net-misc/dropbear: Port OpenSSH CVE-2018-20685 to dropbear - overlay

commit: f95a22d1cdd7ed94e2beb34a4b4d15b3510d651c
parent: 2b8723c69a8f6407894615adb52a051ad7954f6b
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Tue, 15 Jan 2019 11:21:49 +0100

net-misc/dropbear: Port OpenSSH CVE-2018-20685 to dropbear

Diffstat:
A net-misc/dropbear/dropbear-2018.76-r1.ebuild 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D net-misc/dropbear/dropbear-2018.76.ebuild 103 -------------------------------------------------------------------------------
A net-misc/dropbear/files/dropbear-openssh-CVE-2018-20685.patch 14 ++++++++++++++

3 files changed, 118 insertions(+), 103 deletions(-)
diff --git a/net-misc/dropbear/dropbear-2018.76-r1.ebuild b/net-misc/dropbear/dropbear-2018.76-r1.ebuild
@@ -0,0 +1,104 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils savedconfig pam user
+
+DESCRIPTION="small SSH 2 client/server designed for small memory environments"
+HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html"
+SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2
+	https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2"
+
+LICENSE="MIT"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
+IUSE="bsdpty minimal multicall pam +shadow static +syslog zlib"
+
+LIB_DEPEND="zlib? ( sys-libs/zlib[static-libs(+)] )
+	dev-libs/libtomcrypt[static-libs(+)]
+	dev-libs/libtommath[static-libs(+)]"
+RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	pam? ( virtual/pam )"
+DEPEND="${RDEPEND}
+	static? ( ${LIB_DEPEND} )"
+RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )"
+
+REQUIRED_USE="pam? ( !static )"
+
+set_options() {
+	progs=(
+		dropbear dbclient dropbearkey
+		$(usex minimal "" "dropbearconvert scp")
+	)
+	makeopts=(
+		MULTI=$(usex multicall 1 0)
+		STATIC=$(usex static 1 0)
+	)
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/${PN}-0.46-dbscp.patch"
+	epatch "${FILESDIR}/dropbear-openssh-CVE-2018-20685.patch"
+	rm -fr libtomcrypt || die
+	rm -fr libtommath || die
+	sed \
+		-e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \
+		default_options.h > localoptions.h || die
+	sed -i \
+		-e '/pam_start/s:sshd:dropbear:' \
+		svr-authpam.c || die
+	restore_config localoptions.h
+}
+
+src_configure() {
+	# We disable the hardening flags as our compiler already enables them
+	# by default as is appropriate for the target.
+	econf \
+		--disable-harden \
+		--disable-bundled-libtom \
+		$(use_enable zlib) \
+		$(use_enable pam) \
+		$(use_enable !bsdpty openpty) \
+		$(use_enable shadow) \
+		$(use_enable syslog)
+}
+
+src_compile() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}"
+}
+
+src_install() {
+	set_options
+	emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install
+	doman *.8
+	newinitd "${FILESDIR}"/dropbear.init.d dropbear
+	newconfd "${FILESDIR}"/dropbear.conf.d dropbear
+	dodoc CHANGES README SMALL MULTI
+
+	# The multi install target does not install the links right.
+	if use multicall ; then
+		cd "${ED}"/usr/bin
+		local x
+		for x in "${progs[@]}" ; do
+			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
+		done
+		rm -f dropbear
+		dodir /usr/sbin
+		dosym ../bin/dropbearmulti /usr/sbin/dropbear
+		cd "${S}"
+	fi
+	save_config localoptions.h
+
+	if ! use minimal ; then
+		mv "${ED}"/usr/bin/{,db}scp || die
+	fi
+
+	pamd_mimic system-remote-login dropbear auth account password session
+}
+
+pkg_preinst() {
+	enewgroup sshd 22
+	enewuser sshd 22 -1 /var/empty sshd
+}
diff --git a/net-misc/dropbear/dropbear-2018.76.ebuild b/net-misc/dropbear/dropbear-2018.76.ebuild
@@ -1,103 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="5"
-
-inherit eutils savedconfig pam user
-
-DESCRIPTION="small SSH 2 client/server designed for small memory environments"
-HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html"
-SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2
-	https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2"
-
-LICENSE="MIT"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-linux ~x86-linux"
-IUSE="bsdpty minimal multicall pam +shadow static +syslog zlib"
-
-LIB_DEPEND="zlib? ( sys-libs/zlib[static-libs(+)] )
-	dev-libs/libtomcrypt[static-libs(+)]
-	dev-libs/libtommath[static-libs(+)]"
-RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
-	pam? ( virtual/pam )"
-DEPEND="${RDEPEND}
-	static? ( ${LIB_DEPEND} )"
-RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )"
-
-REQUIRED_USE="pam? ( !static )"
-
-set_options() {
-	progs=(
-		dropbear dbclient dropbearkey
-		$(usex minimal "" "dropbearconvert scp")
-	)
-	makeopts=(
-		MULTI=$(usex multicall 1 0)
-		STATIC=$(usex static 1 0)
-	)
-}
-
-src_prepare() {
-	epatch "${FILESDIR}"/${PN}-0.46-dbscp.patch
-	rm -fr libtomcrypt || die
-	rm -fr libtommath || die
-	sed \
-		-e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \
-		default_options.h > localoptions.h || die
-	sed -i \
-		-e '/pam_start/s:sshd:dropbear:' \
-		svr-authpam.c || die
-	restore_config localoptions.h
-}
-
-src_configure() {
-	# We disable the hardening flags as our compiler already enables them
-	# by default as is appropriate for the target.
-	econf \
-		--disable-harden \
-		--disable-bundled-libtom \
-		$(use_enable zlib) \
-		$(use_enable pam) \
-		$(use_enable !bsdpty openpty) \
-		$(use_enable shadow) \
-		$(use_enable syslog)
-}
-
-src_compile() {
-	set_options
-	emake "${makeopts[@]}" PROGRAMS="${progs[*]}"
-}
-
-src_install() {
-	set_options
-	emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install
-	doman *.8
-	newinitd "${FILESDIR}"/dropbear.init.d dropbear
-	newconfd "${FILESDIR}"/dropbear.conf.d dropbear
-	dodoc CHANGES README SMALL MULTI
-
-	# The multi install target does not install the links right.
-	if use multicall ; then
-		cd "${ED}"/usr/bin
-		local x
-		for x in "${progs[@]}" ; do
-			ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti to ${x} failed"
-		done
-		rm -f dropbear
-		dodir /usr/sbin
-		dosym ../bin/dropbearmulti /usr/sbin/dropbear
-		cd "${S}"
-	fi
-	save_config localoptions.h
-
-	if ! use minimal ; then
-		mv "${ED}"/usr/bin/{,db}scp || die
-	fi
-
-	pamd_mimic system-remote-login dropbear auth account password session
-}
-
-pkg_preinst() {
-	enewgroup sshd 22
-	enewuser sshd 22 -1 /var/empty sshd
-}
diff --git a/net-misc/dropbear/files/dropbear-openssh-CVE-2018-20685.patch b/net-misc/dropbear/files/dropbear-openssh-CVE-2018-20685.patch
@@ -0,0 +1,14 @@
+diff --git a/scp.c b/scp.c
+index 742ae00..7b8e7d2 100644
+--- a/scp.c
++++ b/scp.c
+@@ -935,7 +935,8 @@ sink(int argc, char **argv)
+ 			size = size * 10 + (*cp++ - '0');
+ 		if (*cp++ != ' ')
+ 			SCREWUP("size not delimited");
+-		if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++		if (*cp == '\0' || strchr(cp, '/') != NULL ||
++		    strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ 			run_err("error: unexpected filename: %s", cp);
+ 			exit(1);
+ 		}

A	net-misc/dropbear/dropbear-2018.76-r1.ebuild	104	+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
D	net-misc/dropbear/dropbear-2018.76.ebuild	103	-------------------------------------------------------------------------------
A	net-misc/dropbear/files/dropbear-openssh-CVE-2018-20685.patch	14	++++++++++++++