4 files changed, 33 insertions, 38 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
index 684641dcbd..c74f09e484 100644
--- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
+++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
@@ -2,14 +2,14 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
 Upstream-Status: Inappropriate [configuration]
 ---
- default_options.h | 2 +-
+ src/default_options.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/default_options.h b/default_options.h
+diff --git a/src/default_options.h b/src/default_options.h
-index 3b75eb8..1fd8082 100644
+index 6e970bb..ccc8b47 100644
--- a/default_options.h
+--- a/src/default_options.h
-+++ b/default_options.h
+++ b/src/default_options.h
-@@ -243,7 +243,7 @@ Homedir is prepended unless path begins with / */
+@@ -311,7 +311,7 @@ group1 in Dropbear server too */
 
 /* The command to invoke for xauth when using X11 forwarding.
  * "-q" for quiet */
@@ -17,7 +17,7 @@ index 3b75eb8..1fd8082 100644
 +#define XAUTH_COMMAND "xauth -q"
 
 
- /* if you want to enable running an sftp server (such as the one included with
+ /* If you want to enable running an sftp server (such as the one included with
 -- 
-1.7.11.7
+2.34.1
diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
index 857681520c..fe667ddc25 100644
--- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
+++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
@@ -11,14 +11,14 @@ Upstream-Status: Pending
 Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
 Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
 ---
- default_options.h | 4 ++--
+ src/default_options.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/default_options.h b/default_options.h
+diff --git a/src/default_options.h b/src/default_options.h
-index 3b75eb8..8617cd0 100644
+index 0e3d027..349338c 100644
--- a/default_options.h
+--- a/src/default_options.h
-+++ b/default_options.h
+++ b/src/default_options.h
-@@ -179,7 +179,7 @@ group1 in Dropbear server too */
+@@ -210,7 +210,7 @@ group1 in Dropbear server too */
 
 /* Authentication Types - at least one required.
    RFC Draft requires pubkey auth, and recommends password */
@@ -27,16 +27,15 @@ index 3b75eb8..8617cd0 100644
 
 /* Note: PAM auth is quite simple and only works for PAM modules which just do
  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
-@@ -187,7 +187,7 @@ group1 in Dropbear server too */
+@@ -218,7 +218,7 @@ group1 in Dropbear server too */
  * but there's an interface via a PAM module. It won't work for more complex
  * PAM challenge/response.
  * You can't enable both PASSWORD and PAM. */
 -#define DROPBEAR_SVR_PAM_AUTH 0
 +#define DROPBEAR_SVR_PAM_AUTH 1
 
- /* ~/.ssh/authorized_keys authentication */
+ /* ~/.ssh/authorized_keys authentication.
- #define DROPBEAR_SVR_PUBKEY_AUTH 1
+  * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */
- 
 -- 
-2.1.4
+2.25.1
diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
index deed78ffb9..f54f634a4e 100644
--- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
+++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
@@ -12,13 +12,13 @@ Signed-off-by: Maxin B. John <maxin.john@enea.com>
 Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
 Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
 ---
- svr-authpam.c | 2 +-
+ src/svr-authpam.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/svr-authpam.c b/svr-authpam.c
+diff --git a/srec/svr-authpam.c b/src/svr-authpam.c
 index d201bc9..165ec5c 100644
--- a/svr-authpam.c
+--- a/src/svr-authpam.c
-+++ b/svr-authpam.c
+++ b/src/svr-authpam.c
 @@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {
        }
 
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
index b54581f17a..f998caa255 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -9,27 +9,23 @@ and we want to support the stong algorithms.
 Upstream-Status: Inappropriate [configuration]
 Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
 ---
- default_options.h | 4 ++--
+ src/default_options.h | 2 +-
- 1 file changed, 2 insertions(+), 2 deletions(-)
+ 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/default_options.h b/default_options.h
+diff --git a/src/default_options.h b/src/default_options.h
-index 1aa2297..7ff1394 100644
+index d417588..bc5200f 100644
--- a/default_options.h
+--- a/src/default_options.h
-+++ b/default_options.h
+++ b/src/default_options.h
-@@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */
+@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
  * Small systems should generally include either curve25519 or ecdh for performance.
  * curve25519 is less widely supported but is faster
-  */ 
+  */
 -#define DROPBEAR_DH_GROUP14_SHA1 1
 +#define DROPBEAR_DH_GROUP14_SHA1 0
 #define DROPBEAR_DH_GROUP14_SHA256 1
 #define DROPBEAR_DH_GROUP16 0
 #define DROPBEAR_CURVE25519 1
- #define DROPBEAR_ECDH 1
+-- 
-#define DROPBEAR_DH_GROUP1 1
+2.25.1
-+#define DROPBEAR_DH_GROUP1 0
- 
- /* When group1 is enabled it will only be allowed by Dropbear client
- not as a server, due to concerns over its strength. Set to 0 to allow

diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 684641dcbd..c74f09e484 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
@@ -2,14 +2,14 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
2		2
3	Upstream-Status: Inappropriate [configuration]	3	Upstream-Status: Inappropriate [configuration]
4	---	4	---
5	default_options.h \| 2 +-	5	src/default_options.h \| 2 +-
6	1 file changed, 1 insertion(+), 1 deletion(-)	6	1 file changed, 1 insertion(+), 1 deletion(-)
7		7
8	diff --git a/default_options.h b/default_options.h	8	diff --git a/src/default_options.h b/src/default_options.h
9	index 3b75eb8..1fd8082 100644	9	index 6e970bb..ccc8b47 100644
10	--- a/default_options.h	10	--- a/src/default_options.h
11	+++ b/default_options.h	11	+++ b/src/default_options.h
12	@@ -243,7 +243,7 @@ Homedir is prepended unless path begins with / */	12	@@ -311,7 +311,7 @@ group1 in Dropbear server too */
13		13
14	/* The command to invoke for xauth when using X11 forwarding.	14	/* The command to invoke for xauth when using X11 forwarding.
15	* "-q" for quiet */	15	* "-q" for quiet */
@@ -17,7 +17,7 @@ index 3b75eb8..1fd8082 100644
17	+#define XAUTH_COMMAND "xauth -q"	17	+#define XAUTH_COMMAND "xauth -q"
18		18
19		19
20	/* if you want to enable running an sftp server (such as the one included with	20	/* If you want to enable running an sftp server (such as the one included with
21	--	21	--
22	1.7.11.7	22	2.34.1
23		23


diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 857681520c..fe667ddc25 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
@@ -11,14 +11,14 @@ Upstream-Status: Pending
11	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>	11	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
12	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>	12	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
13	---	13	---
14	default_options.h \| 4 ++--	14	src/default_options.h \| 4 ++--
15	1 file changed, 2 insertions(+), 2 deletions(-)	15	1 file changed, 2 insertions(+), 2 deletions(-)
16		16
17	diff --git a/default_options.h b/default_options.h	17	diff --git a/src/default_options.h b/src/default_options.h
18	index 3b75eb8..8617cd0 100644	18	index 0e3d027..349338c 100644
19	--- a/default_options.h	19	--- a/src/default_options.h
20	+++ b/default_options.h	20	+++ b/src/default_options.h
21	@@ -179,7 +179,7 @@ group1 in Dropbear server too */	21	@@ -210,7 +210,7 @@ group1 in Dropbear server too */
22		22
23	/* Authentication Types - at least one required.	23	/* Authentication Types - at least one required.
24	RFC Draft requires pubkey auth, and recommends password */	24	RFC Draft requires pubkey auth, and recommends password */
@@ -27,16 +27,15 @@ index 3b75eb8..8617cd0 100644
27		27
28	/* Note: PAM auth is quite simple and only works for PAM modules which just do	28	/* Note: PAM auth is quite simple and only works for PAM modules which just do
29	* a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).	29	* a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
30	@@ -187,7 +187,7 @@ group1 in Dropbear server too */	30	@@ -218,7 +218,7 @@ group1 in Dropbear server too */
31	* but there's an interface via a PAM module. It won't work for more complex	31	* but there's an interface via a PAM module. It won't work for more complex
32	* PAM challenge/response.	32	* PAM challenge/response.
33	* You can't enable both PASSWORD and PAM. */	33	* You can't enable both PASSWORD and PAM. */
34	-#define DROPBEAR_SVR_PAM_AUTH 0	34	-#define DROPBEAR_SVR_PAM_AUTH 0
35	+#define DROPBEAR_SVR_PAM_AUTH 1	35	+#define DROPBEAR_SVR_PAM_AUTH 1
36		36
37	/* ~/.ssh/authorized_keys authentication */	37	/* ~/.ssh/authorized_keys authentication.
38	#define DROPBEAR_SVR_PUBKEY_AUTH 1	38	* You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */
39
40	--	39	--
41	2.1.4	40	2.25.1
42		41


diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch index deed78ffb9..f54f634a4e 100644 --- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
@@ -12,13 +12,13 @@ Signed-off-by: Maxin B. John <maxin.john@enea.com>
12	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>	12	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
13	Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>	13	Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
14	---	14	---
15	svr-authpam.c \| 2 +-	15	src/svr-authpam.c \| 2 +-
16	1 file changed, 1 insertion(+), 1 deletion(-)	16	1 file changed, 1 insertion(+), 1 deletion(-)
17		17
18	diff --git a/svr-authpam.c b/svr-authpam.c	18	diff --git a/srec/svr-authpam.c b/src/svr-authpam.c
19	index d201bc9..165ec5c 100644	19	index d201bc9..165ec5c 100644
20	--- a/svr-authpam.c	20	--- a/src/svr-authpam.c
21	+++ b/svr-authpam.c	21	+++ b/src/svr-authpam.c
22	@@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {	22	@@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {
23	}	23	}
24		24


diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch index b54581f17a..f998caa255 100644 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -9,27 +9,23 @@ and we want to support the stong algorithms.
9		9
10	Upstream-Status: Inappropriate [configuration]	10	Upstream-Status: Inappropriate [configuration]
11	Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>	11	Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
12
13	---	12	---
14	default_options.h \| 4 ++--	13	src/default_options.h \| 2 +-
15	1 file changed, 2 insertions(+), 2 deletions(-)	14	1 file changed, 1 insertion(+), 1 deletion(-)
16		15
17	diff --git a/default_options.h b/default_options.h	16	diff --git a/src/default_options.h b/src/default_options.h
18	index 1aa2297..7ff1394 100644	17	index d417588..bc5200f 100644
19	--- a/default_options.h	18	--- a/src/default_options.h
20	+++ b/default_options.h	19	+++ b/src/default_options.h
21	@@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */	20	@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
22	* Small systems should generally include either curve25519 or ecdh for performance.	21	* Small systems should generally include either curve25519 or ecdh for performance.
23	* curve25519 is less widely supported but is faster	22	* curve25519 is less widely supported but is faster
24	*/	23	*/
25	-#define DROPBEAR_DH_GROUP14_SHA1 1	24	-#define DROPBEAR_DH_GROUP14_SHA1 1
26	+#define DROPBEAR_DH_GROUP14_SHA1 0	25	+#define DROPBEAR_DH_GROUP14_SHA1 0
27	#define DROPBEAR_DH_GROUP14_SHA256 1	26	#define DROPBEAR_DH_GROUP14_SHA256 1
28	#define DROPBEAR_DH_GROUP16 0	27	#define DROPBEAR_DH_GROUP16 0
29	#define DROPBEAR_CURVE25519 1	28	#define DROPBEAR_CURVE25519 1
30	#define DROPBEAR_ECDH 1	29	--
31	-#define DROPBEAR_DH_GROUP1 1	30	2.25.1
32	+#define DROPBEAR_DH_GROUP1 0	31
33
34	/* When group1 is enabled it will only be allowed by Dropbear client
35	not as a server, due to concerns over its strength. Set to 0 to allow