<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-core/dropbear, branch 2.8_M2</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=2.8_M2</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=2.8_M2'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2019-06-21T14:32:36+00:00</updated>
<entry>
<title>dropbear: new feature: disable-weak-ciphers</title>
<updated>2019-06-21T14:32:36+00:00</updated>
<author>
<name>Joseph Reynolds</name>
<email>jrey@linux.ibm.com</email>
</author>
<published>2019-06-20T21:29:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d52b1dfc1baac551350617bd683e8978bfae11c0'/>
<id>urn:sha1:d52b1dfc1baac551350617bd683e8978bfae11c0</id>
<content type='text'>
Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
the dropbear ssh server and client.

Disable this feature if you need to connect to the ssh server from older
clients.  Additional customization can be done with local_options.h as usual.

Tested: On dropbear_2019.78.

Upstream-Status: Inappropriate [configuration]

(From OE-Core rev: b11521ce1b1d1f8b4dddf830b41f5ea809730d22)

Signed-off-by: Joseph Reynolds &lt;joseph.reynolds1@ibm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: add openssh/openssh-sshd as rconflict</title>
<updated>2019-05-30T11:37:03+00:00</updated>
<author>
<name>Changqing Li</name>
<email>changqing.li@windriver.com</email>
</author>
<published>2019-05-28T04:01:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=d365948ebd76625f82ef04e77d35bcfeced42fec'/>
<id>urn:sha1:d365948ebd76625f82ef04e77d35bcfeced42fec</id>
<content type='text'>
(From OE-Core rev: 0aa21ae925d81cd10d5c44d4d98c9f06df87139d)

Signed-off-by: Changqing Li &lt;changqing.li@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: set CVE_PRODUCT</title>
<updated>2019-04-30T11:05:23+00:00</updated>
<author>
<name>Chen Qi</name>
<email>Qi.Chen@windriver.com</email>
</author>
<published>2019-04-29T07:27:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7603f21aadfa90cef29a60de31f82b80d902c9fb'/>
<id>urn:sha1:7603f21aadfa90cef29a60de31f82b80d902c9fb</id>
<content type='text'>
(From OE-Core rev: 3c247a4a166cabf7ddfea403cf272b3fb4e00872)

Signed-off-by: Chen Qi &lt;Qi.Chen@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: update to 2019.78</title>
<updated>2019-04-12T13:05:37+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2019-04-01T14:01:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f16794b4c44f0358103e44cc6ff8ea242adf2584'/>
<id>urn:sha1:f16794b4c44f0358103e44cc6ff8ea242adf2584</id>
<content type='text'>
(From OE-Core rev: 4a5e607dac5f0d4ccd220f022002661b66681112)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: update to 2019.77</title>
<updated>2019-03-25T23:19:53+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2019-03-25T09:43:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=249b6e3f73d5507766543c04f4a19d2db77d8eb2'/>
<id>urn:sha1:249b6e3f73d5507766543c04f4a19d2db77d8eb2</id>
<content type='text'>
 - update dropbear to version 2019.77
 - drop obsolete patch

(From OE-Core rev: c0f2e6f74119538a33095c27a8d9e92084741672)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: remove localoptions.h in source searching</title>
<updated>2018-09-22T01:45:46+00:00</updated>
<author>
<name>Andrej Valek</name>
<email>andrej.valek@siemens.com</email>
</author>
<published>2018-09-19T13:02:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a52a4a7a4c46d34539788a34b547f670b4cbd551'/>
<id>urn:sha1:a52a4a7a4c46d34539788a34b547f670b4cbd551</id>
<content type='text'>
- localoptions.h is automatically searched in build directory

(From OE-Core rev: 40fe89027e1b9ed63c65ff026bc6cce5de1b814a)

Signed-off-by: Andrej Valek &lt;andrej.valek@siemens.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@intel.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: Fix CVE-2018-15599</title>
<updated>2018-09-10T11:13:06+00:00</updated>
<author>
<name>Mingli Yu</name>
<email>Mingli.Yu@windriver.com</email>
</author>
<published>2018-09-06T08:06:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=688611a5edd7a90f05f8501bf29f7ba8cf4c07fc'/>
<id>urn:sha1:688611a5edd7a90f05f8501bf29f7ba8cf4c07fc</id>
<content type='text'>
Wait to fail invalid usernames to fix
CVE-2018-15599

Rework 0006-dropbear-configuration-file.patch
to fix fuzz warnings

(From OE-Core rev: f017715120b67ff02f56ed5db131436ee62aeffb)

Signed-off-by: Mingli Yu &lt;Mingli.Yu@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear.inc: add dependency on virtual/crypt to fix build with glibc-2.28</title>
<updated>2018-08-15T08:44:33+00:00</updated>
<author>
<name>Martin Jansa</name>
<email>martin.jansa@gmail.com</email>
</author>
<published>2018-08-09T12:16:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=19ee0f26cbaaacebacf552878ce98149957d0ac3'/>
<id>urn:sha1:19ee0f26cbaaacebacf552878ce98149957d0ac3</id>
<content type='text'>
configure tests crypt() existence with:

dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
dnl but we don't want link all binaries to -lcrypt, just dropbear server.
dnl OS X doesn't need -lcrypt
AC_CHECK_FUNC(crypt, found_crypt_func=here)
AC_CHECK_LIB(crypt, crypt,
        [
        CRYPTLIB="-lcrypt"
        found_crypt_func=here
        ])
AC_SUBST(CRYPTLIB)
if test "t$found_crypt_func" = there; then
AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
fi

but that silently fails with glibc-2.28 and a bit later do_compile fails with;
http://errors.yoctoproject.org/Errors/Details/185895/

../dropbear-2018.76/sysoptions.h:237:3: error: #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
  #error "DROPBEAR_SVR_PASSWORD_AUTH requires `crypt()'."
   ^~~~~

Add dependency on virtual/crypt so that do_configure detects it correctly.

(From OE-Core rev: d04703aef55e01c59329fc54660724e053f3f66c)

Signed-off-by: Martin Jansa &lt;Martin.Jansa@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: add default config file to disable root login</title>
<updated>2018-07-09T21:48:38+00:00</updated>
<author>
<name>Jackie Huang</name>
<email>jackie.huang@windriver.com</email>
</author>
<published>2017-06-29T03:31:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=fbf465c07d12ae7f7822e6961f8cf61fd5f14e56'/>
<id>urn:sha1:fbf465c07d12ae7f7822e6961f8cf61fd5f14e56</id>
<content type='text'>
root login is disabled by default for openssh and we can
enable it through IMAGE_FEATURES 'debug-tweaks' or
'allow-empty-password', so change to the same default
behavior for dropbear.

(From OE-Core rev: d3e69fa2fef83015658aa5fa1442bab5a8c3edaa)

Signed-off-by: Jackie Huang &lt;jackie.huang@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: drop obsolete patch 0004-fix-2kb-keys.patch</title>
<updated>2018-06-07T07:52:55+00:00</updated>
<author>
<name>Andre McCurdy</name>
<email>armccurdy@gmail.com</email>
</author>
<published>2018-05-29T20:58:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=7176d4d599f7ae7635face797fdf69dfa483c8ef'/>
<id>urn:sha1:7176d4d599f7ae7635face797fdf69dfa483c8ef</id>
<content type='text'>
The origins of the patch date back to early 2005 (prior to the start
of git history in oe-core) to fix a hardcoded limit on the maximum
size of remote host keys:

  http://familiar.handhelds.narkive.com/b1VGg2bI/problem-w-dropbear-ssh

The hardcoded limit was fixed upstream in dropbear 0.47:

  https://github.com/mkj/dropbear/commit/736f370dce614b717193f45d084e9e009de723ce

The patch has therefore been obsolete since then. It went unnoticed
until now as the patch has continued to apply - it modifies a value
which is not used.

(From OE-Core rev: 17072ffc1e765edd45bc1174378fb666185e5643)

Signed-off-by: Andre McCurdy &lt;armccurdy@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
