From patchwork Wed May 1 16:00:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 43041 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id BF750C27C42 for ; Wed, 1 May 2024 16:00:20 +0000 (UTC) Received: from a27-23.smtp-out.us-west-2.amazonses.com (a27-23.smtp-out.us-west-2.amazonses.com [54.240.27.23]) by mx.groups.io with SMTP id smtpd.web11.1093.1714579215146077115 for ; Wed, 01 May 2024 09:00:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky header.b=ACZ9TmWb; dkim=pass header.i=@amazonses.com header.s=7v7vs6w47njt4pimodk5mmttbegzsi6n header.b=NU9Tj9ap; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.23, mailfrom: 0101018f34e28ff8-0ce13086-41ce-46a6-acf9-ca7dbdf73c60-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=lvjh2tk576v2ro5mi6k4dt3mc6wpqbky; d=yoctoproject.org; t=1714579214; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=u808l298x92rhe9YYMc3vWEqZqfDlY6i8mvDD8uvCc8=; b=ACZ9TmWbmORN0bzEdtxYBmXRDUmmDbcneaVzwk364rv9ebL3CZln529Pn8/EQGS7 L3FRwsa0VW5fjsUtLGeDYbRtaKqnBSKr1hfN/OF5XDVfgzzZKW8NoEhDpwQztvC0M7i 1r70B4+gTpMZ93skXt445vtVRFhmEHsWrjNt7Q2w= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=7v7vs6w47njt4pimodk5mmttbegzsi6n; d=amazonses.com; t=1714579214; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=u808l298x92rhe9YYMc3vWEqZqfDlY6i8mvDD8uvCc8=; b=NU9Tj9apljcA87GSEjQDOTd+WkcMCnDP5s6Snfo1xrfZROQJTEsT+W/0sns0Ensa aaqaJMO24KQtox0uTox79LoOY3zEBAOaPR1Vfafxx9LdOWqPxADuK9vJX4ip8Sx4zec wjh3iHH5OCRm1i81KY+tVP7Z5SeqHVnOxEgPT5gQ= MIME-Version: 1.0 From: auh@yoctoproject.org To: Yi Zhao Cc: openembedded-core@lists.openembedded.org Subject: [AUH] dropbear: upgrading to 2024.85 SUCCEEDED Message-ID: <0101018f34e28ff8-0ce13086-41ce-46a6-acf9-ca7dbdf73c60-000000@us-west-2.amazonses.com> Date: Wed, 1 May 2024 16:00:14 +0000 Feedback-ID: 1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2024.05.01-54.240.27.23 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 01 May 2024 16:00:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/198794 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe *dropbear* to *2024.85* has Succeeded. Next steps: - apply the patch: git am 0001-dropbear-upgrade-2024.84-2024.85.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 200af49f572c2eba4b215730c54e658006c1e686 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Wed, 1 May 2024 05:17:56 +0000 Subject: [PATCH] dropbear: upgrade 2024.84 -> 2024.85 --- .../0001-urandom-xauth-changes-to-options.h.patch | 8 ++++---- .../dropbear/0005-dropbear-enable-pam.patch | 13 +++++-------- .../dropbear/0006-dropbear-configuration-file.patch | 11 ++++------- .../dropbear/dropbear-disable-weak-ciphers.patch | 9 +++------ .../{dropbear_2024.84.bb => dropbear_2024.85.bb} | 2 +- 5 files changed, 17 insertions(+), 26 deletions(-) rename meta/recipes-core/dropbear/{dropbear_2024.84.bb => dropbear_2024.85.bb} (98%) diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index c74f09e484..0cf572a02a 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -1,4 +1,7 @@ -Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h +From 431c421cf3ad93f580efd401e0ad8d9fa08d3f3d Mon Sep 17 00:00:00 2001 +From: Richard Purdie +Date: Wed, 31 Aug 2005 10:45:47 +0000 +Subject: [PATCH] urandom-xauth-changes-to-options.h Upstream-Status: Inappropriate [configuration] --- @@ -18,6 +21,3 @@ index 6e970bb..ccc8b47 100644 /* If you want to enable running an sftp server (such as the one included with --- -2.34.1 - diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index fe667ddc25..ee7d46ed17 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -1,7 +1,7 @@ -From b8cece92ba19aa77ac013ea161bfe4c7147747c9 Mon Sep 17 00:00:00 2001 +From 70959c18d1fd89329e6bdd3d782929dc60ce8449 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Wed, 2 Dec 2015 11:36:02 +0200 -Subject: Enable pam +Subject: [PATCH] Enable pam We need modify file default_options.h besides enabling pam in configure if we want dropbear to support pam. @@ -15,10 +15,10 @@ Signed-off-by: Jussi Kukkonen 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/default_options.h b/src/default_options.h -index 0e3d027..349338c 100644 +index ccc8b47..12768d1 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -210,7 +210,7 @@ group1 in Dropbear server too */ +@@ -228,7 +228,7 @@ group1 in Dropbear server too */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ @@ -27,7 +27,7 @@ index 0e3d027..349338c 100644 /* Note: PAM auth is quite simple and only works for PAM modules which just do * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). -@@ -218,7 +218,7 @@ group1 in Dropbear server too */ +@@ -236,7 +236,7 @@ group1 in Dropbear server too */ * but there's an interface via a PAM module. It won't work for more complex * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ @@ -36,6 +36,3 @@ index 0e3d027..349338c 100644 /* ~/.ssh/authorized_keys authentication. * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ --- -2.25.1 - diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch index f54f634a4e..40f36d1362 100644 --- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch @@ -1,4 +1,4 @@ -From e3a5db1b6d3f6382a15b2266458c26c645a10f18 Mon Sep 17 00:00:00 2001 +From 94873be8ee31d9ea0adc3c5eeb7ba08124640ed2 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Thu, 6 Sep 2018 15:54:00 +0800 Subject: [PATCH] dropbear configuration file @@ -15,11 +15,11 @@ Signed-off-by: Mingli Yu src/svr-authpam.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -diff --git a/srec/svr-authpam.c b/src/svr-authpam.c -index d201bc9..165ec5c 100644 +diff --git a/src/svr-authpam.c b/src/svr-authpam.c +index ec14632..026102f 100644 --- a/src/svr-authpam.c +++ b/src/svr-authpam.c -@@ -223,7 +223,7 @@ void svr_auth_pam(int valid_user) { +@@ -224,7 +224,7 @@ void svr_auth_pam(int valid_user) { } /* Init pam */ @@ -28,6 +28,3 @@ index d201bc9..165ec5c 100644 dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", rc, pam_strerror(pamHandlep, rc)); goto cleanup; --- -2.7.4 - diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch index f998caa255..5946d051f2 100644 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch @@ -1,4 +1,4 @@ -From c347ece05a7fdbf50d76cb136b9ed45caed333f6 Mon Sep 17 00:00:00 2001 +From e7f91072fb5be30ad83acb8d0f0f0fc7a20f7617 Mon Sep 17 00:00:00 2001 From: Joseph Reynolds Date: Thu, 20 Jun 2019 16:29:15 -0500 Subject: [PATCH] dropbear: new feature: disable-weak-ciphers @@ -14,10 +14,10 @@ Signed-off-by: Joseph Reynolds 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/default_options.h b/src/default_options.h -index d417588..bc5200f 100644 +index 12768d1..2b07497 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -180,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */ +@@ -197,7 +197,7 @@ IMPORTANT: Some options will require "make clean" after changes */ * Small systems should generally include either curve25519 or ecdh for performance. * curve25519 is less widely supported but is faster */ @@ -26,6 +26,3 @@ index d417588..bc5200f 100644 #define DROPBEAR_DH_GROUP14_SHA256 1 #define DROPBEAR_DH_GROUP16 0 #define DROPBEAR_CURVE25519 1 --- -2.25.1 - diff --git a/meta/recipes-core/dropbear/dropbear_2024.84.bb b/meta/recipes-core/dropbear/dropbear_2024.85.bb similarity index 98% rename from meta/recipes-core/dropbear/dropbear_2024.84.bb rename to meta/recipes-core/dropbear/dropbear_2024.85.bb index 69c7b04c55..90e3f1d0bd 100644 --- a/meta/recipes-core/dropbear/dropbear_2024.84.bb +++ b/meta/recipes-core/dropbear/dropbear_2024.85.bb @@ -23,7 +23,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ " -SRC_URI[sha256sum] = "16e22b66b333d6b7e504c43679d04ed6ca30f2838db40a21f935c850dfc01009" +SRC_URI[sha256sum] = "86b036c433a69d89ce51ebae335d65c47738ccf90d13e5eb0fea832e556da502" PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \