From 688611a5edd7a90f05f8501bf29f7ba8cf4c07fc Mon Sep 17 00:00:00 2001
From: Mingli Yu <Mingli.Yu@windriver.com>
Date: Thu, 6 Sep 2018 16:06:33 +0800
Subject: dropbear: Fix CVE-2018-15599

Wait to fail invalid usernames to fix
CVE-2018-15599

Rework 0006-dropbear-configuration-file.patch
to fix fuzz warnings

(From OE-Core rev: f017715120b67ff02f56ed5db131436ee62aeffb)

Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/dropbear/dropbear.inc | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-core/dropbear/dropbear.inc')

diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index b634e0e53e..dc24ea71bf 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -13,6 +13,7 @@ RPROVIDES_${PN} = "ssh sshd"
 DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
+           file://CVE-2018-15599.patch \
            file://0001-urandom-xauth-changes-to-options.h.patch \
            file://0007-fix-localoptions-search-path.patch \
            file://init \
-- 
cgit v1.2.3-54-g00ecf