| Age | Commit message (Collapse) | Author |
|---|
|
It fixes the following failure:
"fatal: Missing privilege separation directory: /var/run/sshd"
when sshd is started through xinetd.
Signed-off-by: Ming Liu <ming.liu@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
-Remove dependency on meta-systemd
Signed-off-by: Muhammad Shakeel <muhammad_shakeel@mentor.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
If the rootfs is read-only and the ssh keys are not available at system
start-up, the init script will generate ssh keys into /etc/ssh, thus
causing a 'read-only file system' error.
In order for Yocto based image to work correctly for read-only rootfs,
we use the following logic for openssh.
If the rootfs is read-only and there are pre-generated keys under /etc/ssh,
we use the pre-generated keys. Note the pre-generated keys are mainly for
debugging or development purpose.
If the rootfs is read-only and there are no pre-generated keys under
/etc/ssh, we use /var/run/ssh as the location for ssh keys. That is, at
system boot-up, the generated ssh keys will put into /var/run/ssh.
[YOCTO #4887]
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Updated Upstream Status to openssh patch.
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
[sgw - Fixed commit line]
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
start-stop-daemon should be called with '--oknodo' instead of
'-oknodo'.
Signed-off-by: Marc Ferland <ferlandm@sonatest.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Backport patch to fix segment fault due to unaligned memory access
Signed-off-by: Roy.Li <rongqing.li@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
upgrade from 6.2p1 -> 6.2p2
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
from 6.1p1 -> 6.2p1
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
* sysvinit/systemd assumes that update-rc.d can be inhibited
* with systemd enabled, sysvinit scripts are missing in packages
and update-rc.d needs to be put in BAD_RECOMMENDATIONS to prevent
update-rc.d trying to install them in postinst
* update-rd.c shouldn't be in DEPENDS
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
A security flaw was found in the way ssh-keysign,
a ssh helper program for host based authentication,
attempted to retrieve enough entropy information on configurations that
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
be executed to retrieve the entropy from the system environment).
A local attacker could use this flaw to obtain unauthorized access to host keys
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
[YOCTO #3493]
Signed-off-by: Li Wang <li.wang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
openssh: openssh's init fails to restart if sshd is not running
Because of "set -e", it's necessary to specify the -o (or --oknodo)
so that start-stop-daemon returns an exit status of 0 if no actions
are taken.
Signed-off-by: Amy Fong <amy.fong@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
It is considered good practice to use the build system provided
variables instead of directly specify hardcoded paths.
Signed-off-by: Javier Martinez Canillas <javier@dowhile0.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
LICENSE checksum changed due to a trivial difference in the credits
list.
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
|
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
The current sshd postinst and postrm scripts in the OpenSSH make the
package dependant of the adduser/addgroup scripts which may not be
available on all systems.
This patch replaces the sshd postinst and postrm scripts with proper
usage of the useradd and update-rc.d classes.
This patch had been modified from the previous proposed version to
use useradd long options for more clarity.
Signed-off-by: Julian Pidancet <julian.pidancet@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
* Starting with openssh-5.8p1, the server will default to a newer key
algorithm (ECDSA).
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
|
Adding configuration file "sshd" in /etc/pam.d/ for supporting pam.
Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
|
|
Nothing in the system actually uses the PROVIDES field for these
recipes, its usually the runtime packages that are used. We can
therefore remove the PROVIDES and hence quieten the associated
warnings from bitbake.
If these recipes do really need the PROVIDES, they would be better
as virtuals and adding that to MULTI_PROVIDER_WHITELIST.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As discussed on the mailing list, this variable isn't useful and if wanted
would be better implemented by distros using pn-X overrides.
This patch executes:
find . -regex ".*\.\(bb\|inc\)$" | xargs sed -i '/^PRIORITY = ".*"$/d'
against the tree removing the referenced. Thanks to Phil Blundell for
the command.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
LICENCE checksum updated due to a one-line change in the file (RedHat
was added as a copyright holder).
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
for the following recipes:
pcmciautils openssl udev apt gdm
Signed-off-by: Qing He <qing.he@intel.com>
|
|
This is 1259e0289ce53198cc6c57a9616c8a1623be502a in OE.
[RP: Added PR bump]
Signed-off-by: Tom Rini <tom_rini@mentor.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Add Upstream-Status tag to patches for the following recipes:
openssh
dbus-glib
expat
opensp
sgml-common
at
cpio (GPLv3 version)
libpam
icu
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
This allows the openssh meta-package to be used in the
poky-ssh task. Otherwise there will be no package named
openssh to install during image creation.
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
|
[BUGID #281]
Evaluate and update each package in recipes-connectivity to ensure they
have a consistent summary and description.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
|
|
OpenSSH v5.6p1, derived from OpenEmbedded's recipe.
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
|
Ming Liu
Muhammad Shakeel
Jackie Huang
Chen Qi
Andrei Dinu
Marc Ferland
Roy.Li
Martin Jansa
Li Wang
Amy Fong
Saul Wold
Javier Martinez Canillas
Mark Hatle
Scott Garman
Julian Pidancet
Xiaofeng Yan
Richard Purdie
Qing He
Tom Rini