| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset the following subtrees on thud HEAD:
poky: 87e3a9739d
meta-openembedded: 6094ae18c8
meta-security: 31dc4e7532
meta-raspberrypi: a48743dc36
meta-xilinx: c42016e2e6
Also re-apply backports that didn't make it into thud:
poky:
17726d0 systemd-systemctl-native: handle Install wildcards
meta-openembedded:
4321a5d libtinyxml2: update to 7.0.1
042f0a3 libcereal: Add native and nativesdk classes
e23284f libcereal: Allow empty package
030e8d4 rsyslog: curl-less build with fmhttp PACKAGECONFIG
179a1b9 gtest: update to 1.8.1
Squashed OpenBMC subtree compatibility updates:
meta-aspeed:
Brad Bishop (1):
aspeed: add yocto 2.6 compatibility
meta-ibm:
Brad Bishop (1):
ibm: prepare for yocto 2.6
meta-ingrasys:
Brad Bishop (1):
ingrasys: set layer compatibility to yocto 2.6
meta-openpower:
Brad Bishop (1):
openpower: set layer compatibility to yocto 2.6
meta-phosphor:
Brad Bishop (3):
phosphor: set layer compatibility to thud
phosphor: libgpg-error: drop patches
phosphor: react to fitimage artifact rename
Ed Tanous (4):
Dropbear: upgrade options for latest upgrade
yocto2.6: update openssl options
busybox: remove upstream watchdog patch
systemd: Rebase CONFIG_CGROUP_BPF patch
Change-Id: I7b1fe71cca880d0372a82d94b5fd785323e3a9e7
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Dropbear SSH client and server configuration is changed to not
accept the HMAC-MD5 algorithm when making connections.
The MD5 algorithm is no longer considered secure.
With this change, Dropbear supports the following MAC algorithms:
SHA1_HMAC, SHA2_256_HMAC, and SHA2_512_HMAC.
Note that Dropbear does not yet support HMAC-SHA3.
Tested:
$ ssh -m hmac-sha1-96 root@${bmc}
Unable to negotiate with ${bmc} port 22:
no matching MAC found.
Their offer: hmac-sha1,hmac-sha2-256,hmac-sha2-512
$ ssh root@${bmc} # worked
(From meta-phosphor rev: ec86af05553a7a66af68356cb2b4ec451d5bbf91)
Change-Id: Iba30c9f1ea66e2c72c75d16a16194ede808fe64a
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes the Dropbear SSH server configuration so it will not
accept medium-strength encryption ciphers including: CBC mode, MD5,
96-bit MAC, and triple DES.
The remaining ciphers include aes128-ctr and aes256-ctr. Dropbear
does not offer the arcfour cipher suite.
Note that Dropbear does not use a config file and instead uses
file options.h to control its features. This commit adds a
patch to disable the unwanted ciphers.
Tested:
On the qemu-based BMC:
ssh -c help 127.0.0.1
aes128-ctr,aes256-ctr
Before this change, the value was:
aes128-ctr,aes256-ctr,aes128-cbc,aes256-cbc,twofish256-cbc,
twofish-cbc,twofish128-cbc,3des-ctr,3des-cbc
Attempt to contact the BMC from host:
ssh -p 2222 -l root localhost # success
ssh -c aes128-cbc -p 2222 -l root localhost
Unable to negotiate with 127.0.0.1 port 2222: no matching cipher
found. Their offer: aes128-ctr,aes256-ctr
Before this change, the connection was successful.
Attempt to contact the BMC from older system:
ssh -V
OpenSSH_5.8p1, OpenSSL 0.9.8g 19 Oct 2007
ssh -p 2222 -l root ${BMC_IP_ADDR} # success
Resolves openbmc/openbmc#3186
(From meta-phosphor rev: 4ad7873e5dcd8475d48b6551002331a1efe4b2f1)
Change-Id: I5648a1602a3683afd9bd90ba62d8f6e4d9237506
Signed-off-by: Joseph Reynolds <jrey@us.ibm.com>
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|
|
Adopt a more conventional directory hierarchy. meta-phosphor is still
a _long_ way from suitable for hosting on yoctoproject.org but things
like this don't help.
(From meta-phosphor rev: 471cfcefa74b8c7ceb704cb670e6d915cf27c63b)
Change-Id: I3f106b2f6cdc6cec734be28a6090800546f362eb
Signed-off-by: Brad Bishop <bradleyb@fuzziesquirrel.com>
|