diff options
Diffstat (limited to 'poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb')
-rw-r--r-- | poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index 64a0a72a8f..ddc9ed0b32 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -5,7 +5,7 @@ Ssh (Secure Shell) is a program for logging into a remote machine \ and for executing commands on a remote machine." HOMEPAGE = "http://www.openssh.com/" SECTION = "console/network" -LICENSE = "BSD & ISC & MIT" +LICENSE = "BSD-2-Clause & BSD-3-Clause & BSD-4-Clause & ISC & MIT" LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3" DEPENDS = "zlib openssl virtual/crypt" @@ -25,6 +25,8 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ file://CVE-2020-14145.patch \ + file://CVE-2021-28041.patch \ + file://CVE-2021-41617.patch \ " SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" @@ -49,6 +51,15 @@ CVE_CHECK_WHITELIST += "CVE-2020-15778" # https://www.securityfocus.com/bid/30794 CVE_CHECK_WHITELIST += "CVE-2008-3844" +# openssh-ssh1 is provided for compatibility with old devices that +# cannot be upgraded to modern protocols. Thus they may not provide security +# support for this package because doing so would prevent access to equipment. +# The upstream OpenSSH developers see this as an important +# security feature and do not intend to 'fix' it. +# https://security-tracker.debian.org/tracker/CVE-2016-20012 +# https://ubuntu.com/security/CVE-2016-20012 +CVE_CHECK_WHITELIST += "CVE-2016-20012" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd |