dropbear: Bump to 2022.83

This commit is contained in:
Tee KOBAYASHI 2022-11-15 20:43:46 +09:00 committed by xtkoba
parent dfba43cbe8
commit 1f96f22189
4 changed files with 38 additions and 56 deletions

View File

@ -2,9 +2,9 @@ TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html
TERMUX_PKG_DESCRIPTION="Small SSH server and client"
TERMUX_PKG_LICENSE="MIT"
TERMUX_PKG_MAINTAINER="@termux"
TERMUX_PKG_VERSION=2022.82
TERMUX_PKG_VERSION=2022.83
TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2
TERMUX_PKG_SHA256=3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1
TERMUX_PKG_SHA256=bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b
TERMUX_PKG_DEPENDS="termux-auth, zlib"
TERMUX_PKG_SUGGESTS="openssh-sftp-server"
TERMUX_PKG_CONFLICTS="openssh"
@ -28,7 +28,7 @@ termux_step_create_debscripts() {
{
echo "#!$TERMUX_PREFIX/bin/sh"
echo "mkdir -p $TERMUX_PREFIX/etc/dropbear"
echo "for a in rsa dss ecdsa ed25519; do"
echo "for a in rsa ecdsa ed25519; do"
echo " KEYFILE=$TERMUX_PREFIX/etc/dropbear/dropbear_\${a}_host_key"
echo " test ! -f \$KEYFILE && dropbearkey -t \$a -f \$KEYFILE"
echo "done"

View File

@ -1,15 +1,6 @@
diff -uNr dropbear-2018.76/compat.c dropbear-2018.76.mod/compat.c
--- dropbear-2018.76/compat.c 2018-02-27 16:25:10.000000000 +0200
+++ dropbear-2018.76.mod/compat.c 2018-04-21 13:47:36.443738351 +0300
@@ -232,7 +232,7 @@
static char **initshells() {
/* don't touch this list. */
- static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
+ static const char *okshells[] = { "@TERMUX_PREFIX@/bin/sh", "@TERMUX_PREFIX@/bin/csh", NULL };
register char **sp, *cp;
register FILE *fp;
struct stat statb;
@@ -244,7 +244,7 @@
if (strings != NULL)
free(strings);

View File

@ -33,51 +33,19 @@ diff -u -r ../dropbear-2019.77/svr-authpasswd.c ./svr-authpasswd.c
/* check if client wants to change password */
changepw = buf_getbool(ses.payload);
@@ -65,47 +50,14 @@
@@ -65,6 +50,7 @@
}
password = buf_getstring(ses.payload, &passwordlen);
- if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) {
- /* the first bytes of passwdcrypt are the salt */
- passwdcrypt = ses.authstate.pw_passwd;
- testcrypt = crypt(password, passwdcrypt);
- }
- m_burn(password, passwordlen);
- m_free(password);
-
- /* After we have got the payload contents we can exit if the username
- is invalid. Invalid users have already been logged. */
- if (!valid_user) {
- send_msg_userauth_failure(0, 1);
- return;
- }
-
- if (passwordlen > DROPBEAR_MAX_PASSWORD_LEN) {
- dropbear_log(LOG_WARNING,
- "Too-long password attempt for '%s' from %s",
- ses.authstate.pw_name,
- svr_ses.addrstring);
- send_msg_userauth_failure(0, 1);
- return;
- }
-
- if (testcrypt == NULL) {
- /* crypt() with an invalid salt like "!!" */
- dropbear_log(LOG_WARNING, "User account '%s' is locked",
- ses.authstate.pw_name);
- send_msg_userauth_failure(0, 1);
- return;
- }
-
- /* check for empty password */
- if (passwdcrypt[0] == '\0') {
- dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
- ses.authstate.pw_name);
- send_msg_userauth_failure(0, 1);
- return;
- }
+#ifndef __ANDROID__
if (valid_user && passwordlen <= DROPBEAR_MAX_PASSWORD_LEN) {
/* the first bytes of passwdcrypt are the salt */
passwdcrypt = ses.authstate.pw_passwd;
@@ -106,6 +92,15 @@
}
- if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
+#else /* __ANDROID__ */
+ /* check if password is valid */
+ if (termux_auth(ses.authstate.pw_name, password)) {
+ if (!ses.authstate.pw_name) {
@ -85,6 +53,7 @@ diff -u -r ../dropbear-2019.77/svr-authpasswd.c ./svr-authpasswd.c
+ send_msg_userauth_failure(0, 1);
+ return;
+ }
/* successful authentication */
dropbear_log(LOG_NOTICE,
"Password auth succeeded for '%s' from %s",
+#endif /* __ANDROID__ */
if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PASSWORD)) {
/* successful password authentication, but extra auth required */
dropbear_log(LOG_NOTICE,

View File

@ -10,6 +10,15 @@ diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h
#define DROPBEAR_ESCAPE_CHAR '~'
@@ -85,7 +85,7 @@
-DCOMPAT_USER_SHELLS='"/bin/sh","/apps/bin/sh","/data/bin/zsh"'
*/
#ifndef COMPAT_USER_SHELLS
-#define COMPAT_USER_SHELLS "/bin/sh","/bin/csh"
+#define COMPAT_USER_SHELLS "@TERMUX_PREFIX@/bin/sh","@TERMUX_PREFIX@/bin/csh"
#endif
#define DROPBEAR_ESCAPE_CHAR '~'
@@ -233,10 +233,6 @@
#error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?"
#endif
@ -21,3 +30,16 @@ diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h
#if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH)
#error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended."
#endif
@@ -382,10 +378,12 @@
#define DROPBEAR_MULTI 0
#endif
+#ifndef __ANDROID__
/* Fuzzing expects all key types to be enabled */
#if defined(DROPBEAR_DSS)
#undef DROPBEAR_DSS
#endif
#define DROPBEAR_DSS 1
+#endif
/* no include guard for this file */