From 77729926361b97bc4f22fa2c5f1422301179c80a Mon Sep 17 00:00:00 2001 From: florian Date: Tue, 4 Dec 2012 16:40:17 +0000 Subject: [PATCH] dropbear: update to 2012.55 and refresh patches Upstream has a few code cleanups, more eagerly burns sensitive memory and includes the fix for CVE-2012-0920. Full changelog: https://matt.ucc.asn.au/dropbear/CHANGES Local changes: - Removed PKG_MULTI which is no longer in options.h (even before 2011.54) - Merged DO_HOST_LOOKUP into 120-openwrt_options.patch - Removed LD from make opts (now included in TARGET_CONFIGURE_OPTS) - Removed 400-CVE-2012-0920.patch which is included in 2012.55 Signed-off-by: Catalin Patulea Signed-off-by: Florian Fainelli git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34496 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/network/services/dropbear/Makefile | 12 +-- .../dropbear/patches/110-change_user.patch | 2 +- .../patches/120-openwrt_options.patch | 7 +- .../dropbear/patches/140-disable_assert.patch | 2 +- .../dropbear/patches/400-CVE-2012-0920.patch | 91 ------------------- 5 files changed, 10 insertions(+), 104 deletions(-) delete mode 100644 package/network/services/dropbear/patches/400-CVE-2012-0920.patch diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index cd5b36825..b7708b1d0 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2011.54 +PKG_VERSION:=2012.55 PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ -PKG_MD5SUM:=c627ffe09570fad7aa94d8eac2b9320c +PKG_MD5SUM:=8c784baec3054cdb1bb4bfa792c87812 PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE @@ -72,21 +72,13 @@ CONFIGURE_ARGS += \ TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections TARGET_LDFLAGS += -Wl,--gc-sections -define Build/Configure - $(SED) 's,^/\* #define PKG_MULTI.*,#define PKG_MULTI,g' $(PKG_BUILD_DIR)/options.h - $(SED) 's,^#define DO_HOST_LOOKUP,/* & */,g' $(PKG_BUILD_DIR)/options.h - $(call Build/Configure/Default) -endef - define Build/Compile +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ $(TARGET_CONFIGURE_OPTS) \ - LD="$(TARGET_CC)" \ PROGRAMS="dropbear dbclient dropbearkey scp" \ MULTI=1 SCPPROGRESS=1 +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ $(TARGET_CONFIGURE_OPTS) \ - LD="$(TARGET_CC)" \ PROGRAMS="dropbearconvert" endef diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch index 55747bc4d..a354edad2 100644 --- a/package/network/services/dropbear/patches/110-change_user.patch +++ b/package/network/services/dropbear/patches/110-change_user.patch @@ -1,6 +1,6 @@ --- a/svr-chansession.c +++ b/svr-chansession.c -@@ -884,12 +884,12 @@ static void execchild(void *user_data) { +@@ -891,12 +891,12 @@ static void execchild(void *user_data) { /* We can only change uid/gid as root ... */ if (getuid() == 0) { diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 42204aa64..977f6312f 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -47,7 +47,12 @@ #define DROPBEAR_MD5_HMAC /* Hostkey/public key algorithms - at least one required, these are used -@@ -148,7 +148,7 @@ much traffic. */ +@@ -144,11 +144,11 @@ much traffic. */ + #endif + + /* Whether to do reverse DNS lookups. */ +-#define DO_HOST_LOOKUP ++/*#define DO_HOST_LOOKUP*/ /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch index e99376333..e00184a8f 100644 --- a/package/network/services/dropbear/patches/140-disable_assert.patch +++ b/package/network/services/dropbear/patches/140-disable_assert.patch @@ -1,6 +1,6 @@ --- a/dbutil.h +++ b/dbutil.h -@@ -94,6 +94,10 @@ int m_str_to_uint(const char* str, unsig +@@ -93,6 +93,10 @@ int m_str_to_uint(const char* str, unsig #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} /* Dropbear assertion */ diff --git a/package/network/services/dropbear/patches/400-CVE-2012-0920.patch b/package/network/services/dropbear/patches/400-CVE-2012-0920.patch deleted file mode 100644 index 164909f56..000000000 --- a/package/network/services/dropbear/patches/400-CVE-2012-0920.patch +++ /dev/null @@ -1,91 +0,0 @@ - -# HG changeset patch -# User Matt Johnston -# Date 1322947885 -28800 -# Node ID 818108bf7749bfecd4715a30e2583aac9dbe25e8 -# Parent 5e8d84f3ee7256d054ecf7e9f248765ccaa7f24f -- Fix use-after-free if multiple command requests were sent. Move -the original_command into chansess struct since that makes more sense - ---- a/auth.h -+++ b/auth.h -@@ -133,7 +133,6 @@ struct PubKeyOptions { - int no_pty_flag; - /* "command=" option. */ - unsigned char * forced_command; -- unsigned char * original_command; - }; - #endif - ---- a/chansession.h -+++ b/chansession.h -@@ -69,6 +69,10 @@ struct ChanSess { - char * agentfile; - char * agentdir; - #endif -+ -+#ifdef ENABLE_SVR_PUBKEY_OPTIONS -+ char *original_command; -+#endif - }; - - struct ChildPid { ---- a/svr-authpubkeyoptions.c -+++ b/svr-authpubkeyoptions.c -@@ -92,14 +92,15 @@ int svr_pubkey_allows_pty() { - * by any 'command' public key option. */ - void svr_pubkey_set_forced_command(struct ChanSess *chansess) { - if (ses.authstate.pubkey_options) { -- ses.authstate.pubkey_options->original_command = chansess->cmd; -- if (!chansess->cmd) -- { -- ses.authstate.pubkey_options->original_command = m_strdup(""); -+ if (chansess->cmd) { -+ /* original_command takes ownership */ -+ chansess->original_command = chansess->cmd; -+ } else { -+ chansess->original_command = m_strdup(""); - } -- chansess->cmd = ses.authstate.pubkey_options->forced_command; -+ chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command); - #ifdef LOG_COMMANDS -- dropbear_log(LOG_INFO, "Command forced to '%s'", ses.authstate.pubkey_options->original_command); -+ dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command); - #endif - } - } ---- a/svr-chansession.c -+++ b/svr-chansession.c -@@ -217,6 +217,8 @@ static int newchansess(struct Channel *c - - struct ChanSess *chansess; - -+ TRACE(("new chansess %p", channel)) -+ - dropbear_assert(channel->typedata == NULL); - - chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess)); -@@ -279,6 +281,10 @@ static void closechansess(struct Channel - m_free(chansess->cmd); - m_free(chansess->term); - -+#ifdef ENABLE_SVR_PUBKEY_OPTIONS -+ m_free(chansess->original_command); -+#endif -+ - if (chansess->tty) { - /* write the utmp/wtmp login record */ - li = chansess_login_alloc(chansess); -@@ -924,10 +930,8 @@ static void execchild(void *user_data) { - } - - #ifdef ENABLE_SVR_PUBKEY_OPTIONS -- if (ses.authstate.pubkey_options && -- ses.authstate.pubkey_options->original_command) { -- addnewvar("SSH_ORIGINAL_COMMAND", -- ses.authstate.pubkey_options->original_command); -+ if (chansess->original_command) { -+ addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command); - } - #endif -