diff options
Diffstat (limited to 'poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb')
-rw-r--r-- | poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index d879efc201..fe94f30503 100644 --- a/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/poky/meta/recipes-connectivity/openssh/openssh_8.2p1.bb @@ -28,6 +28,10 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" +# This CVE is specific to OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 +# and when running in a Kerberos environment. As such it is not relevant to OpenEmbedded +CVE_CHECK_WHITELIST += "CVE-2014-9278" + PAM_SRC_URI = "file://sshd" inherit manpages useradd update-rc.d update-alternatives systemd @@ -43,12 +47,15 @@ SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket" inherit autotools-brokensep ptest -PACKAGECONFIG ??= "" +PACKAGECONFIG ??= "rng-tools" PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5" PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns" PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit" PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat" +# Add RRECOMMENDS to rng-tools for sshd package +PACKAGECONFIG[rng-tools] = "" + EXTRA_AUTORECONF += "--exclude=aclocal" # login path is hardcoded in sshd @@ -150,7 +157,10 @@ FILES_${PN}-keygen = "${bindir}/ssh-keygen" RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen" RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}" -RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools" +RRECOMMENDS_${PN}-sshd_append_class-target = "\ + ${@bb.utils.filter('PACKAGECONFIG', 'rng-tools', d)} \ +" + # gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils" |