As we discussed on the mailing list, using $(<pkg>_NAME) when defining
CPE ID variables feels a bit odd and needlessly complicated. Just use
the package name directly.
Cc: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This patch adds CPE ID information for a significant number of
packages.
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
There was a missing space between the append-assignment operator, and
the appended list of licenses.
Even though inconsequential technically speaking, we always use spaces
around operators elsewhere in the code.
So be it here too.
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
remove merged patches.
LICENSE diff:
- Copyright (c) 2002-2015 Matt Johnston
+ Copyright (c) 2002-2020 Matt Johnston
- LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
+ LibTomCrypt and LibTomMath are written by Tom St Denis and others, see
+ libtomcrypt/LICENSE and libtommath/LICENSE.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
this package allows to use optionally bundled libraries (which is exceptional in BR).
so, license infos must be conditional.
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
now, BR2_PACKAGE_DROPBEAR_LEGACY_CRYPTO works like with version 2019.78
and as described in Config.in
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Acked-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
CBC ciphers, 3DES and hmac-sha1-96 are now disabled by default.
LICENSE: curve25519-donna under BSD-3c was replaced by curve25519.c under
Public domain
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
The organization of dropbear.mk was no longer very clear: for some
post-extract blocks, the block was separated from the place where it was
enabled, but for others they were grouped.
Regroup all blocks with their call site and inside the condition, if
present.
Signed-off-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
All the packages in this list have the following properties
* units are provided by buildroot in the package directory
* the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the
[Install] section of the unit does
The fix removes the soflinking in the .mk file
Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
As discussed in https://patchwork.ozlabs.org/patch/1104071/, this
commit adds a new option that allows the user to provide a file that
contains custom definitions to tweak the Dropbear configuration. It
will be appended to Dropbear's localoptions.h file before the build.
The patch was tested successfully with the DO_MOTD option.
Suggested-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
[Thomas: tweak commit log, rename config option.]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
According to the LICENSE file curve25519-donna is licensed under
BSD-3-Clause license.
There is only BSD-2-Clause license mentioned so remove
BSD-2-Clause-like.
Signed-off-by: Yegor Yefremov <yegorslists@googlemail.com>
Reviewed-by: Thomas Huth <huth@tuxfamily.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Drop patches as they are now upstream. Add a hash for the license file.
Verified that runtime test still works:
./support/testing/run-tests -o tests.package.test_dropbear
20:42:44 TestDropbear Starting
20:42:45 TestDropbear Building
20:44:18 TestDropbear Building done
20:44:24 TestDropbear Cleaning up
.
----------------------------------------------------------------------
Ran 1 test in 100.727s
OK
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We use the configuration option $(BR2_SYSTEM_DEFAULT_PATH) to set the
default PATH in dropbear sessions.
$(BR2_SYSTEM_DEFAULT_PATH) is a Kconfig string. So it is already
quoted, which is exactly what we want.
Signed-off-by: Markus Mayer <mmayer@broadcom.com>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
dropbear is affected by an user enumeration vulnerability similar to the
recent issue in openssh (CVE-2018-15473). Add an upstream patch fixing the
issue.
For more details, see the discussion on the mailing list:
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2018q3/002110.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Dropbear by default enables a number of algorithms that are now considered
insecure and should only be used when legacy support is required:
3DES encryption
Blowfish encryption
SHA1-96 message integrity
CBC encryption mode
DSA public keys
Diffie-Hellman Group1 key exchange
So disable them by default, but add a config option for bringing them back.
Furthermore the Blowfish legacy algorithm is unconditionally disabled
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
- Disable password file authentication, since it's not possible to have
both at once.
- Install a /etc/pam.d/sshd file, based on the one installed by openssh.
Signed-off-by: Carlos Santos <casantos@datacom.com.br>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Dropbear 2018.76 now uses the --enable-static option to indicate that a static
binary should be built. This will incorrectly pick up the generic buildroot
option intended for building static libraries, causing an unwanted static
binary build with BR2_SHARED_STATIC_LIBS.
Fix by appending an --disable-static configure flag, overriding the buildroot
default.
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Dropbear 2018.76 changed the default ecdsa host key size form 521 to 256
bits, but this breaks systems with an existing 521 bit key, blocking ssh
logins.
Apply the upstream fix from https://secure.ucc.asn.au/hg/dropbear/rev/0dc3103a5900 :
Only advertise a single server ecdsa key when -R (generate as required) is
specified. Fixes -R now that default ecdsa key size has changed.
[Peter: apply-patches.sh does not like suffix-less filename, so include
patch in Buildroot]
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
DROPBEAR_SMALL_CODE could be only honored with bundled libtomcrypt
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
By default, Dropbear's configure script enables hardening
flags. Unfortunately, the check for SSP only uses AC_COMPILE_IFELSE(),
and therefore doesn't properly test for the availability of libssp,
visible only at link time.
In addition, Buildroot passes its own hardening flags, depending on
various global options. So, we simply disable hardening flags in
Dropbear.
This fixes a build failure with non-SSP capable toolchains happening
since the bump to 2018.76.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
with this new version:
- "configure --enable-static" should now be used instead of
"make STATIC=1"
- any customised options should be put in localoptions.h
Signed-off-by: Francois Perrad <francois.perrad@gadz.org>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
While a hash check is being done, it's still better to use a download
URL with HTTPS.
Signed-off-by: Danilo Bargen <mail@dbrgn.ch>
Reviewed-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fixes:
- CVE-2017-9078: A double-free in the server could be triggered by an
authenticated user if dropbear is running with -a (Allow connections to
forwarded ports from any host) This could potentially allow arbitrary code
execution as root by an authenticated user. Affects versions 2013.56 to
2016.74. Thanks to Mark Shepard for reporting the crash.
- CVE-2017-9079: Dropbear parsed authorized_keys as root, even if it were a
symlink. The fix is to switch to user permissions when opening
authorized_keys.
A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file. This information disclosure is to an already
authenticated user. Thanks to Jann Horn of Google Project Zero for
reporting this.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
We want to use SPDX identifier for license string as much as possible.
SPDX short identifier for BSD-2c is BSD-2-Clause.
This change is done using following command.
find . -name "*.mk" | xargs sed -ri '/LICENSE( )?[\+:]?=/s/BSD-2c/BSD-2-Clause/g'
Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
According to https://matt.ucc.asn.au/dropbear/CHANGES there were some
severe security issues fixed.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Acked-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
some new runtime options, minor fixes, and fixes for issues found by
various code analyze and lintian tools.
Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016.72 - 9 March 2016
- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
found by github.com/tintinweb. Thanks to Damien Miller for a patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Commit e7d04dd2d replaced /etc/dropbear with a symlink to /var/run and
updated the start scripts to replace it with a real directory, so the
keys would be persistent. However, it turns out that this is pretty
confusing even for expert users, who don't know how to make the keys
really persistent now.
Update the help text explaining what the issue is, and telling the user
to replace the /etc/dropbear symlink with a symlink to a persistent
directory. Also mention the possiblity of unionfs.
Cc: Thomas De Schampheleire <patrickdepinguin@gmail.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fixes a port-forwarding regression in 2015.68
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.
This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'
Signed-off-by: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
When the rootfs is read-only, keys will be generated in a volatile
location, which is inherently bad as host keys will change on each boot,
rendering them virtually useless.
Add a warning so the user is at least aware of the issue.
Hide the rm output to avoid noisy output, now that we have a proper warning.
Move the starting message after the symlink-block, to avoid messages
collision. Move the umask as well, since /etc/dropbear/ may be world
readable; just the private host keys should be ?00 (and dropbear handles
that by itself).
[Peter: minor tweaks to commit message]
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Peter Korsgaard <jacmet@uclibc.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Busybox "readlink -f" does not canonicalise paths when the target is
missing, while coreutils do.
Fix that by:
- making an absolute symlink
- dropping "-f" when calling readlink
Fixes#8276.
Reported-by: Jason Tang <tang@jtang.org>
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Paul Cercueil <paul@crapouillou.net>
Cc: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Tested-by: Jason Tang <tang@jtang.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit ensures that the /etc/dropbear symlink won't be removed if
it points elsewhere than /var/run/dropbear.
[Thomas:
- fix indentation / too long lines as suggested by Yann E. Morin.]
Signed-off-by: Paul Cercueil <paul@crapouillou.net>
Reviewed-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
dropbear generates its keys at the first connection, and wants to save
them in /etc/dropbear (not configurable).
Currently, our /etc/dropbear is a directory.
When the filesystem is read-only, dropbear can't save its keys, so
refuses all connections.
Fix that with:
- at build time, create /etc/dropbear as a symlink to
/var/run/dropbear
- at runtime, if the filesystem is RW (we can rm /etc/dropbear),
we replace the symlink with an actual directory; otherwise,
when the filesystem is RO (we can't rm /etc/dropbear), we create
/var/run/dropbear so the symlink points to an existing directory
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Cc: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Cc: Arnout Vandecappelle <arnout@mind.be>
Cc: Maxime Hadjinlian <maxime.hadjinlian@gmail.com>
Acked-by: "Maxime Hadjinlian" <maxime.hadjinlian@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The place for package-provided systemd units is /lib/systemd/system.
/etc/systemd/system is for custom units.
Reviewed-by: Samuel Martin <s.martin49@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
v2: only offer option to disable building SSH client.
do not offer options to disable password authentication and TCP forwarding.
Signed-off-by: Floris Bos <bos@je-eigen-domein.nl>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Switch sed options around since defaults have changed.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
