From patchwork Thu Mar 17 08:16:26 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harshal Gohel X-Patchwork-Id: 5380 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4036C433EF for ; Thu, 17 Mar 2022 08:16:36 +0000 (UTC) Received: from EUR02-AM5-obe.outbound.protection.outlook.com (EUR02-AM5-obe.outbound.protection.outlook.com [40.107.0.95]) by mx.groups.io with SMTP id smtpd.web10.7584.1647504995254024721 for ; Thu, 17 Mar 2022 01:16:36 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@philips.onmicrosoft.com header.s=selector2-philips-onmicrosoft-com header.b=HXgOH4JJ; spf=pass (domain: code1.emi.philips.com, ip: 40.107.0.95, mailfrom: harshalgohel@code1.emi.philips.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mPSj73t+IZ2Vjsr6jrZIzExumIyj2059bICqmToaKihVWaLGhzbaTi76eVY+a5UtCWZL9tPWc8U1lS2Ut2DSqWGxYQrkHsuW9XhA9nJamIKqeqFDmlCcmJWqWmi0z/ovfcajKWxjAkzknLLD2tmN13cx5VOFmXgrUR9G4bmdp3fGEysGmd+esJY8zYIAV+hSkA20Pm8ydT+lWePZX2/DQ+QyJvaC2CfC6M+DFBEG78mAs8SO88nOkoDyjamN7Qp13/t+nXGqzIitU8Wtk3hHms/1BRjtKi3EWYUJULNMOuRA6EM8B15Odxug+LajdrkOrL/je0qjO3CzJcz0Y0D8yQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=xh6is8ILXXMuQr7rwsVzH/QqpiACJr/TpgBcBQ751+Y=; b=FnbhNmzi2QdHOaBamObb3E9XK8+7kcICCpZPnfdLYtRgwlekLl86eUFhspWJDnpOnq+6H5xrGy3OGwFxMofOzfdsTpomnAqPgIN46XjOinPiVAdQImy+osZWc5Emz6D8rGY+VmJ/red4mUYHAKYYwG8swTxgR2NwV1VYavKGN8qAfcnAUyqUN/AWJAaGAD0vEo+uFZy8+M2bBRLuAfY5dAB31bZPFjcVUFLK7nqKABJLPAjHJxUHa0CWeEo0x8rSHy4SHjk4q38rFYfjRJeNbW4Si40rC/HOuDVXxYfrMBDvQr1Sj/YG2mX8Q92sOIwgwb+mVwLvAIeeG5mWZp4gXA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.136.170.117) smtp.rcpttodomain=lists.yoctoproject.org smtp.mailfrom=code1.emi.philips.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=code1.emi.philips.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Philips.onmicrosoft.com; s=selector2-Philips-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=xh6is8ILXXMuQr7rwsVzH/QqpiACJr/TpgBcBQ751+Y=; b=HXgOH4JJYp83EbHVV3Iv/kGrwdnyeDRKUUaV0XujNCgdku8x6kO3g/p/2v07dak1G2P6V4KO+XAdkPFL9cAZkzBBOjLKkqwZPqnaoFJZp2Vcqc5JTKpw/1UKkAYxNDUSd0o697IJvuyzvcGNbwc0NhYhLXJ5T7dhWLSGtDDDWqM= Received: from AM5PR1001CA0071.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:206:15::48) by AM0P122MB0146.EURP122.PROD.OUTLOOK.COM (2603:10a6:208:14c::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.30; Thu, 17 Mar 2022 08:16:31 +0000 Received: from VE1EUR01FT021.eop-EUR01.prod.protection.outlook.com (2603:10a6:206:15:cafe::b0) by AM5PR1001CA0071.outlook.office365.com (2603:10a6:206:15::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.22 via Frontend Transport; Thu, 17 Mar 2022 08:16:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.136.170.117) smtp.mailfrom=code1.emi.philips.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=code1.emi.philips.com; Received-SPF: Pass (protection.outlook.com: domain of code1.emi.philips.com designates 18.136.170.117 as permitted sender) receiver=protection.outlook.com; client-ip=18.136.170.117; helo=ext-asp1.smtp.philips.com; Received: from ext-asp1.smtp.philips.com (18.136.170.117) by VE1EUR01FT021.mail.protection.outlook.com (10.152.2.223) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.15 via Frontend Transport; Thu, 17 Mar 2022 08:16:30 +0000 Received: from smtprelay-asp1.philips.com ([161.92.84.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by ext-asp1.smtp.philips.com with ESMTP id Ul5HngUDVcz85Ul5onhaTf; Thu, 17 Mar 2022 08:02:44 +0000 Received: from localhost.localdomain ([161.85.17.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by smtprelay-asp1.philips.com with ESMTPA id UlItnVuqTpiPMUlJ8nARYS; Thu, 17 Mar 2022 08:16:30 +0000 X-CLAM-Verdict: legit X-CLAM-Score: ?? X-CLAM-Description: ?? From: Harshal Gohel To: yocto@lists.yoctoproject.org Subject: [meta-openssl102-fips][dunfell][PATCH 1/2] conf: Make layer compatible with dunfell Date: Thu, 17 Mar 2022 13:46:26 +0530 Message-ID: <20220317081627.82851-1-harshalgohel@code1.emi.philips.com> X-Mailer: git-send-email 2.25.1 Reply-To: harshaldhruvkumar.gohel@philips.com MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: e203ef05-8cf2-48e9-497c-08da07ee717a X-MS-TrafficTypeDiagnostic: AM0P122MB0146:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Vv+g9IeU6+fAqTYc1QVF8Rng0E/muRV7mY/Lq6G0ZjTaTq7qg3hHybDevRQ2OHYOL2j+ThIbRyoqYE45vq2JRzKgxC2fLX86MP/MuDiCE8mnHZdDT7dvD+S4Pb3lVUB9hH1z9H3u+4k8Bn/J2M4IGHYj/bgvOIEEf3l+B/fzJ+b6fMcBHo2cI1SfyEFl02ygcTG6S0oHX6igdboMk1BsV2+QyiGiBS+P4HAnmya/gpeq7o4Q1CERVFQyvkxNTb9t3Q7vltlmD72Mm2sOb740Pc0ucXGT+tidr5874vNUuvBSt2hUwyUbLAlfLf0XHZXYHYLQAtdl7eWXW418fxHKE0EAUFcVkZ6uD9Lqj9FOQFuLrvl8Ng2MmIzS7KxhICtC5xP6HStVkzqV0WIIy3Fa51G6OdS+s7x1Bv4CC5srdXE0zNqufdNK9jVbkQ0mdpBNQ5ebvpVUlsB2TAFjSneOiL44QnZK+ukn0Pr46ByYgeN9x2MQmIW+2AEboLTou+t+0fIZn9qwLBk3qytpnyu6e6X6CEagIbSeuzDZ+S1adviSNBw9SGTXZ9/iWVKaRGoKtNP/MK/g7id4OeHR2fuD2F/cbRWiqx+IntYi/3uOcgsRgHVRpt/qOR2dn5js8Mlt49+58TRAheuG4EKjbs5f6C2fs4ZRLuFKfq+omkeb9gyU+u5pvbMnBtk7mA2iCYjGOlRHlLV3vZzFxwNEv5RsBw== X-Forefront-Antispam-Report: CIP:18.136.170.117;CTRY:SG;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:ext-asp1.smtp.philips.com;PTR:ec2-18-136-170-117.ap-southeast-1.compute.amazonaws.com;CAT:NONE;SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(47076005)(6666004)(8936002)(36860700001)(5660300002)(2906002)(34020700004)(6916009)(4744005)(82960400001)(316002)(81166007)(356005)(83380400001)(336012)(82310400004)(2616005)(40460700003)(70206006)(70586007)(86362001)(1076003)(956004)(8676002)(186003)(26005)(508600001);DIR:OUT;SFP:1102; X-OriginatorOrg: code1.emi.philips.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2022 08:16:30.8860 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e203ef05-8cf2-48e9-497c-08da07ee717a X-MS-Exchange-CrossTenant-Id: 1a407a2d-7675-4d17-8692-b3ac285306e4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1a407a2d-7675-4d17-8692-b3ac285306e4;Ip=[18.136.170.117];Helo=[ext-asp1.smtp.philips.com] X-MS-Exchange-CrossTenant-AuthSource: VE1EUR01FT021.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P122MB0146 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Mar 2022 08:16:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/56472 From: Harshal Gohel Create branch "dunfell" from 634d497355f4169237b97a57a2f32486b0972167 --- conf/layer.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/layer.conf b/conf/layer.conf index 892cf79..fe6d6db 100644 --- a/conf/layer.conf +++ b/conf/layer.conf @@ -10,7 +10,7 @@ BBFILE_PRIORITY_meta-openssl-one-zero-two-fips = "5" LAYERVERSION_meta-openssl-one-zero-two-fips = "1" -LAYERSERIES_COMPAT_meta-openssl-one-zero-two-fips = "zeus" +LAYERSERIES_COMPAT_meta-openssl-one-zero-two-fips = "dunfell" LAYERPATH_meta-openssl-one-zero-two-fips = "${LAYERDIR}" From patchwork Thu Mar 17 08:16:27 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harshal Gohel X-Patchwork-Id: 5381 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 97890C433F5 for ; Thu, 17 Mar 2022 08:16:36 +0000 (UTC) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (EUR05-DB8-obe.outbound.protection.outlook.com [40.107.20.135]) by mx.groups.io with SMTP id smtpd.web09.7848.1647504995253089795 for ; Thu, 17 Mar 2022 01:16:36 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="body hash did not verify" header.i=@philips.onmicrosoft.com header.s=selector2-philips-onmicrosoft-com header.b=EvSg6J42; spf=pass (domain: code1.emi.philips.com, ip: 40.107.20.135, mailfrom: harshalgohel@code1.emi.philips.com) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wp1wDltlw1QruCIAKm+Wtw/0mkxLqH35zvdmR/jtEcrGfP1jfcmpF5FRdKFij0Y5gKJsTAuPXld6CaXzgNaXNc00ndJl8NTWk8tM2h8K+EFDFLCLHAp+vsoErAdJrK/hDD2Bwb2ELxBlQCjEO9pHzlKg3++5UOFhSf5YP0x46/4Cn6sx/nnbAettQo7zRqftO/1nYIzBJvRtfnctVHWajVKrLsiFz57rOI6ZbxunMyKS32lf3yBBgkL9UcHFRkg4uH3C5J2/7Dov9AMOSps2wzltUftuXxUkZQZoRgnR/KRfCJmb7IwHTW6hJTPV1Bdyxoj93WQmHrnVr7rvvV1N7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FlGI4xcDGMJ/aBB2QSHoiCWYa0o6Jy0PAzGkFc9J/ek=; b=IDlA2L69LkxDFHsqEa2S94FPvpKO27SnVzxe6dOGDFwrmACQJe2tCxLIt+JFufwn4ow7oBYmw4BdfyQnGEjECSVt2Xj1G2ArePSJ728bStJ1vf+8B032Il2hsjt4iYf/s+4SKO+X4gO67w/HzM1XCXFjyKr7eAfoRnvHPGzr3stc4jImqcSJmGWzrBeXVmmXFNRjWilKcARgu8KouloAnB/+X5xASouLnMYsP9vAnS32iRUjChPWDzcGFtF160Ajkp2T6JxWHmPu+pDw/fO9UVENV1OvoNSdR11c3fS1JdVoriDzElJROnWzmfJbNeplXdQTsDvri9ld6j/hxWE2aA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 18.136.170.117) smtp.rcpttodomain=lists.yoctoproject.org smtp.mailfrom=code1.emi.philips.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=code1.emi.philips.com; dkim=none (message not signed); arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Philips.onmicrosoft.com; s=selector2-Philips-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FlGI4xcDGMJ/aBB2QSHoiCWYa0o6Jy0PAzGkFc9J/ek=; b=EvSg6J42fpXVy1i0nvKIOC2/tnvo2JL8UFsTCEaFggKNc3n/Kt+lbrghGSo5K7iV1C8/2i7BASsTXsAuOz2TAuc9klMBPqG6/zjf0D+aIaAReHIfjoxbpNZvGK1NAo8KMrF06vxhhycbOlA4dYbEsCmSFOHQk2drqpx+9wwLc1w= Received: from DB3PR06CA0020.eurprd06.prod.outlook.com (2603:10a6:8:1::33) by VI1P122MB0190.EURP122.PROD.OUTLOOK.COM (2603:10a6:802:9a::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.29; Thu, 17 Mar 2022 08:16:31 +0000 Received: from DB5EUR01FT107.eop-EUR01.prod.protection.outlook.com (2603:10a6:8:1:cafe::52) by DB3PR06CA0020.outlook.office365.com (2603:10a6:8:1::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.14 via Frontend Transport; Thu, 17 Mar 2022 08:16:31 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 18.136.170.117) smtp.mailfrom=code1.emi.philips.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=code1.emi.philips.com; Received-SPF: Pass (protection.outlook.com: domain of code1.emi.philips.com designates 18.136.170.117 as permitted sender) receiver=protection.outlook.com; client-ip=18.136.170.117; helo=ext-asp1.smtp.philips.com; Received: from ext-asp1.smtp.philips.com (18.136.170.117) by DB5EUR01FT107.mail.protection.outlook.com (10.152.5.69) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.10 via Frontend Transport; Thu, 17 Mar 2022 08:16:30 +0000 Received: from smtprelay-asp1.philips.com ([161.92.84.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by ext-asp1.smtp.philips.com with ESMTP id Ul5HngUDWcz85Ul5pnhaTg; Thu, 17 Mar 2022 08:02:45 +0000 Received: from localhost.localdomain ([161.85.17.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 256/256 bits) (Client did not present a certificate) by smtprelay-asp1.philips.com with ESMTPA id UlItnVuqTpiPMUlJ8nARYU; Thu, 17 Mar 2022 08:16:30 +0000 X-CLAM-Verdict: legit X-CLAM-Score: ?? X-CLAM-Description: ?? From: Harshal Gohel To: yocto@lists.yoctoproject.org Subject: [meta-openssl102-fips][dunfell][PATCH 2/2] openssh: Adapt the patch for CVE-2020-14145 fix on poky/dunfell Date: Thu, 17 Mar 2022 13:46:27 +0530 Message-ID: <20220317081627.82851-2-harshalgohel@code1.emi.philips.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220317081627.82851-1-harshalgohel@code1.emi.philips.com> References: <20220317081627.82851-1-harshalgohel@code1.emi.philips.com> Reply-To: harshaldhruvkumar.gohel@philips.com MIME-Version: 1.0 X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0f8c6200-da72-4a85-28da-08da07ee7174 X-MS-TrafficTypeDiagnostic: VI1P122MB0190:EE_ X-Microsoft-Antispam-PRVS: X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: TW1VH57gSVvZky5qoctHMNFs3zPyYeun1O2QSxwb9MZhZLoDY0nhhCvN1umt/AIu2Zno1n0kVkTNXU+CKG5x0F6TtDmnRd8AZIOhHjyqwHLvLC2cL9HHTibwTZnlU9/fsHBNmSfbY6fBwd0+aib3IVmVL/zh6zlndke7W3yDYQvjoC/YfIbLFgiGFgOrMUm/bwKUcXrZp9OOLhpBlj1ol8eUQR1bvJC6U/uTDTjwsLlu5aDWKS6+ejpYXhG2cM5dYRNA7/cSYIKyUMtKjTto+HE7DZQ5Fruy67TnPENNe3+kRkx6wUFn1v+GFR+CSJFfSmMqZ2HT1pdMKxKdRXQ1hM9/a6RkZhEz/AlUOb/Ga/bQYjAWfSihQJdBFoRgf7NGjLq/qpFLqRHdZy1OW85i43ixPZRsxdmgSVex8KBvaBgYlhqxxxH3Zpw+E5f5XoEXzgbfDZTwEpnhnP8vlUp7EszNI4s+ztEuXbZe5cCwlj+M7bncfrAQLFFj61FLzxp6hUQDCNBSIobqXH8QshuKLjO5Wy0VhHEhnFTwTSFMSGnGaCPODaCqlNMy7cVZBRhGqyDlLrB0QA4b2mve2wf5q7nAbNNQdZFg9GwOMZHn0wYYwIJXH8goeo0M16IYzGcxopMhfRlhVLRfDyZX2VoVT35bP2qNIMsDVs9Mfy7GmDtOtILCqOfV4DqH8I2QudTdbvuJFSie1y3qulsC/wZZZw== X-Forefront-Antispam-Report: CIP:18.136.170.117;CTRY:SG;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:ext-asp1.smtp.philips.com;PTR:ec2-18-136-170-117.ap-southeast-1.compute.amazonaws.com;CAT:NONE;SFS:(13230001)(4636009)(46966006)(36840700001)(40470700004)(1076003)(82310400004)(2906002)(186003)(26005)(956004)(2616005)(36860700001)(34020700004)(356005)(336012)(83380400001)(81166007)(47076005)(5660300002)(70206006)(70586007)(8936002)(82960400001)(508600001)(6916009)(316002)(40460700003)(86362001)(8676002)(6666004);DIR:OUT;SFP:1102; X-OriginatorOrg: code1.emi.philips.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Mar 2022 08:16:30.8552 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0f8c6200-da72-4a85-28da-08da07ee7174 X-MS-Exchange-CrossTenant-Id: 1a407a2d-7675-4d17-8692-b3ac285306e4 X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=1a407a2d-7675-4d17-8692-b3ac285306e4;Ip=[18.136.170.117];Helo=[ext-asp1.smtp.philips.com] X-MS-Exchange-CrossTenant-AuthSource: DB5EUR01FT107.eop-EUR01.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1P122MB0190 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 17 Mar 2022 08:16:36 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/yocto/message/56473 From: Harshal Gohel openssh-8.2p1-fips.patch does not apply after CVE-2020-14145 patch introduced in (poky: f5882b194b58b6bbb06db511a2c3612f5d6430fd) CVE-2020-14145 added comments and introduced new code in sshconnect2.c This adaptation corrects diff offsets and replaces each occurance of `options.hostkeyalgorithms` with the FIPS_mode() conditional just as in original patch. --- .../openssh/0001-openssh-8.2p1-fips.patch | 31 ++++++++++++++----- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/recipes-connectivity/openssh/openssh/0001-openssh-8.2p1-fips.patch b/recipes-connectivity/openssh/openssh/0001-openssh-8.2p1-fips.patch index c1de130..5b8814d 100644 --- a/recipes-connectivity/openssh/openssh/0001-openssh-8.2p1-fips.patch +++ b/recipes-connectivity/openssh/openssh/0001-openssh-8.2p1-fips.patch @@ -27,10 +27,10 @@ Signed-off-by: Yi Zhao servconf.c | 15 ++++++++++----- ssh-keygen.c | 16 +++++++++++++++- ssh.c | 16 ++++++++++++++++ - sshconnect2.c | 8 ++++++-- + sshconnect2.c | 14 ++++++++++---- sshd.c | 19 +++++++++++++++++++ sshkey.c | 4 ++++ - 16 files changed, 178 insertions(+), 23 deletions(-) + 16 files changed, 182 insertions(+), 25 deletions(-) diff --git a/Makefile.in b/Makefile.in index e754947..57f94f4 100644 @@ -408,7 +408,7 @@ index 15aee56..49331fc 100644 * Discard other fds that are hanging around. These can cause problem * with backgrounded ssh processes started by ControlPersist. diff --git a/sshconnect2.c b/sshconnect2.c -index af00fb3..639fc51 100644 +index 5df94779..df3cd317 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -44,6 +44,8 @@ @@ -420,17 +420,34 @@ index af00fb3..639fc51 100644 #include "openbsd-compat/sys-queue.h" #include "xmalloc.h" -@@ -119,7 +121,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) - for (i = 0; i < options.num_system_hostfiles; i++) - load_hostkeys(hostkeys, hostname, options.system_hostfiles[i]); +@@ -139,12 +141,14 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + * certificate type, as sshconnect.c will downgrade certs to + * plain keys if necessary. + */ +- best = first_alg(options.hostkeyalgorithms); ++ best = first_alg(FIPS_mode() ++ ? KEX_FIPS_PK_ALG : options.hostkeyalgorithms); + if (lookup_key_in_hostkeys_by_type(hostkeys, + sshkey_type_plain(sshkey_type_from_name(best)), NULL)) { + debug3("%s: have matching best-preference key type %s, " + "using HostkeyAlgorithms verbatim", __func__, best); +- ret = xstrdup(options.hostkeyalgorithms); ++ ret = xstrdup(FIPS_mode() ++ ? KEX_FIPS_PK_ALG : options.hostkeyalgorithms); + goto out; + } +@@ -152,7 +156,8 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port) + * Otherwise, prefer the host key algorithms that match known keys + * while keeping the ordering of HostkeyAlgorithms as much as possible. + */ - oavail = avail = xstrdup(options.hostkeyalgorithms); + oavail = avail = xstrdup((FIPS_mode() + ? KEX_FIPS_PK_ALG : options.hostkeyalgorithms)); maxlen = strlen(avail) + 1; first = xmalloc(maxlen); last = xmalloc(maxlen); -@@ -179,7 +182,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) +@@ -214,7 +219,8 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) /* Expand or fill in HostkeyAlgorithms */ all_key = sshkey_alg_list(0, 0, 1, ','); if (kex_assemble_names(&options.hostkeyalgorithms,