dropbear: updated to 0.49

git-svn-id: https://svn.o-hand.com/repos/poky/trunk@1995 311d38ba-8fff-0310-9ca6-ca027cbcb966
author: Marcin Juszkiewicz <hrw@openedhand.com> 2007-06-25 12:42:38 +0000
committer: Marcin Juszkiewicz <hrw@openedhand.com> 2007-06-25 12:42:38 +0000
commit: 80ab8d3e7f0b816824e717982ef9fbf82495f33a (patch)
tree: 3e08200a9d499e8d5770876f0eb824d98f43f70d /meta/packages/dropbear
parent: 315b65a5111d5317b54a2d4a3510c92615eeca3c (diff)
download: poky-80ab8d3e7f0b816824e717982ef9fbf82495f33a.tar.gz
3 files changed, 9 insertions, 85 deletions
diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear-0.49/configure.patch
index 9ae84b2604..8d11b23f14 100644
--- a/meta/packages/dropbear/dropbear/configure.patch
+++ b/meta/packages/dropbear/dropbear-0.49/configure.patch
@@ -1,27 +1,27 @@
-diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
+Index: dropbear-0.49/configure.in
--- dropbear-0.45/configure.in  2005-03-06 20:27:02.000000000 -0800
+===================================================================
-+++ dropbear-0.45.patched/configure.in  2005-03-08 15:22:44.040586721 -0800
+--- dropbear-0.49.orig/configure.in
-@@ -161,15 +161,20 @@
+++ dropbear-0.49/configure.in
-                        AC_MSG_RESULT(Not using openpty)
+@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
+                        AC_MSG_NOTICE(Not using openpty)
                else
-                        AC_MSG_RESULT(Using openpty if available)
+                        AC_MSG_NOTICE(Using openpty if available)
 -                       AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
 +                       AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
                fi
        ],
        [
-                AC_MSG_RESULT(Using openpty if available)
+                AC_MSG_NOTICE(Using openpty if available)
 -               AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
 +               AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
        ]
 )
-               
 +
 +if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
 +       AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
 +       no_ptc_check=yes
 +       no_ptmx_check=yes
 +fi
+                
 
 AC_ARG_ENABLE(syslog,
-        [  --disable-syslog        Don't include syslog support],
diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
deleted file mode 100644
index bc4c461fee..0000000000
--- a/meta/packages/dropbear/dropbear/chansession-security-fix.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-Date: Sun, 11 Dec 2005 23:30:02 +0800
-From: Matt Johnston <matt@ucc.asn.au>
-To: dropbear@ucc.gu.uwa.edu.au
-Subject: Dropbear 0.47 (and security fix)
-Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
-Hi all.
-I've put up a new release 0.47 of Dropbear, which has
-various fixes and new features - see the change summary
-below. 
-http://matt.ucc.asn.au/dropbear/dropbear.html is the
-url as usual or directly at 
-http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
-This release also fixes a potential security issue, which
-may allow authenticated users to run arbitrary code as the
-server user. I'm unsure exactly how likely it is to be
-exploitable, but anyone who's running a multi-user server is
-advised to upgrade. For older releases, the patch is:
-(against chanesssion.c for 0.43 and earlier).
--- dropbear/svr-chansession.c
-+++ dropbear/svr-chansession.c
-@@ -810,7 +810,7 @@
-        /* need to increase size */
-        if (i == svr_ses.childpidsize) {
-                svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
-                               sizeof(struct ChildPid) * svr_ses.childpidsize+1);
-+                               sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
-                svr_ses.childpidsize++;
-        }
-        
-Matt
-0.47 - Thurs Dec 8 2005
- SECURITY: fix for buffer allocation error in server code, could potentially
-  allow authenticated users to gain elevated privileges. All multi-user systems
-  running the server should upgrade (or apply the patch available on the
-  Dropbear webpage).
- Fix channel handling code so that redirecting to /dev/null doesn't use
-  100% CPU.
- Turn on zlib compression for dbclient.
- Set "low delay" TOS bit, can significantly improve interactivity
-  over some links.
- Added client keyboard-interactive mode support, allows operation with
-  newer OpenSSH servers in default config.
- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
- Improve logging of assertions
- Added aes-256 cipher and sha1-96 hmac.
- Fix twofish so that it actually works.
- Improve PAM prompt comparison.
- Added -g (dbclient) and -a (dropbear server) options to allow
-  connections to listening forwarded ports from remote machines.
- Various other minor fixes
- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
-  (netinet/in_systm.h needs to be included).
diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.49.bb
index b8467e1e7c..f98c0ac8f6 100644
--- a/meta/packages/dropbear/dropbear_0.47.bb
+++ b/meta/packages/dropbear/dropbear_0.49.bb
@@ -1,3 +1 @@
 require dropbear.inc
-PR = "r2"
author	Marcin Juszkiewicz <hrw@openedhand.com>	2007-06-25 12:42:38 +0000
committer	Marcin Juszkiewicz <hrw@openedhand.com>	2007-06-25 12:42:38 +0000
commit	80ab8d3e7f0b816824e717982ef9fbf82495f33a (patch)
tree	3e08200a9d499e8d5770876f0eb824d98f43f70d /meta/packages/dropbear
parent	315b65a5111d5317b54a2d4a3510c92615eeca3c (diff)
download	poky-80ab8d3e7f0b816824e717982ef9fbf82495f33a.tar.gz

diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear-0.49/configure.patch index 9ae84b2604..8d11b23f14 100644 --- a/meta/packages/dropbear/dropbear/configure.patch +++ b/meta/packages/dropbear/dropbear-0.49/configure.patch
@@ -1,27 +1,27 @@
1	diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in	1	Index: dropbear-0.49/configure.in
2	--- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800	2	===================================================================
3	+++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800	3	--- dropbear-0.49.orig/configure.in
4	@@ -161,15 +161,20 @@	4	+++ dropbear-0.49/configure.in
5	AC_MSG_RESULT(Not using openpty)	5	@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
		6	AC_MSG_NOTICE(Not using openpty)
6	else	7	else
7	AC_MSG_RESULT(Using openpty if available)	8	AC_MSG_NOTICE(Using openpty if available)
8	- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])	9	- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
9	+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])	10	+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
10	fi	11	fi
11	],	12	],
12	[	13	[
13	AC_MSG_RESULT(Using openpty if available)	14	AC_MSG_NOTICE(Using openpty if available)
14	- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])	15	- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
15	+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])	16	+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
16	]	17	]
17	)	18	)
18	-
19	+	19	+
20	+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then	20	+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
21	+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)	21	+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
22	+ no_ptc_check=yes	22	+ no_ptc_check=yes
23	+ no_ptmx_check=yes	23	+ no_ptmx_check=yes
24	+fi	24	+fi
		25
25		26
26	AC_ARG_ENABLE(syslog,	27	AC_ARG_ENABLE(syslog,
27	[ --disable-syslog Don't include syslog support],


diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch deleted file mode 100644 index bc4c461fee..0000000000 --- a/meta/packages/dropbear/dropbear/chansession-security-fix.patch +++ /dev/null
@@ -1,74 +0,0 @@
1	Date: Sun, 11 Dec 2005 23:30:02 +0800
2	From: Matt Johnston <matt@ucc.asn.au>
3	To: dropbear@ucc.gu.uwa.edu.au
4	Subject: Dropbear 0.47 (and security fix)
5	Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
6
7	Hi all.
8
9	I've put up a new release 0.47 of Dropbear, which has
10	various fixes and new features - see the change summary
11	below.
12	http://matt.ucc.asn.au/dropbear/dropbear.html is the
13	url as usual or directly at
14	http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
15
16	This release also fixes a potential security issue, which
17	may allow authenticated users to run arbitrary code as the
18	server user. I'm unsure exactly how likely it is to be
19	exploitable, but anyone who's running a multi-user server is
20	advised to upgrade. For older releases, the patch is:
21	(against chanesssion.c for 0.43 and earlier).
22
23	--- dropbear/svr-chansession.c
24	+++ dropbear/svr-chansession.c
25	@@ -810,7 +810,7 @@
26	/* need to increase size */
27	if (i == svr_ses.childpidsize) {
28	svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
29	- sizeof(struct ChildPid) * svr_ses.childpidsize+1);
30	+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
31	svr_ses.childpidsize++;
32	}
33
34
35	Matt
36
37
38	0.47 - Thurs Dec 8 2005
39
40	- SECURITY: fix for buffer allocation error in server code, could potentially
41	allow authenticated users to gain elevated privileges. All multi-user systems
42	running the server should upgrade (or apply the patch available on the
43	Dropbear webpage).
44
45	- Fix channel handling code so that redirecting to /dev/null doesn't use
46	100% CPU.
47
48	- Turn on zlib compression for dbclient.
49
50	- Set "low delay" TOS bit, can significantly improve interactivity
51	over some links.
52
53	- Added client keyboard-interactive mode support, allows operation with
54	newer OpenSSH servers in default config.
55
56	- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
57
58	- Improve logging of assertions
59
60	- Added aes-256 cipher and sha1-96 hmac.
61
62	- Fix twofish so that it actually works.
63
64	- Improve PAM prompt comparison.
65
66	- Added -g (dbclient) and -a (dropbear server) options to allow
67	connections to listening forwarded ports from remote machines.
68
69	- Various other minor fixes
70
71	- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
72	(netinet/in_systm.h needs to be included).
73
74


diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.49.bb index b8467e1e7c..f98c0ac8f6 100644 --- a/meta/packages/dropbear/dropbear_0.47.bb +++ b/meta/packages/dropbear/dropbear_0.49.bb
@@ -1,3 +1 @@
1	require dropbear.inc		require dropbear.inc
2
3	PR = "r2"