From patchwork Sat Mar 15 14:18:12 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 59070 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6AC66C3600C for ; Sat, 15 Mar 2025 14:18:20 +0000 (UTC) Received: from a27-191.smtp-out.us-west-2.amazonses.com (a27-191.smtp-out.us-west-2.amazonses.com [54.240.27.191]) by mx.groups.io with SMTP id smtpd.web11.10358.1742048293296256688 for ; Sat, 15 Mar 2025 07:18:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx header.b=KvkcqbNJ; dkim=pass header.i=@amazonses.com header.s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx header.b=HnWSF5BF; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.191, mailfrom: 010101959a2b6f40-b9f28941-283d-4553-bed9-640e865fea32-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx; d=yoctoproject.org; t=1742048292; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=UNZacESDe7KJHRiu2x0l5Gfy9qDyLGplCBunJNowMHE=; b=KvkcqbNJKJQpUzcXwplrlYKvMOQDBBfTiS+lwtVI9KgA1LjhINolYUcnbV8WPdbD Xf5uC5M0+25gzW9WhYkVqcGv8FR0+JWiLq3FYji9Uo0aGj2ueu3CGLwK90RwsUiNkbG QEYchmvvB+hwl1ZCJbcJ2Zy8zoE1XWwsL2psdygg= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1742048292; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=UNZacESDe7KJHRiu2x0l5Gfy9qDyLGplCBunJNowMHE=; b=HnWSF5BFZ8ZqW1Np4Eym+qOSo7KHelpAekZTDTlJWOdlymZc+G5BwUI2WvXP0I0m yUJ9MdwkTSPo0PIAug//73CdezsfHK0On2RIGzMaZSXs8JdhheyknH0EysEgEOoYtx8 g/yrvhmG8Y7TW7xVpYI2NjjU1KGy2HTB/svUWRlo= MIME-Version: 1.0 From: auh@yoctoproject.org To: Yi Zhao Cc: openembedded-core@lists.openembedded.org Subject: [AUH] dropbear: upgrading to 2025.87 FAILED Message-ID: <010101959a2b6f40-b9f28941-283d-4553-bed9-640e865fea32-000000@us-west-2.amazonses.com> Date: Sat, 15 Mar 2025 14:18:12 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2025.03.15-54.240.27.191 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Sat, 15 Mar 2025 14:18:20 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/212889 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *dropbear* to *2025.87* has Failed(do_compile). Detailed error information: do_compile failed Next steps: - apply the patch: git am 0001-dropbear-upgrade-2024.86-2025.87.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 8324c29e53904d8605c86a01fe3ac75bb50b0fdb Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Sat, 15 Mar 2025 07:19:00 +0000 Subject: [PATCH] dropbear: upgrade 2024.86 -> 2025.87 --- ...1-urandom-xauth-changes-to-options.h.patch | 6 ++-- .../dropbear/0005-dropbear-enable-pam.patch | 8 +++--- .../0006-dropbear-configuration-file.patch | 2 +- .../dropbear-disable-weak-ciphers.patch | 28 ------------------- ...ropbear_2024.86.bb => dropbear_2025.87.bb} | 2 +- 5 files changed, 9 insertions(+), 37 deletions(-) delete mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch rename meta/recipes-core/dropbear/{dropbear_2024.86.bb => dropbear_2025.87.bb} (98%) diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 9c1dd3f606..e947302f6d 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -1,4 +1,4 @@ -From cdc6a4a57a86d8116a92a5d905993e65cf723556 Mon Sep 17 00:00:00 2001 +From 523debd0ade42175add11ffe19077c620c193477 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Wed, 31 Aug 2005 10:45:47 +0000 Subject: [PATCH] urandom-xauth-changes-to-options.h @@ -9,10 +9,10 @@ Upstream-Status: Inappropriate [configuration] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/default_options.h b/src/default_options.h -index 6e970bb..ccc8b47 100644 +index 6e58a29..5ddaa59 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -311,7 +311,7 @@ group1 in Dropbear server too */ +@@ -317,7 +317,7 @@ group1 in Dropbear server too */ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 6743f506e9..1077321694 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -1,4 +1,4 @@ -From 253ca01f0fc50dbaeb2ff8bcece0c34256eba94f Mon Sep 17 00:00:00 2001 +From 00448d4ffac4ca4240aceef294bb77debfcea7ca Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Wed, 2 Dec 2015 11:36:02 +0200 Subject: [PATCH] Enable pam @@ -15,10 +15,10 @@ Signed-off-by: Jussi Kukkonen 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/default_options.h b/src/default_options.h -index ccc8b47..12768d1 100644 +index 5ddaa59..2221442 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -228,7 +228,7 @@ group1 in Dropbear server too */ +@@ -234,7 +234,7 @@ group1 in Dropbear server too */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ @@ -27,7 +27,7 @@ index ccc8b47..12768d1 100644 /* Note: PAM auth is quite simple and only works for PAM modules which just do * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). -@@ -236,7 +236,7 @@ group1 in Dropbear server too */ +@@ -242,7 +242,7 @@ group1 in Dropbear server too */ * but there's an interface via a PAM module. It won't work for more complex * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch index 44861088cc..6f94d59f2d 100644 --- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch @@ -1,4 +1,4 @@ -From 16b147f97f0938cddb55ec1c90bc919c13f26fc0 Mon Sep 17 00:00:00 2001 +From 4b30e27e5816c9b37af6857be110b6de2f556351 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Thu, 6 Sep 2018 15:54:00 +0800 Subject: [PATCH] dropbear configuration file diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch deleted file mode 100644 index a20781d31d..0000000000 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c8a0c8e87b772576f3a431c3b4cacaf5aa001dcc Mon Sep 17 00:00:00 2001 -From: Joseph Reynolds -Date: Thu, 20 Jun 2019 16:29:15 -0500 -Subject: [PATCH] dropbear: new feature: disable-weak-ciphers - -This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers -in the dropbear ssh server and client since they're considered weak ciphers -and we want to support the stong algorithms. - -Upstream-Status: Inappropriate [configuration] -Signed-off-by: Joseph Reynolds ---- - src/default_options.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/default_options.h b/src/default_options.h -index 12768d1..2b07497 100644 ---- a/src/default_options.h -+++ b/src/default_options.h -@@ -197,7 +197,7 @@ IMPORTANT: Some options will require "make clean" after changes */ - * Small systems should generally include either curve25519 or ecdh for performance. - * curve25519 is less widely supported but is faster - */ --#define DROPBEAR_DH_GROUP14_SHA1 1 -+#define DROPBEAR_DH_GROUP14_SHA1 0 - #define DROPBEAR_DH_GROUP14_SHA256 1 - #define DROPBEAR_DH_GROUP16 0 - #define DROPBEAR_CURVE25519 1 diff --git a/meta/recipes-core/dropbear/dropbear_2024.86.bb b/meta/recipes-core/dropbear/dropbear_2025.87.bb similarity index 98% rename from meta/recipes-core/dropbear/dropbear_2024.86.bb rename to meta/recipes-core/dropbear/dropbear_2025.87.bb index be246a0ccd..e0cfbe67d7 100644 --- a/meta/recipes-core/dropbear/dropbear_2024.86.bb +++ b/meta/recipes-core/dropbear/dropbear_2025.87.bb @@ -23,7 +23,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ " -SRC_URI[sha256sum] = "e78936dffc395f2e0db099321d6be659190966b99712b55c530dd0a1822e0a5e" +SRC_URI[sha256sum] = "738b7f358547f0c64c3e1a56bbc5ef98d34d9ec6adf9ccdf01dc0bf2caa2bc8d" PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \