dropbear: Bump to 2022.83
This commit is contained in:
parent
dfba43cbe8
commit
1f96f22189
|
@ -2,9 +2,9 @@ TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html
|
|||
TERMUX_PKG_DESCRIPTION="Small SSH server and client"
|
||||
TERMUX_PKG_LICENSE="MIT"
|
||||
TERMUX_PKG_MAINTAINER="@termux"
|
||||
TERMUX_PKG_VERSION=2022.82
|
||||
TERMUX_PKG_VERSION=2022.83
|
||||
TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2
|
||||
TERMUX_PKG_SHA256=3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1
|
||||
TERMUX_PKG_SHA256=bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b
|
||||
TERMUX_PKG_DEPENDS="termux-auth, zlib"
|
||||
TERMUX_PKG_SUGGESTS="openssh-sftp-server"
|
||||
TERMUX_PKG_CONFLICTS="openssh"
|
||||
|
@ -28,7 +28,7 @@ termux_step_create_debscripts() {
|
|||
{
|
||||
echo "#!$TERMUX_PREFIX/bin/sh"
|
||||
echo "mkdir -p $TERMUX_PREFIX/etc/dropbear"
|
||||
echo "for a in rsa dss ecdsa ed25519; do"
|
||||
echo "for a in rsa ecdsa ed25519; do"
|
||||
echo " KEYFILE=$TERMUX_PREFIX/etc/dropbear/dropbear_\${a}_host_key"
|
||||
echo " test ! -f \$KEYFILE && dropbearkey -t \$a -f \$KEYFILE"
|
||||
echo "done"
|
||||
|
|
|
@ -1,15 +1,6 @@
|
|||
diff -uNr dropbear-2018.76/compat.c dropbear-2018.76.mod/compat.c
|
||||
--- dropbear-2018.76/compat.c 2018-02-27 16:25:10.000000000 +0200
|
||||
+++ dropbear-2018.76.mod/compat.c 2018-04-21 13:47:36.443738351 +0300
|
||||
@@ -232,7 +232,7 @@
|
||||
|
||||
static char **initshells() {
|
||||
/* don't touch this list. */
|
||||
- static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
|
||||
+ static const char *okshells[] = { "@TERMUX_PREFIX@/bin/sh", "@TERMUX_PREFIX@/bin/csh", NULL };
|
||||
register char **sp, *cp;
|
||||
register FILE *fp;
|
||||
struct stat statb;
|
||||
@@ -244,7 +244,7 @@
|
||||
if (strings != NULL)
|
||||
free(strings);
|
||||
|
|
|
@ -33,51 +33,19 @@ diff -u -r ../dropbear-2019.77/svr-authpasswd.c ./svr-authpasswd.c
|
|||
|
||||
/* check if client wants to change password */
|
||||
changepw = buf_getbool(ses.payload);
|
||||
@@ -65,47 +50,14 @@
|
||||
@@ -65,6 +50,7 @@
|
||||
}
|
||||
|
||||
password = buf_getstring(ses.payload, &passwordlen);
|
||||
- if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) {
|
||||
- /* the first bytes of passwdcrypt are the salt */
|
||||
- passwdcrypt = ses.authstate.pw_passwd;
|
||||
- testcrypt = crypt(password, passwdcrypt);
|
||||
- }
|
||||
- m_burn(password, passwordlen);
|
||||
- m_free(password);
|
||||
-
|
||||
- /* After we have got the payload contents we can exit if the username
|
||||
- is invalid. Invalid users have already been logged. */
|
||||
- if (!valid_user) {
|
||||
- send_msg_userauth_failure(0, 1);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) {
|
||||
- dropbear_log(LOG_WARNING,
|
||||
- "Too-long password attempt for '%s' from %s",
|
||||
- ses.authstate.pw_name,
|
||||
- svr_ses.addrstring);
|
||||
- send_msg_userauth_failure(0, 1);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- if (testcrypt == NULL) {
|
||||
- /* crypt() with an invalid salt like "!!" */
|
||||
- dropbear_log(LOG_WARNING, "User account '%s' is locked",
|
||||
- ses.authstate.pw_name);
|
||||
- send_msg_userauth_failure(0, 1);
|
||||
- return;
|
||||
- }
|
||||
-
|
||||
- /* check for empty password */
|
||||
- if (passwdcrypt[0] == '\0') {
|
||||
- dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
|
||||
- ses.authstate.pw_name);
|
||||
- send_msg_userauth_failure(0, 1);
|
||||
- return;
|
||||
- }
|
||||
+#ifndef __ANDROID__
|
||||
if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) {
|
||||
/* the first bytes of passwdcrypt are the salt */
|
||||
passwdcrypt = ses.authstate.pw_passwd;
|
||||
@@ -106,6 +92,15 @@
|
||||
}
|
||||
|
||||
- if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
|
||||
if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
|
||||
+#else /* __ANDROID__ */
|
||||
+ /* check if password is valid */
|
||||
+ if (termux_auth(ses.authstate.pw_name, password)) {
|
||||
+ if (!ses.authstate.pw_name) {
|
||||
|
@ -85,6 +53,7 @@ diff -u -r ../dropbear-2019.77/svr-authpasswd.c ./svr-authpasswd.c
|
|||
+ send_msg_userauth_failure(0, 1);
|
||||
+ return;
|
||||
+ }
|
||||
/* successful authentication */
|
||||
dropbear_log(LOG_NOTICE,
|
||||
"Password auth succeeded for '%s' from %s",
|
||||
+#endif /* __ANDROID__ */
|
||||
if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PASSWORD)) {
|
||||
/* successful password authentication, but extra auth required */
|
||||
dropbear_log(LOG_NOTICE,
|
||||
|
|
|
@ -10,6 +10,15 @@ diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h
|
|||
|
||||
#define DROPBEAR_ESCAPE_CHAR '~'
|
||||
|
||||
@@ -85,7 +85,7 @@
|
||||
-DCOMPAT_USER_SHELLS='"/bin/sh","/apps/bin/sh","/data/bin/zsh"'
|
||||
*/
|
||||
#ifndef COMPAT_USER_SHELLS
|
||||
-#define COMPAT_USER_SHELLS "/bin/sh","/bin/csh"
|
||||
+#define COMPAT_USER_SHELLS "@TERMUX_PREFIX@/bin/sh","@TERMUX_PREFIX@/bin/csh"
|
||||
#endif
|
||||
|
||||
#define DROPBEAR_ESCAPE_CHAR '~'
|
||||
@@ -233,10 +233,6 @@
|
||||
#error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
|
||||
#endif
|
||||
|
@ -21,3 +30,16 @@ diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h
|
|||
#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
|
||||
#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
|
||||
#endif
|
||||
@@ -382,10 +378,12 @@
|
||||
#define DROPBEAR_MULTI 0
|
||||
#endif
|
||||
|
||||
+#ifndef __ANDROID__
|
||||
/* Fuzzing expects all key types to be enabled */
|
||||
#if defined(DROPBEAR_DSS)
|
||||
#undef DROPBEAR_DSS
|
||||
#endif
|
||||
#define DROPBEAR_DSS 1
|
||||
+#endif
|
||||
|
||||
/* no include guard for this file */
|
||||
|
|
Loading…
Reference in New Issue