[Buildroot] [PATCH] package/dropbear: bump to version 2020.79
Thomas De Schampheleire
patrickdepinguin at gmail.com
Tue Aug 4 13:24:06 UTC 2020
Hi Peter,
El mar., 4 ago. 2020 a las 13:40, Peter Korsgaard (<peter at korsgaard.com>)
escribió:
> >>>>> "Thomas" == Thomas De Schampheleire <patrickdepinguin at gmail.com>
> writes:
>
> > Hi Peter,
> > El lun., 22 jun. 2020 a las 11:07, Peter Korsgaard (<
> peter at korsgaard.com>)
> > escribió:
>
> >> >>>>> "Francois" == Francois Perrad <fperrad at gmail.com> writes:
> >>
> >> > CBC ciphers, 3DES and hmac-sha1-96 are now disabled by default.
> >>
> >> Do we expect that to cause compatibility issues?
> >>
> >> Committed, thanks.
> >>
>
>
> > I just want to notify you that this dropbear release 2020.79 also
> contains
> > a security fix: (from the CHANGES file):
>
> > - scp fix for CVE-2018-20685 where a server could modify name
> of
> > output files
>
> > and as such this update (or the later one to update to 2020.80) should
> also
> > be applied on the LTS branch.
>
> Ahh yes, true. 2020.79 does bring quite some new features / changes
> though, would a backport of the scp fix be feasible?
>
Seems it would, the fix is a simple patch that applies cleanly on top of
2019.78.
https://hg.ucc.asn.au/dropbear/changeset/3080aed32bf1
I can send a patch.
Best regards,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20200804/c147c7ff/attachment-0001.html>
More information about the buildroot
mailing list