dropbear: added security fix for 0.45 and 0.46 versions

Note from upstream author about 0.47 and fix for older: This release also fixes a potential security issue, which may allow authenticated users to run arbitrary code as the server user. I'm unsure exactly how likely it is to be exploitable, but anyone who's running a multi-user server is advised to upgrade. taken from .dev
author: Marcin Juszkiewicz <hrw@openembedded.org> 2005-12-20 13:06:04 +0000
committer: OpenEmbedded Project <openembedded-devel@lists.openembedded.org> 2005-12-20 13:06:04 +0000
commit: 707fac7112b6b633a69d85cf981b131ffa4a04d8 (patch)
tree: 1c5b6671749c62ae00014963979139f594b0856b /packages/dropbear
parent: 73d43184b0799c8b15b53aeb2c156dc20a141288 (diff)
download: openembedded-707fac7112b6b633a69d85cf981b131ffa4a04d8.tar.gz
3 files changed, 78 insertions, 2 deletions
diff --git a/packages/dropbear/dropbear/chansession-security-fix.patch b/packages/dropbear/dropbear/chansession-security-fix.patch
new file mode 100644
index 0000000000..bc4c461fee
--- /dev/null
+++ b/packages/dropbear/dropbear/chansession-security-fix.patch
@@ -0,0 +1,74 @@
+Date: Sun, 11 Dec 2005 23:30:02 +0800
+From: Matt Johnston <matt@ucc.asn.au>
+To: dropbear@ucc.gu.uwa.edu.au
+Subject: Dropbear 0.47 (and security fix)
+Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au>
+
+Hi all.
+
+I've put up a new release 0.47 of Dropbear, which has
+various fixes and new features - see the change summary
+below. 
+http://matt.ucc.asn.au/dropbear/dropbear.html is the
+url as usual or directly at 
+http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2
+
+This release also fixes a potential security issue, which
+may allow authenticated users to run arbitrary code as the
+server user. I'm unsure exactly how likely it is to be
+exploitable, but anyone who's running a multi-user server is
+advised to upgrade. For older releases, the patch is:
+(against chanesssion.c for 0.43 and earlier).
+
+--- dropbear/svr-chansession.c
++++ dropbear/svr-chansession.c
+@@ -810,7 +810,7 @@
+ 	/* need to increase size */
+ 	if (i == svr_ses.childpidsize) {
+ 		svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids,
+-				sizeof(struct ChildPid) * svr_ses.childpidsize+1);
++				sizeof(struct ChildPid) * (svr_ses.childpidsize+1));
+ 		svr_ses.childpidsize++;
+ 	}
+ 	
+
+Matt
+
+
+0.47 - Thurs Dec 8 2005
+
+- SECURITY: fix for buffer allocation error in server code, could potentially
+  allow authenticated users to gain elevated privileges. All multi-user systems
+  running the server should upgrade (or apply the patch available on the
+  Dropbear webpage).
+
+- Fix channel handling code so that redirecting to /dev/null doesn't use
+  100% CPU.
+
+- Turn on zlib compression for dbclient.
+
+- Set "low delay" TOS bit, can significantly improve interactivity
+  over some links.
+
+- Added client keyboard-interactive mode support, allows operation with
+  newer OpenSSH servers in default config.
+
+- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
+
+- Improve logging of assertions
+
+- Added aes-256 cipher and sha1-96 hmac.
+
+- Fix twofish so that it actually works.
+
+- Improve PAM prompt comparison.
+
+- Added -g (dbclient) and -a (dropbear server) options to allow
+  connections to listening forwarded ports from remote machines.
+
+- Various other minor fixes
+
+- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
+  (netinet/in_systm.h needs to be included).
+
+
diff --git a/packages/dropbear/dropbear_0.45.bb b/packages/dropbear/dropbear_0.45.bb
index 3a2b54072f..f6681b707c 100644
--- a/packages/dropbear/dropbear_0.45.bb
+++ b/packages/dropbear/dropbear_0.45.bb
@@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
 SECTION = "console/network"
 LICENSE = "MIT"
 DEPENDS = "zlib"
-PR = "r1"
 PROVIDES = "ssh sshd"
+PR = "r2"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
 	   file://urandom-xauth-changes-to-options.h.patch;patch=1 \
 	   file://configure.patch;patch=1 \
 	   file://allow-nopw.patch \
 	   file://fix-2kb-keys.patch;patch=1 \
+	   file://chansession-security-fix.patch;patch=1 \
 	   file://init"
 
 inherit autotools update-rc.d
diff --git a/packages/dropbear/dropbear_0.46.bb b/packages/dropbear/dropbear_0.46.bb
index 80373e3a1b..5bce95a71d 100644
--- a/packages/dropbear/dropbear_0.46.bb
+++ b/packages/dropbear/dropbear_0.46.bb
@@ -3,14 +3,15 @@ HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
 SECTION = "console/network"
 LICENSE = "MIT"
 DEPENDS = "zlib"
-PR = "r3"
 PROVIDES = "ssh sshd"
+PR = "r4"
 
 SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \
 	   file://urandom-xauth-changes-to-options.h.patch;patch=1 \
 	   file://configure.patch;patch=1 \
 	   file://allow-nopw.patch \
 	   file://fix-2kb-keys.patch;patch=1 \
+	   file://chansession-security-fix.patch;patch=1 \
 	   file://init"
 
 inherit autotools update-rc.d
author	Marcin Juszkiewicz <hrw@openembedded.org>	2005-12-20 13:06:04 +0000
committer	OpenEmbedded Project <openembedded-devel@lists.openembedded.org>	2005-12-20 13:06:04 +0000
commit	707fac7112b6b633a69d85cf981b131ffa4a04d8 (patch)
tree	1c5b6671749c62ae00014963979139f594b0856b /packages/dropbear
parent	73d43184b0799c8b15b53aeb2c156dc20a141288 (diff)
download	openembedded-707fac7112b6b633a69d85cf981b131ffa4a04d8.tar.gz