8 files changed, 344 insertions, 0 deletions
diff --git a/meta/packages/dropbear/dropbear.inc b/meta/packages/dropbear/dropbear.inc
new file mode 100644
index 0000000000..301ac24cb2
--- /dev/null
+++ b/meta/packages/dropbear/dropbear.inc
@@ -0,0 +1,73 @@
+DESCRIPTION = "Dropbear is a lightweight SSH and SCP Implementation"
+HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
+SECTION = "console/network"
+LICENSE = "MIT"
+DEPENDS = "zlib"
+PROVIDES = "ssh sshd"
+RPROVIDES = "ssh sshd"
+SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
+           file://urandom-xauth-changes-to-options.h.patch;patch=1 \
+           file://configure.patch;patch=1 \
+           file://fix-2kb-keys.patch;patch=1 \
+           file://allow-nopw.patch \
+           file://init"
+inherit autotools update-rc.d
+INITSCRIPT_NAME = "dropbear"
+INITSCRIPT_PARAMS = "defaults 10"
+CFLAGS_prepend = " -I. "
+LD = "${CC}"
+SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
+BINCOMMANDS = "dbclient ssh scp"
+EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+do_configure_prepend() {
+        if [ "x${DISTRO}" != "xfamiliar" -a "${DISTRO_TYPE}" == "debug" ]; then
+                oenote "WARNING: applying allow-nopw.patch which allows password-less logins!"
+                patch -p1 < ${WORKDIR}/allow-nopw.patch
+        fi
+}
+do_install() {
+        install -d ${D}${sysconfdir} \
+                   ${D}${sysconfdir}/init.d \
+                   ${D}${sysconfdir}/default \
+                   ${D}${sysconfdir}/dropbear \
+                   ${D}${bindir} \
+                   ${D}${sbindir} \
+                   ${D}${localstatedir}
+        install -m 0755 dropbearmulti ${D}${sbindir}/
+        ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
+        
+        for i in ${SBINCOMMANDS}
+        do
+                ln -s ./dropbearmulti ${D}${sbindir}/$i
+        done
+        cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \
+                                  -e 's,/usr/sbin,${sbindir},g' \
+                                  -e 's,/var,${localstatedir},g' \
+                                  -e 's,/usr/bin,${bindir},g' \
+                                  -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear
+        chmod 755 ${D}${sysconfdir}/init.d/dropbear
+}
+pkg_postinst () {
+        update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20
+        update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20
+}
+pkg_postrm_append () {
+  if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
+  fi
+  if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
+        rm ${sysconfdir}/dropbear/dropbear_dss_host_key
+  fi
+  update-alternatives --remove ssh ${bindir}/dropbearmulti
+  update-alternatives --remove scp ${bindir}/dropbearmulti
+}
diff --git a/meta/packages/dropbear/dropbear/allow-nopw.patch b/meta/packages/dropbear/dropbear/allow-nopw.patch
new file mode 100644
index 0000000000..1a709b8da0
--- /dev/null
+++ b/meta/packages/dropbear/dropbear/allow-nopw.patch
@@ -0,0 +1,37 @@
+diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c
+--- dropbear-0.45/svr-auth.c    2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/svr-auth.c    2005-03-08 15:22:43.998592744 -0800
+@@ -237,6 +237,7 @@
+        }
+ 
+        /* check for an empty password */
+#ifdef DISALLOW_EMPTY_PW
+        if (ses.authstate.pw->pw_passwd[0] == '\0') {
+                TRACE(("leave checkusername: empty pword"))
+                dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+@@ -244,7 +245,7 @@
+                send_msg_userauth_failure(0, 1);
+                return DROPBEAR_FAILURE;
+        }
+-
+#endif
+        TRACE(("shell is %s", ses.authstate.pw->pw_shell))
+ 
+        /* check that the shell is set */
+diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c
+--- dropbear-0.45/svr-authpasswd.c      2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/svr-authpasswd.c      2005-03-08 15:22:44.010591023 -0800
+@@ -64,9 +64,13 @@
+         * since the shadow password may differ to that tested
+         * in auth.c */
+        if (passwdcrypt[0] == '\0') {
+#ifdef DISALLOW_EMPTY_PASSWD
+                dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+                                ses.authstate.printableuser);
+                send_msg_userauth_failure(0, 1);
+#else
+               send_msg_userauth_success();
+#endif
+                return;
+        }
+ 
diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
new file mode 100644
index 0000000000..bc4c461fee
--- /dev/null
+++ b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
+Date: Sun, 11 Dec 2005 23:30:02 +0800
+From: Matt Johnston <matt@ucc.asn.au>
+To: dropbear@ucc.gu.uwa.edu.au
+Subject: Dropbear 0.47 (and security fix)
+Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
+Hi all.
+I've put up a new release 0.47 of Dropbear, which has
+various fixes and new features - see the change summary
+below. 
+http://matt.ucc.asn.au/dropbear/dropbear.html is the
+url as usual or directly at 
+http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
+This release also fixes a potential security issue, which
+may allow authenticated users to run arbitrary code as the
+server user. I'm unsure exactly how likely it is to be
+exploitable, but anyone who's running a multi-user server is
+advised to upgrade. For older releases, the patch is:
+(against chanesssion.c for 0.43 and earlier).
+--- dropbear/svr-chansession.c
+++ dropbear/svr-chansession.c
+@@ -810,7 +810,7 @@
+        /* need to increase size */
+        if (i == svr_ses.childpidsize) {
+                svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
+-                               sizeof(struct ChildPid) * svr_ses.childpidsize+1);
+                               sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
+                svr_ses.childpidsize++;
+        }
+        
+Matt
+0.47 - Thurs Dec 8 2005
+- SECURITY: fix for buffer allocation error in server code, could potentially
+  allow authenticated users to gain elevated privileges. All multi-user systems
+  running the server should upgrade (or apply the patch available on the
+  Dropbear webpage).
+- Fix channel handling code so that redirecting to /dev/null doesn't use
+  100% CPU.
+- Turn on zlib compression for dbclient.
+- Set "low delay" TOS bit, can significantly improve interactivity
+  over some links.
+- Added client keyboard-interactive mode support, allows operation with
+  newer OpenSSH servers in default config.
+- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
+- Improve logging of assertions
+- Added aes-256 cipher and sha1-96 hmac.
+- Fix twofish so that it actually works.
+- Improve PAM prompt comparison.
+- Added -g (dbclient) and -a (dropbear server) options to allow
+  connections to listening forwarded ports from remote machines.
+- Various other minor fixes
+- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
+  (netinet/in_systm.h needs to be included).
diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear/configure.patch
new file mode 100644
index 0000000000..9ae84b2604
--- /dev/null
+++ b/meta/packages/dropbear/dropbear/configure.patch
@@ -0,0 +1,27 @@
+diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
+--- dropbear-0.45/configure.in  2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/configure.in  2005-03-08 15:22:44.040586721 -0800
+@@ -161,15 +161,20 @@
+                        AC_MSG_RESULT(Not using openpty)
+                else
+                        AC_MSG_RESULT(Using openpty if available)
+-                       AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
+                       AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+                fi
+        ],
+        [
+                AC_MSG_RESULT(Using openpty if available)
+-               AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
+               AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+        ]
+ )
+-               
+
+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
+       AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
+       no_ptc_check=yes
+       no_ptmx_check=yes
+fi
+ 
+ AC_ARG_ENABLE(syslog,
+        [  --disable-syslog        Don't include syslog support],
diff --git a/meta/packages/dropbear/dropbear/fix-2kb-keys.patch b/meta/packages/dropbear/dropbear/fix-2kb-keys.patch
new file mode 100644
index 0000000000..ba2b19d44a
--- /dev/null
+++ b/meta/packages/dropbear/dropbear/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
+diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
+--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800
+@@ -64,6 +64,6 @@
+ 
+ };
+ 
+-#define MAX_KEXHASHBUF 2000
+#define MAX_KEXHASHBUF 3000
+ 
+ #endif /* _KEX_H_ */
diff --git a/meta/packages/dropbear/dropbear/init b/meta/packages/dropbear/dropbear/init
new file mode 100755
index 0000000000..d019bdb4ba
--- /dev/null
+++ b/meta/packages/dropbear/dropbear/init
@@ -0,0 +1,98 @@
+#!/bin/sh
+#
+# Do not configure this file. Edit /etc/default/dropbear instead!
+#
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/dropbear
+NAME=dropbear
+DESC="Dropbear SSH server"
+DROPBEAR_PORT=22
+DROPBEAR_EXTRA_ARGS=
+NO_START=0
+set -e
+test ! -r /etc/default/dropbear || . /etc/default/dropbear
+test "$NO_START" = "0" || exit 0
+test -x "$DAEMON" || exit 0
+test ! -h /var/service/dropbear || exit 0
+readonly_rootfs=0
+for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
+  case $flag in
+   ro)
+     readonly_rootfs=1
+     ;;
+  esac
+done
+if [ $readonly_rootfs = "1" ]; then
+  mkdir -p /var/lib/dropbear
+  DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
+  DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
+else
+  DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+  DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
+fi
+test -z "$DROPBEAR_BANNER" || \
+  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
+test -n "$DROPBEAR_RSAKEY" || \
+  DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+test -n "$DROPBEAR_DSSKEY" || \
+  DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
+test -n "$DROPBEAR_KEYTYPES" || \
+  DROPBEAR_KEYTYPES="rsa"
+gen_keys() {
+for t in $DROPBEAR_KEYTYPES; do
+  case $t in
+    rsa)
+        test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
+        ;;
+    dsa)
+        test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
+        ;;
+  esac
+done
+}
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        gen_keys
+        KEY_ARGS=""
+        test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+        test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+        start-stop-daemon -S \
+          -x "$DAEMON" -- $KEY_ARGS \
+            -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+        echo "$NAME."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon -K -x "$DAEMON"
+        echo "$NAME."
+        ;;
+  restart|force-reload)
+        echo -n "Restarting $DESC: "
+        start-stop-daemon -K -x "$DAEMON"
+        sleep 1
+        KEY_ARGS=""
+        test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+        test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+        start-stop-daemon -S \
+          -x "$DAEMON" -- $KEY_ARGS \
+            -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+        echo "$NAME."
+        ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/meta/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/meta/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000000..e2b1dd5da5
--- /dev/null
+++ b/meta/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,21 @@
+diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
+--- dropbear-0.45/options.h     2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/options.h     2005-03-08 15:25:09.368742090 -0800
+@@ -143,7 +143,7 @@
+  * however significantly reduce the security of your ssh connections
+  * if the PRNG state becomes guessable - make sure you know what you are
+  * doing if you change this. */
+-#define DROPBEAR_RANDOM_DEV "/dev/random"
+#define DROPBEAR_RANDOM_DEV "/dev/urandom"
+ 
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
+@@ -167,7 +167,7 @@
+ /* The command to invoke for xauth when using X11 forwarding.
+  * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
+#define XAUTH_COMMAND "xauth -q"
+ #endif
+ 
+ /* if you want to enable running an sftp server (such as the one included with
diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.47.bb
new file mode 100644
index 0000000000..5990260b87
--- /dev/null
+++ b/meta/packages/dropbear/dropbear_0.47.bb
@@ -0,0 +1,3 @@
+include dropbear.inc
+PR = "r2"

diff --git a/meta/packages/dropbear/dropbear.inc b/meta/packages/dropbear/dropbear.inc new file mode 100644 index 0000000000..301ac24cb2 --- /dev/null +++ b/meta/packages/dropbear/dropbear.inc
@@ -0,0 +1,73 @@
	1	DESCRIPTION = "Dropbear is a lightweight SSH and SCP Implementation"
	2	HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
	3	SECTION = "console/network"
	4	LICENSE = "MIT"
	5	DEPENDS = "zlib"
	6	PROVIDES = "ssh sshd"
	7	RPROVIDES = "ssh sshd"
	8
	9	SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \
	10	file://urandom-xauth-changes-to-options.h.patch;patch=1 \
	11	file://configure.patch;patch=1 \
	12	file://fix-2kb-keys.patch;patch=1 \
	13	file://allow-nopw.patch \
	14	file://init"
	15
	16	inherit autotools update-rc.d
	17
	18	INITSCRIPT_NAME = "dropbear"
	19	INITSCRIPT_PARAMS = "defaults 10"
	20
	21	CFLAGS_prepend = " -I. "
	22	LD = "${CC}"
	23
	24	SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
	25	BINCOMMANDS = "dbclient ssh scp"
	26	EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
	27
	28	do_configure_prepend() {
	29	if [ "x${DISTRO}" != "xfamiliar" -a "${DISTRO_TYPE}" == "debug" ]; then
	30	oenote "WARNING: applying allow-nopw.patch which allows password-less logins!"
	31	patch -p1 < ${WORKDIR}/allow-nopw.patch
	32	fi
	33	}
	34
	35	do_install() {
	36	install -d ${D}${sysconfdir} \
	37	${D}${sysconfdir}/init.d \
	38	${D}${sysconfdir}/default \
	39	${D}${sysconfdir}/dropbear \
	40	${D}${bindir} \
	41	${D}${sbindir} \
	42	${D}${localstatedir}
	43
	44	install -m 0755 dropbearmulti ${D}${sbindir}/
	45	ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
	46
	47	for i in ${SBINCOMMANDS}
	48	do
	49	ln -s ./dropbearmulti ${D}${sbindir}/$i
	50	done
	51	cat ${WORKDIR}/init \| sed -e 's,/etc,${sysconfdir},g' \
	52	-e 's,/usr/sbin,${sbindir},g' \
	53	-e 's,/var,${localstatedir},g' \
	54	-e 's,/usr/bin,${bindir},g' \
	55	-e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear
	56	chmod 755 ${D}${sysconfdir}/init.d/dropbear
	57	}
	58
	59	pkg_postinst () {
	60	update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20
	61	update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20
	62	}
	63
	64	pkg_postrm_append () {
	65	if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
	66	rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
	67	fi
	68	if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
	69	rm ${sysconfdir}/dropbear/dropbear_dss_host_key
	70	fi
	71	update-alternatives --remove ssh ${bindir}/dropbearmulti
	72	update-alternatives --remove scp ${bindir}/dropbearmulti
	73	}


diff --git a/meta/packages/dropbear/dropbear/allow-nopw.patch b/meta/packages/dropbear/dropbear/allow-nopw.patch new file mode 100644 index 0000000000..1a709b8da0 --- /dev/null +++ b/meta/packages/dropbear/dropbear/allow-nopw.patch
@@ -0,0 +1,37 @@
	1	diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c
	2	--- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800
	3	+++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800
	4	@@ -237,6 +237,7 @@
	5	}
	6
	7	/* check for an empty password */
	8	+#ifdef DISALLOW_EMPTY_PW
	9	if (ses.authstate.pw->pw_passwd[0] == '\0') {
	10	TRACE(("leave checkusername: empty pword"))
	11	dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
	12	@@ -244,7 +245,7 @@
	13	send_msg_userauth_failure(0, 1);
	14	return DROPBEAR_FAILURE;
	15	}
	16	-
	17	+#endif
	18	TRACE(("shell is %s", ses.authstate.pw->pw_shell))
	19
	20	/* check that the shell is set */
	21	diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c
	22	--- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800
	23	+++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800
	24	@@ -64,9 +64,13 @@
	25	* since the shadow password may differ to that tested
	26	* in auth.c */
	27	if (passwdcrypt[0] == '\0') {
	28	+#ifdef DISALLOW_EMPTY_PASSWD
	29	dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
	30	ses.authstate.printableuser);
	31	send_msg_userauth_failure(0, 1);
	32	+#else
	33	+ send_msg_userauth_success();
	34	+#endif
	35	return;
	36	}
	37


diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch new file mode 100644 index 0000000000..bc4c461fee --- /dev/null +++ b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
	1	Date: Sun, 11 Dec 2005 23:30:02 +0800
	2	From: Matt Johnston <matt@ucc.asn.au>
	3	To: dropbear@ucc.gu.uwa.edu.au
	4	Subject: Dropbear 0.47 (and security fix)
	5	Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
	6
	7	Hi all.
	8
	9	I've put up a new release 0.47 of Dropbear, which has
	10	various fixes and new features - see the change summary
	11	below.
	12	http://matt.ucc.asn.au/dropbear/dropbear.html is the
	13	url as usual or directly at
	14	http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
	15
	16	This release also fixes a potential security issue, which
	17	may allow authenticated users to run arbitrary code as the
	18	server user. I'm unsure exactly how likely it is to be
	19	exploitable, but anyone who's running a multi-user server is
	20	advised to upgrade. For older releases, the patch is:
	21	(against chanesssion.c for 0.43 and earlier).
	22
	23	--- dropbear/svr-chansession.c
	24	+++ dropbear/svr-chansession.c
	25	@@ -810,7 +810,7 @@
	26	/* need to increase size */
	27	if (i == svr_ses.childpidsize) {
	28	svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
	29	- sizeof(struct ChildPid) * svr_ses.childpidsize+1);
	30	+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
	31	svr_ses.childpidsize++;
	32	}
	33
	34
	35	Matt
	36
	37
	38	0.47 - Thurs Dec 8 2005
	39
	40	- SECURITY: fix for buffer allocation error in server code, could potentially
	41	allow authenticated users to gain elevated privileges. All multi-user systems
	42	running the server should upgrade (or apply the patch available on the
	43	Dropbear webpage).
	44
	45	- Fix channel handling code so that redirecting to /dev/null doesn't use
	46	100% CPU.
	47
	48	- Turn on zlib compression for dbclient.
	49
	50	- Set "low delay" TOS bit, can significantly improve interactivity
	51	over some links.
	52
	53	- Added client keyboard-interactive mode support, allows operation with
	54	newer OpenSSH servers in default config.
	55
	56	- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
	57
	58	- Improve logging of assertions
	59
	60	- Added aes-256 cipher and sha1-96 hmac.
	61
	62	- Fix twofish so that it actually works.
	63
	64	- Improve PAM prompt comparison.
	65
	66	- Added -g (dbclient) and -a (dropbear server) options to allow
	67	connections to listening forwarded ports from remote machines.
	68
	69	- Various other minor fixes
	70
	71	- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
	72	(netinet/in_systm.h needs to be included).
	73
	74


diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear/configure.patch new file mode 100644 index 0000000000..9ae84b2604 --- /dev/null +++ b/meta/packages/dropbear/dropbear/configure.patch
@@ -0,0 +1,27 @@
	1	diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
	2	--- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800
	3	+++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800
	4	@@ -161,15 +161,20 @@
	5	AC_MSG_RESULT(Not using openpty)
	6	else
	7	AC_MSG_RESULT(Using openpty if available)
	8	- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
	9	+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
	10	fi
	11	],
	12	[
	13	AC_MSG_RESULT(Using openpty if available)
	14	- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
	15	+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
	16	]
	17	)
	18	-
	19	+
	20	+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
	21	+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
	22	+ no_ptc_check=yes
	23	+ no_ptmx_check=yes
	24	+fi
	25
	26	AC_ARG_ENABLE(syslog,
	27	[ --disable-syslog Don't include syslog support],


diff --git a/meta/packages/dropbear/dropbear/fix-2kb-keys.patch b/meta/packages/dropbear/dropbear/fix-2kb-keys.patch new file mode 100644 index 0000000000..ba2b19d44a --- /dev/null +++ b/meta/packages/dropbear/dropbear/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
	1	diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
	2	--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800
	3	+++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800
	4	@@ -64,6 +64,6 @@
	5
	6	};
	7
	8	-#define MAX_KEXHASHBUF 2000
	9	+#define MAX_KEXHASHBUF 3000
	10
	11	#endif /* _KEX_H_ */


diff --git a/meta/packages/dropbear/dropbear/init b/meta/packages/dropbear/dropbear/init new file mode 100755 index 0000000000..d019bdb4ba --- /dev/null +++ b/meta/packages/dropbear/dropbear/init
@@ -0,0 +1,98 @@
	1	#!/bin/sh
	2	#
	3	# Do not configure this file. Edit /etc/default/dropbear instead!
	4	#
	5
	6	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	7	DAEMON=/usr/sbin/dropbear
	8	NAME=dropbear
	9	DESC="Dropbear SSH server"
	10
	11	DROPBEAR_PORT=22
	12	DROPBEAR_EXTRA_ARGS=
	13	NO_START=0
	14
	15	set -e
	16
	17	test ! -r /etc/default/dropbear \|\| . /etc/default/dropbear
	18	test "$NO_START" = "0" \|\| exit 0
	19	test -x "$DAEMON" \|\| exit 0
	20	test ! -h /var/service/dropbear \|\| exit 0
	21
	22	readonly_rootfs=0
	23	for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
	24	case $flag in
	25	ro)
	26	readonly_rootfs=1
	27	;;
	28	esac
	29	done
	30
	31	if [ $readonly_rootfs = "1" ]; then
	32	mkdir -p /var/lib/dropbear
	33	DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
	34	DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
	35	else
	36	DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
	37	DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
	38	fi
	39
	40	test -z "$DROPBEAR_BANNER" \|\| \
	41	DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
	42	test -n "$DROPBEAR_RSAKEY" \|\| \
	43	DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
	44	test -n "$DROPBEAR_DSSKEY" \|\| \
	45	DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
	46	test -n "$DROPBEAR_KEYTYPES" \|\| \
	47	DROPBEAR_KEYTYPES="rsa"
	48
	49	gen_keys() {
	50	for t in $DROPBEAR_KEYTYPES; do
	51	case $t in
	52	rsa)
	53	test -f $DROPBEAR_RSAKEY \|\| dropbearkey -t rsa -f $DROPBEAR_RSAKEY
	54	;;
	55	dsa)
	56	test -f $DROPBEAR_DSSKEY \|\| dropbearkey -t dss -f $DROPBEAR_DSSKEY
	57	;;
	58	esac
	59	done
	60	}
	61
	62	case "$1" in
	63	start)
	64	echo -n "Starting $DESC: "
	65	gen_keys
	66	KEY_ARGS=""
	67	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
	68	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
	69	start-stop-daemon -S \
	70	-x "$DAEMON" -- $KEY_ARGS \
	71	-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
	72	echo "$NAME."
	73	;;
	74	stop)
	75	echo -n "Stopping $DESC: "
	76	start-stop-daemon -K -x "$DAEMON"
	77	echo "$NAME."
	78	;;
	79	restart\|force-reload)
	80	echo -n "Restarting $DESC: "
	81	start-stop-daemon -K -x "$DAEMON"
	82	sleep 1
	83	KEY_ARGS=""
	84	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
	85	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
	86	start-stop-daemon -S \
	87	-x "$DAEMON" -- $KEY_ARGS \
	88	-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
	89	echo "$NAME."
	90	;;
	91	*)
	92	N=/etc/init.d/$NAME
	93	echo "Usage: $N {start\|stop\|restart\|force-reload}" >&2
	94	exit 1
	95	;;
	96	esac
	97
	98	exit 0


diff --git a/meta/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/meta/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..e2b1dd5da5 --- /dev/null +++ b/meta/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,21 @@
	1	diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
	2	--- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800
	3	+++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800
	4	@@ -143,7 +143,7 @@
	5	* however significantly reduce the security of your ssh connections
	6	* if the PRNG state becomes guessable - make sure you know what you are
	7	* doing if you change this. */
	8	-#define DROPBEAR_RANDOM_DEV "/dev/random"
	9	+#define DROPBEAR_RANDOM_DEV "/dev/urandom"
	10
	11	/* prngd must be manually set up to produce output */
	12	/#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"/
	13	@@ -167,7 +167,7 @@
	14	/* The command to invoke for xauth when using X11 forwarding.
	15	* "-q" for quiet */
	16	#ifndef XAUTH_COMMAND
	17	-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
	18	+#define XAUTH_COMMAND "xauth -q"
	19	#endif
	20
	21	/* if you want to enable running an sftp server (such as the one included with


diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.47.bb new file mode 100644 index 0000000000..5990260b87 --- /dev/null +++ b/meta/packages/dropbear/dropbear_0.47.bb
@@ -0,0 +1,3 @@
	1	include dropbear.inc
	2
	3	PR = "r2"