aboutsummaryrefslogtreecommitdiff
path: root/package/openssh
Commit message (Collapse)AuthorAgeFilesLines
* package/openssh: bump to version 8.2p1Gravatar Romain Naour4 days2-3/+3
| | | | | | | | | | | | | | | | | | | This new version is mandatory to allow the glibc package bump to version 2.31. Otherwise it's not possible to connect to the remote host, as reported by [1] [2]. Upstream commit [3][4] fixes the issue. [1] https://bugs.archlinux.org/task/65386 [2] https://bugs.gentoo.org/708224 [3] https://github.com/openssh/openssh-portable/commit/beee0ef61866cb567b9abc23bd850f922e59e3f0 [4] https://github.com/openssh/openssh-portable/commit/69298ebfc2c066acee5d187eac8ce9f38c796630 Release Note: https://www.openssh.com/txt/release-8.2 Signed-off-by: Romain Naour <romain.naour@smile.fr> Reviewed-by: David Pierret <david.pierret@smile.fr> Tested-by: David Pierret <david.pierret@smile.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package: rely on systemctl preset-all for buildroot-provided servicesGravatar Jérémy Rosen2019-12-181-3/+0
| | | | | | | | | | | | All the packages in this list have the following properties * units are provided by buildroot in the package directory * the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the [Install] section of the unit does The fix removes the soflinking in the .mk file Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
* package/openssh: bump to version 8.1p1Gravatar Baruch Siach2019-10-152-4/+4
| | | | | | | | | | | This bump is not marked as security bump. The 8.1 release fixes a XMSS key parsing code vulnerability. This code can not be enabled without explicit definition of the WITH_XMSS macro. Update LICENCE hash; converted to UTF-8. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssh: bump to version 8.0p1Gravatar Adam Duskett2019-06-215-503/+3
| | | | | | | Also remove upstream patches. Signed-off-by: Adam Duskett <Aduskett@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openssh: fix build with atomicGravatar Fabrice Fontaine2019-04-261-2/+5
| | | | | | | | | | Use pkg-config to retrieve openssl dependencies such as atomic Fixes: - http://autobuild.buildroot.org/results/33d0e56368ab0e74d523be4837824654a4684746 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: add upstream security fixesGravatar Baruch Siach2019-02-122-0/+461
| | | | | | | | | | | | | | | | | | | | CVE-2019-6109: Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. CVE-2019-6111: Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssh: Add sysusers.d snippetGravatar Chris Lesiak2019-02-062-4/+13
| | | | | | | | | Whether using the new sysusers.d snippet, or adding an entry to /etc/password, set the service's home directory to /var/empty. See README.privsep included as part of the openssh distribution. Signed-off-by: Chris Lesiak <chris.lesiak@licor.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/openssh: Set /var/empty permissionsGravatar Chris Lesiak2019-02-031-0/+4
| | | | | | | | | | | | The openssh privilege separation feature, enabled by default, requires that the path /var/empty exists and has certain permissions (not writable by the sshd user). Note that nothing ever gets writting in this directory, so it works fine on a readonly rootfs. See README.privsep included as part of the openssh distribution. Signed-off-by: Chris Lesiak <chris.lesiak@licor.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
* package/openssh: add upstream security fixGravatar Baruch Siach2019-01-151-0/+39
| | | | | | | | | | | | | | Fixes CVE-2018-20685: The scp client allows server to modify permissions of the target directory by using empty ("D0777 0 \n") or dot ("D0777 0 .\n") directory name. The bug reporter lists a number of related vulnerabilities that are not fixed yet: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package/openssh: use BR2_SYSTEM_DEFAULT_PATH as default PATHGravatar Markus Mayer2018-12-311-0/+1
| | | | | | | | | | | | We use the configuration option $(BR2_SYSTEM_DEFAULT_PATH) to set the default PATH in OpenSSH sessions. $(BR2_SYSTEM_DEFAULT_PATH) is a Kconfig string. So it is already quoted, which is exactly what we want. Signed-off-by: Markus Mayer <mmayer@broadcom.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* openssh: bump to version 7.9p1Gravatar Baruch Siach2018-10-214-96/+3
| | | | | | | | | | Drop patch #1. uClibc no longer includes pthreads.h indirectly. Drop patch #2. The sys/param.h header is included indirectly through the local includes.h header since version 6.8p1. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: security bump to version 7.8Gravatar Baruch Siach2018-08-242-3/+3
| | | | | | | | | | | | | Fixes CVE-2018-15473: user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed. Some OpenSSH developers don't consider this a security issue: https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-August/037138.html Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* openssh: bump to version 7.7p1Gravatar Baruch Siach2018-04-107-149/+3
| | | | | | | Drop upstream patches, renumber the rest. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/openssh: also install ssh-copy-id scriptGravatar Julien BOIBESSOT2018-02-081-0/+6
| | | | | | | | | | | | | This script is useful to copy SSH keys between client and server [1] and installed on most distributions (for example on debian: [2]). [1] https://www.ssh.com/ssh/copy-id [2] https://packages.debian.org/fr/jessie/armhf/openssh-client/filelist Signed-off-by: Julien BOIBESSOT <julien.boibessot@armadeus.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> [Thomas: use full destination path.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
* package/*/Config.in: fix help text check-package warningsGravatar Thomas Petazzoni2017-12-181-2/+3
| | | | | | | | | | | | | This commit fixes the warnings reported by check-package on the help text of all package Config.in files, related to the formatting of the help text: should start with a tab, then 2 spaces, then at most 62 characters. The vast majority of warnings fixed were caused by too long lines. A few warnings were related to spaces being used instead of a tab to indent the help text. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: fix getpagesize() related static linking issueGravatar Peter Korsgaard2017-11-011-0/+35
| | | | | | | | | | | | | | | | | | Fixes: http://autobuild.buildroot.net/results/8cc/8cc30818a400c7a392a3de787cabc9cd8425495f/ The configure script checks for getpagesize() and sets HAVE_GETPAGESIZE in config.h, but bsd-getpagesize.c forgot to include includes.h (which indirectly includes config.h) so the checks always fails, causing linker issues when linking statically on systems with getpagesize(). Fix it by including includes.h. Patch submitted upstream: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-October/036413.html Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.6p1Gravatar Peter Korsgaard2017-10-272-3/+5
| | | | | | | | | | | | | Fixes CVE-2017-15906 - The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files. For more details, see the release notes: https://www.openssh.com/txt/release-7.6 Also add a hash for the license file while we're at it. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: don't download patch from GithubGravatar Thomas Petazzoni2017-07-036-6/+109
| | | | | | | | Patches downloaded from Github are not stable, so bring them in the tree. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: fix sshd for MIPS64 n32Gravatar Vicente Olivert Riera2017-06-212-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch backports two patches that have been sent upstream as a pull request in order to fix sshd for MIPS64 n32. The first patch adds support for detecting the MIPS ABI during the configure phase. The second patch sets the right value to seccomp_audit_arch taking into account the MIPS64 ABI. Currently seccomp_audit_arch is set to AUDIT_ARCH_MIPS64 or AUDIT_ARCH_MIPSEL64 (depending on the endinness) when openssh is built for MIPS64. However, that's only valid for n64 ABI. The right macros for n32 ABI defined in seccomp.h are AUDIT_ARCH_MIPS64N32 and AUDIT_ARCH_MIPSEL64N32, for big and little endian respectively. Because of that an sshd built for MIPS64 n32 rejects connection attempts and the output of strace reveals that the problem is related to seccomp audit: [pid 194] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=57, filter=0x555d5da0}) = 0 [pid 194] write(7, "\0\0\0]\0\0\0\5\0\0\0Ulist_hostkey_types: "..., 97) = ? [pid 193] <... poll resumed> ) = 2 ([{fd=5, revents=POLLIN|POLLHUP}, {fd=6, revents=POLLHUP}]) [pid 194] +++ killed by SIGSYS +++ Pull request: https://github.com/openssh/openssh-portable/pull/71 Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: add support for HW SSL enginesGravatar Gilad Ben-Yossef2017-05-031-0/+7
| | | | | | | | | | | | Enable support for OpenSSH to use a hardware SSL engine if cryptodev-linux is included. Without this, OpenSSH uses only OpenSSL software crypto implementation. Signed-off-by: Gilad Ben-Yossef <gilad@benyossef.com> CC: Baruch Siach <baruch@tkos.co.il> CC: Arnout Vandecappelle <arnout@mind.be> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* boot, package: use SPDX short identifier for BSD-2cGravatar Rahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-2c is BSD-2-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* boot, package: use SPDX short identifier for BSD-3cGravatar Rahul Bedarkar2017-04-011-1/+1
| | | | | | | | | | | We want to use SPDX identifier for license string as much as possible. SPDX short identifier for BSD-3c is BSD-3-Clause. This change is done using following command. find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-3c/BSD-3-Clause/g' Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.5Gravatar Baruch Siach2017-03-212-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | From the release notes (https://www.openssh.com/txt/release-7.5): Security -------- * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by default, sshd offers them as lowest-preference options and will remove them by default entriely in the next release. Reported by Jean Paul Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of Royal Holloway, University of London. * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making a recursive file transfer could be maniuplated by a hostile server to perform a path-traversal attack. creating or modifying files outside of the intended target directory. Reported by Jann Horn of Google Project Zero. [Peter: mention security fixes] Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: Move key generation to the start function of init script.Gravatar Ignacy Gawędzki2017-02-261-3/+3
| | | | | | | | | | Since there's not much point in generating missing host keys when the init script is called with "stop", the call to ssh-keygen should not be done inconditionally, but in the start function instead. Signed-off-by: Ignacy Gawędzki <ignacy.gawedzki@green-communications.fr> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* packages: improve license type listsGravatar Danomi Manchego2017-02-201-1/+1
| | | | | | | | | | | | | | | Make license type lists more uniform: * put content license applies to in parenthesis; ex: "GPLv2+ (programs)" * use commas to separate types listed without conjuction; ex: "GPLv2, LGPLv2" No attempt was made to validate the claimed licenses. This is just a tweak to increase uniformity of the _LICENSE variables. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Reviewed-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> [Thomas: replace semi-colons by commas in LIBURCU_LICENSE.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.4p1Gravatar Gustavo Zacarias2016-12-193-34/+3
| | | | | | | | | | | | | | | | | | | | | Fixes: CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules from paths outside a trusted whitelist CVE-2016-10010 - sshd(8): When privilege separation is disabled, forwarded Unix-domain sockets would be created by sshd(8) with the privileges of 'root' CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key material to privilege-separated child processes via realloc() CVE-2016-10012 - sshd(8): The shared memory manager used by pre-authentication compression support had a bounds checks that could be elided by some optimising compilers http://seclists.org/oss-sec/2016/q4/708 Drop upstream patch. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: add upstream security fixGravatar Baruch Siach2016-11-151-0/+31
| | | | | | | Fixes CVE-2016-8858: Memory exhaustion, up to 128MB, of unauthenticated peer. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: bump version to 7.3p1Gravatar Vicente Olivert Riera2016-08-012-3/+3
| | | | | Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* toolchain: add hidden symbol for PIE supportGravatar Waldemar Brodkorb2016-07-241-6/+1
| | | | | | | | | | | | | uClibc-ng does not support PIE for some architectures as arc and m68k. It isn't implemented in the static linking case, too. With musl toolchains you might have static PIE support with little patching of gcc. Static linking for GNU libc isn't enabled in buildroot. Fixup any package using special treatment of PIE. (grep -ir pie package/*/*.mk) Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> [Thomas: use positive logic.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.2p2Gravatar Gustavo Zacarias2016-03-102-2/+2
| | | | | | | | | Fixes: CVE-2016-3115 - sanitise X11 authentication credentials to avoid xauth command injection when X11Forwarding is enabled. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: bump to version 7.2p1Gravatar Gustavo Zacarias2016-02-292-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.1p2Gravatar Gustavo Zacarias2016-01-142-4/+3
| | | | | | | | | | | | | | | | | | Fixes: CVE-2016-0777 - Client Information leak from use of roaming connection feature. CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH client roaming feature was implemented. A malicious server could potentially use this flaw to execute arbitrary code on a successfully authenticated OpenSSH client if that client used certain non-default configuration options. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Reviewed-by: James Knight <james.knight@rockwellcollins.com> Tested-by: James Knight <james.knight@rockwellcollins.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: Replace 'echo -n' by 'printf'Gravatar Maxime Hadjinlian2015-10-041-2/+2
| | | | | | | | | | | | 'echo -n' is not a POSIX construct (no flag support), we shoud use 'printf', especially in init script. This patch was generated by the following command line: git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/' Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: fix static compilationGravatar Waldemar Brodkorb2015-08-291-0/+4
| | | | | | | | | | PIE and static doesn't work on Linux. Fixes: http://autobuild.buildroot.net/results/dce/dce0202e039f4636d68532c4aab8738938b76650/ Signed-off-by: Waldemar Brodkorb <wbx@openadk.org> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: security bump to version 7.1p1Gravatar Gustavo Zacarias2015-08-252-3/+4
| | | | | | | | | | | | | Fixes: CVE-2015-6563 - Fixed a privilege separation weakness related to PAM support. CVE-2015-6564 - Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code exectuion. CVE-2015-6565 - incorrectly set TTYs to be world-writable. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: selinux and pam supportGravatar Matt Weber2015-07-181-0/+16
| | | | | | | | | [Thomas: in the sed expression, use % as a delimiter instead of /, since the line contains several / that all had to be escaped.] Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> Reviewed-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: bump to version 6.9p1Gravatar Gustavo Zacarias2015-07-022-3/+3
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package: kill pointless text justificationGravatar Gustavo Zacarias2015-04-231-1/+1
| | | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: move systemd service files to /usr/libGravatar Mike Williams2015-03-201-2/+2
| | | | | Signed-off-by: Mike Williams <mike@mikebwilliams.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: bump to version 6.8p1Gravatar Gustavo Zacarias2015-03-183-42/+24
| | | | | Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/*: rename patches according to the new policyGravatar Peter Korsgaard2015-02-032-0/+0
| | | | | | | Autogenerated from rename-patch.py (http://patchwork.ozlabs.org/patch/403345) Signed-off-by: Samuel Martin <s.martin49@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* package: indentation cleanupGravatar Jerzy Grzegorek2014-12-241-2/+8
| | | | | Signed-off-by: Jerzy Grzegorek <jerzy.grzegorek@trzebnica.net> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* package/*/*.mk: Fix indentGravatar Maxime Hadjinlian2014-11-081-1/+1
| | | | | | | | Fix indent for LIBFOO_USERS and LIBFOO_PERMISSIONS as per the manual example. Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com> Acked-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: drop user from skeletonGravatar Gustavo Zacarias2014-10-271-0/+4
| | | | | | | | The sshd privilege drop user doesn't belong in the skeleton, it's exclusively used by OpenSSH. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: place configuration files in /etc/sshGravatar Jérôme Pouiller2014-10-131-1/+1
| | | | | | | | pkg-autotools.mk fix --sysconfdir to "/etc". This patch restore --sysconfdir to its default value (/etc/ssh) Signed-off-by: Jérôme Pouiller <jezz@sysmic.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: mention release announcement in hash fileGravatar Baruch Siach2014-10-071-0/+2
| | | | | | | | Also, add sha1 hash from the announcement. Cc: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: bump to version 6.7p1Gravatar Gustavo Zacarias2014-10-072-1/+3
| | | | | | | Also add hash file. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* packages: rename FOO_CONF_OPT into FOO_CONF_OPTSGravatar Thomas De Schampheleire2014-10-041-3/+3
| | | | | | | | | | | | To be consistent with the recent change of FOO_MAKE_OPT into FOO_MAKE_OPTS, make the same change for FOO_CONF_OPT. Sed command used: find * -type f | xargs sed -i 's#_CONF_OPT\>#&S#g' Signed-off-by: Thomas De Schampheleire <thomas.de.schampheleire@gmail.com> Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
* openssh: Add patch to fix compilation with musl libcGravatar Maarten ter Huurne2014-09-131-0/+66
| | | | | | | | The configure script finds the "howmany" macro, but some of the sources using it do not include the required <sys/param.h> header. Signed-off-by: Maarten ter Huurne <maarten@treewalker.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
* openssh: replace individual ssh-keygen calls with a single callGravatar Danomi Manchego2014-08-031-32/+2
| | | | | | | | | | | | | | | Since openssh-6.0, the ssh-keygen app has supported a -A option, which creates any missing keys. This frees us of having to add new ssh-keygen invocations as new key types are introduced. This also frees us of having to know the default key names and locations. So this patch replaces all the the init.d script invocations with a single "ssh-keygen -A" call. Note: the systemd service script *already* uses this option. Signed-off-by: Danomi Manchego <danomimanchego123@gmail.com> Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>