.chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It fixes the following failure:
"fatal: Missing privilege separation directory: /var/run/sshd"
when sshd is started through xinetd.
(From OE-Core rev: a343c32891aa46a7f7d5f0cc6d1266a387900dad)
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
-Remove dependency on meta-systemd
(From OE-Core rev: 6e6445d487c033913a29763f8e3a7a339d5b612d)
Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
(From OE-Core rev: d1e518b6942b945be7a4d44bc137a1441af8f837)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the rootfs is read-only and the ssh keys are not available at system
start-up, the init script will generate ssh keys into /etc/ssh, thus
causing a 'read-only file system' error.
In order for Yocto based image to work correctly for read-only rootfs,
we use the following logic for openssh.
If the rootfs is read-only and there are pre-generated keys under /etc/ssh,
we use the pre-generated keys. Note the pre-generated keys are mainly for
debugging or development purpose.
If the rootfs is read-only and there are no pre-generated keys under
/etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at
system boot-up, the generated ssh keys will put into /var/run/ssh.
[YOCTO #4887]
(From OE-Core rev: 2ed44745024f04aa4e00ddba3009153c6b47c8e9)
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Updated Upstream Status to openssh patch.
(From OE-Core rev: 71d4a91ffa062a4ab9a2dc0ce97e7405f3d15de7)
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
[sgw - Fixed commit line]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
| |
start-stop-daemon should be called with '--oknodo' instead of
'-oknodo'.
(From OE-Core rev: 40f65a76b3291ae625c072a8efebbf134b15c367)
Signed-off-by: Marc Ferland <ferlandm@sonatest.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
| |
(From OE-Core rev: 4defab3588a5a5e6e3fcdb8007eade18120094f6)
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
Backport patch to fix segment fault due to unaligned memory access
(From OE-Core rev: c2ce8e3bc10aec4cb53faea091ad867bab405bb7)
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
upgrade from 6.2p1 -> 6.2p2
(From OE-Core rev: 752ad432a248befe7d7b1dd799209f7bcbe9231e)
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
from 6.1p1 -> 6.2p1
(From OE-Core rev: 5f0400d2eb9e660fcb4780c2badbfb8856e64893)
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* sysvinit/systemd assumes that update-rc.d can be inhibited
* with systemd enabled, sysvinit scripts are missing in packages
and update-rc.d needs to be put in BAD_RECOMMENDATIONS to prevent
update-rc.d trying to install them in postinst
* update-rd.c shouldn't be in DEPENDS
(From OE-Core rev: e9e4a90c7e66abe2ab2c335d60ef91e869f48693)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 43ddc955727361458fec92731775a1fc7f29917c)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 5534deb69b0a2835fbbf149a00d1f6ba61cc8160)
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A security flaw was found in the way ssh-keysign,
a ssh helper program for host based authentication,
attempted to retrieve enough entropy information on configurations that
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
be executed to retrieve the entropy from the system environment).
A local attacker could use this flaw to obtain unauthorized access to host keys
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
[YOCTO #3493]
(From OE-Core rev: bdce08215396e5ab99ada5fa0f62c3b002a44582)
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
openssh: openssh's init fails to restart if sshd is not running
Because of "set -e", it's necessary to specify the -o (or --oknodo)
so that start-stop-daemon returns an exit status of 0 if no actions
are taken.
(From OE-Core rev: 7e44d2e8457c9c90932ce4f0fd95c67b74efb2e0)
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 11c169a9b289b0412e512c37d380a99fd1630df5)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
It is considered good practice to use the build system provided
variables instead of directly specify hardcoded paths.
(From OE-Core rev: b7134e8f76026d15a5e35c6a2e5d77d5e48c2787)
Signed-off-by: Javier Martinez Canillas <javier@dowhile0.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: fbcda6eff010e0a39cc0145a514e7de99f475145)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: b417ced0573acde896332827bcc13b0f7c5bd9fe)
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
LICENSE checksum changed due to a trivial difference in the credits
list.
(From OE-Core rev: ce1fc60b0044bccf6cf8432700d6c0b6f042dae2)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 59923e66e85471acdb70d72082a8906c69b17720)
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
| |
(From OE-Core rev: 47c7f5a6f022dca10ae63851c7d9c14ee06f0c0b)
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current sshd postinst and postrm scripts in the OpenSSH make the
package dependant of the adduser/addgroup scripts which may not be
available on all systems.
This patch replaces the sshd postinst and postrm scripts with proper
usage of the useradd and update-rc.d classes.
This patch had been modified from the previous proposed version to
use useradd long options for more clarity.
(From OE-Core rev: 6b7f399d595ef58e759dab211f4ece155119a680)
Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
| |
* Starting with openssh-5.8p1, the server will default to a newer key
algorithm (ECDSA).
(From OE-Core rev: 998e3acf0d38007fde10f47f98b71192685e19b9)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
| |
Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.
(From OE-Core rev: 8279f771a482d890ad897971cba1d656fdcaefe9)
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Nothing in the system actually uses the PROVIDES field for these
recipes, its usually the runtime packages that are used. We can
therefore remove the PROVIDES and hence quieten the associated
warnings from bitbake.
If these recipes do really need the PROVIDES, they would be better
as virtuals and adding that to MULTI_PROVIDER_WHITELIST.
(From OE-Core rev: 84f3ae92ab4345cc99b47e021ff960857f803d45)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
