diff options
Diffstat (limited to 'source/installer')
-rw-r--r-- | source/installer/ChangeLog.txt | 3 | ||||
-rwxr-xr-x | source/installer/build_installer.sh | 16 | ||||
-rwxr-xr-x | source/installer/sources/dropbear/dropbear.Slackbuild | 27 | ||||
-rw-r--r-- | source/installer/sources/dropbear/dropbear.glibc.crypt.diff | 28 | ||||
-rw-r--r-- | source/installer/sources/dropbear/dropbear.xauth.patch | 11 | ||||
-rw-r--r-- | source/installer/sources/dropbear/dropbear_dbclientpath.patch | 12 | ||||
-rw-r--r-- | source/installer/sources/dropbear/dropbear_emptypass.patch | 30 | ||||
-rw-r--r-- | source/installer/sources/dropbear/localoptions.h | 4 | ||||
-rw-r--r-- | source/installer/sources/dropbear/rc.dropbear.new | 3 | ||||
-rw-r--r-- | source/installer/sources/dropbear/slack-desc | 6 |
10 files changed, 53 insertions, 87 deletions
diff --git a/source/installer/ChangeLog.txt b/source/installer/ChangeLog.txt index b16f0c486..a0e063ada 100644 --- a/source/installer/ChangeLog.txt +++ b/source/installer/ChangeLog.txt @@ -1,3 +1,6 @@ +Wed Jun 20 21:08:45 UTC 2018 + Upgraded dropbear. Thanks to Robby Workman. ++--------------------------+ Mon Jun 18 17:53:56 UTC 2018 When compressing the initrd with xz, add: -C crc32 Use xzcat instead of zcat in a few places where the build script wants to diff --git a/source/installer/build_installer.sh b/source/installer/build_installer.sh index 290adcd5e..951977128 100755 --- a/source/installer/build_installer.sh +++ b/source/installer/build_installer.sh @@ -695,8 +695,8 @@ else DROPBEARPATH=$SLACKROOT/source/installer/dropbear fi [ ! -d $DROPBEARPATH ] && ( echo "No directory '$DROPBEARPATH'" ; exit 1 ) -DROPBEARPKG=$(ls -1 $DROPBEARPATH/dropbear-*.tar.bz2 | head -1) -DROPBEARVER=$(echo $DROPBEARPKG | sed -e "s#.*/dropbear-\(.*\).tar.bz2#\1#") +DROPBEARPKG=$(ls -1 $DROPBEARPATH/dropbear-*.tar.lz | head -1) +DROPBEARVER=$(echo $DROPBEARPKG | sed -e "s#.*/dropbear-\(.*\).tar.lz#\1#") tar x${VERBOSE2}f $DROPBEARPKG echo "--- Compiling DROPBEAR version '$DROPBEARVER' ---" @@ -709,12 +709,12 @@ PROGS="dropbear dbclient dropbearkey dropbearconvert scp ssh" # Patch to allow empty passwords (used in Slackware's installer): patch -p1 ${VERBOSETXT} < $DROPBEARPATH/dropbear_emptypass.patch || exit 1 -# Apply xauth path patch -patch -p0 ${VERBOSETXT} < $DROPBEARPATH/dropbear.xauth.patch || exit 1 -# Change the path used for dbclient because our prefix is '/' not '/usr': -patch -p1 ${VERBOSETXT} < $DROPBEARPATH/dropbear_dbclientpath.patch || exit 1 -# Patch for new glibc crypt() that may return NULL: -patch -p1 < $DROPBEARPATH/dropbear.glibc.crypt.diff + +# Set local options, such as dbclient is in /bin (due to prefix=/): +cp $DROPBEARPATH/localoptions.h . + +autoconf || exit 1 +autoheader || exit 1 # Configure: CFLAGS="$SLKCFLAGS" \ diff --git a/source/installer/sources/dropbear/dropbear.Slackbuild b/source/installer/sources/dropbear/dropbear.Slackbuild index 9cc78b3ed..2954effd0 100755 --- a/source/installer/sources/dropbear/dropbear.Slackbuild +++ b/source/installer/sources/dropbear/dropbear.Slackbuild @@ -23,13 +23,13 @@ # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. PRGNAM=dropbear -VERSION=2012.55 -BUILD=${BUILD:-11} +VERSION=20171018_fa3b0dd3 +BUILD=${BUILD:-1} TAG=${TAG:-''} if [ -z "$ARCH" ]; then case "$( uname -m )" in - i?86) ARCH=i486 ;; + i?86) ARCH=i586 ;; arm*) ARCH=arm ;; *) ARCH=$( uname -m ) ;; esac @@ -47,8 +47,8 @@ CWD=$(pwd) TMP=${TMP:-/tmp} PKG=$TMP/pkg-$PRGNAM -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" +if [ "$ARCH" = "i586" ]; then + SLKCFLAGS="-O2 -march=i586 -mtune=i686" LIBDIRSUFFIX="" elif [ "$ARCH" = "i686" ]; then SLKCFLAGS="-O2 -march=i686 -mtune=i686" @@ -65,7 +65,7 @@ rm -rf $PKG mkdir -p $TMP $PKG cd $TMP || exit 1 rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1 +tar xvf $CWD/$PRGNAM-$VERSION.tar.?z || exit 1 cd $PRGNAM-$VERSION || exit 1 chown -R root:root . @@ -76,13 +76,12 @@ find . \ -exec chmod 644 {} \; # Patch to allow empty passwords (used in Slackware's installer): -patch -p1 < $CWD/dropbear_emptypass.patch -# Apply xauth path patch -patch -p0 < $CWD/dropbear.xauth.patch -# Change the path used for dbclient because our prefix is '/' not '/usr': -patch -p1 < $CWD/dropbear_dbclientpath.patch -# Patch for new glibc crypt() that may return NULL: -patch -p1 < $CWD/dropbear.glibc.crypt.diff +patch -p1 < $CWD/dropbear_emptypass.patch || exit 1 + +autoconf || exit 1 +autoheader || exit 1 + +cp $CWD/localoptions.h . CFLAGS="$SLKCFLAGS" \ CXXFLAGS="$SLKCFLAGS" \ @@ -139,4 +138,4 @@ cat $CWD/slack-desc > $PKG/install/slack-desc cat $CWD/doinst.sh > $PKG/install/doinst.sh cd $PKG -/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz +/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.txz diff --git a/source/installer/sources/dropbear/dropbear.glibc.crypt.diff b/source/installer/sources/dropbear/dropbear.glibc.crypt.diff deleted file mode 100644 index 3184210dd..000000000 --- a/source/installer/sources/dropbear/dropbear.glibc.crypt.diff +++ /dev/null @@ -1,28 +0,0 @@ - -# HG changeset patch -# User Matt Johnston <matt@ucc.asn.au> -# Date 1367250157 -28800 -# Node ID 7bd88d546627ff31d0e2d91e6022b3e77a943efb -# Parent ea04e3eb03e2c3d59d82e361882711de844068a4 -Avoid segfault for locked accounts (invalid salt to crypt()) - -diff -r ea04e3eb03e2 -r 7bd88d546627 svr-authpasswd.c ---- a/svr-authpasswd.c Thu Apr 18 23:15:17 2013 +0800 -+++ b/svr-authpasswd.c Mon Apr 29 23:42:37 2013 +0800 -@@ -66,6 +66,14 @@ - m_burn(password, passwordlen); - m_free(password); - -+ if (testcrypt == NULL) { -+ /* crypt() with an invalid salt like "!!" */ -+ dropbear_log(LOG_WARNING, "User account '%s' is locked", -+ ses.authstate.pw_name); -+ send_msg_userauth_failure(0, 1); -+ return; -+ } -+ - /* check for empty password */ - if (passwdcrypt[0] == '\0') { - dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", - - diff --git a/source/installer/sources/dropbear/dropbear.xauth.patch b/source/installer/sources/dropbear/dropbear.xauth.patch deleted file mode 100644 index e32f0c644..000000000 --- a/source/installer/sources/dropbear/dropbear.xauth.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- options.h.orig 2013-06-21 21:50:34.859528230 -0500 -+++ options.h 2013-06-21 21:52:59.208516285 -0500 -@@ -243,7 +243,7 @@ - /* The command to invoke for xauth when using X11 forwarding. - * "-q" for quiet */ - #ifndef XAUTH_COMMAND --#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" -+#define XAUTH_COMMAND "/usr/bin/xauth -q" - #endif - - /* if you want to enable running an sftp server (such as the one included with diff --git a/source/installer/sources/dropbear/dropbear_dbclientpath.patch b/source/installer/sources/dropbear/dropbear_dbclientpath.patch deleted file mode 100644 index 781349f83..000000000 --- a/source/installer/sources/dropbear/dropbear_dbclientpath.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h ---- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600 -+++ dropbear-2012.55/options.h 2012-04-07 15:12:46.040452209 -0500 -@@ -255,7 +255,7 @@ - - /* This is used by the scp binary when used as a client binary. If you're - * not using the Dropbear client, you'll need to change it */ --#define _PATH_SSH_PROGRAM "/usr/bin/dbclient" -+#define _PATH_SSH_PROGRAM "/bin/dbclient" - - /* Whether to log commands executed by a client. This only logs the - * (single) command sent to the server, not what a user did in a diff --git a/source/installer/sources/dropbear/dropbear_emptypass.patch b/source/installer/sources/dropbear/dropbear_emptypass.patch index 259240082..a3f27f47e 100644 --- a/source/installer/sources/dropbear/dropbear_emptypass.patch +++ b/source/installer/sources/dropbear/dropbear_emptypass.patch @@ -1,12 +1,20 @@ -diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h ---- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600 -+++ dropbear-2012.55/options.h 2012-04-07 15:09:15.676322495 -0500 -@@ -180,7 +180,7 @@ - * Public key logins are allowed for blank-password accounts regardless of this - * setting. PAM is not affected by this setting, it uses the normal pam.d - * settings ('nullok' option) */ --/* #define ALLOW_BLANK_PASSWORD */ -+#define ALLOW_BLANK_PASSWORD +diff -Nur dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c dropbear-20171018_fa3b0dd3/svr-authpasswd.c +--- dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c 2018-01-13 19:19:59.000000000 -0600 ++++ dropbear-20171018_fa3b0dd3/svr-authpasswd.c 2018-01-13 23:07:16.441369958 -0600 +@@ -88,12 +88,16 @@ + } - #define ENABLE_CLI_PASSWORD_AUTH - #define ENABLE_CLI_PUBKEY_AUTH + /* check for empty password */ ++ /* Yep, good idea, but for our usage, it's okay - dropbear has to be ++ started manually in the installer, so setting a password or not is ++ up to the admin + if (passwdcrypt[0] == '\0') { + dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected", + ses.authstate.pw_name); + send_msg_userauth_failure(0, 1); + return; + } ++ */ + + if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) { + /* successful authentication */ diff --git a/source/installer/sources/dropbear/localoptions.h b/source/installer/sources/dropbear/localoptions.h new file mode 100644 index 000000000..2e6a966fa --- /dev/null +++ b/source/installer/sources/dropbear/localoptions.h @@ -0,0 +1,4 @@ +/* These override content of default_options.h */ +#define INETD_MODE 0 +#define DROPBEAR_DH_GROUP16 1 +#define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient" diff --git a/source/installer/sources/dropbear/rc.dropbear.new b/source/installer/sources/dropbear/rc.dropbear.new index 3a695b811..987828e89 100644 --- a/source/installer/sources/dropbear/rc.dropbear.new +++ b/source/installer/sources/dropbear/rc.dropbear.new @@ -8,6 +8,9 @@ fi dropbear_start() { # Create host keys if needed. + if [ ! -f /etc/dropbear/dropbear_ecdsa_host_key ]; then + /bin/dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key + fi if [ ! -f /etc/dropbear/dropbear_rsa_host_key ]; then /bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key fi diff --git a/source/installer/sources/dropbear/slack-desc b/source/installer/sources/dropbear/slack-desc index ca2619023..94eeac05a 100644 --- a/source/installer/sources/dropbear/slack-desc +++ b/source/installer/sources/dropbear/slack-desc @@ -1,8 +1,8 @@ # HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. Line +# The "handy ruler" below makes it easier to edit a package description. Line # up the first '|' above the ':' following the base package name, and the '|' -# on the right side marks the last column you can put a character in. You must -# make exactly 11 lines for the formatting to be correct. It's also +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also # customary to leave one space after the ':'. |-----handy-ruler------------------------------------------------------| |