dropbear: update to 2012.55 and refresh patches

Upstream has a few code cleanups, more eagerly burns sensitive memory and includes the fix for CVE-2012-0920. Full changelog: https://matt.ucc.asn.au/dropbear/CHANGES Local changes: - Removed PKG_MULTI which is no longer in options.h (even before 2011.54) - Merged DO_HOST_LOOKUP into 120-openwrt_options.patch - Removed LD from make opts (now included in TARGET_CONFIGURE_OPTS) - Removed 400-CVE-2012-0920.patch which is included in 2012.55 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34496 3c298f89-4303-0410-b956-a3cf2f4a3e73
author: florian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2012-12-04 16:40:17 +0000
committer: florian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73> 2012-12-04 16:40:17 +0000
commit: 77729926361b97bc4f22fa2c5f1422301179c80a (patch)
tree: a3aca4d735f533cf4c74588a49e89f063bbc809e /package
parent: e000dce5e09f76db81d0dd645a8ffa9f837b183d (diff)
5 files changed, 10 insertions, 104 deletions
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index cd5b36825..b7708b1d0 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,14 +8,14 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=dropbear
-PKG_VERSION:=2011.54
+PKG_VERSION:=2012.55
 PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:= \
 	http://matt.ucc.asn.au/dropbear/releases/ \
 	http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/
-PKG_MD5SUM:=c627ffe09570fad7aa94d8eac2b9320c
+PKG_MD5SUM:=8c784baec3054cdb1bb4bfa792c87812
 
 PKG_LICENSE:=MIT
 PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
@@ -72,21 +72,13 @@ CONFIGURE_ARGS += \
 TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
 TARGET_LDFLAGS += -Wl,--gc-sections
 
-define Build/Configure
-	$(SED) 's,^/\* #define PKG_MULTI.*,#define PKG_MULTI,g' $(PKG_BUILD_DIR)/options.h
-	$(SED) 's,^#define DO_HOST_LOOKUP,/* & */,g' $(PKG_BUILD_DIR)/options.h
-	$(call Build/Configure/Default)
-endef
-
 define Build/Compile
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 		$(TARGET_CONFIGURE_OPTS) \
-		LD="$(TARGET_CC)" \
 		PROGRAMS="dropbear dbclient dropbearkey scp" \
 		MULTI=1 SCPPROGRESS=1
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 		$(TARGET_CONFIGURE_OPTS) \
-		LD="$(TARGET_CC)" \
 		PROGRAMS="dropbearconvert"
 endef
 
diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch
index 55747bc4d..a354edad2 100644
--- a/package/network/services/dropbear/patches/110-change_user.patch
+++ b/package/network/services/dropbear/patches/110-change_user.patch
@@ -1,6 +1,6 @@
 --- a/svr-chansession.c
 +++ b/svr-chansession.c
-@@ -884,12 +884,12 @@ static void execchild(void *user_data) {
+@@ -891,12 +891,12 @@ static void execchild(void *user_data) {
  	/* We can only change uid/gid as root ... */
  	if (getuid() == 0) {
  
diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch
index 42204aa64..977f6312f 100644
--- a/package/network/services/dropbear/patches/120-openwrt_options.patch
+++ b/package/network/services/dropbear/patches/120-openwrt_options.patch
@@ -47,7 +47,12 @@
  #define DROPBEAR_MD5_HMAC
  
  /* Hostkey/public key algorithms - at least one required, these are used
-@@ -148,7 +148,7 @@ much traffic. */
+@@ -144,11 +144,11 @@ much traffic. */
+ #endif
+ 
+ /* Whether to do reverse DNS lookups. */
+-#define DO_HOST_LOOKUP
++/*#define DO_HOST_LOOKUP*/
  
  /* Whether to print the message of the day (MOTD). This doesn't add much code
   * size */
diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch
index e99376333..e00184a8f 100644
--- a/package/network/services/dropbear/patches/140-disable_assert.patch
+++ b/package/network/services/dropbear/patches/140-disable_assert.patch
@@ -1,6 +1,6 @@
 --- a/dbutil.h
 +++ b/dbutil.h
-@@ -94,6 +94,10 @@ int m_str_to_uint(const char* str, unsig
+@@ -93,6 +93,10 @@ int m_str_to_uint(const char* str, unsig
  #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
  
  /* Dropbear assertion */
diff --git a/package/network/services/dropbear/patches/400-CVE-2012-0920.patch b/package/network/services/dropbear/patches/400-CVE-2012-0920.patch
deleted file mode 100644
index 164909f56..000000000
--- a/package/network/services/dropbear/patches/400-CVE-2012-0920.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-
-# HG changeset patch
-# User Matt Johnston <matt@ucc.asn.au>
-# Date 1322947885 -28800
-# Node ID 818108bf7749bfecd4715a30e2583aac9dbe25e8
-# Parent  5e8d84f3ee7256d054ecf7e9f248765ccaa7f24f
-- Fix use-after-free if multiple command requests were sent. Move
-the original_command into chansess struct since that makes more sense
-
---- a/auth.h
-+++ b/auth.h
-@@ -133,7 +133,6 @@ struct PubKeyOptions {
- 	int no_pty_flag;
- 	/* "command=" option. */
- 	unsigned char * forced_command;
--	unsigned char * original_command;
- };
- #endif
- 
---- a/chansession.h
-+++ b/chansession.h
-@@ -69,6 +69,10 @@ struct ChanSess {
- 	char * agentfile;
- 	char * agentdir;
- #endif
-+
-+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
-+	char *original_command;
-+#endif
- };
- 
- struct ChildPid {
---- a/svr-authpubkeyoptions.c
-+++ b/svr-authpubkeyoptions.c
-@@ -92,14 +92,15 @@ int svr_pubkey_allows_pty() {
-  * by any 'command' public key option. */
- void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
- 	if (ses.authstate.pubkey_options) {
--		ses.authstate.pubkey_options->original_command = chansess->cmd;
--		if (!chansess->cmd)
--		{
--			ses.authstate.pubkey_options->original_command = m_strdup("");
-+		if (chansess->cmd) {
-+			/* original_command takes ownership */
-+			chansess->original_command = chansess->cmd;
-+		} else {
-+			chansess->original_command = m_strdup("");
- 		}
--		chansess->cmd = ses.authstate.pubkey_options->forced_command;
-+		chansess->cmd = m_strdup(ses.authstate.pubkey_options->forced_command);
- #ifdef LOG_COMMANDS
--		dropbear_log(LOG_INFO, "Command forced to '%s'", ses.authstate.pubkey_options->original_command);
-+		dropbear_log(LOG_INFO, "Command forced to '%s'", chansess->original_command);
- #endif
- 	}
- }
---- a/svr-chansession.c
-+++ b/svr-chansession.c
-@@ -217,6 +217,8 @@ static int newchansess(struct Channel *c
- 
- 	struct ChanSess *chansess;
- 
-+	TRACE(("new chansess %p", channel))
-+
- 	dropbear_assert(channel->typedata == NULL);
- 
- 	chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess));
-@@ -279,6 +281,10 @@ static void closechansess(struct Channel
- 	m_free(chansess->cmd);
- 	m_free(chansess->term);
- 
-+#ifdef ENABLE_SVR_PUBKEY_OPTIONS
-+	m_free(chansess->original_command);
-+#endif
-+
- 	if (chansess->tty) {
- 		/* write the utmp/wtmp login record */
- 		li = chansess_login_alloc(chansess);
-@@ -924,10 +930,8 @@ static void execchild(void *user_data) {
- 	}
- 	
- #ifdef ENABLE_SVR_PUBKEY_OPTIONS
--	if (ses.authstate.pubkey_options &&
--			ses.authstate.pubkey_options->original_command) {
--		addnewvar("SSH_ORIGINAL_COMMAND", 
--			ses.authstate.pubkey_options->original_command);
-+	if (chansess->original_command) {
-+		addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command);
- 	}
- #endif
-
author	florian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2012-12-04 16:40:17 +0000
committer	florian <florian@3c298f89-4303-0410-b956-a3cf2f4a3e73>	2012-12-04 16:40:17 +0000
commit	77729926361b97bc4f22fa2c5f1422301179c80a (patch)
tree	a3aca4d735f533cf4c74588a49e89f063bbc809e /package
parent	e000dce5e09f76db81d0dd645a8ffa9f837b183d (diff)