projects / openwrt / openwrt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6961fe9) | patch
dropbear: cherry-pick upstream patches
authorKonstantin Demin <rockdrilla@gmail.com>
Tue, 9 Jan 2024 00:40:01 +0000 (03:40 +0300)
committerHauke Mehrtens <hauke@hauke-m.de>
Fri, 15 Mar 2024 22:53:01 +0000 (23:53 +0100)
commit6549a711be6cb9788aaaec6d31e3396b21893163
treec5dc590a320831f60d50fbdf79a5494f47419320tree | snapshot
parent6961fe98ecfb47655893606265c5426995dfbb3fcommit | diff
dropbear: cherry-pick upstream patches

critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
(cherry picked from commit b5cde260487eae86db1661a53e5e5e0823936aab)
[Only add the patches fixing security problems]
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Tested-by: Stijn Segers <foss@volatilesystems.org>
package/network/services/dropbear/Makefile diff | blob | history
package/network/services/dropbear/patches/015-libtommath-fix-possible-integer-overflow.patch [new file with mode: 0644] blob
package/network/services/dropbear/patches/021-Implement-Strict-KEX-mode.patch [new file with mode: 0644] blob
OpenWrt Source Repository