9 files changed, 245 insertions, 2 deletions

diff --git a/packages/dropbear/dropbear-0.47/.mtn2git_empty b/packages/dropbear/dropbear-0.47/.mtn2git_empty
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/.mtn2git_empty
diff --git a/packages/dropbear/dropbear-0.47/allow-nopw.patch b/packages/dropbear/dropbear-0.47/allow-nopw.patch
new file mode 100644
index 0000000000..1a709b8da0
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/allow-nopw.patch
@@ -0,0 +1,37 @@
+diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c
+--- dropbear-0.45/svr-auth.c	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-auth.c	2005-03-08 15:22:43.998592744 -0800
+@@ -237,6 +237,7 @@
+ 	}
+ 
+ 	/* check for an empty password */
++#ifdef DISALLOW_EMPTY_PW
+ 	if (ses.authstate.pw->pw_passwd[0] == '\0') {
+ 		TRACE(("leave checkusername: empty pword"))
+ 		dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+@@ -244,7 +245,7 @@
+ 		send_msg_userauth_failure(0, 1);
+ 		return DROPBEAR_FAILURE;
+ 	}
+-
++#endif
+ 	TRACE(("shell is %s", ses.authstate.pw->pw_shell))
+ 
+ 	/* check that the shell is set */
+diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c
+--- dropbear-0.45/svr-authpasswd.c	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-authpasswd.c	2005-03-08 15:22:44.010591023 -0800
+@@ -64,9 +64,13 @@
+ 	 * since the shadow password may differ to that tested
+ 	 * in auth.c */
+ 	if (passwdcrypt[0] == '\0') {
++#ifdef DISALLOW_EMPTY_PASSWD
+ 		dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+ 				ses.authstate.printableuser);
+ 		send_msg_userauth_failure(0, 1);
++#else
++		send_msg_userauth_success();
++#endif
+ 		return;
+ 	}
+ 
diff --git a/packages/dropbear/dropbear-0.47/configure.patch b/packages/dropbear/dropbear-0.47/configure.patch
new file mode 100644
index 0000000000..9ae84b2604
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/configure.patch
@@ -0,0 +1,27 @@
+diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
+--- dropbear-0.45/configure.in	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/configure.in	2005-03-08 15:22:44.040586721 -0800
+@@ -161,15 +161,20 @@
+ 			AC_MSG_RESULT(Not using openpty)
+ 		else
+ 			AC_MSG_RESULT(Using openpty if available)
+-			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
++			AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ 		fi
+ 	],
+ 	[
+ 		AC_MSG_RESULT(Using openpty if available)
+-		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
++		AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ 	]
+ )
+-		
++
++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
++	AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
++	no_ptc_check=yes
++	no_ptmx_check=yes
++fi
+ 
+ AC_ARG_ENABLE(syslog,
+ 	[  --disable-syslog        Don't include syslog support],
diff --git a/packages/dropbear/dropbear-0.47/fix-2kb-keys.patch b/packages/dropbear/dropbear-0.47/fix-2kb-keys.patch
new file mode 100644
index 0000000000..ba2b19d44a
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
+diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
+--- dropbear-0.45/kex.h	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/kex.h	2005-03-08 15:22:44.064583279 -0800
+@@ -64,6 +64,6 @@
+ 
+ };
+ 
+-#define MAX_KEXHASHBUF 2000
++#define MAX_KEXHASHBUF 3000
+ 
+ #endif /* _KEX_H_ */
diff --git a/packages/dropbear/dropbear-0.47/urandom-xauth-changes-to-options.h.patch b/packages/dropbear/dropbear-0.47/urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000000..e2b1dd5da5
--- /dev/null
+++ b/packages/dropbear/dropbear-0.47/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,21 @@
+diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
+--- dropbear-0.45/options.h	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/options.h	2005-03-08 15:25:09.368742090 -0800
+@@ -143,7 +143,7 @@
+  * however significantly reduce the security of your ssh connections
+  * if the PRNG state becomes guessable - make sure you know what you are
+  * doing if you change this. */
+-#define DROPBEAR_RANDOM_DEV "/dev/random"
++#define DROPBEAR_RANDOM_DEV "/dev/urandom"
+ 
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
+@@ -167,7 +167,7 @@
+ /* The command to invoke for xauth when using X11 forwarding.
+  * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
++#define XAUTH_COMMAND "xauth -q"
+ #endif
+ 
+ /* if you want to enable running an sftp server (such as the one included with
diff --git a/packages/dropbear/dropbear/chansession-security-fix.patch b/packages/dropbear/dropbear/chansession-security-fix.patch
new file mode 100644
index 0000000000..bc4c461fee
--- /dev/null
+++ b/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
+Date: Sun, 11 Dec 2005 23:30:02 +0800
+From: Matt Johnston <matt@ucc.asn.au>
+To: dropbear@ucc.gu.uwa.edu.au
+Subject: Dropbear 0.47 (and security fix)
+Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
+
+Hi all.
+
+I've put up a new release 0.47 of Dropbear, which has
+various fixes and new features - see the change summary
+below. 
+http://matt.ucc.asn.au/dropbear/dropbear.html is the
+url as usual or directly at 
+http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
+
+This release also fixes a potential security issue, which
+may allow authenticated users to run arbitrary code as the
+server user. I'm unsure exactly how likely it is to be
+exploitable, but anyone who's running a multi-user server is
+advised to upgrade. For older releases, the patch is:
+(against chanesssion.c for 0.43 and earlier).
+
+--- dropbear/svr-chansession.c
++++ dropbear/svr-chansession.c
+@@ -810,7 +810,7 @@
+ 	/* need to increase size */
+ 	if (i == svr_ses.childpidsize) {
+ 		svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
+-				sizeof(struct ChildPid) * svr_ses.childpidsize+1);
++				sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
+ 		svr_ses.childpidsize++;
+ 	}
+ 	
+
+Matt
+
+
+0.47 - Thurs Dec 8 2005
+
+- SECURITY: fix for buffer allocation error in server code, could potentially
+  allow authenticated users to gain elevated privileges. All multi-user systems
+  running the server should upgrade (or apply the patch available on the
+  Dropbear webpage).
+
+- Fix channel handling code so that redirecting to /dev/null doesn't use
+  100% CPU.
+
+- Turn on zlib compression for dbclient.
+
+- Set "low delay" TOS bit, can significantly improve interactivity
+  over some links.
+
+- Added client keyboard-interactive mode support, allows operation with
+  newer OpenSSH servers in default config.
+
+- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
+
+- Improve logging of assertions
+
+- Added aes-256 cipher and sha1-96 hmac.
+
+- Fix twofish so that it actually works.
+
+- Improve PAM prompt comparison.
+
+- Added -g (dbclient) and -a (dropbear server) options to allow
+  connections to listening forwarded ports from remote machines.
+
+- Various other minor fixes
+
+- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
+  (netinet/in_systm.h needs to be included).
+
+
diff --git a/packages/dropbear/dropbear_0.45.bb b/packages/dropbear/dropbear_0.45.bb
index 3a2b54072f..f6681b707c 100644
--- a/packages/dropbear/dropbear_0.45.bb
+++ b/packages/dropbear/dropbear_0.45.bb
@@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
 SECTION = "console/network"
 LICENSE = "MIT"
 DEPENDS = "zlib"
-PR = "r1"
 PROVIDES = "ssh sshd"
+PR = "r2"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
 	   file://urandom-xauth-changes-to-options.h.patch;patch=1 \
 	   file://configure.patch;patch=1 \
 	   file://allow-nopw.patch \
 	   file://fix-2kb-keys.patch;patch=1 \
+	   file://chansession-security-fix.patch;patch=1 \
 	   file://init"
 
 inherit autotools update-rc.d
diff --git a/packages/dropbear/dropbear_0.46.bb b/packages/dropbear/dropbear_0.46.bb
index 80373e3a1b..5bce95a71d 100644
--- a/packages/dropbear/dropbear_0.46.bb
+++ b/packages/dropbear/dropbear_0.46.bb
@@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
 SECTION = "console/network"
 LICENSE = "MIT"
 DEPENDS = "zlib"
-PR = "r3"
 PROVIDES = "ssh sshd"
+PR = "r4"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
 	   file://urandom-xauth-changes-to-options.h.patch;patch=1 \
 	   file://configure.patch;patch=1 \
 	   file://allow-nopw.patch \
 	   file://fix-2kb-keys.patch;patch=1 \
+	   file://chansession-security-fix.patch;patch=1 \
 	   file://init"
 
 inherit autotools update-rc.d
diff --git a/packages/dropbear/dropbear_0.47.bb b/packages/dropbear/dropbear_0.47.bb
new file mode 100644
index 0000000000..8035fb7969
--- /dev/null
+++ b/packages/dropbear/dropbear_0.47.bb
@@ -0,0 +1,71 @@
+DESCRIPTION = "Dropbear is a lightweight SSH and SCP Implementation"
+HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
+SECTION = "console/network"
+LICENSE = "MIT"
+DEPENDS = "zlib"
+PROVIDES = "ssh sshd"
+
+SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
+	   file://urandom-xauth-changes-to-options.h.patch;patch=1 \
+	   file://configure.patch;patch=1 \
+	   file://allow-nopw.patch \
+	   file://fix-2kb-keys.patch;patch=1 \
+	   file://init"
+
+inherit autotools update-rc.d
+
+INITSCRIPT_NAME = "dropbear"
+INITSCRIPT_PARAMS = "defaults 10"
+
+CFLAGS_prepend = "-I. "
+LD = "${CC}"
+
+SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
+BINCOMMANDS = "dbclient ssh scp"
+EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+
+do_configure_prepend() {
+	if [ "${DISTRO_TYPE}" == "debug" ]; then
+		patch -p1 < ${WORKDIR}/allow-nopw.patch
+	fi
+}
+
+do_install() {
+	install -d ${D}${sysconfdir} \
+		   ${D}${sysconfdir}/init.d \
+		   ${D}${sysconfdir}/default \
+		   ${D}${sysconfdir}/dropbear \
+                   ${D}${bindir} \
+		   ${D}${sbindir} \
+		   ${D}${localstatedir}
+
+	install -m 0755 dropbearmulti ${D}${sbindir}/
+	ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
+	
+	for i in ${SBINCOMMANDS}
+	do
+		ln -s ./dropbearmulti ${D}${sbindir}/$i
+	done
+	cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \
+				  -e 's,/usr/sbin,${sbindir},g' \
+				  -e 's,/var,${localstatedir},g' \
+				  -e 's,/usr/bin,${bindir},g' \
+				  -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear
+	chmod 755 ${D}${sysconfdir}/init.d/dropbear
+}
+
+pkg_postinst () {
+	update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20
+	update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20
+}
+
+pkg_postrm_append () {
+  if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
+  fi
+  if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_dss_host_key
+  fi
+  update-alternatives --remove ssh ${bindir}/dropbearmulti
+  update-alternatives --remove scp ${bindir}/dropbearmulti
+}