2 files changed, 76 insertions, 1 deletions
diff --git a/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch b/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch
new file mode 100644
index 0000000000..bc4c461fee
--- /dev/null
+++ b/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
+Date: Sun, 11 Dec 2005 23:30:02 +0800
+From: Matt Johnston <matt@ucc.asn.au>
+To: dropbear@ucc.gu.uwa.edu.au
+Subject: Dropbear 0.47 (and security fix)
+Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
+Hi all.
+I've put up a new release 0.47 of Dropbear, which has
+various fixes and new features - see the change summary
+below. 
+http://matt.ucc.asn.au/dropbear/dropbear.html is the
+url as usual or directly at 
+http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
+This release also fixes a potential security issue, which
+may allow authenticated users to run arbitrary code as the
+server user. I'm unsure exactly how likely it is to be
+exploitable, but anyone who's running a multi-user server is
+advised to upgrade. For older releases, the patch is:
+(against chanesssion.c for 0.43 and earlier).
+--- dropbear/svr-chansession.c
+++ dropbear/svr-chansession.c
+@@ -810,7 +810,7 @@
+        /* need to increase size */
+        if (i == svr_ses.childpidsize) {
+                svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
+-                               sizeof(struct ChildPid) * svr_ses.childpidsize+1);
+                               sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
+                svr_ses.childpidsize++;
+        }
+        
+Matt
+0.47 - Thurs Dec 8 2005
+- SECURITY: fix for buffer allocation error in server code, could potentially
+  allow authenticated users to gain elevated privileges. All multi-user systems
+  running the server should upgrade (or apply the patch available on the
+  Dropbear webpage).
+- Fix channel handling code so that redirecting to /dev/null doesn't use
+  100% CPU.
+- Turn on zlib compression for dbclient.
+- Set "low delay" TOS bit, can significantly improve interactivity
+  over some links.
+- Added client keyboard-interactive mode support, allows operation with
+  newer OpenSSH servers in default config.
+- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
+- Improve logging of assertions
+- Added aes-256 cipher and sha1-96 hmac.
+- Fix twofish so that it actually works.
+- Improve PAM prompt comparison.
+- Added -g (dbclient) and -a (dropbear server) options to allow
+  connections to listening forwarded ports from remote machines.
+- Various other minor fixes
+- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
+  (netinet/in_systm.h needs to be included).
diff --git a/openembedded/packages/dropbear/dropbear_0.46.bb b/openembedded/packages/dropbear/dropbear_0.46.bb
index 80373e3a1b..5bce95a71d 100644
--- a/openembedded/packages/dropbear/dropbear_0.46.bb
+++ b/openembedded/packages/dropbear/dropbear_0.46.bb
@@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
 SECTION = "console/network"
 LICENSE = "MIT"
 DEPENDS = "zlib"
-PR = "r3"
 PROVIDES = "ssh sshd"
+PR = "r4"
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
           file://urandom-xauth-changes-to-options.h.patch;patch=1 \
           file://configure.patch;patch=1 \
           file://allow-nopw.patch \
           file://fix-2kb-keys.patch;patch=1 \
+           file://chansession-security-fix.patch;patch=1 \
           file://init"
 inherit autotools update-rc.d

diff --git a/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch b/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch new file mode 100644 index 0000000000..bc4c461fee --- /dev/null +++ b/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
		1	Date: Sun, 11 Dec 2005 23:30:02 +0800
		2	From: Matt Johnston <matt@ucc.asn.au>
		3	To: dropbear@ucc.gu.uwa.edu.au
		4	Subject: Dropbear 0.47 (and security fix)
		5	Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
		6
		7	Hi all.
		8
		9	I've put up a new release 0.47 of Dropbear, which has
		10	various fixes and new features - see the change summary
		11	below.
		12	http://matt.ucc.asn.au/dropbear/dropbear.html is the
		13	url as usual or directly at
		14	http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
		15
		16	This release also fixes a potential security issue, which
		17	may allow authenticated users to run arbitrary code as the
		18	server user. I'm unsure exactly how likely it is to be
		19	exploitable, but anyone who's running a multi-user server is
		20	advised to upgrade. For older releases, the patch is:
		21	(against chanesssion.c for 0.43 and earlier).
		22
		23	--- dropbear/svr-chansession.c
		24	+++ dropbear/svr-chansession.c
		25	@@ -810,7 +810,7 @@
		26	/* need to increase size */
		27	if (i == svr_ses.childpidsize) {
		28	svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
		29	- sizeof(struct ChildPid) * svr_ses.childpidsize+1);
		30	+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
		31	svr_ses.childpidsize++;
		32	}
		33
		34
		35	Matt
		36
		37
		38	0.47 - Thurs Dec 8 2005
		39
		40	- SECURITY: fix for buffer allocation error in server code, could potentially
		41	allow authenticated users to gain elevated privileges. All multi-user systems
		42	running the server should upgrade (or apply the patch available on the
		43	Dropbear webpage).
		44
		45	- Fix channel handling code so that redirecting to /dev/null doesn't use
		46	100% CPU.
		47
		48	- Turn on zlib compression for dbclient.
		49
		50	- Set "low delay" TOS bit, can significantly improve interactivity
		51	over some links.
		52
		53	- Added client keyboard-interactive mode support, allows operation with
		54	newer OpenSSH servers in default config.
		55
		56	- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
		57
		58	- Improve logging of assertions
		59
		60	- Added aes-256 cipher and sha1-96 hmac.
		61
		62	- Fix twofish so that it actually works.
		63
		64	- Improve PAM prompt comparison.
		65
		66	- Added -g (dbclient) and -a (dropbear server) options to allow
		67	connections to listening forwarded ports from remote machines.
		68
		69	- Various other minor fixes
		70
		71	- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
		72	(netinet/in_systm.h needs to be included).
		73
		74


diff --git a/openembedded/packages/dropbear/dropbear_0.46.bb b/openembedded/packages/dropbear/dropbear_0.46.bb index 80373e3a1b..5bce95a71d 100644 --- a/openembedded/packages/dropbear/dropbear_0.46.bb +++ b/openembedded/packages/dropbear/dropbear_0.46.bb
@@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
3	SECTION = "console/network"	3	SECTION = "console/network"
4	LICENSE = "MIT"	4	LICENSE = "MIT"
5	DEPENDS = "zlib"	5	DEPENDS = "zlib"
6	PR = "r3"
7	PROVIDES = "ssh sshd"	6	PROVIDES = "ssh sshd"
		7	PR = "r4"
8		8
9	SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \	9	SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
10	file://urandom-xauth-changes-to-options.h.patch;patch=1 \	10	file://urandom-xauth-changes-to-options.h.patch;patch=1 \
11	file://configure.patch;patch=1 \	11	file://configure.patch;patch=1 \
12	file://allow-nopw.patch \	12	file://allow-nopw.patch \
13	file://fix-2kb-keys.patch;patch=1 \	13	file://fix-2kb-keys.patch;patch=1 \
		14	file://chansession-security-fix.patch;patch=1 \
14	file://init"	15	file://init"
15		16
16	inherit autotools update-rc.d	17	inherit autotools update-rc.d