poky: subtree update:a35bf0e5d3..b66b9f7548
backport:
meson 0.54.2: backport upstream patch for boost libs
Adrian Bunk (1):
libubootenv: Remove the DEPENDS on mtd-utils
Alex Kiernan (2):
openssh: Upgrade 8.2p1 -> 8.3p1
systemd: upgrade v245.5 -> v245.6
Alexander Kanavin (68):
btrfs-tools: upgrade 5.4.1 -> 5.6.1
build-compare: upgrade to latest revision
ccache: upgrade 3.7.7 -> 3.7.9
createrepo-c: upgrade 0.15.7 -> 0.15.10
dpkg: upgrade 1.19.7 -> 1.20.0
librepo: upgrade 1.11.2 -> 1.11.3
python3-numpy: upgrade 1.18.3 -> 1.18.4
python3-cython: upgrade 0.29.16 -> 0.29.19
python3-gitdb: upgrade 4.0.4 -> 4.0.5
python3-mako: upgrade 1.1.1 -> 1.1.3
python3-pygments: upgrade 2.5.2 -> 2.6.1
python3-smmap: upgrade 2.0.5 -> 3.0.4
python3-subunit: upgrade 1.3.0 -> 1.4.0
python3-testtools: upgrade 2.3.0 -> 2.4.0
python3: upgrade 3.8.2 -> 3.8.3
strace: upgrade 5.5 -> 5.6
vala: upgrade 0.46.6 -> 0.48.6
cups: upgrade 2.3.1 -> 2.3.3
gawk: upgrade 5.0.1 -> 5.1.0
libsolv: upgrade 0.7.10 -> 0.7.14
man-pages: upgrade 5.05 -> 5.06
msmtp: upgrade 1.8.8 -> 1.8.10
stress-ng: upgrade 0.11.01 -> 0.11.12
stress-ng: mark as incompatible with musl
sudo: upgrade 1.8.31 -> 1.9.0
adwaita-icon-theme: upgrade 3.34.3 -> 3.36.1
gtk+3: upgrade 3.24.14 -> 3.24.20
cogl-1.0: upgrade 1.22.4 -> 1.22.6
mesa: upgrade 20.0.2 -> 20.0.7
mesa: merge the .bb content into .inc
piglit: upgrade to latest revision
waffle: upgrade 1.6.0 -> 1.6.1
pixman: upgrade 0.38.4 -> 0.40.0
kmod: upgrade 26 -> 27
powertop: upgrade 2.10 -> 2.12
alsa-plugins: upgrade 1.2.1 -> 1.2.2
alsa-tools: upgrade 1.1.7 -> 1.2.2
alsa-utils: split the content into .inc
alsa-topology/ucm-conf: update to 1.2.2
x264: upgrade to latest revision
puzzles: upgrade to latest revision
libcap: upgrade 2.33 -> 2.34
libical: upgrade 3.0.7 -> 3.0.8
libunwind: upgrade 1.3.1 -> 1.4.0
rng-tools: upgrade 6.9 -> 6.10
babeltrace: correct the git SRC_URI
libexif: update to 0.6.22
ppp: update 2.4.7 -> 2.4.8
gettext: update 0.20.1 -> 0.20.2
ptest-runner: fix upstream version check
automake: 1.16.1 -> 1.16.2
bison: 3.5.4 -> 3.6.2
cmake: update 3.16.5 -> 3.17.3
gnu-config: update to latest revision
jquery: update to 3.5.1
json-c: update 0.13.1 - > 0.14
libmodulemd: update 2.9.2 -> 2.9.4
meson: upgrade 0.53.2 -> 0.54.2
shared-mime-info: fix upstream version check
mpg123: fix upstream version check
ethtool: upgrade 5.4 -> 5.6
libcpre2: update 10.34 -> 10.35
help2man-native: update to 1.47.15
apt: update to 1.8.2.1
asciidoc: bump PV to 8.6.10
pulseaudio: exclude pre-releases from version checks
xinetd: switch to a maintained opensuse fork
lz4: disable static library
Andreas Müller (1):
vte: Pack ${libexecdir}/vte-urlencode-cwd to vte-prompt
Anuj Mittal (1):
linux-yocto: bump genericx86 kernel version to v5.4.40
Bruce Ashfield (5):
linux-yocto/5.4: update to v5.4.42
linux-yocto-rt/5.4: update to rt24
linux-yocto/5.4: temporarily revert IKHEADERS in standard kernels
linux-yocto: gather reproducibility configs into a fragment
linux-yocto/5.4: update to v5.4.43
Christian Eggers (2):
librsvg: Extend for nativesdk
tiff: Extend for nativesdk
Hongxu Jia (1):
rpm: fix rpm -Kv xxx.rpm failed if signature header is larger than 64KB
Jacob Kroon (1):
bitbake: doc: More explanation to tasks that recursively depend on themselves
Jan Luebbe (1):
classes/buildhistory: capture package config
Jens Rehsack (2):
initscripts/init-system-helpers: fix mountnfs.sh dependency
init-system-helpers: avoid superfluous update-rc.d
Joshua Watt (2):
layer.conf: Bump OE-Core layer version
wic: Add --offset argument for partitions
Junling Zheng (3):
buildstats.bbclass: Remove useless variables
buildstats.bbclass: Do not recalculate build start time
security_flags: Remove stack protector flag from LDFLAGS
Kai Kang (1):
bitbake: bitbake-user-manual-metadata.xml: fix a minor error
Khem Raj (4):
make-mod-scripts: Fix a rare build race condition
go-1.14: Update to 1.14.3 minor release
armv8/tunes: Set TUNE_PKGARCH_64 based on ARMPKGARCH
ltp: Disable sigwaitinfo tests relying on undefined behavior
Konrad Weihmann (8):
qemurunner: fix ip fallback detection
sysfsutils: rem leftover settings for libsysfs-dev
debianutils: whitespace fixes
libjpeg-turbo: whitespace fixes
cairo: remove trailing whitespace
gtk-doc: remove trailing whitespace
libxt: fix whitespaces
cogl: point to correct HOMEPAGE
Lee Chee Yang (4):
re2c: fix CVE-2020-11958
bind: fix CVE-2020-8616/7
glib-2.0: 2.64.2 -> 2.64.3
glib-networking: 2.64.2 -> 2.64.3
Marco Felsch (1):
util-linux: alternatify rtcwake
Mark Hatle (1):
sstate.bbclass: When siginfo or sig files are missing, stop fetcher errors
Martin Jansa (6):
devtool: use -f and don't use --exclude-standard when adding files to workspace
meta-selftest: add test of .gitignore in tarball
lib/oe/patch: prevent applying patches without any subject
lib/oe/patch: GitApplyTree: save 1 echo in commit-msg hook
Revert "lib/oe/patch: fix handling of patches with no header"
meta-selftest: add test for .patch file with long filename and without subject
Mauro Queirós (3):
bitbake: git.py: skip smudging if lfs=0 is set
bitbake: git.py: LFS bitbake note should not be printed if need_lfs is not set.
bitbake: git.py: Use the correct branch to check if the repository has LFS objects.
Ming Liu (2):
u-boot.inc: fix some inconsistent coding style
u-boot: introduce UBOOT_INITIAL_ENV
Paul Barker (5):
archiver: Fix test case for srpm archiver mode
oe-selftest: Allow overriding the build directory used for tests
oe-selftest: Support verbose log output
oe-selftest: Recursively patch test case paths
bitbake: fetch2: Add the ability to list expanded URL data
Peter Kjellerstedt (1):
cairo: Do not try to remove nonexistent directories
Pierre-Jean Texier (1):
diffoscope: upgrade 144 -> 146
Ralph Siemsen (1):
cve-check: include epoch in product version output
Richard Purdie (7):
lib/classextend: Drop unneeded comment
poky.ent: Update UBUNTU_HOST_PACKAGES_ESSENTIAL to match recent changes
maintainers: Update Ross' email address
logrotate: Drop obsolete setting/comment
oeqa/targetcontrol: Rework exception handling to avoid warnings
patchelf: Add patch to address corrupt shared library issue
poky.ent: Update XXX_HOST_PACKAGES_ESSENTIAL to include mesa for other distros
Robert P. J. Day (1):
bitbake.conf: Remove unused DEPLOY_DIR_TOOLS variable
Tim Orling (1):
bitbake: toaster-requirements.txt: require Django 2.2
Trevor Gamblin (1):
qemuarm: check serial consoles vs /proc/consoles
Wang Mingyu (13):
less: upgrade 551 -> 562
liburcu: upgrade 0.12.0 -> 0.12.1
alsa-lib: upgrade 1.2.1.2 -> 1.2.2
alsa-utils: upgrade 1.2.1 -> 1.2.2
python3-six: upgrade 1.14.0 -> 1.15.0
util-linux: upgrade 2.35.1 -> 2.35.2
xf86-input-libinput: upgrade 0.29.0 -> 0.30.0
ca-certificates: upgrade 20190110 -> 20200601
dbus: upgrade 1.12.16 -> 1.12.18
libyaml: upgrade 0.2.4 -> 0.2.5
sqlite: upgrade 3.31.1 -> 3.32.1
valgrind: upgrade 3.15.0 -> 3.16.0
dbus-test: upgrade 1.12.16 -> 1.12.18
akuster (2):
poky.ent: Update OPENSUSE_HOST_PACKAGES_ESSENTIAL to include mesa-dri-devel
yocto-docs: Add SPDX headers in scripts and Makefile
hongxu (1):
core-image-minimal-initramfs: keep restriction with initramfs-module-install
zangrc (3):
python3-pycairo:upgrade 1.19.0 -> 1.19.1
python3-pygobject:upgrade 3.34.0 -> 3.36.1
python3-setuptools:upgrade 45.2.0 -> 47.1.1
zhengruoqin (2):
gdb: upgrade 9.1 -> 9.2
libyaml: upgrade 0.2.2 -> 0.2.4
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I60e616be0c30904f8cfc947089ed2e4f5e84bc60
diff --git a/poky/meta/recipes-connectivity/openssh/openssh_8.3p1.bb b/poky/meta/recipes-connectivity/openssh/openssh_8.3p1.bb
new file mode 100644
index 0000000..fad3218
--- /dev/null
+++ b/poky/meta/recipes-connectivity/openssh/openssh_8.3p1.bb
@@ -0,0 +1,169 @@
+SUMMARY = "A suite of security-related network utilities based on \
+the SSH protocol including the ssh client and sshd server"
+DESCRIPTION = "Secure rlogin/rsh/rcp/telnet replacement (OpenSSH) \
+Ssh (Secure Shell) is a program for logging into a remote machine \
+and for executing commands on a remote machine."
+HOMEPAGE = "http://www.openssh.com/"
+SECTION = "console/network"
+LICENSE = "BSD & ISC & MIT"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=18d9e5a8b3dd1790d73502f50426d4d3"
+
+DEPENDS = "zlib openssl virtual/crypt"
+DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+
+SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz \
+ file://sshd_config \
+ file://ssh_config \
+ file://init \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+ file://sshd.socket \
+ file://sshd@.service \
+ file://sshdgenkeys.service \
+ file://volatiles.99_sshd \
+ file://run-ptest \
+ file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
+ file://sshd_check_keys \
+ file://add-test-support-for-busybox.patch \
+ "
+SRC_URI[sha256sum] = "f2befbe0472fe7eb75d23340eb17531cb6b3aac24075e2066b41f814e12387b2"
+
+PAM_SRC_URI = "file://sshd"
+
+inherit manpages useradd update-rc.d update-alternatives systemd
+
+USERADD_PACKAGES = "${PN}-sshd"
+USERADD_PARAM_${PN}-sshd = "--system --no-create-home --home-dir /var/run/sshd --shell /bin/false --user-group sshd"
+INITSCRIPT_PACKAGES = "${PN}-sshd"
+INITSCRIPT_NAME_${PN}-sshd = "sshd"
+INITSCRIPT_PARAMS_${PN}-sshd = "defaults 9"
+
+SYSTEMD_PACKAGES = "${PN}-sshd"
+SYSTEMD_SERVICE_${PN}-sshd = "sshd.socket"
+
+inherit autotools-brokensep ptest
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[kerberos] = "--with-kerberos5,--without-kerberos5,krb5"
+PACKAGECONFIG[ldns] = "--with-ldns,--without-ldns,ldns"
+PACKAGECONFIG[libedit] = "--with-libedit,--without-libedit,libedit"
+PACKAGECONFIG[manpages] = "--with-mantype=man,--with-mantype=cat"
+
+EXTRA_AUTORECONF += "--exclude=aclocal"
+
+# login path is hardcoded in sshd
+EXTRA_OECONF = "'LOGIN_PROGRAM=${base_bindir}/login' \
+ ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--with-pam', '--without-pam', d)} \
+ --without-zlib-version-check \
+ --with-privsep-path=${localstatedir}/run/sshd \
+ --sysconfdir=${sysconfdir}/ssh \
+ --with-xauth=${bindir}/xauth \
+ --disable-strip \
+ "
+
+# musl doesn't implement wtmp/utmp
+EXTRA_OECONF_append_libc-musl = " --disable-wtmp"
+
+# Since we do not depend on libbsd, we do not want configure to use it
+# just because it finds libutil.h. But, specifying --disable-libutil
+# causes compile errors, so...
+CACHED_CONFIGUREVARS += "ac_cv_header_bsd_libutil_h=no ac_cv_header_libutil_h=no"
+
+# passwd path is hardcoded in sshd
+CACHED_CONFIGUREVARS += "ac_cv_path_PATH_PASSWD_PROG=${bindir}/passwd"
+
+# We don't want to depend on libblockfile
+CACHED_CONFIGUREVARS += "ac_cv_header_maillock_h=no"
+
+do_configure_prepend () {
+ export LD="${CC}"
+ install -m 0644 ${WORKDIR}/sshd_config ${B}/
+ install -m 0644 ${WORKDIR}/ssh_config ${B}/
+}
+
+do_compile_ptest() {
+ # skip regress/unittests/ binaries: this will silently skip
+ # unittests in run-ptests which is good because they are so slow.
+ oe_runmake regress/modpipe regress/setuid-allowed regress/netcat \
+ regress/check-perm regress/mkdtemp
+}
+
+do_install_append () {
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}" ]; then
+ install -D -m 0644 ${WORKDIR}/sshd ${D}${sysconfdir}/pam.d/sshd
+ sed -i -e 's:#UsePAM no:UsePAM yes:' ${D}${sysconfdir}/ssh/sshd_config
+ fi
+
+ if [ "${@bb.utils.filter('DISTRO_FEATURES', 'x11', d)}" ]; then
+ sed -i -e 's:#X11Forwarding no:X11Forwarding yes:' ${D}${sysconfdir}/ssh/sshd_config
+ fi
+
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/sshd
+ rm -f ${D}${bindir}/slogin ${D}${datadir}/Ssh.bin
+ rmdir ${D}${localstatedir}/run/sshd ${D}${localstatedir}/run ${D}${localstatedir}
+ install -d ${D}/${sysconfdir}/default/volatiles
+ install -m 644 ${WORKDIR}/volatiles.99_sshd ${D}/${sysconfdir}/default/volatiles/99_sshd
+ install -m 0755 ${S}/contrib/ssh-copy-id ${D}${bindir}
+
+ # Create config files for read-only rootfs
+ install -d ${D}${sysconfdir}/ssh
+ install -m 644 ${D}${sysconfdir}/ssh/sshd_config ${D}${sysconfdir}/ssh/sshd_config_readonly
+ sed -i '/HostKey/d' ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_rsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_ecdsa_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+ echo "HostKey /var/run/ssh/ssh_host_ed25519_key" >> ${D}${sysconfdir}/ssh/sshd_config_readonly
+
+ install -d ${D}${systemd_unitdir}/system
+ install -c -m 0644 ${WORKDIR}/sshd.socket ${D}${systemd_unitdir}/system
+ install -c -m 0644 ${WORKDIR}/sshd@.service ${D}${systemd_unitdir}/system
+ install -c -m 0644 ${WORKDIR}/sshdgenkeys.service ${D}${systemd_unitdir}/system
+ sed -i -e 's,@BASE_BINDIR@,${base_bindir},g' \
+ -e 's,@SBINDIR@,${sbindir},g' \
+ -e 's,@BINDIR@,${bindir},g' \
+ -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${systemd_unitdir}/system/sshd.socket ${D}${systemd_unitdir}/system/*.service
+
+ sed -i -e 's,@LIBEXECDIR@,${libexecdir}/${BPN},g' \
+ ${D}${sysconfdir}/init.d/sshd
+
+ install -D -m 0755 ${WORKDIR}/sshd_check_keys ${D}${libexecdir}/${BPN}/sshd_check_keys
+}
+
+do_install_ptest () {
+ sed -i -e "s|^SFTPSERVER=.*|SFTPSERVER=${libexecdir}/sftp-server|" regress/test-exec.sh
+ cp -r regress ${D}${PTEST_PATH}
+}
+
+ALLOW_EMPTY_${PN} = "1"
+
+PACKAGES =+ "${PN}-keygen ${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-sftp ${PN}-misc ${PN}-sftp-server"
+FILES_${PN}-scp = "${bindir}/scp.${BPN}"
+FILES_${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
+FILES_${PN}-sshd = "${sbindir}/sshd ${sysconfdir}/init.d/sshd ${systemd_unitdir}/system"
+FILES_${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
+FILES_${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
+FILES_${PN}-sftp = "${bindir}/sftp"
+FILES_${PN}-sftp-server = "${libexecdir}/sftp-server"
+FILES_${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"
+FILES_${PN}-keygen = "${bindir}/ssh-keygen"
+
+RDEPENDS_${PN} += "${PN}-scp ${PN}-ssh ${PN}-sshd ${PN}-keygen"
+RDEPENDS_${PN}-sshd += "${PN}-keygen ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-keyinit pam-plugin-loginuid', '', d)}"
+RRECOMMENDS_${PN}-sshd_append_class-target = " rng-tools"
+# gdb would make attach-ptrace test pass rather than skip but not worth the build dependencies
+RDEPENDS_${PN}-ptest += "${PN}-sftp ${PN}-misc ${PN}-sftp-server make sed sudo coreutils"
+
+RPROVIDES_${PN}-ssh = "ssh"
+RPROVIDES_${PN}-sshd = "sshd"
+
+RCONFLICTS_${PN} = "dropbear"
+RCONFLICTS_${PN}-sshd = "dropbear"
+
+CONFFILES_${PN}-sshd = "${sysconfdir}/ssh/sshd_config"
+CONFFILES_${PN}-ssh = "${sysconfdir}/ssh/ssh_config"
+
+ALTERNATIVE_PRIORITY = "90"
+ALTERNATIVE_${PN}-scp = "scp"
+ALTERNATIVE_${PN}-ssh = "ssh"
+
+BBCLASSEXTEND += "nativesdk"