diff options
author | wangmy <wangmy@fujitsu.com> | 2022-04-19 18:31:18 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2022-04-20 13:13:59 +0100 |
commit | a4df7ceead5532310a88b0f7b524b32c2dcb6a6b (patch) | |
tree | 6b698d727535ace4e470d0c217a7622351cac03d | |
parent | 41984559c8fa392d7311722a72f2fa2f19ea3065 (diff) | |
download | poky-a4df7ceead5532310a88b0f7b524b32c2dcb6a6b.tar.gz |
dropbear: upgrade 2020.81 -> 2022.82
refresh the following patches for new version:
0001-urandom-xauth-changes-to-options.h.patch
0005-dropbear-enable-pam.patch
dropbear-disable-weak-ciphers.patch
Changelog:
https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82
(From OE-Core rev: d5f9c44ede9babd0f48306cfefe4a16065e8ea30)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
5 files changed, 21 insertions, 26 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 684641dcbd..99adcfd770 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch | |||
@@ -6,10 +6,10 @@ Upstream-Status: Inappropriate [configuration] | |||
6 | 1 file changed, 1 insertion(+), 1 deletion(-) | 6 | 1 file changed, 1 insertion(+), 1 deletion(-) |
7 | 7 | ||
8 | diff --git a/default_options.h b/default_options.h | 8 | diff --git a/default_options.h b/default_options.h |
9 | index 3b75eb8..1fd8082 100644 | 9 | index 349338c..5ffac25 100644 |
10 | --- a/default_options.h | 10 | --- a/default_options.h |
11 | +++ b/default_options.h | 11 | +++ b/default_options.h |
12 | @@ -243,7 +243,7 @@ Homedir is prepended unless path begins with / */ | 12 | @@ -289,7 +289,7 @@ group1 in Dropbear server too */ |
13 | 13 | ||
14 | /* The command to invoke for xauth when using X11 forwarding. | 14 | /* The command to invoke for xauth when using X11 forwarding. |
15 | * "-q" for quiet */ | 15 | * "-q" for quiet */ |
@@ -17,7 +17,7 @@ index 3b75eb8..1fd8082 100644 | |||
17 | +#define XAUTH_COMMAND "xauth -q" | 17 | +#define XAUTH_COMMAND "xauth -q" |
18 | 18 | ||
19 | 19 | ||
20 | /* if you want to enable running an sftp server (such as the one included with | 20 | /* If you want to enable running an sftp server (such as the one included with |
21 | -- | 21 | -- |
22 | 1.7.11.7 | 22 | 2.25.1 |
23 | 23 | ||
diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 857681520c..32c3ea5f08 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch | |||
@@ -15,10 +15,10 @@ Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> | |||
15 | 1 file changed, 2 insertions(+), 2 deletions(-) | 15 | 1 file changed, 2 insertions(+), 2 deletions(-) |
16 | 16 | ||
17 | diff --git a/default_options.h b/default_options.h | 17 | diff --git a/default_options.h b/default_options.h |
18 | index 3b75eb8..8617cd0 100644 | 18 | index 0e3d027..349338c 100644 |
19 | --- a/default_options.h | 19 | --- a/default_options.h |
20 | +++ b/default_options.h | 20 | +++ b/default_options.h |
21 | @@ -179,7 +179,7 @@ group1 in Dropbear server too */ | 21 | @@ -210,7 +210,7 @@ group1 in Dropbear server too */ |
22 | 22 | ||
23 | /* Authentication Types - at least one required. | 23 | /* Authentication Types - at least one required. |
24 | RFC Draft requires pubkey auth, and recommends password */ | 24 | RFC Draft requires pubkey auth, and recommends password */ |
@@ -27,16 +27,15 @@ index 3b75eb8..8617cd0 100644 | |||
27 | 27 | ||
28 | /* Note: PAM auth is quite simple and only works for PAM modules which just do | 28 | /* Note: PAM auth is quite simple and only works for PAM modules which just do |
29 | * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). | 29 | * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). |
30 | @@ -187,7 +187,7 @@ group1 in Dropbear server too */ | 30 | @@ -218,7 +218,7 @@ group1 in Dropbear server too */ |
31 | * but there's an interface via a PAM module. It won't work for more complex | 31 | * but there's an interface via a PAM module. It won't work for more complex |
32 | * PAM challenge/response. | 32 | * PAM challenge/response. |
33 | * You can't enable both PASSWORD and PAM. */ | 33 | * You can't enable both PASSWORD and PAM. */ |
34 | -#define DROPBEAR_SVR_PAM_AUTH 0 | 34 | -#define DROPBEAR_SVR_PAM_AUTH 0 |
35 | +#define DROPBEAR_SVR_PAM_AUTH 1 | 35 | +#define DROPBEAR_SVR_PAM_AUTH 1 |
36 | 36 | ||
37 | /* ~/.ssh/authorized_keys authentication */ | 37 | /* ~/.ssh/authorized_keys authentication. |
38 | #define DROPBEAR_SVR_PUBKEY_AUTH 1 | 38 | * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ |
39 | |||
40 | -- | 39 | -- |
41 | 2.1.4 | 40 | 2.25.1 |
42 | 41 | ||
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch index b54581f17a..5c60868ed8 100644 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch | |||
@@ -9,27 +9,23 @@ and we want to support the stong algorithms. | |||
9 | 9 | ||
10 | Upstream-Status: Inappropriate [configuration] | 10 | Upstream-Status: Inappropriate [configuration] |
11 | Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com> | 11 | Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com> |
12 | |||
13 | --- | 12 | --- |
14 | default_options.h | 4 ++-- | 13 | default_options.h | 2 +- |
15 | 1 file changed, 2 insertions(+), 2 deletions(-) | 14 | 1 file changed, 1 insertion(+), 1 deletion(-) |
16 | 15 | ||
17 | diff --git a/default_options.h b/default_options.h | 16 | diff --git a/default_options.h b/default_options.h |
18 | index 1aa2297..7ff1394 100644 | 17 | index d417588..bc5200f 100644 |
19 | --- a/default_options.h | 18 | --- a/default_options.h |
20 | +++ b/default_options.h | 19 | +++ b/default_options.h |
21 | @@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */ | 20 | @@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */ |
22 | * Small systems should generally include either curve25519 or ecdh for performance. | 21 | * Small systems should generally include either curve25519 or ecdh for performance. |
23 | * curve25519 is less widely supported but is faster | 22 | * curve25519 is less widely supported but is faster |
24 | */ | 23 | */ |
25 | -#define DROPBEAR_DH_GROUP14_SHA1 1 | 24 | -#define DROPBEAR_DH_GROUP14_SHA1 1 |
26 | +#define DROPBEAR_DH_GROUP14_SHA1 0 | 25 | +#define DROPBEAR_DH_GROUP14_SHA1 0 |
27 | #define DROPBEAR_DH_GROUP14_SHA256 1 | 26 | #define DROPBEAR_DH_GROUP14_SHA256 1 |
28 | #define DROPBEAR_DH_GROUP16 0 | 27 | #define DROPBEAR_DH_GROUP16 0 |
29 | #define DROPBEAR_CURVE25519 1 | 28 | #define DROPBEAR_CURVE25519 1 |
30 | #define DROPBEAR_ECDH 1 | 29 | -- |
31 | -#define DROPBEAR_DH_GROUP1 1 | 30 | 2.25.1 |
32 | +#define DROPBEAR_DH_GROUP1 0 | 31 | |
33 | |||
34 | /* When group1 is enabled it will only be allowed by Dropbear client | ||
35 | not as a server, due to concerns over its strength. Set to 0 to allow | ||
diff --git a/meta/recipes-core/dropbear/dropbear_2020.81.bb b/meta/recipes-core/dropbear/dropbear_2020.81.bb deleted file mode 100644 index c7edea84f8..0000000000 --- a/meta/recipes-core/dropbear/dropbear_2020.81.bb +++ /dev/null | |||
@@ -1,3 +0,0 @@ | |||
1 | require dropbear.inc | ||
2 | |||
3 | SRC_URI[sha256sum] = "48235d10b37775dbda59341ac0c4b239b82ad6318c31568b985730c788aac53b" | ||
diff --git a/meta/recipes-core/dropbear/dropbear_2022.82.bb b/meta/recipes-core/dropbear/dropbear_2022.82.bb new file mode 100644 index 0000000000..154a407a19 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear_2022.82.bb | |||
@@ -0,0 +1,3 @@ | |||
1 | require dropbear.inc | ||
2 | |||
3 | SRC_URI[sha256sum] = "3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1" | ||