dropber: add sftp-server to rdepends

Related: SYS#6403
Change-Id: I4044a19d172c9617eecabd083cfbc04832591e6a

recipes-core/dropbear/dropbear.inc

@@ -5,7 +5,7 @@ SECTION = "console/network"
 # some files are from other projects and have others license terms:
 #   public domain, OpenSSH 3.5p1, OpenSSH3.6.1p2, PuTTY
 LICENSE = "MIT & BSD-3-Clause & BSD-2-Clause & PD"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f"
 
 DEPENDS = "zlib"
 RPROVIDES_${PN} = "ssh sshd"
@@ -14,10 +14,6 @@ DEPENDS += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
            file://0001-urandom-xauth-changes-to-options.h.patch \
-           file://0003-configure.patch \
-           file://0004-fix-2kb-keys.patch \
-           file://0007-dropbear-fix-for-x32-abi.patch \
-           file://fix-libtomcrypt-libtommath-ordering.patch \
            file://init \
            file://dropbearkey.service \
            file://dropbear@.service \
@@ -33,7 +29,9 @@ PAM_PLUGINS = "libpam-runtime \
 	pam-plugin-permit \
 	pam-plugin-unix \
 	"
-RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)}"
+RDEPENDS_${PN} += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_PLUGINS}', '', d)} \
+                   sftp-server \
+                   "
 
 inherit autotools update-rc.d systemd
 
@@ -52,6 +50,10 @@ PACKAGECONFIG[system-libtom] = "--disable-bundled-libtom,--enable-bundled-libtom
 EXTRA_OECONF += "\
  ${@bb.utils.contains('DISTRO_FEATURES', 'pam', '--enable-pam', '--disable-pam', d)}"
 
+# This option appends to CFLAGS and LDFLAGS from OE
+# This is causing [textrel] QA warning
+EXTRA_OECONF += "--disable-harden"
+
 do_install() {
 	install -d ${D}${sysconfdir} \
 		${D}${sysconfdir}/init.d \

recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch

@@ -2,22 +2,22 @@ Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h
 
 Upstream-Status: Inappropriate [configuration]
 ---
- options.h | 2 +-
+ default_options.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/options.h b/options.h
-index 7d06322..71a21c2 100644
---- a/options.h
-+++ b/options.h
-@@ -247,7 +247,7 @@ much traffic. */
+diff --git a/default_options.h b/default_options.h
+index 349338c..5ffac25 100644
+--- a/default_options.h
++++ b/default_options.h
+@@ -289,7 +289,7 @@ group1 in Dropbear server too */
+ 
  /* The command to invoke for xauth when using X11 forwarding.
   * "-q" for quiet */
- #ifndef XAUTH_COMMAND
 -#define XAUTH_COMMAND "/usr/bin/xauth -q"
 +#define XAUTH_COMMAND "xauth -q"
- #endif
  
- /* if you want to enable running an sftp server (such as the one included with
+ 
+ /* If you want to enable running an sftp server (such as the one included with
 -- 
-1.7.11.7
+2.25.1
 

recipes-core/dropbear/dropbear/0003-configure.patch

@@ -1,42 +0,0 @@
-From c5f5c5054c1b15539dccf866e2c3faba7ed68456 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Eric=20B=C3=A9nard?= <eric@eukrea.com>
-Date: Thu, 25 Apr 2013 00:27:25 +0200
-Subject: [PATCH 3/6] configure: add a variable to allow openpty check to be cached
-
-Upstream-Status: Pending
-
----
- configure.ac | 11 ++++++++---
- 1 file changed, 8 insertions(+), 3 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 05461f3..9c16d90 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -166,15 +166,20 @@ AC_ARG_ENABLE(openpty,
- 			AC_MSG_NOTICE(Not using openpty)
- 		else
- 			AC_MSG_NOTICE(Using openpty if available)
--			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
-+			AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
- 		fi
- 	],
- 	[
- 		AC_MSG_NOTICE(Using openpty if available)
--		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
-+		AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
- 	]
- )
--		
-+
-+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
-+	AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
-+	no_ptc_check=yes
-+	no_ptmx_check=yes
-+fi
- 
- AC_ARG_ENABLE(syslog,
- 	[  --disable-syslog        Don't include syslog support],
--- 
-1.7.11.7
-

recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch

@@ -1,22 +0,0 @@
-Subject: [PATCH 4/6] fix 2kb keys
-
-Upstream-Status: Inappropriate [configuration]
----
- kex.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kex.h b/kex.h
-index 72430e9..375c677 100644
---- a/kex.h
-+++ b/kex.h
-@@ -67,6 +67,6 @@ struct KEXState {
- };
- 
- 
--#define MAX_KEXHASHBUF 2000
-+#define MAX_KEXHASHBUF 3000
- 
- #endif /* _KEX_H_ */
--- 
-1.7.11.7
-

recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch

@@ -1,140 +0,0 @@
-Upstream-Status: Pending
-
-The dropbearkey utility built in x32 abi format, when generating ssh
-keys, was getting lost in the infinite loop.
-
-This patch fixes the issue by fixing types of variables and
-parameters of functions used in the code, which were getting
-undesired size, when compiled with the x32 abi toolchain.
-
-2013/05/23
-Received this fix from H J Lu.
-
-Signed-off-by: Nitin A Kamble <nitin.a.kamble@intel.com>
-
-# HG changeset patch
-# User H.J. Lu <hjl.tools@gmail.com>
-# Date 1369344079 25200
-# Node ID a10a1c46b857cc8a3923c3bb6d1504aa25b6052f
-# Parent  e76614145aea67f66e4a4257685c771efba21aa1
-Typdef mp_digit to unsigned long long for MP_64BIT
-
-When GCC is used with MP_64BIT, we should typedef mp_digit to unsigned
-long long instead of unsigned long since for x32, unsigned long is
-32-bit and unsigned long long is 64-bit and it is safe to use unsigned
-long long for 64-bit integer with GCC.
-
-diff -r e76614145aea -r a10a1c46b857 libtommath/tommath.h
---- a/libtommath/tommath.h	Thu Apr 18 22:57:47 2013 +0800
-+++ b/libtommath/tommath.h	Thu May 23 14:21:19 2013 -0700
-@@ -73,7 +73,7 @@
-    typedef signed long long   long64;
- #endif
-
--   typedef unsigned long      mp_digit;
-+   typedef unsigned long long mp_digit;
-    typedef unsigned long      mp_word __attribute__ ((mode(TI)));
-
-    #define DIGIT_BIT          60
-# HG changeset patch
-# User H.J. Lu <hjl.tools@gmail.com>
-# Date 1369344241 25200
-# Node ID c7555a4cb7ded3a88409ba85f4027baa7af5f536
-# Parent  a10a1c46b857cc8a3923c3bb6d1504aa25b6052f
-Cast to mp_digit when updating *rho
-
-There is
-
-int
-mp_montgomery_setup (mp_int * n, mp_digit * rho)
-
-We should cast to mp_digit instead of unsigned long when updating
-*rho since mp_digit may be unsigned long long and unsigned long long
-may be different from unsigned long, like in x32.
-
-diff -r a10a1c46b857 -r c7555a4cb7de libtommath/bn_mp_montgomery_setup.c
---- a/libtommath/bn_mp_montgomery_setup.c	Thu May 23 14:21:19 2013 -0700
-+++ b/libtommath/bn_mp_montgomery_setup.c	Thu May 23 14:24:01 2013 -0700
-@@ -48,7 +48,7 @@
- #endif
-
-   /* rho = -1/m mod b */
--  *rho = (unsigned long)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK;
-+  *rho = (mp_digit)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK;
-
-   return MP_OKAY;
- }
-# HG changeset patch
-# User H.J. Lu <hjl.tools@gmail.com>
-# Date 1369344541 25200
-# Node ID 7c656e7071a6412688b2f30a529a9afac6c7bf5a
-# Parent  c7555a4cb7ded3a88409ba85f4027baa7af5f536
-Define LTC_FAST_TYPE to unsigned long long for __x86_64__
-
-We should define LTC_FAST_TYPE to unsigned long long instead of unsigned
-long if __x86_64__ to support x32 where unsigned long long is 64-bit
-and unsigned long is 32-bit.
-
-diff -r c7555a4cb7de -r 7c656e7071a6 libtomcrypt/src/headers/tomcrypt_cfg.h
---- a/libtomcrypt/src/headers/tomcrypt_cfg.h	Thu May 23 14:24:01 2013 -0700
-+++ b/libtomcrypt/src/headers/tomcrypt_cfg.h	Thu May 23 14:29:01 2013 -0700
-@@ -74,7 +74,7 @@
-    #define ENDIAN_LITTLE
-    #define ENDIAN_64BITWORD
-    #define LTC_FAST
--   #define LTC_FAST_TYPE    unsigned long
-+   #define LTC_FAST_TYPE    unsigned long long
- #endif
-
- /* detect PPC32 */
-# HG changeset patch
-# User H.J. Lu <hjl.tools@gmail.com>
-# Date 1369344730 25200
-# Node ID a7d4690158fae4ede2c4e5b56233e83730bf38ee
-# Parent  7c656e7071a6412688b2f30a529a9afac6c7bf5a
-Use unsigned long long aas unsigned 64-bit integer for x86-64 GCC
-
-We should use unsigned long long instead of unsigned long as unsigned
-64-bit integer for x86-64 GCC to support x32 where unsigned long is
-32-bit.
-
-diff -r 7c656e7071a6 -r a7d4690158fa libtomcrypt/src/headers/tomcrypt_macros.h
---- a/libtomcrypt/src/headers/tomcrypt_macros.h	Thu May 23 14:29:01 2013 -0700
-+++ b/libtomcrypt/src/headers/tomcrypt_macros.h	Thu May 23 14:32:10 2013 -0700
-@@ -343,7 +343,7 @@
- /* 64-bit Rotates */
- #if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM)
-
--static inline unsigned long ROL64(unsigned long word, int i)
-+static inline unsigned long long ROL64(unsigned long long word, int i)
- {
-    asm("rolq %%cl,%0"
-       :"=r" (word)
-@@ -351,7 +351,7 @@
-    return word;
- }
-
--static inline unsigned long ROR64(unsigned long word, int i)
-+static inline unsigned long long ROR64(unsigned long long word, int i)
- {
-    asm("rorq %%cl,%0"
-       :"=r" (word)
-@@ -361,7 +361,7 @@
-
- #ifndef LTC_NO_ROLC
-
--static inline unsigned long ROL64c(unsigned long word, const int i)
-+static inline unsigned long long ROL64c(unsigned long long word, const int i)
- {
-    asm("rolq %2,%0"
-       :"=r" (word)
-@@ -369,7 +369,7 @@
-    return word;
- }
-
--static inline unsigned long ROR64c(unsigned long word, const int i)
-+static inline unsigned long long ROR64c(unsigned long long word, const int i)
- {
-    asm("rorq %2,%0"
-       :"=r" (word)
-

recipes-core/dropbear/dropbear/fix-libtomcrypt-libtommath-ordering.patch

@@ -1,48 +0,0 @@
-From 2fd8d2aedad0c50cdf1e43edd2387874b720ad4c Mon Sep 17 00:00:00 2001
-From: Andre McCurdy <armccurdy@gmail.com>
-Date: Fri, 16 Sep 2016 12:18:23 -0700
-Subject: [PATCH] fix libtomcrypt/libtommath ordering
-
-To prevent build failures when using system libtom libraries and
-linking with --as-needed, LIBTOM_LIBS should be in the order
--ltomcrypt -ltommath, not the other way around, ie libs should be
-prepended to LIBTOM_LIBS as they are found, not appended.
-
-Note that LIBTOM_LIBS is not used when linking with the bundled
-libtom libs.
-
-Upstream-Status: Pending
-
-Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
----
- configure.ac | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index b6abe4c..85bb8bc 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -390,16 +390,16 @@ AC_ARG_ENABLE(bundled-libtom,
- 			AC_MSG_NOTICE(Forcing bundled libtom*)
- 		else
- 			BUNDLED_LIBTOM=0
--			AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", 
-+			AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS",
- 				[AC_MSG_ERROR([Missing system libtommath and --disable-bundled-libtom was specified])] )
--			AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", 
-+			AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS",
- 				[AC_MSG_ERROR([Missing system libtomcrypt and --disable-bundled-libtom was specified])] )
- 		fi
- 	],
- 	[
- 		BUNDLED_LIBTOM=0
--		AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="$LIBTOM_LIBS -ltommath", BUNDLED_LIBTOM=1)
--		AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="$LIBTOM_LIBS -ltomcrypt", BUNDLED_LIBTOM=1)
-+		AC_CHECK_LIB(tommath, mp_exptmod, LIBTOM_LIBS="-ltommath $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
-+		AC_CHECK_LIB(tomcrypt, register_cipher, LIBTOM_LIBS="-ltomcrypt $LIBTOM_LIBS", BUNDLED_LIBTOM=1)
- 	]
- )
- 
--- 
-1.9.1
-

recipes-core/dropbear/dropbear/support-out-of-tree-builds.patch

@@ -1,43 +0,0 @@
-From: =?UTF-8?q?Henrik=20Nordstr=C3=B6m?= <henrik@knc.nu>
-Date: Wed, 11 May 2016 12:35:06 +0200
-Subject: [PATCH] Support out-of-tree builds usign bundled libtom
-
-When building out-of-tree we need both source and generated
-folders in include paths to find both distributed and generated
-headers.
-
-
-
-Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
-Upstream-Status: Backport
----
- libtomcrypt/Makefile.in | 2 +-
- libtommath/Makefile.in  | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libtomcrypt/Makefile.in b/libtomcrypt/Makefile.in
-index 3056ef0..7970700 100644
---- a/libtomcrypt/Makefile.in
-+++ b/libtomcrypt/Makefile.in
-@@ -19,7 +19,7 @@ srcdir=@srcdir@
- 
- # Compilation flags. Note the += does not write over the user's CFLAGS!
- # The rest of the flags come from the parent Dropbear makefile
--CFLAGS += -c -I$(srcdir)/src/headers/ -I$(srcdir)/../ -DLTC_SOURCE -I$(srcdir)/../libtommath/
-+CFLAGS += -c -Isrc/headers/ -I$(srcdir)/src/headers/ -I../ -I$(srcdir)/../ -DLTC_SOURCE -I../libtommath/ -I$(srcdir)/../libtommath/
- 
- # additional warnings (newer GCC 3.4 and higher)
- ifdef GCC_34
-diff --git a/libtommath/Makefile.in b/libtommath/Makefile.in
-index 06aba68..019c50b 100644
---- a/libtommath/Makefile.in
-+++ b/libtommath/Makefile.in
-@@ -9,7 +9,7 @@ VPATH=@srcdir@
- srcdir=@srcdir@
- 
- # So that libtommath can include Dropbear headers for options and m_burn()
--CFLAGS += -I$(srcdir)/../libtomcrypt/src/headers/ -I$(srcdir)/../
-+CFLAGS += -I. -I$(srcdir) -I../libtomcrypt/src/headers/ -I$(srcdir)/../libtomcrypt/src/headers/ -I../ -I$(srcdir)/../
- 
- ifndef IGNORE_SPEED
- 

recipes-core/dropbear/dropbear_2016.74.bb

@@ -1,7 +0,0 @@
-require dropbear.inc
-
-SRC_URI += "file://support-out-of-tree-builds.patch"
-
-SRC_URI[md5sum] = "9ad0172731e0f16623937804643b5bd8"
-SRC_URI[sha256sum] = "2720ea54ed009af812701bcc290a2a601d5c107d12993e5d92c0f5f81f718891"
-

recipes-core/dropbear/dropbear_2022.83.bb

@@ -0,0 +1,5 @@
+require dropbear.inc
+
+SRC_URI[md5sum] = "a75a34bcc03cacf71a2db9da3b7c94a5"
+SRC_URI[sha256sum] = "bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b"
+

recipes-extra/sftp-server/sftp-server_9.3p1.bb

@@ -0,0 +1,34 @@
+# Package OpenSSH's sftp server, so the openssh client finds it and doesn't
+# need to be run with a flag to use the legacy SCP protocol (SYS#6403)
+SUMMARY = "OpenSSH's sftp-server"
+DESCRIPTION = "OpenSSH's sftp-server, to be used with dropbear"
+HOMEPAGE = "http://www.openssh.com/"
+SECTION = "console/network"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://LICENCE;md5=072979064e691d342002f43cd89c0394"
+DEPENDS = ""
+# SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.gz"
+# Official mirror is down as of writing. The github mirror is mentioned here:
+# https://www.openssh.com/portable.html
+GIT_TAG = "V_9_3_P1"
+SRC_URI = "https://github.com/openssh/openssh-portable/archive/refs/tags/${GIT_TAG}.tar.gz"
+
+SRC_URI[md5sum] = "68f7f08269c442e2728656cd97506478"
+SRC_URI[sha256sum] = "c5e541b59bdad8950a8c999fe18ca1ad39f6132b042cd85fb29e788ca9f9ce47"
+
+inherit autotools
+
+EXTRA_OECONF += "--without-openssl --without-zlib"
+
+S = "${WORKDIR}/openssh-portable-${GIT_TAG}"
+
+do_compile() {
+    oe_runmake sftp-server
+}
+
+do_install() {
+    install -Dm755 "${B}"/sftp-server \
+        -t "${D}"/usr/lib
+}
+
+FILES_${PN} = "/usr/lib/sftp-server"