dropbear: update 2019.78 -> 2020.79

Refresh dropbear-disable-weak-ciphers.patch as some weak items have been dropped upstream. License-Update: curve25519 changed to public domain (From OE-Core rev: 1620a815f6fbe20e5b570ed254187856bb37c184) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Alexander Kanavin <alex.kanavin@gmail.com> 2020-06-26 09:18:19 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-06-28 08:35:59 +0100
commit: 658cde8788c2faf9532d332e37a6d98b14b070c5 (patch)
tree: f41059856dc6247d60415ad63c1b173a89037b6a /meta/recipes-core
parent: 51b40610485d6eb40238a48a8f0d07a17ca28d0a (diff)
download: poky-658cde8788c2faf9532d332e37a6d98b14b070c5.tar.gz
4 files changed, 19 insertions, 29 deletions
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 7269888a4e..240e328ed2 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -5,7 +5,7 @@ SECTION = "console/network"
 # some files are from other projects and have others license terms:
 #   public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
 LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=da58928b5d844c6667963cb5a109272d"
 DEPENDS = "zlib virtual/crypt"
 RPROVIDES_${PN} = "ssh sshd"
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
index e48a34bac0..b54581f17a 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -1,33 +1,24 @@
-This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers 
+From c347ece05a7fdbf50d76cb136b9ed45caed333f6 Mon Sep 17 00:00:00 2001
+From: Joseph Reynolds <joseph.reynolds1@ibm.com>
+Date: Thu, 20 Jun 2019 16:29:15 -0500
+Subject: [PATCH] dropbear: new feature: disable-weak-ciphers
+This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers
 in the dropbear ssh server and client since they're considered weak ciphers
 and we want to support the stong algorithms.
 Upstream-Status: Inappropriate [configuration]
 Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
-Index: dropbear-2019.78/default_options.h
+---
-===================================================================
+ default_options.h | 4 ++--
--- dropbear-2019.78.orig/default_options.h
+ 1 file changed, 2 insertions(+), 2 deletions(-)
-+++ dropbear-2019.78/default_options.h
-@@ -91,7 +91,7 @@ IMPORTANT: Some options will require "ma
+diff --git a/default_options.h b/default_options.h
- 
+index 1aa2297..7ff1394 100644
- /* Enable CBC mode for ciphers. This has security issues though
+--- a/default_options.h
-  * is the most compatible with older SSH implementations */
+++ b/default_options.h
-#define DROPBEAR_ENABLE_CBC_MODE 1
+@@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */
-+#define DROPBEAR_ENABLE_CBC_MODE 0
- 
- /* Enable "Counter Mode" for ciphers. This is more secure than
-  * CBC mode against certain attacks. It is recommended for security
-@@ -101,7 +101,7 @@ IMPORTANT: Some options will require "ma
- /* Message integrity. sha2-256 is recommended as a default, 
-    sha1 for compatibility */
- #define DROPBEAR_SHA1_HMAC 1
-#define DROPBEAR_SHA1_96_HMAC 1
-+#define DROPBEAR_SHA1_96_HMAC 0
- #define DROPBEAR_SHA2_256_HMAC 1
- 
- /* Hostkey/public key algorithms - at least one required, these are used
-@@ -149,12 +149,12 @@ IMPORTANT: Some options will require "ma
  * Small systems should generally include either curve25519 or ecdh for performance.
  * curve25519 is less widely supported but is faster
  */ 
diff --git a/meta/recipes-core/dropbear/dropbear_2019.78.bb b/meta/recipes-core/dropbear/dropbear_2019.78.bb
deleted file mode 100644
index d2cd8161bf..0000000000
--- a/meta/recipes-core/dropbear/dropbear_2019.78.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require dropbear.inc
-SRC_URI[md5sum] = "a972c85ed678ad0fdcb7844e1294fb54"
-SRC_URI[sha256sum] = "525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4"
diff --git a/meta/recipes-core/dropbear/dropbear_2020.79.bb b/meta/recipes-core/dropbear/dropbear_2020.79.bb
new file mode 100644
index 0000000000..43a17bf1e5
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear_2020.79.bb
@@ -0,0 +1,3 @@
+require dropbear.inc
+SRC_URI[sha256sum] = "084f00546b1610a3422a0773e2c04cbe1a220d984209e033b548b49f379cc441"
author	Alexander Kanavin <alex.kanavin@gmail.com>	2020-06-26 09:18:19 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-06-28 08:35:59 +0100
commit	658cde8788c2faf9532d332e37a6d98b14b070c5 (patch)
tree	f41059856dc6247d60415ad63c1b173a89037b6a /meta/recipes-core
parent	51b40610485d6eb40238a48a8f0d07a17ca28d0a (diff)
download	poky-658cde8788c2faf9532d332e37a6d98b14b070c5.tar.gz

diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc index 7269888a4e..240e328ed2 100644 --- a/meta/recipes-core/dropbear/dropbear.inc +++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -5,7 +5,7 @@ SECTION = "console/network"
5	# some files are from other projects and have others license terms:	5	# some files are from other projects and have others license terms:
6	# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY	6	# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
7	LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"	7	LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
8	LIC_FILES_CHKSUM = "file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01"	8	LIC_FILES_CHKSUM = "file://LICENSE;md5=da58928b5d844c6667963cb5a109272d"
9		9
10	DEPENDS = "zlib virtual/crypt"	10	DEPENDS = "zlib virtual/crypt"
11	RPROVIDES_${PN} = "ssh sshd"	11	RPROVIDES_${PN} = "ssh sshd"


diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch index e48a34bac0..b54581f17a 100644 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -1,33 +1,24 @@
1	This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers	1	From c347ece05a7fdbf50d76cb136b9ed45caed333f6 Mon Sep 17 00:00:00 2001
		2	From: Joseph Reynolds <joseph.reynolds1@ibm.com>
		3	Date: Thu, 20 Jun 2019 16:29:15 -0500
		4	Subject: [PATCH] dropbear: new feature: disable-weak-ciphers
		5
		6	This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers
2	in the dropbear ssh server and client since they're considered weak ciphers	7	in the dropbear ssh server and client since they're considered weak ciphers
3	and we want to support the stong algorithms.	8	and we want to support the stong algorithms.
4		9
5	Upstream-Status: Inappropriate [configuration]	10	Upstream-Status: Inappropriate [configuration]
6	Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>	11	Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
7		12
8	Index: dropbear-2019.78/default_options.h	13	---
9	===================================================================	14	default_options.h \| 4 ++--
10	--- dropbear-2019.78.orig/default_options.h	15	1 file changed, 2 insertions(+), 2 deletions(-)
11	+++ dropbear-2019.78/default_options.h	16
12	@@ -91,7 +91,7 @@ IMPORTANT: Some options will require "ma	17	diff --git a/default_options.h b/default_options.h
13		18	index 1aa2297..7ff1394 100644
14	/* Enable CBC mode for ciphers. This has security issues though	19	--- a/default_options.h
15	* is the most compatible with older SSH implementations */	20	+++ b/default_options.h
16	-#define DROPBEAR_ENABLE_CBC_MODE 1	21	@@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */
17	+#define DROPBEAR_ENABLE_CBC_MODE 0
18
19	/* Enable "Counter Mode" for ciphers. This is more secure than
20	* CBC mode against certain attacks. It is recommended for security
21	@@ -101,7 +101,7 @@ IMPORTANT: Some options will require "ma
22	/* Message integrity. sha2-256 is recommended as a default,
23	sha1 for compatibility */
24	#define DROPBEAR_SHA1_HMAC 1
25	-#define DROPBEAR_SHA1_96_HMAC 1
26	+#define DROPBEAR_SHA1_96_HMAC 0
27	#define DROPBEAR_SHA2_256_HMAC 1
28
29	/* Hostkey/public key algorithms - at least one required, these are used
30	@@ -149,12 +149,12 @@ IMPORTANT: Some options will require "ma
31	* Small systems should generally include either curve25519 or ecdh for performance.	22	* Small systems should generally include either curve25519 or ecdh for performance.
32	* curve25519 is less widely supported but is faster	23	* curve25519 is less widely supported but is faster
33	*/	24	*/


diff --git a/meta/recipes-core/dropbear/dropbear_2019.78.bb b/meta/recipes-core/dropbear/dropbear_2019.78.bb deleted file mode 100644 index d2cd8161bf..0000000000 --- a/meta/recipes-core/dropbear/dropbear_2019.78.bb +++ /dev/null
@@ -1,4 +0,0 @@
1	require dropbear.inc
2
3	SRC_URI[md5sum] = "a972c85ed678ad0fdcb7844e1294fb54"
4	SRC_URI[sha256sum] = "525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4"


diff --git a/meta/recipes-core/dropbear/dropbear_2020.79.bb b/meta/recipes-core/dropbear/dropbear_2020.79.bb new file mode 100644 index 0000000000..43a17bf1e5 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear_2020.79.bb
@@ -0,0 +1,3 @@
		1	require dropbear.inc
		2
		3	SRC_URI[sha256sum] = "084f00546b1610a3422a0773e2c04cbe1a220d984209e033b548b49f379cc441"