summaryrefslogtreecommitdiffstats
path: root/source/installer
diff options
context:
space:
mode:
Diffstat (limited to 'source/installer')
-rw-r--r--source/installer/ChangeLog.txt3
-rwxr-xr-xsource/installer/build_installer.sh16
-rwxr-xr-xsource/installer/sources/dropbear/dropbear.Slackbuild27
-rw-r--r--source/installer/sources/dropbear/dropbear.glibc.crypt.diff28
-rw-r--r--source/installer/sources/dropbear/dropbear.xauth.patch11
-rw-r--r--source/installer/sources/dropbear/dropbear_dbclientpath.patch12
-rw-r--r--source/installer/sources/dropbear/dropbear_emptypass.patch30
-rw-r--r--source/installer/sources/dropbear/localoptions.h4
-rw-r--r--source/installer/sources/dropbear/rc.dropbear.new3
-rw-r--r--source/installer/sources/dropbear/slack-desc6
10 files changed, 53 insertions, 87 deletions
diff --git a/source/installer/ChangeLog.txt b/source/installer/ChangeLog.txt
index b16f0c486..a0e063ada 100644
--- a/source/installer/ChangeLog.txt
+++ b/source/installer/ChangeLog.txt
@@ -1,3 +1,6 @@
+Wed Jun 20 21:08:45 UTC 2018
+ Upgraded dropbear. Thanks to Robby Workman.
++--------------------------+
Mon Jun 18 17:53:56 UTC 2018
When compressing the initrd with xz, add: -C crc32
Use xzcat instead of zcat in a few places where the build script wants to
diff --git a/source/installer/build_installer.sh b/source/installer/build_installer.sh
index 290adcd5e..951977128 100755
--- a/source/installer/build_installer.sh
+++ b/source/installer/build_installer.sh
@@ -695,8 +695,8 @@ else
DROPBEARPATH=$SLACKROOT/source/installer/dropbear
fi
[ ! -d $DROPBEARPATH ] && ( echo "No directory '$DROPBEARPATH'" ; exit 1 )
-DROPBEARPKG=$(ls -1 $DROPBEARPATH/dropbear-*.tar.bz2 | head -1)
-DROPBEARVER=$(echo $DROPBEARPKG | sed -e "s#.*/dropbear-\(.*\).tar.bz2#\1#")
+DROPBEARPKG=$(ls -1 $DROPBEARPATH/dropbear-*.tar.lz | head -1)
+DROPBEARVER=$(echo $DROPBEARPKG | sed -e "s#.*/dropbear-\(.*\).tar.lz#\1#")
tar x${VERBOSE2}f $DROPBEARPKG
echo "--- Compiling DROPBEAR version '$DROPBEARVER' ---"
@@ -709,12 +709,12 @@ PROGS="dropbear dbclient dropbearkey dropbearconvert scp ssh"
# Patch to allow empty passwords (used in Slackware's installer):
patch -p1 ${VERBOSETXT} < $DROPBEARPATH/dropbear_emptypass.patch || exit 1
-# Apply xauth path patch
-patch -p0 ${VERBOSETXT} < $DROPBEARPATH/dropbear.xauth.patch || exit 1
-# Change the path used for dbclient because our prefix is '/' not '/usr':
-patch -p1 ${VERBOSETXT} < $DROPBEARPATH/dropbear_dbclientpath.patch || exit 1
-# Patch for new glibc crypt() that may return NULL:
-patch -p1 < $DROPBEARPATH/dropbear.glibc.crypt.diff
+
+# Set local options, such as dbclient is in /bin (due to prefix=/):
+cp $DROPBEARPATH/localoptions.h .
+
+autoconf || exit 1
+autoheader || exit 1
# Configure:
CFLAGS="$SLKCFLAGS" \
diff --git a/source/installer/sources/dropbear/dropbear.Slackbuild b/source/installer/sources/dropbear/dropbear.Slackbuild
index 9cc78b3ed..2954effd0 100755
--- a/source/installer/sources/dropbear/dropbear.Slackbuild
+++ b/source/installer/sources/dropbear/dropbear.Slackbuild
@@ -23,13 +23,13 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=dropbear
-VERSION=2012.55
-BUILD=${BUILD:-11}
+VERSION=20171018_fa3b0dd3
+BUILD=${BUILD:-1}
TAG=${TAG:-''}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
- i?86) ARCH=i486 ;;
+ i?86) ARCH=i586 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
@@ -47,8 +47,8 @@ CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/pkg-$PRGNAM
-if [ "$ARCH" = "i486" ]; then
- SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+ SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686"
@@ -65,7 +65,7 @@ rm -rf $PKG
mkdir -p $TMP $PKG
cd $TMP || exit 1
rm -rf $PRGNAM-$VERSION
-tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1
+tar xvf $CWD/$PRGNAM-$VERSION.tar.?z || exit 1
cd $PRGNAM-$VERSION || exit 1
chown -R root:root .
@@ -76,13 +76,12 @@ find . \
-exec chmod 644 {} \;
# Patch to allow empty passwords (used in Slackware's installer):
-patch -p1 < $CWD/dropbear_emptypass.patch
-# Apply xauth path patch
-patch -p0 < $CWD/dropbear.xauth.patch
-# Change the path used for dbclient because our prefix is '/' not '/usr':
-patch -p1 < $CWD/dropbear_dbclientpath.patch
-# Patch for new glibc crypt() that may return NULL:
-patch -p1 < $CWD/dropbear.glibc.crypt.diff
+patch -p1 < $CWD/dropbear_emptypass.patch || exit 1
+
+autoconf || exit 1
+autoheader || exit 1
+
+cp $CWD/localoptions.h .
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
@@ -139,4 +138,4 @@ cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh
cd $PKG
-/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
+/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.txz
diff --git a/source/installer/sources/dropbear/dropbear.glibc.crypt.diff b/source/installer/sources/dropbear/dropbear.glibc.crypt.diff
deleted file mode 100644
index 3184210dd..000000000
--- a/source/installer/sources/dropbear/dropbear.glibc.crypt.diff
+++ /dev/null
@@ -1,28 +0,0 @@
-
-# HG changeset patch
-# User Matt Johnston <matt@ucc.asn.au>
-# Date 1367250157 -28800
-# Node ID 7bd88d546627ff31d0e2d91e6022b3e77a943efb
-# Parent ea04e3eb03e2c3d59d82e361882711de844068a4
-Avoid segfault for locked accounts (invalid salt to crypt())
-
-diff -r ea04e3eb03e2 -r 7bd88d546627 svr-authpasswd.c
---- a/svr-authpasswd.c Thu Apr 18 23:15:17 2013 +0800
-+++ b/svr-authpasswd.c Mon Apr 29 23:42:37 2013 +0800
-@@ -66,6 +66,14 @@
- m_burn(password, passwordlen);
- m_free(password);
-
-+ if (testcrypt == NULL) {
-+ /* crypt() with an invalid salt like "!!" */
-+ dropbear_log(LOG_WARNING, "User account '%s' is locked",
-+ ses.authstate.pw_name);
-+ send_msg_userauth_failure(0, 1);
-+ return;
-+ }
-+
- /* check for empty password */
- if (passwdcrypt[0] == '\0') {
- dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
-
-
diff --git a/source/installer/sources/dropbear/dropbear.xauth.patch b/source/installer/sources/dropbear/dropbear.xauth.patch
deleted file mode 100644
index e32f0c644..000000000
--- a/source/installer/sources/dropbear/dropbear.xauth.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- options.h.orig 2013-06-21 21:50:34.859528230 -0500
-+++ options.h 2013-06-21 21:52:59.208516285 -0500
-@@ -243,7 +243,7 @@
- /* The command to invoke for xauth when using X11 forwarding.
- * "-q" for quiet */
- #ifndef XAUTH_COMMAND
--#define XAUTH_COMMAND "/usr/bin/X11/xauth -q"
-+#define XAUTH_COMMAND "/usr/bin/xauth -q"
- #endif
-
- /* if you want to enable running an sftp server (such as the one included with
diff --git a/source/installer/sources/dropbear/dropbear_dbclientpath.patch b/source/installer/sources/dropbear/dropbear_dbclientpath.patch
deleted file mode 100644
index 781349f83..000000000
--- a/source/installer/sources/dropbear/dropbear_dbclientpath.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h
---- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600
-+++ dropbear-2012.55/options.h 2012-04-07 15:12:46.040452209 -0500
-@@ -255,7 +255,7 @@
-
- /* This is used by the scp binary when used as a client binary. If you're
- * not using the Dropbear client, you'll need to change it */
--#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
-+#define _PATH_SSH_PROGRAM "/bin/dbclient"
-
- /* Whether to log commands executed by a client. This only logs the
- * (single) command sent to the server, not what a user did in a
diff --git a/source/installer/sources/dropbear/dropbear_emptypass.patch b/source/installer/sources/dropbear/dropbear_emptypass.patch
index 259240082..a3f27f47e 100644
--- a/source/installer/sources/dropbear/dropbear_emptypass.patch
+++ b/source/installer/sources/dropbear/dropbear_emptypass.patch
@@ -1,12 +1,20 @@
-diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h
---- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600
-+++ dropbear-2012.55/options.h 2012-04-07 15:09:15.676322495 -0500
-@@ -180,7 +180,7 @@
- * Public key logins are allowed for blank-password accounts regardless of this
- * setting. PAM is not affected by this setting, it uses the normal pam.d
- * settings ('nullok' option) */
--/* #define ALLOW_BLANK_PASSWORD */
-+#define ALLOW_BLANK_PASSWORD
+diff -Nur dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c dropbear-20171018_fa3b0dd3/svr-authpasswd.c
+--- dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c 2018-01-13 19:19:59.000000000 -0600
++++ dropbear-20171018_fa3b0dd3/svr-authpasswd.c 2018-01-13 23:07:16.441369958 -0600
+@@ -88,12 +88,16 @@
+ }
- #define ENABLE_CLI_PASSWORD_AUTH
- #define ENABLE_CLI_PUBKEY_AUTH
+ /* check for empty password */
++ /* Yep, good idea, but for our usage, it's okay - dropbear has to be
++ started manually in the installer, so setting a password or not is
++ up to the admin
+ if (passwdcrypt[0] == '\0') {
+ dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
+ ses.authstate.pw_name);
+ send_msg_userauth_failure(0, 1);
+ return;
+ }
++ */
+
+ if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
+ /* successful authentication */
diff --git a/source/installer/sources/dropbear/localoptions.h b/source/installer/sources/dropbear/localoptions.h
new file mode 100644
index 000000000..2e6a966fa
--- /dev/null
+++ b/source/installer/sources/dropbear/localoptions.h
@@ -0,0 +1,4 @@
+/* These override content of default_options.h */
+#define INETD_MODE 0
+#define DROPBEAR_DH_GROUP16 1
+#define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient"
diff --git a/source/installer/sources/dropbear/rc.dropbear.new b/source/installer/sources/dropbear/rc.dropbear.new
index 3a695b811..987828e89 100644
--- a/source/installer/sources/dropbear/rc.dropbear.new
+++ b/source/installer/sources/dropbear/rc.dropbear.new
@@ -8,6 +8,9 @@ fi
dropbear_start() {
# Create host keys if needed.
+ if [ ! -f /etc/dropbear/dropbear_ecdsa_host_key ]; then
+ /bin/dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
+ fi
if [ ! -f /etc/dropbear/dropbear_rsa_host_key ]; then
/bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
fi
diff --git a/source/installer/sources/dropbear/slack-desc b/source/installer/sources/dropbear/slack-desc
index ca2619023..94eeac05a 100644
--- a/source/installer/sources/dropbear/slack-desc
+++ b/source/installer/sources/dropbear/slack-desc
@@ -1,8 +1,8 @@
# HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
+# The "handy ruler" below makes it easier to edit a package description. Line
# up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':'.
|-----handy-ruler------------------------------------------------------|