[scarthgap] dropbear: Disable DSS correctly

Message ID	20260629165056.2489582-1-mac@mcrowe.com
State	New
Headers	show Return-Path: <mac@mcrowe.com> ip: 88.97.37.36, mailfrom: mac@mcrowe.com) From: mac@mcrowe.com To: openembedded-core@lists.openembedded.org Cc: Mike Crowe <mac@mcrowe.com> Subject: [scarthgap][PATCH] dropbear: Disable DSS correctly Date: Mon, 29 Jun 2026 17:50:56 +0100 Message-ID: <20260629165056.2489582-1-mac@mcrowe.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap] dropbear: Disable DSS correctly \| expand [scarthgap] dropbear: Disable DSS correctly

Message ID

20260629165056.2489582-1-mac@mcrowe.com

State

New

Headers

From: mac@mcrowe.com
To: openembedded-core@lists.openembedded.org
Cc: Mike Crowe <mac@mcrowe.com>
Subject: [scarthgap][PATCH] dropbear: Disable DSS correctly
Date: Mon, 29 Jun 2026 17:50:56 +0100
Message-ID: <20260629165056.2489582-1-mac@mcrowe.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap] dropbear: Disable DSS correctly | expand

Commit Message

Mike Crowe June 29, 2026, 4:50 p.m. UTC

From: Mike Crowe <mac@mcrowe.com>

Take upstream patch that stops sysoptions.h unconditionally turning
DROPBEAR_DSS back on even when it has been disabled (which is the
default).

Signed-off-by: Mike Crowe <mac@mcrowe.com>
---
 ...PBEAR_DSS-is-only-forced-for-fuzzing.patch | 29 +++++++++++++++++++
 .../recipes-core/dropbear/dropbear_2022.83.bb |  1 +
 2 files changed, 30 insertions(+)
 create mode 100644 meta/recipes-core/dropbear/dropbear/0001-Fix-so-DROPBEAR_DSS-is-only-forced-for-fuzzing.patch

diff --git a/meta/recipes-core/dropbear/dropbear/0001-Fix-so-DROPBEAR_DSS-is-only-forced-for-fuzzing.patch b/meta/recipes-core/dropbear/dropbear/0001-Fix-so-DROPBEAR_DSS-is-only-forced-for-fuzzing.patch
new file mode 100644
index 0000000000..b9705a2bbb
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/0001-Fix-so-DROPBEAR_DSS-is-only-forced-for-fuzzing.patch
@@ -0,0 +1,29 @@ 
+From c7dfaebd5f6a4cde4198f4d2a7baabaa1f632274 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Tue, 6 Dec 2022 22:34:11 +0800
+Subject: [PATCH] Fix so DROPBEAR_DSS is only forced for fuzzing
+
+Regression from 787391ea3b5af2acf5e3c83372510f0c79477ad7,
+was missing fuzzing conditional
+
+Upstream-Status: Backport [https://github.com/mkj/dropbear/commit/c043efb47c3173072fa636ca0da0d19875d4511f]
+---
+ sysoptions.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sysoptions.h b/sysoptions.h
+index fb6adc7..12db59c 100644
+--- a/sysoptions.h
++++ b/sysoptions.h
+@@ -383,9 +383,11 @@
+ #endif
+ 
+ /* Fuzzing expects all key types to be enabled */
++#if DROPBEAR_FUZZ
+ #if defined(DROPBEAR_DSS)
+ #undef DROPBEAR_DSS
+ #endif
+ #define DROPBEAR_DSS 1
++#endif
+ 
+ /* no include guard for this file */
diff --git a/meta/recipes-core/dropbear/dropbear_2022.83.bb b/meta/recipes-core/dropbear/dropbear_2022.83.bb
index 93563aa3b4..d203fee34b 100644
--- a/meta/recipes-core/dropbear/dropbear_2022.83.bb
+++ b/meta/recipes-core/dropbear/dropbear_2022.83.bb
@@ -28,6 +28,7 @@  SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://0001-Handle-arbitrary-length-paths-and-commands-in-multih.patch \
            file://0001-cli-runopts.c-add-missing-DROPBEAR_CLI_PUBKEY_AUTH.patch \
            file://0001-Avoid-unused-variable-with-DROPBEAR_CLI_PUBKEY_AUTH-.patch \
+           file://0001-Fix-so-DROPBEAR_DSS-is-only-forced-for-fuzzing.patch \
            file://CVE-2025-47203.patch \
            file://CVE-2019-6111.patch \
            "

[scarthgap] dropbear: Disable DSS correctly

Commit Message

Patch