[PATCH 05/30] dropbear: update 2019.78 -> 2020.79

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Alexander Kanavin" <alex.kanavin@gmail.com>
To: openembedded-core@lists.openembedded.org
Cc: Alexander Kanavin <alex.kanavin@gmail.com>
Subject: [PATCH 05/30] dropbear: update 2019.78 -> 2020.79
Date: Fri, 26 Jun 2020 09:18:19 +0200	[thread overview]
Message-ID: <20200626071844.29134-5-alex.kanavin@gmail.com> (raw)
In-Reply-To: <20200626071844.29134-1-alex.kanavin@gmail.com>

Refresh dropbear-disable-weak-ciphers.patch as some weak items
have been dropped upstream.

License-Update: curve25519 changed to public domain
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
---
 meta/recipes-core/dropbear/dropbear.inc       |  2 +-
 .../dropbear-disable-weak-ciphers.patch       | 39 +++++++------------
 .../recipes-core/dropbear/dropbear_2019.78.bb |  4 --
 .../recipes-core/dropbear/dropbear_2020.79.bb |  3 ++
 4 files changed, 19 insertions(+), 29 deletions(-)
 delete mode 100644 meta/recipes-core/dropbear/dropbear_2019.78.bb
 create mode 100644 meta/recipes-core/dropbear/dropbear_2020.79.bb

diff --git a/meta/recipes-core/dropbear/dropbear.inc b/meta/recipes-core/dropbear/dropbear.inc
index 7269888a4e..240e328ed2 100644
--- a/meta/recipes-core/dropbear/dropbear.inc
+++ b/meta/recipes-core/dropbear/dropbear.inc
@@ -5,7 +5,7 @@ SECTION = "console/network"
 # some files are from other projects and have others license terms:
 #   public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
 LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=da58928b5d844c6667963cb5a109272d"
 
 DEPENDS = "zlib virtual/crypt"
 RPROVIDES_${PN} = "ssh sshd"
diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
index e48a34bac0..b54581f17a 100644
--- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
+++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
@@ -1,33 +1,24 @@
-This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers 
+From c347ece05a7fdbf50d76cb136b9ed45caed333f6 Mon Sep 17 00:00:00 2001
+From: Joseph Reynolds <joseph.reynolds1@ibm.com>
+Date: Thu, 20 Jun 2019 16:29:15 -0500
+Subject: [PATCH] dropbear: new feature: disable-weak-ciphers
+
+This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers
 in the dropbear ssh server and client since they're considered weak ciphers
 and we want to support the stong algorithms.
 
 Upstream-Status: Inappropriate [configuration]
 Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
 
-Index: dropbear-2019.78/default_options.h
-===================================================================
---- dropbear-2019.78.orig/default_options.h
-+++ dropbear-2019.78/default_options.h
-@@ -91,7 +91,7 @@ IMPORTANT: Some options will require "ma
- 
- /* Enable CBC mode for ciphers. This has security issues though
-  * is the most compatible with older SSH implementations */
--#define DROPBEAR_ENABLE_CBC_MODE 1
-+#define DROPBEAR_ENABLE_CBC_MODE 0
- 
- /* Enable "Counter Mode" for ciphers. This is more secure than
-  * CBC mode against certain attacks. It is recommended for security
-@@ -101,7 +101,7 @@ IMPORTANT: Some options will require "ma
- /* Message integrity. sha2-256 is recommended as a default, 
-    sha1 for compatibility */
- #define DROPBEAR_SHA1_HMAC 1
--#define DROPBEAR_SHA1_96_HMAC 1
-+#define DROPBEAR_SHA1_96_HMAC 0
- #define DROPBEAR_SHA2_256_HMAC 1
- 
- /* Hostkey/public key algorithms - at least one required, these are used
-@@ -149,12 +149,12 @@ IMPORTANT: Some options will require "ma
+---
+ default_options.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/default_options.h b/default_options.h
+index 1aa2297..7ff1394 100644
+--- a/default_options.h
++++ b/default_options.h
+@@ -163,12 +163,12 @@ IMPORTANT: Some options will require "make clean" after changes */
   * Small systems should generally include either curve25519 or ecdh for performance.
   * curve25519 is less widely supported but is faster
   */ 
diff --git a/meta/recipes-core/dropbear/dropbear_2019.78.bb b/meta/recipes-core/dropbear/dropbear_2019.78.bb
deleted file mode 100644
index d2cd8161bf..0000000000
--- a/meta/recipes-core/dropbear/dropbear_2019.78.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require dropbear.inc
-
-SRC_URI[md5sum] = "a972c85ed678ad0fdcb7844e1294fb54"
-SRC_URI[sha256sum] = "525965971272270995364a0eb01f35180d793182e63dd0b0c3eb0292291644a4"
diff --git a/meta/recipes-core/dropbear/dropbear_2020.79.bb b/meta/recipes-core/dropbear/dropbear_2020.79.bb
new file mode 100644
index 0000000000..43a17bf1e5
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear_2020.79.bb
@@ -0,0 +1,3 @@
+require dropbear.inc
+
+SRC_URI[sha256sum] = "084f00546b1610a3422a0773e2c04cbe1a220d984209e033b548b49f379cc441"
-- 
2.27.0

next prev parent reply	other threads:[~2020-06-26  7:19 UTC|newest]

Thread overview: 32+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-06-26  7:18 [PATCH 01/30] dnf: upgrade 4.2.21 -> 4.2.23 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 02/30] meson: upgrade 0.54.2 -> 0.54.3 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 03/30] libdnf: update 0.47.0 -> 0.48.0 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 04/30] ffmpeg: disable altivec on ppc by default Alexander Kanavin
2020-06-26  7:18 ` Alexander Kanavin [this message]
2020-06-26  7:18 ` [PATCH 06/30] elfutils: upgrade 0.179 -> 0.180 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 07/30] gnu-config: update to latest revision Alexander Kanavin
2020-06-26  7:18 ` [PATCH 08/30] libgpg-error: update 1.37 -> 1.38 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 09/30] perl: update 5.30.2 -> 5.32.0 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 10/30] gst-examples: upstream releases are even numbered Alexander Kanavin
2020-06-26  7:18 ` [PATCH 11/30] bison: upgrade 3.6.3 -> 3.6.4 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 12/30] python3-cython: upgrade 0.29.19 -> 0.29.20 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 13/30] stress-ng: upgrade 0.11.12 -> 0.11.14 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 14/30] piglit: upgrade to latest revision Alexander Kanavin
2020-06-26  7:18 ` [PATCH 15/30] linux-firmware: upgrade 20200519 -> 20200619 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 16/30] systemtap: upgrade 4.2 -> 4.3 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 17/30] alsa-lib: upgrade 1.2.2 -> 1.2.3.1 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 18/30] alsa-topology-conf: upgrade 1.2.2 -> 1.2.3 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 19/30] alsa-ucm-conf: " Alexander Kanavin
2020-06-26  7:18 ` [PATCH 20/30] alsa-utils: " Alexander Kanavin
2020-06-26  7:18 ` [PATCH 21/30] puzzles: upgrade to latest revision Alexander Kanavin
2020-06-26  7:18 ` [PATCH 22/30] diffoscope: upgrade 147 -> 148 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 23/30] libcheck: upgrade 0.14.0 -> 0.15.0 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 24/30] rsync: update 3.1.3 -> 3.2.1 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 25/30] sudo: upgrade 1.9.0 -> 1.9.1 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 26/30] python3-numpy: update 1.18.5 -> 1.19.0 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 27/30] mesa: update 20.0.7 -> 20.1.2 Alexander Kanavin
2020-06-26  7:18 ` [PATCH 28/30] go-binary-native: fix upstream version check Alexander Kanavin
2020-06-26  7:18 ` [PATCH 29/30] Revert "python3-setuptools: patch entrypoints for faster initialization" Alexander Kanavin
2020-06-30 14:13   ` [OE-core] " Trevor Gamblin
2020-06-26  7:18 ` [PATCH 30/30] python3-setuptools: upgrade 47.1.1 -> 47.3.1 Alexander Kanavin
2020-06-26  7:32 ` ✗ patchtest: failure for "dnf: upgrade 4.2.21 -> 4.2.23..." and 29 more Patchwork

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7269888a4 dfblob:240e328ed dfblob:e48a34bac dfblob:b54581f17
dfblob:d2cd8161b dfblob:43a17bf1e )
 OR (
bs:"[PATCH 05/30] dropbear: update 2019.78 -> 2020.79" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200626071844.29134-5-alex.kanavin@gmail.com \
    --to=alex.kanavin@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.