mirror of https://github.com/hak5/openwrt-owl.git
dropbear: upgrade to 0.51 - 160-tty_close merged upstream - patches refreshed
SVN-Revision: 11913owl
parent
f20dd0803c
commit
09e2dcc255
|
@ -1,5 +1,5 @@
|
|||
#
|
||||
# Copyright (C) 2006 OpenWrt.org
|
||||
#
|
||||
# Copyright (C) 2006-2008 OpenWrt.org
|
||||
#
|
||||
# This is free software, licensed under the GNU General Public License v2.
|
||||
# See /LICENSE for more information.
|
||||
|
@ -9,13 +9,14 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=dropbear
|
||||
PKG_VERSION:=0.50
|
||||
PKG_RELEASE:=3
|
||||
PKG_VERSION:=0.51
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=http://matt.ucc.asn.au/dropbear/releases/ \
|
||||
http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/
|
||||
PKG_MD5SUM:=5c0f7405b915799c3d952d3a93a5df69
|
||||
PKG_SOURCE_URL:= \
|
||||
http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ \
|
||||
http://matt.ucc.asn.au/dropbear/releases/
|
||||
PKG_MD5SUM:=1045df60c2bdbd39c707238305a1e9e5
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
@ -74,7 +75,7 @@ define Build/Compile
|
|||
LD="$(TARGET_CC)" \
|
||||
PROGRAMS="dropbearconvert"
|
||||
endef
|
||||
|
||||
|
||||
define Package/dropbear/install
|
||||
$(INSTALL_DIR) $(1)/usr/sbin
|
||||
$(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearmulti $(1)/usr/sbin/dropbear
|
||||
|
|
|
@ -1,16 +1,16 @@
|
|||
Index: dropbear-0.50/svr-authpubkey.c
|
||||
Index: dropbear-0.51/svr-authpubkey.c
|
||||
===================================================================
|
||||
--- dropbear-0.50.orig/svr-authpubkey.c 2007-08-10 23:47:48.000000000 +0200
|
||||
+++ dropbear-0.50/svr-authpubkey.c 2007-08-10 23:47:48.000000000 +0200
|
||||
--- dropbear-0.51.orig/svr-authpubkey.c 2008-04-22 17:29:49.000000000 -0700
|
||||
+++ dropbear-0.51/svr-authpubkey.c 2008-04-22 17:29:49.000000000 -0700
|
||||
@@ -176,6 +176,8 @@
|
||||
goto out;
|
||||
}
|
||||
|
||||
+ if (ses.authstate.pw->pw_uid != 0) {
|
||||
+ if (ses.authstate.pw_uid != 0) {
|
||||
+
|
||||
/* we don't need to check pw and pw_dir for validity, since
|
||||
* its been done in checkpubkeyperms. */
|
||||
len = strlen(ses.authstate.pw->pw_dir);
|
||||
len = strlen(ses.authstate.pw_dir);
|
||||
@@ -187,6 +189,9 @@
|
||||
|
||||
/* open the file */
|
||||
|
@ -25,7 +25,7 @@ Index: dropbear-0.50/svr-authpubkey.c
|
|||
goto out;
|
||||
}
|
||||
|
||||
+ if (ses.authstate.pw->pw_uid != 0) {
|
||||
+ if (ses.authstate.pw_uid != 0) {
|
||||
+
|
||||
/* allocate max required pathname storage,
|
||||
* = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
|
||||
|
|
|
@ -1,20 +1,20 @@
|
|||
Index: dropbear-0.50/svr-chansession.c
|
||||
Index: dropbear-0.51/svr-chansession.c
|
||||
===================================================================
|
||||
--- dropbear-0.50.orig/svr-chansession.c 2007-08-10 23:47:48.000000000 +0200
|
||||
+++ dropbear-0.50/svr-chansession.c 2007-08-10 23:47:48.000000000 +0200
|
||||
@@ -908,12 +908,12 @@
|
||||
--- dropbear-0.51.orig/svr-chansession.c 2008-04-22 17:29:49.000000000 -0700
|
||||
+++ dropbear-0.51/svr-chansession.c 2008-04-22 17:29:49.000000000 -0700
|
||||
@@ -912,12 +912,12 @@
|
||||
/* We can only change uid/gid as root ... */
|
||||
if (getuid() == 0) {
|
||||
|
||||
- if ((setgid(ses.authstate.pw->pw_gid) < 0) ||
|
||||
+ if ((ses.authstate.pw->pw_gid != 0) && ((setgid(ses.authstate.pw->pw_gid) < 0) ||
|
||||
(initgroups(ses.authstate.pw->pw_name,
|
||||
- ses.authstate.pw->pw_gid) < 0)) {
|
||||
+ ses.authstate.pw->pw_gid) < 0))) {
|
||||
- if ((setgid(ses.authstate.pw_gid) < 0) ||
|
||||
+ if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
|
||||
(initgroups(ses.authstate.pw_name,
|
||||
- ses.authstate.pw_gid) < 0)) {
|
||||
+ ses.authstate.pw_gid) < 0))) {
|
||||
dropbear_exit("error changing user group");
|
||||
}
|
||||
- if (setuid(ses.authstate.pw->pw_uid) < 0) {
|
||||
+ if ((ses.authstate.pw->pw_uid != 0) && (setuid(ses.authstate.pw->pw_uid) < 0)) {
|
||||
- if (setuid(ses.authstate.pw_uid) < 0) {
|
||||
+ if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
|
||||
dropbear_exit("error changing user");
|
||||
}
|
||||
} else {
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
Index: dropbear-0.50/cli-runopts.c
|
||||
Index: dropbear-0.51/cli-runopts.c
|
||||
===================================================================
|
||||
--- dropbear-0.50.orig/cli-runopts.c 2007-08-10 23:47:47.000000000 +0200
|
||||
+++ dropbear-0.50/cli-runopts.c 2007-08-10 23:47:49.000000000 +0200
|
||||
@@ -219,6 +219,10 @@
|
||||
--- dropbear-0.51.orig/cli-runopts.c 2008-04-22 17:29:49.000000000 -0700
|
||||
+++ dropbear-0.51/cli-runopts.c 2008-04-22 17:29:50.000000000 -0700
|
||||
@@ -220,6 +220,10 @@
|
||||
debug_trace = 1;
|
||||
break;
|
||||
#endif
|
||||
|
@ -13,7 +13,7 @@ Index: dropbear-0.50/cli-runopts.c
|
|||
case 'F':
|
||||
case 'e':
|
||||
case 'c':
|
||||
@@ -230,7 +234,6 @@
|
||||
@@ -231,7 +235,6 @@
|
||||
#ifndef ENABLE_CLI_LOCALTCPFWD
|
||||
case 'L':
|
||||
#endif
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
Index: dropbear-0.50/options.h
|
||||
Index: dropbear-0.51/options.h
|
||||
===================================================================
|
||||
--- dropbear-0.50.orig/options.h 2007-08-10 23:47:47.000000000 +0200
|
||||
+++ dropbear-0.50/options.h 2007-08-10 23:47:49.000000000 +0200
|
||||
--- dropbear-0.51.orig/options.h 2008-04-22 17:29:49.000000000 -0700
|
||||
+++ dropbear-0.51/options.h 2008-04-22 17:29:50.000000000 -0700
|
||||
@@ -5,6 +5,11 @@
|
||||
#ifndef _OPTIONS_H_
|
||||
#define _OPTIONS_H_
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
Index: dropbear-0.50/common-channel.c
|
||||
===================================================================
|
||||
--- dropbear-0.50.orig/common-channel.c 2007-08-10 23:47:47.000000000 +0200
|
||||
+++ dropbear-0.50/common-channel.c 2007-08-10 23:47:50.000000000 +0200
|
||||
@@ -311,10 +311,10 @@
|
||||
send_msg_channel_eof(channel);
|
||||
}
|
||||
|
||||
- /* And if we can't receive any more data from them either, close up */
|
||||
+ /* And if we can't receive any more data from them either, close up (server only) */
|
||||
if (!channel->sent_close
|
||||
&& channel->readfd == FD_CLOSED
|
||||
- && (ERRFD_IS_WRITE(channel) || channel->errfd == FD_CLOSED)
|
||||
+ && !ERRFD_IS_WRITE(channel)
|
||||
&& !write_pending(channel)) {
|
||||
TRACE(("sending close, readfd is closed"))
|
||||
send_msg_channel_close(channel);
|
Loading…
Reference in New Issue