From b893b1174dfcd0fdc84aa597eee76b797d6d7b11 Mon Sep 17 00:00:00 2001
From: Patrick J Volkerding <volkerdi@slackware.com>
Date: Thu, 21 Jun 2018 05:18:41 +0000
Subject: Thu Jun 21 05:18:41 UTC 2018

a/kernel-generic-4.14.51-x86_64-1.txz:  Upgraded.
a/kernel-huge-4.14.51-x86_64-1.txz:  Upgraded.
a/kernel-modules-4.14.51-x86_64-1.txz:  Upgraded.
d/kernel-headers-4.14.51-x86-1.txz:  Upgraded.
d/parallel-20180622-noarch-1.txz:  Upgraded.
k/kernel-source-4.14.51-noarch-1.txz:  Upgraded.
l/libedit-20180525_3.1-x86_64-1.txz:  Upgraded.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
---
 .../installer/sources/dropbear/dropbear.Slackbuild | 27 ++++++++++---------
 .../sources/dropbear/dropbear.glibc.crypt.diff     | 28 --------------------
 .../sources/dropbear/dropbear.xauth.patch          | 11 --------
 .../sources/dropbear/dropbear_dbclientpath.patch   | 12 ---------
 .../sources/dropbear/dropbear_emptypass.patch      | 30 ++++++++++++++--------
 source/installer/sources/dropbear/localoptions.h   |  4 +++
 source/installer/sources/dropbear/rc.dropbear.new  |  3 +++
 source/installer/sources/dropbear/slack-desc       |  6 ++---
 8 files changed, 42 insertions(+), 79 deletions(-)
 delete mode 100644 source/installer/sources/dropbear/dropbear.glibc.crypt.diff
 delete mode 100644 source/installer/sources/dropbear/dropbear.xauth.patch
 delete mode 100644 source/installer/sources/dropbear/dropbear_dbclientpath.patch
 create mode 100644 source/installer/sources/dropbear/localoptions.h

(limited to 'source/installer/sources')

diff --git a/source/installer/sources/dropbear/dropbear.Slackbuild b/source/installer/sources/dropbear/dropbear.Slackbuild
index 9cc78b3ed..2954effd0 100755
--- a/source/installer/sources/dropbear/dropbear.Slackbuild
+++ b/source/installer/sources/dropbear/dropbear.Slackbuild
@@ -23,13 +23,13 @@
 #  ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 PRGNAM=dropbear
-VERSION=2012.55
-BUILD=${BUILD:-11}
+VERSION=20171018_fa3b0dd3
+BUILD=${BUILD:-1}
 TAG=${TAG:-''}
 
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
-    i?86) ARCH=i486 ;;
+    i?86) ARCH=i586 ;;
     arm*) ARCH=arm ;;
        *) ARCH=$( uname -m ) ;;
   esac
@@ -47,8 +47,8 @@ CWD=$(pwd)
 TMP=${TMP:-/tmp}
 PKG=$TMP/pkg-$PRGNAM
 
-if [ "$ARCH" = "i486" ]; then
-  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
   LIBDIRSUFFIX=""
 elif [ "$ARCH" = "i686" ]; then
   SLKCFLAGS="-O2 -march=i686 -mtune=i686"
@@ -65,7 +65,7 @@ rm -rf $PKG
 mkdir -p $TMP $PKG
 cd $TMP || exit 1
 rm -rf $PRGNAM-$VERSION
-tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1
+tar xvf $CWD/$PRGNAM-$VERSION.tar.?z || exit 1
 cd $PRGNAM-$VERSION || exit 1
 
 chown -R root:root .
@@ -76,13 +76,12 @@ find . \
  -exec chmod 644 {} \;
 
 # Patch to allow empty passwords (used in Slackware's installer):
-patch -p1 < $CWD/dropbear_emptypass.patch
-# Apply xauth path patch
-patch -p0 < $CWD/dropbear.xauth.patch
-# Change the path used for dbclient because our prefix is '/' not '/usr':
-patch -p1 < $CWD/dropbear_dbclientpath.patch
-# Patch for new glibc crypt() that may return NULL:
-patch -p1 < $CWD/dropbear.glibc.crypt.diff
+patch -p1 < $CWD/dropbear_emptypass.patch || exit 1
+
+autoconf || exit 1
+autoheader || exit 1
+
+cp $CWD/localoptions.h .
 
 CFLAGS="$SLKCFLAGS" \
 CXXFLAGS="$SLKCFLAGS" \
@@ -139,4 +138,4 @@ cat $CWD/slack-desc > $PKG/install/slack-desc
 cat $CWD/doinst.sh  > $PKG/install/doinst.sh
 
 cd $PKG
-/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
+/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.txz
diff --git a/source/installer/sources/dropbear/dropbear.glibc.crypt.diff b/source/installer/sources/dropbear/dropbear.glibc.crypt.diff
deleted file mode 100644
index 3184210dd..000000000
--- a/source/installer/sources/dropbear/dropbear.glibc.crypt.diff
+++ /dev/null
@@ -1,28 +0,0 @@
-
-# HG changeset patch
-# User Matt Johnston <matt@ucc.asn.au>
-# Date 1367250157 -28800
-# Node ID 7bd88d546627ff31d0e2d91e6022b3e77a943efb
-# Parent  ea04e3eb03e2c3d59d82e361882711de844068a4
-Avoid segfault for locked accounts (invalid salt to crypt())
-
-diff -r ea04e3eb03e2 -r 7bd88d546627 svr-authpasswd.c
---- a/svr-authpasswd.c	Thu Apr 18 23:15:17 2013 +0800
-+++ b/svr-authpasswd.c	Mon Apr 29 23:42:37 2013 +0800
-@@ -66,6 +66,14 @@
- 	m_burn(password, passwordlen);
- 	m_free(password);
- 
-+	if (testcrypt == NULL) {
-+		/* crypt() with an invalid salt like "!!" */
-+		dropbear_log(LOG_WARNING, "User account '%s' is locked",
-+				ses.authstate.pw_name);
-+		send_msg_userauth_failure(0, 1);
-+		return;
-+	}
-+
- 	/* check for empty password */
- 	if (passwdcrypt[0] == '\0') {
- 		dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
-
-
diff --git a/source/installer/sources/dropbear/dropbear.xauth.patch b/source/installer/sources/dropbear/dropbear.xauth.patch
deleted file mode 100644
index e32f0c644..000000000
--- a/source/installer/sources/dropbear/dropbear.xauth.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- options.h.orig	2013-06-21 21:50:34.859528230 -0500
-+++ options.h	2013-06-21 21:52:59.208516285 -0500
-@@ -243,7 +243,7 @@
- /* The command to invoke for xauth when using X11 forwarding.
-  * "-q" for quiet */
- #ifndef XAUTH_COMMAND
--#define XAUTH_COMMAND "/usr/bin/X11/xauth -q"
-+#define XAUTH_COMMAND "/usr/bin/xauth -q"
- #endif
- 
- /* if you want to enable running an sftp server (such as the one included with
diff --git a/source/installer/sources/dropbear/dropbear_dbclientpath.patch b/source/installer/sources/dropbear/dropbear_dbclientpath.patch
deleted file mode 100644
index 781349f83..000000000
--- a/source/installer/sources/dropbear/dropbear_dbclientpath.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h
---- dropbear-2012.55.orig/options.h	2012-02-23 07:47:06.000000000 -0600
-+++ dropbear-2012.55/options.h	2012-04-07 15:12:46.040452209 -0500
-@@ -255,7 +255,7 @@
- 
- /* This is used by the scp binary when used as a client binary. If you're
-  * not using the Dropbear client, you'll need to change it */
--#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
-+#define _PATH_SSH_PROGRAM "/bin/dbclient"
- 
- /* Whether to log commands executed by a client. This only logs the 
-  * (single) command sent to the server, not what a user did in a 
diff --git a/source/installer/sources/dropbear/dropbear_emptypass.patch b/source/installer/sources/dropbear/dropbear_emptypass.patch
index 259240082..a3f27f47e 100644
--- a/source/installer/sources/dropbear/dropbear_emptypass.patch
+++ b/source/installer/sources/dropbear/dropbear_emptypass.patch
@@ -1,12 +1,20 @@
-diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h
---- dropbear-2012.55.orig/options.h	2012-02-23 07:47:06.000000000 -0600
-+++ dropbear-2012.55/options.h	2012-04-07 15:09:15.676322495 -0500
-@@ -180,7 +180,7 @@
-  * Public key logins are allowed for blank-password accounts regardless of this
-  * setting.  PAM is not affected by this setting, it uses the normal pam.d
-  * settings ('nullok' option) */
--/* #define ALLOW_BLANK_PASSWORD */
-+#define ALLOW_BLANK_PASSWORD
+diff -Nur dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c dropbear-20171018_fa3b0dd3/svr-authpasswd.c
+--- dropbear-20171018_fa3b0dd3.orig/svr-authpasswd.c	2018-01-13 19:19:59.000000000 -0600
++++ dropbear-20171018_fa3b0dd3/svr-authpasswd.c	2018-01-13 23:07:16.441369958 -0600
+@@ -88,12 +88,16 @@
+ 	}
  
- #define ENABLE_CLI_PASSWORD_AUTH
- #define ENABLE_CLI_PUBKEY_AUTH
+ 	/* check for empty password */
++	/* Yep, good idea, but for our usage, it's okay - dropbear has to be
++	   started manually in the installer, so setting a password or not is
++	   up to the admin
+ 	if (passwdcrypt[0] == '\0') {
+ 		dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
+ 				ses.authstate.pw_name);
+ 		send_msg_userauth_failure(0, 1);
+ 		return;
+ 	}
++	*/
+ 
+ 	if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
+ 		/* successful authentication */
diff --git a/source/installer/sources/dropbear/localoptions.h b/source/installer/sources/dropbear/localoptions.h
new file mode 100644
index 000000000..2e6a966fa
--- /dev/null
+++ b/source/installer/sources/dropbear/localoptions.h
@@ -0,0 +1,4 @@
+/* These override content of default_options.h */
+#define INETD_MODE 0
+#define DROPBEAR_DH_GROUP16 1
+#define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient"
diff --git a/source/installer/sources/dropbear/rc.dropbear.new b/source/installer/sources/dropbear/rc.dropbear.new
index 3a695b811..987828e89 100644
--- a/source/installer/sources/dropbear/rc.dropbear.new
+++ b/source/installer/sources/dropbear/rc.dropbear.new
@@ -8,6 +8,9 @@ fi
 
 dropbear_start() {
   # Create host keys if needed.
+  if [ ! -f /etc/dropbear/dropbear_ecdsa_host_key ]; then
+    /bin/dropbearkey -t ecdsa -f /etc/dropbear/dropbear_ecdsa_host_key
+  fi
   if [ ! -f /etc/dropbear/dropbear_rsa_host_key ]; then
     /bin/dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
   fi
diff --git a/source/installer/sources/dropbear/slack-desc b/source/installer/sources/dropbear/slack-desc
index ca2619023..94eeac05a 100644
--- a/source/installer/sources/dropbear/slack-desc
+++ b/source/installer/sources/dropbear/slack-desc
@@ -1,8 +1,8 @@
 # HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description. Line
+# The "handy ruler" below makes it easier to edit a package description.  Line
 # up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in. You must
-# make exactly 11 lines for the formatting to be correct. It's also
+# on the right side marks the last column you can put a character in.  You must
+# make exactly 11 lines for the formatting to be correct.  It's also
 # customary to leave one space after the ':'.
 
         |-----handy-ruler------------------------------------------------------|
-- 
cgit v1.2.3