summaryrefslogtreecommitdiff
path: root/meta/recipes-connectivity/openssh
AgeCommit message (Collapse)AuthorFiles
2014-05-15openssh: move packaging definitions to the endPaul Eggleton1
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-15openssh: update to 6.6p1Paul Eggleton1
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-05-13openssh: fix for CVE-2014-2653Chen Qi2
The verify_host_key function in sshconnect.c in the client in OpenSSH 6.6 and earlier allows remote servers to trigger the skipping of SSHFP DNS RR checking by presenting an unacceptable HostCertificate. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-13openssh: fix for CVE-2014-2532Chen Qi2
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-05-08openssh: add /var/log/lastlog to volatile listSaul Wold1
The /var/log/messages reports /var/log/lastlog as missing, since openssh needs this file, create it as a volatile. [YOCTO #6172] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-04-25Globally replace 'base_contains' calls with 'bb.utils.contains'Otavio Salvador1
The base_contains is kept as a compatibility method and we ought to not use it in OE-Core so we can remove it from base metadata in future. Signed-off-by: Otavio Salvador <otavio@ossystems.com.br> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-25openssh: enable ptest supportMaxin B. John3
Install openssh test-suite and run it as ptest. Signed-off-by: Maxin B. John <maxin.john@enea.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-23openssh-sshd: host contamination fixMatthieu Crapet1
If you do a readelf -x .rodata /path/.../to/openssh/6.5p1-r0/packages-split/openssh-sshd/usr/sbin/sshd You'll see two references to OE's sysroots/${BUILD_SYS} login and passwd binaries. First one can be overridden with LOGIN_PROGRAM environment variable (see configure.ac), second needs a cached variable definition. Signed-off-by: Matthieu Crapet <Matthieu.Crapet@ingenico.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-04-10openssh: fix sshd_config_readonly creationJonathan Liu1
The readonly sshd config sshd_config_readonly needs to be created from the installed sshd_config as make install will adjust the paths in the config file. This fixes the path for sftp-server being correct in sshd_config but incorrect in sshd_config_readonly. Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-31openssh: build without libbsdJoe Slater1
We do not DEPEND on libbsd, so we do not want to build with it just because libutil.h is found by configure. As noted in the patch, specifying --disable-libutil to configure does not work, so we provide "cached" configure variables. Signed-off-by: Joe Slater <jslater@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-03-19openssh: Update init file to add ED25519 Key generationSaul Wold1
[YOCTO #5983] Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-28openssh: upgrade to 6.5p1Paul Eggleton11
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-28autotools-brokensep: Mark recipes with broken separate build dir supportRichard Purdie1
This patch goes through the OE-Core recipes and marks those which use autotools but don't support a separate build directory (${S} != ${B}). A new class, autotools-brokensep is used for this purpose. This doesn't introduce any change in behaviour in its own right. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2014-02-20openssh: enable PAM at runtime based on DISTRO_FEATURESKoen Kooi1
Everything is setup to use PAM except for the server config. If 'pam' is in DISTRO_FEATURES the configs will be changed to enable it. Syslog will now show: Feb 19 09:28:36 beast sshd[2980]: pam_unix(sshd:session): session opened for user koen by (uid=0) And more importantly: koen@beast:~$ loginctl SESSION UID USER SEAT c1 1000 koen seat0 c3 1000 koen seat0 c13 1000 koen 3 sessions listed. Systemd now registers the session properly so it won't kill things like 'screen' and 'tmux' when disconnecting the ssh session. Signed-off-by: Koen Kooi <koen.kooi@linaro.org> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-02-08openssh: drag in required PAM modules.Koen Kooi1
/etc/pam.d/opensshd lists keyinit and uid as required, so add them to RDEPENDS when PAM is enabled. Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-02-08openssh: package sshd PAM config inside openssh-sshd packageKoen Kooi1
Without this PAM integration is broken after installing openssh-sshd Signed-off-by: Koen Kooi <koen@dominion.thruhere.net> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-02-02Revert "Add missing RDEPENDS of initscripts-functions"Chen Qi1
Instead of manually adding initscripts to RDEPENDS of each package, we should make it automatically handled by the update-rc.d.bbclass. This solution would have the benefit of backward compatibility. In other words, users need not modify their recipes. This reverts commit 16080a3485bd793edd66ed8361f1e8b86a9e19ea. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-01-28openssh: fixes for systemdChen Qi4
This patch contains a few fixes for the systemd unit files of openssh. The fixes use the same unit files in Fedora 20 as a reference. 1) Remove sshdgenkeys.service and sshd@.service from SYSTEMD_SERVICE. 2) Fix the dependency and logic of sshdgenkeys.service. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2014-01-06Add missing RDEPENDS of initscripts-functionsChen Qi1
Now that the initscripts-functions has been packaged separately, packages which may use the functions script should have a runtime dependency on it. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-12-05openssh: remove unrecognised configure optionPaul Eggleton1
ssh-rand-helper was removed in OpenSSH 6.0 according to the upstream changelog, so the configure option to enable/disable it was removed. Fixes the following warning: WARNING: QA Issue: openssh: configure was passed unrecognised options: --with-rand-helper Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-12-05classes/recipes: More optimal DISTRO_FEATURES referencesRichard Purdie1
Using the contains function results in more optimal sstate checksums resulting in better cache reuse as we as more consistent code. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-11-12openssh: upgrade to 6.4p1Paul Eggleton11
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-10-29openssh: upgrade to 6.3p1Paul Eggleton12
Removed the following backported patch(es): * mac.patch Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-10-18openssh: fix sshd status command error promptQiang Chen1
sshd status command results in error prompt: root@qemu0:~# /etc/init.d/sshd status /usr/sbin/sshd (pid 1199) is running... /etc/init.d/sshd: line 100: return: can only `return' from a function or sourced script "service --status-all" command also display wrong status for sshd. This commit fix this error prompt and make service command display right status for sshd. Signed-off-by: Qiang Chen <qiang.chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-09-17openssh: use volatiles for managing /var/run/sshdMing Liu2
It fixes the following failure: "fatal: Missing privilege separation directory: /var/run/sshd" when sshd is started through xinetd. Signed-off-by: Ming Liu <ming.liu@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-09-10openssh: Add systemd supportMuhammad Shakeel4
-Remove dependency on meta-systemd Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-08-26openssh: add init.d/sshd status command for LSB complianceJackie Huang1
Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Jackie Huang <jackie.huang@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-08-16openssh: fix for read-only rootfsChen Qi2
If the rootfs is read-only and the ssh keys are not available at system start-up, the init script will generate ssh keys into /etc/ssh, thus causing a 'read-only file system' error. In order for Yocto based image to work correctly for read-only rootfs, we use the following logic for openssh. If the rootfs is read-only and there are pre-generated keys under /etc/ssh, we use the pre-generated keys. Note the pre-generated keys are mainly for debugging or development purpose. If the rootfs is read-only and there are no pre-generated keys under /etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at system boot-up, the generated ssh keys will put into /var/run/ssh. [YOCTO #4887] Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-27openssh: Added Upstream Status to openssh-CVE-2011-4327Andrei Dinu1
Updated Upstream Status to openssh patch. Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> [sgw - Fixed commit line] Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-07-02openssh: fix initscript restart commandMarc Ferland1
start-stop-daemon should be called with '--oknodo' instead of '-oknodo'. Signed-off-by: Marc Ferland <ferlandm@sonatest.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-06-17openssh: obey 'tcp-wrappers' PACKAGECONFIGRoy.Li1
Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-06-17openssh: fix a unaligned memory access issueRoy.Li2
Backport patch to fix segment fault due to unaligned memory access Signed-off-by: Roy.Li <rongqing.li@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-06-10openssh : upgrade to 6.2p2Andrei Dinu7
upgrade from 6.2p1 -> 6.2p2 Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-04-28openssh : upgrade to 6.2p1Andrei Dinu7
from 6.1p1 -> 6.2p1 Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2013-04-02openssh: don't add update-rc.d to RDEPENDSMartin Jansa1
* sysvinit/systemd assumes that update-rc.d can be inhibited * with systemd enabled, sysvinit scripts are missing in packages and update-rc.d needs to be put in BAD_RECOMMENDATIONS to prevent update-rc.d trying to install them in postinst * update-rd.c shouldn't be in DEPENDS Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-02-04openssh: fix RPROVIDESMartin Jansa1
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2013-01-28openssh : upgrade to 6.1p1Andrei Dinu7
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-11-28openssh: CVE-2011-4327Li Wang2
A security flaw was found in the way ssh-keysign, a ssh helper program for host based authentication, attempted to retrieve enough entropy information on configurations that lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would be executed to retrieve the entropy from the system environment). A local attacker could use this flaw to obtain unauthorized access to host keys via ptrace(2) process trace attached to the 'ssh-rand-helper' program. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 http://www.openssh.com/txt/portable-keysign-rand-helper.adv [YOCTO #3493] Signed-off-by: Li Wang <li.wang@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-08-17openssh: openssh's init fails to restart if sshd is not runningAmy Fong1
openssh: openssh's init fails to restart if sshd is not running Because of "set -e", it's necessary to specify the -o (or --oknodo) so that start-stop-daemon returns an exit status of 0 if no actions are taken. Signed-off-by: Amy Fong <amy.fong@windriver.com> Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-08-15openssh: cleanup update-alternatives deprecated codeSaul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2012-08-06openssh: use ${localstatedir} instead of /var for packagingJavier Martinez Canillas1
It is considered good practice to use the build system provided variables instead of directly specify hardcoded paths. Signed-off-by: Javier Martinez Canillas <javier@dowhile0.org> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-06-18recipes: replace CONFLICTS with RCONFLICTS_${PN}Martin Jansa1
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2012-05-30openssh: use new update-alternativesMark Hatle1
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
2012-05-08openssh: upgrade to 6.0p1Scott Garman6
LICENSE checksum changed due to a trivial difference in the credits list. Signed-off-by: Scott Garman <scott.a.garman@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-11-30PR Bump for OpenSSL 1.0Saul Wold1
Signed-off-by: Saul Wold <sgw@linux.intel.com>
2011-10-27openssh: upgrade to 5.9p1Scott Garman6
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
2011-10-10Use useradd and update-rc.d classes in the OpenSSH recipeJulian Pidancet1
The current sshd postinst and postrm scripts in the OpenSSH make the package dependant of the adduser/addgroup scripts which may not be available on all systems. This patch replaces the sshd postinst and postrm scripts with proper usage of the useradd and update-rc.d classes. This patch had been modified from the previous proposed version to use useradd long options for more clarity. Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2011-09-15openssh: update init script to create ECDSA keys if neededMartin Jansa2
* Starting with openssh-5.8p1, the server will default to a newer key algorithm (ECDSA). Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
2011-07-27openssh: Support PAMXiaofeng Yan2
Adding configuration file "sshd" in /etc/pam.d/ for supporting pam. Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
2011-07-07openssh/dropbear: No need for each to PROVIDE ssh/sshdRichard Purdie1
Nothing in the system actually uses the PROVIDES field for these recipes, its usually the runtime packages that are used. We can therefore remove the PROVIDES and hence quieten the associated warnings from bitbake. If these recipes do really need the PROVIDES, they would be better as virtuals and adding that to MULTI_PROVIDER_WHITELIST. Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>