summaryrefslogtreecommitdiffstats
path: root/meta
diff options
context:
space:
mode:
authorAlexander Kanavin <alex.kanavin@gmail.com>2020-06-26 09:18:19 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2020-06-28 08:35:59 +0100
commit658cde8788c2faf9532d332e37a6d98b14b070c5 (patch)
treef41059856dc6247d60415ad63c1b173a89037b6a /meta
parent51b40610485d6eb40238a48a8f0d07a17ca28d0a (diff)
downloadpoky-658cde8788c2faf9532d332e37a6d98b14b070c5.tar.gz
dropbear: update 2019.78 -> 2020.79
Refresh dropbear-disable-weak-ciphers.patch as some weak items have been dropped upstream. License-Update: curve25519 changed to public domain (From OE-Core rev: 1620a815f6fbe20e5b570ed254187856bb37c184) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r--meta/recipes-core/dropbear/dropbear.inc2
-rw-r--r--meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch39
-rw-r--r--meta/recipes-core/dropbear/dropbear_2019.78.bb4
-rw-r--r--meta/recipes-core/dropbear/dropbear_2020.79.bb3
4 files changed, 19 insertions, 29 deletions
diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 7269888a4e..240e328ed2 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -5,7 +5,7 @@ SECTION = "console/network"
5# some files are from other projects and have others license terms: 5# some files are from other projects and have others license terms:
6# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY 6# public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
7LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD" 7LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
8LIC_FILES_CHKSUM = "file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01" 8LIC_FILES_CHKSUM = "file://LICENSE;md5=da58928b5d844c6667963cb5a109272d"
9 9
10DEPENDS = "zlib virtual/crypt" 10DEPENDS = "zlib virtual/crypt"
11RPROVIDES_${PN} = "ssh sshd" 11RPROVIDES_${PN} = "ssh sshd"
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
index e48a34bac0..b54581f17a 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -1,33 +1,24 @@
1This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers 1From c347ece05a7fdbf50d76cb136b9ed45caed333f6 Mon Sep 17 00:00:00 2001
2From: Joseph Reynolds <joseph.reynolds1@ibm.com>
3Date: Thu, 20 Jun 2019 16:29:15 -0500
4Subject: [PATCH] dropbear: new feature: disable-weak-ciphers
5
6This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers
2in the dropbear ssh server and client since they're considered weak ciphers 7in the dropbear ssh server and client since they're considered weak ciphers
3and we want to support the stong algorithms. 8and we want to support the stong algorithms.
4 9
5Upstream-Status: Inappropriate [configuration] 10Upstream-Status: Inappropriate [configuration]
6Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com> 11Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
7 12
8Index: dropbear-2019.78/default_options.h 13---
9=================================================================== 14 default_options.h | 4 ++--
10--- dropbear-2019.78.orig/default_options.h 15 1 file changed, 2 insertions(+), 2 deletions(-)
11+++ dropbear-2019.78/default_options.h 16
12@@ -91,7 +91,7 @@ IMPORTANT: Some options will require "ma 17diff --git a/default_options.h b/default_options.h
13 18index 1aa2297..7ff1394 100644
14 /* Enable CBC mode for ciphers. This has security issues though 19--- a/default_options.h
15 * is the most compatible with older SSH implementations */ 20+++ b/default_options.h
16-#define DROPBEAR_ENABLE_CBC_MODE 1 21@@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */
17+#define DROPBEAR_ENABLE_CBC_MODE 0
18
19 /* Enable "Counter Mode" for ciphers. This is more secure than
20 * CBC mode against certain attacks. It is recommended for security
21@@ -101,7 +101,7 @@ IMPORTANT: Some options will require "ma
22 /* Message integrity. sha2-256 is recommended as a default,
23 sha1 for compatibility */
24 #define DROPBEAR_SHA1_HMAC 1
25-#define DROPBEAR_SHA1_96_HMAC 1
26+#define DROPBEAR_SHA1_96_HMAC 0
27 #define DROPBEAR_SHA2_256_HMAC 1
28
29 /* Hostkey/public key algorithms - at least one required, these are used
30@@ -149,12 +149,12 @@ IMPORTANT: Some options will require "ma
31 * Small systems should generally include either curve25519 or ecdh for performance. 22 * Small systems should generally include either curve25519 or ecdh for performance.
32 * curve25519 is less widely supported but is faster 23 * curve25519 is less widely supported but is faster
33 */ 24 */
diff --git a/meta/recipes-core/dropbear/dropbear_2019.78.bb b/meta/recipes-core/dropbear/dropbear_2019.78.bb
deleted file mode 100644
index d2cd8161bf..0000000000
--- a/meta/recipes-core/dropbear/dropbear_2019.78.bb
+++ /dev/null
@@ -1,4 +0,0 @@
1require dropbear.inc
2
3SRC_URI[md5sum] = "a972c85ed678ad0fdcb7844e1294fb54"
4SRC_URI[sha256sum] = "525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4"
diff --git a/meta/recipes-core/dropbear/dropbear_2020.79.bb b/meta/recipes-core/dropbear/dropbear_2020.79.bb
new file mode 100644
index 0000000000..43a17bf1e5
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear_2020.79.bb
@@ -0,0 +1,3 @@
1require dropbear.inc
2
3SRC_URI[sha256sum] = "084f00546b1610a3422a0773e2c04cbe1a220d984209e033b548b49f379cc441"