diff options
Diffstat (limited to 'source/installer/dropbear')
| -rwxr-xr-x | source/installer/dropbear/dropbear.Slackbuild | 57 | ||||
| -rw-r--r-- | source/installer/dropbear/dropbear.glibc.crypt.diff | 28 | ||||
| -rw-r--r-- | source/installer/dropbear/dropbear.xauth.patch | 8 | ||||
| -rw-r--r-- | source/installer/dropbear/dropbear_dbclientpath.patch | 16 | ||||
| -rw-r--r-- | source/installer/dropbear/dropbear_emptypass.patch | 63 |
5 files changed, 86 insertions, 86 deletions
diff --git a/source/installer/dropbear/dropbear.Slackbuild b/source/installer/dropbear/dropbear.Slackbuild index 5bd3bd99d..37ab7c012 100755 --- a/source/installer/dropbear/dropbear.Slackbuild +++ b/source/installer/dropbear/dropbear.Slackbuild @@ -23,11 +23,18 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=dropbear -VERSION=0.50 -ARCH=${ARCH:-i486} +VERSION=2012.55 BUILD=${BUILD:-10} TAG=${TAG:-''} +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + # The programs we want to have as symlinks to dropbearmulti binary: PROGS="dropbear dbclient dropbearkey dropbearconvert scp ssh" @@ -36,33 +43,37 @@ PROGS="dropbear dbclient dropbearkey dropbearconvert scp ssh" # and adding symlinks for ssh and scp without worry # about overwriting any pre-existing binaries. -CWD=`pwd` +CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/pkg-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} -if [ "$ARCH" = "i386" ]; then - SLKCFLAGS="-O2 -march=i386 -mcpu=i686" -elif [ "$ARCH" = "i486" ]; then +if [ "$ARCH" = "i486" ]; then SLKCFLAGS="-O2 -march=i486 -mtune=i686" -elif [ "$ARCH" = "s390" ]; then - SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else SLKCFLAGS="-O2" + LIBDIRSUFFIX="" fi rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT +mkdir -p $TMP $PKG cd $TMP || exit 1 rm -rf $PRGNAM-$VERSION tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1 cd $PRGNAM-$VERSION || exit 1 -# Fix ownership and permissions inside the source tarball. -# It's appalling how many projects have 777 permissions or -# even suid, sgid, and sticky bits set on things. chown -R root:root . -chmod -R u+w,go+r-w,a-s . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; # Patch to allow empty passwords (used in Slackware's installer): patch -p1 < $CWD/dropbear_emptypass.patch @@ -70,6 +81,8 @@ patch -p1 < $CWD/dropbear_emptypass.patch patch -p0 < $CWD/dropbear.xauth.patch # Change the path used for dbclient because our prefix is '/' not '/usr': patch -p1 < $CWD/dropbear_dbclientpath.patch +# Patch for new glibc crypt() that may return NULL: +patch -p1 < $CWD/dropbear.glibc.crypt.diff CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ @@ -96,10 +109,8 @@ cp dbclient.1 $PKG/usr/man/man1 cp dropbearkey.8 dropbear.8 $PKG/usr/man/man8 if [ -d $PKG/usr/man ]; then - (cd $PKG/usr/man - find . -type f -exec gzip -9 {} \; - for i in `find . -type l` ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done - ) + find $PKG/usr/man -type f -exec gzip -9 {} \; + for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done fi # Link binaries to dropbearmulti since the 'make install' does not do that @@ -111,10 +122,10 @@ fi done ) -(cd $PKG - find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null - find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null -) +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | \ + grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true mkdir -p $PKG/etc/rc.d $PKG/etc/dropbear cp $CWD/rc.dropbear.new $PKG/etc/rc.d/ # doinst.sh will handle .new @@ -128,4 +139,4 @@ cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz +/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/source/installer/dropbear/dropbear.glibc.crypt.diff b/source/installer/dropbear/dropbear.glibc.crypt.diff new file mode 100644 index 000000000..3184210dd --- /dev/null +++ b/source/installer/dropbear/dropbear.glibc.crypt.diff @@ -0,0 +1,28 @@ + +# HG changeset patch +# User Matt Johnston <matt@ucc.asn.au> +# Date 1367250157 -28800 +# Node ID 7bd88d546627ff31d0e2d91e6022b3e77a943efb +# Parent ea04e3eb03e2c3d59d82e361882711de844068a4 +Avoid segfault for locked accounts (invalid salt to crypt()) + +diff -r ea04e3eb03e2 -r 7bd88d546627 svr-authpasswd.c +--- a/svr-authpasswd.c Thu Apr 18 23:15:17 2013 +0800 ++++ b/svr-authpasswd.c Mon Apr 29 23:42:37 2013 +0800 +@@ -66,6 +66,14 @@ + m_burn(password, passwordlen); + m_free(password); + ++ if (testcrypt == NULL) { ++ /* crypt() with an invalid salt like "!!" */ ++ dropbear_log(LOG_WARNING, "User account '%s' is locked", ++ ses.authstate.pw_name); ++ send_msg_userauth_failure(0, 1); ++ return; ++ } ++ + /* check for empty password */ + if (passwdcrypt[0] == '\0') { + dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", + + diff --git a/source/installer/dropbear/dropbear.xauth.patch b/source/installer/dropbear/dropbear.xauth.patch index d01e15e04..e32f0c644 100644 --- a/source/installer/dropbear/dropbear.xauth.patch +++ b/source/installer/dropbear/dropbear.xauth.patch @@ -1,10 +1,10 @@ ---- options.h.old 2008-01-29 11:54:45.000000000 -0200 -+++ options.h 2008-01-29 11:54:52.000000000 -0200 -@@ -197,7 +197,7 @@ +--- options.h.orig 2013-06-21 21:50:34.859528230 -0500 ++++ options.h 2013-06-21 21:52:59.208516285 -0500 +@@ -243,7 +243,7 @@ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ #ifndef XAUTH_COMMAND --#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" +-#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" +#define XAUTH_COMMAND "/usr/bin/xauth -q" #endif diff --git a/source/installer/dropbear/dropbear_dbclientpath.patch b/source/installer/dropbear/dropbear_dbclientpath.patch index ef5cddc79..781349f83 100644 --- a/source/installer/dropbear/dropbear_dbclientpath.patch +++ b/source/installer/dropbear/dropbear_dbclientpath.patch @@ -1,12 +1,12 @@ -diff -uarN dropbear-0.50.orig/options.h dropbear-0.50/options.h ---- dropbear-0.50.orig/options.h 2007-08-08 18:39:38.000000000 +0200 -+++ dropbear-0.50/options.h 2008-03-10 14:43:29.261618300 +0100 -@@ -209,7 +209,7 @@ - +diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h +--- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600 ++++ dropbear-2012.55/options.h 2012-04-07 15:12:46.040452209 -0500 +@@ -255,7 +255,7 @@ + /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ -#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" +#define _PATH_SSH_PROGRAM "/bin/dbclient" - - /* Whether to log commands executed by a client. This only logs the - * (single) command sent to the server, not what a user did in a + + /* Whether to log commands executed by a client. This only logs the + * (single) command sent to the server, not what a user did in a diff --git a/source/installer/dropbear/dropbear_emptypass.patch b/source/installer/dropbear/dropbear_emptypass.patch index 995b4d5c5..259240082 100644 --- a/source/installer/dropbear/dropbear_emptypass.patch +++ b/source/installer/dropbear/dropbear_emptypass.patch @@ -1,51 +1,12 @@ -diff -uarN dropbear-0.50.orig/options.h dropbear-0.50/options.h ---- dropbear-0.50.orig/options.h 2007-08-08 17:39:37.000000000 +0200 -+++ dropbear-0.50/options.h 2008-02-01 00:22:07.000000000 +0100 -@@ -148,6 +148,9 @@ - * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ - #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" - -+/* disable server empty password check because root has no password on EZX */ -+#define DISABLE_SVR_EMPTY_PASSWD_CHECK -+ - /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of - * a helper program for the ssh client. The helper program should be - * specified in the SSH_ASKPASS environment variable, and dbclient -diff -uarN dropbear-0.50.orig/svr-auth.c dropbear-0.50/svr-auth.c ---- dropbear-0.50.orig/svr-auth.c 2007-08-08 17:39:37.000000000 +0200 -+++ dropbear-0.50/svr-auth.c 2008-02-01 00:22:07.000000000 +0100 -@@ -236,6 +236,7 @@ - return DROPBEAR_FAILURE; - } - -+#ifndef DISABLE_SVR_EMPTY_PASSWD_CHECK - /* check for an empty password */ - if (ses.authstate.pw->pw_passwd[0] == '\0') { - TRACE(("leave checkusername: empty pword")) -@@ -244,6 +245,7 @@ - send_msg_userauth_failure(0, 1); - return DROPBEAR_FAILURE; - } -+#endif - - TRACE(("shell is %s", ses.authstate.pw->pw_shell)) - -diff -uarN dropbear-0.50.orig/svr-authpasswd.c dropbear-0.50/svr-authpasswd.c ---- dropbear-0.50.orig/svr-authpasswd.c 2007-08-08 17:39:37.000000000 +0200 -+++ dropbear-0.50/svr-authpasswd.c 2008-02-01 00:23:00.000000000 +0100 -@@ -60,6 +60,7 @@ - passwdcrypt = DEBUG_HACKCRYPT; - #endif - -+#ifndef DISABLE_SVR_EMPTY_PASSWD_CHECK - /* check for empty password - need to do this again here - * since the shadow password may differ to that tested - * in auth.c */ -@@ -69,6 +70,7 @@ - send_msg_userauth_failure(0, 1); - return; - } -+#endif - - /* check if client wants to change password */ - changepw = buf_getbool(ses.payload); +diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h +--- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600 ++++ dropbear-2012.55/options.h 2012-04-07 15:09:15.676322495 -0500 +@@ -180,7 +180,7 @@ + * Public key logins are allowed for blank-password accounts regardless of this + * setting. PAM is not affected by this setting, it uses the normal pam.d + * settings ('nullok' option) */ +-/* #define ALLOW_BLANK_PASSWORD */ ++#define ALLOW_BLANK_PASSWORD + + #define ENABLE_CLI_PASSWORD_AUTH + #define ENABLE_CLI_PUBKEY_AUTH |