[OE-core] [PATCH] openssh: update from 7.7p1 to 7.8p1
Randy MacLeod
randy.macleod at windriver.com
Thu Aug 30 03:47:47 UTC 2018
On 08/29/2018 11:33 PM, Randy MacLeod wrote:
> Drop the disable-ciphers patch since it has been integrated:
> cec33896 Omit 3des-cbc if OpenSSL built without DES.
>
> Signed-off-by: Randy MacLeod <Randy.MacLeod at windriver.com>
Builds and works both with and without Alex's patch series:
[OE-core] [RFC PATCH 0/6] openssl 1.1.1 update
but I had not noticed:
DEPENDS = "zlib openssl10"
so I'll fix that and re-test if openssl 1.1.1 is accepted.
../Randy
> ---
> ...ciphers-not-supported-by-OpenSSL-DES.patch | 39 -------------------
> .../{openssh_7.7p1.bb => openssh_7.8p1.bb} | 5 +--
> 2 files changed, 2 insertions(+), 42 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
> rename meta/recipes-connectivity/openssh/{openssh_7.7p1.bb => openssh_7.8p1.bb} (96%)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch b/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
> deleted file mode 100644
> index 8a2d1a0a7c..0000000000
> --- a/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
> +++ /dev/null
> @@ -1,39 +0,0 @@
> -From 265eaab8b39d8d8721224a48eefed5bf1696d353 Mon Sep 17 00:00:00 2001
> -From: Hongxu Jia <hongxu.jia at windriver.com>
> -Date: Wed, 18 Apr 2018 21:58:32 +0800
> -Subject: [PATCH] disable ciphers not supported by OpenSSL DES
> -
> -While compiling openssl with option `no-des', it caused the openssh
> -build failure
> -...
> -cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function);
> -...
> -
> -OpenSSL configured that way defines OPENSSL_NO_DES to disable des
> -
> -Suggested by dtucker@
> -
> -Upstream-Status: Submitted [openssh-unix-dev at mindrot.org]
> -
> -Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
> ----
> - cipher.c | 2 ++
> - 1 file changed, 2 insertions(+)
> -
> -diff --git a/cipher.c b/cipher.c
> -index c3cd5dc..86558e1 100644
> ---- a/cipher.c
> -+++ b/cipher.c
> -@@ -82,7 +82,9 @@ struct sshcipher {
> -
> - static const struct sshcipher ciphers[] = {
> - #ifdef WITH_OPENSSL
> -+#ifndef OPENSSL_NO_DES
> - { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
> -+#endif
> - { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
> - { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
> - { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.8p1.bb
> similarity index 96%
> rename from meta/recipes-connectivity/openssh/openssh_7.7p1.bb
> rename to meta/recipes-connectivity/openssh/openssh_7.8p1.bb
> index b3da5f6761..f4b295f2df 100644
> --- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_7.8p1.bb
> @@ -25,13 +25,12 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
> file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
> file://sshd_check_keys \
> file://add-test-support-for-busybox.patch \
> - file://disable-ciphers-not-supported-by-OpenSSL-DES.patch \
> "
>
> PAM_SRC_URI = "file://sshd"
>
> -SRC_URI[md5sum] = "68ba883aff6958297432e5877e9a0fe2"
> -SRC_URI[sha256sum] = "d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f"
> +SRC_URI[md5sum] = "ce1d090fa6239fd38eb989d5e983b074"
> +SRC_URI[sha256sum] = "1a484bb15152c183bb2514e112aa30dd34138c3cfb032eee5490a66c507144ca"
>
> inherit useradd update-rc.d update-alternatives systemd
>
>
--
# Randy MacLeod
# Wind River Linux
More information about the Openembedded-core
mailing list