commit: 112d0b7adedf3c2005da5e52557f93605b9c0937 parent: 9e3633fa28089b79385960d9974caf6feefdb157 Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me> Date: Tue, 8 Oct 2019 10:23:13 +0200 net-misc/dropbear: Go awayDiffstat:
| D | net-misc/dropbear/Manifest | 8 | -------- |
| D | net-misc/dropbear/dropbear-2018.76-r1.ebuild | 104 | ------------------------------------------------------------------------------- |
| D | net-misc/dropbear/files/dropbear-0.46-dbscp.patch | 20 | -------------------- |
| D | net-misc/dropbear/files/dropbear-openssh-CVE-2018-20685.patch | 14 | -------------- |
| D | net-misc/dropbear/files/dropbear.conf.d | 6 | ------ |
| D | net-misc/dropbear/files/dropbear.init.d | 38 | -------------------------------------- |
| D | net-misc/dropbear/metadata.xml | 31 | ------------------------------- |
7 files changed, 0 insertions(+), 221 deletions(-)
diff --git a/net-misc/dropbear/Manifest b/net-misc/dropbear/Manifest @@ -1,8 +0,0 @@ -AUX dropbear-0.46-dbscp.patch 500 BLAKE2B 268b3a065ff9a9d52659c969195a712e8bfcbc6984e201b69f2a2cc04956220bcda766c932e46fdf4d75f379d1f5a9dcbab842d66a9f6c62fc7f0dd03024d1ed SHA512 33596d1b59ba266eade106e8fe058cc9d20d1657db88d51fb11c2111835f7887b3fa5714b3feb9767c48ed94d3af0c539864886e0a2586b6f58a38bb9f741210 -AUX dropbear.conf.d 190 BLAKE2B b89e59ae84f23f00162d78cb900e4fef05fe01123a6ee7533ed3d39625f43580012591b2cf8dcc9ea5f093a64d3ed81fa590c44389bacb369b9123929ca2bb69 SHA512 83f2c1eaf7687917a4b2bae7d599d4378c4bd64f9126ba42fc5d235f2b3c9a474d1b3168d70ed64bb4101cc251d30bc9ae20604da9b5d819fcd635ee4d0ebb0f -AUX dropbear.init.d 731 BLAKE2B d858b35872eb72dacb85baed47882a9909a2530e3a9537a10adaeaf3d77da49808fdb8490124d29379c7b61272ea7d1867477046c1700d3cf216b4fc4f8c8f25 SHA512 5087cdb36194d55bf6d5ce27852b17f1ebe06840bbed37789cf162a618fb3c56c9dffce01a8a75f8574f8d9800a12fc2e1b725ca35352a836324579c8b704fd8 -DIST dropbear-2017.75.tar.bz2 1623392 BLAKE2B c024037d3ebcb3f16aed2a5f24e07c06699a510b327a0ea528db7160ad2a8e554af2a233a266f869e0e30c78f3b0b7792a817d9c07f058f605dbf2dc749a4fda SHA512 9c2f2a5e718339f83abc0ad7719bda12bfc75e5bcb87a7c0eec0afefc743e5c0a1575d290d5fde152ff2100b0f0e6fd5ef4431f7bbcb5ca9a332d93c20f5a8f4 -DIST dropbear-2018.76.tar.bz2 2688697 BLAKE2B 1c22d38487e94427b2678d070f8d370eb09bb2d69253fd6f76d8d80fd637ff86a44b00ab42e1f6d84042c72cbcbd4bb6cbb415f961502e0437c7c8c1b812f059 SHA512 82323279f7e78c366ba1ea07ff242259132b2576122429f54326518dd6092aba8ae5de4a0b8a3cef7efc3507015741abe2ac23376c03b40b247527da7a88120e -EBUILD dropbear-2017.75.ebuild 2479 BLAKE2B b200fd9ce16df2cfcfe197bbaa4d23b86fd65ac28e3a91b2b9b38780ccab35333cc946b71dc67826932dc39dd67f7c0cf4cb3f026bbded140b306c5ab464f42c SHA512 7ff7df1daccbadc9a855ade363dd8158fced88e779ac9764136ed8c42e54380cbbdba2ad6392e859c974a4c81cf54ff7af240c54ee7a03094880528b21ada6c1 -EBUILD dropbear-2018.76.ebuild 2659 BLAKE2B 86c2521f8ff752ab0e3957167f4e1e0f9f20bfa54fed2561b6c27251ee1a6eb71f80a08d8138fed5bd88d8f2778798a9534edf66a1274e7e1cf13cf36ea99ca8 SHA512 66aa0a4d6a60a8d6b893b7a75e088dee4b6c04eaee98cbac5399d4dfcae4df60f0939f52347e8aa372a8818a0906a167c71f6643a5f1aa923f546fdc3668da6f -MISC metadata.xml 1791 BLAKE2B d5816e2173f3fe0177562b1ef7e36c6ec56c4d596c27231f02eaedd41eba091abcff7cb0e0114d5431d735b011fcaaabf01e5e70ff61478c669232243bc7e244 SHA512 1f99332f1f194f989838dc5c04fa1c7661e13da3efa7b98fa6392ab3c3e6887a4a9c7319fdb43f102b2fb3cbc0ee70e79792b595c2f49d2bbf4e50be3f362314 diff --git a/net-misc/dropbear/dropbear-2018.76-r1.ebuild b/net-misc/dropbear/dropbear-2018.76-r1.ebuild @@ -1,104 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI="5" - -inherit eutils savedconfig pam user - -DESCRIPTION="small SSH 2 client/server designed for small memory environments" -HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html" -SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2 - https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2" - -LICENSE="MIT" -SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux" -IUSE="bsdpty minimal multicall pam +shadow static +syslog zlib" - -LIB_DEPEND="zlib? ( sys-libs/zlib[static-libs(+)] ) - dev-libs/libtomcrypt[static-libs(+)] - dev-libs/libtommath[static-libs(+)]" -RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( virtual/pam )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} )" -RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )" - -REQUIRED_USE="pam? ( !static )" - -set_options() { - progs=( - dropbear dbclient dropbearkey - $(usex minimal "" "dropbearconvert scp") - ) - makeopts=( - MULTI=$(usex multicall 1 0) - STATIC=$(usex static 1 0) - ) -} - -src_prepare() { - epatch "${FILESDIR}/${PN}-0.46-dbscp.patch" - epatch "${FILESDIR}/dropbear-openssh-CVE-2018-20685.patch" - rm -fr libtomcrypt || die - rm -fr libtommath || die - sed \ - -e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \ - default_options.h > localoptions.h || die - sed -i \ - -e '/pam_start/s:sshd:dropbear:' \ - svr-authpam.c || die - restore_config localoptions.h -} - -src_configure() { - # We disable the hardening flags as our compiler already enables them - # by default as is appropriate for the target. - econf \ - --disable-harden \ - --disable-bundled-libtom \ - $(use_enable zlib) \ - $(use_enable pam) \ - $(use_enable !bsdpty openpty) \ - $(use_enable shadow) \ - $(use_enable syslog) -} - -src_compile() { - set_options - emake "${makeopts[@]}" PROGRAMS="${progs[*]}" -} - -src_install() { - set_options - emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install - doman *.8 - newinitd "${FILESDIR}"/dropbear.init.d dropbear - newconfd "${FILESDIR}"/dropbear.conf.d dropbear - dodoc CHANGES README SMALL MULTI - - # The multi install target does not install the links right. - if use multicall ; then - cd "${ED}"/usr/bin - local x - for x in "${progs[@]}" ; do - ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed" - done - rm -f dropbear - dodir /usr/sbin - dosym ../bin/dropbearmulti /usr/sbin/dropbear - cd "${S}" - fi - save_config localoptions.h - - if ! use minimal ; then - mv "${ED}"/usr/bin/{,db}scp || die - fi - - pamd_mimic system-remote-login dropbear auth account password session -} - -pkg_preinst() { - enewgroup sshd 22 - enewuser sshd 22 -1 /var/empty sshd -} diff --git a/net-misc/dropbear/files/dropbear-0.46-dbscp.patch b/net-misc/dropbear/files/dropbear-0.46-dbscp.patch @@ -1,20 +0,0 @@ ---- dbmulti.c 2005-07-17 07:00:07.000000000 -0400 -+++ dbmulti.c 2005-07-17 06:59:35.000000000 -0400 -@@ -60,7 +60,7 @@ - } - #endif - #ifdef DBMULTI_scp -- if (strcmp(progname, "scp") == 0) { -+ if ((strcmp(progname, "scp") == 0) || (strcmp(progname, "dbscp") == 0)) { - return scp_main(argc, argv); - } - #endif -@@ -81,7 +81,7 @@ - "'dropbearconvert' - the key converter\n" - #endif - #ifdef DBMULTI_scp -- "'scp' - secure copy\n" -+ "'dbscp' - secure copy\n" - #endif - , - DROPBEAR_VERSION); diff --git a/net-misc/dropbear/files/dropbear-openssh-CVE-2018-20685.patch b/net-misc/dropbear/files/dropbear-openssh-CVE-2018-20685.patch @@ -1,14 +0,0 @@ -diff --git a/scp.c b/scp.c -index 742ae00..7b8e7d2 100644 ---- a/scp.c -+++ b/scp.c -@@ -935,7 +935,8 @@ sink(int argc, char **argv) - size = size * 10 + (*cp++ - '0'); - if (*cp++ != ' ') - SCREWUP("size not delimited"); -- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { -+ if (*cp == '\0' || strchr(cp, '/') != NULL || -+ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { - run_err("error: unexpected filename: %s", cp); - exit(1); - } diff --git a/net-misc/dropbear/files/dropbear.conf.d b/net-misc/dropbear/files/dropbear.conf.d @@ -1,6 +0,0 @@ -# /etc/conf.d/dropbear: config file for /etc/init.d/dropbear - -# see `dropbear -h` for more information -# -w disables root logins -# -p # changes the port number to listen on -DROPBEAR_OPTS="" diff --git a/net-misc/dropbear/files/dropbear.init.d b/net-misc/dropbear/files/dropbear.init.d @@ -1,38 +0,0 @@ -#!/sbin/openrc-run -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -depend() { - use logger dns - need net -} - -check_config() { - mkdir -p /etc/dropbear - - local t k - for t in dss rsa ecdsa; do - k="/etc/dropbear/dropbear_${t}_host_key" - if [ ! -e ${k} ] ; then - # See if support is enabled for this key type. - if dropbearkey -h 2>&1 | grep -q " ${t}$" ; then - einfo "Generating ${k} ..." - dropbearkey -t ${t} -f ${k} >/dev/null - fi - fi & - done - wait -} - -start() { - check_config || return 1 - ebegin "Starting dropbear" - dropbear ${DROPBEAR_OPTS} - eend $? -} - -stop() { - ebegin "Stopping dropbear" - start-stop-daemon --stop --pidfile /var/run/dropbear.pid - eend $? -} diff --git a/net-misc/dropbear/metadata.xml b/net-misc/dropbear/metadata.xml @@ -1,31 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> -<pkgmetadata> - <maintainer type="person"> - <email>contact@hacktivis.me</email> - <name>Haelwenn (lanodan) Monnier</name> - </maintainer> - <longdescription> -I was looking for a small and secure SSH server to fit on a laptop with 4 megs ram and no hard -disk, and couldn't find one which was satisfactory. I decided to write my own, and Dropbear is -the result. It implements most required features of the SSH 2 protocol, and other features such -as X11, TCP and Authentication Agent forwarding. Dropbear is Open Source software, distributed -under a MIT-style license. -</longdescription> - <longdescription lang="ja"> -私は 4MB の RAM とハードディスクを搭載しないラップトップ型にぴったりな小さ -くて安全な SSH サーバを探していました。しかし満足するものは見つけられません -でした。私は自身で作ろうと決意しました。その結果が Dropbear です。SSH 2 プ -ロトコルに必要な機能の大半、他にも X11 や TCP、認証エージェント・フォワーデ -ィングといった機能が実装してあります。Dropbear はオープンソースで、MIT スタ -イルのライセンス下で配布されます。 -</longdescription> - <use> - <flag name="bsdpty">Add support for legacy BSD pty's rather than dynamic UNIX pty's -- do not use this flag unless you are absolutely sure you actually want it</flag> - <flag name="multicall">Build all the programs as one little binary (to save space)</flag> - <flag name="shadow">Enable shadow password support</flag> - </use> - <upstream> - <remote-id type="cpe">cpe:/a:matt_johnston:dropbear_ssh_server</remote-id> - </upstream> -</pkgmetadata>