aboutsummaryrefslogtreecommitdiff
path: root/package/openssh
Commit message (Collapse)AuthorAgeFilesLines
* openssh: bump version to 7.3p1Gravatar Vicente Olivert Riera2016-08-012-3/+3
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* toolchain: add hidden symbol for PIE supportGravatar Waldemar Brodkorb2016-07-241-6/+1
| | | | | | | | | | | | | uClibc-ng does not support PIE for some architectures as arc and m68k. It isn't implemented in the static linking case, too. With musl toolchains you might have static PIE support with little patching of gcc. Static linking for GNU libc isn't enabled in buildroot. Fixup any package using special treatment of PIE. (grep -ir pie package/*/*.mk) Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> [Thomas: use positive logic.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.2p2Gravatar Gustavo Zacarias2016-03-102-2/+2
| | | | | | | | | Fixes: CVE-2016-3115 - sanitise X11 authentication credentials to avoid xauth command injection when X11Forwarding is enabled. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: bump to version 7.2p1Gravatar Gustavo Zacarias2016-02-292-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.1p2Gravatar Gustavo Zacarias2016-01-142-4/+3
| | | | | | | | | | | | | | | | | | Fixes: CVE-2016-0777 - Client Information leak from use of roaming connection feature. CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: James Knight <james.knight@rockwellcollins.com> Tested-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: Replace 'echo -n' by 'printf'Gravatar Maxime Hadjinlian2015-10-041-2/+2
| | | | | | | | | | | | 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: fix static compilationGravatar Waldemar Brodkorb2015-08-291-0/+4
| | | | | | | | | | PIE and static doesn't work on Linux. Fixes: http://autobuild.buildroot.net/results/dce/dce0202e039f4636d68532c4aab8738938b76650/ Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.1p1Gravatar Gustavo Zacarias2015-08-252-3/+4
| | | | | | | | | | | | | Fixes: CVE-2015-6563 - Fixed a privilege separation weakness related to PAM support. CVE-2015-6564 - Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code exectuion. CVE-2015-6565 - incorrectly set TTYs to be world-writable. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: selinux and pam supportGravatar Matt Weber2015-07-181-0/+16
| | | | | | | | | [Thomas: in the sed expression, use % as a delimiter instead of /, since the line contains several / that all had to be escaped.] Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Reviewed-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: bump to version 6.9p1Gravatar Gustavo Zacarias2015-07-022-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: kill pointless text justificationGravatar Gustavo Zacarias2015-04-231-1/+1
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: move systemd service files to /usr/libGravatar Mike Williams2015-03-201-2/+2
| | | | | Signed-off-by: Mike Williams <mike@mikebwilliams.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: bump to version 6.8p1Gravatar Gustavo Zacarias2015-03-183-42/+24
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/*: rename patches according to the new policyGravatar Peter Korsgaard2015-02-032-0/+0
| | | | | | | Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345) Signed-off-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: indentation cleanupGravatar Jerzy Grzegorek2014-12-241-2/+8
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/*/*.mk: Fix indentGravatar Maxime Hadjinlian2014-11-081-1/+1
| | | | | | | | Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS as per the manual example. Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: drop user from skeletonGravatar Gustavo Zacarias2014-10-271-0/+4
| | | | | | | | The sshd privilege drop user doesn't belong in the skeleton, it's exclusively used by OpenSSH. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: place configuration files in /etc/sshGravatar Jérôme Pouiller2014-10-131-1/+1
| | | | | | | | pkg-autotools.mk fix --sysconfdir to "/etc". This patch restore --sysconfdir to its default value (/etc/ssh) Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: mention release announcement in hash fileGravatar Baruch Siach2014-10-071-0/+2
| | | | | | | | Also, add sha1 hash from the announcement. Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: bump to version 6.7p1Gravatar Gustavo Zacarias2014-10-072-1/+3
| | | | | | | Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSGravatar Thomas De Schampheleire2014-10-041-3/+3
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: Add patch to fix compilation with musl libcGravatar Maarten ter Huurne2014-09-131-0/+66
| | | | | | | | The configure script finds the "howmany" macro, but some of the sources using it do not include the required <sys/param.h> header. Signed-off-by: Maarten ter Huurne <maarten@treewalker.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: replace individual ssh-keygen calls with a single callGravatar Danomi Manchego2014-08-031-32/+2
| | | | | | | | | | | | | | | Since openssh-6.0, the ssh-keygen app has supported a -A option, which creates any missing keys. This frees us of having to add new ssh-keygen invocations as new key types are introduced. This also frees us of having to know the default key names and locations. So this patch replaces all the the init.d script invocations with a single "ssh-keygen -A" call. Note: the systemd service script *already* uses this option. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: disable PIE when building for ARCGravatar Alexey Brodkin2014-07-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes build failure reported here: http://autobuild.buildroot.net/results/262/26218e028f3d2c77c5192b45154627f08384b688/ uClibc toolchain for ARC doesn't support PIE Attempt to build anything with "-pie" option lead to linker failure: arc-buildroot-linux-uclibc-gcc -pie test.c ld: ../4.8-r3/bin/../arc-buildroot-linux-uclibc/sysroot/usr/lib/crt1.o: warning: unresolvable relocation against symbol `__uClibc_main' from .text section ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__deregister_frame_info@@GCC_3.0' from .text section ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__deregister_frame_info@@GCC_3.0' from .text section ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__register_frame_info@@GCC_3.0' from .text section ld: ../4.8-r3/bin/../lib/gcc/arc-buildroot-linux-uclibc/4.8.0/crtbegin.o: warning: unresolvable relocation against symbol `__register_frame_info@@GCC_3.0' from .text section In its turn this behavior confuses configure script of openssh so some options get set improperly. In particular "strnvis" gets determined as existing which causes failure during compilation: log.c:67:25: error: 'VIS_SAFE' undeclared (first use in this function) #define LOG_STDERR_VIS (VIS_SAFE|VIS_OCTAL) With disabled PIE ("--without-pie") openssh gets built without issues. Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com> Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Cc: Anton Kolesov <akolesov@synopsys.com> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: add license informationGravatar Ryan Barnett2014-05-071-0/+2
| | | | | Signed-off-by: Ryan Barnett <rjbarnet@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: security bump to version 6.6p1Gravatar Gustavo Zacarias2014-03-241-11/+1
| | | | | | | | Fixes CVE-2014-2532. SUSv3 deprecation already handled upstream. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: bump to version 6.5p1Gravatar Gustavo Zacarias2014-02-034-582/+18
| | | | | | | | Convert the ever growing drop-SUSv3-legacy patch to a sed expression. Modify the initscript to create ed25519 server key. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: add systemd unit fileGravatar Gustavo Zacarias2013-12-042-3/+21
| | | | | | | And only install sysV-style script when appropiate. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: bump versionGravatar Peter Korsgaard2013-11-101-1/+1
| | | | | | | | | | | | From the announcement: This release fixes a security bug: * sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: bump to version 6.3p1Gravatar Gustavo Zacarias2013-10-223-223/+229
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: needs mmuGravatar Gustavo Zacarias2013-10-071-0/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: fix tab/spacing in init scriptGravatar Danomi Manchego2013-08-271-10/+10
| | | | | | | | | | Several of the lines in S50sshd script have a strange mix of spaces and tabs, that at least do not look consistent with neighboring lines. This patch makes the spacing consistent, and also strips the trailing spaces. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: bump to version 6.2p2Gravatar Gustavo Zacarias2013-06-271-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Normalize separator size to 80Gravatar Alexandre Belloni2013-06-061-2/+2
| | | | | Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: don't use a custom libexec dirGravatar Peter Korsgaard2013-04-251-1/+1
| | | | | | | sftp expects to find sftp-server in the standard (/usr/libexec) location, so ensure it gets installed there. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: bump to version 6.2p1Gravatar Gustavo Zacarias2013-04-141-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: add linux-pam supportGravatar Danomi Manchego2013-03-242-0/+49
| | | | | | | Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Tested-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: bump to version 6.1p1Gravatar Gustavo Zacarias2012-09-092-53/+185
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* all packages: rename XXXTARGETS to xxx-packageGravatar Arnout Vandecappelle (Essensium/Mind)2012-07-171-1/+1
| | | | | | | | | | | | | Also remove the redundant $(call ...). This is a purely mechanical change, performed with find package linux toolchain boot -name \*.mk | \ xargs sed -i -e 's/$(eval $(call GENTARGETS))/$(eval $(generic-package))/' \ -e 's/$(eval $(call AUTOTARGETS))/$(eval $(autotools-package))/' \ -e 's/$(eval $(call CMAKETARGETS))/$(eval $(cmake-package))/' Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: bump to version 6.0p1Gravatar Gustavo Zacarias2012-04-291-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* Remove stray $ character from a bunch of init scriptsGravatar Luca Ceresoli2012-03-151-1/+1
| | | | | Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package: remove useless arguments from AUTOTARGETSGravatar Thomas Petazzoni2011-09-291-1/+1
| | | | | | | | | | Thanks to the pkgparentdir and pkgname functions, we can rewrite the AUTOTARGETS macro in a way that avoids the need for each package to repeat its name and the directory in which it is present. [Peter: pkgdir->pkgparentdir] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: bump to 5.9p1Gravatar Yegor Yefremov2011-09-131-1/+1
| | | | | Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: bump to version 5.8p2Gravatar Gustavo Zacarias2011-05-161-1/+1
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: security bump to version 5.8p1Gravatar Gustavo Zacarias2011-02-142-1/+9
| | | | | | | | http://www.openssh.com/txt/legacy-cert.adv CVE-2011-0539 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssl: pass LDFLAGS to fix incorrect linkGravatar Thomas Petazzoni2011-02-071-1/+1
| | | | | | | | | | | | | | | | | | We already pass the LD variable to openssl in order to use gcc as the driver for the link process, instead of directly using the ld linker. However, we were not passing LDFLAGS so that the compiler flags are passed, which means that with multilib toolchains, the incorrect library variant could be used at link time, leading to invalid binaries (partly ARMv4, partly ARMv5) or broken compilation (when the build took place in soft-float, but the link stage takes place against hard-float libraries). This fixes a problem reported on IRC by amo-ej1 when compiling ssh on PowerPC e500v2 with a CodeSourcery toolchain ("crtbegin.o uses hard float, sshd uses soft float"). Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* package/openssh: Use HTTP instead of FTP for source downloadGravatar Will Newton2010-12-071-1/+1
| | | | | | | HTTP should be more firewall friendly. Signed-off-by: Will Newton <will.newton@imgtec.com> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* openssh: bump to version 5.6p1Gravatar Gustavo Zacarias2010-11-184-61/+444
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
* packages: remove unneeded _INSTALL_TARGET_OPT definitionsGravatar Thomas Petazzoni2010-09-271-2/+0
| | | | | | | | Now that <pkg>_INSTALL_TARGET_OPT always defaults to 'DESTDIR=$(TARGET_DIR) install', we can remove the <pkg>_INSTALL_TARGET_OPT definition from a lot of packages. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: convert old-style hook to new-style hookGravatar Thomas Petazzoni2010-09-121-4/+6
| | | | Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>