projects / openwrt / staging / jow.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d4dfb56) | patch
dropbear: cherry-pick upstream patches
authorKonstantin Demin <rockdrilla@gmail.com>
Tue, 9 Jan 2024 00:40:01 +0000 (03:40 +0300)
committerRui Salvaterra <rsalvaterra@gmail.com>
Fri, 9 Feb 2024 09:13:05 +0000 (09:13 +0000)
commitb5cde260487eae86db1661a53e5e5e0823936aab
tree6a3fcc65efaa02d72b61d7f91a4913413eef988atree | snapshot
parentd4dfb566e27e4c67c86d163262719dfa52406a59commit | diff
dropbear: cherry-pick upstream patches

critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
23 files changed:
package/network/services/dropbear/Makefile diff | blob | history
package/network/services/dropbear/patches/001-add-if-DROPBEAR_RSA-guards.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/002-fix-y2038-issues.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/003-fix-DROPBEAR_DSS.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/005-const-parameter-mp_int.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/006-dropbearkey-add-missing-break-in-switch.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/007-fix-building-only-client-or-server.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/008-disable-rsa-signatures-when-no-rsa-hostkey.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/010-remove-SO_LINGER.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/011-add-option-to-bind-to-interface.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/012-add-ifdef-guards-for-SO_BINDTODEVICE.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/013-make-banner-reading-failure-non-fatal.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/014-dropbearkey-ignore-unsupported-command-line-option.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/015-libtommath-fix-possible-integer-overflow.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/016-src-svr-tcpfwd-Fix-noremotetcp-behavior.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/017-Don-t-try-to-shutdown-a-pty.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/018-dropbearkey-add-alias-to-ssh-keygen.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/019-Allow-inetd-with-non-syslog.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/020-Fix-test-for-multiuser-kernels.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/021-Implement-Strict-KEX-mode.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch diff | blob | history
Staging tree of Jo-Philipp Wich