From patchwork Tue Apr 15 13:32:53 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 61304 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E69DC369C3 for ; Tue, 15 Apr 2025 13:32:54 +0000 (UTC) Received: from a27-30.smtp-out.us-west-2.amazonses.com (a27-30.smtp-out.us-west-2.amazonses.com [54.240.27.30]) by mx.groups.io with SMTP id smtpd.web11.20168.1744723973912470264 for ; Tue, 15 Apr 2025 06:32:54 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx header.b=HQbwaZW9; dkim=pass header.i=@amazonses.com header.s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx header.b=i9oD5EEM; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.30, mailfrom: 0101019639a71493-6e7c5d70-fe9f-4b2e-8ca0-be979c8d0461-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=rnkzp2s7ci3kogmesvov2nwn7wcc2dgx; d=yoctoproject.org; t=1744723973; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=kW9LU2yovU6Kgr3eBzMozwcz29gHz3INYak4XH3kA7k=; b=HQbwaZW9jWAfEYd8MXgUy736Epg4AEYN+ULigdsUugLGwDuhChyKbWkG1Y+FZBd/ 5qHmQaMC0twPAmySjV/C/7RdG8jRxN2SMTti6VGutF3ERZfWHKJ8IQGOmmps72ME0Gr 6eDCPSxbEOv9oD0kGHRkj0Oy4CYyIHzToOWroJFM= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1744723973; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=kW9LU2yovU6Kgr3eBzMozwcz29gHz3INYak4XH3kA7k=; b=i9oD5EEMLOdx5pVnBXcZGuAFeQDUbIxlu0dPW+nZm3jLWxZtctwviVrOLHj72b+u 9CWlq7IXsnGgJStUa2IwCBob4whRNIImuJE2w2azmWEK9cp1nEJPZd1EIfJbAbY+sl/ W8LXVzOmfOwYwMT9qs2se8MIXw33TD1Iilw7bRzo= MIME-Version: 1.0 From: auh@yoctoproject.org To: Yi Zhao Cc: openembedded-core@lists.openembedded.org Subject: [AUH] dropbear: upgrading to 2025.87 FAILED Message-ID: <0101019639a71493-6e7c5d70-fe9f-4b2e-8ca0-be979c8d0461-000000@us-west-2.amazonses.com> Date: Tue, 15 Apr 2025 13:32:53 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2025.04.15-54.240.27.30 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 15 Apr 2025 13:32:54 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/214864 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *dropbear* to *2025.87* has Failed(do_compile). Detailed error information: do_compile failed Next steps: - apply the patch: git am 0001-dropbear-upgrade-2024.86-2025.87.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 008d15b3c6fc9bfd26543d77e83c168721847b16 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Tue, 15 Apr 2025 06:48:04 +0000 Subject: [PATCH] dropbear: upgrade 2024.86 -> 2025.87 --- ...1-urandom-xauth-changes-to-options.h.patch | 6 ++-- .../dropbear/0005-dropbear-enable-pam.patch | 8 +++--- .../0006-dropbear-configuration-file.patch | 2 +- .../dropbear-disable-weak-ciphers.patch | 28 ------------------- ...ropbear_2024.86.bb => dropbear_2025.87.bb} | 2 +- 5 files changed, 9 insertions(+), 37 deletions(-) delete mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch rename meta/recipes-core/dropbear/{dropbear_2024.86.bb => dropbear_2025.87.bb} (98%) diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 9c1dd3f606..500427f8c7 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -1,4 +1,4 @@ -From cdc6a4a57a86d8116a92a5d905993e65cf723556 Mon Sep 17 00:00:00 2001 +From df96d1942c10bc50802f470e114ade07f4da07fe Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Wed, 31 Aug 2005 10:45:47 +0000 Subject: [PATCH] urandom-xauth-changes-to-options.h @@ -9,10 +9,10 @@ Upstream-Status: Inappropriate [configuration] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/default_options.h b/src/default_options.h -index 6e970bb..ccc8b47 100644 +index 6e58a29..5ddaa59 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -311,7 +311,7 @@ group1 in Dropbear server too */ +@@ -317,7 +317,7 @@ group1 in Dropbear server too */ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 6743f506e9..ec818b54de 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -1,4 +1,4 @@ -From 253ca01f0fc50dbaeb2ff8bcece0c34256eba94f Mon Sep 17 00:00:00 2001 +From de314b6b3efddd454368c893220149e59f436b39 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Wed, 2 Dec 2015 11:36:02 +0200 Subject: [PATCH] Enable pam @@ -15,10 +15,10 @@ Signed-off-by: Jussi Kukkonen 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/default_options.h b/src/default_options.h -index ccc8b47..12768d1 100644 +index 5ddaa59..2221442 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -228,7 +228,7 @@ group1 in Dropbear server too */ +@@ -234,7 +234,7 @@ group1 in Dropbear server too */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ @@ -27,7 +27,7 @@ index ccc8b47..12768d1 100644 /* Note: PAM auth is quite simple and only works for PAM modules which just do * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). -@@ -236,7 +236,7 @@ group1 in Dropbear server too */ +@@ -242,7 +242,7 @@ group1 in Dropbear server too */ * but there's an interface via a PAM module. It won't work for more complex * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch index 44861088cc..126934b246 100644 --- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch @@ -1,4 +1,4 @@ -From 16b147f97f0938cddb55ec1c90bc919c13f26fc0 Mon Sep 17 00:00:00 2001 +From 0560945de8a6e1359667e50869a973dcd4de94d2 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Thu, 6 Sep 2018 15:54:00 +0800 Subject: [PATCH] dropbear configuration file diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch deleted file mode 100644 index a20781d31d..0000000000 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c8a0c8e87b772576f3a431c3b4cacaf5aa001dcc Mon Sep 17 00:00:00 2001 -From: Joseph Reynolds -Date: Thu, 20 Jun 2019 16:29:15 -0500 -Subject: [PATCH] dropbear: new feature: disable-weak-ciphers - -This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers -in the dropbear ssh server and client since they're considered weak ciphers -and we want to support the stong algorithms. - -Upstream-Status: Inappropriate [configuration] -Signed-off-by: Joseph Reynolds ---- - src/default_options.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/default_options.h b/src/default_options.h -index 12768d1..2b07497 100644 ---- a/src/default_options.h -+++ b/src/default_options.h -@@ -197,7 +197,7 @@ IMPORTANT: Some options will require "make clean" after changes */ - * Small systems should generally include either curve25519 or ecdh for performance. - * curve25519 is less widely supported but is faster - */ --#define DROPBEAR_DH_GROUP14_SHA1 1 -+#define DROPBEAR_DH_GROUP14_SHA1 0 - #define DROPBEAR_DH_GROUP14_SHA256 1 - #define DROPBEAR_DH_GROUP16 0 - #define DROPBEAR_CURVE25519 1 diff --git a/meta/recipes-core/dropbear/dropbear_2024.86.bb b/meta/recipes-core/dropbear/dropbear_2025.87.bb similarity index 98% rename from meta/recipes-core/dropbear/dropbear_2024.86.bb rename to meta/recipes-core/dropbear/dropbear_2025.87.bb index be246a0ccd..e0cfbe67d7 100644 --- a/meta/recipes-core/dropbear/dropbear_2024.86.bb +++ b/meta/recipes-core/dropbear/dropbear_2025.87.bb @@ -23,7 +23,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ " -SRC_URI[sha256sum] = "e78936dffc395f2e0db099321d6be659190966b99712b55c530dd0a1822e0a5e" +SRC_URI[sha256sum] = "738b7f358547f0c64c3e1a56bbc5ef98d34d9ec6adf9ccdf01dc0bf2caa2bc8d" PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \