summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcin Juszkiewicz <hrw@openedhand.com>2007-06-25 12:42:38 +0000
committerMarcin Juszkiewicz <hrw@openedhand.com>2007-06-25 12:42:38 +0000
commit80ab8d3e7f0b816824e717982ef9fbf82495f33a (patch)
tree3e08200a9d499e8d5770876f0eb824d98f43f70d
parent315b65a5111d5317b54a2d4a3510c92615eeca3c (diff)
downloadpoky-80ab8d3e7f0b816824e717982ef9fbf82495f33a.tar.gz
dropbear: updated to 0.49
git-svn-id: https://svn.o-hand.com/repos/poky/trunk@1995 311d38ba-8fff-0310-9ca6-ca027cbcb966
-rw-r--r--meta/packages/dropbear/dropbear-0.49/configure.patch (renamed from meta/packages/dropbear/dropbear/configure.patch)18
-rw-r--r--meta/packages/dropbear/dropbear/chansession-security-fix.patch74
-rw-r--r--meta/packages/dropbear/dropbear_0.49.bb (renamed from meta/packages/dropbear/dropbear_0.47.bb)2
3 files changed, 9 insertions, 85 deletions
diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear-0.49/configure.patch
index 9ae84b2604..8d11b23f14 100644
--- a/meta/packages/dropbear/dropbear/configure.patch
+++ b/meta/packages/dropbear/dropbear-0.49/configure.patch
@@ -1,27 +1,27 @@
1diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in 1Index: dropbear-0.49/configure.in
2--- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800 2===================================================================
3+++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800 3--- dropbear-0.49.orig/configure.in
4@@ -161,15 +161,20 @@ 4+++ dropbear-0.49/configure.in
5 AC_MSG_RESULT(Not using openpty) 5@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
6 AC_MSG_NOTICE(Not using openpty)
6 else 7 else
7 AC_MSG_RESULT(Using openpty if available) 8 AC_MSG_NOTICE(Using openpty if available)
8- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) 9- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
9+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) 10+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
10 fi 11 fi
11 ], 12 ],
12 [ 13 [
13 AC_MSG_RESULT(Using openpty if available) 14 AC_MSG_NOTICE(Using openpty if available)
14- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) 15- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
15+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) 16+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
16 ] 17 ]
17 ) 18 )
18-
19+ 19+
20+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then 20+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
21+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) 21+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
22+ no_ptc_check=yes 22+ no_ptc_check=yes
23+ no_ptmx_check=yes 23+ no_ptmx_check=yes
24+fi 24+fi
25
25 26
26 AC_ARG_ENABLE(syslog, 27 AC_ARG_ENABLE(syslog,
27 [ --disable-syslog Don't include syslog support],
diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
deleted file mode 100644
index bc4c461fee..0000000000
--- a/meta/packages/dropbear/dropbear/chansession-security-fix.patch
+++ /dev/null
@@ -1,74 +0,0 @@
1Date: Sun, 11 Dec 2005 23:30:02 +0800
2From: Matt Johnston <matt@ucc.asn.au>
3To: dropbear@ucc.gu.uwa.edu.au
4Subject: Dropbear 0.47 (and security fix)
5Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
6
7Hi all.
8
9I've put up a new release 0.47 of Dropbear, which has
10various fixes and new features - see the change summary
11below.
12http://matt.ucc.asn.au/dropbear/dropbear.html is the
13url as usual or directly at
14http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
15
16This release also fixes a potential security issue, which
17may allow authenticated users to run arbitrary code as the
18server user. I'm unsure exactly how likely it is to be
19exploitable, but anyone who's running a multi-user server is
20advised to upgrade. For older releases, the patch is:
21(against chanesssion.c for 0.43 and earlier).
22
23--- dropbear/svr-chansession.c
24+++ dropbear/svr-chansession.c
25@@ -810,7 +810,7 @@
26 /* need to increase size */
27 if (i == svr_ses.childpidsize) {
28 svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
29- sizeof(struct ChildPid) * svr_ses.childpidsize+1);
30+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
31 svr_ses.childpidsize++;
32 }
33
34
35Matt
36
37
380.47 - Thurs Dec 8 2005
39
40- SECURITY: fix for buffer allocation error in server code, could potentially
41 allow authenticated users to gain elevated privileges. All multi-user systems
42 running the server should upgrade (or apply the patch available on the
43 Dropbear webpage).
44
45- Fix channel handling code so that redirecting to /dev/null doesn't use
46 100% CPU.
47
48- Turn on zlib compression for dbclient.
49
50- Set "low delay" TOS bit, can significantly improve interactivity
51 over some links.
52
53- Added client keyboard-interactive mode support, allows operation with
54 newer OpenSSH servers in default config.
55
56- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
57
58- Improve logging of assertions
59
60- Added aes-256 cipher and sha1-96 hmac.
61
62- Fix twofish so that it actually works.
63
64- Improve PAM prompt comparison.
65
66- Added -g (dbclient) and -a (dropbear server) options to allow
67 connections to listening forwarded ports from remote machines.
68
69- Various other minor fixes
70
71- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
72 (netinet/in_systm.h needs to be included).
73
74
diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.49.bb
index b8467e1e7c..f98c0ac8f6 100644
--- a/meta/packages/dropbear/dropbear_0.47.bb
+++ b/meta/packages/dropbear/dropbear_0.49.bb
@@ -1,3 +1 @@
1require dropbear.inc require dropbear.inc
2
3PR = "r2"