* [PATCH] openssh: update from 7.7p1 to 7.8p1
@ 2018-08-30 3:33 Randy MacLeod
2018-08-30 3:47 ` Randy MacLeod
0 siblings, 1 reply; 3+ messages in thread
From: Randy MacLeod @ 2018-08-30 3:33 UTC (permalink / raw)
To: openembedded-core
Drop the disable-ciphers patch since it has been integrated:
cec33896 Omit 3des-cbc if OpenSSL built without DES.
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
---
...ciphers-not-supported-by-OpenSSL-DES.patch | 39 -------------------
.../{openssh_7.7p1.bb => openssh_7.8p1.bb} | 5 +--
2 files changed, 2 insertions(+), 42 deletions(-)
delete mode 100644 meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
rename meta/recipes-connectivity/openssh/{openssh_7.7p1.bb => openssh_7.8p1.bb} (96%)
diff --git a/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch b/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
deleted file mode 100644
index 8a2d1a0a7c..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 265eaab8b39d8d8721224a48eefed5bf1696d353 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Wed, 18 Apr 2018 21:58:32 +0800
-Subject: [PATCH] disable ciphers not supported by OpenSSL DES
-
-While compiling openssl with option `no-des', it caused the openssh
-build failure
-...
-cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function);
-...
-
-OpenSSL configured that way defines OPENSSL_NO_DES to disable des
-
-Suggested by dtucker@
-
-Upstream-Status: Submitted [openssh-unix-dev@mindrot.org]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- cipher.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/cipher.c b/cipher.c
-index c3cd5dc..86558e1 100644
---- a/cipher.c
-+++ b/cipher.c
-@@ -82,7 +82,9 @@ struct sshcipher {
-
- static const struct sshcipher ciphers[] = {
- #ifdef WITH_OPENSSL
-+#ifndef OPENSSL_NO_DES
- { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
-+#endif
- { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
- { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
- { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
---
-2.7.4
-
diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.8p1.bb
similarity index 96%
rename from meta/recipes-connectivity/openssh/openssh_7.7p1.bb
rename to meta/recipes-connectivity/openssh/openssh_7.8p1.bb
index b3da5f6761..f4b295f2df 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.8p1.bb
@@ -25,13 +25,12 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
- file://disable-ciphers-not-supported-by-OpenSSL-DES.patch \
"
PAM_SRC_URI = "file://sshd"
-SRC_URI[md5sum] = "68ba883aff6958297432e5877e9a0fe2"
-SRC_URI[sha256sum] = "d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f"
+SRC_URI[md5sum] = "ce1d090fa6239fd38eb989d5e983b074"
+SRC_URI[sha256sum] = "1a484bb15152c183bb2514e112aa30dd34138c3cfb032eee5490a66c507144ca"
inherit useradd update-rc.d update-alternatives systemd
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] openssh: update from 7.7p1 to 7.8p1
2018-08-30 3:33 [PATCH] openssh: update from 7.7p1 to 7.8p1 Randy MacLeod
@ 2018-08-30 3:47 ` Randy MacLeod
2018-08-30 6:04 ` Randy MacLeod
0 siblings, 1 reply; 3+ messages in thread
From: Randy MacLeod @ 2018-08-30 3:47 UTC (permalink / raw)
To: openembedded-core, Alexander Kanavin
On 08/29/2018 11:33 PM, Randy MacLeod wrote:
> Drop the disable-ciphers patch since it has been integrated:
> cec33896 Omit 3des-cbc if OpenSSL built without DES.
>
> Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Builds and works both with and without Alex's patch series:
[OE-core] [RFC PATCH 0/6] openssl 1.1.1 update
but I had not noticed:
DEPENDS = "zlib openssl10"
so I'll fix that and re-test if openssl 1.1.1 is accepted.
../Randy
> ---
> ...ciphers-not-supported-by-OpenSSL-DES.patch | 39 -------------------
> .../{openssh_7.7p1.bb => openssh_7.8p1.bb} | 5 +--
> 2 files changed, 2 insertions(+), 42 deletions(-)
> delete mode 100644 meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
> rename meta/recipes-connectivity/openssh/{openssh_7.7p1.bb => openssh_7.8p1.bb} (96%)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch b/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
> deleted file mode 100644
> index 8a2d1a0a7c..0000000000
> --- a/meta/recipes-connectivity/openssh/openssh/disable-ciphers-not-supported-by-OpenSSL-DES.patch
> +++ /dev/null
> @@ -1,39 +0,0 @@
> -From 265eaab8b39d8d8721224a48eefed5bf1696d353 Mon Sep 17 00:00:00 2001
> -From: Hongxu Jia <hongxu.jia@windriver.com>
> -Date: Wed, 18 Apr 2018 21:58:32 +0800
> -Subject: [PATCH] disable ciphers not supported by OpenSSL DES
> -
> -While compiling openssl with option `no-des', it caused the openssh
> -build failure
> -...
> -cipher.c:85:41: error: 'EVP_des_ede3_cbc' undeclared here (not in a function);
> -...
> -
> -OpenSSL configured that way defines OPENSSL_NO_DES to disable des
> -
> -Suggested by dtucker@
> -
> -Upstream-Status: Submitted [openssh-unix-dev@mindrot.org]
> -
> -Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
> ----
> - cipher.c | 2 ++
> - 1 file changed, 2 insertions(+)
> -
> -diff --git a/cipher.c b/cipher.c
> -index c3cd5dc..86558e1 100644
> ---- a/cipher.c
> -+++ b/cipher.c
> -@@ -82,7 +82,9 @@ struct sshcipher {
> -
> - static const struct sshcipher ciphers[] = {
> - #ifdef WITH_OPENSSL
> -+#ifndef OPENSSL_NO_DES
> - { "3des-cbc", 8, 24, 0, 0, CFLAG_CBC, EVP_des_ede3_cbc },
> -+#endif
> - { "aes128-cbc", 16, 16, 0, 0, CFLAG_CBC, EVP_aes_128_cbc },
> - { "aes192-cbc", 16, 24, 0, 0, CFLAG_CBC, EVP_aes_192_cbc },
> - { "aes256-cbc", 16, 32, 0, 0, CFLAG_CBC, EVP_aes_256_cbc },
> ---
> -2.7.4
> -
> diff --git a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb b/meta/recipes-connectivity/openssh/openssh_7.8p1.bb
> similarity index 96%
> rename from meta/recipes-connectivity/openssh/openssh_7.7p1.bb
> rename to meta/recipes-connectivity/openssh/openssh_7.8p1.bb
> index b3da5f6761..f4b295f2df 100644
> --- a/meta/recipes-connectivity/openssh/openssh_7.7p1.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_7.8p1.bb
> @@ -25,13 +25,12 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
> file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
> file://sshd_check_keys \
> file://add-test-support-for-busybox.patch \
> - file://disable-ciphers-not-supported-by-OpenSSL-DES.patch \
> "
>
> PAM_SRC_URI = "file://sshd"
>
> -SRC_URI[md5sum] = "68ba883aff6958297432e5877e9a0fe2"
> -SRC_URI[sha256sum] = "d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f"
> +SRC_URI[md5sum] = "ce1d090fa6239fd38eb989d5e983b074"
> +SRC_URI[sha256sum] = "1a484bb15152c183bb2514e112aa30dd34138c3cfb032eee5490a66c507144ca"
>
> inherit useradd update-rc.d update-alternatives systemd
>
>
--
# Randy MacLeod
# Wind River Linux
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] openssh: update from 7.7p1 to 7.8p1
2018-08-30 3:47 ` Randy MacLeod
@ 2018-08-30 6:04 ` Randy MacLeod
0 siblings, 0 replies; 3+ messages in thread
From: Randy MacLeod @ 2018-08-30 6:04 UTC (permalink / raw)
To: openembedded-core, Alexander Kanavin
On 08/29/2018 11:47 PM, Randy MacLeod wrote:
>
> Builds and works both with and without Alex's patch series:
> [OE-core] [RFC PATCH 0/6] openssl 1.1.1 update
>
> but I had not noticed:
> DEPENDS = "zlib openssl10"
Alex's patch series already fixed that:
-DEPENDS = "zlib openssl10"
+DEPENDS = "zlib libressl"
so I don't need to do any additional tests.
libressl+openssh queries below for the curious.
../Randy
root@qemux86-64:~# rpm -qa | grep libressl
libressl-2.8.0-r0.core2_64
root@qemux86-64:~# rpm -qa | grep openssh
openssh-sshd-7.8p1-r0.core2_64
openssh-keygen-7.8p1-r0.core2_64
openssh-ssh-7.8p1-r0.core2_64
openssh-scp-7.8p1-r0.core2_64
openssh-7.8p1-r0.core2_64
packagegroup-core-ssh-openssh-1.0-r1.noarch
root@qemux86-64:~# rpm -qa | grep openssl
openssl-conf-1.1.1+pre9-r0.core2_64
openssl-1.1.1+pre9-r0.core2_64
root@qemux86-64:~# rpm -ql libressl | grep so
/usr/lib/libcrypto.so.43
/usr/lib/libcrypto.so.43.1.0
/usr/lib/libssl.so.45
/usr/lib/libssl.so.45.1.0
/usr/lib/libtls.so.17
/usr/lib/libtls.so.17.1.0
root@qemux86-64:~# ldd /usr/sbin/sshd
linux-vdso.so.1 (0x00007ffd797f7000)
libcrypto.so.43 => /usr/lib/libcrypto.so.43 (0x00007fcd91630000)
libutil.so.1 => /lib/libutil.so.1 (0x00007fcd9162b000)
libz.so.1 => /lib/libz.so.1 (0x00007fcd91611000)
libcrypt.so.1 => /usr/lib/libcrypt.so.1 (0x00007fcd915e6000)
libc.so.6 => /lib/libc.so.6 (0x00007fcd9142c000)
libpthread.so.0 => /lib/libpthread.so.0 (0x00007fcd9140b000)
/lib/ld-linux-x86-64.so.2 (0x00007fcd918c8000)
root@qemux86-64:~# ldd /usr/bin/ssh.openssh | grep crypto
libcrypto.so.43 => /usr/lib/libcrypto.so.43 (0x00007f7ea43bc000)
>
> so I'll fix that and re-test if openssl 1.1.1 is accepted.
--
# Randy MacLeod
# Wind River Linux
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-08-30 6:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-08-30 3:33 [PATCH] openssh: update from 7.7p1 to 7.8p1 Randy MacLeod
2018-08-30 3:47 ` Randy MacLeod
2018-08-30 6:04 ` Randy MacLeod
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.