Actually, I'd rather have an 'upstream first' policy in this specific case. If the change is good and desirable, please work with the upstream to merge it there.
Alex 2018-09-13 18:00 GMT+02:00 Burton, Ross <ross.bur...@intel.com>: > This still can't be actually used, because dropbear won't be looking > in the recipe folder and nothing puts that file into the source tree. > Put a #error in it if you don't believe me. :) > > Ross > > On 12 September 2018 at 22:56, <joseph-reyno...@charter.net> wrote: >> This changes the Dropbear SSH server configuration so it will not >> accept medium-strength encryption ciphers including: CBC mode, MD5, >> 96-bit MAC, and triple DES. This is consistent with the default >> supported OpenSSH ciphers. >> >> Upstream-Status: Pending >> >> Signed-off-by: Joseph Reynolds <joseph-reyno...@charter.net> >> --- >> meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++ >> 1 file changed, 8 insertions(+) >> create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h >> >> diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h >> b/meta/recipes-core/dropbear/dropbear/localoptions.h >> new file mode 100644 >> index 0000000..ec48c26 >> --- /dev/null >> +++ b/meta/recipes-core/dropbear/dropbear/localoptions.h >> @@ -0,0 +1,8 @@ >> +/* Customize dropbear per default_options.h in the dropbear project */ >> + >> +/* Disable insecure ciphers */ >> +#define DROPBEAR_TWOFISH256 0 >> +#define DROPBEAR_TWOFISH128 0 >> +#define DROPBEAR_ENABLE_CBC_MODE 0 >> +#define DROPBEAR_SHA1_HMAC 0 >> +#define DROPBEAR_SHA1_96_HMAC 0 >> -- >> 1.8.3.1 >> >> >> -- >> _______________________________________________ >> Openembedded-core mailing list >> Openembedded-core@lists.openembedded.org >> http://lists.openembedded.org/mailman/listinfo/openembedded-core >> > -- > _______________________________________________ > Openembedded-core mailing list > Openembedded-core@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-core -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
