From patchwork Thu May 15 12:31:48 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: auh@yoctoproject.org X-Patchwork-Id: 63012 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6DC38C2D0CD for ; Thu, 15 May 2025 12:31:59 +0000 (UTC) Received: from a27-30.smtp-out.us-west-2.amazonses.com (a27-30.smtp-out.us-west-2.amazonses.com [54.240.27.30]) by mx.groups.io with SMTP id smtpd.web11.11032.1747312309530073748 for ; Thu, 15 May 2025 05:31:49 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@yoctoproject.org header.s=j46ser6a2yusdzubpv7m7ewqgesde2ie header.b=KuRAuHVw; dkim=pass header.i=@amazonses.com header.s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx header.b=fwM7IeBc; spf=pass (domain: us-west-2.amazonses.com, ip: 54.240.27.30, mailfrom: 01010196d3edf16c-bd827bc0-e051-4908-8772-e8f05ab453b6-000000@us-west-2.amazonses.com) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=j46ser6a2yusdzubpv7m7ewqgesde2ie; d=yoctoproject.org; t=1747312308; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date; bh=rqCih/AsGdt/B/UUco6CZc9sccrGB02igNqtgrnW/Kw=; b=KuRAuHVwCXl48KE5RuYXtKGCtUX9bKaY7EwakKWyOhz9ufQrRe97oWR/erJjJ/38 PjfXYlNcGFBNvcExIA1tyq0mghKIumM8+ZgzWJSGaCJdmhL19bHz3WXrtNHMtn1LAIv CkjlzzZpwotEClgCyHiD2FT7xVe9XWy4zAAHU7BI= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple; s=gdwg2y3kokkkj5a55z2ilkup5wp5hhxx; d=amazonses.com; t=1747312308; h=Content-Type:MIME-Version:From:To:Cc:Subject:Message-Id:Date:Feedback-ID; bh=rqCih/AsGdt/B/UUco6CZc9sccrGB02igNqtgrnW/Kw=; b=fwM7IeBcIAUfA4oATjxEsvCCKJa4x7cQ4EpKh9xrUjiM2nyrir8KZ9+C13rOuz+P cUn8Digy+h7/FVChpekvc2fw9sCfTYNlzfMiBrc1fzOmeup/JF2MbeegyM4QtisXHx4 NC77rVYdcOH93lXVWd/3Az/qEO9XufM8j7eh67cM= MIME-Version: 1.0 From: auh@yoctoproject.org To: Yi Zhao Cc: openembedded-core@lists.openembedded.org Subject: [AUH] dropbear: upgrading to 2025.88 FAILED Message-ID: <01010196d3edf16c-bd827bc0-e051-4908-8772-e8f05ab453b6-000000@us-west-2.amazonses.com> Date: Thu, 15 May 2025 12:31:48 +0000 Feedback-ID: ::1.us-west-2.9np3MYPs3fEaOBysGKSlUD4KtcmPijcmS9Az2Hwf7iQ=:AmazonSES X-SES-Outgoing: 2025.05.15-54.240.27.30 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 15 May 2025 12:31:59 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/216593 Hello, this email is a notification from the Auto Upgrade Helper that the automatic attempt to upgrade the recipe(s) *dropbear* to *2025.88* has Failed(do_compile). Detailed error information: do_compile failed Next steps: - apply the patch: git am 0001-dropbear-upgrade-2024.86-2025.88.patch - check the changes to upstream patches and summarize them in the commit message, - compile an image that contains the package - perform some basic sanity tests - amend the patch and sign it off: git commit -s --reset-author --amend - send it to the appropriate mailing list Alternatively, if you believe the recipe should not be upgraded at this time, you can fill RECIPE_NO_UPDATE_REASON in respective recipe file so that automatic upgrades would no longer be attempted. Please review the attached files for further information and build/update failures. Any problem please file a bug at https://bugzilla.yoctoproject.org/enter_bug.cgi?product=Automated%20Update%20Handler Regards, The Upgrade Helper -- >8 -- From 40cc04055ca8c9e6b68a72b602bd7fdcf7fd8438 Mon Sep 17 00:00:00 2001 From: Upgrade Helper Date: Thu, 15 May 2025 07:02:40 +0000 Subject: [PATCH] dropbear: upgrade 2024.86 -> 2025.88 --- ...1-urandom-xauth-changes-to-options.h.patch | 6 ++-- .../dropbear/0005-dropbear-enable-pam.patch | 8 +++--- .../0006-dropbear-configuration-file.patch | 2 +- .../dropbear-disable-weak-ciphers.patch | 28 ------------------- ...ropbear_2024.86.bb => dropbear_2025.88.bb} | 2 +- 5 files changed, 9 insertions(+), 37 deletions(-) delete mode 100644 meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch rename meta/recipes-core/dropbear/{dropbear_2024.86.bb => dropbear_2025.88.bb} (98%) diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch index 9c1dd3f606..98380d3ebb 100644 --- a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch @@ -1,4 +1,4 @@ -From cdc6a4a57a86d8116a92a5d905993e65cf723556 Mon Sep 17 00:00:00 2001 +From 617fa35ec8fa619c6c8e1b18cf588174cc90ac54 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Wed, 31 Aug 2005 10:45:47 +0000 Subject: [PATCH] urandom-xauth-changes-to-options.h @@ -9,10 +9,10 @@ Upstream-Status: Inappropriate [configuration] 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/default_options.h b/src/default_options.h -index 6e970bb..ccc8b47 100644 +index 6e58a29..5ddaa59 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -311,7 +311,7 @@ group1 in Dropbear server too */ +@@ -317,7 +317,7 @@ group1 in Dropbear server too */ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch index 6743f506e9..3b65b99916 100644 --- a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch @@ -1,4 +1,4 @@ -From 253ca01f0fc50dbaeb2ff8bcece0c34256eba94f Mon Sep 17 00:00:00 2001 +From ff0b1a95cc0a71faef256af17289a85d2aff2d57 Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Wed, 2 Dec 2015 11:36:02 +0200 Subject: [PATCH] Enable pam @@ -15,10 +15,10 @@ Signed-off-by: Jussi Kukkonen 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/default_options.h b/src/default_options.h -index ccc8b47..12768d1 100644 +index 5ddaa59..2221442 100644 --- a/src/default_options.h +++ b/src/default_options.h -@@ -228,7 +228,7 @@ group1 in Dropbear server too */ +@@ -234,7 +234,7 @@ group1 in Dropbear server too */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ @@ -27,7 +27,7 @@ index ccc8b47..12768d1 100644 /* Note: PAM auth is quite simple and only works for PAM modules which just do * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). -@@ -236,7 +236,7 @@ group1 in Dropbear server too */ +@@ -242,7 +242,7 @@ group1 in Dropbear server too */ * but there's an interface via a PAM module. It won't work for more complex * PAM challenge/response. * You can't enable both PASSWORD and PAM. */ diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch index 44861088cc..3548c559e3 100644 --- a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch @@ -1,4 +1,4 @@ -From 16b147f97f0938cddb55ec1c90bc919c13f26fc0 Mon Sep 17 00:00:00 2001 +From c2f9b71ecef4fde8bacbb54a79324a5d43e42d14 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Thu, 6 Sep 2018 15:54:00 +0800 Subject: [PATCH] dropbear configuration file diff --git a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch b/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch deleted file mode 100644 index a20781d31d..0000000000 --- a/meta/recipes-core/dropbear/dropbear/dropbear-disable-weak-ciphers.patch +++ /dev/null @@ -1,28 +0,0 @@ -From c8a0c8e87b772576f3a431c3b4cacaf5aa001dcc Mon Sep 17 00:00:00 2001 -From: Joseph Reynolds -Date: Thu, 20 Jun 2019 16:29:15 -0500 -Subject: [PATCH] dropbear: new feature: disable-weak-ciphers - -This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers -in the dropbear ssh server and client since they're considered weak ciphers -and we want to support the stong algorithms. - -Upstream-Status: Inappropriate [configuration] -Signed-off-by: Joseph Reynolds ---- - src/default_options.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/default_options.h b/src/default_options.h -index 12768d1..2b07497 100644 ---- a/src/default_options.h -+++ b/src/default_options.h -@@ -197,7 +197,7 @@ IMPORTANT: Some options will require "make clean" after changes */ - * Small systems should generally include either curve25519 or ecdh for performance. - * curve25519 is less widely supported but is faster - */ --#define DROPBEAR_DH_GROUP14_SHA1 1 -+#define DROPBEAR_DH_GROUP14_SHA1 0 - #define DROPBEAR_DH_GROUP14_SHA256 1 - #define DROPBEAR_DH_GROUP16 0 - #define DROPBEAR_CURVE25519 1 diff --git a/meta/recipes-core/dropbear/dropbear_2024.86.bb b/meta/recipes-core/dropbear/dropbear_2025.88.bb similarity index 98% rename from meta/recipes-core/dropbear/dropbear_2024.86.bb rename to meta/recipes-core/dropbear/dropbear_2025.88.bb index be246a0ccd..517263b4f2 100644 --- a/meta/recipes-core/dropbear/dropbear_2024.86.bb +++ b/meta/recipes-core/dropbear/dropbear_2025.88.bb @@ -23,7 +23,7 @@ SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ ${@bb.utils.contains('PACKAGECONFIG', 'disable-weak-ciphers', 'file://dropbear-disable-weak-ciphers.patch', '', d)} \ " -SRC_URI[sha256sum] = "e78936dffc395f2e0db099321d6be659190966b99712b55c530dd0a1822e0a5e" +SRC_URI[sha256sum] = "783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4" PAM_SRC_URI = "file://0005-dropbear-enable-pam.patch \ file://0006-dropbear-configuration-file.patch \