dropbear: upgrade 2022.82 -> 2022.83

Message ID	1670207094-6846-3-git-send-email-wangmy@fujitsu.com
State	Accepted, archived
Commit	99759005f18f0533717696729978d8dc5bf4ad16
Headers	show Return-Path: <wangmy@fujitsu.com> ip: 85.158.142.112, mailfrom: wangmy@fujitsu.com) From: <wangmy@fujitsu.com> To: <openembedded-core@lists.openembedded.org> CC: Wang Mingyu <wangmy@fujitsu.com> Subject: [OE-core] [PATCH] dropbear: upgrade 2022.82 -> 2022.83 Date: Mon, 5 Dec 2022 10:24:52 +0800 Message-ID: <1670207094-6846-3-git-send-email-wangmy@fujitsu.com> In-Reply-To: <1670207094-6846-1-git-send-email-wangmy@fujitsu.com> References: <1670207094-6846-1-git-send-email-wangmy@fujitsu.com> MIME-Version: 1.0 Content-Type: text/plain
Series	dropbear: upgrade 2022.82 -> 2022.83 \| expand dropbear: upgrade 2022.82 -> 2022.83

Message ID

1670207094-6846-3-git-send-email-wangmy@fujitsu.com

State

Accepted, archived

Commit

99759005f18f0533717696729978d8dc5bf4ad16

Headers

From: <wangmy@fujitsu.com>
To: <openembedded-core@lists.openembedded.org>
CC: Wang Mingyu <wangmy@fujitsu.com>
Subject: [OE-core] [PATCH] dropbear: upgrade 2022.82 -> 2022.83
Date: Mon, 5 Dec 2022 10:24:52 +0800
Message-ID: <1670207094-6846-3-git-send-email-wangmy@fujitsu.com>
In-Reply-To: <1670207094-6846-1-git-send-email-wangmy@fujitsu.com>
References: <1670207094-6846-1-git-send-email-wangmy@fujitsu.com>
MIME-Version: 1.0
Content-Type: text/plain

Series

dropbear: upgrade 2022.82 -> 2022.83 | expand

Commit Message

Mingyu Wang (Fujitsu) Dec. 5, 2022, 2:24 a.m. UTC

From: Wang Mingyu <wangmy@fujitsu.com>

0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch
removed since it's included in 2022.83

Changelog:
==========
- Disable DROPBEAR_DSS by default
- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
- Add option for requiring both password and pubkey (-t)
- Add 'no-touch-required' and 'verify-required' options for sk keys
  DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
  and DROPBEAR_SK_ED25519 options.
- Add 'permitopen' option for authorized_keys to restrict forwarded ports
- Added LTM_CFLAGS configure argument to set flags for building
  bundled libtommath. This also restores the previous arguments used
  in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
  key generation, which regressed in 2022.82.
  There is a tradeoff with code size, so -Os can be used if required.
- Add '-z' flag to disable setting QoS traffic class. This may be necessary
  to work with broken networks or network drivers, exposed after changes to use
  AF21 in 2022.82
- Allow overriding user shells with COMPAT_USER_SHELLS
- Improve permission error message
- Remove HMAC_MD5 entirely

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
 ...d-failure-use-DROPBEAR_PRIO_LOWDELAY.patch | 28 -------------------
 ...ropbear_2022.82.bb => dropbear_2022.83.bb} |  4 +--
 2 files changed, 2 insertions(+), 30 deletions(-)
 delete mode 100644 meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch
 rename meta/recipes-core/dropbear/{dropbear_2022.82.bb => dropbear_2022.83.bb} (96%)

diff --git a/meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch b/meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch
deleted file mode 100644
index 042dccbb94..0000000000
--- a/meta/recipes-core/dropbear/dropbear/0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch
+++ /dev/null
@@ -1,28 +0,0 @@ 
-From 64292091fe3e8ea7c9bfe74af730b2ff5428bf10 Mon Sep 17 00:00:00 2001
-From: Matt Johnston <matt@ucc.asn.au>
-Date: Sat, 23 Apr 2022 22:33:31 +0800
-Subject: [PATCH] Fix X11 build failure, use DROPBEAR_PRIO_LOWDELAY
-
-Upstream-Status: Backport
-
-Signed-off-by: Daniel Gomez <daniel@qtec.com>
----
- svr-x11fwd.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/svr-x11fwd.c b/svr-x11fwd.c
-index 353cb12..5d9e6a9 100644
---- a/svr-x11fwd.c
-+++ b/svr-x11fwd.c
-@@ -206,7 +206,7 @@ void x11cleanup(struct ChanSess *chansess) {
- }
-
- static int x11_inithandler(struct Channel *channel) {
--	channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE;
-+	channel->prio = DROPBEAR_PRIO_LOWDELAY;
- 	return 0;
- }
-
---
-2.35.1
-
diff --git a/meta/recipes-core/dropbear/dropbear_2022.82.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb
similarity index 96%
rename from meta/recipes-core/dropbear/dropbear_2022.82.bb
rename to meta/recipes-core/dropbear/dropbear_2022.83.bb
index 4ed4c65cc1..0c7a8f4caa 100644
--- a/meta/recipes-core/dropbear/dropbear_2022.82.bb
+++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb
@@ -21,9 +21,9 @@  SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://dropbear.default \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
            ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \
-           file://0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch"
+           "
 
-SRC_URI[sha256sum] = "3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1"
+SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
 
 PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \
                file://0006-dropbear-configuration-file.patch \

dropbear: upgrade 2022.82 -> 2022.83

Commit Message

Patch