dropbear: upgrade to 0.51 - 160-tty_close merged upstream - patches refreshed

SVN-Revision: 11913
This commit is contained in:
Andy Boyett 2008-07-24 05:24:52 +00:00
parent f20dd0803c
commit 09e2dcc255
6 changed files with 34 additions and 50 deletions

View file

@ -1,5 +1,5 @@
# #
# Copyright (C) 2006 OpenWrt.org # Copyright (C) 2006-2008 OpenWrt.org
# #
# This is free software, licensed under the GNU General Public License v2. # This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information. # See /LICENSE for more information.
@ -9,13 +9,14 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear PKG_NAME:=dropbear
PKG_VERSION:=0.50 PKG_VERSION:=0.51
PKG_RELEASE:=3 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://matt.ucc.asn.au/dropbear/releases/ \ PKG_SOURCE_URL:= \
http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ \
PKG_MD5SUM:=5c0f7405b915799c3d952d3a93a5df69 http://matt.ucc.asn.au/dropbear/releases/
PKG_MD5SUM:=1045df60c2bdbd39c707238305a1e9e5
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk

View file

@ -1,16 +1,16 @@
Index: dropbear-0.50/svr-authpubkey.c Index: dropbear-0.51/svr-authpubkey.c
=================================================================== ===================================================================
--- dropbear-0.50.orig/svr-authpubkey.c 2007-08-10 23:47:48.000000000 +0200 --- dropbear-0.51.orig/svr-authpubkey.c 2008-04-22 17:29:49.000000000 -0700
+++ dropbear-0.50/svr-authpubkey.c 2007-08-10 23:47:48.000000000 +0200 +++ dropbear-0.51/svr-authpubkey.c 2008-04-22 17:29:49.000000000 -0700
@@ -176,6 +176,8 @@ @@ -176,6 +176,8 @@
goto out; goto out;
} }
+ if (ses.authstate.pw->pw_uid != 0) { + if (ses.authstate.pw_uid != 0) {
+ +
/* we don't need to check pw and pw_dir for validity, since /* we don't need to check pw and pw_dir for validity, since
* its been done in checkpubkeyperms. */ * its been done in checkpubkeyperms. */
len = strlen(ses.authstate.pw->pw_dir); len = strlen(ses.authstate.pw_dir);
@@ -187,6 +189,9 @@ @@ -187,6 +189,9 @@
/* open the file */ /* open the file */
@ -25,7 +25,7 @@ Index: dropbear-0.50/svr-authpubkey.c
goto out; goto out;
} }
+ if (ses.authstate.pw->pw_uid != 0) { + if (ses.authstate.pw_uid != 0) {
+ +
/* allocate max required pathname storage, /* allocate max required pathname storage,
* = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */

View file

@ -1,20 +1,20 @@
Index: dropbear-0.50/svr-chansession.c Index: dropbear-0.51/svr-chansession.c
=================================================================== ===================================================================
--- dropbear-0.50.orig/svr-chansession.c 2007-08-10 23:47:48.000000000 +0200 --- dropbear-0.51.orig/svr-chansession.c 2008-04-22 17:29:49.000000000 -0700
+++ dropbear-0.50/svr-chansession.c 2007-08-10 23:47:48.000000000 +0200 +++ dropbear-0.51/svr-chansession.c 2008-04-22 17:29:49.000000000 -0700
@@ -908,12 +908,12 @@ @@ -912,12 +912,12 @@
/* We can only change uid/gid as root ... */ /* We can only change uid/gid as root ... */
if (getuid() == 0) { if (getuid() == 0) {
- if ((setgid(ses.authstate.pw->pw_gid) < 0) || - if ((setgid(ses.authstate.pw_gid) < 0) ||
+ if ((ses.authstate.pw->pw_gid != 0) && ((setgid(ses.authstate.pw->pw_gid) < 0) || + if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
(initgroups(ses.authstate.pw->pw_name, (initgroups(ses.authstate.pw_name,
- ses.authstate.pw->pw_gid) < 0)) { - ses.authstate.pw_gid) < 0)) {
+ ses.authstate.pw->pw_gid) < 0))) { + ses.authstate.pw_gid) < 0))) {
dropbear_exit("error changing user group"); dropbear_exit("error changing user group");
} }
- if (setuid(ses.authstate.pw->pw_uid) < 0) { - if (setuid(ses.authstate.pw_uid) < 0) {
+ if ((ses.authstate.pw->pw_uid != 0) && (setuid(ses.authstate.pw->pw_uid) < 0)) { + if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
dropbear_exit("error changing user"); dropbear_exit("error changing user");
} }
} else { } else {

View file

@ -1,8 +1,8 @@
Index: dropbear-0.50/cli-runopts.c Index: dropbear-0.51/cli-runopts.c
=================================================================== ===================================================================
--- dropbear-0.50.orig/cli-runopts.c 2007-08-10 23:47:47.000000000 +0200 --- dropbear-0.51.orig/cli-runopts.c 2008-04-22 17:29:49.000000000 -0700
+++ dropbear-0.50/cli-runopts.c 2007-08-10 23:47:49.000000000 +0200 +++ dropbear-0.51/cli-runopts.c 2008-04-22 17:29:50.000000000 -0700
@@ -219,6 +219,10 @@ @@ -220,6 +220,10 @@
debug_trace = 1; debug_trace = 1;
break; break;
#endif #endif
@ -13,7 +13,7 @@ Index: dropbear-0.50/cli-runopts.c
case 'F': case 'F':
case 'e': case 'e':
case 'c': case 'c':
@@ -230,7 +234,6 @@ @@ -231,7 +235,6 @@
#ifndef ENABLE_CLI_LOCALTCPFWD #ifndef ENABLE_CLI_LOCALTCPFWD
case 'L': case 'L':
#endif #endif

View file

@ -1,7 +1,7 @@
Index: dropbear-0.50/options.h Index: dropbear-0.51/options.h
=================================================================== ===================================================================
--- dropbear-0.50.orig/options.h 2007-08-10 23:47:47.000000000 +0200 --- dropbear-0.51.orig/options.h 2008-04-22 17:29:49.000000000 -0700
+++ dropbear-0.50/options.h 2007-08-10 23:47:49.000000000 +0200 +++ dropbear-0.51/options.h 2008-04-22 17:29:50.000000000 -0700
@@ -5,6 +5,11 @@ @@ -5,6 +5,11 @@
#ifndef _OPTIONS_H_ #ifndef _OPTIONS_H_
#define _OPTIONS_H_ #define _OPTIONS_H_

View file

@ -1,17 +0,0 @@
Index: dropbear-0.50/common-channel.c
===================================================================
--- dropbear-0.50.orig/common-channel.c 2007-08-10 23:47:47.000000000 +0200
+++ dropbear-0.50/common-channel.c 2007-08-10 23:47:50.000000000 +0200
@@ -311,10 +311,10 @@
send_msg_channel_eof(channel);
}
- /* And if we can't receive any more data from them either, close up */
+ /* And if we can't receive any more data from them either, close up (server only) */
if (!channel->sent_close
&& channel->readfd == FD_CLOSED
- && (ERRFD_IS_WRITE(channel) || channel->errfd == FD_CLOSED)
+ && !ERRFD_IS_WRITE(channel)
&& !write_pending(channel)) {
TRACE(("sending close, readfd is closed"))
send_msg_channel_close(channel);