NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f143be8a09
kumquat-buildroot/package/openssh/openssh.mk
Gustavo Zacarias 2ff0e32e25 openssh: security bump to version 7.1p2 
Fixes:

CVE-2016-0777 - Client Information leak from use of roaming connection
feature.

CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH
client roaming feature was implemented. A malicious server could
potentially use this flaw to execute arbitrary code on a successfully
authenticated OpenSSH client if that client used certain non-default
configuration options.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: James Knight <james.knight@rockwellcollins.com>
Tested-by: James Knight <james.knight@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-01-14 20:13:57 +01:00

71 lines
2.0 KiB
Makefile
Raw Blame History

################################################################################
#
# openssh
#
################################################################################
OPENSSH_VERSION = 7.1p2
OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
OPENSSH_LICENSE = BSD-3c BSD-2c Public Domain
OPENSSH_LICENSE_FILES = LICENCE
OPENSSH_CONF_ENV = LD="$(TARGET_CC)" LDFLAGS="$(TARGET_CFLAGS)"
OPENSSH_CONF_OPTS = \
--sysconfdir=/etc/ssh \
--disable-lastlog \
--disable-utmp \
--disable-utmpx \
--disable-wtmp \
--disable-wtmpx \
--disable-strip
define OPENSSH_USERS
sshd -1 sshd -1 * - - - SSH drop priv user
endef
# uClibc toolchain for ARC doesn't support PIE at the moment
ifeq ($(BR2_arc),y)
OPENSSH_CONF_OPTS += --without-pie
endif
# PIE and static does not work on Linux
ifeq ($(BR2_STATIC_LIBS),y)
OPENSSH_CONF_OPTS += --without-pie
endif
OPENSSH_DEPENDENCIES = zlib openssl
ifeq ($(BR2_PACKAGE_LINUX_PAM),y)
define OPENSSH_INSTALL_PAM_CONF
$(INSTALL) -D -m 644 $(@D)/contrib/sshd.pam.generic $(TARGET_DIR)/etc/pam.d/sshd
$(SED) '\%password required /lib/security/pam_cracklib.so%d' $(TARGET_DIR)/etc/pam.d/sshd
$(SED) 's/\#UsePAM no/UsePAM yes/' $(TARGET_DIR)/etc/ssh/sshd_config
endef
OPENSSH_DEPENDENCIES += linux-pam
OPENSSH_CONF_OPTS += --with-pam
OPENSSH_POST_INSTALL_TARGET_HOOKS += OPENSSH_INSTALL_PAM_CONF
else
OPENSSH_CONF_OPTS += --without-pam
endif
ifeq ($(BR2_PACKAGE_LIBSELINUX),y)
OPENSSH_DEPENDENCIES += libselinux
OPENSSH_CONF_OPTS += --with-selinux
else
OPENSSH_CONF_OPTS += --without-selinux
endif
define OPENSSH_INSTALL_INIT_SYSTEMD
$(INSTALL) -D -m 644 package/openssh/sshd.service \
$(TARGET_DIR)/usr/lib/systemd/system/sshd.service
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
ln -fs ../../../../usr/lib/systemd/system/sshd.service \
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/sshd.service
endef
define OPENSSH_INSTALL_INIT_SYSV
$(INSTALL) -D -m 755 package/openssh/S50sshd \
$(TARGET_DIR)/etc/init.d/S50sshd
endef
$(eval $(autotools-package))
Reference in New Issue View Git Blame Copy Permalink