[gnome-continuous-yocto/gnomeostree-3.28-rocko: 2041/8267] openssh: Upgrade 7.2p2 -> 7.3p1
- From: Emmanuele Bassi <ebassi src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-continuous-yocto/gnomeostree-3.28-rocko: 2041/8267] openssh: Upgrade 7.2p2 -> 7.3p1
- Date: Sat, 16 Dec 2017 22:40:23 +0000 (UTC)
commit 5a3947cce1289c72313364f803751e8db30430be
Author: Jussi Kukkonen <jussi kukkonen intel com>
Date: Mon Aug 22 15:23:15 2016 +0300
openssh: Upgrade 7.2p2 -> 7.3p1
Remove CVE-2015-8325.patch as it's included upstream. Rebase another
patch.
(From OE-Core rev: 4b695379dcf378e8d77deaf7e558e8cbd314683c)
Signed-off-by: Jussi Kukkonen <jussi kukkonen intel com>
Signed-off-by: Ross Burton <ross burton intel com>
Signed-off-by: Richard Purdie <richard purdie linuxfoundation org>
.../openssh/openssh/CVE-2015-8325.patch | 39 --------------------
...h-7.1p1-conditional-compile-des-in-cipher.patch | 30 ++++++++-------
.../openssh/{openssh_7.2p2.bb => openssh_7.3p1.bb} | 5 +--
3 files changed, 18 insertions(+), 56 deletions(-)
---
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
index 2e59589..2773c14 100644
--- a/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch
@@ -1,18 +1,18 @@
-From 1cd94ed4750d5392cf3c09ed64d2c162a0833bdb Mon Sep 17 00:00:00 2001
+From d7eb26785ad4f25fb09fae46726ab8ca3fe16921 Mon Sep 17 00:00:00 2001
From: Haiqing Bai <Haiqing Bai windriver com>
-Date: Fri, 18 Mar 2016 15:49:31 +0800
-Subject: [PATCH 2/3] remove des in cipher.
+Date: Mon, 22 Aug 2016 14:11:16 +0300
+Subject: [PATCH] Remove des in cipher.
Upstream-Status: Pending
Signed-off-by: Haiqing Bai <Haiqing Bai windriver com>
-
+Signed-off-by: Jussi Kukkonen <jussi kukkonen intel com>
---
cipher.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
diff --git a/cipher.c b/cipher.c
-index 02dae6f..63d3c29 100644
+index 031bda9..6cd667a 100644
--- a/cipher.c
+++ b/cipher.c
@@ -53,8 +53,10 @@
@@ -26,7 +26,7 @@ index 02dae6f..63d3c29 100644
#endif
struct sshcipher {
-@@ -79,13 +81,17 @@ struct sshcipher {
+@@ -79,15 +81,19 @@ struct sshcipher {
static const struct sshcipher ciphers[] = {
#ifdef WITH_SSH1
@@ -34,17 +34,19 @@ index 02dae6f..63d3c29 100644
{ "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc },
{ "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des },
+#endif /* OPENSSL_NO_DES */
+ # ifndef OPENSSL_NO_BF
{ "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf },
+ # endif /* OPENSSL_NO_BF */
#endif /* WITH_SSH1 */
#ifdef WITH_OPENSSL
{ "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null },
+#ifndef OPENSSL_NO_DES
{ "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc },
+#endif /* OPENSSL_NO_DES */
+ # ifndef OPENSSL_NO_BF
{ "blowfish-cbc",
SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc },
- { "cast128-cbc",
-@@ -163,8 +169,10 @@ cipher_keylen(const struct sshcipher *c)
+@@ -171,8 +177,10 @@ cipher_keylen(const struct sshcipher *c)
u_int
cipher_seclen(const struct sshcipher *c)
{
@@ -55,7 +57,7 @@ index 02dae6f..63d3c29 100644
return cipher_keylen(c);
}
-@@ -201,11 +209,13 @@ u_int
+@@ -209,11 +217,13 @@ u_int
cipher_mask_ssh1(int client)
{
u_int mask = 0;
@@ -69,7 +71,7 @@ index 02dae6f..63d3c29 100644
return mask;
}
-@@ -546,7 +556,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+@@ -553,7 +563,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
switch (c->number) {
#ifdef WITH_OPENSSL
case SSH_CIPHER_SSH2:
@@ -79,7 +81,7 @@ index 02dae6f..63d3c29 100644
case SSH_CIPHER_BLOWFISH:
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
if (evplen == 0)
-@@ -569,8 +581,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
+@@ -576,8 +588,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
break;
#endif
#ifdef WITH_SSH1
@@ -90,7 +92,7 @@ index 02dae6f..63d3c29 100644
#endif
default:
return SSH_ERR_INVALID_ARGUMENT;
-@@ -594,7 +608,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+@@ -601,7 +615,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
switch (c->number) {
#ifdef WITH_OPENSSL
case SSH_CIPHER_SSH2:
@@ -100,7 +102,7 @@ index 02dae6f..63d3c29 100644
case SSH_CIPHER_BLOWFISH:
evplen = EVP_CIPHER_CTX_iv_length(&cc->evp);
if (evplen <= 0)
-@@ -609,8 +625,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
+@@ -616,8 +632,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
break;
#endif
#ifdef WITH_SSH1
@@ -112,5 +114,5 @@ index 02dae6f..63d3c29 100644
default:
return SSH_ERR_INVALID_ARGUMENT;
--
-1.9.1
+2.1.4
diff --git a/meta/recipes-connectivity/openssh/openssh_7.2p2.bb
b/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
similarity index 97%
rename from meta/recipes-connectivity/openssh/openssh_7.2p2.bb
rename to meta/recipes-connectivity/openssh/openssh_7.3p1.bb
index 3df825b..b319726 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.2p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.3p1.bb
@@ -22,15 +22,14 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://volatiles.99_sshd \
file://add-test-support-for-busybox.patch \
file://run-ptest \
- file://CVE-2015-8325.patch \
file://openssh-7.1p1-conditional-compile-des-in-cipher.patch \
file://openssh-7.1p1-conditional-compile-des-in-pkcs11.patch \
"
PAM_SRC_URI = "file://sshd"
-SRC_URI[md5sum] = "13009a9156510d8f27e752659075cced"
-SRC_URI[sha256sum] = "a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c"
+SRC_URI[md5sum] = "dfadd9f035d38ce5d58a3bf130b86d08"
+SRC_URI[sha256sum] = "3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc"
inherit useradd update-rc.d update-alternatives systemd
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
