diff options
author | Marcin Juszkiewicz <hrw@openembedded.org> | 2005-12-20 12:57:27 +0000 |
---|---|---|
committer | OpenEmbedded Project <openembedded-devel@lists.openembedded.org> | 2005-12-20 12:57:27 +0000 |
commit | dcad9f821f496edc4c81670c06f737a379a78a31 (patch) | |
tree | aae7b243d3724b6d79c5ccfb6d9e236538b7259c /packages | |
parent | e730f957815446dd60a9c85ba3f8a12d1e940282 (diff) |
dropbear: added security fix for 0.45 and 0.46 versions
Note from upstream author about 0.47 and fix for older:
This release also fixes a potential security issue, which may allow
authenticated users to run arbitrary code as the server user. I'm unsure
exactly how likely it is to be exploitable, but anyone who's running a
multi-user server is advised to upgrade.
Diffstat (limited to 'packages')
-rw-r--r-- | packages/dropbear/dropbear/chansession-security-fix.patch | 74 | ||||
-rw-r--r-- | packages/dropbear/dropbear_0.45.bb | 3 | ||||
-rw-r--r-- | packages/dropbear/dropbear_0.46.bb | 3 |
3 files changed, 78 insertions, 2 deletions
diff --git a/packages/dropbear/dropbear/chansession-security-fix.patch b/packages/dropbear/dropbear/chansession-security-fix.patch new file mode 100644 index 0000000000..bc4c461fee --- /dev/null +++ b/packages/dropbear/dropbear/chansession-security-fix.patch @@ -0,0 +1,74 @@ +Date: Sun, 11 Dec 2005 23:30:02 +0800 +From: Matt Johnston <matt@ucc.asn.au> +To: dropbear@ucc.gu.uwa.edu.au +Subject: Dropbear 0.47 (and security fix) +Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au> + +Hi all. + +I've put up a new release 0.47 of Dropbear, which has +various fixes and new features - see the change summary +below. +http://matt.ucc.asn.au/dropbear/dropbear.html is the +url as usual or directly at +http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2 + +This release also fixes a potential security issue, which +may allow authenticated users to run arbitrary code as the +server user. I'm unsure exactly how likely it is to be +exploitable, but anyone who's running a multi-user server is +advised to upgrade. For older releases, the patch is: +(against chanesssion.c for 0.43 and earlier). + +--- dropbear/svr-chansession.c ++++ dropbear/svr-chansession.c +@@ -810,7 +810,7 @@ + /* need to increase size */ + if (i == svr_ses.childpidsize) { + svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids, +- sizeof(struct ChildPid) * svr_ses.childpidsize+1); ++ sizeof(struct ChildPid) * (svr_ses.childpidsize+1)); + svr_ses.childpidsize++; + } + + +Matt + + +0.47 - Thurs Dec 8 2005 + +- SECURITY: fix for buffer allocation error in server code, could potentially + allow authenticated users to gain elevated privileges. All multi-user systems + running the server should upgrade (or apply the patch available on the + Dropbear webpage). + +- Fix channel handling code so that redirecting to /dev/null doesn't use + 100% CPU. + +- Turn on zlib compression for dbclient. + +- Set "low delay" TOS bit, can significantly improve interactivity + over some links. + +- Added client keyboard-interactive mode support, allows operation with + newer OpenSSH servers in default config. + +- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions + +- Improve logging of assertions + +- Added aes-256 cipher and sha1-96 hmac. + +- Fix twofish so that it actually works. + +- Improve PAM prompt comparison. + +- Added -g (dbclient) and -a (dropbear server) options to allow + connections to listening forwarded ports from remote machines. + +- Various other minor fixes + +- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD + (netinet/in_systm.h needs to be included). + + diff --git a/packages/dropbear/dropbear_0.45.bb b/packages/dropbear/dropbear_0.45.bb index 3a2b54072f..f6681b707c 100644 --- a/packages/dropbear/dropbear_0.45.bb +++ b/packages/dropbear/dropbear_0.45.bb @@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" SECTION = "console/network" LICENSE = "MIT" DEPENDS = "zlib" -PR = "r1" PROVIDES = "ssh sshd" +PR = "r2" SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://urandom-xauth-changes-to-options.h.patch;patch=1 \ file://configure.patch;patch=1 \ file://allow-nopw.patch \ file://fix-2kb-keys.patch;patch=1 \ + file://chansession-security-fix.patch;patch=1 \ file://init" inherit autotools update-rc.d diff --git a/packages/dropbear/dropbear_0.46.bb b/packages/dropbear/dropbear_0.46.bb index 80373e3a1b..5bce95a71d 100644 --- a/packages/dropbear/dropbear_0.46.bb +++ b/packages/dropbear/dropbear_0.46.bb @@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" SECTION = "console/network" LICENSE = "MIT" DEPENDS = "zlib" -PR = "r3" PROVIDES = "ssh sshd" +PR = "r4" SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://urandom-xauth-changes-to-options.h.patch;patch=1 \ file://configure.patch;patch=1 \ file://allow-nopw.patch \ file://fix-2kb-keys.patch;patch=1 \ + file://chansession-security-fix.patch;patch=1 \ file://init" inherit autotools update-rc.d |