diff options
author | Richard Purdie <richard@openedhand.com> | 2006-02-10 14:33:55 +0000 |
---|---|---|
committer | Richard Purdie <richard@openedhand.com> | 2006-02-10 14:33:55 +0000 |
commit | 5fb35ca11147ed30c619cf93e19331fd835f3da9 (patch) | |
tree | 45f05442e8a91453bfea03a29fb3cb96f49d80e5 /openembedded/packages/dropbear | |
parent | 42dfbb2a0223ba5d091f053ad5401ecce6446e41 (diff) | |
download | openembedded-core-5fb35ca11147ed30c619cf93e19331fd835f3da9.tar.gz openembedded-core-5fb35ca11147ed30c619cf93e19331fd835f3da9.tar.bz2 openembedded-core-5fb35ca11147ed30c619cf93e19331fd835f3da9.tar.xz openembedded-core-5fb35ca11147ed30c619cf93e19331fd835f3da9.zip |
Apply more chanegs from OE
git-svn-id: https://svn.o-hand.com/repos/poky/trunk@272 311d38ba-8fff-0310-9ca6-ca027cbcb966
Diffstat (limited to 'openembedded/packages/dropbear')
-rw-r--r-- | openembedded/packages/dropbear/dropbear/chansession-security-fix.patch | 74 | ||||
-rw-r--r-- | openembedded/packages/dropbear/dropbear_0.46.bb | 3 |
2 files changed, 76 insertions, 1 deletions
diff --git a/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch b/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch new file mode 100644 index 000000000..bc4c461fe --- /dev/null +++ b/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch @@ -0,0 +1,74 @@ +Date: Sun, 11 Dec 2005 23:30:02 +0800 +From: Matt Johnston <matt@ucc.asn.au> +To: dropbear@ucc.gu.uwa.edu.au +Subject: Dropbear 0.47 (and security fix) +Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au> + +Hi all. + +I've put up a new release 0.47 of Dropbear, which has +various fixes and new features - see the change summary +below. +http://matt.ucc.asn.au/dropbear/dropbear.html is the +url as usual or directly at +http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2 + +This release also fixes a potential security issue, which +may allow authenticated users to run arbitrary code as the +server user. I'm unsure exactly how likely it is to be +exploitable, but anyone who's running a multi-user server is +advised to upgrade. For older releases, the patch is: +(against chanesssion.c for 0.43 and earlier). + +--- dropbear/svr-chansession.c ++++ dropbear/svr-chansession.c +@@ -810,7 +810,7 @@ + /* need to increase size */ + if (i == svr_ses.childpidsize) { + svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids, +- sizeof(struct ChildPid) * svr_ses.childpidsize+1); ++ sizeof(struct ChildPid) * (svr_ses.childpidsize+1)); + svr_ses.childpidsize++; + } + + +Matt + + +0.47 - Thurs Dec 8 2005 + +- SECURITY: fix for buffer allocation error in server code, could potentially + allow authenticated users to gain elevated privileges. All multi-user systems + running the server should upgrade (or apply the patch available on the + Dropbear webpage). + +- Fix channel handling code so that redirecting to /dev/null doesn't use + 100% CPU. + +- Turn on zlib compression for dbclient. + +- Set "low delay" TOS bit, can significantly improve interactivity + over some links. + +- Added client keyboard-interactive mode support, allows operation with + newer OpenSSH servers in default config. + +- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions + +- Improve logging of assertions + +- Added aes-256 cipher and sha1-96 hmac. + +- Fix twofish so that it actually works. + +- Improve PAM prompt comparison. + +- Added -g (dbclient) and -a (dropbear server) options to allow + connections to listening forwarded ports from remote machines. + +- Various other minor fixes + +- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD + (netinet/in_systm.h needs to be included). + + diff --git a/openembedded/packages/dropbear/dropbear_0.46.bb b/openembedded/packages/dropbear/dropbear_0.46.bb index 80373e3a1..5bce95a71 100644 --- a/openembedded/packages/dropbear/dropbear_0.46.bb +++ b/openembedded/packages/dropbear/dropbear_0.46.bb @@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" SECTION = "console/network" LICENSE = "MIT" DEPENDS = "zlib" -PR = "r3" PROVIDES = "ssh sshd" +PR = "r4" SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ file://urandom-xauth-changes-to-options.h.patch;patch=1 \ file://configure.patch;patch=1 \ file://allow-nopw.patch \ file://fix-2kb-keys.patch;patch=1 \ + file://chansession-security-fix.patch;patch=1 \ file://init" inherit autotools update-rc.d |