Commit Graph

17 Commits

Author SHA1 Message Date
Baruch Siach
15a922f18e package/dropbear: bump to version 2020.81
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-11-03 19:45:32 +01:00
Francois Perrad
87c3f71c5d package/dropbear: bump to version 2020.80
remove merged patches.

LICENSE diff:
- Copyright (c) 2002-2015 Matt Johnston
+ Copyright (c) 2002-2020 Matt Johnston
- LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
+ LibTomCrypt and LibTomMath are written by Tom St Denis and others, see
+ libtomcrypt/LICENSE and libtommath/LICENSE.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-06-29 21:53:24 +02:00
Francois Perrad
08f2f05bb2 package/dropbear: fix license infos
this package allows to use optionally bundled libraries (which is exceptional in BR).
so, license infos must be conditional.

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-06-29 21:51:51 +02:00
Francois Perrad
6623560a26 package/dropbear: bump to version 2020.79
CBC ciphers, 3DES and hmac-sha1-96 are now disabled by default.

LICENSE: curve25519-donna under BSD-3c was replaced by curve25519.c under
Public domain

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-06-22 11:06:52 +02:00
Francois Perrad
abc4a4ccf6 package/dropbear: bump to version 2019.78
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-03-31 21:15:17 +02:00
Peter Korsgaard
eece7361c6 package/dropbear: bump version to 2019.77
Drop patches as they are now upstream.  Add a hash for the license file.

Verified that runtime test still works:

./support/testing/run-tests -o tests.package.test_dropbear
20:42:44 TestDropbear                             Starting
20:42:45 TestDropbear                             Building
20:44:18 TestDropbear                             Building done
20:44:24 TestDropbear                             Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 100.727s

OK

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-03-24 09:13:26 +01:00
Francois Perrad
2e035a9aec dropbear: bump to version 2018.76
with this new version:
  - "configure --enable-static" should now be used instead of
    "make STATIC=1"
  - any customised options should be put in localoptions.h

Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2018-04-28 17:23:44 +02:00
Peter Korsgaard
8644a83bd8 dropbear: security bump to version 2017.75
Fixes:

- CVE-2017-9078: A double-free in the server could be triggered by an
  authenticated user if dropbear is running with -a (Allow connections to
  forwarded ports from any host) This could potentially allow arbitrary code
  execution as root by an authenticated user.  Affects versions 2013.56 to
  2016.74.  Thanks to Mark Shepard for reporting the crash.

- CVE-2017-9079: Dropbear parsed authorized_keys as root, even if it were a
  symlink.  The fix is to switch to user permissions when opening
  authorized_keys.
  A user could symlink their ~/.ssh/authorized_keys to a root-owned file
  they couldn't normally read.  If they managed to get that file to contain
  valid authorized_keys with command= options it might be possible to read
  other contents of that file.  This information disclosure is to an already
  authenticated user.  Thanks to Jann Horn of Google Project Zero for
  reporting this.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2017-05-21 23:32:16 +02:00
Alexander Dahl
52b06ebbcf dropbear: bump version to 2016.74
According to https://matt.ucc.asn.au/dropbear/CHANGES there were some
severe security issues fixed.

Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-07-23 14:41:04 +02:00
Alexander Dahl
83d95eebae dropbear: bump to version 2016.73
some new runtime options, minor fixes, and fixes for issues found by
various code analyze and lintian tools.

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-03-20 14:52:44 +01:00
Peter Korsgaard
aea2d24113 dropbear: security bump to 2016.72
2016.72 - 9 March 2016

- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
  found by github.com/tintinweb. Thanks to Damien Miller for a patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2016-03-10 14:35:55 +01:00
Gustavo Zacarias
c2505381d0 dropbear: bump to version 2015.71
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-12-03 21:45:27 +01:00
Peter Korsgaard
1069d0fc8c dropbear: bump version to 2015.70
Bugfix release, fixes password auth support detection.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-11-26 16:29:55 +01:00
Gustavo Zacarias
37ec6ceaa8 dropbear: bump to version 2015.69
Fixes a port-forwarding regression in 2015.68

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-11-25 23:24:09 +01:00
Luca Ceresoli
5e3da92d7e dropbear: bump to 2015.68
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Reviewed-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Tested-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-10-15 22:22:12 +02:00
Gustavo Zacarias
1e48670167 dropbear: bump to version 2015.67
Switch sed options around since defaults have changed.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2015-01-28 21:48:02 +01:00
Gustavo Zacarias
b1c2c47bd7 dropbear: bump to version 2014.66
And add hash file.

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2014-10-23 22:09:26 +02:00