Refresh patches to openssh-8.4p1. Reference: http://pkgs.fedoraproject.org/cgit/rpms/openssh.git/plain/openssh-7.7p1-fips.patch (commit: fbd5f1bee2e2cdc7b1b47f4604b8347d8c3ed63f)
Signed-off-by: Yi Zhao <[email protected]> --- .../0001-conditional-enable-fips-mode.patch | 40 ++--- ...ps.patch => 0001-openssh-8.4p1-fips.patch} | 159 +++++++----------- recipes-connectivity/openssh/openssh_fips.inc | 2 +- 3 files changed, 80 insertions(+), 121 deletions(-) rename recipes-connectivity/openssh/openssh/{0001-openssh-8.2p1-fips.patch => 0001-openssh-8.4p1-fips.patch} (75%) diff --git a/recipes-connectivity/openssh/openssh/0001-conditional-enable-fips-mode.patch b/recipes-connectivity/openssh/openssh/0001-conditional-enable-fips-mode.patch index 942fda6..17c5967 100644 --- a/recipes-connectivity/openssh/openssh/0001-conditional-enable-fips-mode.patch +++ b/recipes-connectivity/openssh/openssh/0001-conditional-enable-fips-mode.patch @@ -1,4 +1,4 @@ -From ef6490841a73b4f71ca35e09328c6a8b0ad9dba9 Mon Sep 17 00:00:00 2001 +From 571b24129e3c3a84e38a59a32aa61fa40e04e1e2 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <[email protected]> Date: Sat, 21 Dec 2019 13:03:23 +0800 Subject: [PATCH] conditional enable fips mode @@ -44,10 +44,10 @@ index 06566d3..a10566d 100644 sanitise_stdfd(); diff --git a/sftp-server.c b/sftp-server.c -index 359204f..346255a 100644 +index 55386fa..8c1634e 100644 --- a/sftp-server.c +++ b/sftp-server.c -@@ -1576,6 +1576,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) +@@ -1577,6 +1577,7 @@ sftp_server_main(int argc, char **argv, struct passwd *user_pw) extern char *optarg; extern char *__progname; @@ -56,7 +56,7 @@ index 359204f..346255a 100644 log_init(__progname, log_level, log_facility, log_stderr); diff --git a/sftp.c b/sftp.c -index ff14d3c..a633200 100644 +index c88c861..171bc56 100644 --- a/sftp.c +++ b/sftp.c @@ -2390,6 +2390,7 @@ main(int argc, char **argv) @@ -68,10 +68,10 @@ index ff14d3c..a633200 100644 sanitise_stdfd(); msetlocale(); diff --git a/ssh-add.c b/ssh-add.c -index 8057eb1..19f3da2 100644 +index 936dc21..b7ac2d2 100644 --- a/ssh-add.c +++ b/ssh-add.c -@@ -628,6 +628,7 @@ main(int argc, char **argv) +@@ -671,6 +671,7 @@ main(int argc, char **argv) SyslogFacility log_facility = SYSLOG_FACILITY_AUTH; LogLevel log_level = SYSLOG_LEVEL_INFO; @@ -80,10 +80,10 @@ index 8057eb1..19f3da2 100644 sanitise_stdfd(); diff --git a/ssh-agent.c b/ssh-agent.c -index 7eb6f0d..1409044 100644 +index e1fd1f3..da49b57 100644 --- a/ssh-agent.c +++ b/ssh-agent.c -@@ -1196,6 +1196,7 @@ main(int ac, char **av) +@@ -1289,6 +1289,7 @@ main(int ac, char **av) size_t npfd = 0; u_int maxfds; @@ -92,10 +92,10 @@ index 7eb6f0d..1409044 100644 sanitise_stdfd(); diff --git a/ssh-keygen.c b/ssh-keygen.c -index feafe73..9b832f6 100644 +index cb8e569..67c7d62 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c -@@ -3140,6 +3140,7 @@ main(int argc, char **argv) +@@ -3184,6 +3184,7 @@ main(int argc, char **argv) extern int optind; extern char *optarg; @@ -104,10 +104,10 @@ index feafe73..9b832f6 100644 sanitise_stdfd(); diff --git a/ssh-keyscan.c b/ssh-keyscan.c -index a5e6440..e56a9d1 100644 +index ca19042..c667f2c 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c -@@ -675,6 +675,7 @@ main(int argc, char **argv) +@@ -667,6 +667,7 @@ main(int argc, char **argv) extern int optind; extern char *optarg; @@ -116,7 +116,7 @@ index a5e6440..e56a9d1 100644 seed_rng(); TAILQ_INIT(&tq); diff --git a/ssh-keysign.c b/ssh-keysign.c -index 3e3ea3e..4804c42 100644 +index 7991e0f..26a3bab 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -173,6 +173,7 @@ main(int argc, char **argv) @@ -128,7 +128,7 @@ index 3e3ea3e..4804c42 100644 fatal("%s: pledge: %s", __progname, strerror(errno)); diff --git a/ssh-pkcs11-helper.c b/ssh-pkcs11-helper.c -index 17220d6..1af0c2e 100644 +index d73e835..e508684 100644 --- a/ssh-pkcs11-helper.c +++ b/ssh-pkcs11-helper.c @@ -332,6 +332,7 @@ main(int argc, char **argv) @@ -140,22 +140,22 @@ index 17220d6..1af0c2e 100644 seed_rng(); TAILQ_INIT(&pkcs11_keylist); diff --git a/ssh.c b/ssh.c -index 49331fc..06836dd 100644 +index aabd5d3..81393f1 100644 --- a/ssh.c +++ b/ssh.c -@@ -606,6 +606,7 @@ main(int ac, char **av) - u_char conn_hash[SSH_DIGEST_MAX_LENGTH]; +@@ -660,6 +660,7 @@ main(int ac, char **av) size_t n, len; + u_int j; + ssh_enable_fips_mode(); /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); diff --git a/sshd.c b/sshd.c -index b86d682..304bf01 100644 +index 1f1fcc2..0f68419 100644 --- a/sshd.c +++ b/sshd.c -@@ -1514,6 +1514,7 @@ main(int ac, char **av) +@@ -1553,6 +1553,7 @@ main(int ac, char **av) Authctxt *authctxt; struct connection_info *connection_info = NULL; @@ -208,5 +208,5 @@ index abaf7ad..b3b1c8c 100644 __attribute__((__nonnull__ (2))); +void ssh_enable_fips_mode(void); -- -2.7.4 +2.17.1 diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.2p1-fips.patch b/recipes-connectivity/openssh/openssh/0001-openssh-8.4p1-fips.patch similarity index 75% rename from recipes-connectivity/openssh/openssh/0001-openssh-8.2p1-fips.patch rename to recipes-connectivity/openssh/openssh/0001-openssh-8.4p1-fips.patch index c1de130..48c18b4 100644 --- a/recipes-connectivity/openssh/openssh/0001-openssh-8.2p1-fips.patch +++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.4p1-fips.patch @@ -1,7 +1,7 @@ -From c51dd44e1c594ddeb3a27ae5d9be2899e4bf2ac6 Mon Sep 17 00:00:00 2001 +From 059b61a58b27c40fbb78b3930cdcf110ff717340 Mon Sep 17 00:00:00 2001 From: Hongxu Jia <[email protected]> Date: Sat, 21 Dec 2019 11:45:38 +0800 -Subject: [PATCH] openssh 8.2p1 fips +Subject: [PATCH] openssh 8.4p1 fips Port openssh-7.7p1-fips.patch from Fedora https://src.fedoraproject.org/rpms/openssh.git @@ -12,11 +12,17 @@ Upstream-Status: Inappropriate [oe specific] Signed-off-by: Hongxu Jia <[email protected]> Rebase to 8.2p1 +Signed-off-by: Yi Zhao <[email protected]> + +Rebase to 8.4p1 +Port openssh-7.7p1-fips.patch from Fedora +https://src.fedoraproject.org/rpms/openssh.git +(commit: fbd5f1bee2e2cdc7b1b47f4604b8347d8c3ed63f) + Signed-off-by: Yi Zhao <[email protected]> --- Makefile.in | 14 +++++++------- cipher-ctr.c | 3 ++- - clientloop.c | 2 +- dh.c | 40 ++++++++++++++++++++++++++++++++++++++++ dh.h | 1 + kex.c | 5 ++++- @@ -27,21 +33,20 @@ Signed-off-by: Yi Zhao <[email protected]> servconf.c | 15 ++++++++++----- ssh-keygen.c | 16 +++++++++++++++- ssh.c | 16 ++++++++++++++++ - sshconnect2.c | 8 ++++++-- sshd.c | 19 +++++++++++++++++++ sshkey.c | 4 ++++ - 16 files changed, 178 insertions(+), 23 deletions(-) + 14 files changed, 171 insertions(+), 20 deletions(-) diff --git a/Makefile.in b/Makefile.in -index e754947..57f94f4 100644 +index acfb919..5b2c397 100644 --- a/Makefile.in +++ b/Makefile.in -@@ -206,25 +206,25 @@ libssh.a: $(LIBSSH_OBJS) +@@ -204,25 +204,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) -- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS) -+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHLIBS) $(LIBS) $(GSSLIBS) +- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) ++ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) $(GSSLIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) @@ -68,7 +73,7 @@ index e754947..57f94f4 100644 ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(P11HELPER_OBJS) $(LD) -o $@ $(P11HELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -@@ -233,7 +233,7 @@ ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS) +@@ -231,7 +231,7 @@ ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS) $(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS) @@ -91,19 +96,6 @@ index 32771f2..74fac3b 100644 #endif return (&aes_ctr); } -diff --git a/clientloop.c b/clientloop.c -index ebd0dbc..b3e0c19 100644 ---- a/clientloop.c -+++ b/clientloop.c -@@ -2083,7 +2083,7 @@ static int - key_accepted_by_hostkeyalgs(const struct sshkey *key) - { - const char *ktype = sshkey_ssh_name(key); -- const char *hostkeyalgs = options.hostkeyalgorithms; -+ const char *hostkeyalgs = (FIPS_mode() ? KEX_FIPS_PK_ALG : options.hostkeyalgorithms); - - if (key == NULL || key->type == KEY_UNSPEC) - return 0; diff --git a/dh.c b/dh.c index 7cb135d..306f1bc 100644 --- a/dh.c @@ -173,7 +165,7 @@ index 5d6df62..54c7aa2 100644 u_int dh_estimate(int); diff --git a/kex.c b/kex.c -index ce85f04..9cc14de 100644 +index aecb939..3d5d3b0 100644 --- a/kex.c +++ b/kex.c @@ -163,7 +163,10 @@ kex_names_valid(const char *names) @@ -265,36 +257,36 @@ index 5312e60..d0accae 100644 #define SSH_ALLOWED_CA_SIGALGS \ "ecdsa-sha2-nistp256," \ diff --git a/readconf.c b/readconf.c -index f3cac6b..26b9a59 100644 +index 554efd7..16eda65 100644 --- a/readconf.c +++ b/readconf.c -@@ -2187,11 +2187,16 @@ fill_default_options(Options * options) +@@ -2255,11 +2255,16 @@ fill_default_options(Options * options) all_key = sshkey_alg_list(0, 0, 1, ','); all_sig = sshkey_alg_list(0, 1, 1, ','); /* remove unsupported algos from default lists */ -- def_cipher = match_filter_whitelist(KEX_CLIENT_ENCRYPT, all_cipher); -- def_mac = match_filter_whitelist(KEX_CLIENT_MAC, all_mac); -- def_kex = match_filter_whitelist(KEX_CLIENT_KEX, all_kex); -- def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); -- def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); -+ def_cipher = match_filter_whitelist((FIPS_mode() ? +- def_cipher = match_filter_allowlist(KEX_CLIENT_ENCRYPT, all_cipher); +- def_mac = match_filter_allowlist(KEX_CLIENT_MAC, all_mac); +- def_kex = match_filter_allowlist(KEX_CLIENT_KEX, all_kex); +- def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); +- def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); ++ def_cipher = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_ENCRYPT : KEX_CLIENT_ENCRYPT), all_cipher); -+ def_mac = match_filter_whitelist((FIPS_mode() ? ++ def_mac = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_MAC : KEX_CLIENT_MAC), all_mac); -+ def_kex = match_filter_whitelist((FIPS_mode() ? ++ def_kex = match_filter_allowlist((FIPS_mode() ? + KEX_DEFAULT_KEX_FIPS : KEX_CLIENT_KEX), all_kex); -+ def_key = match_filter_whitelist((FIPS_mode() ? ++ def_key = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG), all_key); -+ def_sig = match_filter_whitelist((FIPS_mode() ? ++ def_sig = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_PK_ALG : SSH_ALLOWED_CA_SIGALGS), all_sig); #define ASSEMBLE(what, defaults, all) \ do { \ if ((r = kex_assemble_names(&options->what, \ diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index f80981f..00702a7 100644 +index e0768c0..8971bba 100644 --- a/sandbox-seccomp-filter.c +++ b/sandbox-seccomp-filter.c -@@ -156,6 +156,9 @@ static const struct sock_filter preauth_insns[] = { +@@ -157,6 +157,9 @@ static const struct sock_filter preauth_insns[] = { #ifdef __NR_open SC_DENY(__NR_open, EACCES), #endif @@ -305,33 +297,33 @@ index f80981f..00702a7 100644 SC_DENY(__NR_openat, EACCES), #endif diff --git a/servconf.c b/servconf.c -index 70f5f73..815beaf 100644 +index f08e374..dbcee84 100644 --- a/servconf.c +++ b/servconf.c -@@ -212,11 +212,16 @@ assemble_algorithms(ServerOptions *o) +@@ -213,11 +213,16 @@ assemble_algorithms(ServerOptions *o) all_key = sshkey_alg_list(0, 0, 1, ','); all_sig = sshkey_alg_list(0, 1, 1, ','); /* remove unsupported algos from default lists */ -- def_cipher = match_filter_whitelist(KEX_SERVER_ENCRYPT, all_cipher); -- def_mac = match_filter_whitelist(KEX_SERVER_MAC, all_mac); -- def_kex = match_filter_whitelist(KEX_SERVER_KEX, all_kex); -- def_key = match_filter_whitelist(KEX_DEFAULT_PK_ALG, all_key); -- def_sig = match_filter_whitelist(SSH_ALLOWED_CA_SIGALGS, all_sig); -+ def_cipher = match_filter_whitelist((FIPS_mode() ? +- def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher); +- def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac); +- def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex); +- def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); +- def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); ++ def_cipher = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_ENCRYPT : KEX_SERVER_ENCRYPT), all_cipher); -+ def_mac = match_filter_whitelist((FIPS_mode() ? ++ def_mac = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_MAC : KEX_SERVER_MAC), all_mac); -+ def_kex = match_filter_whitelist((FIPS_mode() ? ++ def_kex = match_filter_allowlist((FIPS_mode() ? + KEX_DEFAULT_KEX_FIPS : KEX_SERVER_KEX), all_kex); -+ def_key = match_filter_whitelist((FIPS_mode() ? ++ def_key = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG), all_key); -+ def_sig = match_filter_whitelist((FIPS_mode() ? ++ def_sig = match_filter_allowlist((FIPS_mode() ? + KEX_FIPS_PK_ALG : SSH_ALLOWED_CA_SIGALGS), all_sig); #define ASSEMBLE(what, defaults, all) \ do { \ if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ diff --git a/ssh-keygen.c b/ssh-keygen.c -index 0d6ed1f..feafe73 100644 +index a12b79a..cb8e569 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -204,6 +204,12 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) @@ -347,7 +339,7 @@ index 0d6ed1f..feafe73 100644 switch (type) { case KEY_DSA: if (*bitsp != 1024) -@@ -1088,9 +1094,17 @@ do_gen_all_hostkeys(struct passwd *pw) +@@ -1094,9 +1100,17 @@ do_gen_all_hostkeys(struct passwd *pw) first = 1; printf("%s: generating new host keys: ", __progname); } @@ -364,10 +356,10 @@ index 0d6ed1f..feafe73 100644 fflush(stdout); - type = sshkey_type_from_name(key_types[i].key_type); if ((fd = mkstemp(prv_tmp)) == -1) { - error("Could not save your public key in %s: %s", + error("Could not save your private key in %s: %s", prv_tmp, strerror(errno)); diff --git a/ssh.c b/ssh.c -index 15aee56..49331fc 100644 +index f34ca0d..aabd5d3 100644 --- a/ssh.c +++ b/ssh.c @@ -77,6 +77,8 @@ @@ -379,7 +371,7 @@ index 15aee56..49331fc 100644 #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" -@@ -608,6 +610,16 @@ main(int ac, char **av) +@@ -662,6 +664,16 @@ main(int ac, char **av) sanitise_stdfd(); __progname = ssh_get_progname(av[0]); @@ -396,52 +388,19 @@ index 15aee56..49331fc 100644 #ifndef HAVE_SETPROCTITLE /* Prepare for later setproctitle emulation */ -@@ -622,6 +634,10 @@ main(int ac, char **av) - - seed_rng(); +@@ -1500,6 +1512,10 @@ main(int ac, char **av) + exit(0); + } + if (FIPS_mode()) { + logit("FIPS mode initialized"); + } + - /* - * Discard other fds that are hanging around. These can cause problem - * with backgrounded ssh processes started by ControlPersist. -diff --git a/sshconnect2.c b/sshconnect2.c -index af00fb3..639fc51 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -44,6 +44,8 @@ - #include <vis.h> - #endif - -+#include <openssl/crypto.h> -+ - #include "openbsd-compat/sys-queue.h" - - #include "xmalloc.h" -@@ -119,7 +121,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) - for (i = 0; i < options.num_system_hostfiles; i++) - load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); - -- oavail = avail = xstrdup(options.hostkeyalgorithms); -+ oavail = avail = xstrdup((FIPS_mode() -+ ? KEX_FIPS_PK_ALG : options.hostkeyalgorithms)); - maxlen = strlen(avail) + 1; - first = xmalloc(maxlen); - last = xmalloc(maxlen); -@@ -179,7 +182,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) - /* Expand or fill in HostkeyAlgorithms */ - all_key = sshkey_alg_list(0, 0, 1, ','); - if (kex_assemble_names(&options.hostkeyalgorithms, -- kex_default_pk_alg(), all_key) != 0) -+ (FIPS_mode() ? KEX_FIPS_PK_ALG : kex_default_pk_alg()), -+ all_key) != 0) - fatal("%s: kex_assemble_namelist", __func__); - free(all_key); - + /* Expand SecurityKeyProvider if it refers to an environment variable */ + if (options.sk_provider != NULL && *options.sk_provider == '$' && + strlen(options.sk_provider) > 1) { diff --git a/sshd.c b/sshd.c -index 5b9a0b5..b86d682 100644 +index 5af7986..1f1fcc2 100644 --- a/sshd.c +++ b/sshd.c @@ -66,6 +66,7 @@ @@ -461,7 +420,7 @@ index 5b9a0b5..b86d682 100644 #include "openbsd-compat/openssl-compat.h" #endif -@@ -1516,6 +1519,18 @@ main(int ac, char **av) +@@ -1555,6 +1558,18 @@ main(int ac, char **av) #endif __progname = ssh_get_progname(av[0]); @@ -480,7 +439,7 @@ index 5b9a0b5..b86d682 100644 /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ saved_argc = ac; rexec_argc = ac; -@@ -1990,6 +2005,10 @@ main(int ac, char **av) +@@ -2039,6 +2054,10 @@ main(int ac, char **av) /* Reinitialize the log (because of the fork above). */ log_init(__progname, options.log_level, options.log_facility, log_stderr); @@ -492,7 +451,7 @@ index 5b9a0b5..b86d682 100644 unmounted if desired. */ if (chdir("/") == -1) diff --git a/sshkey.c b/sshkey.c -index 57995ee..3fa4274 100644 +index ac451f1..4f72eab 100644 --- a/sshkey.c +++ b/sshkey.c @@ -34,6 +34,7 @@ @@ -511,7 +470,7 @@ index 57995ee..3fa4274 100644 #include "ssh-sk.h" #ifdef WITH_XMSS -@@ -1597,6 +1599,8 @@ rsa_generate_private_key(u_int bits, RSA **rsap) +@@ -1595,6 +1597,8 @@ rsa_generate_private_key(u_int bits, RSA **rsap) } if (!BN_set_word(f4, RSA_F4) || !RSA_generate_key_ex(private, bits, f4, NULL)) { @@ -521,5 +480,5 @@ index 57995ee..3fa4274 100644 goto out; } -- -2.7.4 +2.17.1 diff --git a/recipes-connectivity/openssh/openssh_fips.inc b/recipes-connectivity/openssh/openssh_fips.inc index c74532f..4fdb2aa 100644 --- a/recipes-connectivity/openssh/openssh_fips.inc +++ b/recipes-connectivity/openssh/openssh_fips.inc @@ -6,7 +6,7 @@ DEPENDS += " \ RRECOMMENDS_${PN}-sshd_remove = "rng-tools" SRC_URI += " \ - file://0001-openssh-8.2p1-fips.patch \ + file://0001-openssh-8.4p1-fips.patch \ file://0001-conditional-enable-fips-mode.patch \ file://openssh-6.6p1-ctr-cavstest.patch \ file://openssh-6.7p1-kdf-cavs.patch \ -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#53214): https://lists.yoctoproject.org/g/yocto/message/53214 Mute This Topic: https://lists.yoctoproject.org/mt/82280211/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
