refresh the following patches for new version: 0001-urandom-xauth-changes-to-options.h.patch 0005-dropbear-enable-pam.patch dropbear-disable-weak-ciphers.patch
Changelog: https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82 Signed-off-by: Wang Mingyu <wan...@fujitsu.com> --- ...1-urandom-xauth-changes-to-options.h.patch | 8 ++++---- .../dropbear/0005-dropbear-enable-pam.patch | 13 ++++++------ .../dropbear-disable-weak-ciphers.patch | 20 ++++++++----------- .../recipes-core/dropbear/dropbear_2020.81.bb | 3 --- .../recipes-core/dropbear/dropbear_2022.82.bb | 3 +++ 5 files changed, 21 insertions(+), 26 deletions(-) delete mode 100644 meta/recipes-core/dropbear/dropbear_2020.81.bb create mode 100644 meta/recipes-core/dropbear/dropbear_2022.82.bb diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 684641dcbd..99adcfd770 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -6,10 +6,10 @@ Upstream-Status: Inappropriate [configuration] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default_options.h b/default_options.h -index 3b75eb8..1fd8082 100644 +index 349338c..5ffac25 100644 --- a/default_options.h +++ b/default_options.h -@@ -243,7 +243,7 @@ Homedir is prepended unless path begins with / */ +@@ -289,7 +289,7 @@ group1 in Dropbear server too */ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ @@ -17,7 +17,7 @@ index 3b75eb8..1fd8082 100644 +#define XAUTH_COMMAND "xauth -q" - /* if you want to enable running an sftp server (such as the one included with + /* If you want to enable running an sftp server (such as the one included with -- -1.7.11.7 +2.25.1 diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 857681520c..32c3ea5f08 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -15,10 +15,10 @@ Signed-off-by: Jussi Kukkonen <jussi.kukko...@intel.com> 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/default_options.h b/default_options.h -index 3b75eb8..8617cd0 100644 +index 0e3d027..349338c 100644 --- a/default_options.h +++ b/default_options.h -@@ -179,7 +179,7 @@ group1 in Dropbear server too */ +@@ -210,7 +210,7 @@ group1 in Dropbear server too */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ @@ -27,16 +27,15 @@ index 3b75eb8..8617cd0 100644 /* Note: PAM auth is quite simple and only works for PAM modules which just do * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). -@@ -187,7 +187,7 @@ group1 in Dropbear server too */ +@@ -218,7 +218,7 @@ group1 in Dropbear server too */ * but there's an interface via a PAM module. It won't work for more complex * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ -#define DROPBEAR_SVR_PAM_AUTH 0 +#define DROPBEAR_SVR_PAM_AUTH 1 - /* ~/.ssh/authorized_keys authentication */ - #define DROPBEAR_SVR_PUBKEY_AUTH 1 - + /* ~/.ssh/authorized_keys authentication. + * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ -- -2.1.4 +2.25.1 diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch index b54581f17a..5c60868ed8 100644 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch @@ -9,27 +9,23 @@ and we want to support the stong algorithms. Upstream-Status: Inappropriate [configuration] Signed-off-by: Joseph Reynolds <joseph.reynol...@ibm.com> - --- - default_options.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + default_options.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/default_options.h b/default_options.h -index 1aa2297..7ff1394 100644 +index d417588..bc5200f 100644 --- a/default_options.h +++ b/default_options.h -@@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */ +@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */ * Small systems should generally include either curve25519 or ecdh for performance. * curve25519 is less widely supported but is faster - */ + */ -#define DROPBEAR_DH_GROUP14_SHA1 1 +#define DROPBEAR_DH_GROUP14_SHA1 0 #define DROPBEAR_DH_GROUP14_SHA256 1 #define DROPBEAR_DH_GROUP16 0 #define DROPBEAR_CURVE25519 1 - #define DROPBEAR_ECDH 1 --#define DROPBEAR_DH_GROUP1 1 -+#define DROPBEAR_DH_GROUP1 0 - - /* When group1 is enabled it will only be allowed by Dropbear client - not as a server, due to concerns over its strength. Set to 0 to allow +-- +2.25.1 + diff --git a/meta/recipes-core/dropbear/dropbear_2020.81.bb b/meta/recipes-core/dropbear/dropbear_2020.81.bb deleted file mode 100644 index c7edea84f8..0000000000 --- a/meta/recipes-core/dropbear/dropbear_2020.81.bb +++ /dev/null @@ -1,3 +0,0 @@ -require dropbear.inc - -SRC_URI[sha256sum] = "48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b" diff --git a/meta/recipes-core/dropbear/dropbear_2022.82.bb b/meta/recipes-core/dropbear/dropbear_2022.82.bb new file mode 100644 index 0000000000..154a407a19 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear_2022.82.bb @@ -0,0 +1,3 @@ +require dropbear.inc + +SRC_URI[sha256sum] = "3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#164620): https://lists.openembedded.org/g/openembedded-core/message/164620 Mute This Topic: https://lists.openembedded.org/mt/90558560/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
