diff options
author | Marcin Juszkiewicz <hrw@openedhand.com> | 2007-06-25 12:42:38 +0000 |
---|---|---|
committer | Marcin Juszkiewicz <hrw@openedhand.com> | 2007-06-25 12:42:38 +0000 |
commit | 80ab8d3e7f0b816824e717982ef9fbf82495f33a (patch) | |
tree | 3e08200a9d499e8d5770876f0eb824d98f43f70d | |
parent | 315b65a5111d5317b54a2d4a3510c92615eeca3c (diff) | |
download | poky-80ab8d3e7f0b816824e717982ef9fbf82495f33a.tar.gz |
dropbear: updated to 0.49
git-svn-id: https://svn.o-hand.com/repos/poky/trunk@1995 311d38ba-8fff-0310-9ca6-ca027cbcb966
-rw-r--r-- | meta/packages/dropbear/dropbear-0.49/configure.patch (renamed from meta/packages/dropbear/dropbear/configure.patch) | 18 | ||||
-rw-r--r-- | meta/packages/dropbear/dropbear/chansession-security-fix.patch | 74 | ||||
-rw-r--r-- | meta/packages/dropbear/dropbear_0.49.bb (renamed from meta/packages/dropbear/dropbear_0.47.bb) | 2 |
3 files changed, 9 insertions, 85 deletions
diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear-0.49/configure.patch index 9ae84b2604..8d11b23f14 100644 --- a/meta/packages/dropbear/dropbear/configure.patch +++ b/meta/packages/dropbear/dropbear-0.49/configure.patch | |||
@@ -1,27 +1,27 @@ | |||
1 | diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in | 1 | Index: dropbear-0.49/configure.in |
2 | --- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800 | 2 | =================================================================== |
3 | +++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800 | 3 | --- dropbear-0.49.orig/configure.in |
4 | @@ -161,15 +161,20 @@ | 4 | +++ dropbear-0.49/configure.in |
5 | AC_MSG_RESULT(Not using openpty) | 5 | @@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty, |
6 | AC_MSG_NOTICE(Not using openpty) | ||
6 | else | 7 | else |
7 | AC_MSG_RESULT(Using openpty if available) | 8 | AC_MSG_NOTICE(Using openpty if available) |
8 | - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) | 9 | - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) |
9 | + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) | 10 | + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) |
10 | fi | 11 | fi |
11 | ], | 12 | ], |
12 | [ | 13 | [ |
13 | AC_MSG_RESULT(Using openpty if available) | 14 | AC_MSG_NOTICE(Using openpty if available) |
14 | - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) | 15 | - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) |
15 | + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) | 16 | + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) |
16 | ] | 17 | ] |
17 | ) | 18 | ) |
18 | - | ||
19 | + | 19 | + |
20 | +if test "x$dropbear_cv_func_have_openpty" = "xyes"; then | 20 | +if test "x$dropbear_cv_func_have_openpty" = "xyes"; then |
21 | + AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) | 21 | + AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) |
22 | + no_ptc_check=yes | 22 | + no_ptc_check=yes |
23 | + no_ptmx_check=yes | 23 | + no_ptmx_check=yes |
24 | +fi | 24 | +fi |
25 | |||
25 | 26 | ||
26 | AC_ARG_ENABLE(syslog, | 27 | AC_ARG_ENABLE(syslog, |
27 | [ --disable-syslog Don't include syslog support], | ||
diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch deleted file mode 100644 index bc4c461fee..0000000000 --- a/meta/packages/dropbear/dropbear/chansession-security-fix.patch +++ /dev/null | |||
@@ -1,74 +0,0 @@ | |||
1 | Date: Sun, 11 Dec 2005 23:30:02 +0800 | ||
2 | From: Matt Johnston <matt@ucc.asn.au> | ||
3 | To: dropbear@ucc.gu.uwa.edu.au | ||
4 | Subject: Dropbear 0.47 (and security fix) | ||
5 | Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au> | ||
6 | |||
7 | Hi all. | ||
8 | |||
9 | I've put up a new release 0.47 of Dropbear, which has | ||
10 | various fixes and new features - see the change summary | ||
11 | below. | ||
12 | http://matt.ucc.asn.au/dropbear/dropbear.html is the | ||
13 | url as usual or directly at | ||
14 | http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2 | ||
15 | |||
16 | This release also fixes a potential security issue, which | ||
17 | may allow authenticated users to run arbitrary code as the | ||
18 | server user. I'm unsure exactly how likely it is to be | ||
19 | exploitable, but anyone who's running a multi-user server is | ||
20 | advised to upgrade. For older releases, the patch is: | ||
21 | (against chanesssion.c for 0.43 and earlier). | ||
22 | |||
23 | --- dropbear/svr-chansession.c | ||
24 | +++ dropbear/svr-chansession.c | ||
25 | @@ -810,7 +810,7 @@ | ||
26 | /* need to increase size */ | ||
27 | if (i == svr_ses.childpidsize) { | ||
28 | svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids, | ||
29 | - sizeof(struct ChildPid) * svr_ses.childpidsize+1); | ||
30 | + sizeof(struct ChildPid) * (svr_ses.childpidsize+1)); | ||
31 | svr_ses.childpidsize++; | ||
32 | } | ||
33 | |||
34 | |||
35 | Matt | ||
36 | |||
37 | |||
38 | 0.47 - Thurs Dec 8 2005 | ||
39 | |||
40 | - SECURITY: fix for buffer allocation error in server code, could potentially | ||
41 | allow authenticated users to gain elevated privileges. All multi-user systems | ||
42 | running the server should upgrade (or apply the patch available on the | ||
43 | Dropbear webpage). | ||
44 | |||
45 | - Fix channel handling code so that redirecting to /dev/null doesn't use | ||
46 | 100% CPU. | ||
47 | |||
48 | - Turn on zlib compression for dbclient. | ||
49 | |||
50 | - Set "low delay" TOS bit, can significantly improve interactivity | ||
51 | over some links. | ||
52 | |||
53 | - Added client keyboard-interactive mode support, allows operation with | ||
54 | newer OpenSSH servers in default config. | ||
55 | |||
56 | - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions | ||
57 | |||
58 | - Improve logging of assertions | ||
59 | |||
60 | - Added aes-256 cipher and sha1-96 hmac. | ||
61 | |||
62 | - Fix twofish so that it actually works. | ||
63 | |||
64 | - Improve PAM prompt comparison. | ||
65 | |||
66 | - Added -g (dbclient) and -a (dropbear server) options to allow | ||
67 | connections to listening forwarded ports from remote machines. | ||
68 | |||
69 | - Various other minor fixes | ||
70 | |||
71 | - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD | ||
72 | (netinet/in_systm.h needs to be included). | ||
73 | |||
74 | |||
diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.49.bb index b8467e1e7c..f98c0ac8f6 100644 --- a/meta/packages/dropbear/dropbear_0.47.bb +++ b/meta/packages/dropbear/dropbear_0.49.bb | |||
@@ -1,3 +1 @@ | |||
1 | require dropbear.inc | require dropbear.inc | |
2 | |||
3 | PR = "r2" | ||