- Security: Fix double-free in server TCP listener cleanup A double-free
in the server could be triggered by an authenticated user if dropbear is
running with -a (Allow connections to forwarded ports from any host)
This could potentially allow arbitrary code execution as root by an
authenticated user.  Affects versions 2013.56 to 2016.74. Thanks to Mark
Shepard for reporting the crash.
CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c

- Security: Fix information disclosure with ~/.ssh/authorized_keys
symlink.  Dropbear parsed authorized_keys as root, even if it were a
symlink.  The fix is to switch to user permissions when opening
authorized_keys

A user could symlink their ~/.ssh/authorized_keys to a root-owned file
they couldn't normally read. If they managed to get that file to contain
valid authorized_keys with command= options it might be possible to read
other contents of that file.
This information disclosure is to an already authenticated user.
Thanks to Jann Horn of Google Project Zero for reporting this.
CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123



Refresh patches, rework 100-pubkey_path.patch to work with new
authorized_keys validation.

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256

Signed-off-by: Felix Fietkau <nbd@nbd.name>

Harmonise handling of DEFAULT_PATH by removing the patch introducing #ifndef
guards around the path, and only using one means to set the path in the
makefile.

Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>

Configurations without shadow passwords have been broken since the removal
of telnet: as the default entry in /etc/passwd is not empty (but rather
unset), there will be no way to log onto such a system by default. As
disabling shadow passwords is not useful anyways, remove this configuration
option.

The config symbol is kept (for a while), as packages from feeds depend on
it.

Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>

As security precaution and to limit the attack surface based on
the version reported by tools like nmap mask out the dropbear
version so the version is not visible anymore by snooping on the
wire. Version is still visible by 'dropbear -V'

Based on a patch by Hans Dedecker <dedeckeh@gmail.com>

Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]

- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

  The security issues were reported by an anonymous researcher working with
  Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Fix a „semantic typo“ introduced in b78aae79,
where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH.

Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>

Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:

  94588	dropbear_2015.71-3_x86_64.ipk
  95316	dropbear_2016.73-1_x86_64.ipk

This is an increase of roughly 700 bytes after compression.

Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>

The option --disable-utmpx was deleted by accident in commit 7545c1d9;
add it again to the CONFIGURE_ARGS list

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

A dropbear instance having an interface config won't start if the interface is down as no
IP address is available.
Adding interface triggers for each configured interface executing the dropbear reload script
will start the dropbear instance when the interface is up.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox)
Putuline support will use the utmp structure to write to the utmp file

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>

Signed-off-by: Jo-Philipp Wich <jow@openwrt.org>

SVN-Revision: 48679

Update dropbear to version 2015.71, released on 3 Dec 2015.
Refresh patches.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>

SVN-Revision: 48243

Signed-off-by: Felix Fietkau <nbd@openwrt.org>

SVN-Revision: 48195

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46815

This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46809

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 46769

fixes dbclient login into OpenSSH 6.8p1
error: "Bad hostkey signature"

reported on irc, replicated with Arch Linux

Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>

SVN-Revision: 45493

Signed-off-by: Nicolas Thill <nico@openwrt.org>

SVN-Revision: 43205

Disable MIPS16 to prevent it negatively affecting performance.
Observed was a increase of connection delay from ~6 to ~11 seconds
and a reduction of scp speed from 1.1MB/s to 710kB/s on brcm63xx.

Fixes #15209.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 42250

Signed-off-by: Steven Barth <steven@midlink.org>

SVN-Revision: 42131

fixes incremental build with change to CONFIG_DROPBEAR_ECC
drop --with-shared which is unknown to configure

Patch by Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 40300

Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES



This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.

dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 40297

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 38413

- drop mirror www.mirrors.wiretapped.net (not working anymore)
- drop patch 300-ipv6_addr_port_split.patch, included upstream
- refresh patches
- various upstream changes: http://matt.ucc.asn.au/dropbear/CHANGES



Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>

SVN-Revision: 38356

Upstream has a few code cleanups, more eagerly burns sensitive memory and
includes the fix for CVE-2012-0920. Full changelog:
https://matt.ucc.asn.au/dropbear/CHANGES



Local changes:
- Removed PKG_MULTI which is no longer in options.h (even before 2011.54)
- Merged DO_HOST_LOOKUP into 120-openwrt_options.patch
- Removed LD from make opts (now included in TARGET_CONFIGURE_OPTS)
- Removed 400-CVE-2012-0920.patch which is included in 2012.55

Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
Signed-off-by: Florian Fainelli <florian@openwrt.org>

SVN-Revision: 34496

licensing: Add licensing metadata to many packages Two new variables are introduces to many packages, namely PKG_LICENSE and PKG_LICENSE_FILES - there may be more than one license applied to packages, and these are listed in the PKG_LICENSE variable and separated by spaces. All relevant license files are also added to the PKG_LICENSE_FILES variable, also space separated.

The licensing metadata is put into the bin/<platform>/packages/Packages file
for later parsing. A script for that is on it's way!

SVN-Revision: 33861

SVN-Revision: 33688

build: add the + token to any commands that can pass through the jobserver, fixes parallel build on some systems

SVN-Revision: 33523

dropbear: patch possible use after free by authenticated remote users with active command restrictions (CVE-2012-0920)

SVN-Revision: 30714

SVN-Revision: 29330

SVN-Revision: 28838

SVN-Revision: 28718

dropbear: - split port argument at the rightmost colon, allows binding to specific IPv6 addresses - don't use uci ipaddr var but resolve ifname and get addresses from it (#9853)

SVN-Revision: 27843

disabling support for keyboard-interactive authentication. The default
sshd configuration on Mac OS X only permits keyboard-interactive and
public-key authentication, so unless a public key is set up, the default
OpenWrt ssh client is now unable to connect to Mac OS X hosts. This patch
re-enables keyboard-interactive authentication.

In my tests, this increases the size of the stripped dropbear executable
by 416 bytes on mips and 1,104 bytes on mipsel. In my opinion, such a
small space savings isn't worthwhile when the resultant executable is
severely hamstrung.

Signed-off-by: Mark Mentovai <mark@moxienet.com>

SVN-Revision: 26390

SVN-Revision: 25831

SVN-Revision: 25830

SVN-Revision: 25826