diff options
author | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-04-06 17:33:24 +0200 |
---|---|---|
committer | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-04-06 17:35:39 +0200 |
commit | ea1e478c85f6b991aa9031c8ebea5dc5d725200b (patch) | |
tree | f5c54ce33e8fb4ff8a650fa495748a5baec4ea22 /recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | |
parent | 708ca9c597269eff78941558228fa596378548b7 (diff) |
openssh: update 6.7p1 -> 7.4p1V2.5-next
This is basically a back port of the following commits from the
openembedded-core master branch:
openssh: upgrade to 7.4p1
openssh: fix CVE-2016-8858
openssh: fix potential signed overflow to enable compilation with -ftrapv
openssh: Upgrade 7.2p2 -> 7.3p1
openssh: add ed25519 host key location to read-only sshd config
openssh: conditional compile DES code.
openssh: fix init script restart with read-only-rootfs
openssh: update homepage and summary
openssh: Backport fix for CVE-2015-8325
openssh: Upgrade 7.1p2 -> 7.2p2
openssh: change URI to http:
openssh: Security Fix CVE-2016-3115
openssh: Properly skip ptrace test if tools are missing
openssh: Fix regex that sets sftp-server path for tests
openssh: CVE-2016-1907
openssh: update to 7.1p2
openssh: redesign ssh-agent.sh regression test case
openssh: enable X11Forwarding if distro feature x11 is set
openssh: fix file permission for /etc/pam.d/sshd
openssh: fix sshd key generation when systemd is in use and rootfs is readonly
openssh: Upgrade 7.0p1 -> 7.1p1
openssh: build regression test binaries
openssh: Upgrade 6.9p1 -> 7.0p1
openssh: Upgrade 6.8p1 -> 6.9p1
openssh: fix login fails for ssh -o Batchmode=yes with empty passwords
openssh: Upgrade 6.7 - > 6.8
Revert "openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565"
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Diffstat (limited to 'recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch')
-rw-r--r-- | recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch b/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch new file mode 100644 index 0000000..c47ccf4 --- /dev/null +++ b/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-cipher.patch @@ -0,0 +1,119 @@ +From 27740c918fe5d78441bcf69e7d2eefb23ddeca4c Mon Sep 17 00:00:00 2001 +From: Dengke Du <dengke.du@windriver.com> +Date: Thu, 19 Jan 2017 03:00:08 -0500 +Subject: [PATCH 1/3] Remove des in cipher. + +Upstream-status: Pending + +Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> +Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> +Signed-off-by: Dengke Du <dengke.du@windriver.com> +--- + cipher.c | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/cipher.c b/cipher.c +index 2def333..59f6792 100644 +--- a/cipher.c ++++ b/cipher.c +@@ -53,8 +53,10 @@ + + #ifdef WITH_SSH1 + extern const EVP_CIPHER *evp_ssh1_bf(void); ++#ifndef OPENSSL_NO_DES + extern const EVP_CIPHER *evp_ssh1_3des(void); + extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); ++#endif /* OPENSSL_NO_DES */ + #endif + + struct sshcipher_ctx { +@@ -88,15 +90,19 @@ struct sshcipher { + + static const struct sshcipher ciphers[] = { + #ifdef WITH_SSH1 ++#ifndef OPENSSL_NO_DES + { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, + { "3des", SSH_CIPHER_3DES, 8, 16, 0, 0, 0, 1, evp_ssh1_3des }, ++#endif /* OPENSSL_NO_DES */ + # ifndef OPENSSL_NO_BF + { "blowfish", SSH_CIPHER_BLOWFISH, 8, 32, 0, 0, 0, 1, evp_ssh1_bf }, + # endif /* OPENSSL_NO_BF */ + #endif /* WITH_SSH1 */ + #ifdef WITH_OPENSSL ++#ifndef OPENSSL_NO_DES + { "none", SSH_CIPHER_NONE, 8, 0, 0, 0, 0, 0, EVP_enc_null }, + { "3des-cbc", SSH_CIPHER_SSH2, 8, 24, 0, 0, 0, 1, EVP_des_ede3_cbc }, ++#endif /* OPENSSL_NO_DES */ + # ifndef OPENSSL_NO_BF + { "blowfish-cbc", + SSH_CIPHER_SSH2, 8, 16, 0, 0, 0, 1, EVP_bf_cbc }, +@@ -180,8 +186,10 @@ cipher_keylen(const struct sshcipher *c) + u_int + cipher_seclen(const struct sshcipher *c) + { ++#ifndef OPENSSL_NO_DES + if (strcmp("3des-cbc", c->name) == 0) + return 14; ++#endif /* OPENSSL_NO_DES */ + return cipher_keylen(c); + } + +@@ -230,11 +238,13 @@ u_int + cipher_mask_ssh1(int client) + { + u_int mask = 0; ++#ifndef OPENSSL_NO_DES + mask |= 1 << SSH_CIPHER_3DES; /* Mandatory */ + mask |= 1 << SSH_CIPHER_BLOWFISH; + if (client) { + mask |= 1 << SSH_CIPHER_DES; + } ++#endif /*OPENSSL_NO_DES*/ + return mask; + } + +@@ -606,7 +616,9 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) + switch (c->number) { + #ifdef WITH_OPENSSL + case SSH_CIPHER_SSH2: ++#ifndef OPENSSL_NO_DES + case SSH_CIPHER_DES: ++#endif /* OPENSSL_NO_DES */ + case SSH_CIPHER_BLOWFISH: + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen == 0) +@@ -629,8 +641,10 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) + break; + #endif + #ifdef WITH_SSH1 ++#ifndef OPENSSL_NO_DES + case SSH_CIPHER_3DES: + return ssh1_3des_iv(cc->evp, 0, iv, 24); ++#endif /* OPENSSL_NO_DES */ + #endif + default: + return SSH_ERR_INVALID_ARGUMENT; +@@ -654,7 +668,9 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) + switch (c->number) { + #ifdef WITH_OPENSSL + case SSH_CIPHER_SSH2: ++#ifndef OPENSSL_NO_DES + case SSH_CIPHER_DES: ++#endif /* OPENSSL_NO_DES */ + case SSH_CIPHER_BLOWFISH: + evplen = EVP_CIPHER_CTX_iv_length(cc->evp); + if (evplen <= 0) +@@ -675,8 +691,10 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) + break; + #endif + #ifdef WITH_SSH1 ++#ifndef OPENSSL_NO_DES + case SSH_CIPHER_3DES: + return ssh1_3des_iv(cc->evp, 1, (u_char *)iv, 24); ++#endif /* OPENSSL_NO_DES */ + #endif + default: + return SSH_ERR_INVALID_ARGUMENT; +-- +2.8.1 + |