diff options
| author | Andrew Geissler <geissonator@yahoo.com> | 2023-10-03 17:44:52 +0300 |
|---|---|---|
| committer | Andrew Geissler <geissonator@yahoo.com> | 2023-10-03 18:04:36 +0300 |
| commit | 1e488cdf844bf4aa82d3c90875a56fb35c7f210d (patch) | |
| tree | be163d890651760d24effea503cd567df3e119b5 /poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch | |
| parent | 4f6b1c0dcf9f9cb734f71b277af913e0d58c503f (diff) | |
| download | openbmc-1e488cdf844bf4aa82d3c90875a56fb35c7f210d.tar.xz | |
subtree updates oct 3 2023mickledore
poky: fc25449687..a61e021c65:
Alberto Planas (1):
bitbake.conf: add unzstd in HOSTTOOLS
Alejandro Hernandez Samaniego (2):
baremetal-helloworld: Update SRCREV to fix entry addresses for ARM architectures
baremetal-helloworld: Fix race condition
Alex Kiernan (2):
rootfs: Add debugfs package db file copy and cleanup
rpm: Pick debugfs package db files/dirs explicitly
Alexander Kanavin (35):
maintaines.inc: unassign Richard Weinberger from erofs-utils entry
maintainers.inc: unassign Andreas Müller from itstool entry
maintainers.inc: unassign Pascal Bach from cmake entry
maintainers.inc: correct unassigned entries
maintainers.inc: correct Carlos Rafael Giani's email address
apr: upgrade 1.7.3 -> 1.7.4
scripts/runqemu: split lock dir creation into a reusable function
scripts/runqemu: allocate unfsd ports in a way that doesn't race or clash with unrelated processes
qemu: a pending patch was submitted and accepted upstream
maintainers.inc: unassign Adrian Bunk from wireless-regdb
maintainers.inc: unassign Alistair Francis from opensbi
maintainers.inc: unassign Chase Qi from libc-test
maintainers.inc: unassign Oleksandr Kravchuk from python3 and all other items
maintainers.inc: unassign Ricardo Neri from ovmf
grub: submit determinism.patch upstream
gawk: upgrade 5.2.1 -> 5.2.2
gnupg: upgrade 2.4.0 -> 2.4.2
libx11: upgrade 1.8.4 -> 1.8.5
linux-firmware: upgrade 20230404 -> 20230515
serf: upgrade 1.3.9 -> 1.3.10
wget: upgrade 1.21.3 -> 1.21.4
wireless-regdb: upgrade 2023.02.13 -> 2023.05.03
gdb: upgrade 13.1 -> 13.2
sysfsutils: fetch a supported fork from github
diffutils: update 3.9 -> 3.10
libproxy: fetch from git
cargo.bbclass: set up cargo environment in common do_compile
rust-common.bbclass: move musl-specific linking fix from rust-source.inc
Revert "rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock"
ref-manual: document image-specific variant of INCOMPATIBLE_LICENSE
glibc-locale: use stricter matching for metapackages' runtime dependencies
devtool/upgrade: raise an error if extracting source produces more than one directory
curl: ensure all ptest failures are caught
python3: upgrade 3.11.2 -> 3.11.3
python3: update 3.11.3 -> 3.11.4
Alexis Lothoré (2):
scripts/resulttool: add mention about new detected tests
oeqa/utils/gitarchive: fix tag computation when creating archive
Andrej Valek (2):
busybox: 1.36.0 -> 1.36.1
maintainers.inc: Modify email address
Anuj Mittal (7):
gstreamer1.0: upgrade 1.22.2 -> 1.22.3
selftest/cases/glibc.py: fix the override syntax
glibc/check-test-wrapper: don't emit warnings from ssh
selftest/cases/glibc.py: increase the memory for testing
oeqa/utils/nfs: allow requesting non-udp ports
selftest/cases/glibc.py: switch to using NFS over TCP
gstreamer1.0: upgrade 1.22.4 -> 1.22.5
Archana Polampalli (3):
qemu: fix CVE-2023-0330
bind: upgrade 9.18.15 -> 9.18.16
vim: upgrade 9.0.1592 -> 9.0.1664
BELOUARGA Mohamed (2):
meta: lib: oe: npm_registry: Add more safe caracters
linux-firmware : Add firmware of RTL8822 serie
Benjamin Bouvier (1):
util-linux: add alternative links for ipcs,ipcrm
Bruce Ashfield (33):
linux-yocto/6.1: update to v6.1.26
linux-yocto/6.1: update to v6.1.27
linux-yocto/6.1: update to v6.1.28
linux-yocto/6.1: update to v6.1.29
linux-yocto/6.1: update to v6.1.30
linux-yocto/6.1: update to v6.1.31
linux-yocto/6.1: update to v6.1.32
linux-yocto/5.15: update to v5.15.114
linux-yocto/5.15: update to v5.15.115
linux-yocto/5.15: update to v5.15.116
linux-yocto/5.15: update to v5.15.117
linux-yocto/5.15: update to v5.15.118
linux-yocto/5.15: cfg: fix DECNET configuration warning
linux-yocto/6.1: update to v6.1.33
linux-yocto/6.1: fix intermittent x86 boot hangs
linux-yocto/6.1: update to v6.1.34
linux-yocto/6.1: update to v6.1.35
linux-yocto/5.15: update to v5.15.119
linux-yocto/5.15: update to v5.15.120
linux-yocto/6.1: update to v6.1.36
linux-yocto/6.1: update to v6.1.37
linux-yocto/6.1: update to v6.1.38
linux-yocto/5.15: update to v5.15.122
linux-yocto/5.15: update to v5.15.123
linux-yocto/5.15: update to v5.15.124
linux-yocto/6.1: cfg: update ima.cfg to match current meta-integrity
linux-yocto/6.1: update to v6.1.41
linux-yocto/6.1: update to v6.1.43
linux-yocto/6.1: update to v6.1.44
linux-yocto/6.1: update to v6.1.45
linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.1: update to v6.1.46
linux-yocto/6.1: fix IRQ-80 warnings
Changqing Li (4):
systemd: fix a dead link under /var/log
dnf: only write the log lock to root for native dnf
rootfs-postcommands.bbclass: add post func remove_unused_dnf_log_lock
erofs-utils: fix CVE-2023-33551/CVE-2023-33552
Charlie Wu (1):
devtool: Fix the wrong variable in srcuri_entry
Chee Yang Lee (6):
python3-requests: fix CVE-2023-32681
curl: fix CVE-2023-32001
ghostscript: fix CVE-2023-38559
librsvg: upgrade to 2.54.6
libssh2: fix CVE-2020-22218
python3: update to 3.11.5
Chen Qi (13):
cmake.bbclass: do not search host paths for find_program()
qemurunner.py: fix error message about qmp
sdk.py: error out when moving file fails
sdk.py: fix moving dnf contents
rpm: write macros under libdir
zip: fix configure check by using _Static_assert
zip: remove unnecessary LARGE_FILE_SUPPORT CLFAGS
unzip: fix configure check for cross compilation
unzip: remove hardcoded LARGE_FILE_SUPPORT
ncurses: fix CVE-2023-29491
cmake.bbclass: fix allarch override syntax
multilib.conf: explicitly make MULTILIB_VARIANTS vardeps on MULTILIBS
gcc-crosssdk: ignore MULTILIB_VARIANTS in signature computation
Daniel Semkowicz (1):
dev-manual: wic.rst: Update native tools build command
Deepthi Hemraj (2):
glibc: stable 2.37 branch updates.
binutils: stable 2.40 branch updates
Denys Dmytriyenko (1):
binutils: move packaging of gprofng static lib into common .inc
Dmitry Baryshkov (3):
openssl: fix building on riscv32
linux-firmware: package firmare for Dragonboard 410c
linux-firmware: split platform-specific Adreno shaders to separate packages
Ed Beroset (1):
ref-manual: add clarification for SRCREV
Enrico Scholz (1):
shadow-sysroot: add license information
Etienne Cordonnier (2):
libxcrypt: fix hard-coded ".so" extension
vim: update obsolete comment
Fabien Mahot (2):
useradd-example: package typo correction
oeqa/selftest/bbtests: add non-existent prefile/postfile tests
Frieder Paape (1):
image_types: Fix reproducible builds for initramfs and UKI img
Frieder Schrempf (1):
psmisc: Set ALTERNATIVE for pstree to resolve conflict with busybox
Hannu Lounento (1):
profile-manual: fix blktrace remote usage instructions
Ian Ray (1):
systemd-systemctl: support instance expansion in WantedBy
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Jermain Horsman (1):
logrotate: Do not create logrotate.status file
Joe Slater (1):
ghostscript: fix CVE-2023-36664
Joel Stanley (1):
kernel: don't fail if Modules.symvers doesn't exist
Jose Quaresma (8):
kernel: config modules directories are handled by kernel-module-split
kernel-module-split: install config modules directories only when they are needed
kernel-module-split: use context manager to open files
kernel-module-split: make autoload and probeconf distribution specific
kernel-module-split add systemd modulesloaddir and modprobedir config
openssl: add PERLEXTERNAL path to test its existence
openssl: use a glob on the PERLEXTERNAL to track updates on the path
go: update 1.20.5 -> 1.20.6
Julien Stephan (1):
automake: fix buildtest patch
Jörg Sommer (2):
runqemu-gen-tapdevs: Refactoring
runqemu-ifupdown/get-tapdevs: Add support for ip tuntap
Kai Kang (4):
pm-utils: fix multilib conflictions
webkitgtk: 2.38.5 -> 2.38.6
webkitgtk: fix CVE-2023-32439
webkitgtk: fix CVE-2023-32435
Khem Raj (10):
systemd: Drop a backport
perf: Make built-in libtraceevent plugins cohabit with external libtraceevent
glibc: Pass linker choice via compiler flags
babeltrace2: Always use BFD linker when building tests with ld-is-lld distro feature
parted: Add missing libuuid to linker cmdline for libparted-fs-resize.so
rpcsvc-proto: Upgrade to 1.4.4
libxml2: Do not use lld linker when building with tests on rv64
python3-bcrypt: Use BFD linker when building tests
meson.bbclass: Point to llvm-config from native sysroot
build-sysroots: Add SUMMARY field
Lee Chee Yang (7):
migration-guides: add release notes for 4.0.10
migration-guides: add release notes for 4.0.11
migration-guides: add release notes for 4.2.2
migration-guides: add release notes for 4.2.3
migration-guides: add release notes for 4.0.12
bind: update to 9.18.19
ffmpeg: 5.1.2 -> 5.1.3
Marc Ferland (1):
connman: fix warning by specifying runstatedir at configure time
Marek Vasut (1):
linux-firmware: Fix mediatek mt7601u firmware path
Mark Hatle (1):
tcf-agent: Update to 1.8.0 release
Markus Niebel (1):
wic: fix wrong attempt to create file system in upartitioned regions
Markus Volk (3):
ell: upgrade 0.56 -> 0.57
gtk4: upgrade 4.10.3 -> 4.10.4
gtk4: upgrade 4.10.4 -> 4.10.5
Martin Jansa (8):
libx11: remove unused patch and FILESEXTRAPATHS
qemu: remove unused qemu-7.0.0-glibc-2.36.patch
minicom: remove unused patch files
inetutils: remove unused patch files
libgloss: remove unused patch file
kmod: remove unused ptest.patch
tcl: prevent installing another copy of tzdata
gcc: backport a fix for ICE caused by CVE-2023-4039.patch
Michael Halstead (4):
resulttool/resultutils: allow index generation despite corrupt json
yocto-uninative: Update hashes for uninative 4.1
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
Michael Opdenacker (13):
ref-manual: releases.svg: updates
conf.py: add macro for Mitre CVE links
ref-manual: LTS releases now supported for 4 years
poky.conf: update SANITY_TESTED_DISTROS to match autobuilder
scripts/create-pull-request: update URLs to git repositories
ref-manual: system-requirements: update supported distros
manuals: add new contributor guide
dev-manual: disk-space: mention faster "find" command to trim sstate cache
sdk-manual: extensible.rst: fix multiple formatting issues
dev-manual: disk-space: improve wording for obsolete sstate cache files
dev-manual: new-recipe.rst fix inconsistency with contributor guide
contributor-guide: recipe-style-guide: add Upstream-Status
dev-manual: licenses: mention SPDX for license compliance
Mikko Rapeli (1):
useradd-staticids.bbclass: improve error message
Mingli Yu (5):
curl: fix CVE-2023-28319 through CVE-2023-28322
python3-numpy: remove NPY_INLINE, use inline instead
acpica: Update SRC_URI
cups: Fix CVE-2023-34241
ruby: Fix CVE-2023-36617
Narpat Mali (5):
python3-certifi: upgrade 2022.12.7 -> 2023.7.22
ffmpeg: add CVE_CHECK_IGNORE for CVE-2023-39018
python3-git: upgrade 3.1.31 -> 3.1.32
python3-pygments: fix for CVE-2022-40896
python3-git: upgrade 3.1.32 -> 3.1.37
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-2731
Oleksandr Hnatiuk (2):
file: return wrapper to fix builds when file is in buildtools-tarball
file: fix the way path is written to environment-setup.d
Ovidiu Panait (7):
mdadm: fix util-linux ptest dependency
mdadm: fix 07revert-inplace ptest
mdadm: fix segfaults when running ptests
mdadm: skip running known broken ptests
mdadm: re-add mdadm-ptest to PTESTS_SLOW
mdadm: add util-linux-blockdev ptest dependency
mdadm: skip running 04update-uuid and 07revert-inplace testcases
Peter Marko (7):
cve-update-nvd2-native: fix cvssV3 metrics
cve-update-nvd2-native: retry all errors and sleep between retries
cve-update-nvd2-native: increase retry count
libjpeg-turbo: patch CVE-2023-2804
python3: ignore CVE-2023-36632
libarchive: ignore CVE-2023-30571
openssl: Upgrade 3.1.1 -> 3.1.2
Peter Suti (1):
externalsrc: fix dependency chain issues
Poonam Jadhav (1):
pixman: Remove duplication of license MIT
Quentin Schulz (3):
docs: bsp-guide: bsp: fix typo
docs: ref-manual: terms: fix typos in SPDX term
uboot-extlinux-config.bbclass: fix old override syntax in comment
Randolph Sapp (6):
weston-init: make sure the render group exists
weston-init: add weston user to the render group
weston-init: add the weston user to the wayland group
weston-init: fix the mixed indentation
weston-init: guard against systemd configs
weston-init: add profile to point users to global socket
Richard Purdie (24):
selftest/license: Exclude from world
layer.conf: Add missing dependency exclusion
v86d: Improve kernel dependency
strace: Disable failing test
bitbake: runqueue: Fix deferred task/multiconfig race issue
strace: Merge two similar patches
strace: Update patches/tests with upstream fixes
ptest-runner: Pull in sync fix to improve log warnings
ptest-runner: Ensure data writes don't race
ptest-runner: Pull in "runner: Remove threads and mutexes" fix
gcc-testsuite: Fix ppc cpu specification
ptest-runner: Pull in parallel test fixes and output handling
glibc-testsuite: Fix network restrictions causing test failures
oeqa/target/ssh: Ensure EAGAIN doesn't truncate output
oeqa/runtime/ltp: Increase ltp test output timeout
ltp: Add kernel loopback module dependency
target/ssh: Ensure exit code set for commands
oeqa/ssh: Further improve process exit handling
pseudo: Fix to work with glibc 2.38
lib/package_manager: Improve repo artefact filtering
gnupg: Fix reproducibility failure
resulttool/report: Avoid divide by zero
build-sysroots: Ensure dependency chains are minimal
vim: Upgrade 9.0.1664 -> 9.0.1894
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Roland Hieber (2):
template: fix typo in section header
ref-manual: point outdated link to the new location
Ross Burton (24):
ninja: ignore CVE-2021-4336, wrong ninja
binutils: fix CVE-2023-1972
pkgconf: upgrade 1.9.4 -> 1.9.5
git: upgrade to 2.39.3
gobject-introspection: remove obsolete DEPENDS
cve-update-nvd2-native: handle all configuration nodes, not just first
cve-update-nvd2-native: use exact times, don't truncate
cve-update-nvd2-native: log a little more
cve-update-nvd2-native: actually use API keys
tiff: upgrade to 4.5.1
gcc: don't pass --enable-standard-branch-protection
machine/arch-arm64: add -mbranch-protection=standard
pkgconf: update SRC_URI
python3: fix missing comma in get_module_deps3.py
oeqa/runtime/cases/rpm: fix wait_for_no_process_for_user failure case
rootfs_rpm: don't depend on opkg-native for update-alternatives
ltp: add RDEPENDS on findutils
openssh: upgrade to 9.3p2
linux-yocto: add script to generate kernel CVE_CHECK_IGNORE entries
linux/cve-exclusion: add generated CVE_CHECK_IGNOREs
procps: backport fix for CVE-2023-4016
graphene: fix runtime detection of IEEE754 behaviour
gcc: Fix -fstack-protector issue on aarch64
linux-yocto: update CVE exclusions
Sakib Sajal (4):
go: Upgrade 1.20.4 -> 1.20.5
bno_plot.py, btt_plot.py: Ask for python3 specifically
go: fix CVE-2023-24531
go: upgrade 1.20.6 -> 1.20.7
Sanjana (1):
binutils: Fix CVE-2023-39128
Sanjay Chitroda (2):
cups: Fix CVE-2023-32324
curl: Add CVE-2023-28320 follow-up fix
Siddharth (1):
tiff: Security fix for CVE-2023-25434 and CVE-2023-26965
Siddharth Doshi (1):
gdb: Fix CVE-2023-39128
Soumya (1):
perl: Fix CVE-2023-31484 & CVE-2023-31486
Staffan Rydén (1):
kernel: Fix path comparison in kernel staging dir symlinking
Steve Sakoman (6):
maintainers.inc: update version for gcc-source
Revert "systemd: fix a dead link under /var/log"
poky.conf: bump version for 4.2.2 release
build-appliance-image: Update to mickledore head revision
poky.conf: bump version for 4.2.3 release
build-appliance-image: Update to mickledore head revision
Stéphane Veyret (1):
scripts/oe-setup-builddir: copy conf-notes.txt to build dir
Sudip Mukherjee (2):
dpkg: upgrade to v1.21.22
bind: upgrade to v9.18.17
Sundeep KOKKONDA (1):
gcc : upgrade to v12.3
Thomas Roos (1):
testimage/oeqa: Drop testimage_dump_host functionality
Tim Orling (1):
openssl: upgrade 3.1.0 -> 3.1.1
Tom Hochstein (1):
weston: Cleanup and fix x11 and xwayland dependencies
Trevor Gamblin (4):
bind: upgrade 9.18.13 -> 9.18.14
glib-networking: use correct error code in ptest
vim: upgrade 9.0.1527 -> 9.0.1592
linux-firmware: upgrade 20230515 -> 20230625
Wang Mingyu (24):
babeltrace2: upgrade 2.0.4 -> 2.0.5
fribidi: upgrade 1.0.12 -> 1.0.13
libdnf: upgrade 0.70.0 -> 0.70.1
libmicrohttpd: upgrade 0.9.76 -> 0.9.77
libxft: upgrade 2.3.7 -> 2.3.8
libxpm: upgrade 3.5.15 -> 3.5.16
mobile-broadband-provider-info: upgrade 20221107 -> 20230416
bind: upgrade 9.18.14 -> 9.18.15
xdpyinfo: upgrade 1.3.3 -> 1.3.4
libxml2: upgrade 2.10.3 -> 2.10.4
freetype: upgrade 2.13.0 -> 2.13.1
gstreamer1.0: upgrade 1.22.3 -> 1.22.4
libassuan: upgrade 2.5.5 -> 2.5.6
libksba: upgrade 1.6.3 -> 1.6.4
libx11: upgrade 1.8.5 -> 1.8.6
lttng-ust: upgrade 2.13.5 -> 2.13.6
taglib: upgrade 1.13 -> 1.13.1
libwebp: upgrade 1.3.0 -> 1.3.1
libnss-nis: upgrade 3.1 -> 3.2
opkg: upgrade 0.6.1 -> 0.6.2
opkg-utils: upgrade 0.5.0 -> 0.6.2
file: upgrade 5.44 -> 5.45
tar: upgrade 1.34 -> 1.35
bind: upgrade 9.18.17 -> 9.18.18
Xiangyu Chen (1):
dbus: upgrade 1.14.6 -> 1.14.8
Yash Shinde (1):
glibc: fix CVE-2023-4527
Yi Zhao (1):
ifupdown: install missing directories
Yoann Congal (3):
recipetool: Fix inherit in created -native* recipes
oeqa/selftest/devtool: add unit test for "devtool add -b"
dev-manual: remove unsupported :term: markup inside markup
Yogita Urade (8):
dmidecode: fix CVE-2023-30630
qemu: fix CVE-2023-3301
qemu: fix CVE-2023-3255
qemu: fix CVE-2023-2861
inetutils: fix CVE-2023-40303
nghttp2: fix CVE-2023-35945
dropbear: fix CVE-2023-36328
qemu: fix CVE-2023-3354
Yuta Hayama (1):
systemd-systemctl: fix errors in instance name expansion
nikhil (1):
libwebp: Fix CVE-2023-1999
sanjana (2):
binutils: stable 2.40 branch updates
glibc: stable 2.37 branch updates
meta-openembedded: 9286582126..922f41b39f:
Armin Kuster (1):
openldap: update to 2.5.16.
Beniamin Sandu (1):
lmsensors: do not pull in unneeded perl modules for run-time dependencies
Changqing Li (2):
redis: upgrade 6.2.12 -> 6.2.13
redis: upgrade 7.0.11 -> 7.0.12
Chee Yang Lee (2):
rabbitmq-c: Fix CVE-2023-35789
c-ares: upgrade 1.19.0 -> 1.19.1
Chen Qi (3):
redis: use the files path correctly
grpc: fix CVE-2023-32732
grpc: fix CVE-2023-33953
Chris Dimich (1):
image_types_sparse: Fix syntax error
Hitendra Prajapati (4):
wireshark: Fix CVE-2023-2855 & CVE-2023-2856
wireshark: Fix CVE-2023-2858 & CVE-2023-2879
wireshark: CVE-2023-2952 XRA dissector infinite loop
wireshark: Fix Multiple CVEs
Jasper Orschulko (1):
yaml-cpp: Fix cmake export
Joe Slater (3):
libgpiod: modify test 'gpioset: toggle (continuous)'
python3-sqlparse: fix CVE-2023-30608
libgpiod: modify RDEPENDS for ptest
Khem Raj (2):
fftw: Check for TOOLCHAIN_OPTIONS to be non-empty before sed ops
system-config-printer: Delete __pycache__ files
Lee Chee Yang (2):
opensc: fix CVE-2023-2977
x11vnc: Fix CVE-2020-29074
Linus Jacobson (1):
khronos-cts: Replace wayland feature dependancy with vulkan
Martin Jansa (5):
libiio: use main branch instead of master
mongodb: enable hardware crc32 only with crc in TUNE_FEATURES
khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python
libcyusbserial: fix installed-vs-shipped QA issue with multilib
tcpreplay: fix pcap detection with /usr/lib32 multilib
Mingli Yu (6):
dialog: Update the SRC_URI
gnulib: Update SRC_URI
yajl: Fix CVE-2023-33460
iniparser: Fix CVE-2023-33461
php: Upgrade to 8.2.8
mcelog: Drop unneeded autotools-brokensep
Polampalli, Archana (6):
tcpreplay: upgrade 4.4.3 -> 4.4.4
nodejs: upgrade 18.14.2 -> 18.16.1
yasm: fix CVE-2023-31975
nodejs: upgrade 18.16.1 -> 18.17.1
hwloc: fix CVE-2022-47022
python3-appdirs: print ptest results in unified format
Ross Burton (5):
glade: add autoconf-archive-native DEPENDS
libgxim: add autoconf-archive-native DEPENDS
libblockdev: clean up DEPENDS
imsettings: add missing DEPENDS on autoconf-archive-native
system-config-printer: clean up DEPENDS
Sandeep Gundlupet Raju 837 (1):
opencv: Revert fix runtime dependencies
Sanjay Chitroda (1):
netkit-telnet: Fix CVE-2022-39028
Soumya (1):
yasm: fix CVE-2023-37732
Soumya Sambu (1):
krb5: Fix CVE-2023-36054
Soumya via (1):
opencv: Fix for CVE-2023-2617
Urade, Yogita t.mo (1):
c-ares: fix CVE-2023-32067
Wang Mingyu (3):
python3-django: upgrade 4.1.7 -> 4.2.1
iperf3: upgrade 3.13 -> 3.14
tcpdump: upgrade 4.99.3 -> 4.99.4
Xiangyu Chen (2):
libbpf: installing uapi headers for native package
meta-oe: add pahole to NON_MULTILIB_RECIPES
Yi Zhao (4):
frr: upgrade 8.4.2 -> 8.4.4
mbedtls: upgrade 2.28.2 -> 2.28.3
open-vm-tools: Security fix CVE-2023-20867
frr: Security fix CVE-2023-3748
Yogita Urade (1):
poppler: fix CVE-2023-34872
meta-arm: 8db460fa5d..6e199b354e:
Abdellatif El Khlifi (6):
arm-bsp/documentation: corstone1000: Update change log
arm-bsp/doc: corstone1000: Update the software architecture document
arm-bsp/documentation: corstone1000: update the release note
arm-bsp/documentation: corstone1000: update user guide
kas: set the SHAs for 2023.06 release
arm-bsp/trusted-firmware-a: corstone1000: enable ERRATA_A35_855472
Adam Johnston (2):
CI: Platform specific Trusted Services config
arm-bsp/trusted-firmware-a: Reserve OP-TEE memory from NWd on N1SDP
Anton Antonov (1):
arm/oeqa: Make ts-service-test config match selected SPs
Denys Dmytriyenko (1):
optee-os: do not explicitly set CFG_MAP_EXT_DT_SECURE=y
Emekcan Aras (7):
arm-bsp/u-boot: corstone1000: Fix EFI multiple protocol install failure
arm-bsp/u-boot: corstone1000: Enable EFI set/get time services
arm-bsp/trusted-services: corstone1000: GetNextVariableName Fix
arm-bsp/optee-os:corstone1000: Drop SPMC non secure interrupt patches
arm-bsp/u-boot: corstone1000: Fix u-boot compilation warnings
arm-bsp/trusted-services: corstone1000: Fix PSA_RAW_KEY agreement test
arm-bsp/trusted-services: corstone1000: Fix Capsule Update
Gyorgy Szing (11):
arm/trusted-services: update TS version
optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot
optee-os: Add support for TOS_FW_CONFIG on qemu
arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu
optee-test: backport SWd ABI compatibility changes
optee-os: enable SPMC test
arm/oeqa: enable OP-TEE SPMC tests
trusted-services: update documentation
arm/trusted-services: disable psa-iat on qemuarm64-secureboot
arm/trusted-services: fix nanopb build error
optee-os: unblock NWd interrupts
Jon Mason (3):
CI: remove master refspec for meta-virtualization yml file
arm/linux-yocto: move 6.1 patches to a unique bbappend
README: remove reference to meta-arm-autonomy
Robbie Cao (1):
arm/recipes-kernel: Add preempt-rt support for generic-arm64
Rui Miguel Silva (3):
arm-bsp/trusted-services:corstone1000: remove already merged patches
arm-bsp/trusted-services: remove merged patches for corstone1000
arm-bps/corstone1000: setup trusted service proxy configuration
Tomás González (2):
arm-bsp/documentation: corstone1000: Update the user guide
arm-bsp/documentation: corstone1000: Update the release notes
Change-Id: I19ad289a1580a28192b5c063d06553d4e171687b
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch')
| -rw-r--r-- | poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch | 994 |
1 files changed, 994 insertions, 0 deletions
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch new file mode 100644 index 0000000000..4c8aa085f3 --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch @@ -0,0 +1,994 @@ +From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001 +From: Damien Miller <djm@mindrot.org> +Date: Fri, 24 Mar 2023 13:56:25 +1100 +Subject: [PATCH] remove support for old libcrypto + +OpenSSH now requires LibreSSL 3.1.0 or greater or +OpenSSL 1.1.1 or greater + +with/ok dtucker@ + +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0] +Comment: Hunks are refreshed. +Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com> + +--- + .github/workflows/c-cpp.yml | 7 - + INSTALL | 8 +- + cipher-aes.c | 2 +- + configure.ac | 96 ++--- + openbsd-compat/libressl-api-compat.c | 556 +-------------------------- + openbsd-compat/openssl-compat.h | 151 +------- + 6 files changed, 40 insertions(+), 780 deletions(-) + +diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml +index 3d9aa22dba5..d299a32468d 100644 +--- a/.github/workflows/c-cpp.yml ++++ b/.github/workflows/c-cpp.yml +@@ -47,9 +47,6 @@ jobs: + - { target: ubuntu-20.04, config: tcmalloc } + - { target: ubuntu-20.04, config: musl } + - { target: ubuntu-latest, config: libressl-master } +- - { target: ubuntu-latest, config: libressl-2.2.9 } +- - { target: ubuntu-latest, config: libressl-2.8.3 } +- - { target: ubuntu-latest, config: libressl-3.0.2 } + - { target: ubuntu-latest, config: libressl-3.2.6 } + - { target: ubuntu-latest, config: libressl-3.3.6 } + - { target: ubuntu-latest, config: libressl-3.4.3 } +@@ -58,10 +55,6 @@ jobs: + - { target: ubuntu-latest, config: libressl-3.7.0 } + - { target: ubuntu-latest, config: openssl-master } + - { target: ubuntu-latest, config: openssl-noec } +- - { target: ubuntu-latest, config: openssl-1.0.1 } +- - { target: ubuntu-latest, config: openssl-1.0.1u } +- - { target: ubuntu-latest, config: openssl-1.0.2u } +- - { target: ubuntu-latest, config: openssl-1.1.0h } + - { target: ubuntu-latest, config: openssl-1.1.1 } + - { target: ubuntu-latest, config: openssl-1.1.1k } + - { target: ubuntu-latest, config: openssl-1.1.1n } +diff --git a/INSTALL b/INSTALL +index 68b15e13190..f99d1e2a809 100644 +--- a/INSTALL ++++ b/INSTALL +@@ -21,12 +21,8 @@ https://zlib.net/ + + libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto + is supported but severely restricts the available ciphers and algorithms. +- - LibreSSL (https://www.libressl.org/) +- - OpenSSL (https://www.openssl.org) with any of the following versions: +- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 +- +-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to +-1.1.0g can't be used. ++ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater ++ - OpenSSL (https://www.openssl.org) 1.1.1 or greater + + LibreSSL/OpenSSL should be compiled as a position-independent library + (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC" +diff --git a/cipher-aes.c b/cipher-aes.c +index 8b101727284..87c763353d8 100644 +--- a/cipher-aes.c ++++ b/cipher-aes.c +@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, + + static int + ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, +- LIBCRYPTO_EVP_INL_TYPE len) ++ size_t len) + { + struct ssh_rijndael_ctx *c; + u_char buf[RIJNDAEL_BLOCKSIZE]; +diff --git a/configure.ac b/configure.ac +index 22fee70f604..1c0ccdf19c5 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -2802,42 +2802,40 @@ if test "x$openssl" = "xyes" ; then + #include <openssl/crypto.h> + #define DATA "conftest.ssllibver" + ]], [[ +- FILE *fd; +- int rc; ++ FILE *f; + +- fd = fopen(DATA,"w"); +- if(fd == NULL) ++ if ((f = fopen(DATA, "w")) == NULL) + exit(1); +-#ifndef OPENSSL_VERSION +-# define OPENSSL_VERSION SSLEAY_VERSION +-#endif +-#ifndef HAVE_OPENSSL_VERSION +-# define OpenSSL_version SSLeay_version +-#endif +-#ifndef HAVE_OPENSSL_VERSION_NUM +-# define OpenSSL_version_num SSLeay +-#endif +- if ((rc = fprintf(fd, "%08lx (%s)\n", ++ if (fprintf(f, "%08lx (%s)", + (unsigned long)OpenSSL_version_num(), +- OpenSSL_version(OPENSSL_VERSION))) < 0) ++ OpenSSL_version(OPENSSL_VERSION)) < 0) ++ exit(1); ++#ifdef LIBRESSL_VERSION_NUMBER ++ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) ++ exit(1); ++#endif ++ if (fputc('\n', f) == EOF || fclose(f) == EOF) + exit(1); +- + exit(0); + ]])], + [ +- ssl_library_ver=`cat conftest.ssllibver` ++ sslver=`cat conftest.ssllibver` ++ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` + # Check version is supported. +- case "$ssl_library_ver" in +- 10000*|0*) +- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) +- ;; +- 100*) ;; # 1.0.x +- 101000[[0123456]]*) +- # https://github.com/openssl/openssl/pull/4613 +- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) ++ case "$sslver" in ++ 100*|10100*) # 1.0.x, 1.1.0x ++ AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) + ;; + 101*) ;; # 1.1.x +- 200*) ;; # LibreSSL ++ 200*) # LibreSSL ++ lver=`echo "$sslver" | sed 's/.*libressl-//'` ++ case "$lver" in ++ 2*|300*) # 2.x, 3.0.0 ++ AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) ++ ;; ++ *) ;; # Assume all other versions are good. ++ esac ++ ;; + 300*) + # OpenSSL 3; we use the 1.1x API + CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" +@@ -2847,10 +2845,10 @@ if test "x$openssl" = "xyes" ; then + CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" + ;; + *) +- AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) ++ AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) + ;; + esac +- AC_MSG_RESULT([$ssl_library_ver]) ++ AC_MSG_RESULT([$ssl_showver]) + ], + [ + AC_MSG_RESULT([not found]) +@@ -2863,7 +2861,7 @@ if test "x$openssl" = "xyes" ; then + + case "$host" in + x86_64-*) +- case "$ssl_library_ver" in ++ case "$sslver" in + 3000004*) + AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) + ;; +@@ -2879,9 +2877,6 @@ if test "x$openssl" = "xyes" ; then + #include <openssl/opensslv.h> + #include <openssl/crypto.h> + ]], [[ +-#ifndef HAVE_OPENSSL_VERSION_NUM +-# define OpenSSL_version_num SSLeay +-#endif + exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); + ]])], + [ +@@ -2955,44 +2950,13 @@ if test "x$openssl" = "xyes" ; then + ) + ) + +- # LibreSSL/OpenSSL 1.1x API ++ # LibreSSL/OpenSSL API differences + AC_CHECK_FUNCS([ \ +- OPENSSL_init_crypto \ +- DH_get0_key \ +- DH_get0_pqg \ +- DH_set0_key \ +- DH_set_length \ +- DH_set0_pqg \ +- DSA_get0_key \ +- DSA_get0_pqg \ +- DSA_set0_key \ +- DSA_set0_pqg \ +- DSA_SIG_get0 \ +- DSA_SIG_set0 \ +- ECDSA_SIG_get0 \ +- ECDSA_SIG_set0 \ + EVP_CIPHER_CTX_iv \ + EVP_CIPHER_CTX_iv_noconst \ + EVP_CIPHER_CTX_get_iv \ + EVP_CIPHER_CTX_get_updated_iv \ + EVP_CIPHER_CTX_set_iv \ +- RSA_get0_crt_params \ +- RSA_get0_factors \ +- RSA_get0_key \ +- RSA_set0_crt_params \ +- RSA_set0_factors \ +- RSA_set0_key \ +- RSA_meth_free \ +- RSA_meth_dup \ +- RSA_meth_set1_name \ +- RSA_meth_get_finish \ +- RSA_meth_set_priv_enc \ +- RSA_meth_set_priv_dec \ +- RSA_meth_set_finish \ +- EVP_PKEY_get0_RSA \ +- EVP_MD_CTX_new \ +- EVP_MD_CTX_free \ +- EVP_chacha20 \ + ]) + + if test "x$openssl_engine" = "xyes" ; then +@@ -3050,8 +3014,8 @@ if test "x$openssl" = "xyes" ; then + ] + ) + +- # Check for SHA256, SHA384 and SHA512 support in OpenSSL +- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) ++ # Check for various EVP support in OpenSSL ++ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) + + # Check complete ECC support in OpenSSL + AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) +diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c +index 498180dc894..59be17397c5 100644 +--- a/openbsd-compat/libressl-api-compat.c ++++ b/openbsd-compat/libressl-api-compat.c +@@ -1,129 +1,5 @@ +-/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ +-/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ +-/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ +-/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ +-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +- * All rights reserved. +- * +- * This package is an SSL implementation written +- * by Eric Young (eay@cryptsoft.com). +- * The implementation was written so as to conform with Netscapes SSL. +- * +- * This library is free for commercial and non-commercial use as long as +- * the following conditions are aheared to. The following conditions +- * apply to all code found in this distribution, be it the RC4, RSA, +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation +- * included with this distribution is covered by the same copyright terms +- * except that the holder is Tim Hudson (tjh@cryptsoft.com). +- * +- * Copyright remains Eric Young's, and as such any Copyright notices in +- * the code are not to be removed. +- * If this package is used in a product, Eric Young should be given attribution +- * as the author of the parts of the library used. +- * This can be in the form of a textual message at program startup or +- * in documentation (online or textual) provided with the package. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * 1. Redistributions of source code must retain the copyright +- * notice, this list of conditions and the following disclaimer. +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in the +- * documentation and/or other materials provided with the distribution. +- * 3. All advertising materials mentioning features or use of this software +- * must display the following acknowledgement: +- * "This product includes cryptographic software written by +- * Eric Young (eay@cryptsoft.com)" +- * The word 'cryptographic' can be left out if the rouines from the library +- * being used are not cryptographic related :-). +- * 4. If you include any Windows specific code (or a derivative thereof) from +- * the apps directory (application code) you must include an acknowledgement: +- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" +- * +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +- * SUCH DAMAGE. +- * +- * The licence and distribution terms for any publically available version or +- * derivative of this code cannot be changed. i.e. this code cannot simply be +- * copied and put under another distribution licence +- * [including the GNU Public Licence.] +- */ +- +-/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ +-/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL +- * project 2000. +- */ +-/* ==================================================================== +- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. +- * +- * Redistribution and use in source and binary forms, with or without +- * modification, are permitted provided that the following conditions +- * are met: +- * +- * 1. Redistributions of source code must retain the above copyright +- * notice, this list of conditions and the following disclaimer. +- * +- * 2. Redistributions in binary form must reproduce the above copyright +- * notice, this list of conditions and the following disclaimer in +- * the documentation and/or other materials provided with the +- * distribution. +- * +- * 3. All advertising materials mentioning features or use of this +- * software must display the following acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" +- * +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to +- * endorse or promote products derived from this software without +- * prior written permission. For written permission, please contact +- * licensing@OpenSSL.org. +- * +- * 5. Products derived from this software may not be called "OpenSSL" +- * nor may "OpenSSL" appear in their names without prior written +- * permission of the OpenSSL Project. +- * +- * 6. Redistributions of any form whatsoever must retain the following +- * acknowledgment: +- * "This product includes software developed by the OpenSSL Project +- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" +- * +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +- * OF THE POSSIBILITY OF SUCH DAMAGE. +- * ==================================================================== +- * +- * This product includes cryptographic software written by Eric Young +- * (eay@cryptsoft.com). This product includes software written by Tim +- * Hudson (tjh@cryptsoft.com). +- * +- */ +- +-/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ + /* +- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> ++ * Copyright (c) 2018 Damien Miller <djm@mindrot.org> + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above +@@ -147,192 +23,7 @@ + #include <stdlib.h> + #include <string.h> + +-#include <openssl/err.h> +-#include <openssl/bn.h> +-#include <openssl/dsa.h> +-#include <openssl/rsa.h> + #include <openssl/evp.h> +-#ifdef OPENSSL_HAS_ECC +-#include <openssl/ecdsa.h> +-#endif +-#include <openssl/dh.h> +- +-#ifndef HAVE_DSA_GET0_PQG +-void +-DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +-{ +- if (p != NULL) +- *p = d->p; +- if (q != NULL) +- *q = d->q; +- if (g != NULL) +- *g = d->g; +-} +-#endif /* HAVE_DSA_GET0_PQG */ +- +-#ifndef HAVE_DSA_SET0_PQG +-int +-DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +-{ +- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || +- (d->g == NULL && g == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(d->p); +- d->p = p; +- } +- if (q != NULL) { +- BN_free(d->q); +- d->q = q; +- } +- if (g != NULL) { +- BN_free(d->g); +- d->g = g; +- } +- +- return 1; +-} +-#endif /* HAVE_DSA_SET0_PQG */ +- +-#ifndef HAVE_DSA_GET0_KEY +-void +-DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) +-{ +- if (pub_key != NULL) +- *pub_key = d->pub_key; +- if (priv_key != NULL) +- *priv_key = d->priv_key; +-} +-#endif /* HAVE_DSA_GET0_KEY */ +- +-#ifndef HAVE_DSA_SET0_KEY +-int +-DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +-{ +- if (d->pub_key == NULL && pub_key == NULL) +- return 0; +- +- if (pub_key != NULL) { +- BN_free(d->pub_key); +- d->pub_key = pub_key; +- } +- if (priv_key != NULL) { +- BN_free(d->priv_key); +- d->priv_key = priv_key; +- } +- +- return 1; +-} +-#endif /* HAVE_DSA_SET0_KEY */ +- +-#ifndef HAVE_RSA_GET0_KEY +-void +-RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +-{ +- if (n != NULL) +- *n = r->n; +- if (e != NULL) +- *e = r->e; +- if (d != NULL) +- *d = r->d; +-} +-#endif /* HAVE_RSA_GET0_KEY */ +- +-#ifndef HAVE_RSA_SET0_KEY +-int +-RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +-{ +- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) +- return 0; +- +- if (n != NULL) { +- BN_free(r->n); +- r->n = n; +- } +- if (e != NULL) { +- BN_free(r->e); +- r->e = e; +- } +- if (d != NULL) { +- BN_free(r->d); +- r->d = d; +- } +- +- return 1; +-} +-#endif /* HAVE_RSA_SET0_KEY */ +- +-#ifndef HAVE_RSA_GET0_CRT_PARAMS +-void +-RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, +- const BIGNUM **iqmp) +-{ +- if (dmp1 != NULL) +- *dmp1 = r->dmp1; +- if (dmq1 != NULL) +- *dmq1 = r->dmq1; +- if (iqmp != NULL) +- *iqmp = r->iqmp; +-} +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_SET0_CRT_PARAMS +-int +-RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +-{ +- if ((r->dmp1 == NULL && dmp1 == NULL) || +- (r->dmq1 == NULL && dmq1 == NULL) || +- (r->iqmp == NULL && iqmp == NULL)) +- return 0; +- +- if (dmp1 != NULL) { +- BN_free(r->dmp1); +- r->dmp1 = dmp1; +- } +- if (dmq1 != NULL) { +- BN_free(r->dmq1); +- r->dmq1 = dmq1; +- } +- if (iqmp != NULL) { +- BN_free(r->iqmp); +- r->iqmp = iqmp; +- } +- +- return 1; +-} +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_GET0_FACTORS +-void +-RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +-{ +- if (p != NULL) +- *p = r->p; +- if (q != NULL) +- *q = r->q; +-} +-#endif /* HAVE_RSA_GET0_FACTORS */ +- +-#ifndef HAVE_RSA_SET0_FACTORS +-int +-RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) +-{ +- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(r->p); +- r->p = p; +- } +- if (q != NULL) { +- BN_free(r->q); +- r->q = q; +- } +- +- return 1; +-} +-#endif /* HAVE_RSA_SET0_FACTORS */ + + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV + int +@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) + } + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +-#ifndef HAVE_DSA_SIG_GET0 +-void +-DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +-{ +- if (pr != NULL) +- *pr = sig->r; +- if (ps != NULL) +- *ps = sig->s; +-} +-#endif /* HAVE_DSA_SIG_GET0 */ +- +-#ifndef HAVE_DSA_SIG_SET0 +-int +-DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +-{ +- if (r == NULL || s == NULL) +- return 0; +- +- BN_clear_free(sig->r); +- sig->r = r; +- BN_clear_free(sig->s); +- sig->s = s; +- +- return 1; +-} +-#endif /* HAVE_DSA_SIG_SET0 */ +- +-#ifdef OPENSSL_HAS_ECC +-#ifndef HAVE_ECDSA_SIG_GET0 +-void +-ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +-{ +- if (pr != NULL) +- *pr = sig->r; +- if (ps != NULL) +- *ps = sig->s; +-} +-#endif /* HAVE_ECDSA_SIG_GET0 */ +- +-#ifndef HAVE_ECDSA_SIG_SET0 +-int +-ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) +-{ +- if (r == NULL || s == NULL) +- return 0; +- +- BN_clear_free(sig->r); +- BN_clear_free(sig->s); +- sig->r = r; +- sig->s = s; +- return 1; +-} +-#endif /* HAVE_ECDSA_SIG_SET0 */ +-#endif /* OPENSSL_HAS_ECC */ +- +-#ifndef HAVE_DH_GET0_PQG +-void +-DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +-{ +- if (p != NULL) +- *p = dh->p; +- if (q != NULL) +- *q = dh->q; +- if (g != NULL) +- *g = dh->g; +-} +-#endif /* HAVE_DH_GET0_PQG */ +- +-#ifndef HAVE_DH_SET0_PQG +-int +-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +-{ +- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) +- return 0; +- +- if (p != NULL) { +- BN_free(dh->p); +- dh->p = p; +- } +- if (q != NULL) { +- BN_free(dh->q); +- dh->q = q; +- } +- if (g != NULL) { +- BN_free(dh->g); +- dh->g = g; +- } +- +- return 1; +-} +-#endif /* HAVE_DH_SET0_PQG */ +- +-#ifndef HAVE_DH_GET0_KEY +-void +-DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +-{ +- if (pub_key != NULL) +- *pub_key = dh->pub_key; +- if (priv_key != NULL) +- *priv_key = dh->priv_key; +-} +-#endif /* HAVE_DH_GET0_KEY */ +- +-#ifndef HAVE_DH_SET0_KEY +-int +-DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +-{ +- if (pub_key != NULL) { +- BN_free(dh->pub_key); +- dh->pub_key = pub_key; +- } +- if (priv_key != NULL) { +- BN_free(dh->priv_key); +- dh->priv_key = priv_key; +- } +- +- return 1; +-} +-#endif /* HAVE_DH_SET0_KEY */ +- +-#ifndef HAVE_DH_SET_LENGTH +-int +-DH_set_length(DH *dh, long length) +-{ +- if (length < 0 || length > INT_MAX) +- return 0; +- +- dh->length = length; +- return 1; +-} +-#endif /* HAVE_DH_SET_LENGTH */ +- +-#ifndef HAVE_RSA_METH_FREE +-void +-RSA_meth_free(RSA_METHOD *meth) +-{ +- if (meth != NULL) { +- free((char *)meth->name); +- free(meth); +- } +-} +-#endif /* HAVE_RSA_METH_FREE */ +- +-#ifndef HAVE_RSA_METH_DUP +-RSA_METHOD * +-RSA_meth_dup(const RSA_METHOD *meth) +-{ +- RSA_METHOD *copy; +- +- if ((copy = calloc(1, sizeof(*copy))) == NULL) +- return NULL; +- memcpy(copy, meth, sizeof(*copy)); +- if ((copy->name = strdup(meth->name)) == NULL) { +- free(copy); +- return NULL; +- } +- +- return copy; +-} +-#endif /* HAVE_RSA_METH_DUP */ +- +-#ifndef HAVE_RSA_METH_SET1_NAME +-int +-RSA_meth_set1_name(RSA_METHOD *meth, const char *name) +-{ +- char *copy; +- +- if ((copy = strdup(name)) == NULL) +- return 0; +- free((char *)meth->name); +- meth->name = copy; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET1_NAME */ +- +-#ifndef HAVE_RSA_METH_GET_FINISH +-int +-(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) +-{ +- return meth->finish; +-} +-#endif /* HAVE_RSA_METH_GET_FINISH */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC +-int +-RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +-{ +- meth->rsa_priv_enc = priv_enc; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC +-int +-RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +-{ +- meth->rsa_priv_dec = priv_dec; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ +- +-#ifndef HAVE_RSA_METH_SET_FINISH +-int +-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) +-{ +- meth->finish = finish; +- return 1; +-} +-#endif /* HAVE_RSA_METH_SET_FINISH */ +- +-#ifndef HAVE_EVP_PKEY_GET0_RSA +-RSA * +-EVP_PKEY_get0_RSA(EVP_PKEY *pkey) +-{ +- if (pkey->type != EVP_PKEY_RSA) { +- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ +- return NULL; +- } +- return pkey->pkey.rsa; +-} +-#endif /* HAVE_EVP_PKEY_GET0_RSA */ +- +-#ifndef HAVE_EVP_MD_CTX_NEW +-EVP_MD_CTX * +-EVP_MD_CTX_new(void) +-{ +- return calloc(1, sizeof(EVP_MD_CTX)); +-} +-#endif /* HAVE_EVP_MD_CTX_NEW */ +- +-#ifndef HAVE_EVP_MD_CTX_FREE +-void +-EVP_MD_CTX_free(EVP_MD_CTX *ctx) +-{ +- if (ctx == NULL) +- return; +- +- EVP_MD_CTX_cleanup(ctx); +- +- free(ctx); +-} +-#endif /* HAVE_EVP_MD_CTX_FREE */ +- + #endif /* WITH_OPENSSL */ +diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h +index 61a69dd56eb..d0dd2c3450d 100644 +--- a/openbsd-compat/openssl-compat.h ++++ b/openbsd-compat/openssl-compat.h +@@ -33,26 +33,13 @@ + int ssh_compatible_openssl(long, long); + void ssh_libcrypto_init(void); + +-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL) +-# error OpenSSL 1.0.1 or greater is required ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++# error OpenSSL 1.1.0 or greater is required + #endif +- +-#ifndef OPENSSL_VERSION +-# define OPENSSL_VERSION SSLEAY_VERSION +-#endif +- +-#ifndef HAVE_OPENSSL_VERSION +-# define OpenSSL_version(x) SSLeay_version(x) +-#endif +- +-#ifndef HAVE_OPENSSL_VERSION_NUM +-# define OpenSSL_version_num SSLeay +-#endif +- +-#if OPENSSL_VERSION_NUMBER < 0x10000001L +-# define LIBCRYPTO_EVP_INL_TYPE unsigned int +-#else +-# define LIBCRYPTO_EVP_INL_TYPE size_t ++#ifdef LIBRESSL_VERSION_NUMBER ++# if LIBRESSL_VERSION_NUMBER < 0x3010000fL ++# error LibreSSL 3.1.0 or greater is required ++# endif + #endif + + #ifndef OPENSSL_RSA_MAX_MODULUS_BITS +@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void); + # endif + #endif + +-/* LibreSSL/OpenSSL 1.1x API compat */ +-#ifndef HAVE_DSA_GET0_PQG +-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, +- const BIGNUM **g); +-#endif /* HAVE_DSA_GET0_PQG */ +- +-#ifndef HAVE_DSA_SET0_PQG +-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +-#endif /* HAVE_DSA_SET0_PQG */ +- +-#ifndef HAVE_DSA_GET0_KEY +-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, +- const BIGNUM **priv_key); +-#endif /* HAVE_DSA_GET0_KEY */ +- +-#ifndef HAVE_DSA_SET0_KEY +-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +-#endif /* HAVE_DSA_SET0_KEY */ +- + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV + # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV + # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv +@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, + const unsigned char *iv, size_t len); + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +-#ifndef HAVE_RSA_GET0_KEY +-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, +- const BIGNUM **d); +-#endif /* HAVE_RSA_GET0_KEY */ +- +-#ifndef HAVE_RSA_SET0_KEY +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +-#endif /* HAVE_RSA_SET0_KEY */ +- +-#ifndef HAVE_RSA_GET0_CRT_PARAMS +-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, +- const BIGNUM **iqmp); +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_SET0_CRT_PARAMS +-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */ +- +-#ifndef HAVE_RSA_GET0_FACTORS +-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +-#endif /* HAVE_RSA_GET0_FACTORS */ +- +-#ifndef HAVE_RSA_SET0_FACTORS +-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +-#endif /* HAVE_RSA_SET0_FACTORS */ +- +-#ifndef DSA_SIG_GET0 +-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +-#endif /* DSA_SIG_GET0 */ +- +-#ifndef DSA_SIG_SET0 +-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +-#endif /* DSA_SIG_SET0 */ +- +-#ifdef OPENSSL_HAS_ECC +-#ifndef HAVE_ECDSA_SIG_GET0 +-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +-#endif /* HAVE_ECDSA_SIG_GET0 */ +- +-#ifndef HAVE_ECDSA_SIG_SET0 +-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +-#endif /* HAVE_ECDSA_SIG_SET0 */ +-#endif /* OPENSSL_HAS_ECC */ +- +-#ifndef HAVE_DH_GET0_PQG +-void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, +- const BIGNUM **g); +-#endif /* HAVE_DH_GET0_PQG */ +- +-#ifndef HAVE_DH_SET0_PQG +-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +-#endif /* HAVE_DH_SET0_PQG */ +- +-#ifndef HAVE_DH_GET0_KEY +-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); +-#endif /* HAVE_DH_GET0_KEY */ +- +-#ifndef HAVE_DH_SET0_KEY +-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +-#endif /* HAVE_DH_SET0_KEY */ +- +-#ifndef HAVE_DH_SET_LENGTH +-int DH_set_length(DH *dh, long length); +-#endif /* HAVE_DH_SET_LENGTH */ +- +-#ifndef HAVE_RSA_METH_FREE +-void RSA_meth_free(RSA_METHOD *meth); +-#endif /* HAVE_RSA_METH_FREE */ +- +-#ifndef HAVE_RSA_METH_DUP +-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +-#endif /* HAVE_RSA_METH_DUP */ +- +-#ifndef HAVE_RSA_METH_SET1_NAME +-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +-#endif /* HAVE_RSA_METH_SET1_NAME */ +- +-#ifndef HAVE_RSA_METH_GET_FINISH +-int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +-#endif /* HAVE_RSA_METH_GET_FINISH */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC +-int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ +- +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC +-int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ +- +-#ifndef HAVE_RSA_METH_SET_FINISH +-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); +-#endif /* HAVE_RSA_METH_SET_FINISH */ +- +-#ifndef HAVE_EVP_PKEY_GET0_RSA +-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +-#endif /* HAVE_EVP_PKEY_GET0_RSA */ +- +-#ifndef HAVE_EVP_MD_CTX_new +-EVP_MD_CTX *EVP_MD_CTX_new(void); +-#endif /* HAVE_EVP_MD_CTX_new */ +- +-#ifndef HAVE_EVP_MD_CTX_free +-void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +-#endif /* HAVE_EVP_MD_CTX_free */ +- + #endif /* WITH_OPENSSL */ + #endif /* _OPENSSL_COMPAT_H */ |