summaryrefslogtreecommitdiff
path: root/meta/packages
diff options
context:
space:
mode:
Diffstat (limited to 'meta/packages')
-rw-r--r--meta/packages/dropbear/dropbear-0.49/configure.patch (renamed from meta/packages/dropbear/dropbear/configure.patch)18
-rw-r--r--meta/packages/dropbear/dropbear/chansession-security-fix.patch74
-rw-r--r--meta/packages/dropbear/dropbear_0.49.bb (renamed from meta/packages/dropbear/dropbear_0.47.bb)2
3 files changed, 9 insertions, 85 deletions
diff --git a/meta/packages/dropbear/dropbear/configure.patch b/meta/packages/dropbear/dropbear-0.49/configure.patch
index 9ae84b260..8d11b23f1 100644
--- a/meta/packages/dropbear/dropbear/configure.patch
+++ b/meta/packages/dropbear/dropbear-0.49/configure.patch
@@ -1,27 +1,27 @@
-diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
---- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800
-+++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800
-@@ -161,15 +161,20 @@
- AC_MSG_RESULT(Not using openpty)
+Index: dropbear-0.49/configure.in
+===================================================================
+--- dropbear-0.49.orig/configure.in
++++ dropbear-0.49/configure.in
+@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
+ AC_MSG_NOTICE(Not using openpty)
else
- AC_MSG_RESULT(Using openpty if available)
+ AC_MSG_NOTICE(Using openpty if available)
- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
fi
],
[
- AC_MSG_RESULT(Using openpty if available)
+ AC_MSG_NOTICE(Using openpty if available)
- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
]
)
--
+
+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
+ no_ptc_check=yes
+ no_ptmx_check=yes
+fi
+
AC_ARG_ENABLE(syslog,
- [ --disable-syslog Don't include syslog support],
diff --git a/meta/packages/dropbear/dropbear/chansession-security-fix.patch b/meta/packages/dropbear/dropbear/chansession-security-fix.patch
deleted file mode 100644
index bc4c461fe..000000000
--- a/meta/packages/dropbear/dropbear/chansession-security-fix.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-Date: Sun, 11 Dec 2005 23:30:02 +0800
-From: Matt Johnston <matt@ucc.asn.au>
-To: dropbear@ucc.gu.uwa.edu.au
-Subject: Dropbear 0.47 (and security fix)
-Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
-
-Hi all.
-
-I've put up a new release 0.47 of Dropbear, which has
-various fixes and new features - see the change summary
-below.
-http://matt.ucc.asn.au/dropbear/dropbear.html is the
-url as usual or directly at
-http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
-
-This release also fixes a potential security issue, which
-may allow authenticated users to run arbitrary code as the
-server user. I'm unsure exactly how likely it is to be
-exploitable, but anyone who's running a multi-user server is
-advised to upgrade. For older releases, the patch is:
-(against chanesssion.c for 0.43 and earlier).
-
---- dropbear/svr-chansession.c
-+++ dropbear/svr-chansession.c
-@@ -810,7 +810,7 @@
- /* need to increase size */
- if (i == svr_ses.childpidsize) {
- svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
-- sizeof(struct ChildPid) * svr_ses.childpidsize+1);
-+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
- svr_ses.childpidsize++;
- }
-
-
-Matt
-
-
-0.47 - Thurs Dec 8 2005
-
-- SECURITY: fix for buffer allocation error in server code, could potentially
- allow authenticated users to gain elevated privileges. All multi-user systems
- running the server should upgrade (or apply the patch available on the
- Dropbear webpage).
-
-- Fix channel handling code so that redirecting to /dev/null doesn't use
- 100% CPU.
-
-- Turn on zlib compression for dbclient.
-
-- Set "low delay" TOS bit, can significantly improve interactivity
- over some links.
-
-- Added client keyboard-interactive mode support, allows operation with
- newer OpenSSH servers in default config.
-
-- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
-
-- Improve logging of assertions
-
-- Added aes-256 cipher and sha1-96 hmac.
-
-- Fix twofish so that it actually works.
-
-- Improve PAM prompt comparison.
-
-- Added -g (dbclient) and -a (dropbear server) options to allow
- connections to listening forwarded ports from remote machines.
-
-- Various other minor fixes
-
-- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
- (netinet/in_systm.h needs to be included).
-
-
diff --git a/meta/packages/dropbear/dropbear_0.47.bb b/meta/packages/dropbear/dropbear_0.49.bb
index b8467e1e7..f98c0ac8f 100644
--- a/meta/packages/dropbear/dropbear_0.47.bb
+++ b/meta/packages/dropbear/dropbear_0.49.bb
@@ -1,3 +1 @@
require dropbear.inc
-
-PR = "r2"