diff options
| author | Andrei Dinu <andrei.adrianx.dinu@intel.com> | 2013-04-16 15:55:24 +0300 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2013-04-28 12:03:48 +0100 |
| commit | 5f0400d2eb9e660fcb4780c2badbfb8856e64893 (patch) | |
| tree | 4469b49b97553ecba4f8c5dbac7553b79b026f41 /meta/recipes-connectivity/openssh/openssh-6.1p1 | |
| parent | 5a868cc5aba80c9208973755541a060e417b77f0 (diff) | |
| download | openembedded-core-5f0400d2eb9e660fcb4780c2badbfb8856e64893.tar.gz openembedded-core-5f0400d2eb9e660fcb4780c2badbfb8856e64893.tar.bz2 openembedded-core-5f0400d2eb9e660fcb4780c2badbfb8856e64893.zip | |
openssh : upgrade to 6.2p1
from 6.1p1 -> 6.2p1
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh-6.1p1')
6 files changed, 0 insertions, 314 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-6.1p1/init b/meta/recipes-connectivity/openssh/openssh-6.1p1/init deleted file mode 100644 index cde52ef3f4..0000000000 --- a/meta/recipes-connectivity/openssh/openssh-6.1p1/init +++ /dev/null @@ -1,92 +0,0 @@ -#! /bin/sh -set -e - -# /etc/init.d/ssh: start and stop the OpenBSD "secure shell" daemon - -test -x /usr/sbin/sshd || exit 0 -( /usr/sbin/sshd -\? 2>&1 | grep -q OpenSSH ) 2>/dev/null || exit 0 - -if test -f /etc/default/ssh; then - . /etc/default/ssh -fi - -check_for_no_start() { - # forget it if we're trying to start, and /etc/ssh/sshd_not_to_be_run exists - if [ -e /etc/ssh/sshd_not_to_be_run ]; then - echo "OpenBSD Secure Shell server not in use (/etc/ssh/sshd_not_to_be_run)" - exit 0 - fi -} - -check_privsep_dir() { - # Create the PrivSep empty dir if necessary - if [ ! -d /var/run/sshd ]; then - mkdir /var/run/sshd - chmod 0755 /var/run/sshd - fi -} - -check_config() { - /usr/sbin/sshd -t || exit 1 -} - -check_keys() { - # create keys if necessary - if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then - echo " generating ssh RSA key..." - ssh-keygen -q -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa - fi - if [ ! -f /etc/ssh/ssh_host_ecdsa_key ]; then - echo " generating ssh ECDSA key..." - ssh-keygen -q -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa - fi - if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then - echo " generating ssh DSA key..." - ssh-keygen -q -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa - fi -} - -export PATH="${PATH:+$PATH:}/usr/sbin:/sbin" - -case "$1" in - start) - check_for_no_start - echo "Starting OpenBSD Secure Shell server: sshd" - check_keys - check_privsep_dir - start-stop-daemon -S -x /usr/sbin/sshd -- $SSHD_OPTS - echo "done." - ;; - stop) - echo -n "Stopping OpenBSD Secure Shell server: sshd" - start-stop-daemon -K -x /usr/sbin/sshd - echo "." - ;; - - reload|force-reload) - check_for_no_start - check_keys - check_config - echo -n "Reloading OpenBSD Secure Shell server's configuration" - start-stop-daemon -K -s 1 -x /usr/sbin/sshd - echo "." - ;; - - restart) - check_keys - check_config - echo -n "Restarting OpenBSD Secure Shell server: sshd" - start-stop-daemon -K -oknodo -x /usr/sbin/sshd - check_for_no_start - check_privsep_dir - sleep 2 - start-stop-daemon -S -x /usr/sbin/sshd -- $SSHD_OPTS - echo "." - ;; - - *) - echo "Usage: /etc/init.d/ssh {start|stop|reload|force-reload|restart}" - exit 1 -esac - -exit 0 diff --git a/meta/recipes-connectivity/openssh/openssh-6.1p1/nostrip.patch b/meta/recipes-connectivity/openssh/openssh-6.1p1/nostrip.patch deleted file mode 100644 index 33111f5494..0000000000 --- a/meta/recipes-connectivity/openssh/openssh-6.1p1/nostrip.patch +++ /dev/null @@ -1,20 +0,0 @@ -Disable stripping binaries during make install. - -Upstream-Status: Inappropriate [configuration] - -Build system specific. - -Signed-off-by: Scott Garman <scott.a.garman@intel.com> - -diff -ur openssh-5.6p1.orig/Makefile.in openssh-5.6p1/Makefile.in ---- openssh-5.6p1.orig/Makefile.in 2010-05-11 23:51:39.000000000 -0700 -+++ openssh-5.6p1/Makefile.in 2010-08-30 16:49:54.000000000 -0700 -@@ -29,7 +29,7 @@ - RAND_HELPER=$(libexecdir)/ssh-rand-helper - PRIVSEP_PATH=@PRIVSEP_PATH@ - SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ --STRIP_OPT=@STRIP_OPT@ -+STRIP_OPT= - - PATHS= -DSSHDIR=\"$(sysconfdir)\" \ - -D_PATH_SSH_PROGRAM=\"$(SSH_PROGRAM)\" \ diff --git a/meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch deleted file mode 100644 index 8489edcc82..0000000000 --- a/meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch +++ /dev/null @@ -1,27 +0,0 @@ -openssh-CVE-2011-4327 - -A security flaw was found in the way ssh-keysign, -a ssh helper program for host based authentication, -attempted to retrieve enough entropy information on configurations that -lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would -be executed to retrieve the entropy from the system environment). -A local attacker could use this flaw to obtain unauthorized access to host keys -via ptrace(2) process trace attached to the 'ssh-rand-helper' program. - -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 -http://www.openssh.com/txt/portable-keysign-rand-helper.adv - -Signed-off-by: Li Wang <li.wang@windriver.com> ---- a/ssh-keysign.c -+++ b/ssh-keysign.c -@@ -170,6 +170,10 @@ - key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); -+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || -+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 || -+ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0) -+ fatal("fcntl failed"); - - original_real_uid = getuid(); /* XXX readconf.c needs this */ - if ((pw = getpwuid(original_real_uid)) == NULL) diff --git a/meta/recipes-connectivity/openssh/openssh-6.1p1/ssh_config b/meta/recipes-connectivity/openssh/openssh-6.1p1/ssh_config deleted file mode 100644 index 4a4a649ba8..0000000000 --- a/meta/recipes-connectivity/openssh/openssh-6.1p1/ssh_config +++ /dev/null @@ -1,46 +0,0 @@ -# $OpenBSD: ssh_config,v 1.25 2009/02/17 01:28:32 djm Exp $ - -# This is the ssh client system-wide configuration file. See -# ssh_config(5) for more information. This file provides defaults for -# users, and the values can be changed in per-user configuration files -# or on the command line. - -# Configuration data is parsed as follows: -# 1. command line options -# 2. user-specific file -# 3. system-wide file -# Any configuration value is only changed the first time it is set. -# Thus, host-specific definitions should be at the beginning of the -# configuration file, and defaults at the end. - -# Site-wide defaults for some commonly used options. For a comprehensive -# list of available options, their meanings and defaults, please see the -# ssh_config(5) man page. - -Host * - ForwardAgent yes - ForwardX11 yes -# RhostsRSAAuthentication no -# RSAAuthentication yes -# PasswordAuthentication yes -# HostbasedAuthentication no -# GSSAPIAuthentication no -# GSSAPIDelegateCredentials no -# BatchMode no -# CheckHostIP yes -# AddressFamily any -# ConnectTimeout 0 -# StrictHostKeyChecking ask -# IdentityFile ~/.ssh/identity -# IdentityFile ~/.ssh/id_rsa -# IdentityFile ~/.ssh/id_dsa -# Port 22 -# Protocol 2,1 -# Cipher 3des -# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc -# MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 -# EscapeChar ~ -# Tunnel no -# TunnelDevice any:any -# PermitLocalCommand no -# VisualHostKey no diff --git a/meta/recipes-connectivity/openssh/openssh-6.1p1/sshd b/meta/recipes-connectivity/openssh/openssh-6.1p1/sshd deleted file mode 100644 index 4882e58b48..0000000000 --- a/meta/recipes-connectivity/openssh/openssh-6.1p1/sshd +++ /dev/null @@ -1,10 +0,0 @@ -#%PAM-1.0 - -auth include common-auth -account required pam_nologin.so -account include common-account -password include common-password -session optional pam_keyinit.so force revoke -session include common-session -session required pam_loginuid.so - diff --git a/meta/recipes-connectivity/openssh/openssh-6.1p1/sshd_config b/meta/recipes-connectivity/openssh/openssh-6.1p1/sshd_config deleted file mode 100644 index 4f9b626fbd..0000000000 --- a/meta/recipes-connectivity/openssh/openssh-6.1p1/sshd_config +++ /dev/null @@ -1,119 +0,0 @@ -# $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ - -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -#Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# Disable legacy (protocol version 1) support in the server for new -# installations. In future the default will change to require explicit -# activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -#UsePAM no - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -UsePrivilegeSeparation yes -#PermitUserEnvironment no -Compression no -ClientAliveInterval 15 -ClientAliveCountMax 4 -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no -#ChrootDirectory none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/libexec/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server |