1 files changed, 74 insertions, 0 deletions
diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
new file mode 100644
index 0000000000..bc4c461fee
--- /dev/null
+++ b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
+Date: Sun, 11 Dec 2005 23:30:02 +0800
+From: Matt Johnston <matt@ucc.asn.au>
+To: dropbear@ucc.gu.uwa.edu.au
+Subject: Dropbear 0.47 (and security fix)
+Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
+Hi all.
+I've put up a new release 0.47 of Dropbear, which has
+various fixes and new features - see the change summary
+below. 
+http://matt.ucc.asn.au/dropbear/dropbear.html is the
+url as usual or directly at 
+http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
+This release also fixes a potential security issue, which
+may allow authenticated users to run arbitrary code as the
+server user. I'm unsure exactly how likely it is to be
+exploitable, but anyone who's running a multi-user server is
+advised to upgrade. For older releases, the patch is:
+(against chanesssion.c for 0.43 and earlier).
+--- dropbear/svr-chansession.c
+++ dropbear/svr-chansession.c
+@@ -810,7 +810,7 @@
+        /* need to increase size */
+        if (i == svr_ses.childpidsize) {
+                svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
+-                               sizeof(struct ChildPid) * svr_ses.childpidsize+1);
+                               sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
+                svr_ses.childpidsize++;
+        }
+        
+Matt
+0.47 - Thurs Dec 8 2005
+- SECURITY: fix for buffer allocation error in server code, could potentially
+  allow authenticated users to gain elevated privileges. All multi-user systems
+  running the server should upgrade (or apply the patch available on the
+  Dropbear webpage).
+- Fix channel handling code so that redirecting to /dev/null doesn't use
+  100% CPU.
+- Turn on zlib compression for dbclient.
+- Set "low delay" TOS bit, can significantly improve interactivity
+  over some links.
+- Added client keyboard-interactive mode support, allows operation with
+  newer OpenSSH servers in default config.
+- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
+- Improve logging of assertions
+- Added aes-256 cipher and sha1-96 hmac.
+- Fix twofish so that it actually works.
+- Improve PAM prompt comparison.
+- Added -g (dbclient) and -a (dropbear server) options to allow
+  connections to listening forwarded ports from remote machines.
+- Various other minor fixes
+- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
+  (netinet/in_systm.h needs to be included).

diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch new file mode 100644 index 0000000000..bc4c461fee --- /dev/null +++ b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
	1	Date: Sun, 11 Dec 2005 23:30:02 +0800
	2	From: Matt Johnston <matt@ucc.asn.au>
	3	To: dropbear@ucc.gu.uwa.edu.au
	4	Subject: Dropbear 0.47 (and security fix)
	5	Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
	6
	7	Hi all.
	8
	9	I've put up a new release 0.47 of Dropbear, which has
	10	various fixes and new features - see the change summary
	11	below.
	12	http://matt.ucc.asn.au/dropbear/dropbear.html is the
	13	url as usual or directly at
	14	http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
	15
	16	This release also fixes a potential security issue, which
	17	may allow authenticated users to run arbitrary code as the
	18	server user. I'm unsure exactly how likely it is to be
	19	exploitable, but anyone who's running a multi-user server is
	20	advised to upgrade. For older releases, the patch is:
	21	(against chanesssion.c for 0.43 and earlier).
	22
	23	--- dropbear/svr-chansession.c
	24	+++ dropbear/svr-chansession.c
	25	@@ -810,7 +810,7 @@
	26	/* need to increase size */
	27	if (i == svr_ses.childpidsize) {
	28	svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
	29	- sizeof(struct ChildPid) * svr_ses.childpidsize+1);
	30	+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
	31	svr_ses.childpidsize++;
	32	}
	33
	34
	35	Matt
	36
	37
	38	0.47 - Thurs Dec 8 2005
	39
	40	- SECURITY: fix for buffer allocation error in server code, could potentially
	41	allow authenticated users to gain elevated privileges. All multi-user systems
	42	running the server should upgrade (or apply the patch available on the
	43	Dropbear webpage).
	44
	45	- Fix channel handling code so that redirecting to /dev/null doesn't use
	46	100% CPU.
	47
	48	- Turn on zlib compression for dbclient.
	49
	50	- Set "low delay" TOS bit, can significantly improve interactivity
	51	over some links.
	52
	53	- Added client keyboard-interactive mode support, allows operation with
	54	newer OpenSSH servers in default config.
	55
	56	- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
	57
	58	- Improve logging of assertions
	59
	60	- Added aes-256 cipher and sha1-96 hmac.
	61
	62	- Fix twofish so that it actually works.
	63
	64	- Improve PAM prompt comparison.
	65
	66	- Added -g (dbclient) and -a (dropbear server) options to allow
	67	connections to listening forwarded ports from remote machines.
	68
	69	- Various other minor fixes
	70
	71	- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
	72	(netinet/in_systm.h needs to be included).
	73
	74