summaryrefslogtreecommitdiff
path: root/packages/dropbear/dropbear-0.47
diff options
context:
space:
mode:
authorMarcin Juszkiewicz <hrw@openembedded.org>2005-12-20 12:59:18 +0000
committerOpenEmbedded Project <openembedded-devel@lists.openembedded.org>2005-12-20 12:59:18 +0000
commit6ff4fc9768de7fc490d215ff6f1fd4b25e505897 (patch)
tree503d8f1d0e537ec9d61adb8dc9a17ffcda9a27cf /packages/dropbear/dropbear-0.47
parentdcad9f821f496edc4c81670c06f737a379a78a31 (diff)
dropbear: added 0.47
Note from upstream author about 0.47 and fix for older: This release also fixes a potential security issue, which may allow authenticated users to run arbitrary code as the server user. I'm unsure exactly how likely it is to be exploitable, but anyone who's running a multi-user server is advised to upgrade.
Diffstat (limited to 'packages/dropbear/dropbear-0.47')
-rw-r--r--packages/dropbear/dropbear-0.47/.mtn2git_empty0
-rw-r--r--packages/dropbear/dropbear-0.47/allow-nopw.patch37
-rw-r--r--packages/dropbear/dropbear-0.47/configure.patch27
-rw-r--r--packages/dropbear/dropbear-0.47/fix-2kb-keys.patch11
-rw-r--r--packages/dropbear/dropbear-0.47/urandom-xauth-changes-to-options.h.patch21
5 files changed, 96 insertions, 0 deletions
diff --git a/packages/dropbear/dropbear-0.47/.mtn2git_empty b/packages/dropbear/dropbear-0.47/.mtn2git_empty
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/.mtn2git_empty
diff --git a/packages/dropbear/dropbear-0.47/allow-nopw.patch b/packages/dropbear/dropbear-0.47/allow-nopw.patch
new file mode 100644
index 0000000000..1a709b8da0
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/allow-nopw.patch
@@ -0,0 +1,37 @@
+diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c
+--- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800
+@@ -237,6 +237,7 @@
+ }
+
+ /* check for an empty password */
++#ifdef DISALLOW_EMPTY_PW
+ if (ses.authstate.pw->pw_passwd[0] == '\0') {
+ TRACE(("leave checkusername: empty pword"))
+ dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+@@ -244,7 +245,7 @@
+ send_msg_userauth_failure(0, 1);
+ return DROPBEAR_FAILURE;
+ }
+-
++#endif
+ TRACE(("shell is %s", ses.authstate.pw->pw_shell))
+
+ /* check that the shell is set */
+diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c
+--- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800
+@@ -64,9 +64,13 @@
+ * since the shadow password may differ to that tested
+ * in auth.c */
+ if (passwdcrypt[0] == '\0') {
++#ifdef DISALLOW_EMPTY_PASSWD
+ dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+ ses.authstate.printableuser);
+ send_msg_userauth_failure(0, 1);
++#else
++ send_msg_userauth_success();
++#endif
+ return;
+ }
+
diff --git a/packages/dropbear/dropbear-0.47/configure.patch b/packages/dropbear/dropbear-0.47/configure.patch
new file mode 100644
index 0000000000..9ae84b2604
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/configure.patch
@@ -0,0 +1,27 @@
+diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
+--- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800
+@@ -161,15 +161,20 @@
+ AC_MSG_RESULT(Not using openpty)
+ else
+ AC_MSG_RESULT(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ fi
+ ],
+ [
+ AC_MSG_RESULT(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ ]
+ )
+-
++
++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
++ no_ptc_check=yes
++ no_ptmx_check=yes
++fi
+
+ AC_ARG_ENABLE(syslog,
+ [ --disable-syslog Don't include syslog support],
diff --git a/packages/dropbear/dropbear-0.47/fix-2kb-keys.patch b/packages/dropbear/dropbear-0.47/fix-2kb-keys.patch
new file mode 100644
index 0000000000..ba2b19d44a
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
+diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
+--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800
+@@ -64,6 +64,6 @@
+
+ };
+
+-#define MAX_KEXHASHBUF 2000
++#define MAX_KEXHASHBUF 3000
+
+ #endif /* _KEX_H_ */
diff --git a/packages/dropbear/dropbear-0.47/urandom-xauth-changes-to-options.h.patch b/packages/dropbear/dropbear-0.47/urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000000..e2b1dd5da5
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,21 @@
+diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
+--- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800
+@@ -143,7 +143,7 @@
+ * however significantly reduce the security of your ssh connections
+ * if the PRNG state becomes guessable - make sure you know what you are
+ * doing if you change this. */
+-#define DROPBEAR_RANDOM_DEV "/dev/random"
++#define DROPBEAR_RANDOM_DEV "/dev/urandom"
+
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
+@@ -167,7 +167,7 @@
+ /* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
++#define XAUTH_COMMAND "xauth -q"
+ #endif
+
+ /* if you want to enable running an sftp server (such as the one included with