From: Alexandre Belloni <alexandre.belloni@bootlin.com>
To: wangmy@fujitsu.com
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH 06/33] dropbear: upgrade 2022.83 -> 2024.84
Date: Tue, 9 Apr 2024 23:36:48 +0200 [thread overview]
Message-ID: <20240409213648c1161f49@mail.local> (raw)
In-Reply-To: <1712646620-16608-6-git-send-email-wangmy@fujitsu.com>
ERROR: dropbear-2024.84-r0 do_patch: Applying patch '0005-dropbear-enable-pam.patch' on target directory '/home/pokybuild/yocto-worker/beaglebone-alt/build/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/dropbear/2024.84/dropbear-2024.84'
CmdError('quilt --quiltrc /home/pokybuild/yocto-worker/beaglebone-alt/build/build/tmp/work/cortexa8hf-neon-poky-linux-gnueabi/dropbear/2024.84/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch 0005-dropbear-enable-pam.patch
can't find file to patch at input line 21
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From b8cece92ba19aa77ac013ea161bfe4c7147747c9 Mon Sep 17 00:00:00 2001
|From: Jussi Kukkonen <jussi.kukkonen@intel.com>
|Date: Wed, 2 Dec 2015 11:36:02 +0200
|Subject: Enable pam
|
|We need modify file default_options.h besides enabling pam in
|configure if we want dropbear to support pam.
|
|Upstream-Status: Pending
|
|Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com>
|Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
|---
| default_options.h | 4 ++--
| 1 file changed, 2 insertions(+), 2 deletions(-)
|
|diff --git a/default_options.h b/default_options.h
|index 0e3d027..349338c 100644
|--- a/default_options.h
|+++ b/default_options.h
--------------------------
No file to patch. Skipping patch.
2 out of 2 hunks ignored
Patch 0005-dropbear-enable-pam.patch does not apply (enforce with -f)
stderr: ")
On 09/04/2024 15:09:53+0800, wangmy via lists.openembedded.org wrote:
> From: Wang Mingyu <wangmy@fujitsu.com>
>
> 0001-urandom-xauth-changes-to-options.h.patch
> dropbear-disable-weak-ciphers.patch
> refreshed for 2024.84
>
> CVE-2023-36328.patch
> removed since it's included in 2024.84
>
> Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
> ---
> ...1-urandom-xauth-changes-to-options.h.patch | 14 +-
> .../dropbear/dropbear/CVE-2023-36328.patch | 144 ------------------
> .../dropbear-disable-weak-ciphers.patch | 6 +-
> ...ropbear_2022.83.bb => dropbear_2024.84.bb} | 3 +-
> 4 files changed, 11 insertions(+), 156 deletions(-)
> delete mode 100644 meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
> rename meta/recipes-core/dropbear/{dropbear_2022.83.bb => dropbear_2024.84.bb} (97%)
>
> diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
> index 99adcfd770..c74f09e484 100644
> --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
> +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch
> @@ -2,14 +2,14 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
>
> Upstream-Status: Inappropriate [configuration]
> ---
> - default_options.h | 2 +-
> + src/default_options.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/default_options.h b/default_options.h
> -index 349338c..5ffac25 100644
> ---- a/default_options.h
> -+++ b/default_options.h
> -@@ -289,7 +289,7 @@ group1 in Dropbear server too */
> +diff --git a/src/default_options.h b/src/default_options.h
> +index 6e970bb..ccc8b47 100644
> +--- a/src/default_options.h
> ++++ b/src/default_options.h
> +@@ -311,7 +311,7 @@ group1 in Dropbear server too */
>
> /* The command to invoke for xauth when using X11 forwarding.
> * "-q" for quiet */
> @@ -19,5 +19,5 @@ index 349338c..5ffac25 100644
>
> /* If you want to enable running an sftp server (such as the one included with
> --
> -2.25.1
> +2.34.1
>
> diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch b/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
> deleted file mode 100644
> index ec50d69816..0000000000
> --- a/meta/recipes-core/dropbear/dropbear/CVE-2023-36328.patch
> +++ /dev/null
> @@ -1,144 +0,0 @@
> -From beba892bc0d4e4ded4d667ab1d2a94f4d75109a9 Mon Sep 17 00:00:00 2001
> -From: czurnieden <czurnieden@gmx.de>
> -Date: Fri, 8 Sep 2023 10:07:32 +0000
> -Subject: [PATCH] Fix possible integer overflow
> -
> -CVE: CVE-2023-36328
> -
> -Upstream-Status: Backport [https://github.com/libtom/libtommath/commit/beba892bc0d4e4ded4d667ab1d2a94f4d75109a9]
> -
> -Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
> ----
> - libtommath/bn_mp_2expt.c | 4 ++++
> - libtommath/bn_mp_grow.c | 4 ++++
> - libtommath/bn_mp_init_size.c | 5 +++++
> - libtommath/bn_mp_mul_2d.c | 4 ++++
> - libtommath/bn_s_mp_mul_digs.c | 4 ++++
> - libtommath/bn_s_mp_mul_digs_fast.c | 4 ++++
> - libtommath/bn_s_mp_mul_high_digs.c | 4 ++++
> - libtommath/bn_s_mp_mul_high_digs_fast.c | 4 ++++
> - 8 files changed, 33 insertions(+)
> -
> -diff --git a/libtommath/bn_mp_2expt.c b/libtommath/bn_mp_2expt.c
> -index 0ae3df1..ca6fbc3 100644
> ---- a/libtommath/bn_mp_2expt.c
> -+++ b/libtommath/bn_mp_2expt.c
> -@@ -12,6 +12,10 @@ mp_err mp_2expt(mp_int *a, int b)
> - {
> - mp_err err;
> -
> -+ if (b < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* zero a as per default */
> - mp_zero(a);
> -
> -diff --git a/libtommath/bn_mp_grow.c b/libtommath/bn_mp_grow.c
> -index 9e904c5..2b16826 100644
> ---- a/libtommath/bn_mp_grow.c
> -+++ b/libtommath/bn_mp_grow.c
> -@@ -9,6 +9,10 @@ mp_err mp_grow(mp_int *a, int size)
> - int i;
> - mp_digit *tmp;
> -
> -+ if (size < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* if the alloc size is smaller alloc more ram */
> - if (a->alloc < size) {
> - /* reallocate the array a->dp
> -diff --git a/libtommath/bn_mp_init_size.c b/libtommath/bn_mp_init_size.c
> -index d622687..5fefa96 100644
> ---- a/libtommath/bn_mp_init_size.c
> -+++ b/libtommath/bn_mp_init_size.c
> -@@ -6,6 +6,11 @@
> - /* init an mp_init for a given size */
> - mp_err mp_init_size(mp_int *a, int size)
> - {
> -+
> -+ if (size < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - size = MP_MAX(MP_MIN_PREC, size);
> -
> - /* alloc mem */
> -diff --git a/libtommath/bn_mp_mul_2d.c b/libtommath/bn_mp_mul_2d.c
> -index 87354de..2744163 100644
> ---- a/libtommath/bn_mp_mul_2d.c
> -+++ b/libtommath/bn_mp_mul_2d.c
> -@@ -9,6 +9,10 @@ mp_err mp_mul_2d(const mp_int *a, int b, mp_int *c)
> - mp_digit d;
> - mp_err err;
> -
> -+ if (b < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* copy */
> - if (a != c) {
> - if ((err = mp_copy(a, c)) != MP_OKAY) {
> -diff --git a/libtommath/bn_s_mp_mul_digs.c b/libtommath/bn_s_mp_mul_digs.c
> -index 64509d4..2d2f5b0 100644
> ---- a/libtommath/bn_s_mp_mul_digs.c
> -+++ b/libtommath/bn_s_mp_mul_digs.c
> -@@ -16,6 +16,10 @@ mp_err s_mp_mul_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
> - mp_word r;
> - mp_digit tmpx, *tmpt, *tmpy;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* can we use the fast multiplier? */
> - if ((digs < MP_WARRAY) &&
> - (MP_MIN(a->used, b->used) < MP_MAXFAST)) {
> -diff --git a/libtommath/bn_s_mp_mul_digs_fast.c b/libtommath/bn_s_mp_mul_digs_fast.c
> -index b2a287b..d6dd3cc 100644
> ---- a/libtommath/bn_s_mp_mul_digs_fast.c
> -+++ b/libtommath/bn_s_mp_mul_digs_fast.c
> -@@ -26,6 +26,10 @@ mp_err s_mp_mul_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int digs)
> - mp_digit W[MP_WARRAY];
> - mp_word _W;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* grow the destination as required */
> - if (c->alloc < digs) {
> - if ((err = mp_grow(c, digs)) != MP_OKAY) {
> -diff --git a/libtommath/bn_s_mp_mul_high_digs.c b/libtommath/bn_s_mp_mul_high_digs.c
> -index 2bb2a50..c9dd355 100644
> ---- a/libtommath/bn_s_mp_mul_high_digs.c
> -+++ b/libtommath/bn_s_mp_mul_high_digs.c
> -@@ -15,6 +15,10 @@ mp_err s_mp_mul_high_digs(const mp_int *a, const mp_int *b, mp_int *c, int digs)
> - mp_word r;
> - mp_digit tmpx, *tmpt, *tmpy;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* can we use the fast multiplier? */
> - if (MP_HAS(S_MP_MUL_HIGH_DIGS_FAST)
> - && ((a->used + b->used + 1) < MP_WARRAY)
> -diff --git a/libtommath/bn_s_mp_mul_high_digs_fast.c b/libtommath/bn_s_mp_mul_high_digs_fast.c
> -index a2c4fb6..afe3e4b 100644
> ---- a/libtommath/bn_s_mp_mul_high_digs_fast.c
> -+++ b/libtommath/bn_s_mp_mul_high_digs_fast.c
> -@@ -19,6 +19,10 @@ mp_err s_mp_mul_high_digs_fast(const mp_int *a, const mp_int *b, mp_int *c, int
> - mp_digit W[MP_WARRAY];
> - mp_word _W;
> -
> -+ if (digs < 0) {
> -+ return MP_VAL;
> -+ }
> -+
> - /* grow the destination as required */
> - pa = a->used + b->used;
> - if (c->alloc < pa) {
> ---
> -2.35.5
> diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
> index 5c60868ed8..03b452ee0a 100644
> --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
> +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch
> @@ -13,10 +13,10 @@ Signed-off-by: Joseph Reynolds <joseph.reynolds1@ibm.com>
> default_options.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> -diff --git a/default_options.h b/default_options.h
> +diff --git a/src/default_options.h b/src/default_options.h
> index d417588..bc5200f 100644
> ---- a/default_options.h
> -+++ b/default_options.h
> +--- a/src/default_options.h
> ++++ b/src/default_options.h
> @@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
> * Small systems should generally include either curve25519 or ecdh for performance.
> * curve25519 is less widely supported but is faster
> diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2024.84.bb
> similarity index 97%
> rename from meta/recipes-core/dropbear/dropbear_2022.83.bb
> rename to meta/recipes-core/dropbear/dropbear_2024.84.bb
> index 528eff1a10..69c7b04c55 100644
> --- a/meta/recipes-core/dropbear/dropbear_2022.83.bb
> +++ b/meta/recipes-core/dropbear/dropbear_2024.84.bb
> @@ -21,10 +21,9 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
> file://dropbear.default \
> ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
> ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
> - file://CVE-2023-36328.patch \
> "
>
> -SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
> +SRC_URI[sha256sum] = "16e22b66b333d6b7e504c43679d04ed6ca30f2838db40a21f935c850dfc01009"
>
> PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
> file://0006-dropbear-configuration-file.patch \
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#198028): https://lists.openembedded.org/g/openembedded-core/message/198028
> Mute This Topic: https://lists.openembedded.org/mt/105417634/3617179
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alexandre.belloni@bootlin.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2024-04-09 21:36 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-09 7:09 [OE-core] [PATCH 01/33] babeltrace2: upgrade 2.0.5 -> 2.0.6 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 02/33] bash-completion: upgrade 2.12.0 -> 2.13.0 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 03/33] btrfs-tools: upgrade 6.7.1 -> 6.8 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 04/33] coreutils: upgrade 9.4 -> 9.5 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 05/33] dnf: upgrade 4.19.0 -> 4.19.2 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 06/33] dropbear: upgrade 2022.83 -> 2024.84 wangmy
2024-04-09 21:36 ` Alexandre Belloni [this message]
2024-04-09 7:09 ` [OE-core] [PATCH 07/33] ell: upgrade 0.63 -> 0.64 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 08/33] enchant2: upgrade 2.6.8 -> 2.6.9 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 09/33] ffmpeg: upgrade 6.1.1 -> 7.0 wangmy
2024-04-10 0:46 ` Alexandre Belloni
2024-04-09 7:09 ` [OE-core] [PATCH 10/33] gnutls: upgrade 3.8.4 -> 3.8.5 wangmy
2024-04-10 0:45 ` Alexandre Belloni
2024-04-11 19:41 ` Simone Weiß
2024-04-12 14:39 ` Alexandre Belloni
2024-04-13 20:55 ` Simone Weiß
2024-04-14 18:07 ` Simone Weiß
2024-04-09 7:09 ` [OE-core] [PATCH 11/33] libdnf: upgrade 0.73.0 -> 0.73.1 wangmy
2024-04-09 7:09 ` [OE-core] [PATCH 12/33] libical: upgrade 3.0.17 -> 3.0.18 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 13/33] librepo: upgrade 1.17.0 -> 1.17.1 wangmy
2024-04-11 9:10 ` Alexandre Belloni
2024-04-12 0:52 ` Mingyu Wang (Fujitsu)
2024-04-12 6:46 ` Alexandre Belloni
2024-04-09 7:10 ` [OE-core] [PATCH 14/33] liburi-perl: upgrade 5.27 -> 5.28 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 15/33] libx11: upgrade 1.8.7 -> 1.8.9 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 16/33] libxmlb: upgrade 0.3.15 -> 0.3.17 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 17/33] libxmu: upgrade 1.1.4 -> 1.2.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 18/33] llvm: upgrade 18.1.2 -> 18.1.3 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 19/33] lttng-tools: upgrade 2.13.11 -> 2.13.13 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 20/33] man-db: upgrade 2.12.0 -> 2.12.1 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 21/33] mpg123: upgrade 1.32.5 -> 1.32.6 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 22/33] mtdev: upgrade 1.1.6 -> 1.1.7 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 23/33] pkgconf: upgrade 2.1.1 -> 2.2.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 24/33] python3-beartype: upgrade 0.17.2 -> 0.18.2 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 25/33] python3-build: upgrade 1.1.1 -> 1.2.1 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 26/33] python3-git: upgrade 3.1.42 -> 3.1.43 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 27/33] python3-pyasn1: upgrade 0.5.1 -> 0.6.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 28/33] python3-pycparser: upgrade 2.21 -> 2.22 wangmy
2024-04-09 9:29 ` Alexander Kanavin
2024-04-09 12:05 ` Trevor Gamblin
2024-04-09 7:10 ` [OE-core] [PATCH 29/33] python3-typing-extensions: upgrade 4.10.0 -> 4.11.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 30/33] rsync: upgrade 3.2.7 -> 3.3.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 31/33] ttyrun: upgrade 2.31.0 -> 2.32.0 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 32/33] u-boot: upgrade 2024.01 -> 2024.04 wangmy
2024-04-09 7:10 ` [OE-core] [PATCH 33/33] xorgproto: upgrade 2023.2 -> 2024.1 wangmy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240409213648c1161f49@mail.local \
--to=alexandre.belloni@bootlin.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=wangmy@fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox