6da3737984
This patch backports two patches that have been sent upstream as a pull
request in order to fix sshd for MIPS64 n32.
The first patch adds support for detecting the MIPS ABI during the
configure phase.
The second patch sets the right value to seccomp_audit_arch taking into
account the MIPS64 ABI.
Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or
AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built
for MIPS64. However, that's only valid for n64 ABI. The right macros for
n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and
AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively.
Because of that an sshd built for MIPS64 n32 rejects connection attempts
and the output of strace reveals that the problem is related to seccomp
audit:
[pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57,
filter=0x555d5da0}) = 0
[pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ?
[pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP},
{fd=6, revents=POLLHUP}])
[pid 194] +++ killed by SIGSYS +++
Pull request: https://github.com/openssh/openssh-portable/pull/71
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
79 lines
2.4 KiB
Makefile
79 lines
2.4 KiB
Makefile
################################################################################
|
|
#
|
|
# openssh
|
|
#
|
|
################################################################################
|
|
|
|
OPENSSH_VERSION = 7.5p1
|
|
OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
|
|
OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain
|
|
OPENSSH_LICENSE_FILES = LICENCE
|
|
# Autoreconf needed due to the following patches modifying configure.ac:
|
|
# f4fcd8c788a4854d4ebae400cf55e3957f906835.patch
|
|
# afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
|
|
OPENSSH_AUTORECONF = YES
|
|
OPENSSH_PATCH = https://github.com/openssh/openssh-portable/commit/f4fcd8c788a4854d4ebae400cf55e3957f906835.patch \
|
|
https://github.com/openssh/openssh-portable/commit/afc3e31b637db9dae106d4fad78f7b481c8c24e3.patch
|
|
OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
|
|
OPENSSH_CONF_OPTS = \
|
|
--sysconfdir=/etc/ssh \
|
|
--disable-lastlog \
|
|
--disable-utmp \
|
|
--disable-utmpx \
|
|
--disable-wtmp \
|
|
--disable-wtmpx \
|
|
--disable-strip
|
|
|
|
define OPENSSH_USERS
|
|
sshd -1 sshd -1 * - - - SSH drop priv user
|
|
endef
|
|
|
|
ifeq ($(BR2_TOOLCHAIN_SUPPORTS_PIE),)
|
|
OPENSSH_CONF_OPTS += --without-pie
|
|
endif
|
|
|
|
OPENSSH_DEPENDENCIES = zlib openssl
|
|
|
|
ifeq ($(BR2_PACKAGE_CRYPTODEV_LINUX),y)
|
|
OPENSSH_DEPENDENCIES += cryptodev-linux
|
|
OPENSSH_CONF_OPTS += --with-ssl-engine
|
|
else
|
|
OPENSSH_CONF_OPTS += --without-ssl-engine
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
|
|
define OPENSSH_INSTALL_PAM_CONF
|
|
$(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd
|
|
$(SED) '\%password required /lib/security/pam_cracklib.so%d' $(TARGET_DIR)/etc/pam.d/sshd
|
|
$(SED) 's/\#UsePAM no/UsePAM yes/' $(TARGET_DIR)/etc/ssh/sshd_config
|
|
endef
|
|
|
|
OPENSSH_DEPENDENCIES += linux-pam
|
|
OPENSSH_CONF_OPTS += --with-pam
|
|
OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_PAM_CONF
|
|
else
|
|
OPENSSH_CONF_OPTS += --without-pam
|
|
endif
|
|
|
|
ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
|
|
OPENSSH_DEPENDENCIES += libselinux
|
|
OPENSSH_CONF_OPTS += --with-selinux
|
|
else
|
|
OPENSSH_CONF_OPTS += --without-selinux
|
|
endif
|
|
|
|
define OPENSSH_INSTALL_INIT_SYSTEMD
|
|
$(INSTALL) -D -m 644 package/openssh/sshd.service \
|
|
$(TARGET_DIR)/usr/lib/systemd/system/sshd.service
|
|
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
|
|
ln -fs ../../../../usr/lib/systemd/system/sshd.service \
|
|
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/sshd.service
|
|
endef
|
|
|
|
define OPENSSH_INSTALL_INIT_SYSV
|
|
$(INSTALL) -D -m 755 package/openssh/S50sshd \
|
|
$(TARGET_DIR)/etc/init.d/S50sshd
|
|
endef
|
|
|
|
$(eval $(autotools-package))
|