<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-core/dropbear, branch styhead-5.1.3</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=styhead-5.1.3</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=styhead-5.1.3'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2024-05-28T08:38:23+00:00</updated>
<entry>
<title>dropbear: upgrade 2024.84 -&gt; 2024.85</title>
<updated>2024-05-28T08:38:23+00:00</updated>
<author>
<name>Yi Zhao</name>
<email>yi.zhao@eng.windriver.com</email>
</author>
<published>2024-05-17T01:19:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0e26265e2cd4ab8654b3c3edfd479eb6a535ee3f'/>
<id>urn:sha1:0e26265e2cd4ab8654b3c3edfd479eb6a535ee3f</id>
<content type='text'>
Changelog:
https://matt.ucc.asn.au/dropbear/CHANGES

This release fixes build regressions in 2024.84:
 - Fix build failure when SHA1 is disabled
 - Fix build failure when DROPBEAR_CLI_PUBKEY_AUTH disabled
 - Update debian/ directory with changed paths

(From OE-Core rev: 62ad8e8217548d7f9aab506a3611ef41f4881cf3)

Signed-off-by: Yi Zhao &lt;yi.zhao@windriver.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>recipes: Update WORKDIR references to UNPACKDIR</title>
<updated>2024-05-02T14:15:51+00:00</updated>
<author>
<name>Richard Purdie</name>
<email>richard.purdie@linuxfoundation.org</email>
</author>
<published>2024-04-30T13:23:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0ea63b6a439fe97f840c69d08cf381687baaae3f'/>
<id>urn:sha1:0ea63b6a439fe97f840c69d08cf381687baaae3f</id>
<content type='text'>
Since we want to be able to stop unpacking to WORKDIR, correct the WORKDIR
references in recipe do_compile/do_install tasks to use UNPACKDIR in the
appropraite places instead.

(From OE-Core rev: d73595df69667fe9d12ecd407b77a0b8dae2109c)

Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: upgrade 2022.83 -&gt; 2024.84</title>
<updated>2024-04-23T12:40:24+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2024-04-10T02:01:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=0d28ec11cf489bcf7d3ccf4cc1719e99b11552d2'/>
<id>urn:sha1:0d28ec11cf489bcf7d3ccf4cc1719e99b11552d2</id>
<content type='text'>
0001-urandom-xauth-changes-to-options.h.patch
dropbear-disable-weak-ciphers.patch
0005-dropbear-enable-pam.patch
0006-dropbear-configuration-file.patch
refreshed for 2024.84

CVE-2023-36328.patch
removed since it's included in 2024.84

(From OE-Core rev: c50a0d013137338ac1dec60f6aed32ff3a185839)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: remove unnecessary line</title>
<updated>2024-02-02T11:06:17+00:00</updated>
<author>
<name>Etienne Cordonnier</name>
<email>ecordonnier@snap.com</email>
</author>
<published>2024-01-29T15:34:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=f00f7e1570fb19ca958d0417e04c6094813b6bc6'/>
<id>urn:sha1:f00f7e1570fb19ca958d0417e04c6094813b6bc6</id>
<content type='text'>
This line was added in 703e3faaec8c5a22, however
the default value of FILES:${PN} contains "${bindir}/*", so this directory does
not need to be explicitly added.

(From OE-Core rev: 53f9fa7b7913f4d8a480e85a7b6a943f1125bb19)

Signed-off-by: Etienne Cordonnier &lt;ecordonnier@snap.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: fix CVE-2023-36328</title>
<updated>2023-09-09T21:14:41+00:00</updated>
<author>
<name>Yogita Urade</name>
<email>yogita.urade@windriver.com</email>
</author>
<published>2023-09-08T14:01:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a09d8afd4850e3878698ad931b9f8513677ccf80'/>
<id>urn:sha1:a09d8afd4850e3878698ad931b9f8513677ccf80</id>
<content type='text'>
Integer Overflow vulnerability in mp_grow in libtom libtommath before
commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to
execute arbitrary code and cause a denial of service (DoS).

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-36328
https://github.com/libtom/libtommath/pull/546

(From OE-Core rev: aa392840d625f5c45832e7ddf60c4dfaba3c4287)

Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: upgrade 2022.82 -&gt; 2022.83</title>
<updated>2022-12-06T15:23:18+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2022-12-05T02:24:52+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a05b95e3825284bd371ac5fcff5ee6434fa594f2'/>
<id>urn:sha1:a05b95e3825284bd371ac5fcff5ee6434fa594f2</id>
<content type='text'>
0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch
removed since it's included in 2022.83

Changelog:
==========
- Disable DROPBEAR_DSS by default
- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
- Add option for requiring both password and pubkey (-t)
- Add 'no-touch-required' and 'verify-required' options for sk keys
  DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
  and DROPBEAR_SK_ED25519 options.
- Add 'permitopen' option for authorized_keys to restrict forwarded ports
- Added LTM_CFLAGS configure argument to set flags for building
  bundled libtommath. This also restores the previous arguments used
  in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
  key generation, which regressed in 2022.82.
  There is a tradeoff with code size, so -Os can be used if required.
- Add '-z' flag to disable setting QoS traffic class. This may be necessary
  to work with broken networks or network drivers, exposed after changes to use
  AF21 in 2022.82
- Allow overriding user shells with COMPAT_USER_SHELLS
- Improve permission error message
- Remove HMAC_MD5 entirely

(From OE-Core rev: 99759005f18f0533717696729978d8dc5bf4ad16)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: add pam to PACKAGECONFIG</title>
<updated>2022-10-25T12:42:03+00:00</updated>
<author>
<name>Ming Liu</name>
<email>liu.ming50@gmail.com</email>
</author>
<published>2022-10-06T10:31:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=5052a071e5b13e6c33dfa2c4618a0e3e947c2e42'/>
<id>urn:sha1:5052a071e5b13e6c33dfa2c4618a0e3e947c2e42</id>
<content type='text'>
Add pam to PACKAGECONFIG to make the code cleaner.

(From OE-Core rev: 4d0c566a79cf7c0b7c86eaa7c99aa185fcf37bb5)

Signed-off-by: Ming Liu &lt;liu.ming50@gmail.com&gt;
Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: Add enable-x11-forwarding PACKAGECONFIG option</title>
<updated>2022-09-29T20:15:50+00:00</updated>
<author>
<name>Daniel Gomez</name>
<email>daniel@qtec.com</email>
</author>
<published>2022-09-27T17:36:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=18393dc116f59340cd0b5b9315e3d05d461b6027'/>
<id>urn:sha1:18393dc116f59340cd0b5b9315e3d05d461b6027</id>
<content type='text'>
Add the option to enable X11 forwarding in dropbear with a new
PACKAGECONFIG option ('enable-x11-forwarding'). Method uses
localoption.h file for dropbear feature selection.

Add backport patch to fix X11 forwarding in the current 2022.82
version.

(From OE-Core rev: f09d94979fd98f160ef7157b517489a43086333f)

Signed-off-by: Daniel Gomez &lt;daniel@qtec.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: merge .inc into .bb</title>
<updated>2022-08-14T07:13:32+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2022-08-11T19:58:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=85437a157e80df7ee210a94d1887777ad4eac657'/>
<id>urn:sha1:85437a157e80df7ee210a94d1887777ad4eac657</id>
<content type='text'>
(From OE-Core rev: e4e21f272a897bd89ffbc9d057db56eae944c70b)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>dropbear: Add configuration file to CONFFILES</title>
<updated>2022-07-23T12:55:25+00:00</updated>
<author>
<name>Daniel Gomez</name>
<email>daniel@qtec.com</email>
</author>
<published>2022-07-19T06:54:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=6ed3e6325a6910576dc57dcded283c139ff6de91'/>
<id>urn:sha1:6ed3e6325a6910576dc57dcded283c139ff6de91</id>
<content type='text'>
Avoid overwriting the dropbear configuration when the package gets
updated by adding it to the CONFFILES list.

Before:
root@qt5222:~# dpkg -i dropbear_2022.82-r0.26_amd64.deb
(Reading database ... 32509 files and directories currently installed.)
Preparing to unpack dropbear_2022.82-r0.26_amd64.deb ...
Unpacking dropbear (2022.82-r0.26) over (2022.82-r0.25) ...
Setting up dropbear (2022.82-r0.26) ...
update-alternatives: Linking /usr/bin/scp to /usr/sbin/dropbearmulti
update-alternatives: Linking /usr/bin/ssh to /usr/sbin/dropbearmulti

After:
root@qt5222:~# dpkg -i dropbear_2022.82-r0.27_amd64.deb
(Reading database ... 32509 files and directories currently installed.)
Preparing to unpack dropbear_2022.82-r0.27_amd64.deb ...
Unpacking dropbear (2022.82-r0.27) over (2022.82-r0.26) ...
Setting up dropbear (2022.82-r0.27) ...

Configuration file '/etc/default/dropbear'
 ==&gt; File on system created by you or by a script.
 ==&gt; File also in package provided by package maintainer.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** dropbear (Y/I/N/O/D/Z) [default=N] ?

(From OE-Core rev: e8809c00d7414faeb601970faa3e9caf5deb39cf)

Signed-off-by: Daniel Gomez &lt;daniel@qtec.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
