diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2023-09-11 15:41:39 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2023-09-18 14:19:32 +0300 |
commit | 5082cc7fedfff6c28a1406c79606b09012b134bc (patch) | |
tree | bc994073c7289536f801a16ca7e20d21c05ad7b6 /poky/meta/recipes-connectivity/openssh | |
parent | 2edf0648b7c401072e7183c7f9e0e7c437e5f3f0 (diff) | |
download | openbmc-5082cc7fedfff6c28a1406c79606b09012b134bc.tar.xz |
subtree updates openembedded poky
meta-openembedded: 491b7592f4..eff1b182c1:
Alejandro Hernandez Samaniego (1):
emacs: update to 29.1
Archana Polampalli (2):
python3-pyroute2: fix ptest failure
nodejs: upgrade 18.17.0 -> 18.17.1
Bartosz Golaszewski (1):
libgpiod: update to v2.0.2
Beniamin Sandu (3):
unbound: upgrade 1.17.1 -> 1.18.0
mbedtls: upgrade 3.4.0 -> 3.4.1
mbedtls: upgrade 2.28.3 -> 2.28.4
Benjamin Bara (3):
libvpx: fix VPXTARGET for non-neon armv7a
ne10: set incompatible for armv7 without neon
openh264: make neon optional and disable if not supported
Chaitanya Vadrevu (1):
bolt: Add recipe
Chen Qi (2):
spice-protocol: fix populate_sdk error when spice is installed
python3-blivetgui: switch from master to main
Christophe Vu-Brugier (1):
sg3-utils: upgrade 1.47 -> 1.48
Danik (2):
python3-gspread: interface for google spreadsheet
python3-piccata: piccata - a simple CoAP toolkit added
Denys Zagorui (1):
bpftool: add native and nativesdk support
Emil Kronborg Andersen (3):
lcms: add CVE_PRODUCT
snappy: add CVE_PRODUCT
libopus: add CVE_PRODUCT
Enrico Jorns (1):
microcom: add new recipe
Ewa Kujawska (1):
python3-oauth2client_4.1.2.bb: recipe added
Frieder Schrempf (1):
python3-can: Add missing runtime dependencies
Gianfranco Costamagna (1):
dlt-daemon: upgrade 2.18.9 -> 2.18.10 (commit: 0f2d4cfffada6f8448a2cb27995b38eb4271044f)
Joe Slater (1):
python3-inotify: fix tests
Justin Bronder (5):
python3-mypy-extensions: upgrade 0.4.3 -> 1.0.0
python3-types-setuptools: add 68.0.0.3
python3-typed-ast: remove EOL package
python3-types-psutil: add 5.9.5.16
python3-mypy: upgrade 0.971 -> 1.5.0
Kai Kang (1):
libmcrypt: fix multilib conflict
Khem Raj (31):
qad: Fix build with clang
python3-dominate: Fix get_thread_context ptest on musl
perfetto: Add SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
libsdl2-ttf: Define SRCREV_FORMAT
gosu: Define SRCREV_FORMAT
sysdig: Add SRCREV_FORMAT
cockpit: Upgrade to 298 release
librelp: Fix function prototypes in tests
jemalloc: Unbolt clang workaroud
python3-protobuf: Fix build errors seen with clang
mariadb: Fix build with libfmt 10.1+
librelp: Add packageconfigs for TLS implementations
librelp: Fix ptests builds on musl
librelp: Fix ptest installs to work with dash
librelp: Add to meta-oe ptest image
liburing: Upgrade to 2.4 release
rsyslog: Enable openssl transport by default
libio-socket-ssl-perl: Upgrade to 2.083
libfaketime: Fix build with clang
libfaketime: Eanable LFS64 on musl
python3-lz4: Drop using PYTHON_PN
python3-lz4: Add missing rdeps needed for ptests
rsyslog: Skip failing omfile-outchannel test on musl
python3-m2crypto: Append architecture to SWIG_FEATURES instead of overriding
networkmanager: Fix build on musl
network-manager-applet: Fix build with musl/lld linker
networkmanager-openvpn: Fix build with lld on musl
openconnect: Upgrade to 9.12
openconnect: Fix build with GnuTLS v3.8.1
fontforge: Fix build with gettext 0.22
Kirk Hays (1):
jack: Drop dependency on readline
Leon Anavi (2):
aml: add new recipe
neatvnc: add new recipe
Marek Vasut (2):
libiio: Use tagged v0.25
libiio: Rename to versioned recipe filename
Marine Vovard (1):
python3-kivy: Require X11 or Wayland in DISTRO_FEATURES
Mark Hatle (1):
kconfig-frontends: Avoid using hard coded /usr/include paths
Markus Volk (28):
gvfs: update 1.51.1 -> 1.51.90
gnome-themes-extra: fix datadir path
libnice: add graphviz-native dependency
libcanberra: fix api-documentation build
libgweather4: fix api-documentation build
appstream: disable docs
gtksourceview5: fix api-documentation build
libpeas: fix api-documentation build
nautilus: fix api-documentation build
evince: fix api-documentation build
usbids: add recipe
libcacard: add recipe
usbredir: upgrade 0.9.0 -> 0.13.0
spice: upgrade 0.14.2 -> 0.15.2
gnome-remote-desktop: add recipe
libosinfo: add recipe
gnome-boxes: add recipe
pipewire: upgrade 0.3.77 -> 0.3.78
spice-gtk: fix api-documentation build
flatpak: fix api-documentation build
phodav: add recipe
libdecor: update to latest commit
spice-guest-vdagent: add recipe
pipewire: upgrade 0.3.78 -> 0.3.79
spice: add missing dependency on orc
spice-guest-vdagent: add missing dependencies
libosinfo: build vapi only if gobject-introspection is enabled
gnome-boxes: remove dependency on ovmf
Martin Jansa (12):
openh264: fix installed-vs-shared QA issue with multilib
libfaketime: simplify packaging
json-schema-validator: restore 0004-cmake-Use-GNUInstallDirs.patch
phodav: make sure systemd files are packaged correctly
sysbench: avoid -L/usr/lib32 and configure-unsafe QA issue
mongodb: enable hardware crc32 only with crc in TUNE_FEATURES
khronos-cts.inc: respect MLPREFIX when appending DEPENDS with anonymous python
libcyusbserial: fix installed-vs-shipped QA issue with multilib
tcpreplay: fix pcap detection with /usr/lib32 multilib
libiio: use main branch instead of master
webkitgtk: explicitly disable JIT for armv7* with softfp
layer.conf: update LAYERSERIES_COMPAT for nanbield
Ming Liu (1):
libusbgx: usbgx.service: use Type=oneshot
Mingli Yu (4):
mariadb: Upgrade to 10.11.5
dialog: Update the SRC_URI
gnulib: Update SRC_URI
thrift: Remove buildpaths
Nicolas Marguet (1):
librelp: add ptest
Parian Golchin (1):
json-schema-validator: Updrade to 2.2.0
Pawel Langowski (1):
qcbor: add recipe
Petr Chernikov (1):
Fix empty 0.0.0-0-g0 jemalloc version by adding --with-version
Petr Gotthard (1):
python3-sdbus: add recipe
Robert Yang (1):
frr: Fix CVE-2023-41358 and CVE-2023-41360
Roger Knecht (1):
python3-schedule: add recipe
Roland Hieber (1):
fbida: update Upstream-Status for submitted patches
Ross Burton (1):
Revert "protobuf: stage protoc binary to sysroot"
Soumya (1):
yasm: fix CVE-2023-37732
Soumya Sambu (1):
krb5: Upgrade 1.20.1 -> 1.20.2
Sourav Kumar Pramanik (1):
meta-oe-components: Avoid usage of nobranch=1
Sourav Pramanik (2):
rapidjson: Avoid usage of nobranch=1
nlohmann-json: Avoid usage of nobranch=1
Stanislav Angelovic (1):
feat: bump sdbus-c++ up to v1.3.0
Sudip Mukherjee (1):
qad: Add initial recipe
Trevor Gamblin (1):
python3-kivy: fix filename
Tymoteusz Burak (2):
ttf-google-fira: add recipe
libfaketime: add recipe
Vincent Davis Jr (1):
cglm: upgrade v0.8.9 -> v0.9.1
Wang Mingyu (108):
libcloudproviders: upgrade 0.3.1 -> 0.3.2
chrony: upgrade 4.3 -> 4.4
networkmanager: upgrade 1.42.8 -> 1.44.0
weechat: upgrade 4.0.2 -> 4.0.3
ctags: upgrade 6.0.20230730.0 -> 6.0.20230813.0
fmt: upgrade 10.0.0 -> 10.1.0
gensio: upgrade 2.6.7 -> 2.7.2
googletest: upgrade 1.13.0 -> 1.14.0
lvgl: upgrade 8.3.8 -> 8.3.9
postgresql: upgrade 15.3 -> 15.4
smartmontools: upgrade 7.3 -> 7.4
xdg-dbus-proxy: upgrade 0.1.4 -> 0.1.5
yaml-cpp: upgrade 0.7.0 -> 0.8.0
libtest-harness-perl: upgrade 3.44 -> 3.47
python3-alembic: upgrade 1.11.1 -> 1.11.2
python3-async-timeout: upgrade 4.0.2 -> 4.0.3
python3-bitarray: upgrade 2.8.0 -> 2.8.1
python3-cmake: upgrade 3.27.0 -> 3.27.2
python3-coverage: upgrade 7.2.7 -> 7.3.0
python3-dnspython: upgrade 2.4.1 -> 2.4.2
python3-google-api-python-client: upgrade 2.95.0 -> 2.96.0
python3-googleapis-common-protos: upgrade 1.59.1 -> 1.60.0
python3-joblib: upgrade 1.3.1 -> 1.3.2
python3-luma-oled: upgrade 3.12.0 -> 3.13.0
python3-platformdirs: upgrade 3.9.1 -> 3.10.0
python3-pycodestyle: upgrade 2.10.0 -> 2.11.0
python3-pyflakes: upgrade 3.0.1 -> 3.1.0
python3-pymisp: upgrade 2.4.173 -> 2.4.174
python3-rdflib: upgrade 6.3.2 -> 7.0.0
python3-regex: upgrade 2023.6.3 -> 2023.8.8
python3-rich: upgrade 13.4.2 -> 13.5.2
python3-sh: upgrade 2.0.4 -> 2.0.6
python3-tox: upgrade 4.6.4 -> 4.8.0
python3-tqdm: upgrade 4.65.0 -> 4.66.1
python3-uefi-firmware: upgrade 1.10 -> 1.11
python3-virtualenv: upgrade 20.24.2 -> 20.24.3
python3-web3: upgrade 6.7.0 -> 6.8.0
python3-yamlloader: upgrade 1.2.2 -> 1.3.2
python3-zeroconf: upgrade 0.71.4 -> 0.76.0
python3-protobuf: upgrade 4.23.4 -> 4.24.0
ctags: upgrade 6.0.20230813.0 -> 6.0.20230820.0
debootstrap: upgrade 1.0.128 -> 1.0.131
gensio: upgrade 2.7.2 -> 2.7.4
gnome-bluetooth: upgrade 42.5 -> 42.6
nginx: upgrade 1.25.1 -> 1.25.2
geary: update 44.0 -> 44.1
php: upgrade 8.2.8 -> 8.2.9
python3-redis: upgrade 4.6.0 -> 5.0.0
python3-alembic: upgrade 1.11.2 -> 1.11.3
python3-awesomeversion: upgrade 23.5.0 -> 23.8.0
python3-bitstring: upgrade 4.0.2 -> 4.1.0
python3-click: upgrade 8.1.6 -> 8.1.7
python3-engineio: upgrade 4.5.1 -> 4.6.0
python3-google-api-python-client: upgrade 2.96.0 -> 2.97.0
python3-humanize: upgrade 4.7.0 -> 4.8.0
python3-mypy: upgrade 1.5.0 -> 1.5.1
python3-oauth2client: upgrade 4.1.2 -> 4.1.3
python3-protobuf: upgrade 4.24.0 -> 4.24.1
python3-pycocotools: upgrade 2.0.6 -> 2.0.7
python3-pymetno: upgrade 0.10.0 -> 0.11.0
python3-pymongo: upgrade 4.4.1 -> 4.5.0
python3-pywbem: upgrade 1.6.1 -> 1.6.2
python3-sqlalchemy: upgrade 2.0.19 -> 2.0.20
python3-tox: upgrade 4.8.0 -> 4.10.0
python3-typeguard: upgrade 4.1.0 -> 4.1.2
python3-types-setuptools: upgrade 68.0.0.3 -> 68.1.0.0
python3-zeroconf: upgrade 0.76.0 -> 0.82.1
redis: upgrade 7.0.12 -> 7.2.0
weechat: upgrade 4.0.3 -> 4.0.4
traceroute: upgrade 2.1.2 -> 2.1.3
wireshark: upgrade 4.0.7 -> 4.0.8
adw-gtk3: upgrade 4.8 -> 4.9
ctags: upgrade 6.0.20230820.0 -> 6.0.20230827.0
debootstrap: upgrade 1.0.131 -> 1.0.132
dialog: upgrade 1.3-20210509 -> 1.3-20230209
fmt: upgrade 10.1.0 -> 10.1.1
gensio: upgrade 2.7.4 -> 2.7.5
iwd: upgrade 2.7 -> 2.8
libgphoto2: upgrade 2.5.30 -> 2.5.31
libzip: upgrade 1.10.0 -> 1.10.1
logwatch: upgrade 7.8 -> 7.9
thrift: upgrade 0.18.1 -> 0.19.0
libnet-dns-perl: upgrade 1.39 -> 1.40
python3-alembic: upgrade 1.11.3 -> 1.12.0
python3-argh: upgrade 0.28.1 -> 0.29.3
python3-asttokens: upgrade 2.2.1 -> 2.4.0
python3-bitstring: upgrade 4.1.0 -> 4.1.1
python3-cmake: upgrade 3.27.2 -> 3.27.4.1
python3-diskcache: upgrade 5.6.1 -> 5.6.3
python3-engineio: upgrade 4.6.0 -> 4.7.0
python3-imageio: upgrade 2.31.1 -> 2.31.3
python3-ipython: upgrade 8.14.0 -> 8.15.0
python3-kiwisolver: upgrade 1.4.4 -> 1.4.5
python3-langtable: upgrade 0.0.62 -> 0.0.63
python3-luma-core: upgrade 2.4.0 -> 2.4.1
python3-protobuf: upgrade 4.24.1 -> 4.24.2
python3-pymisp: upgrade 2.4.174 -> 2.4.175
python3-pymodbus: upgrade 3.4.1 -> 3.5.0
python3-smbus2: upgrade 0.4.2 -> 0.4.3
python3-snagboot: upgrade 1.1 -> 1.2
python3-socketio: upgrade 5.8.0 -> 5.9.0
python3-soupsieve: upgrade 2.4.1 -> 2.5
python3-tox: upgrade 4.10.0 -> 4.11.1
python3-typeguard: upgrade 4.1.2 -> 4.1.3
python3-types-setuptools: upgrade 68.1.0.0 -> 68.1.0.1
python3-virtualenv: upgrade 20.24.3 -> 20.24.4
python3-web3: upgrade 6.8.0 -> 6.9.0
python3-zeroconf: upgrade 0.82.1 -> 0.97.0
Willy Tu (1):
abseil-cpp: upgrade 20230125.3 -> 20230802.0
Yi Zhao (7):
nftables: upgrade 1.0.7 -> 1.0.8
libssh: upgrade 0.10.4 -> 0.10.5
samba: upgrade 4.18.5 -> 4.18.6
libyang: upgrade 2.1.55 -> 2.1.111
frr: Security fix CVE-2023-3748
vsomeip: add recipe
ntp: add missing runtime dependencies
Yogita Urade (2):
poppler: fix CVE-2023-34872
hwloc: fix CVE-2022-47022
Βούλγαρη Αικατερίνη (1):
collectd: build with rrdcached plugin
poky: 71282bbc53..61531cd395:
Adrian Freihofer (2):
cmake.bbclass: cleanup spaces and tabs
cmake.bbclass: refactor cmake args
Alberto Planas (1):
bitbake.conf: add bunzip2 in HOSTTOOLS
Alexander Kanavin (18):
lib/oe/recipeutils.py: accommodate SRCPV being optional and deprecated in version check regex
python3-sphinx: correct version check
systemd-bootchart: musl fixes have been rejected upstream
openssl: build and install manpages only if they are enabled
gettext: upgrade 0.21.1 -> 0.22
connman: update 1.41 -> 1.42
libcgroup: update 3.0.0 -> 3.1.0
perlcross: update 1.4.1 -> 1.5
perl: update 5.36.1 -> 5.38.0
groff: update 1.22.4 -> 1.23.0
libglu: update 9.0.2 -> 9.0.3
libpthread-stubs: update 0.4 -> 0.5
gpgme: upgrade 1.20.0 -> 1.22.0
libgudev: upgrade 237 -> 238
gnupg: upgrade 2.4.2 -> 2.4.3
gnutls: update 3.8.0 -> 3.8.1
runqemu: check permissions of available render nodes as well as their presence
build-sysroots: target or native sysroot population need to be selected explicitly
Alexis Lothoré (7):
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest: introduce gitarchive tests
oeqa/utils/gitarchive: fix tag computation when creating archive
oeqa/selftest/gitarchive: add tests about tags lisiting when no remote is configured
oeqa/utils/gitarchive: allow to pass a logger to get_tags
oeqa/utils/gitarchive: fall back to local tags when listing existing tags
oeqa/utils/gitarchive: replace warning with info when reading local tags
Angelo Ribeiro (1):
ccache.bbclass: Add allowed list for native recipes
Anuj Mittal (3):
gstreamer1.0: upgrade 1.22.4 -> 1.22.5
harfbuzz: upgrade 8.0.1 -> 8.1.1
stress-ng: upgrade 0.15.08 -> 0.16.04
Archana Polampalli (1):
vim: upgrade 9.0.1592 -> 9.0.1664
Benjamin Bara (6):
rust-target-config: fix target_features for vfpv3d16
README: fix mail address in git example command
pixman: avoid neon on unsupported machines
nettle: avoid neon on unsupported machines
ffmpeg: avoid neon on unsupported machines
ghostscript: avoid neon on unsupported machines
Bruce Ashfield (19):
conf/machine: set preferred kernel to be 6.4
poky/poky-tiny: set preferred linux-yocto version to 6.4
linux-yocto/6.1: update to v6.1.44
linux-yocto/6.4: update to v6.4.10
linux-yocto/6.1: update to v6.1.45
kern-tools: include utility to post process config diffs
linux-yocto/6.1: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: fix uninitialized read in nohz_full/isolcpus setup
linux-yocto/6.4: update to v6.4.11
linux-yocto/6.1: update to v6.1.46
linux-yocto/6.1: fix IRQ-80 warnings
linux-yocto/6.4: fix IRQ-80 warnings
linux-yocto/6.4: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.1: fix CONFIG_F2FS_IO_TRACE configuration warning
linux-yocto/6.4: update to v6.4.12
linux-yocto/6.1: update to v6.1.50
linux-yocto/6.4: update to v6.4.13
linux-yocto/6.4: update to v6.4.14
linux-yocto/6.1: update to v6.1.51
Changqing Li (1):
sqlite3: set CVE_STATUS for CVE-2023-36191
Chen Qi (6):
bitbake: runqueue.py: fix PSI check logic
cmake: drop OE specific environment variable support
cmake.bbclass: fix allarch override syntax
uninative.bbclass: sync to use UNINATIVE_STAGING_DIR
stress-ng: disable DEBUG_BUILD
oe-depends-dot: improve '-w' behavior
Daniel Semkowicz (1):
dev-manual: wic.rst: Update native tools build command
David Reyna (3):
bitbake: toaster: Update to Django 4.2
bitbake: toaster: import only used layers
bitbake: toaster: accommodate missing 'Image Name' value in buildinfohelper
Dmitry Baryshkov (4):
mdadm: disable strace on rv32 arch
linux-firmware: upgrade 20230625 -> 20230804
linux-firmware: package audio topology for Lenovo X13s
linux-firmware: package Dragonboard 845c sensors DSP firmware
Eilís 'pidge' Ní Fhlannagáin (1):
nativesdk-intercept: Fix bad intercept chgrp/chown logic
Emil Ekmečić (2):
bitbake: fetch2: add Google Cloud Platform (GCP) fetcher
Add GCP fetcher to list of supported protocols
Emil Kronborg Andersen (2):
dbus: add additional entries to CVE_PRODUCT
libxkbcommon: add CVE_PRODUCT
Etienne Cordonnier (2):
vim: update obsolete comment
migration-guides: system-conf -> systemd-conf
Frederic Martinsons (5):
rust: add cargo-c native recipe
classes-recipe: add cargo_c.bbclass
rust: provide examples for C library generation in rust
oeqa/runtime/rust: correct rust test
ref-manual: classes.rst: suppress rust-hello-world reference, add ptest-cargo class
Jaeyoon Jung (1):
cml1: Fix KCONFIG_CONFIG_COMMAND not conveyed fully in do_menuconfig
Jasper Orschulko (1):
cve_check: Fix cpe_id generation
Joe Slater (1):
file: fix call to localtime_r()
Jon Mason (1):
linux-yocto-dev: correct qemuarmv5 device tree location
Jose Quaresma (3):
systemd: fix efi dependency
systemd-boot: remove old gummiboot TUNE_CCARGS
pybootchartgui: also match do_compile and do_configure subtasks
Joshua Watt (9):
bitbake: bblayers/query: Add multiconfig support to `show-appends`
bitbake: cooker: Fix error message
bitbake: lib/bb: Add xattr and acl libraries
buildtools-tarball: Add libacl
classes/image_types: Add vfat image type
bitbake: fetch2: git: Check if clone directory is a git repo
wic: Add gpt-hybrid partition layout
bitbake: fetch2: git: Remove useless try..else clause
Add libacl to required packages
Julien Stephan (4):
less: upgrade 633 -> 643
less: add ptest support
patch.py: use --absolute-git-dir instead of --show-toplevel to retrieve gitdir
vulkan-samples: convert debugfix.patch to git format patch
Kai Kang (1):
webkitgtk: fix build failure with DEBUG_BUILD enabled
Khem Raj (22):
gnu-efi: Fix build on musl
systemd-boot: Fix build on musl
glibc: Upgrade to 2.38 release
glibc: Enable fortify sources by defaults
glibc: Drop --enable-tunables
glibc: Fix SVE detection on aarch64
glibc-tests: Add missing libgcc runtime dependency
kernel.bbclass: Use KERNEL_STRIP instead of STRIP
build-sysroots: Add SUMMARY field
tunes: Add support for sve instructions on armv8/armv9
arch-armv8,arch-armv9: Add sve based tune options
python3: Increase default thread stack size on musl
inetutils: Fix CVE-2023-40303
inetutils: Apply devtool formatting suggestions
qemu: Fix CVE-2023-40360
core-image-ptest: Define a fallback for SUMMARY field
dos2unix: upgrade 7.5.0 -> 7.5.1
python3: Fix ptests on musl
tcl: Add a way to skip ptests
rust-target-config: Map rust target to OE target
libc-test: Depend on musl-staticdev
apr: Fix ptests on musl
Lee Chee Yang (2):
migration-guides: add release notes for 4.2.3
migration-guides: add release notes for 4.0.12
Lei Maohui (1):
glibc-package: Fix conflict error when enable multilib.
Luan Rafael Carneiro (2):
weston: Upgrade version 12.0.1 -> 12.0.2
weston: Add sysconfdir to FILES:${PN}
Luca Ceresoli (1):
Revert "oeqa/runtime/parselogs: Exclude preempt-rt error for now"
Markus Niebel (2):
wic: fix wrong attempt to create file system in upartitioned regions
oeqa: wic: Add test for --no-table option
Markus Volk (8):
gtk4: upgrade 4.10.4 -> 4.10.5
libadwaita: upgrade 1.3.3 -> 1.3.4
gtk4: upgrade 4.10.5 -> 4.12.0
qemu: fix libudev packageconfig for systemd images
qemu: build pulseaudio support depending on distro_feature
qemu: add packageconfigs for fuse and dbus-display
gtk4: upgrade 4.12.0 -> 4.12.1
mesa: add intel raytracing support to opencl build
Martin Jansa (6):
tcl: prevent installing another copy of tzdata
cross-localedef-native: fix build on hosts with older glibc
bitbake: runqueue: show more pressure data
Makefile: remove from top-level directory
bitbake: runqueue: show number of currently running bitbake threads when pressure changes
webkitgtk: explicitly disable JIT for armv7* with softfp
Michael Halstead (2):
yocto-uninative: Update to 4.2 for glibc 2.38
yocto-uninative: Update to 4.3
Michael Opdenacker (26):
scripts/create-pull-request: update URLs to git repositories
manuals: create a dedicated "Contributor Guide" document
ref-manual: classes.rst: fix location of _ref-classes-ccache
ref-manual: update supported distro versions
contributor-guide: add missing links to mailing lists
contributor-guide: add section about why we use mailing lists
contributor-guide: add recipe style guide
ref-manual: remove AUTHOR variable
contributor guide: call section "Reporting a defect"
contributor-guide: remove obsolete pkg-config guidelines
contributor guide: remove unnecessary information about mailing lists
contributor-guide: clarification about patchtest
contributor guide: update instructions for making and sharing changes
dev-manual: disk-space: mention faster "find" command to trim sstate cache
contributor-guide: move to 2nd place in top menu
contributor-guide: submit-changes: simplify note
contributor-guide: identify component: provide link to repositories
contributor-guide: submit-changes: detail commit and patch creation
contributor-guide: submit-changes: develop sending patches section
manuals: README: update list of manuals
contributor-guide: submit-changes: reorganize and develop sections
contributor-guide: submit-changes: improvements to mailing lists section
contributor-guide: submit-changes: commit guidelines for recipes
contributor-guide: submit-changes: how to request push access to repositories
README: update/fix contribution guidelines
bitbake: doc: bitbake-user-manual: remove reference to SSTATE_MIRRORS variable
Mikko Rapeli (4):
openssh: capture ptest regression test failure logs
oeqa selftest context.py: whitespace fix
oeqa selftest context.py: remove warning from missing meta-selftest
oeqa selftest context.py: fix git commands and set branch name
Mingli Yu (2):
qemu: Add qemu-common package
webkitgtk: Add opengl to REQUIRED_DISTRO_FEATURES
Narpat Mali (1):
ffmpeg: add CVE_STATUS for CVE-2023-39018
Otavio Salvador (2):
weston-init: remove misleading comment about udev rule
weston-init: fix init code indentation
Ovidiu Panait (1):
mdadm: skip running 04update-uuid and 07revert-inplace testcases
Paulo Neves (1):
bitbake: siggen.py: Improve taskhash reproducibility
Peter Kjellerstedt (3):
bin_package.bbclass: Inhibit the default dependencies
insane.bbclass: Remove an unused variable
poky.conf: Switch to post release name/version
Peter Marko (2):
openssl: Upgrade 3.1.1 -> 3.1.2
gcc-runtime: remove bashism
Poonam Jadhav (1):
pixman: Remove duplication of license MIT
Randolph Sapp (1):
bitbake: gitsm: tolerate git-lfs in submodules
Richard Purdie (39):
bitbake: siggen: Fix indentation
bitbake: siggen: Update debug
resulttool/report: Avoid divide by zero
gcc-testsuite: Fix qemu binary filtering code logic error
gcc-testsuite: Set qemu options for mips correctly
mips/tune-mips64r2: Set qemu cpu option correctly
binutils-cross-testsuite: Pass TUNE_LDARGS to tests
arch-mips: Ensure TUNE_LDARGS is set correctly
gcc: Add patch to improve testsuite failures, particularly mips
oeqa/runtime/parselogs: Exclude preempt-rt error for now
qemu: Upgrade 8.0.3 -> 8.0.4
lib/package_manager: Improve repo artefact filtering
Revert "oeqa/utils/gitarchive: fix tag computation when creating archive"
lttng-modules: Upgrade 2.13.9 -> 2.13.10
lttng-tools: Upgrade 2.13.9 -> 2.13.10
pseudo: Fix to work with glibc 2.38
binutils: Add missing DEPENDS on pod2man
build-sysroots: Ensure dependency chains are minimal
bitbake: fetch2: Add new srcrev fetcher API
base/package: Move source revision information from PV to PKGV
recipes/classes/scripts: Drop SRCPV usage in OE-Core
glibc: Add glibc 2.38 stable updates
README: Update to point to new contributor guide
bitbake: README: Update to point to new contributor guide
bitbake: command: Avoid time intensive distractions for ping
README: Clarify/standardise contributions process
python3-numpy: Attempt to fix reproducibility issue
bitbake: doc: Document challenges of tags with git fetcher
bitbake: server/process: Add more timing debug
qemu: Upgrade 8.0.4 -> 8.1.0
qemu: Add patches to resolve x86 and then mips boot issues
mdadm: Disable further tests due to intermittent failures
Revert "oeqa selftest context.py: fix git commands and set branch name"
classes: Drop ';' delimiter from ROOTFS/IMAGE*COMMAND variables
build-appliance-image: Update to master head revision
layer.conf: Update to nanbield release series
bitbake: bitbake: Update to 2.6.0 release series/version
layer.conf: Update to nanbield release series
build-appliance-image: Update to master head revision
Ross Burton (47):
connman-conf: don't take over any ethernet devices, not just eth0
meson.bbclass: add MESON_TARGET
meson.bbclass:: update do_write_config vardeps
systemd-boot: use MESON_TARGET
systemd-boot: improve cross file generation
p11-kit: fix build without qemu-usermode
gi-docgen: depend on qemu-usermode MACHINE_FEATURES
python3-pygobject: add explicit check for qemu-usermode MACHINE_FEATURE
graphene: fix runtime detection of IEEE754 behaviour
python3: ignore disputed CVE-2023-36632
procps: backport fix for CVE-2023-4016
linux/generate-cve-exclusions.py: fix comparison
linux/cve-exclusions: update CVE_STATUS exclusions
perf: enable verbose feature detection
perf: add more PACKAGECONFIGs
perf: fix perl binding support
perf: split scripting PACKAGECONFIG into perl and python
perf: disable perl support
libtraceevent: build with Meson
linux/generate-cve-exclusions: add version check warning
linux-yocto: update CVE exclusions files
site: remove at-spi2-core values
inetutils: don't guess target paths
inetutils: remove obsolete patches
inetutils: remove obsolete cruft from do_configure
glib-networking: enable build with GnuTLS if PKCS#11 was disabled
glib-networking: use gnutls backend for TLS sockets
cve-extra-exclusions: remove historic kernel CVEs which are handled now
cve-extra-exclusions: remove BlueZ issues
linux-yocto: update kernel CVE status
linux: review some historic CVE_STATUS
glib-2.0: explicitly enable strlcpy()
scripts/oe-find-native-sysroot: use bitbake-getvar
qemu-system-native: enable PNG support
python3-build: upgrade to 1.0.0
glib-2.0: libelf has a configure option now, specify it
harfbuzz: update PACKAGECONFIG
pango: explictly enable/disable libthai
libsoup-2.4: update PACKAGECONFIG
libsoup: update PACKAGECONFIG
wayland-utils: add libdrm PACKAGECONFIG
cve-exclusion: review the last of the historical kernel CVEs
busybox: remove coreutils dependency in busybox-ptest
libgudev: explicitly disable tests and vapi
linux: update CVE exclusions
python3-build: upgrade to 1.0.3
avahi: handle invalid service types gracefully
Ryan Eatmon (1):
kernel.bbclass: Add force flag to rm calls
Samantha Jalabert (1):
bitbake: Fix disk space monitoring on cephfs
Stéphane Veyret (1):
nfs-utils: Add needed library to client
Sudip Mukherjee (4):
kea: upgrade to v2.4.0
cmake: upgrade to v3.27.4
dpkg: upgrade to v1.22.0
openssh: upgrade to v9.4p1
Tom Hochstein (1):
linux-firmware: add firmware files for NXP BT chipsets
Trevor Gamblin (16):
python3-hypothesis: upgrade 6.82.0 -> 6.82.5
python3-more-itertools: upgrade 10.0.0 -> 10.1.0
python3-pygments: upgrade 2.15.1 -> 2.16.1
python3-wheel: upgrade 0.41.0 -> 0.41.1
maintainers.inc: Add self for unmaintained Python recipes
oe-buildenv-internal: update required Python version
python3-dbusmock: upgrade 0.29.0 -> 0.29.1
python3-numpy: upgrade 1.25.1 -> 1.25.2
python3-trove-classfiers: upgrade 2023.7.6 -> 2023.8.7
python3-setuptools: upgrade 68.0.0 -> 68.1.0
python3-dtc: upgrade 1.6.1 -> 1.7.0
python3-poetry: upgrade 1.6.1 -> 1.7.0
python3-git: upgrade 3.1.32 -> 3.1.34
python3-hypothesis: upgrade 6.82.7 -> 6.84.0
python3-pytest: upgrade 7.4.0 -> 7.4.1
python3-sphinx: upgrade 7.1.1 -> 7.2.5
Ulrich Ölmann (1):
weston: fix comment
Wang Mingyu (47):
btrfs-tools: upgrade 6.3.1 -> 6.3.3
curl: upgrade 8.2.0 -> 8.2.1
file: upgrade 5.44 -> 5.45
gmp: upgrade 6.2.1 -> 6.3.0
xxhash: upgrade 0.8.1 -> 0.8.2
python3-editables: upgrade 0.4 -> 0.5
python3-markdown: upgrade 3.4.3 -> 3.4.4
python3-pathspec: upgrade 0.11.1 -> 0.11.2
python3-pip: upgrade 23.2 -> 23.2.1
python3-pyparsing: upgrade 3.1.0 -> 3.1.1
re2c: upgrade 3.0 -> 3.1
shaderc: upgrade 2023.4 -> 2023.5
sudo: upgrade 1.9.14p2 -> 1.9.14p3
libarchive: upgrade 3.6.2 -> 3.7.1
tar: upgrade 1.34 -> 1.35
bind: upgrade 9.18.17 -> 9.18.18
bluez5: upgrade 5.68 -> 5.69
ell: upgrade 0.57 -> 0.58
git: upgrade 2.41.0 -> 2.42.0
kbd: upgrade 2.6.1 -> 2.6.2
libconvert-asn1-perl: upgrade 0.33 -> 0.34
libdrm: upgrade 2.4.115 -> 2.4.116
libedit: upgrade 20221030-3.1 -> 20230828-3.1
libgit2: upgrade 1.7.0 -> 1.7.1
librepo: upgrade 1.15.1 -> 1.15.2
libsecret: upgrade 0.20.5 -> 0.21.0
libsndfile1: upgrade 1.2.0 -> 1.2.2
libxml2: upgrade 2.11.4 -> 2.11.5
mc: upgrade 4.8.29 -> 4.8.30
mpfr: upgrade 4.2.0 -> 4.2.1
neard: upgrade 0.18 -> 0.19
python3: upgrade 3.11.4 -> 3.11.5
pango: upgrade 1.50.14 -> 1.51.0
pigz: upgrade 2.7 -> 2.8
pkgconf: upgrade 1.9.5 -> 2.0.2
python3-setuptools: upgrade 68.1.0 -> 68.1.2
repo: upgrade 2.35 -> 2.36.1
shaderc: upgrade 2023.5 -> 2023.6
sqlite3: upgrade 3.42.0 -> 3.43.0
sysklogd: upgrade 2.5.0 -> 2.5.2
xz: upgrade 5.4.3 -> 5.4.4
zlib: upgrade 1.2.13 -> 1.3
python3-hypothesis: upgrade 6.82.5 -> 6.82.7
python3-pluggy: upgrade 1.2.0 -> 1.3.0
python3-sphinx-rtd-theme: upgrade 1.2.2 -> 1.3.0
python3-wheel: upgrade 0.41.1 -> 0.41.2
librepo: upgrade 1.15.2 -> 1.16.0
Yang Xu (1):
meson: don't fail if no .pyc exists
Yi Zhao (2):
dhcpcd: upgrade 10.0.1 -> 10.0.2
dhcpcd: fix buffer overflow
Yoann Congal (1):
dev-manual: remove unsupported :term: markup inside markup
Yogita Urade (1):
dropbear: fix CVE-2023-36328
Yuta Hayama (3):
linux/generate-cve-exclusions: print the generated time in UTC
linux/generate-cve-exclusions: fix mishandling of boundary values
linux-yocto: correct the wording in CVE_STATUS
Zang Ruochen (6):
tcf-agent: Disable non-building features on loongarch64
gcc-sanitizers: Add loongarch as a compatible architecture.
goarch.bbclass: Add loongarch64 to go_map_arch
qemuloongarch.inc:Change to use virtio-serial-pci
kernel-devsrc: Fixed missing loongarch64 kernel source code when test_kernelmodules
gcc: Fresh 0003-64-bit-multilib-hack.patch to add loongarch64 support
Change-Id: I4d4752539711b34471002dd1817bb7c14a590675
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-connectivity/openssh')
-rw-r--r-- | poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch | 34 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch | 994 | ||||
-rw-r--r-- | poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb (renamed from poky/meta/recipes-connectivity/openssh/openssh_9.3p2.bb) | 4 |
3 files changed, 36 insertions, 996 deletions
diff --git a/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch b/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch new file mode 100644 index 0000000000..baa68dc6ff --- /dev/null +++ b/poky/meta/recipes-connectivity/openssh/openssh/0001-openssh-regress-Makefile-print-logs-if-test-fails.patch @@ -0,0 +1,34 @@ +From 554f7baed050f89ffc2a7192d3071e8c5420f6d3 Mon Sep 17 00:00:00 2001 +From: Mikko Rapeli <mikko.rapeli@linaro.org> +Date: Fri, 25 Aug 2023 10:35:28 +0000 +Subject: [PATCH] openssh regress/Makefile: print logs if test fails + +Some tests are failing in CI runs and reproduction has failed. Print +the captured sshd and ssh client logs if test fails. This should +help to fix the root causes. + +Reference: https://bugzilla.yoctoproject.org/show_bug.cgi?id=15178 + +Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> +--- + regress/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Upstream-Status: Submitted [https://github.com/openssh/openssh-portable/pull/437] + +diff --git a/regress/Makefile b/regress/Makefile +index d80bf59..a972dff 100644 +--- a/regress/Makefile ++++ b/regress/Makefile +@@ -229,7 +229,7 @@ t-exec: ${LTESTS:=.sh} + done; \ + if [ "x$${skip}" = "xno" ]; then \ + echo "run test $${TEST}" ... 1>&2; \ +- (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || exit $$?; \ ++ (env SUDO="${SUDO}" TEST_ENV=${TEST_ENV} ${TEST_SHELL} ${.CURDIR}/test-exec.sh ${.OBJDIR} ${.CURDIR}/$${TEST}) || (echo return value: $$?; echo capturing logs; cat *.log; exit 1); \ + else \ + echo skip test $${TEST} 1>&2; \ + fi; \ +-- +2.34.1 + diff --git a/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch b/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch deleted file mode 100644 index 4c8aa085f3..0000000000 --- a/poky/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch +++ /dev/null @@ -1,994 +0,0 @@ -From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001 -From: Damien Miller <djm@mindrot.org> -Date: Fri, 24 Mar 2023 13:56:25 +1100 -Subject: [PATCH] remove support for old libcrypto - -OpenSSH now requires LibreSSL 3.1.0 or greater or -OpenSSL 1.1.1 or greater - -with/ok dtucker@ - -Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0] -Comment: Hunks are refreshed. -Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com> - ---- - .github/workflows/c-cpp.yml | 7 - - INSTALL | 8 +- - cipher-aes.c | 2 +- - configure.ac | 96 ++--- - openbsd-compat/libressl-api-compat.c | 556 +-------------------------- - openbsd-compat/openssl-compat.h | 151 +------- - 6 files changed, 40 insertions(+), 780 deletions(-) - -diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml -index 3d9aa22dba5..d299a32468d 100644 ---- a/.github/workflows/c-cpp.yml -+++ b/.github/workflows/c-cpp.yml -@@ -47,9 +47,6 @@ jobs: - - { target: ubuntu-20.04, config: tcmalloc } - - { target: ubuntu-20.04, config: musl } - - { target: ubuntu-latest, config: libressl-master } -- - { target: ubuntu-latest, config: libressl-2.2.9 } -- - { target: ubuntu-latest, config: libressl-2.8.3 } -- - { target: ubuntu-latest, config: libressl-3.0.2 } - - { target: ubuntu-latest, config: libressl-3.2.6 } - - { target: ubuntu-latest, config: libressl-3.3.6 } - - { target: ubuntu-latest, config: libressl-3.4.3 } -@@ -58,10 +55,6 @@ jobs: - - { target: ubuntu-latest, config: libressl-3.7.0 } - - { target: ubuntu-latest, config: openssl-master } - - { target: ubuntu-latest, config: openssl-noec } -- - { target: ubuntu-latest, config: openssl-1.0.1 } -- - { target: ubuntu-latest, config: openssl-1.0.1u } -- - { target: ubuntu-latest, config: openssl-1.0.2u } -- - { target: ubuntu-latest, config: openssl-1.1.0h } - - { target: ubuntu-latest, config: openssl-1.1.1 } - - { target: ubuntu-latest, config: openssl-1.1.1k } - - { target: ubuntu-latest, config: openssl-1.1.1n } -diff --git a/INSTALL b/INSTALL -index 68b15e13190..f99d1e2a809 100644 ---- a/INSTALL -+++ b/INSTALL -@@ -21,12 +21,8 @@ https://zlib.net/ - - libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto - is supported but severely restricts the available ciphers and algorithms. -- - LibreSSL (https://www.libressl.org/) -- - OpenSSL (https://www.openssl.org) with any of the following versions: -- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 -- --Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to --1.1.0g can't be used. -+ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater -+ - OpenSSL (https://www.openssl.org) 1.1.1 or greater - - LibreSSL/OpenSSL should be compiled as a position-independent library - (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC" -diff --git a/cipher-aes.c b/cipher-aes.c -index 8b101727284..87c763353d8 100644 ---- a/cipher-aes.c -+++ b/cipher-aes.c -@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, - - static int - ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, -- LIBCRYPTO_EVP_INL_TYPE len) -+ size_t len) - { - struct ssh_rijndael_ctx *c; - u_char buf[RIJNDAEL_BLOCKSIZE]; -diff --git a/configure.ac b/configure.ac -index 22fee70f604..1c0ccdf19c5 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -2802,42 +2802,40 @@ if test "x$openssl" = "xyes" ; then - #include <openssl/crypto.h> - #define DATA "conftest.ssllibver" - ]], [[ -- FILE *fd; -- int rc; -+ FILE *f; - -- fd = fopen(DATA,"w"); -- if(fd == NULL) -+ if ((f = fopen(DATA, "w")) == NULL) - exit(1); --#ifndef OPENSSL_VERSION --# define OPENSSL_VERSION SSLEAY_VERSION --#endif --#ifndef HAVE_OPENSSL_VERSION --# define OpenSSL_version SSLeay_version --#endif --#ifndef HAVE_OPENSSL_VERSION_NUM --# define OpenSSL_version_num SSLeay --#endif -- if ((rc = fprintf(fd, "%08lx (%s)\n", -+ if (fprintf(f, "%08lx (%s)", - (unsigned long)OpenSSL_version_num(), -- OpenSSL_version(OPENSSL_VERSION))) < 0) -+ OpenSSL_version(OPENSSL_VERSION)) < 0) -+ exit(1); -+#ifdef LIBRESSL_VERSION_NUMBER -+ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) -+ exit(1); -+#endif -+ if (fputc('\n', f) == EOF || fclose(f) == EOF) - exit(1); -- - exit(0); - ]])], - [ -- ssl_library_ver=`cat conftest.ssllibver` -+ sslver=`cat conftest.ssllibver` -+ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` - # Check version is supported. -- case "$ssl_library_ver" in -- 10000*|0*) -- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) -- ;; -- 100*) ;; # 1.0.x -- 101000[[0123456]]*) -- # https://github.com/openssl/openssl/pull/4613 -- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) -+ case "$sslver" in -+ 100*|10100*) # 1.0.x, 1.1.0x -+ AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) - ;; - 101*) ;; # 1.1.x -- 200*) ;; # LibreSSL -+ 200*) # LibreSSL -+ lver=`echo "$sslver" | sed 's/.*libressl-//'` -+ case "$lver" in -+ 2*|300*) # 2.x, 3.0.0 -+ AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) -+ ;; -+ *) ;; # Assume all other versions are good. -+ esac -+ ;; - 300*) - # OpenSSL 3; we use the 1.1x API - CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" -@@ -2847,10 +2845,10 @@ if test "x$openssl" = "xyes" ; then - CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" - ;; - *) -- AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) -+ AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) - ;; - esac -- AC_MSG_RESULT([$ssl_library_ver]) -+ AC_MSG_RESULT([$ssl_showver]) - ], - [ - AC_MSG_RESULT([not found]) -@@ -2863,7 +2861,7 @@ if test "x$openssl" = "xyes" ; then - - case "$host" in - x86_64-*) -- case "$ssl_library_ver" in -+ case "$sslver" in - 3000004*) - AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) - ;; -@@ -2879,9 +2877,6 @@ if test "x$openssl" = "xyes" ; then - #include <openssl/opensslv.h> - #include <openssl/crypto.h> - ]], [[ --#ifndef HAVE_OPENSSL_VERSION_NUM --# define OpenSSL_version_num SSLeay --#endif - exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); - ]])], - [ -@@ -2955,44 +2950,13 @@ if test "x$openssl" = "xyes" ; then - ) - ) - -- # LibreSSL/OpenSSL 1.1x API -+ # LibreSSL/OpenSSL API differences - AC_CHECK_FUNCS([ \ -- OPENSSL_init_crypto \ -- DH_get0_key \ -- DH_get0_pqg \ -- DH_set0_key \ -- DH_set_length \ -- DH_set0_pqg \ -- DSA_get0_key \ -- DSA_get0_pqg \ -- DSA_set0_key \ -- DSA_set0_pqg \ -- DSA_SIG_get0 \ -- DSA_SIG_set0 \ -- ECDSA_SIG_get0 \ -- ECDSA_SIG_set0 \ - EVP_CIPHER_CTX_iv \ - EVP_CIPHER_CTX_iv_noconst \ - EVP_CIPHER_CTX_get_iv \ - EVP_CIPHER_CTX_get_updated_iv \ - EVP_CIPHER_CTX_set_iv \ -- RSA_get0_crt_params \ -- RSA_get0_factors \ -- RSA_get0_key \ -- RSA_set0_crt_params \ -- RSA_set0_factors \ -- RSA_set0_key \ -- RSA_meth_free \ -- RSA_meth_dup \ -- RSA_meth_set1_name \ -- RSA_meth_get_finish \ -- RSA_meth_set_priv_enc \ -- RSA_meth_set_priv_dec \ -- RSA_meth_set_finish \ -- EVP_PKEY_get0_RSA \ -- EVP_MD_CTX_new \ -- EVP_MD_CTX_free \ -- EVP_chacha20 \ - ]) - - if test "x$openssl_engine" = "xyes" ; then -@@ -3050,8 +3014,8 @@ if test "x$openssl" = "xyes" ; then - ] - ) - -- # Check for SHA256, SHA384 and SHA512 support in OpenSSL -- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) -+ # Check for various EVP support in OpenSSL -+ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) - - # Check complete ECC support in OpenSSL - AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) -diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c -index 498180dc894..59be17397c5 100644 ---- a/openbsd-compat/libressl-api-compat.c -+++ b/openbsd-compat/libressl-api-compat.c -@@ -1,129 +1,5 @@ --/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ --/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ --/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ --/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ --/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ --/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ --/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) -- * All rights reserved. -- * -- * This package is an SSL implementation written -- * by Eric Young (eay@cryptsoft.com). -- * The implementation was written so as to conform with Netscapes SSL. -- * -- * This library is free for commercial and non-commercial use as long as -- * the following conditions are aheared to. The following conditions -- * apply to all code found in this distribution, be it the RC4, RSA, -- * lhash, DES, etc., code; not just the SSL code. The SSL documentation -- * included with this distribution is covered by the same copyright terms -- * except that the holder is Tim Hudson (tjh@cryptsoft.com). -- * -- * Copyright remains Eric Young's, and as such any Copyright notices in -- * the code are not to be removed. -- * If this package is used in a product, Eric Young should be given attribution -- * as the author of the parts of the library used. -- * This can be in the form of a textual message at program startup or -- * in documentation (online or textual) provided with the package. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * 1. Redistributions of source code must retain the copyright -- * notice, this list of conditions and the following disclaimer. -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in the -- * documentation and/or other materials provided with the distribution. -- * 3. All advertising materials mentioning features or use of this software -- * must display the following acknowledgement: -- * "This product includes cryptographic software written by -- * Eric Young (eay@cryptsoft.com)" -- * The word 'cryptographic' can be left out if the rouines from the library -- * being used are not cryptographic related :-). -- * 4. If you include any Windows specific code (or a derivative thereof) from -- * the apps directory (application code) you must include an acknowledgement: -- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" -- * -- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND -- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE -- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -- * SUCH DAMAGE. -- * -- * The licence and distribution terms for any publically available version or -- * derivative of this code cannot be changed. i.e. this code cannot simply be -- * copied and put under another distribution licence -- * [including the GNU Public Licence.] -- */ -- --/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ --/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ --/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ --/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL -- * project 2000. -- */ --/* ==================================================================== -- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. -- * -- * Redistribution and use in source and binary forms, with or without -- * modification, are permitted provided that the following conditions -- * are met: -- * -- * 1. Redistributions of source code must retain the above copyright -- * notice, this list of conditions and the following disclaimer. -- * -- * 2. Redistributions in binary form must reproduce the above copyright -- * notice, this list of conditions and the following disclaimer in -- * the documentation and/or other materials provided with the -- * distribution. -- * -- * 3. All advertising materials mentioning features or use of this -- * software must display the following acknowledgment: -- * "This product includes software developed by the OpenSSL Project -- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" -- * -- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to -- * endorse or promote products derived from this software without -- * prior written permission. For written permission, please contact -- * licensing@OpenSSL.org. -- * -- * 5. Products derived from this software may not be called "OpenSSL" -- * nor may "OpenSSL" appear in their names without prior written -- * permission of the OpenSSL Project. -- * -- * 6. Redistributions of any form whatsoever must retain the following -- * acknowledgment: -- * "This product includes software developed by the OpenSSL Project -- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" -- * -- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY -- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR -- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, -- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED -- * OF THE POSSIBILITY OF SUCH DAMAGE. -- * ==================================================================== -- * -- * This product includes cryptographic software written by Eric Young -- * (eay@cryptsoft.com). This product includes software written by Tim -- * Hudson (tjh@cryptsoft.com). -- * -- */ -- --/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ - /* -- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> -+ * Copyright (c) 2018 Damien Miller <djm@mindrot.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above -@@ -147,192 +23,7 @@ - #include <stdlib.h> - #include <string.h> - --#include <openssl/err.h> --#include <openssl/bn.h> --#include <openssl/dsa.h> --#include <openssl/rsa.h> - #include <openssl/evp.h> --#ifdef OPENSSL_HAS_ECC --#include <openssl/ecdsa.h> --#endif --#include <openssl/dh.h> -- --#ifndef HAVE_DSA_GET0_PQG --void --DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) --{ -- if (p != NULL) -- *p = d->p; -- if (q != NULL) -- *q = d->q; -- if (g != NULL) -- *g = d->g; --} --#endif /* HAVE_DSA_GET0_PQG */ -- --#ifndef HAVE_DSA_SET0_PQG --int --DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) --{ -- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || -- (d->g == NULL && g == NULL)) -- return 0; -- -- if (p != NULL) { -- BN_free(d->p); -- d->p = p; -- } -- if (q != NULL) { -- BN_free(d->q); -- d->q = q; -- } -- if (g != NULL) { -- BN_free(d->g); -- d->g = g; -- } -- -- return 1; --} --#endif /* HAVE_DSA_SET0_PQG */ -- --#ifndef HAVE_DSA_GET0_KEY --void --DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) --{ -- if (pub_key != NULL) -- *pub_key = d->pub_key; -- if (priv_key != NULL) -- *priv_key = d->priv_key; --} --#endif /* HAVE_DSA_GET0_KEY */ -- --#ifndef HAVE_DSA_SET0_KEY --int --DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) --{ -- if (d->pub_key == NULL && pub_key == NULL) -- return 0; -- -- if (pub_key != NULL) { -- BN_free(d->pub_key); -- d->pub_key = pub_key; -- } -- if (priv_key != NULL) { -- BN_free(d->priv_key); -- d->priv_key = priv_key; -- } -- -- return 1; --} --#endif /* HAVE_DSA_SET0_KEY */ -- --#ifndef HAVE_RSA_GET0_KEY --void --RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) --{ -- if (n != NULL) -- *n = r->n; -- if (e != NULL) -- *e = r->e; -- if (d != NULL) -- *d = r->d; --} --#endif /* HAVE_RSA_GET0_KEY */ -- --#ifndef HAVE_RSA_SET0_KEY --int --RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) --{ -- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) -- return 0; -- -- if (n != NULL) { -- BN_free(r->n); -- r->n = n; -- } -- if (e != NULL) { -- BN_free(r->e); -- r->e = e; -- } -- if (d != NULL) { -- BN_free(r->d); -- r->d = d; -- } -- -- return 1; --} --#endif /* HAVE_RSA_SET0_KEY */ -- --#ifndef HAVE_RSA_GET0_CRT_PARAMS --void --RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, -- const BIGNUM **iqmp) --{ -- if (dmp1 != NULL) -- *dmp1 = r->dmp1; -- if (dmq1 != NULL) -- *dmq1 = r->dmq1; -- if (iqmp != NULL) -- *iqmp = r->iqmp; --} --#endif /* HAVE_RSA_GET0_CRT_PARAMS */ -- --#ifndef HAVE_RSA_SET0_CRT_PARAMS --int --RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) --{ -- if ((r->dmp1 == NULL && dmp1 == NULL) || -- (r->dmq1 == NULL && dmq1 == NULL) || -- (r->iqmp == NULL && iqmp == NULL)) -- return 0; -- -- if (dmp1 != NULL) { -- BN_free(r->dmp1); -- r->dmp1 = dmp1; -- } -- if (dmq1 != NULL) { -- BN_free(r->dmq1); -- r->dmq1 = dmq1; -- } -- if (iqmp != NULL) { -- BN_free(r->iqmp); -- r->iqmp = iqmp; -- } -- -- return 1; --} --#endif /* HAVE_RSA_SET0_CRT_PARAMS */ -- --#ifndef HAVE_RSA_GET0_FACTORS --void --RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) --{ -- if (p != NULL) -- *p = r->p; -- if (q != NULL) -- *q = r->q; --} --#endif /* HAVE_RSA_GET0_FACTORS */ -- --#ifndef HAVE_RSA_SET0_FACTORS --int --RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) --{ -- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) -- return 0; -- -- if (p != NULL) { -- BN_free(r->p); -- r->p = p; -- } -- if (q != NULL) { -- BN_free(r->q); -- r->q = q; -- } -- -- return 1; --} --#endif /* HAVE_RSA_SET0_FACTORS */ - - #ifndef HAVE_EVP_CIPHER_CTX_GET_IV - int -@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) - } - #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ - --#ifndef HAVE_DSA_SIG_GET0 --void --DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) --{ -- if (pr != NULL) -- *pr = sig->r; -- if (ps != NULL) -- *ps = sig->s; --} --#endif /* HAVE_DSA_SIG_GET0 */ -- --#ifndef HAVE_DSA_SIG_SET0 --int --DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) --{ -- if (r == NULL || s == NULL) -- return 0; -- -- BN_clear_free(sig->r); -- sig->r = r; -- BN_clear_free(sig->s); -- sig->s = s; -- -- return 1; --} --#endif /* HAVE_DSA_SIG_SET0 */ -- --#ifdef OPENSSL_HAS_ECC --#ifndef HAVE_ECDSA_SIG_GET0 --void --ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) --{ -- if (pr != NULL) -- *pr = sig->r; -- if (ps != NULL) -- *ps = sig->s; --} --#endif /* HAVE_ECDSA_SIG_GET0 */ -- --#ifndef HAVE_ECDSA_SIG_SET0 --int --ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) --{ -- if (r == NULL || s == NULL) -- return 0; -- -- BN_clear_free(sig->r); -- BN_clear_free(sig->s); -- sig->r = r; -- sig->s = s; -- return 1; --} --#endif /* HAVE_ECDSA_SIG_SET0 */ --#endif /* OPENSSL_HAS_ECC */ -- --#ifndef HAVE_DH_GET0_PQG --void --DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) --{ -- if (p != NULL) -- *p = dh->p; -- if (q != NULL) -- *q = dh->q; -- if (g != NULL) -- *g = dh->g; --} --#endif /* HAVE_DH_GET0_PQG */ -- --#ifndef HAVE_DH_SET0_PQG --int --DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) --{ -- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) -- return 0; -- -- if (p != NULL) { -- BN_free(dh->p); -- dh->p = p; -- } -- if (q != NULL) { -- BN_free(dh->q); -- dh->q = q; -- } -- if (g != NULL) { -- BN_free(dh->g); -- dh->g = g; -- } -- -- return 1; --} --#endif /* HAVE_DH_SET0_PQG */ -- --#ifndef HAVE_DH_GET0_KEY --void --DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) --{ -- if (pub_key != NULL) -- *pub_key = dh->pub_key; -- if (priv_key != NULL) -- *priv_key = dh->priv_key; --} --#endif /* HAVE_DH_GET0_KEY */ -- --#ifndef HAVE_DH_SET0_KEY --int --DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) --{ -- if (pub_key != NULL) { -- BN_free(dh->pub_key); -- dh->pub_key = pub_key; -- } -- if (priv_key != NULL) { -- BN_free(dh->priv_key); -- dh->priv_key = priv_key; -- } -- -- return 1; --} --#endif /* HAVE_DH_SET0_KEY */ -- --#ifndef HAVE_DH_SET_LENGTH --int --DH_set_length(DH *dh, long length) --{ -- if (length < 0 || length > INT_MAX) -- return 0; -- -- dh->length = length; -- return 1; --} --#endif /* HAVE_DH_SET_LENGTH */ -- --#ifndef HAVE_RSA_METH_FREE --void --RSA_meth_free(RSA_METHOD *meth) --{ -- if (meth != NULL) { -- free((char *)meth->name); -- free(meth); -- } --} --#endif /* HAVE_RSA_METH_FREE */ -- --#ifndef HAVE_RSA_METH_DUP --RSA_METHOD * --RSA_meth_dup(const RSA_METHOD *meth) --{ -- RSA_METHOD *copy; -- -- if ((copy = calloc(1, sizeof(*copy))) == NULL) -- return NULL; -- memcpy(copy, meth, sizeof(*copy)); -- if ((copy->name = strdup(meth->name)) == NULL) { -- free(copy); -- return NULL; -- } -- -- return copy; --} --#endif /* HAVE_RSA_METH_DUP */ -- --#ifndef HAVE_RSA_METH_SET1_NAME --int --RSA_meth_set1_name(RSA_METHOD *meth, const char *name) --{ -- char *copy; -- -- if ((copy = strdup(name)) == NULL) -- return 0; -- free((char *)meth->name); -- meth->name = copy; -- return 1; --} --#endif /* HAVE_RSA_METH_SET1_NAME */ -- --#ifndef HAVE_RSA_METH_GET_FINISH --int --(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) --{ -- return meth->finish; --} --#endif /* HAVE_RSA_METH_GET_FINISH */ -- --#ifndef HAVE_RSA_METH_SET_PRIV_ENC --int --RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, -- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) --{ -- meth->rsa_priv_enc = priv_enc; -- return 1; --} --#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ -- --#ifndef HAVE_RSA_METH_SET_PRIV_DEC --int --RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, -- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) --{ -- meth->rsa_priv_dec = priv_dec; -- return 1; --} --#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ -- --#ifndef HAVE_RSA_METH_SET_FINISH --int --RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) --{ -- meth->finish = finish; -- return 1; --} --#endif /* HAVE_RSA_METH_SET_FINISH */ -- --#ifndef HAVE_EVP_PKEY_GET0_RSA --RSA * --EVP_PKEY_get0_RSA(EVP_PKEY *pkey) --{ -- if (pkey->type != EVP_PKEY_RSA) { -- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ -- return NULL; -- } -- return pkey->pkey.rsa; --} --#endif /* HAVE_EVP_PKEY_GET0_RSA */ -- --#ifndef HAVE_EVP_MD_CTX_NEW --EVP_MD_CTX * --EVP_MD_CTX_new(void) --{ -- return calloc(1, sizeof(EVP_MD_CTX)); --} --#endif /* HAVE_EVP_MD_CTX_NEW */ -- --#ifndef HAVE_EVP_MD_CTX_FREE --void --EVP_MD_CTX_free(EVP_MD_CTX *ctx) --{ -- if (ctx == NULL) -- return; -- -- EVP_MD_CTX_cleanup(ctx); -- -- free(ctx); --} --#endif /* HAVE_EVP_MD_CTX_FREE */ -- - #endif /* WITH_OPENSSL */ -diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h -index 61a69dd56eb..d0dd2c3450d 100644 ---- a/openbsd-compat/openssl-compat.h -+++ b/openbsd-compat/openssl-compat.h -@@ -33,26 +33,13 @@ - int ssh_compatible_openssl(long, long); - void ssh_libcrypto_init(void); - --#if (OPENSSL_VERSION_NUMBER < 0x1000100fL) --# error OpenSSL 1.0.1 or greater is required -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+# error OpenSSL 1.1.0 or greater is required - #endif -- --#ifndef OPENSSL_VERSION --# define OPENSSL_VERSION SSLEAY_VERSION --#endif -- --#ifndef HAVE_OPENSSL_VERSION --# define OpenSSL_version(x) SSLeay_version(x) --#endif -- --#ifndef HAVE_OPENSSL_VERSION_NUM --# define OpenSSL_version_num SSLeay --#endif -- --#if OPENSSL_VERSION_NUMBER < 0x10000001L --# define LIBCRYPTO_EVP_INL_TYPE unsigned int --#else --# define LIBCRYPTO_EVP_INL_TYPE size_t -+#ifdef LIBRESSL_VERSION_NUMBER -+# if LIBRESSL_VERSION_NUMBER < 0x3010000fL -+# error LibreSSL 3.1.0 or greater is required -+# endif - #endif - - #ifndef OPENSSL_RSA_MAX_MODULUS_BITS -@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void); - # endif - #endif - --/* LibreSSL/OpenSSL 1.1x API compat */ --#ifndef HAVE_DSA_GET0_PQG --void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, -- const BIGNUM **g); --#endif /* HAVE_DSA_GET0_PQG */ -- --#ifndef HAVE_DSA_SET0_PQG --int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); --#endif /* HAVE_DSA_SET0_PQG */ -- --#ifndef HAVE_DSA_GET0_KEY --void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, -- const BIGNUM **priv_key); --#endif /* HAVE_DSA_GET0_KEY */ -- --#ifndef HAVE_DSA_SET0_KEY --int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); --#endif /* HAVE_DSA_SET0_KEY */ -- - #ifndef HAVE_EVP_CIPHER_CTX_GET_IV - # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV - # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv -@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, - const unsigned char *iv, size_t len); - #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ - --#ifndef HAVE_RSA_GET0_KEY --void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, -- const BIGNUM **d); --#endif /* HAVE_RSA_GET0_KEY */ -- --#ifndef HAVE_RSA_SET0_KEY --int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); --#endif /* HAVE_RSA_SET0_KEY */ -- --#ifndef HAVE_RSA_GET0_CRT_PARAMS --void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, -- const BIGNUM **iqmp); --#endif /* HAVE_RSA_GET0_CRT_PARAMS */ -- --#ifndef HAVE_RSA_SET0_CRT_PARAMS --int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); --#endif /* HAVE_RSA_SET0_CRT_PARAMS */ -- --#ifndef HAVE_RSA_GET0_FACTORS --void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); --#endif /* HAVE_RSA_GET0_FACTORS */ -- --#ifndef HAVE_RSA_SET0_FACTORS --int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); --#endif /* HAVE_RSA_SET0_FACTORS */ -- --#ifndef DSA_SIG_GET0 --void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); --#endif /* DSA_SIG_GET0 */ -- --#ifndef DSA_SIG_SET0 --int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); --#endif /* DSA_SIG_SET0 */ -- --#ifdef OPENSSL_HAS_ECC --#ifndef HAVE_ECDSA_SIG_GET0 --void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); --#endif /* HAVE_ECDSA_SIG_GET0 */ -- --#ifndef HAVE_ECDSA_SIG_SET0 --int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); --#endif /* HAVE_ECDSA_SIG_SET0 */ --#endif /* OPENSSL_HAS_ECC */ -- --#ifndef HAVE_DH_GET0_PQG --void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, -- const BIGNUM **g); --#endif /* HAVE_DH_GET0_PQG */ -- --#ifndef HAVE_DH_SET0_PQG --int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); --#endif /* HAVE_DH_SET0_PQG */ -- --#ifndef HAVE_DH_GET0_KEY --void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); --#endif /* HAVE_DH_GET0_KEY */ -- --#ifndef HAVE_DH_SET0_KEY --int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); --#endif /* HAVE_DH_SET0_KEY */ -- --#ifndef HAVE_DH_SET_LENGTH --int DH_set_length(DH *dh, long length); --#endif /* HAVE_DH_SET_LENGTH */ -- --#ifndef HAVE_RSA_METH_FREE --void RSA_meth_free(RSA_METHOD *meth); --#endif /* HAVE_RSA_METH_FREE */ -- --#ifndef HAVE_RSA_METH_DUP --RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); --#endif /* HAVE_RSA_METH_DUP */ -- --#ifndef HAVE_RSA_METH_SET1_NAME --int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); --#endif /* HAVE_RSA_METH_SET1_NAME */ -- --#ifndef HAVE_RSA_METH_GET_FINISH --int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); --#endif /* HAVE_RSA_METH_GET_FINISH */ -- --#ifndef HAVE_RSA_METH_SET_PRIV_ENC --int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, -- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); --#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ -- --#ifndef HAVE_RSA_METH_SET_PRIV_DEC --int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, -- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); --#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ -- --#ifndef HAVE_RSA_METH_SET_FINISH --int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); --#endif /* HAVE_RSA_METH_SET_FINISH */ -- --#ifndef HAVE_EVP_PKEY_GET0_RSA --RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); --#endif /* HAVE_EVP_PKEY_GET0_RSA */ -- --#ifndef HAVE_EVP_MD_CTX_new --EVP_MD_CTX *EVP_MD_CTX_new(void); --#endif /* HAVE_EVP_MD_CTX_new */ -- --#ifndef HAVE_EVP_MD_CTX_free --void EVP_MD_CTX_free(EVP_MD_CTX *ctx); --#endif /* HAVE_EVP_MD_CTX_free */ -- - #endif /* WITH_OPENSSL */ - #endif /* _OPENSSL_COMPAT_H */ diff --git a/poky/meta/recipes-connectivity/openssh/openssh_9.3p2.bb b/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb index 5fb2dccdfc..2c85780e4d 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_9.3p2.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_9.4p1.bb @@ -24,9 +24,9 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ - file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \ + file://0001-openssh-regress-Makefile-print-logs-if-test-fails.patch \ " -SRC_URI[sha256sum] = "200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8" +SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85" CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." |