Commit Graph

77 Commits

Author SHA1 Message Date
Gustavo Zacarias
2ff0e32e25 openssh: security bump to version 7.1p2
Fixes:

CVE-2016-0777 - Client Information leak from use of roaming connection
feature.

CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH
client roaming feature was implemented. A malicious server could
potentially use this flaw to execute arbitrary code on a successfully
authenticated OpenSSH client if that client used certain non-default
configuration options.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: James Knight <james.knight@rockwellcollins.com>
Tested-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-14 20:13:57 +01:00
Maxime Hadjinlian
0f75b2635e package: Replace 'echo -n' by 'printf'
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.

This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-04 00:56:41 +02:00
Waldemar Brodkorb
7bc51f85ae openssh: fix static compilation
PIE and static doesn't work on Linux.

Fixes:
http://autobuild.buildroot.net/results/dce/dce0202e039f4636d68532c4aab8738938b76650/

Signed-off-by: Waldemar Brodkorb <wbx@openadk.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-08-29 10:43:52 +02:00
Gustavo Zacarias
0916daeff1 openssh: security bump to version 7.1p1
Fixes:
CVE-2015-6563 - Fixed a privilege separation weakness related to PAM
support.
CVE-2015-6564 - Fixed a use-after-free bug related to PAM support that
was reachable by attackers who could compromise the pre-authentication
process for remote code exectuion.
CVE-2015-6565 - incorrectly set TTYs to be world-writable.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-08-25 22:41:08 +02:00
Matt Weber
f5f5bd92df openssh: selinux and pam support
[Thomas: in the sed expression, use % as a delimiter instead of /,
since the line contains several / that all had to be escaped.]

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-18 17:26:07 +02:00
Gustavo Zacarias
ad460e4930 openssh: bump to version 6.9p1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-07-02 10:59:22 +02:00
Gustavo Zacarias
757e9c4c2a package: kill pointless text justification
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-04-23 09:47:08 +02:00
Mike Williams
6111d478d2 openssh: move systemd service files to /usr/lib
Signed-off-by: Mike Williams <mike@mikebwilliams.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-20 20:37:16 +01:00
Gustavo Zacarias
7ff67b5d41 openssh: bump to version 6.8p1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2015-03-18 14:38:49 +01:00
Peter Korsgaard
298cd8eaa2 package/*: rename patches according to the new policy
Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345)

Signed-off-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-02-03 14:52:56 +01:00
Jerzy Grzegorek
38f09d6873 package: indentation cleanup
Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-12-24 11:41:05 +01:00
Maxime Hadjinlian
dd44b94312 package/*/*.mk: Fix indent
Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS  as per the manual example.

Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-11-08 23:03:45 +01:00
Gustavo Zacarias
aa66ce2d57 openssh: drop user from skeleton
The sshd privilege drop user doesn't belong in the skeleton, it's
exclusively used by OpenSSH.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-27 19:23:00 +01:00
Jérôme Pouiller
b8ae6a3b2f openssh: place configuration files in /etc/ssh
pkg-autotools.mk fix --sysconfdir to "/etc". This patch restore
--sysconfdir to its default value (/etc/ssh)

Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-13 12:53:04 +02:00
Baruch Siach
3227f30c5b openssh: mention release announcement in hash file
Also, add sha1 hash from the announcement.

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-07 21:04:20 +02:00
Gustavo Zacarias
cf197b2d18 openssh: bump to version 6.7p1
Also add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-10-07 14:56:42 +02:00
Thomas De Schampheleire
aaffd209fa packages: rename FOO_CONF_OPT into FOO_CONF_OPTS
To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS,
make the same change for FOO_CONF_OPT.

Sed command used:
   find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g'

Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-04 18:54:16 +02:00
Maarten ter Huurne
2fea217992 openssh: Add patch to fix compilation with musl libc
The configure script finds the "howmany" macro, but some of the sources
using it do not include the required <sys/param.h> header.

Signed-off-by: Maarten ter Huurne <maarten@treewalker.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-09-13 22:17:46 +02:00
Danomi Manchego
dfb3d5072a openssh: replace individual ssh-keygen calls with a single call
Since openssh-6.0, the ssh-keygen app has supported a -A option,
which creates any missing keys.  This frees us of having to add
new ssh-keygen invocations as new key types are introduced.  This
also frees us of having to know the default key names and locations.
So this patch replaces all the the init.d script invocations with
a single "ssh-keygen -A" call.

Note: the systemd service script *already* uses this option.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-08-03 10:36:00 +02:00
Alexey Brodkin
37c1b750d5 openssh: disable PIE when building for ARC
Fixes build failure reported here:
http://autobuild.buildroot.net/results/262/26218e028f3d2c77c5192b45154627f08384b688/

uClibc toolchain for ARC doesn't support PIE

Attempt to build anything with "-pie" option lead to linker failure:

arc-buildroot-linux-uclibc-gcc -pie test.c
ld: ../4.8-r3/bin/../arc-buildroot-linux-uclibc/sysroot/usr/lib/crt1.o: warning: unresolvable relocation against symbol `__uClibc_main' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__deregister_frame_info@@GCC_3.0' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__deregister_frame_info@@GCC_3.0' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__register_frame_info@@GCC_3.0' from .text section
ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__register_frame_info@@GCC_3.0' from .text section

In its turn this behavior confuses configure script of openssh so some options
get set improperly. In particular "strnvis" gets determined as existing which
causes failure during compilation:

log.c:67:25: error: 'VIS_SAFE' undeclared (first use in this function)
 #define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL)

With disabled PIE ("--without-pie") openssh gets built without issues.

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>

Cc: Gustavo Zacarias <gustavo@zacarias.com.ar>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Anton Kolesov <akolesov@synopsys.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-07-30 18:53:41 +02:00
Ryan Barnett
d629983d89 openssh: add license information
Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-05-07 10:36:59 +02:00
Gustavo Zacarias
53587a3192 openssh: security bump to version 6.6p1
Fixes CVE-2014-2532.
SUSv3 deprecation already handled upstream.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-03-24 15:18:08 +01:00
Gustavo Zacarias
a93c98bb95 openssh: bump to version 6.5p1
Convert the ever growing drop-SUSv3-legacy patch to a sed expression.
Modify the initscript to create ed25519 server key.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2014-02-03 09:26:56 +01:00
Gustavo Zacarias
c19308020b openssh: add systemd unit file
And only install sysV-style script when appropiate.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-12-04 11:50:51 +01:00
Peter Korsgaard
5a0e1258f3 openssh: bump version
From the announcement:

This release fixes a security bug:

 * sshd(8): fix a memory corruption problem triggered during rekeying
   when an AES-GCM cipher is selected. Full details of the vulnerability
   are available at: http://www.openssh.com/txt/gcmrekey.adv

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-11-10 22:17:29 +01:00
Gustavo Zacarias
f0757b41ab openssh: bump to version 6.3p1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-22 16:29:22 +02:00
Gustavo Zacarias
7d3f2897f8 openssh: needs mmu
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2013-10-07 11:43:33 +02:00
Danomi Manchego
0be2fe9a8c openssh: fix tab/spacing in init script
Several of the lines in S50sshd script have a strange mix of spaces
and tabs, that at least do not look consistent with neighboring lines.
This patch makes the spacing consistent, and also strips the trailing
spaces.

Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-08-27 22:34:47 +02:00
Gustavo Zacarias
464b525757 openssh: bump to version 6.2p2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-27 14:23:26 +02:00
Alexandre Belloni
8dfd59d114 Normalize separator size to 80
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-06-06 22:30:24 +02:00
Peter Korsgaard
b6f71564fb openssh: don't use a custom libexec dir
sftp expects to find sftp-server in the standard (/usr/libexec) location,
so ensure it gets installed there.

Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-25 22:53:00 +02:00
Gustavo Zacarias
9d3e3cbd46 openssh: bump to version 6.2p1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-04-14 20:36:59 +02:00
Danomi Manchego
767ad5b4a7 openssh: add linux-pam support
Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2013-03-24 16:41:29 +01:00
Gustavo Zacarias
652333d7ed openssh: bump to version 6.1p1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-09-09 23:05:41 +02:00
Arnout Vandecappelle (Essensium/Mind)
e1502ebc0c all packages: rename XXXTARGETS to xxx-package
Also remove the redundant $(call ...).

This is a purely mechanical change, performed with
find package linux toolchain boot -name \*.mk | \
  xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \
               -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \
               -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/'

Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2012-07-17 20:23:05 +02:00
Gustavo Zacarias
895bb58831 openssh: bump to version 6.0p1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-04-29 10:58:37 +02:00
Luca Ceresoli
1a994d58af Remove stray $ character from a bunch of init scripts
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2012-03-15 22:11:25 +01:00
Thomas Petazzoni
300f9c9c9d package: remove useless arguments from AUTOTARGETS
Thanks to the pkgparentdir and pkgname functions, we can rewrite the
AUTOTARGETS macro in a way that avoids the need for each package to
repeat its name and the directory in which it is present.

[Peter: pkgdir->pkgparentdir]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-29 23:12:27 +02:00
Yegor Yefremov
ab9a76efff openssh: bump to 5.9p1
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-09-13 23:41:04 +02:00
Gustavo Zacarias
b976f37d30 openssh: bump to version 5.8p2
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-05-16 15:20:00 +02:00
Gustavo Zacarias
c1bb097999 openssh: security bump to version 5.8p1
http://www.openssh.com/txt/legacy-cert.adv
CVE-2011-0539

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-14 22:22:05 +01:00
Thomas Petazzoni
c761eafb02 openssl: pass LDFLAGS to fix incorrect link
We already pass the LD variable to openssl in order to use gcc as the
driver for the link process, instead of directly using the ld
linker. However, we were not passing LDFLAGS so that the compiler
flags are passed, which means that with multilib toolchains, the
incorrect library variant could be used at link time, leading to
invalid binaries (partly ARMv4, partly ARMv5) or broken compilation
(when the build took place in soft-float, but the link stage takes
place against hard-float libraries).

This fixes a problem reported on IRC by amo-ej1 when compiling ssh on
PowerPC e500v2 with a CodeSourcery toolchain ("crtbegin.o uses hard
float, sshd uses soft float").

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2011-02-07 14:34:28 +01:00
Will Newton
56a2e82c40 package/openssh: Use HTTP instead of FTP for source download
HTTP should be more firewall friendly.

Signed-off-by: Will Newton <will.newton@imgtec.com>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-12-07 12:25:46 +01:00
Gustavo Zacarias
9cadb9aca3 openssh: bump to version 5.6p1
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2010-11-18 22:09:42 +01:00
Thomas Petazzoni
478ea1a12d packages: remove unneeded _INSTALL_TARGET_OPT definitions
Now that <pkg>_INSTALL_TARGET_OPT always defaults to
'DESTDIR=$(TARGET_DIR) install', we can remove the
<pkg>_INSTALL_TARGET_OPT definition from a lot of packages.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-09-27 15:32:32 +02:00
Thomas Petazzoni
2a784080ad openssh: convert old-style hook to new-style hook
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-09-12 19:26:49 +02:00
Thomas Petazzoni
a1c8fa41f6 Update all packages to quote $(TARGET_CC)
Now that TARGET_CC contains several space-separated words, it must be
used quoted everywhere.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2010-07-07 08:20:21 +02:00
Hans-Christian Egtvedt
1a66c6c547 openssh: convert to Makefile.autotools.in and bump version to 5.1p1
This patch converts building of OpenSSH to use Makefile.autotools.in instead
and in the same process bump to latest upstream version 5.1p1.

The openssh.path is also cleaned up a bit to reflect the new release, i.e. some
of the patch is already applied/fixed upstream.

Signed-off-by: Hans-Christian Egtvedt <hans-christian.egtvedt@atmel.com>
2008-09-24 12:00:57 +00:00
Peter Korsgaard
02a623ddf9 buildroot: remove trailing spaces
for i in `find -name 'Config*' -o -name 'Makefile*' -o -name '*.mk'`;
do
	sed -i 's/ \+$//' $i;
done
2008-08-04 19:07:05 +00:00
Peter Korsgaard
4683420c4c Kconfig: remove 'default n'
'default n' is the default, so there's no need to say it explicitly.
2008-07-17 20:01:44 +00:00