diff options
Diffstat (limited to 'package/dropbear')
| -rw-r--r-- | package/dropbear/Makefile | 13 | ||||
| -rw-r--r-- | package/dropbear/files/dropbear.init | 12 | ||||
| -rw-r--r-- | package/dropbear/files/dropbear.service | 11 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-Makefile_in | 35 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-src_svr-main_c | 16 | ||||
| -rw-r--r-- | package/dropbear/patches/patch-svr-authpubkey_c | 109 |
6 files changed, 29 insertions, 167 deletions
diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile index 34210e585..22ab629b7 100644 --- a/package/dropbear/Makefile +++ b/package/dropbear/Makefile @@ -4,9 +4,9 @@ include $(ADK_TOPDIR)/rules.mk PKG_NAME:= dropbear -PKG_VERSION:= 2018.76 +PKG_VERSION:= 2025.87 PKG_RELEASE:= 1 -PKG_HASH:= f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65 +PKG_HASH:= 738b7f358547f0c64c3e1a56bbc5ef98d34d9ec6adf9ccdf01dc0bf2caa2bc8d PKG_DESCR:= ssh server/client designed for embedded systems PKG_SECTION:= net/security PKG_URL:= http://matt.ucc.asn.au/dropbear/ @@ -39,6 +39,7 @@ CONFIGURE_ARGS+= --disable-pam \ --disable-wtmpx \ --disable-loginfunc \ --disable-pututxline \ + --disable-harden \ --disable-zlib ifeq (${ADK_PACKAGE_DROPBEAR_WITH_UTMP},) CONFIGURE_ARGS+= --disable-utmp --disable-pututline @@ -48,8 +49,8 @@ endif pre-configure: - $(SED) 's,^/\* #define PKG_MULTI.*,#define PKG_MULTI,g' $(WRKBUILD)/options.h - $(SED) 's,^#define DO_HOST_LOOKUP,/* & */,g' $(WRKBUILD)/options.h + echo "#define DO_HOST_LOOKUP 0" >>$(WRKBUILD)/localoptions.h + echo "#define DROPBEAR_X11FWD 1" >>$(WRKBUILD)/localoptions.h do-build: cd ${WRKBUILD} && env ${MAKE_ENV} ${MAKE} \ @@ -75,9 +76,9 @@ do-install: $(IDIR_DBCONVERT)/usr/bin/dropbearconvert # ssh pubkey test -z $(ADK_RUNTIME_SSH_PUBKEY) || ( \ - $(INSTALL_DIR) $(IDIR_DROPBEAR)/etc/dropbear; \ + $(INSTALL_DIR) $(IDIR_DROPBEAR)/root/.ssh; \ echo $(ADK_RUNTIME_SSH_PUBKEY) \ - >$(IDIR_DROPBEAR)/etc/dropbear/authorized_keys; \ + >$(IDIR_DROPBEAR)/root/.ssh/authorized_keys; \ ) include ${ADK_TOPDIR}/mk/pkg-bottom.mk diff --git a/package/dropbear/files/dropbear.init b/package/dropbear/files/dropbear.init index 9bf74098e..3e464e34b 100644 --- a/package/dropbear/files/dropbear.init +++ b/package/dropbear/files/dropbear.init @@ -24,19 +24,19 @@ start) test $rv = 0 || exit 1 test -f /etc/dropbear/dropbear_rsa_host_key || exit 1 fi - if test ! -f /etc/dropbear/dropbear_dss_host_key; then + if test ! -f /etc/dropbear/dropbear_ecdsa_host_key; then # take it easy here, since above already catched the worst cases if test -x /usr/bin/dropbearkey; then - echo "dropbear: generating SSH private key (DSS)" - /usr/bin/dropbearkey -f /etc/dropbear/dropbear_dss_host_key -t dss + echo "dropbear: generating SSH private key (ECDSA)" + /usr/bin/dropbearkey -f /etc/dropbear/dropbear_ecdsa_host_key -t ecdsa echo "dropbear: key generation exited with code $?" fi fi - if test ! -f /etc/dropbear/dropbear_ecdsa_host_key; then + if test ! -f /etc/dropbear/dropbear_ed25519_host_key; then # take it easy here, since above already catched the worst cases if test -x /usr/bin/dropbearkey; then - echo "dropbear: generating SSH private key (ECDSA)" - /usr/bin/dropbearkey -f /etc/dropbear/dropbear_ecdsa_host_key -t ecdsa + echo "dropbear: generating SSH private key (ED25519)" + /usr/bin/dropbearkey -f /etc/dropbear/dropbear_ed25519_host_key -t ed25519 echo "dropbear: key generation exited with code $?" fi fi diff --git a/package/dropbear/files/dropbear.service b/package/dropbear/files/dropbear.service deleted file mode 100644 index eeb86cfa7..000000000 --- a/package/dropbear/files/dropbear.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Dropbear SSH daemon -After=syslog.target network.target - -[Service] -EnvironmentFile=-/etc/default/dropbear -ExecStart=/usr/sbin/dropbear -F -R $DROPBEAR_ARGS -ExecReload=/bin/kill -HUP $MAINPID - -[Install] -WantedBy=multi-user.target diff --git a/package/dropbear/patches/patch-Makefile_in b/package/dropbear/patches/patch-Makefile_in deleted file mode 100644 index 3a139a546..000000000 --- a/package/dropbear/patches/patch-Makefile_in +++ /dev/null @@ -1,35 +0,0 @@ ---- dropbear-2014.63.orig/Makefile.in 2014-02-19 15:05:24.000000000 +0100 -+++ dropbear-2014.63/Makefile.in 2014-03-01 18:27:41.000000000 +0100 -@@ -81,10 +81,10 @@ AR=@AR@ - RANLIB=@RANLIB@ - STRIP=@STRIP@ - INSTALL=@INSTALL@ --CPPFLAGS=@CPPFLAGS@ --CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@ --LIBS+=@LIBS@ --LDFLAGS=@LDFLAGS@ -+CPPFLAGS=@CPPFLAGS@ -I. -I$(srcdir) -+LIBS+=@LIBS@ @CRYPTLIB@ -+LDFLAGS+=@LDFLAGS@ -+ - - EXEEXT=@EXEEXT@ - -@@ -163,7 +163,7 @@ dropbearkey: $(dropbearkeyobjs) - dropbearconvert: $(dropbearconvertobjs) - - dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile -- $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ -+ $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) - - dbclient: $(HEADERS) $(LIBTOM_DEPS) Makefile - $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBTOM_LIBS) $(LIBS) -@@ -184,7 +184,7 @@ ifeq ($(MULTI),1) - endif - - dropbearmulti$(EXEEXT): $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile -- $(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) @CRYPTLIB@ -+ $(CC) $(LDFLAGS) -o $@ $(MULTIOBJS) $(LIBTOM_LIBS) $(LIBS) - - multibinary: dropbearmulti$(EXEEXT) - diff --git a/package/dropbear/patches/patch-src_svr-main_c b/package/dropbear/patches/patch-src_svr-main_c new file mode 100644 index 000000000..f6f935004 --- /dev/null +++ b/package/dropbear/patches/patch-src_svr-main_c @@ -0,0 +1,16 @@ +--- dropbear-2024.85.orig/src/svr-main.c 2024-04-25 16:30:00.000000000 +0200 ++++ dropbear-2024.85/src/svr-main.c 2024-05-07 14:35:09.650486568 +0200 +@@ -305,8 +305,13 @@ static void main_noinetd(int argc, char + #if DEBUG_NOFORK + fork_ret = 0; + #else ++#if DROPBEAR_VFORK ++ fork_ret = vfork(); ++#else ++ + fork_ret = fork(); + #endif ++#endif + if (fork_ret < 0) { + dropbear_log(LOG_WARNING, "Error forking: %s", strerror(errno)); + goto out; diff --git a/package/dropbear/patches/patch-svr-authpubkey_c b/package/dropbear/patches/patch-svr-authpubkey_c deleted file mode 100644 index 0de885cfb..000000000 --- a/package/dropbear/patches/patch-svr-authpubkey_c +++ /dev/null @@ -1,109 +0,0 @@ ---- dropbear-2017.75.orig/svr-authpubkey.c 2017-05-18 16:47:02.000000000 +0200 -+++ dropbear-2017.75/svr-authpubkey.c 2017-07-06 19:45:36.765143131 +0200 -@@ -220,24 +220,33 @@ static int checkpubkey(char* algo, unsig - goto out; - } - -- /* we don't need to check pw and pw_dir for validity, since -- * its been done in checkpubkeyperms. */ -- len = strlen(ses.authstate.pw_dir); -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -- ses.authstate.pw_dir); -+ /* special case for root authorized_keys in /etc/dropbear/authorized_keys */ -+ if (ses.authstate.pw_uid != 0) { - -- /* open the file as the authenticating user. */ -- origuid = getuid(); -- origgid = getgid(); -- if ((setegid(ses.authstate.pw_gid)) < 0 || -- (seteuid(ses.authstate.pw_uid)) < 0) { -- dropbear_exit("Failed to set euid"); -- } -+ /* we don't need to check pw and pw_dir for validity, since -+ * its been done in checkpubkeyperms. */ -+ len = strlen(ses.authstate.pw_dir); -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -+ ses.authstate.pw_dir); - -- authfile = fopen(filename, "r"); -+ /* open the file as the authenticating user. */ -+ origuid = getuid(); -+ origgid = getgid(); -+ if ((setegid(ses.authstate.pw_gid)) < 0 || -+ (seteuid(ses.authstate.pw_uid)) < 0) { -+ dropbear_exit("Failed to set euid"); -+ } -+ -+ authfile = fopen(filename, "r"); -+ -+ } else { -+ origuid = getuid(); -+ origgid = getgid(); -+ authfile = fopen("/etc/dropbear/authorized_keys","r"); -+ } - - if ((seteuid(origuid)) < 0 || - (setegid(origgid)) < 0) { -@@ -396,26 +405,39 @@ static int checkpubkeyperms() { - goto out; - } - -- /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- strncpy(filename, ses.authstate.pw_dir, len+1); -+ if (ses.authstate.pw_uid != 0) { - -- /* check ~ */ -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; -- } -+ /* allocate max required pathname storage, -+ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -+ filename = m_malloc(len + 22); -+ strncpy(filename, ses.authstate.pw_dir, len+1); - -- /* check ~/.ssh */ -- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; -- } -+ /* check ~ */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ -+ /* check ~/.ssh */ -+ strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ -+ /* now check ~/.ssh/authorized_keys */ -+ strncat(filename, "/authorized_keys", 16); -+ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ -+ } else { -+ -+ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { -+ goto out; -+ } -+ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { -+ goto out; -+ } - -- /* now check ~/.ssh/authorized_keys */ -- strncat(filename, "/authorized_keys", 16); -- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { -- goto out; - } - - /* file looks ok, return success */ |