summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
Commit message (Collapse)AuthorAgeFilesLines
* openssh: Add missing DEPENDS on virtual/cryptRichard Purdie2019-06-201-1/+1
| | | | | | | | Changes to libxcrypt revealed a missing dependency in the openssh recipe. (From OE-Core rev: 0fd0a1b1f733a8d9978d64fa23e9d083a716de87) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix potential signed overflow in pointer arithmaticHongxu Jia2019-06-181-7/+19
| | | | | | | | | | | | | | Pointer arithmatic results in implementation defined signed integer type, so that 'd - dst’ in strlcat may trigger signed overflow if pointer ‘d’ is near 0x7fffffff in 32 bits system. In case of ompilation by gcc or clang with -ftrapv option, the overflow would generate program abort. (From OE-Core rev: 1c4b8d797c76a08ebd1658066e9d32972b6abe58) Signed-off-by: hguo3 <heng.guo@windriver.com> Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Document skipped test dependencyRichard Purdie2019-06-081-0/+1
| | | | | | | | | | | In minimal images the agent-ptrace test is skipped unless gdb is installed which explains the difference in test counts. We don't want a build dependency on gdb and the test isn't critical so just document the dependency. (From OE-Core rev: d3f29e6e52367e124e3f543f970038c0332ad3e1) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Add missing ptest dependency on coreutilsRichard Purdie2019-06-071-1/+1
| | | | | | | | | | | This fixes the openssh tests in minimal images since they use options not present in the busybox versions of the commands. [YOCTO #13295] (From OE-Core rev: 4059d8eedc5cf6f46a834997b7120150fcec4c0e) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.9p1 -> 8.0p1Zang Ruochen2019-05-315-629/+2
| | | | | | | | | | | | | | | Upgrade from openssh_7.9p1.bb to openssh_8.0p1.bb. -openssh/0001-upstream-Have-progressmeter-force-an-update-at-the-b.patch -openssh/CVE-2018-20685.patch -openssh/CVE-2019-6109.patch -openssh/CVE-2019-6111.patch -Removed since these are included in 8.0p1. (From OE-Core rev: 7e21cfec4de3d66585c92632e1503df54a89b79a) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Add sudo dependency for ptestRichard Purdie2019-05-221-1/+1
| | | | | | | | Without this we see test failures due to the sudo binary being missing. (From OE-Core rev: b9e4db06dd95ce709a4a895014cc98fdd7df4624) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Avoid PROVIDES warning from rng-tools dependencyRichard Purdie2019-05-121-1/+1
| | | | | | | | | | Avoid the warning: WARNING: Nothing RPROVIDES 'nativesdk-rng-tools' (but virtual:nativesdk:/home/pokybuild/yocto-worker/build-appliance/build/meta/recipes-connectivity/openssh/openssh_7.9p1.bb RDEPENDS on or otherwise requires it) (From OE-Core rev: f93f026212ebc28fce66682cdb995e061586df45) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: recommend rng-tools with sshdMikko Rapeli2019-05-121-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since openssl 1.1.1 and openssh which uses it, sshd startup is delayed. The delays range from few seconds to minutes and even to hours. The delays are visible in host keys generation and when sshd process is started in response to incoming TCP connection but is failing to provide SSH version string and clients or tests time out. In all cases traces show that sshd is waiting for getentropy() system call to return from Linux kernel, which returns only after kernel side random number pool is initialized. The pool is initialized via various entropy source which may be missing on embedded development boards or via rngd from rng-tools package from userspace. HW random number generation and kernel support help but rngd is till needed to feed that data back to the Linux kernel. Example from an NXP imx8 board shows that kernel random number pool initialization can take over 400 seconds without rngd, and with rngd it is initialized at around 4 seconds after boot. The completion of initialization is visible in kernel dmesg with line "random: crng init done". More details are available from: * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912087 * https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897572 * https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=43838a23a05fbd13e47d750d3dfd77001536dd33 * http://www.man7.org/linux/man-pages/man2/getrandom.2.html (From OE-Core rev: 9b01375236e19e3366c58877c4154d7c71632984) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Cc: Mark Hatle <mark.hatle@windriver.com> Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Cc: Adrian Bunk <bunk@stusta.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh/systemd/python/qemu: Fix patch Upstream-StatusRichard Purdie2019-05-083-3/+3
| | | | | | | | Fix some missing or corrupted patch Upstream-Status values. (From OE-Core rev: 07bc5a5367e0dec45253fd849e0157094152fd31) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix CVE-2018-20685, CVE-2019-6109, CVE-2019-6111Anuj Mittal2019-04-305-0/+627
| | | | | | | | | Also backport a patch to fix issues introduced by fix for CVE-2019-6109. (From OE-Core rev: 31b7485d8377c1c535d1878220bbc1d49dc5f13e) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh/util-linux/python*: Ensure ptest output is unbufferedRichard Purdie2019-04-092-2/+2
| | | | | | | | | | | | | We need to run sed with the -u option to ensure the output is unbuffered else ptest-runner may timeout thinkig things were idle. Busybox doesn't have the -u option so we need to RDEPEND on sed (which is a good thing to do if we use it anyway). Alex Kanavin should get credit for discovering the problem. (From OE-Core rev: d3ffbebf43c23faa43af81c9ecf6fcaef36d675b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: use tarballs instead of gitAlexander Kanavin2019-01-111-5/+3
| | | | | | | | | | | This was change to git recently to obtain openssl 1.1 compatible pre-release code (before 7.9 was out), however tarballs are preferred, and with them upstream version checks work (openssh uses a weird git tag scheme). (From OE-Core rev: a921a96e84f4d0b3f3d29a571981de08eb148e15) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Update to 7.9 primarily bug fixesArmin Kuster2018-11-141-1/+1
| | | | | | | | | see: https://lwn.net/Articles/768991/ (From OE-Core rev: d9b69aa41bc0b768698b132b9805a8abf0fac40d) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade 7.8p1 -> 7.8p1+git to support openssl 1.1.xHongxu Jia2018-09-201-6/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | - Convert from tarball to git repository which support openssl 1.1.x - There is no specific minor version that contains the openssl fix (it was merged to master a few days agao), rename recipe version to `7.8p1+git' - Fix regression test binaries missing In commit `1f7aaf7 openssh: build regression test binaries', it build regression test binaries, since upstream add two binaries in commits `c59aca8 Create control sockets in clean temp directories' and `1acc058 Disable tests where fs perms are incorrect', we should update do_compile_ptest. [ptest log] |/usr/lib/openssh/ptest/regress/test-exec.sh: line 330: /usr/lib/openssh/ ptest/regress/mkdtemp: No such file or directory [ptest log] (From OE-Core rev: 9d48cb3da696add33315cf129fe60102bd9756c9) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update from 7.7p1 to 7.8p1Randy MacLeod2018-09-042-42/+2
| | | | | | | | | | Drop the disable-ciphers patch since it has been integrated: cec33896 Omit 3des-cbc if OpenSSL built without DES. (From OE-Core rev: 7d35f5bb7b1700ae4bb7f55af8db7357a851c15a) Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: add nativesdk supportMikko Rapeli2018-06-181-2/+4
| | | | | | | | | | And use bitbake variables for install paths to fix nativesdk-openssh compilation. (From OE-Core rev: 70470dfa88338cae06670195bb7009cb13098ac2) Signed-off-by: Mikko Rapeli <mikko.rapeli@bmw.de> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: only create sshd host keys which have been enabledAndre McCurdy2018-06-151-23/+19
| | | | | | | | | | | | | | | Previously sshd_check_keys would create a full set of all possible sshd host keys, even if sshd_config has been set to only enable certain key types. Update sshd_check_keys to only create keys which have been enabled in sshd_config (with a fallback to creating a full set of key types if no HostKey options are defined, as before). (From OE-Core rev: 2303d795ae96f1a60caf145a0ddf100e89c4b5b0) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: sync local ssh_config + sshd_config files with upstream 7.7p1Andre McCurdy2018-06-152-27/+14
| | | | | | | | | | | | Changes are mostly related to the removal of support for SSH v.1 protocol, which was dropped from openssh sshd in 7.4p1: https://www.openssh.com/txt/release-7.4 (From OE-Core rev: b81389c50e0d191e31f71af82d86bfbb37b83acc) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: minor indent cleanup for sshd init scriptAndre McCurdy2018-06-151-6/+6
| | | | | | | | | | | | | The openssh sshd init script contains a mix of indent styles, mostly inherited from the Debian script from which it is derived. Leave the indent from Debian as-is, but for lines which are OE specific (e.g. where Debian's log_daemon_msg helper has been replaced with echo) make the indent consistent with surrounding lines. (From OE-Core rev: 68fb7d3b06887e0db3eef0ab231ced37cfa4894c) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: drop RCONFLICTS for openssh-keygenAndre McCurdy2018-06-151-1/+0
| | | | | | | | | | | The "ssh-keygen" package no longer seems to be provided by any recipe in oe-core or meta-oe, so there's no clear reason for the openssh-keygen package to conflict with it. (From OE-Core rev: 0c5567847edba6b5ab24ae505d16375397cf4b40) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: stop adding -D__FILE_OFFSET_BITS=64 to CFLAGSAndre McCurdy2018-06-151-3/+0
| | | | | | | | | | | | | | | Openssh takes care of enabling large-file support automatically via the AC_SYS_LARGEFILE in the configure.ac, so additional help from the recipe is not required. Even if it were once required, defining __FILE_OFFSET_BITS (ie with double leading underscores) looks like a typo and probably never had any effect anyway? (From OE-Core rev: 37b1a7bada267b89094ce0c3eb81b1de9f04df8e) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: drop sshd support for DSA host keysAndre McCurdy2018-06-073-10/+0
| | | | | | | | | | | DSA keys have been deprecated for some time: https://www.gentoo.org/support/news-items/2015-08-13-openssh-weak-keys.html (From OE-Core rev: e6a1c8c4ef4a1d2add6a7492d43027c4c0682300) Signed-off-by: Andre McCurdy <armccurdy@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade 7.6p1 -> 7.7p1Armin Kuster2018-05-291-2/+2
| | | | | | | | (From OE-Core rev: abc729786a6381e0b2c5f13b5dea6afdaada3dc0) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: disable ciphers not supported by OpenSSL DESHongxu Jia2018-04-202-0/+40
| | | | | | | | | | | | | | | | While compiling openssl with option `no-des', it caused the openssh build failure ... cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function); ... OpenSSL configured that way defines OPENSSL_NO_DES to disable des (From OE-Core rev: 08a5cda85594fca8b352841a26131bfac39c8417) Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: remove unused patchMaxin B. John2018-03-041-33/+0
| | | | | | | | | | | Remove unused patch: 0001-openssh-Fix-syntax-error-on-x32.patch (From OE-Core rev: a752aa31fc8f3a3d283381b7235710af4ece16d8) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Disable wtmp when using musl libcPaul Barker2018-01-221-0/+3
| | | | | | | | | | musl doesn't implement wtmp/utmp. (From OE-Core rev: 2065bb297ff3e48801bc8458d85f4f66a3e69daf) Signed-off-by: Paul Barker <pbarker@toganlabs.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: don't do aclocal/acinclude danceRoss Burton2017-12-101-4/+2
| | | | | | | | | Instead, just stop running aclocal. (From OE-Core rev: 0582396081b638811174f9371feacbbf4593bd1a) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update to 7.6Armin Kuster2017-11-074-239/+25
| | | | | | | | | | | LICENSE changed do to name being added removed patches included in some form (From OE-Core rev: 88770be201678bf1906e27d72e840de2cd4c43f0) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Atomically generate host keysJoshua Watt2017-10-071-8/+34
| | | | | | | | | | | | | | Generating the host keys atomically prevents power interruptions during the first boot from leaving the key files incomplete, which often prevents users from being able to ssh into the device. [YOCTO #11671] (From OE-Core rev: 221b40f1f08ee23511ba078a1efd01686922e932) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix key generation with systemdJoshua Watt2017-09-254-81/+76
| | | | | | | | | | | | | | | | | | | | 106b59d9 broke SSH host key generation when systemd and a read-only root file system are in use because there isn't a way for systemd to get the optional weak assigment of SYSCONFDIR from /etc/default/sshd and still provide a default value if it is not specified. Instead, move the logic for determining if keys need to be created to a helper script that both the SysV init script and the systemd unit file can reference. This does mean that the systemd unit file can't check for file existence to know if it should start the service, but it wasn't able to do that correctly anyway anymore. This should be a problem since the serivce is only run once per power cycle by systemd, and should exit quickly if the keys already exist (From OE-Core rev: 7e49c5879862253ae1b6a26535d07a2740a95798) Signed-off-by: Joshua Watt <JPEWhacker@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Fix syntax error on x32sweeaun2017-08-302-0/+34
| | | | | | | | | Fix compilation error during openssh x32 build due to syntax error. (From OE-Core rev: 74d41b4870bec88015c079444daad0a68f69abe9) Signed-off-by: sweeaun <swee.aun.khor@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: depend on openssl 1.0Alexander Kanavin2017-08-131-1/+2
| | | | | | | | | | | | | | | | The proposed openssl 1.1 patches are here: https://github.com/openssh/openssh-portable/pull/48 Openssl maintainers are not in a hurry to get 1.1 support in; if it doesn't show up within reasonable time, we can take a patch from Fedora: http://lists.mindrot.org/pipermail/openssh-unix-dev/2016-November/035454.html (From OE-Core rev: 5ccf4a9786fc607a5838edb3bf409f83d7483ba6) Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Remove deprecated sshd optionGary Thomas2017-06-281-1/+0
| | | | | | | | | | | | | The UsePrivilegeSeparation is no longer supported (recent SSHD always runs with previlege separation), so remove this option from the default config file to avoid this warning: /etc/ssh/sshd_config line 110: Deprecated option UsePrivilegeSeparation (From OE-Core rev: 8ee1c567b67ec55be0fa2fbcef3d5e8fb4e82709) Signed-off-by: Gary Thomas <gary@mlbassoc.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Fix malformed Upstream-Status tagsRoss Burton2017-06-271-1/+1
| | | | | | | | | | Fix a variety of spelling and format mistakes to improve the ease of reading the tags programatically. (From OE-Core rev: 6e1aaf80b0d951b48cd25cb7161ec19448295094) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: Drop remnants of uclibc supportRichard Purdie2017-06-221-6/+0
| | | | | | | | | | | | | | uclibc support was removed a while ago and musl works much better. Start to remove the various overrides and patches related to uclibc which are no longer needed. uclibc support in a layer would still be possible. I have strong reasons to believe nobody is still using uclibc since patches are missing and I doubt the metadata even parses anymore. (From OE-Core rev: 653704e9cf325cb494eb23facca19e9f05132ffd) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: allow to override OpenSSL HostKeys when read-only-rootfsAndré Draszik2017-06-121-4/+42
| | | | | | | | | | | | | | With these changes it is possible to have a .bbappend that - sets SYSCONFDIR to some persistent storage - modifies SYSCONFDIR/sshd_config to use ssh host keys from the (writable) sysconfdir (From OE-Core rev: 106b59d9f96f70d133fa1421091ad280d27a5b6a) Signed-off-by: André Draszik <adraszik@tycoint.com> Reviewed-by: Stephane Ayotte <sayotte@tycoint.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 7.5p1Dengke Du2017-05-121-2/+2
| | | | | | | | (From OE-Core rev: 2e8b43d89c61b32e5fafd0f57eea2241316628e5) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* recipes: Make use of the new bb.utils.filter() functionPeter Kjellerstedt2017-03-011-2/+2
| | | | | | | (From OE-Core rev: 0a1427bf9aeeda6bee2cc0af8da4ea5fd90aef6f) Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: upgrade to 7.4p1Dengke Du2017-01-264-67/+28
| | | | | | | | | | | | 1. Drop CVE patch: fix-CVE-2016-8858.patch, because the version 7.4p1 have been fixed it. 2. Rebase the remaining patchs on the version 7.4p1. (From OE-Core rev: b648b382046bd94f0cf5fe0aa4b77ab250f126cd) Signed-off-by: Dengke Du <dengke.du@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix CVE-2016-8858Kai Kang2016-11-232-0/+40
| | | | | | | | | | | | | Backport patch to fix CVE-2016-8858 of openssh. Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1384860 (From OE-Core rev: 134a05616839d002970b2e7124ea38348d10209b) Signed-off-by: Kai Kang <kai.kang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix potential signed overflow to enable compilation with -ftrapvYuanjie Huang2016-09-202-0/+100
| | | | | | | | | | | | | | | Pointer arithmatic results in implementation defined signed integer type, so that 's - src' in strlcpy and others may trigger signed overflow. In case of compilation by gcc or clang with -ftrapv option, the overflow would lead to program abort. Upstream-status: Submitted [https://bugzilla.mindrot.org/show_bug.cgi?id=2608] (From OE-Core rev: 2ce02941300aa3e826df0c59fd8d4ce19950028e) Signed-off-by: Yuanjie Huang <yuanjie.huang@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.2p2 -> 7.3p1Jussi Kukkonen2016-08-233-56/+18
| | | | | | | | | | | Remove CVE-2015-8325.patch as it's included upstream. Rebase another patch. (From OE-Core rev: 4b695379dcf378e8d77deaf7e558e8cbd314683c) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: add ed25519 host key location to read-only sshd configAndré Draszik2016-08-181-0/+1
| | | | | | | | | | It's simply been missing. (From OE-Core rev: ebd1ea45e67211bd2ab0ec7affab409908126ef3) Signed-off-by: André Draszik <git@andred.net> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* meta: add more missing patch tagsRoss Burton2016-08-042-2/+2
| | | | | | | (From OE-Core rev: 5e5a6145d844c2f6daa3258429a870c42475adff) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: conditional compile DES code.mingli.yu@windriver.com2016-07-263-0/+188
| | | | | | | | | | | | | After openssl disabled DES, openssh fails to build for some DES codes are not wrapped in conditional compile statement "#ifndef OPENSSL_NO_DES" and "#endif". (From OE-Core rev: cd9c62461e837967dd29a532d32990c23350acf8) Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> Signed-off-by: Mingli Yu <mingli.yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: fix init script restart with read-only-rootfsMatthew Campbell2016-06-231-1/+1
| | | | | | | | | | | | restart in the init script uses the check_config() function which doesn't have the $SSHD_OPTS passed through. This causes it to check the wrong config (and fail when read-only-rootfs is enabled. (From OE-Core rev: cb6f78072deb8b8c22baf5c31c3bd19d7e0af236) Signed-off-by: Matthew Campbell <mcampbell@izotope.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: update homepage and summaryStephano Cetola2016-05-201-2/+3
| | | | | | | | | | | | | The homepage variable is out of date and the summary does not mention ssh, making the recipe difficult to find. [ YOCTO #9610 ] (From OE-Core rev: ce84dc09172b98ce1162e536db17148a67ba2be1) Signed-off-by: Stephano Cetola <stephano.cetola@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Backport fix for CVE-2015-8325Jussi Kukkonen2016-05-192-0/+40
| | | | | | | | | PAM environment vars must be ignored when UseLogin=yes (From OE-Core rev: 0a06be81cb650def54a4c2059bd728c75954306f) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: Upgrade 7.1p2 -> 7.2p2Jussi Kukkonen2016-05-195-517/+2
| | | | | | | | | Remove patches that are in the release. (From OE-Core rev: 5e24780ac0fea9012f28f6e3f1040c431d3a742e) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* openssh: change URI to http:Ross Burton2016-05-171-1/+1
| | | | | | | | | | | | The OpenBSD FTP server isn't accepting connections from wget, which breaks fetches. Luckily they also have a HTTP server on the same host. [ YOCTO #9628 ] (From OE-Core rev: 8b10f0af3c434145b460fd5d7a9f394dc1284260) Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>