openssh: upgrade to 6.7p1

* Drop two CVE patches already handled upstream.
* Drop nostrip.patch which no longer applies and use the existing
  --disable-strip configure option instead.
* OpenSSH 6.7+ no longer supports tcp wrappers. We could apply the
  Debian patch to add support back in, but it seems best to follow
  upstream here unless we have a good reason to do otherwise.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>

1 files changed, 0 insertions, 29 deletions

diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch
deleted file mode 100644
index 30c11cf432..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-openssh-CVE-2011-4327
-
-A security flaw was found in the way ssh-keysign,
-a ssh helper program for host based authentication,
-attempted to retrieve enough entropy information on configurations that
-lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
-be executed to retrieve the entropy from the system environment).
-A local attacker could use this flaw to obtain unauthorized access to host keys
-via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
-http://www.openssh.com/txt/portable-keysign-rand-helper.adv
-
-Upstream-Status: Pending
-
-Signed-off-by: Li Wang <li.wang@windriver.com>
---- a/ssh-keysign.c
-+++ b/ssh-keysign.c
-@@ -170,6 +170,10 @@
- 	key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
- 	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
- 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
-+	if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
-+	    fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
-+	    fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
-+		fatal("fcntl failed");
- 
- 	original_real_uid = getuid();	/* XXX readconf.c needs this */
- 	if ((pw = getpwuid(original_real_uid)) == NULL)