* [PATCH] disable medium-strength dropbear ssh ciphers
@ 2018-09-07 19:16 joseph-reynolds
2018-09-07 20:02 ` ✗ patchtest: failure for " Patchwork
2018-09-12 12:20 ` [PATCH] " Burton, Ross
0 siblings, 2 replies; 3+ messages in thread
From: joseph-reynolds @ 2018-09-07 19:16 UTC (permalink / raw)
To: 'openembedded-core@lists.openembedded.org'
[-- Attachment #1: Type: text/plain, Size: 954 bytes --]
This changes the Dropbear SSH server configuration so it will not
accept medium-strength encryption ciphers including: CBC mode, MD5,
96-bit MAC, and triple DES.
Upstream-Status: Pending
Signed-off-by: Joseph Reynolds
---
meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h
diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h
b/meta/recipes-core/dropbear/dropbear/localoptions.h
new file mode 100644
index 0000000..ec48c26
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/localoptions.h
@@ -0,0 +1,8 @@
+/* Customize dropbear per default_options.h in the dropbear project
*/
+
+/* Disable insecure ciphers */
+#define DROPBEAR_TWOFISH256 0
+#define DROPBEAR_TWOFISH128 0
+#define DROPBEAR_ENABLE_CBC_MODE 0
+#define DROPBEAR_SHA1_HMAC 0
+#define DROPBEAR_SHA1_96_HMAC 0
--
2.7.2
[-- Attachment #2: Type: text/html, Size: 1101 bytes --]
^ permalink raw reply related [flat|nested] 3+ messages in thread
* ✗ patchtest: failure for disable medium-strength dropbear ssh ciphers
2018-09-07 19:16 [PATCH] disable medium-strength dropbear ssh ciphers joseph-reynolds
@ 2018-09-07 20:02 ` Patchwork
2018-09-12 12:20 ` [PATCH] " Burton, Ross
1 sibling, 0 replies; 3+ messages in thread
From: Patchwork @ 2018-09-07 20:02 UTC (permalink / raw)
To: joseph-reynolds; +Cc: openembedded-core
== Series Details ==
Series: disable medium-strength dropbear ssh ciphers
Revision: 1
URL : https://patchwork.openembedded.org/series/13972/
State : failure
== Summary ==
Thank you for submitting this patch series to OpenEmbedded Core. This is
an automated response. Several tests have been executed on the proposed
series by patchtest resulting in the following failures:
* Issue Series cannot be parsed correctly due to malformed diff lines [test_mbox_format]
Suggested fix Create the series again using git-format-patch and ensure it can be applied using git am
Diff line */
* Issue Series does not apply on top of target branch [test_series_merge_on_head]
Suggested fix Rebase your series on top of targeted branch
Targeted branch master (currently at 0191456d81)
* Patch disable medium-strength dropbear ssh ciphers
Issue Shortlog does not follow expected format [test_shortlog_format]
Suggested fix Commit shortlog (first line of commit message) should follow the format "<target>: <summary>"
If you believe any of these test results are incorrect, please reply to the
mailing list (openembedded-core@lists.openembedded.org) raising your concerns.
Otherwise we would appreciate you correcting the issues and submitting a new
version of the patchset if applicable. Please ensure you add/increment the
version number when sending the new version (i.e. [PATCH] -> [PATCH v2] ->
[PATCH v3] -> ...).
---
Guidelines: https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines
Test framework: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest
Test suite: http://git.yoctoproject.org/cgit/cgit.cgi/patchtest-oe
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] disable medium-strength dropbear ssh ciphers
2018-09-07 19:16 [PATCH] disable medium-strength dropbear ssh ciphers joseph-reynolds
2018-09-07 20:02 ` ✗ patchtest: failure for " Patchwork
@ 2018-09-12 12:20 ` Burton, Ross
1 sibling, 0 replies; 3+ messages in thread
From: Burton, Ross @ 2018-09-12 12:20 UTC (permalink / raw)
To: joseph-reynolds; +Cc: openembedded-core@lists.openembedded.org
Presumably this doesn't actually work as you're just adding a file to
git without actually referring to it anywhere.
Ross
On 7 September 2018 at 20:16, <joseph-reynolds@charter.net> wrote:
> This changes the Dropbear SSH server configuration so it will not
> accept medium-strength encryption ciphers including: CBC mode, MD5,
> 96-bit MAC, and triple DES.
>
> Upstream-Status: Pending
>
> Signed-off-by: Joseph Reynolds <joseph-reynolds@charter.net>
> ---
> meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++
> 1 file changed, 8 insertions(+)
> create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h
>
> diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h
> b/meta/recipes-core/dropbear/dropbear/localoptions.h
> new file mode 100644
> index 0000000..ec48c26
> --- /dev/null
> +++ b/meta/recipes-core/dropbear/dropbear/localoptions.h
> @@ -0,0 +1,8 @@
> +/* Customize dropbear per default_options.h in the dropbear project */
> +
> +/* Disable insecure ciphers */
> +#define DROPBEAR_TWOFISH256 0
> +#define DROPBEAR_TWOFISH128 0
> +#define DROPBEAR_ENABLE_CBC_MODE 0
> +#define DROPBEAR_SHA1_HMAC 0
> +#define DROPBEAR_SHA1_96_HMAC 0
> --
> 2.7.2
>
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-09-12 12:20 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2018-09-07 19:16 [PATCH] disable medium-strength dropbear ssh ciphers joseph-reynolds
2018-09-07 20:02 ` ✗ patchtest: failure for " Patchwork
2018-09-12 12:20 ` [PATCH] " Burton, Ross
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox