6 files changed, 20 insertions, 165 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
index 99adcfd770..c74f09e484 100644
--- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
+++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
@@ -2,14 +2,14 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
 Upstream-Status: Inappropriate [configuration]
 ---
- default_options.h | 2 +-
+ src/default_options.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/default_options.h b/default_options.h
+diff --git a/src/default_options.h b/src/default_options.h
-index 349338c..5ffac25 100644
+index 6e970bb..ccc8b47 100644
--- a/default_options.h
+--- a/src/default_options.h
-+++ b/default_options.h
+++ b/src/default_options.h
-@@ -289,7 +289,7 @@ group1 in Dropbear server too */
+@@ -311,7 +311,7 @@ group1 in Dropbear server too */
 
 /* The command to invoke for xauth when using X11 forwarding.
  * "-q" for quiet */
@@ -19,5 +19,5 @@ index 349338c..5ffac25 100644
 
 /* If you want to enable running an sftp server (such as the one included with
 -- 
-2.25.1
+2.34.1
diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
index 32c3ea5f08..fe667ddc25 100644
--- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
+++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
@@ -11,13 +11,13 @@ Upstream-Status: Pending
 Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
 Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
 ---
- default_options.h | 4 ++--
+ src/default_options.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
-diff --git a/default_options.h b/default_options.h
+diff --git a/src/default_options.h b/src/default_options.h
 index 0e3d027..349338c 100644
--- a/default_options.h
+--- a/src/default_options.h
-+++ b/default_options.h
+++ b/src/default_options.h
 @@ -210,7 +210,7 @@ group1 in Dropbear server too */
 
 /* Authentication Types - at least one required.
diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
index deed78ffb9..f54f634a4e 100644
--- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
+++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
@@ -12,13 +12,13 @@ Signed-off-by: Maxin B. John <maxin.john@enea.com>
 Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
 Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
 ---
- svr-authpam.c | 2 +-
+ src/svr-authpam.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/svr-authpam.c b/svr-authpam.c
+diff --git a/srec/svr-authpam.c b/src/svr-authpam.c
 index d201bc9..165ec5c 100644
--- a/svr-authpam.c
+--- a/src/svr-authpam.c
-+++ b/svr-authpam.c
+++ b/src/svr-authpam.c
 @@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {
        }
 
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
deleted file mode 100644
index ec50d69816..0000000000
--- a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
-From: czurnieden <czurnieden@gmx.de>
-Date: Fri, 8 Sep 2023 10:07:32 +0000
-Subject: [PATCH] Fix possible integer overflow
-CVE: CVE-2023-36328
-Upstream-Status: Backport [https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9]
-Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
---
- libtommath/bn_mp_2expt.c                | 4 ++++
- libtommath/bn_mp_grow.c                 | 4 ++++
- libtommath/bn_mp_init_size.c            | 5 +++++
- libtommath/bn_mp_mul_2d.c               | 4 ++++
- libtommath/bn_s_mp_mul_digs.c           | 4 ++++
- libtommath/bn_s_mp_mul_digs_fast.c      | 4 ++++
- libtommath/bn_s_mp_mul_high_digs.c      | 4 ++++
- libtommath/bn_s_mp_mul_high_digs_fast.c | 4 ++++
- 8 files changed, 33 insertions(+)
-diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c
-index 0ae3df1..ca6fbc3 100644
--- a/libtommath/bn_mp_2expt.c
-+++ b/libtommath/bn_mp_2expt.c
-@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
- {
-    mp_err    err;
-+   if (b < 0) {
-+      return MP_VAL;
-+   }
-+
-    /* zero a as per default */
-    mp_zero(a);
-diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c
-index 9e904c5..2b16826 100644
--- a/libtommath/bn_mp_grow.c
-+++ b/libtommath/bn_mp_grow.c
-@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
-    int     i;
-    mp_digit *tmp;
-+   if (size < 0) {
-+      return MP_VAL;
-+   }
-+
-    /* if the alloc size is smaller alloc more ram */
-    if (a->alloc < size) {
-       /* reallocate the array a->dp
-diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c
-index d622687..5fefa96 100644
--- a/libtommath/bn_mp_init_size.c
-+++ b/libtommath/bn_mp_init_size.c
-@@ -6,6 +6,11 @@
- /* init an mp_init for a given size */
- mp_err mp_init_size(mp_int *a, int size)
- {
-+
-+   if (size < 0) {
-+      return MP_VAL;
-+   }
-+
-    size = MP_MAX(MP_MIN_PREC, size);
-    /* alloc mem */
-diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c
-index 87354de..2744163 100644
--- a/libtommath/bn_mp_mul_2d.c
-+++ b/libtommath/bn_mp_mul_2d.c
-@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
-    mp_digit d;
-    mp_err   err;
-+   if (b < 0) {
-+      return MP_VAL;
-+   }
-+
-    /* copy */
-    if (a != c) {
-       if ((err = mp_copy(a, c)) != MP_OKAY) {
-diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c
-index 64509d4..2d2f5b0 100644
--- a/libtommath/bn_s_mp_mul_digs.c
-+++ b/libtommath/bn_s_mp_mul_digs.c
-@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
-    mp_word r;
-    mp_digit tmpx, *tmpt, *tmpy;
-+   if (digs < 0) {
-+      return MP_VAL;
-+   }
-+
-    /* can we use the fast multiplier? */
-    if ((digs < MP_WARRAY) &&
-        (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
-diff --git a/libtommath/bn_s_mp_mul_digs_fast.c b/libtommath/bn_s_mp_mul_digs_fast.c
-index b2a287b..d6dd3cc 100644
--- a/libtommath/bn_s_mp_mul_digs_fast.c
-+++ b/libtommath/bn_s_mp_mul_digs_fast.c
-@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs)
-    mp_digit W[MP_WARRAY];
-    mp_word  _W;
-+   if (digs < 0) {
-+      return MP_VAL;
-+   }
-+
-    /* grow the destination as required */
-    if (c->alloc < digs) {
-       if ((err = mp_grow(c, digs)) != MP_OKAY) {
-diff --git a/libtommath/bn_s_mp_mul_high_digs.c b/libtommath/bn_s_mp_mul_high_digs.c
-index 2bb2a50..c9dd355 100644
--- a/libtommath/bn_s_mp_mul_high_digs.c
-+++ b/libtommath/bn_s_mp_mul_high_digs.c
-@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
-    mp_word  r;
-    mp_digit tmpx, *tmpt, *tmpy;
-+   if (digs < 0) {
-+      return MP_VAL;
-+   }
-+
-    /* can we use the fast multiplier? */
-    if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
-        && ((a->used + b->used + 1) < MP_WARRAY)
-diff --git a/libtommath/bn_s_mp_mul_high_digs_fast.c b/libtommath/bn_s_mp_mul_high_digs_fast.c
-index a2c4fb6..afe3e4b 100644
--- a/libtommath/bn_s_mp_mul_high_digs_fast.c
-+++ b/libtommath/bn_s_mp_mul_high_digs_fast.c
-@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int
-    mp_digit W[MP_WARRAY];
-    mp_word  _W;
-+   if (digs < 0) {
-+      return MP_VAL;
-+   }
-+
-    /* grow the destination as required */
-    pa = a->used + b->used;
-    if (c->alloc < pa) {
--
-2.35.5
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
index 5c60868ed8..f998caa255 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -10,13 +10,13 @@ and we want to support the stong algorithms.
 Upstream-Status: Inappropriate [configuration]
 Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
 ---
- default_options.h | 2 +-
+ src/default_options.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/default_options.h b/default_options.h
+diff --git a/src/default_options.h b/src/default_options.h
 index d417588..bc5200f 100644
--- a/default_options.h
+--- a/src/default_options.h
-+++ b/default_options.h
+++ b/src/default_options.h
 @@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
  * Small systems should generally include either curve25519 or ecdh for performance.
  * curve25519 is less widely supported but is faster
diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2024.84.bb
index 528eff1a10..69c7b04c55 100644
--- a/meta/recipes-core/dropbear/dropbear_2022.83.bb
+++ b/meta/recipes-core/dropbear/dropbear_2024.84.bb
@@ -21,10 +21,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
           file://dropbear.default \
           ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
           ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
-           file://CVE-2023-36328.patch \
           "
-SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
+SRC_URI[sha256sum] = "16e22b66b333d6b7e504c43679d04ed6ca30f2838db40a21f935c850dfc01009"
 PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
               file://0006-dropbear-configuration-file.patch \

diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 99adcfd770..c74f09e484 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
@@ -2,14 +2,14 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
2		2
3	Upstream-Status: Inappropriate [configuration]	3	Upstream-Status: Inappropriate [configuration]
4	---	4	---
5	default_options.h \| 2 +-	5	src/default_options.h \| 2 +-
6	1 file changed, 1 insertion(+), 1 deletion(-)	6	1 file changed, 1 insertion(+), 1 deletion(-)
7		7
8	diff --git a/default_options.h b/default_options.h	8	diff --git a/src/default_options.h b/src/default_options.h
9	index 349338c..5ffac25 100644	9	index 6e970bb..ccc8b47 100644
10	--- a/default_options.h	10	--- a/src/default_options.h
11	+++ b/default_options.h	11	+++ b/src/default_options.h
12	@@ -289,7 +289,7 @@ group1 in Dropbear server too */	12	@@ -311,7 +311,7 @@ group1 in Dropbear server too */
13		13
14	/* The command to invoke for xauth when using X11 forwarding.	14	/* The command to invoke for xauth when using X11 forwarding.
15	* "-q" for quiet */	15	* "-q" for quiet */
@@ -19,5 +19,5 @@ index 349338c..5ffac25 100644
19		19
20	/* If you want to enable running an sftp server (such as the one included with	20	/* If you want to enable running an sftp server (such as the one included with
21	--	21	--
22	2.25.1	22	2.34.1
23		23


diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 32c3ea5f08..fe667ddc25 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch
@@ -11,13 +11,13 @@ Upstream-Status: Pending
11	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>	11	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
12	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>	12	Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
13	---	13	---
14	default_options.h \| 4 ++--	14	src/default_options.h \| 4 ++--
15	1 file changed, 2 insertions(+), 2 deletions(-)	15	1 file changed, 2 insertions(+), 2 deletions(-)
16		16
17	diff --git a/default_options.h b/default_options.h	17	diff --git a/src/default_options.h b/src/default_options.h
18	index 0e3d027..349338c 100644	18	index 0e3d027..349338c 100644
19	--- a/default_options.h	19	--- a/src/default_options.h
20	+++ b/default_options.h	20	+++ b/src/default_options.h
21	@@ -210,7 +210,7 @@ group1 in Dropbear server too */	21	@@ -210,7 +210,7 @@ group1 in Dropbear server too */
22		22
23	/* Authentication Types - at least one required.	23	/* Authentication Types - at least one required.


diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch index deed78ffb9..f54f634a4e 100644 --- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch
@@ -12,13 +12,13 @@ Signed-off-by: Maxin B. John <maxin.john@enea.com>
12	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>	12	Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
13	Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>	13	Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
14	---	14	---
15	svr-authpam.c \| 2 +-	15	src/svr-authpam.c \| 2 +-
16	1 file changed, 1 insertion(+), 1 deletion(-)	16	1 file changed, 1 insertion(+), 1 deletion(-)
17		17
18	diff --git a/svr-authpam.c b/svr-authpam.c	18	diff --git a/srec/svr-authpam.c b/src/svr-authpam.c
19	index d201bc9..165ec5c 100644	19	index d201bc9..165ec5c 100644
20	--- a/svr-authpam.c	20	--- a/src/svr-authpam.c
21	+++ b/svr-authpam.c	21	+++ b/src/svr-authpam.c
22	@@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {	22	@@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) {
23	}	23	}
24		24


diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch deleted file mode 100644 index ec50d69816..0000000000 --- a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch +++ /dev/null
@@ -1,144 +0,0 @@
1	From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
2	From: czurnieden <czurnieden@gmx.de>
3	Date: Fri, 8 Sep 2023 10:07:32 +0000
4	Subject: [PATCH] Fix possible integer overflow
5
6	CVE: CVE-2023-36328
7
8	Upstream-Status: Backport [https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9]
9
10	Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
11	---
12	libtommath/bn_mp_2expt.c \| 4 ++++
13	libtommath/bn_mp_grow.c \| 4 ++++
14	libtommath/bn_mp_init_size.c \| 5 +++++
15	libtommath/bn_mp_mul_2d.c \| 4 ++++
16	libtommath/bn_s_mp_mul_digs.c \| 4 ++++
17	libtommath/bn_s_mp_mul_digs_fast.c \| 4 ++++
18	libtommath/bn_s_mp_mul_high_digs.c \| 4 ++++
19	libtommath/bn_s_mp_mul_high_digs_fast.c \| 4 ++++
20	8 files changed, 33 insertions(+)
21
22	diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c
23	index 0ae3df1..ca6fbc3 100644
24	--- a/libtommath/bn_mp_2expt.c
25	+++ b/libtommath/bn_mp_2expt.c
26	@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
27	{
28	mp_err err;
29
30	+ if (b < 0) {
31	+ return MP_VAL;
32	+ }
33	+
34	/* zero a as per default */
35	mp_zero(a);
36
37	diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c
38	index 9e904c5..2b16826 100644
39	--- a/libtommath/bn_mp_grow.c
40	+++ b/libtommath/bn_mp_grow.c
41	@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
42	int i;
43	mp_digit *tmp;
44
45	+ if (size < 0) {
46	+ return MP_VAL;
47	+ }
48	+
49	/* if the alloc size is smaller alloc more ram */
50	if (a->alloc < size) {
51	/* reallocate the array a->dp
52	diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c
53	index d622687..5fefa96 100644
54	--- a/libtommath/bn_mp_init_size.c
55	+++ b/libtommath/bn_mp_init_size.c
56	@@ -6,6 +6,11 @@
57	/* init an mp_init for a given size */
58	mp_err mp_init_size(mp_int *a, int size)
59	{
60	+
61	+ if (size < 0) {
62	+ return MP_VAL;
63	+ }
64	+
65	size = MP_MAX(MP_MIN_PREC, size);
66
67	/* alloc mem */
68	diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c
69	index 87354de..2744163 100644
70	--- a/libtommath/bn_mp_mul_2d.c
71	+++ b/libtommath/bn_mp_mul_2d.c
72	@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int a, int b, mp_int c)
73	mp_digit d;
74	mp_err err;
75
76	+ if (b < 0) {
77	+ return MP_VAL;
78	+ }
79	+
80	/* copy */
81	if (a != c) {
82	if ((err = mp_copy(a, c)) != MP_OKAY) {
83	diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c
84	index 64509d4..2d2f5b0 100644
85	--- a/libtommath/bn_s_mp_mul_digs.c
86	+++ b/libtommath/bn_s_mp_mul_digs.c
87	@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int a, const mp_int b, mp_int *c, int digs)
88	mp_word r;
89	mp_digit tmpx, tmpt, tmpy;
90
91	+ if (digs < 0) {
92	+ return MP_VAL;
93	+ }
94	+
95	/* can we use the fast multiplier? */
96	if ((digs < MP_WARRAY) &&
97	(MP_MIN(a->used, b->used) < MP_MAXFAST)) {
98	diff --git a/libtommath/bn_s_mp_mul_digs_fast.c b/libtommath/bn_s_mp_mul_digs_fast.c
99	index b2a287b..d6dd3cc 100644
100	--- a/libtommath/bn_s_mp_mul_digs_fast.c
101	+++ b/libtommath/bn_s_mp_mul_digs_fast.c
102	@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int a, const mp_int b, mp_int *c, int digs)
103	mp_digit W[MP_WARRAY];
104	mp_word _W;
105
106	+ if (digs < 0) {
107	+ return MP_VAL;
108	+ }
109	+
110	/* grow the destination as required */
111	if (c->alloc < digs) {
112	if ((err = mp_grow(c, digs)) != MP_OKAY) {
113	diff --git a/libtommath/bn_s_mp_mul_high_digs.c b/libtommath/bn_s_mp_mul_high_digs.c
114	index 2bb2a50..c9dd355 100644
115	--- a/libtommath/bn_s_mp_mul_high_digs.c
116	+++ b/libtommath/bn_s_mp_mul_high_digs.c
117	@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int a, const mp_int b, mp_int *c, int digs)
118	mp_word r;
119	mp_digit tmpx, tmpt, tmpy;
120
121	+ if (digs < 0) {
122	+ return MP_VAL;
123	+ }
124	+
125	/* can we use the fast multiplier? */
126	if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
127	&& ((a->used + b->used + 1) < MP_WARRAY)
128	diff --git a/libtommath/bn_s_mp_mul_high_digs_fast.c b/libtommath/bn_s_mp_mul_high_digs_fast.c
129	index a2c4fb6..afe3e4b 100644
130	--- a/libtommath/bn_s_mp_mul_high_digs_fast.c
131	+++ b/libtommath/bn_s_mp_mul_high_digs_fast.c
132	@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int a, const mp_int b, mp_int *c, int
133	mp_digit W[MP_WARRAY];
134	mp_word _W;
135
136	+ if (digs < 0) {
137	+ return MP_VAL;
138	+ }
139	+
140	/* grow the destination as required */
141	pa = a->used + b->used;
142	if (c->alloc < pa) {
143	--
144	2.35.5


diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch index 5c60868ed8..f998caa255 100644 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -10,13 +10,13 @@ and we want to support the stong algorithms.
10	Upstream-Status: Inappropriate [configuration]	10	Upstream-Status: Inappropriate [configuration]
11	Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>	11	Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
12	---	12	---
13	default_options.h \| 2 +-	13	src/default_options.h \| 2 +-
14	1 file changed, 1 insertion(+), 1 deletion(-)	14	1 file changed, 1 insertion(+), 1 deletion(-)
15		15
16	diff --git a/default_options.h b/default_options.h	16	diff --git a/src/default_options.h b/src/default_options.h
17	index d417588..bc5200f 100644	17	index d417588..bc5200f 100644
18	--- a/default_options.h	18	--- a/src/default_options.h
19	+++ b/default_options.h	19	+++ b/src/default_options.h
20	@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */	20	@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
21	* Small systems should generally include either curve25519 or ecdh for performance.	21	* Small systems should generally include either curve25519 or ecdh for performance.
22	* curve25519 is less widely supported but is faster	22	* curve25519 is less widely supported but is faster


diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2024.84.bb index 528eff1a10..69c7b04c55 100644 --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb +++ b/meta/recipes-core/dropbear/dropbear_2024.84.bb
@@ -21,10 +21,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
21	file://dropbear.default \	21	file://dropbear.default \
22	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \	22	${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
23	${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \	23	${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
24	file://CVE-2023-36328.patch \
25	"	24	"
26		25
27	SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"	26	SRC_URI[sha256sum] = "16e22b66b333d6b7e504c43679d04ed6ca30f2838db40a21f935c850dfc01009"
28		27
29	PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \	28	PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
30	file://0006-dropbear-configuration-file.patch \	29	file://0006-dropbear-configuration-file.patch \