diff options
Diffstat (limited to 'meta/packages')
| -rw-r--r-- | meta/packages/dropbear/dropbear-0.49/configure.patch (renamed from meta/packages/dropbear/dropbear/configure.patch) | 18 | ||||
| -rw-r--r-- | meta/packages/dropbear/dropbear/chansession-security-fix.patch | 74 | ||||
| -rw-r--r-- | meta/packages/dropbear/dropbear_0.49.bb (renamed from meta/packages/dropbear/dropbear_0.47.bb) | 2 |
3 files changed, 9 insertions, 85 deletions
diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear-0.49/configure.patch index 9ae84b260..8d11b23f1 100644 --- a/meta/packages/dropbear/dropbear/configure.patch +++ b/meta/packages/dropbear/dropbear-0.49/configure.patch @@ -1,27 +1,27 @@ -diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in ---- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800 -@@ -161,15 +161,20 @@ - AC_MSG_RESULT(Not using openpty) +Index: dropbear-0.49/configure.in +=================================================================== +--- dropbear-0.49.orig/configure.in ++++ dropbear-0.49/configure.in +@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty, + AC_MSG_NOTICE(Not using openpty) else - AC_MSG_RESULT(Using openpty if available) + AC_MSG_NOTICE(Using openpty if available) - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) fi ], [ - AC_MSG_RESULT(Using openpty if available) + AC_MSG_NOTICE(Using openpty if available) - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) ] ) -- + +if test "x$dropbear_cv_func_have_openpty" = "xyes"; then + AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) + no_ptc_check=yes + no_ptmx_check=yes +fi + AC_ARG_ENABLE(syslog, - [ --disable-syslog Don't include syslog support], diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch deleted file mode 100644 index bc4c461fe..000000000 --- a/meta/packages/dropbear/dropbear/chansession-security-fix.patch +++ /dev/null @@ -1,74 +0,0 @@ -Date: Sun, 11 Dec 2005 23:30:02 +0800 -From: Matt Johnston <matt@ucc.asn.au> -To: dropbear@ucc.gu.uwa.edu.au -Subject: Dropbear 0.47 (and security fix) -Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au> - -Hi all. - -I've put up a new release 0.47 of Dropbear, which has -various fixes and new features - see the change summary -below. -http://matt.ucc.asn.au/dropbear/dropbear.html is the -url as usual or directly at -http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2 - -This release also fixes a potential security issue, which -may allow authenticated users to run arbitrary code as the -server user. I'm unsure exactly how likely it is to be -exploitable, but anyone who's running a multi-user server is -advised to upgrade. For older releases, the patch is: -(against chanesssion.c for 0.43 and earlier). - ---- dropbear/svr-chansession.c -+++ dropbear/svr-chansession.c -@@ -810,7 +810,7 @@ - /* need to increase size */ - if (i == svr_ses.childpidsize) { - svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids, -- sizeof(struct ChildPid) * svr_ses.childpidsize+1); -+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1)); - svr_ses.childpidsize++; - } - - -Matt - - -0.47 - Thurs Dec 8 2005 - -- SECURITY: fix for buffer allocation error in server code, could potentially - allow authenticated users to gain elevated privileges. All multi-user systems - running the server should upgrade (or apply the patch available on the - Dropbear webpage). - -- Fix channel handling code so that redirecting to /dev/null doesn't use - 100% CPU. - -- Turn on zlib compression for dbclient. - -- Set "low delay" TOS bit, can significantly improve interactivity - over some links. - -- Added client keyboard-interactive mode support, allows operation with - newer OpenSSH servers in default config. - -- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions - -- Improve logging of assertions - -- Added aes-256 cipher and sha1-96 hmac. - -- Fix twofish so that it actually works. - -- Improve PAM prompt comparison. - -- Added -g (dbclient) and -a (dropbear server) options to allow - connections to listening forwarded ports from remote machines. - -- Various other minor fixes - -- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD - (netinet/in_systm.h needs to be included). - - diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.49.bb index b8467e1e7..f98c0ac8f 100644 --- a/meta/packages/dropbear/dropbear_0.47.bb +++ b/meta/packages/dropbear/dropbear_0.49.bb @@ -1,3 +1 @@ require dropbear.inc - -PR = "r2" |