From ea1e478c85f6b991aa9031c8ebea5dc5d725200b Mon Sep 17 00:00:00 2001 From: Marcel Ziswiler Date: Thu, 6 Apr 2017 17:33:24 +0200 Subject: openssh: update 6.7p1 -> 7.4p1 This is basically a back port of the following commits from the openembedded-core master branch: openssh: upgrade to 7.4p1 openssh: fix CVE-2016-8858 openssh: fix potential signed overflow to enable compilation with -ftrapv openssh: Upgrade 7.2p2 -> 7.3p1 openssh: add ed25519 host key location to read-only sshd config openssh: conditional compile DES code. openssh: fix init script restart with read-only-rootfs openssh: update homepage and summary openssh: Backport fix for CVE-2015-8325 openssh: Upgrade 7.1p2 -> 7.2p2 openssh: change URI to http: openssh: Security Fix CVE-2016-3115 openssh: Properly skip ptrace test if tools are missing openssh: Fix regex that sets sftp-server path for tests openssh: CVE-2016-1907 openssh: update to 7.1p2 openssh: redesign ssh-agent.sh regression test case openssh: enable X11Forwarding if distro feature x11 is set openssh: fix file permission for /etc/pam.d/sshd openssh: fix sshd key generation when systemd is in use and rootfs is readonly openssh: Upgrade 7.0p1 -> 7.1p1 openssh: build regression test binaries openssh: Upgrade 6.9p1 -> 7.0p1 openssh: Upgrade 6.8p1 -> 6.9p1 openssh: fix login fails for ssh -o Batchmode=yes with empty passwords openssh: Upgrade 6.7 - > 6.8 Revert "openssh: CVE-2015-6563 CVE-2015-6564 CVE-2015-6565" Signed-off-by: Marcel Ziswiler --- .../openssh/openssh/sshdgenkeys.service | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'recipes-connectivity/openssh/openssh/sshdgenkeys.service') diff --git a/recipes-connectivity/openssh/openssh/sshdgenkeys.service b/recipes-connectivity/openssh/openssh/sshdgenkeys.service index d65086f..148e6ad 100644 --- a/recipes-connectivity/openssh/openssh/sshdgenkeys.service +++ b/recipes-connectivity/openssh/openssh/sshdgenkeys.service @@ -1,11 +1,22 @@ [Unit] Description=OpenSSH Key Generation -ConditionPathExists=|!/etc/ssh/ssh_host_rsa_key -ConditionPathExists=|!/etc/ssh/ssh_host_dsa_key -ConditionPathExists=|!/etc/ssh/ssh_host_ecdsa_key -ConditionPathExists=|!/etc/ssh/ssh_host_ed25519_key +RequiresMountsFor=/var /run +ConditionPathExists=!/var/run/ssh/ssh_host_rsa_key +ConditionPathExists=!/var/run/ssh/ssh_host_dsa_key +ConditionPathExists=!/var/run/ssh/ssh_host_ecdsa_key +ConditionPathExists=!/var/run/ssh/ssh_host_ed25519_key +ConditionPathExists=!/etc/ssh/ssh_host_rsa_key +ConditionPathExists=!/etc/ssh/ssh_host_dsa_key +ConditionPathExists=!/etc/ssh/ssh_host_ecdsa_key +ConditionPathExists=!/etc/ssh/ssh_host_ed25519_key [Service] -ExecStart=@BINDIR@/ssh-keygen -A +Environment="SYSCONFDIR=/etc/ssh" +EnvironmentFile=-/etc/default/ssh +ExecStart=@BASE_BINDIR@/mkdir -p $SYSCONFDIR +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_rsa_key -N '' -t rsa +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_dsa_key -N '' -t dsa +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ecdsa_key -N '' -t ecdsa +ExecStart=@BINDIR@/ssh-keygen -q -f ${SYSCONFDIR}/ssh_host_ed25519_key -N '' -t ed25519 Type=oneshot RemainAfterExit=yes -- cgit v1.2.3