From: Alexandre Belloni <alexandre.belloni@bootlin.com>
To: wangmy@fujitsu.com
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH 06/33] dropbear: upgrade 2022.83 -> 2024.84
Date: Tue, 9 Apr 2024 23:36:48 +0200 [thread overview]
Message-ID: <20240409213648c1161f49@mail.local> (raw)
In-Reply-To: <1712646620-16608-6-git-send-email-wangmy@fujitsu.com>
ERROR: dropbear-2024.84-r0 do_patch: Applying patch '0005-dropbear-enable-pam.patch' on target directory '/home/pokybuild/yocto-worker/beaglebone-alt/build/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/dropbear/2024.84/dropbear-2024.84'
CmdError('quilt --quiltrc /home/pokybuild/yocto-worker/beaglebone-alt/build/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/dropbear/2024.84/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch 0005-dropbear-enable-pam.patch
can't find file to patch at input line 21
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From b8cece92ba19aa77ac013ea161bfe4c7147747c9 Mon Sep 17 00:00:00 2001
|From: Jussi Kukkonen <jussi.kukkonen@intel.com>
|Date: Wed, 2 Dec 2015 11:36:02 +0200
|Subject: Enable pam
|
|We need modify file default_options.h besides enabling pam in
|configure if we want dropbear to support pam.
|
|Upstream-Status: Pending
|
|Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
|Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|---
| default_options.h | 4 ++--
| 1 file changed, 2 insertions(+), 2 deletions(-)
|
|diff --git a/default_options.h b/default_options.h
|index 0e3d027..349338c 100644
|--- a/default_options.h
|+++ b/default_options.h
--------------------------
No file to patch. Skipping patch.
2 out of 2 hunks ignored
Patch 0005-dropbear-enable-pam.patch does not apply (enforce with -f)
stderr: ")
On 09/04/2024 15:09:53+0800, wangmy via lists.openembedded.org wrote:
> From: Wang Mingyu <wangmy@fujitsu.com>
>
> 0001-urandom-xauth-changes-to-options.h.patch
> dropbear-disable-weak-ciphers.patch
> refreshed for 2024.84
>
> CVE-2023-36328.patch
> removed since it's included in 2024.84
>
> Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
> ---
> ...1-urandom-xauth-changes-to-options.h.patch | 14 +-
> .../dropbear/dropbear/CVE-2023-36328.patch | 144 ------------------
> .../dropbear-disable-weak-ciphers.patch | 6 +-
> ...ropbear_2022.83.bb => dropbear_2024.84.bb} | 3 +-
> 4 files changed, 11 insertions(+), 156 deletions(-)
> delete mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
> rename meta/recipes-core/dropbear/{dropbear_2022.83.bb => dropbear_2024.84.bb} (97%)
>
> diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
> index 99adcfd770..c74f09e484 100644
> --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
> +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
> @@ -2,14 +2,14 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
>
> Upstream-Status: Inappropriate [configuration]
> ---
> - default_options.h | 2 +-
> + src/default_options.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/default_options.h b/default_options.h
> -index 349338c..5ffac25 100644
> ---- a/default_options.h
> -+++ b/default_options.h
> -@@ -289,7 +289,7 @@ group1 in Dropbear server too */
> +diff --git a/src/default_options.h b/src/default_options.h
> +index 6e970bb..ccc8b47 100644
> +--- a/src/default_options.h
> ++++ b/src/default_options.h
> +@@ -311,7 +311,7 @@ group1 in Dropbear server too */
>
> /* The command to invoke for xauth when using X11 forwarding.
> * "-q" for quiet */
> @@ -19,5 +19,5 @@ index 349338c..5ffac25 100644
>
> /* If you want to enable running an sftp server (such as the one included with
> --
> -2.25.1
> +2.34.1
>
> diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
> deleted file mode 100644
> index ec50d69816..0000000000
> --- a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
> +++ /dev/null
> @@ -1,144 +0,0 @@
> -From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
> -From: czurnieden <czurnieden@gmx.de>
> -Date: Fri, 8 Sep 2023 10:07:32 +0000
> -Subject: [PATCH] Fix possible integer overflow
> -
> -CVE: CVE-2023-36328
> -
> -Upstream-Status: Backport [https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9]
> -
> -Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
> ----
> - libtommath/bn_mp_2expt.c | 4 ++++
> - libtommath/bn_mp_grow.c | 4 ++++
> - libtommath/bn_mp_init_size.c | 5 +++++
> - libtommath/bn_mp_mul_2d.c | 4 ++++
> - libtommath/bn_s_mp_mul_digs.c | 4 ++++
> - libtommath/bn_s_mp_mul_digs_fast.c | 4 ++++
> - libtommath/bn_s_mp_mul_high_digs.c | 4 ++++
> - libtommath/bn_s_mp_mul_high_digs_fast.c | 4 ++++
> - 8 files changed, 33 insertions(+)
> -
> -diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c
> -index 0ae3df1..ca6fbc3 100644
> ---- a/libtommath/bn_mp_2expt.c
> -+++ b/libtommath/bn_mp_2expt.c
> -@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
> - {
> - mp_err err;
> -
> -+ if (b < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* zero a as per default */
> - mp_zero(a);
> -
> -diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c
> -index 9e904c5..2b16826 100644
> ---- a/libtommath/bn_mp_grow.c
> -+++ b/libtommath/bn_mp_grow.c
> -@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
> - int i;
> - mp_digit *tmp;
> -
> -+ if (size < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* if the alloc size is smaller alloc more ram */
> - if (a->alloc < size) {
> - /* reallocate the array a->dp
> -diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c
> -index d622687..5fefa96 100644
> ---- a/libtommath/bn_mp_init_size.c
> -+++ b/libtommath/bn_mp_init_size.c
> -@@ -6,6 +6,11 @@
> - /* init an mp_init for a given size */
> - mp_err mp_init_size(mp_int *a, int size)
> - {
> -+
> -+ if (size < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - size = MP_MAX(MP_MIN_PREC, size);
> -
> - /* alloc mem */
> -diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c
> -index 87354de..2744163 100644
> ---- a/libtommath/bn_mp_mul_2d.c
> -+++ b/libtommath/bn_mp_mul_2d.c
> -@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
> - mp_digit d;
> - mp_err err;
> -
> -+ if (b < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* copy */
> - if (a != c) {
> - if ((err = mp_copy(a, c)) != MP_OKAY) {
> -diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c
> -index 64509d4..2d2f5b0 100644
> ---- a/libtommath/bn_s_mp_mul_digs.c
> -+++ b/libtommath/bn_s_mp_mul_digs.c
> -@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
> - mp_word r;
> - mp_digit tmpx, *tmpt, *tmpy;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* can we use the fast multiplier? */
> - if ((digs < MP_WARRAY) &&
> - (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
> -diff --git a/libtommath/bn_s_mp_mul_digs_fast.c b/libtommath/bn_s_mp_mul_digs_fast.c
> -index b2a287b..d6dd3cc 100644
> ---- a/libtommath/bn_s_mp_mul_digs_fast.c
> -+++ b/libtommath/bn_s_mp_mul_digs_fast.c
> -@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs)
> - mp_digit W[MP_WARRAY];
> - mp_word _W;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* grow the destination as required */
> - if (c->alloc < digs) {
> - if ((err = mp_grow(c, digs)) != MP_OKAY) {
> -diff --git a/libtommath/bn_s_mp_mul_high_digs.c b/libtommath/bn_s_mp_mul_high_digs.c
> -index 2bb2a50..c9dd355 100644
> ---- a/libtommath/bn_s_mp_mul_high_digs.c
> -+++ b/libtommath/bn_s_mp_mul_high_digs.c
> -@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
> - mp_word r;
> - mp_digit tmpx, *tmpt, *tmpy;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* can we use the fast multiplier? */
> - if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
> - && ((a->used + b->used + 1) < MP_WARRAY)
> -diff --git a/libtommath/bn_s_mp_mul_high_digs_fast.c b/libtommath/bn_s_mp_mul_high_digs_fast.c
> -index a2c4fb6..afe3e4b 100644
> ---- a/libtommath/bn_s_mp_mul_high_digs_fast.c
> -+++ b/libtommath/bn_s_mp_mul_high_digs_fast.c
> -@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int
> - mp_digit W[MP_WARRAY];
> - mp_word _W;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* grow the destination as required */
> - pa = a->used + b->used;
> - if (c->alloc < pa) {
> ---
> -2.35.5
> diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
> index 5c60868ed8..03b452ee0a 100644
> --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
> +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
> @@ -13,10 +13,10 @@ Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
> default_options.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/default_options.h b/default_options.h
> +diff --git a/src/default_options.h b/src/default_options.h
> index d417588..bc5200f 100644
> ---- a/default_options.h
> -+++ b/default_options.h
> +--- a/src/default_options.h
> ++++ b/src/default_options.h
> @@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
> * Small systems should generally include either curve25519 or ecdh for performance.
> * curve25519 is less widely supported but is faster
> diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2024.84.bb
> similarity index 97%
> rename from meta/recipes-core/dropbear/dropbear_2022.83.bb
> rename to meta/recipes-core/dropbear/dropbear_2024.84.bb
> index 528eff1a10..69c7b04c55 100644
> --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb
> +++ b/meta/recipes-core/dropbear/dropbear_2024.84.bb
> @@ -21,10 +21,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
> file://dropbear.default \
> ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
> - file://CVE-2023-36328.patch \
> "
>
> -SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
> +SRC_URI[sha256sum] = "16e22b66b333d6b7e504c43679d04ed6ca30f2838db40a21f935c850dfc01009"
>
> PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
> file://0006-dropbear-configuration-file.patch \
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#198028): https://lists.openembedded.org/g/openembedded-core/message/198028
> Mute This Topic: https://lists.openembedded.org/mt/105417634/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2024-04-09 21:36 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-09 7:09 [OE-core] [PATCH 01/33] babeltrace2: upgrade 2.0.5 -> 2.0.6 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 02/33] bash-completion: upgrade 2.12.0 -> 2.13.0 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 03/33] btrfs-tools: upgrade 6.7.1 -> 6.8 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 04/33] coreutils: upgrade 9.4 -> 9.5 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 05/33] dnf: upgrade 4.19.0 -> 4.19.2 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 06/33] dropbear: upgrade 2022.83 -> 2024.84 wangmy
2024-04-09 21:36 ` Alexandre Belloni [this message]
2024-04-09 7:09 ` [OE-core] [PATCH 07/33] ell: upgrade 0.63 -> 0.64 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 08/33] enchant2: upgrade 2.6.8 -> 2.6.9 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 09/33] ffmpeg: upgrade 6.1.1 -> 7.0 wangmy
2024-04-10 0:46 ` Alexandre Belloni
2024-04-09 7:09 ` [OE-core] [PATCH 10/33] gnutls: upgrade 3.8.4 -> 3.8.5 wangmy
2024-04-10 0:45 ` Alexandre Belloni
2024-04-11 19:41 ` Simone Weiß
2024-04-12 14:39 ` Alexandre Belloni
2024-04-13 20:55 ` Simone Weiß
2024-04-14 18:07 ` Simone Weiß
2024-04-09 7:09 ` [OE-core] [PATCH 11/33] libdnf: upgrade 0.73.0 -> 0.73.1 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 12/33] libical: upgrade 3.0.17 -> 3.0.18 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 13/33] librepo: upgrade 1.17.0 -> 1.17.1 wangmy
2024-04-11 9:10 ` Alexandre Belloni
2024-04-12 0:52 ` Mingyu Wang (Fujitsu)
2024-04-12 6:46 ` Alexandre Belloni
2024-04-09 7:10 ` [OE-core] [PATCH 14/33] liburi-perl: upgrade 5.27 -> 5.28 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 15/33] libx11: upgrade 1.8.7 -> 1.8.9 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 16/33] libxmlb: upgrade 0.3.15 -> 0.3.17 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 17/33] libxmu: upgrade 1.1.4 -> 1.2.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 18/33] llvm: upgrade 18.1.2 -> 18.1.3 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 19/33] lttng-tools: upgrade 2.13.11 -> 2.13.13 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 20/33] man-db: upgrade 2.12.0 -> 2.12.1 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 21/33] mpg123: upgrade 1.32.5 -> 1.32.6 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 22/33] mtdev: upgrade 1.1.6 -> 1.1.7 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 23/33] pkgconf: upgrade 2.1.1 -> 2.2.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 24/33] python3-beartype: upgrade 0.17.2 -> 0.18.2 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 25/33] python3-build: upgrade 1.1.1 -> 1.2.1 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 26/33] python3-git: upgrade 3.1.42 -> 3.1.43 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 27/33] python3-pyasn1: upgrade 0.5.1 -> 0.6.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 28/33] python3-pycparser: upgrade 2.21 -> 2.22 wangmy
2024-04-09 9:29 ` Alexander Kanavin
2024-04-09 12:05 ` Trevor Gamblin
2024-04-09 7:10 ` [OE-core] [PATCH 29/33] python3-typing-extensions: upgrade 4.10.0 -> 4.11.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 30/33] rsync: upgrade 3.2.7 -> 3.3.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 31/33] ttyrun: upgrade 2.31.0 -> 2.32.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 32/33] u-boot: upgrade 2024.01 -> 2024.04 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 33/33] xorgproto: upgrade 2023.2 -> 2024.1 wangmy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240409213648c1161f49@mail.local \
--to=alexandre.belloni@bootlin.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=wangmy@fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.