* [ptxdist] [PATCH 0/2] dropbear: version bump and cve product adaption
@ 2026-04-20 11:04 Alexander Dahl via ptxdist
2026-04-20 11:04 ` [ptxdist] [PATCH 1/2] dropbear: version bump 2025.88 -> 2025.89 Alexander Dahl via ptxdist
2026-04-20 11:04 ` [ptxdist] [PATCH 2/2] dropbear: add custom CVE product Alexander Dahl via ptxdist
0 siblings, 2 replies; 5+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-04-20 11:04 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Hello,
a new dropbear version is out, with bug fixes and security fixes.
Adapted the CPE string while at it. Tested briefly on at91 sam9x60
based armv5 target.
Greets
Alex
Alexander Dahl (2):
dropbear: version bump 2025.88 -> 2025.89
dropbear: add custom CVE product
rules/dropbear.make | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
base-commit: 9e28c99dd6a5b30c578b75deb71bd82d41fda429
--
2.47.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ptxdist] [PATCH 1/2] dropbear: version bump 2025.88 -> 2025.89
2026-04-20 11:04 [ptxdist] [PATCH 0/2] dropbear: version bump and cve product adaption Alexander Dahl via ptxdist
@ 2026-04-20 11:04 ` Alexander Dahl via ptxdist
2026-04-27 7:46 ` [ptxdist] [APPLIED] " Michael Olbrich
2026-04-20 11:04 ` [ptxdist] [PATCH 2/2] dropbear: add custom CVE product Alexander Dahl via ptxdist
1 sibling, 1 reply; 5+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-04-20 11:04 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Security update, plugs CVE-2025-14282 and CVE-2019-6111.
Plus some minor bugfixes.
Link: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
rules/dropbear.make | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 79cb8873e..fe44432c9 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
#
# Paths and names
#
-DROPBEAR_VERSION := 2025.88
-DROPBEAR_MD5 := 510165167b102589d64144cab4477b6c
+DROPBEAR_VERSION := 2025.89
+DROPBEAR_MD5 := 2816ff711130f030daee12cbb10fd5ec
DROPBEAR := dropbear-$(DROPBEAR_VERSION)
DROPBEAR_SUFFIX := tar.bz2
DROPBEAR_URL := \
--
2.47.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* [ptxdist] [PATCH 2/2] dropbear: add custom CVE product
2026-04-20 11:04 [ptxdist] [PATCH 0/2] dropbear: version bump and cve product adaption Alexander Dahl via ptxdist
2026-04-20 11:04 ` [ptxdist] [PATCH 1/2] dropbear: version bump 2025.88 -> 2025.89 Alexander Dahl via ptxdist
@ 2026-04-20 11:04 ` Alexander Dahl via ptxdist
2026-04-27 7:46 ` [ptxdist] [APPLIED] " Michael Olbrich
1 sibling, 1 reply; 5+ messages in thread
From: Alexander Dahl via ptxdist @ 2026-04-20 11:04 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
The autogenerated one does not match.
Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=CPEURI&keyword=dropbear&status=FINAL&startIndex=60
Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
rules/dropbear.make | 1 +
1 file changed, 1 insertion(+)
diff --git a/rules/dropbear.make b/rules/dropbear.make
index fe44432c9..921aeb9ad 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -32,6 +32,7 @@ DROPBEAR_LICENSE_FILES := \
file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \
file://libtommath/LICENSE;md5=23e7e0a32e53a2b1d35f5fd9ef053402 \
file://src/loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1
+DROPBEAR_CVE_PRODUCT := dropbear_ssh_project:dropbear_ssh
# ----------------------------------------------------------------------------
# Prepare
--
2.47.3
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [APPLIED] dropbear: version bump 2025.88 -> 2025.89
2026-04-20 11:04 ` [ptxdist] [PATCH 1/2] dropbear: version bump 2025.88 -> 2025.89 Alexander Dahl via ptxdist
@ 2026-04-27 7:46 ` Michael Olbrich
0 siblings, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2026-04-27 7:46 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Thanks, applied as 5b03b78561834d2b80e1ea6209caf8eef554f1c8.
Michael
[sent from post-receive hook]
On Mon, 27 Apr 2026 09:46:11 +0200, Alexander Dahl <ada@thorsis.com> wrote:
> Security update, plugs CVE-2025-14282 and CVE-2019-6111.
> Plus some minor bugfixes.
>
> Link: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2025q4/002390.html
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20260420110451.141525-2-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index 79cb8873e3e1..fe44432c97cb 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
> #
> # Paths and names
> #
> -DROPBEAR_VERSION := 2025.88
> -DROPBEAR_MD5 := 510165167b102589d64144cab4477b6c
> +DROPBEAR_VERSION := 2025.89
> +DROPBEAR_MD5 := 2816ff711130f030daee12cbb10fd5ec
> DROPBEAR := dropbear-$(DROPBEAR_VERSION)
> DROPBEAR_SUFFIX := tar.bz2
> DROPBEAR_URL := \
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [ptxdist] [APPLIED] dropbear: add custom CVE product
2026-04-20 11:04 ` [ptxdist] [PATCH 2/2] dropbear: add custom CVE product Alexander Dahl via ptxdist
@ 2026-04-27 7:46 ` Michael Olbrich
0 siblings, 0 replies; 5+ messages in thread
From: Michael Olbrich @ 2026-04-27 7:46 UTC (permalink / raw)
To: ptxdist; +Cc: Alexander Dahl
Thanks, applied as c242239db991742d4a4ba202e4ab1afd265dcfa2.
Michael
[sent from post-receive hook]
On Mon, 27 Apr 2026 09:46:12 +0200, Alexander Dahl <ada@thorsis.com> wrote:
> The autogenerated one does not match.
>
> Link: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=CPEURI&keyword=dropbear&status=FINAL&startIndex=60
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> Message-Id: <20260420110451.141525-3-ada@thorsis.com>
> Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
>
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index fe44432c97cb..921aeb9ad5fc 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -32,6 +32,7 @@ DROPBEAR_LICENSE_FILES := \
> file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \
> file://libtommath/LICENSE;md5=23e7e0a32e53a2b1d35f5fd9ef053402 \
> file://src/loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1
> +DROPBEAR_CVE_PRODUCT := dropbear_ssh_project:dropbear_ssh
>
> # ----------------------------------------------------------------------------
> # Prepare
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2026-04-27 7:48 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-04-20 11:04 [ptxdist] [PATCH 0/2] dropbear: version bump and cve product adaption Alexander Dahl via ptxdist
2026-04-20 11:04 ` [ptxdist] [PATCH 1/2] dropbear: version bump 2025.88 -> 2025.89 Alexander Dahl via ptxdist
2026-04-27 7:46 ` [ptxdist] [APPLIED] " Michael Olbrich
2026-04-20 11:04 ` [ptxdist] [PATCH 2/2] dropbear: add custom CVE product Alexander Dahl via ptxdist
2026-04-27 7:46 ` [ptxdist] [APPLIED] " Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox