Based on Debian patch for this CVE, pick the same commits as mentioned
in kirkstone for this CVE except those already included in 2022.83.
7f48e75892
(From OE-Core rev: 6d287785611c344aa0c97048c3bfc280b1787ff5)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Documentation for this patch is under
66bc1fcdee
(From OE-Core rev: 2ab0b4212aee85c77c3667ccfaedbe9540e78e3f)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This line was added in 703e3faaec8c5a22, however
the default value of FILES:${PN} contains "${bindir}/*", so this directory does
not need to be explicitly added.
(From OE-Core rev: 53f9fa7b7913f4d8a480e85a7b6a943f1125bb19)
Signed-off-by: Etienne Cordonnier <ecordonnier@snap.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
0007-Fix-X11-build-failure-use-DROPBEAR_PRIO_LOWDELAY.patch
removed since it's included in 2022.83
Changelog:
==========
- Disable DROPBEAR_DSS by default
- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
- Add option for requiring both password and pubkey (-t)
- Add 'no-touch-required' and 'verify-required' options for sk keys
DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
and DROPBEAR_SK_ED25519 options.
- Add 'permitopen' option for authorized_keys to restrict forwarded ports
- Added LTM_CFLAGS configure argument to set flags for building
bundled libtommath. This also restores the previous arguments used
in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
key generation, which regressed in 2022.82.
There is a tradeoff with code size, so -Os can be used if required.
- Add '-z' flag to disable setting QoS traffic class. This may be necessary
to work with broken networks or network drivers, exposed after changes to use
AF21 in 2022.82
- Allow overriding user shells with COMPAT_USER_SHELLS
- Improve permission error message
- Remove HMAC_MD5 entirely
(From OE-Core rev: 99759005f18f0533717696729978d8dc5bf4ad16)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
