diff options
author | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-04-06 17:33:24 +0200 |
---|---|---|
committer | Marcel Ziswiler <marcel.ziswiler@toradex.com> | 2017-04-06 17:35:39 +0200 |
commit | ea1e478c85f6b991aa9031c8ebea5dc5d725200b (patch) | |
tree | f5c54ce33e8fb4ff8a650fa495748a5baec4ea22 /recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch | |
parent | 708ca9c597269eff78941558228fa596378548b7 (diff) |
openssh: update 6.7p1 -> 7.4p1V2.5-next
This is basically a back port of the following commits from the
openembedded-core master branch:
openssh: upgrade to 7.4p1
openssh: fix CVE-2016-8858
openssh: fix potential signed overflow to enable compilation with -ftrapv
openssh: Upgrade 7.2p2 -> 7.3p1
openssh: add ed25519 host key location to read-only sshd config
openssh: conditional compile DES code.
openssh: fix init script restart with read-only-rootfs
openssh: update homepage and summary
openssh: Backport fix for CVE-2015-8325
openssh: Upgrade 7.1p2 -> 7.2p2
openssh: change URI to http:
openssh: Security Fix CVE-2016-3115
openssh: Properly skip ptrace test if tools are missing
openssh: Fix regex that sets sftp-server path for tests
openssh: CVE-2016-1907
openssh: update to 7.1p2
openssh: redesign ssh-agent.sh regression test case
openssh: enable X11Forwarding if distro feature x11 is set
openssh: fix file permission for /etc/pam.d/sshd
openssh: fix sshd key generation when systemd is in use and rootfs is readonly
openssh: Upgrade 7.0p1 -> 7.1p1
openssh: build regression test binaries
openssh: Upgrade 6.9p1 -> 7.0p1
openssh: Upgrade 6.8p1 -> 6.9p1
openssh: fix login fails for ssh -o Batchmode=yes with empty passwords
openssh: Upgrade 6.7 - > 6.8
Revert "openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565"
Signed-off-by: Marcel Ziswiler <marcel.ziswiler@toradex.com>
Diffstat (limited to 'recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch')
-rw-r--r-- | recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch | 70 |
1 files changed, 70 insertions, 0 deletions
diff --git a/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch b/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch new file mode 100644 index 0000000..6281861 --- /dev/null +++ b/recipes-connectivity/openssh/openssh/openssh-7.1p1-conditional-compile-des-in-pkcs11.patch @@ -0,0 +1,70 @@ +From e816fc06e4f8070b09e677ead4d21768784e4c99 Mon Sep 17 00:00:00 2001 +From: Dengke Du <dengke.du@windriver.com> +Date: Thu, 19 Jan 2017 03:21:40 -0500 +Subject: [PATCH 2/3] remove des in pkcs11. + +Upstream-status: Pending + +Signed-off-by: Haiqing Bai <Haiqing.Bai@windriver.com> +Signed-off-by: Dengke Du <dengke.du@windriver.com> +--- + pkcs11.h | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/pkcs11.h b/pkcs11.h +index b01d58f..98b36e6 100644 +--- a/pkcs11.h ++++ b/pkcs11.h +@@ -342,9 +342,11 @@ typedef unsigned long ck_key_type_t; + #define CKK_GENERIC_SECRET (0x10) + #define CKK_RC2 (0x11) + #define CKK_RC4 (0x12) ++#ifndef OPENSSL_NO_DES + #define CKK_DES (0x13) + #define CKK_DES2 (0x14) + #define CKK_DES3 (0x15) ++#endif /* OPENSSL_NO_DES */ + #define CKK_CAST (0x16) + #define CKK_CAST3 (0x17) + #define CKK_CAST128 (0x18) +@@ -512,6 +514,7 @@ typedef unsigned long ck_mechanism_type_t; + #define CKM_RC2_CBC_PAD (0x105) + #define CKM_RC4_KEY_GEN (0x110) + #define CKM_RC4 (0x111) ++#ifndef OPENSSL_NO_DES + #define CKM_DES_KEY_GEN (0x120) + #define CKM_DES_ECB (0x121) + #define CKM_DES_CBC (0x122) +@@ -525,6 +528,7 @@ typedef unsigned long ck_mechanism_type_t; + #define CKM_DES3_MAC (0x134) + #define CKM_DES3_MAC_GENERAL (0x135) + #define CKM_DES3_CBC_PAD (0x136) ++#endif /* OPENSSL_NO_DES */ + #define CKM_CDMF_KEY_GEN (0x140) + #define CKM_CDMF_ECB (0x141) + #define CKM_CDMF_CBC (0x142) +@@ -610,8 +614,10 @@ typedef unsigned long ck_mechanism_type_t; + #define CKM_MD5_KEY_DERIVATION (0x390) + #define CKM_MD2_KEY_DERIVATION (0x391) + #define CKM_SHA1_KEY_DERIVATION (0x392) ++#ifndef OPENSSL_NO_DES + #define CKM_PBE_MD2_DES_CBC (0x3a0) + #define CKM_PBE_MD5_DES_CBC (0x3a1) ++#endif /* OPENSSL_NO_DES */ + #define CKM_PBE_MD5_CAST_CBC (0x3a2) + #define CKM_PBE_MD5_CAST3_CBC (0x3a3) + #define CKM_PBE_MD5_CAST5_CBC (0x3a4) +@@ -620,8 +626,10 @@ typedef unsigned long ck_mechanism_type_t; + #define CKM_PBE_SHA1_CAST128_CBC (0x3a5) + #define CKM_PBE_SHA1_RC4_128 (0x3a6) + #define CKM_PBE_SHA1_RC4_40 (0x3a7) ++#ifndef OPENSSL_NO_DES + #define CKM_PBE_SHA1_DES3_EDE_CBC (0x3a8) + #define CKM_PBE_SHA1_DES2_EDE_CBC (0x3a9) ++#endif /* OPENSSL_NO_DES */ + #define CKM_PBE_SHA1_RC2_128_CBC (0x3aa) + #define CKM_PBE_SHA1_RC2_40_CBC (0x3ab) + #define CKM_PKCS5_PBKD2 (0x3b0) +-- +2.8.1 + |