From a62eb854599050e3737e47bd148682dfd337a5ed Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 1 Apr 2024 16:05:51 +0200
Subject: Jenkins: remove Debian build dependency files from the workspace

No need to provide them via the package repository

(cherry picked from commit adab6badd7b1a41bae55d8ae3fa58d213f5ce13d)
---
 vars/buildPackage.groovy | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/vars/buildPackage.groovy b/vars/buildPackage.groovy
index f000043f..89f9a7d4 100644
--- a/vars/buildPackage.groovy
+++ b/vars/buildPackage.groovy
@@ -194,6 +194,13 @@ def call(description=null, pkgList=null, buildCmd=null, buildArm=false, changesP
                                     sh(script: "ssh ${SSH_OPTS} ${SSH_REMOTE} -t \"uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} removesrc ${RELEASE} ${PACKAGE}'\"")
                                 }
                             }
+                            files = findFiles(glob: '**/*-build-deps_*.deb')
+                            if (files) {
+                                echo "Remove Debian build dependency files from the workspace..."
+                                files.each { FILE ->
+                                    sh(script: "rm -f ${FILE}")
+                                }
+                            }
 
                             files = findFiles(glob: '**/*.deb')
                             if (files) {
-- 
cgit v1.2.3


From dfee865168d41a873c119249a312478c9b519979 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 1 Apr 2024 16:07:03 +0200
Subject: dropbear: T6195: package upgrade 2022.83-1+deb12u1

Fix CVE-2023-48795: (terrapin attack)

The SSH transport protocol with certain OpenSSH extensions allows remote
attackers to bypass integrity checks such that some packets are omitted (from
the extension negotiation message), and a client and server may consequently
end up with a connection for which some security features have been downgraded
or disabled, aka a Terrapin attack.

(cherry picked from commit b17befe2e4e914f3f604bcfa1843f75519d46a4d)
---
 packages/dropbear/Jenkinsfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/dropbear/Jenkinsfile b/packages/dropbear/Jenkinsfile
index 1b7947cf..2a449082 100644
--- a/packages/dropbear/Jenkinsfile
+++ b/packages/dropbear/Jenkinsfile
@@ -1,4 +1,4 @@
-// Copyright (C) 2022-2023 VyOS maintainers and contributors
+// Copyright (C) 2022-2024 VyOS maintainers and contributors
 //
 // This program is free software; you can redistribute it and/or modify
 // in order to easy exprort images built to "external" world
@@ -21,7 +21,7 @@
 
 def pkgList = [
     ['name': 'dropbear',
-     'scmCommit': 'debian/2022.83-1',
+     'scmCommit': 'debian/2022.83-1+deb12u1',
      'scmUrl': 'https://salsa.debian.org/debian/dropbear.git',
      'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'],
 ]
-- 
cgit v1.2.3


From 840a9918a5d212ebbbe0919b4da9ebd730123c89 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 1 Apr 2024 16:08:30 +0200
Subject: dropbear: T6195: add missing libpam0g-dev build dependency

(cherry picked from commit 4417986365472fd9055b12309ba49d88272db04c)
---
 packages/dropbear/build.sh | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/packages/dropbear/build.sh b/packages/dropbear/build.sh
index 0934f4f7..9376fa7a 100755
--- a/packages/dropbear/build.sh
+++ b/packages/dropbear/build.sh
@@ -19,5 +19,9 @@ if [ -d $PATCH_DIR ]; then
 fi
 
 cd ${SRC}
+
+echo "I: Installing build dependencies"
+sudo apt-get install -y libpam0g-dev
+
 echo "I: Build Debian Package"
 dpkg-buildpackage -uc -us -tc -b
-- 
cgit v1.2.3