aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/dropbear
Commit message (Collapse)AuthorAgeFilesLines
* dropbear: security update to 2016.74Jo-Philipp Wich2016-08-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dropbear: update to 2016.73Jo-Philipp Wich2016-06-206-28/+18
| | | | | | | | | | | | | Update the dropbear package to version 2016.73, refresh patches. The measured .ipk sizes on an x86_64 build are: 94588 dropbear_2015.71-3_x86_64.ipk 95316 dropbear_2016.73-1_x86_64.ipk This is an increase of roughly 700 bytes after compression. Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dropbear: Make utmp and putuline support configurable via seperate config ↵Luka Perkov2016-06-192-3/+17
| | | | | | | | | | | options Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox) Putuline support will use the utmp structure to write to the utmp file Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49333 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: Add procd interface triggers when interface config is specifiedJohn Crispin2016-06-192-2/+22
| | | | | | | | | | | A dropbear instance having an interface config won't start if the interface is down as no IP address is available. Adding interface triggers for each configured interface executing the dropbear reload script will start the dropbear instance when the interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@49272 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: honor CONFIG_TARGET_INIT_PATHJo-Philipp Wich2016-02-082-6/+17
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48679 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update version to 2015.71Felix Fietkau2016-01-155-10/+10
| | | | | | | | | Update dropbear to version 2015.71, released on 3 Dec 2015. Refresh patches. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48243 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: enable curve25519 support by default, increases compressed binary ↵Felix Fietkau2016-01-101-1/+1
| | | | | | | | size by ~5 kb Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48196 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: split out curve25519 support into a separate config optionFelix Fietkau2016-01-102-4/+19
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@48195 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: add respawn param in case dropbear crashesFelix Fietkau2015-09-241-0/+1
| | | | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@47033 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: remove generation and configuration of DSS keysSteven Barth2015-09-082-9/+4
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46815 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: disable 3des, cbc mode, dss support, saves about 5k gzippedFelix Fietkau2015-09-081-1/+20
| | | | | | | | | While technically required by the RFC, they are usually completely unused (DSA), or have security issues (3DES, CBC) Signed-off-by: Felix Fietkau <nbd@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46814 3c298f89-4303-0410-b956-a3cf2f4a3e73
* Disable telnet in favor of passwordless SSHSteven Barth2015-09-074-1/+41
| | | | | | | | | | This enables passworldless login for root via SSH whenever no root password is set (e.g. after reset, flashing without keeping config or in failsafe) and removes telnet support alltogether. Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46809 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: bump to 2015.68Steven Barth2015-09-027-12/+12
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@46769 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update to 2015.67Steven Barth2015-04-187-414/+16
| | | | | | | | | | | fixes dbclient login into OpenSSH 6.8p1 error: "Bad hostkey signature" reported on irc, replicated with Arch Linux Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45493 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package/*: replace occurences of 'ln -sf' to '$(LN)'Nicolas Thill2014-11-061-5/+5
| | | | | | Signed-off-by: Nicolas Thill <nico@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@43205 3c298f89-4303-0410-b956-a3cf2f4a3e73
* scripts: fix wrong usage of '==' operatorJohn Crispin2014-10-141-1/+1
| | | | | | | | | | | | | | [base-files] shell-scripting: fix wrong usage of '==' operator normally the '==' is used for invoking a regex parser and is a bashism. all of the fixes just want to compare a string. the used busybox-ash will silently "ignore" this mistake, but make it portable/clean at least. this patch does not change the behavior/logic of the scripts. Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42911 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: ensure the interface has an ip-addressSteven Barth2014-10-091-11/+12
| | | | | | | | | | | | Use network_get_ipaddrs_all to get all ip-addresses of an interface. If the function fails, the interface does not exists or has not any suiteable ip addresses assigned. Use the returned ip-address(es) to construct the dropbear listen address. Signed-off-by: Mathias Kresin <openwrt@kresin.me> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42857 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: add mdns support to the init.d scriptJohn Crispin2014-08-291-2/+5
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42326 3c298f89-4303-0410-b956-a3cf2f4a3e73
* package/*: remove useless explicit set of function returncodeJohn Crispin2014-08-251-1/+0
| | | | | | | | | | | | | | | | | | | | | | somebody started to set a function returncode in the validation stuff and everybody copies it, e.g. myfunction() { fire_command return $? } a function automatically returns with the last returncode, so we can safely remove the command 'return $?'. reference: http://tldp.org/LDP/abs/html/exit-status.html "The last command executed in the function or script determines the exit status." Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42278 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: restore performance by disabling mips16Jonas Gorski2014-08-211-1/+2
| | | | | | | | | | | | Disable MIPS16 to prevent it negatively affecting performance. Observed was a increase of connection delay from ~6 to ~11 seconds and a reduction of scp speed from 1.1MB/s to 710kB/s on brcm63xx. Fixes #15209. Signed-off-by: Jonas Gorski <jogo@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42250 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: fix keepalive moreJonas Gorski2014-08-211-0/+333
| | | | | | | | | | | Add a further upstream commit to more closely match the keepalive to OpenSSH. Should now really fix #17523. Signed-off-by: Jonas Gorski <jogo@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42249 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: fix keepalive with puttyJonas Gorski2014-08-131-0/+58
| | | | | | | | | | | Don't send SSH_MSG_UNIMPLEMENTED for keepalive responses, which broke at least putty. Fixes #17522 / #17523. Signed-off-by: Jonas Gorski <jogo@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42162 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update to 2014.65Steven Barth2014-08-115-10/+10
| | | | | | Signed-off-by: Steven Barth <steven@midlink.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@42131 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: make missing variables localJohn Crispin2014-06-021-1/+1
| | | | | | Signed-off-by: Reiner Herrmann <reiner@reiner-h.de> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40914 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: move options.h editing to Build/ConfigureFelix Fietkau2014-03-291-3/+3
| | | | | | | | | fixes incremental build with change to CONFIG_DROPBEAR_ECC drop --with-shared which is unknown to configure Patch by Catalin Patulea <cat@vv.carleton.ca> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40300 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: add options SSHKeepAlive and IdleTimeout.Felix Fietkau2014-03-291-1/+5
| | | | | | | | | | | | | | | | Without timeout mechanism, if ssh client disconnected without sending FIN or RST, forked dropbear servers would hang there for KEX_RETRY_TIMEOUT seconds (8 hours). TCP keepalive is not implemented in dropbear yet, thus the name SSHKeepAlive. 300 seconds in this patch is selected from the default value of ServerAliveInterval for Debian ssh client (See man ssh_config). Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40299 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: fix interface config settingFelix Fietkau2014-03-291-2/+2
| | | | | | Patch from #15070 git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40298 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update to 2014.63Felix Fietkau2014-03-297-52/+61
| | | | | | | | | | | | | | | | | Upstream changelog: https://matt.ucc.asn.au/dropbear/CHANGES This adds elliptic curve cryptography (ECC) support as an option, disabled by default. dropbear mips 34kc uClibc binary size: before: 161,672 bytes after, without ECC (default): 164,968 after, with ECC: 198,008 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@40297 3c298f89-4303-0410-b956-a3cf2f4a3e73
* procd: fixup 2 wrong option typesJohn Crispin2013-11-131-1/+1
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38789 3c298f89-4303-0410-b956-a3cf2f4a3e73
* procd: convert services to the new validation apiJohn Crispin2013-11-131-58/+51
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38787 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: add dropbear.nl mirror, provided by dropbear maintainerJo-Philipp Wich2013-10-151-1/+2
| | | | | | Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38413 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update to 2013.59 (released 4 october 2013)Jo-Philipp Wich2013-10-108-38/+22
| | | | | | | | | | | - drop mirror www.mirrors.wiretapped.net (not working anymore) - drop patch 300-ipv6_addr_port_split.patch, included upstream - refresh patches - various upstream changes: http://matt.ucc.asn.au/dropbear/CHANGES Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38356 3c298f89-4303-0410-b956-a3cf2f4a3e73
* [package] fix various init scriptsLuka Perkov2013-09-231-2/+1
| | | | | | | | | | | | Changes include: * removing unused variables * replacing spaces with tabs where appropriate * more consistency with variable declarations Signed-off-by: Luka Perkov <luka@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38142 3c298f89-4303-0410-b956-a3cf2f4a3e73
* procd: convert various packages to procd style init.d scriptsJohn Crispin2013-09-171-1/+1
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@38023 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: register a config.change triggerJohn Crispin2013-07-111-0/+5
| | | | | | Signed-off-by: John Crispin <blogic@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@37245 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: convert init script to procdFelix Fietkau2012-12-221-37/+21
| | | | git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34867 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: use network_get_device instead of scan_interfaces to get the ↵Felix Fietkau2012-12-221-3/+4
| | | | | | device name git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34863 3c298f89-4303-0410-b956-a3cf2f4a3e73
* dropbear: update to 2012.55 and refresh patchesFlorian Fainelli2012-12-045-104/+10
| | | | | | | | | | | | | | | | | Upstream has a few code cleanups, more eagerly burns sensitive memory and includes the fix for CVE-2012-0920. Full changelog: https://matt.ucc.asn.au/dropbear/CHANGES Local changes: - Removed PKG_MULTI which is no longer in options.h (even before 2011.54) - Merged DO_HOST_LOOKUP into 120-openwrt_options.patch - Removed LD from make opts (now included in TARGET_CONFIGURE_OPTS) - Removed 400-CVE-2012-0920.patch which is included in 2012.55 Signed-off-by: Catalin Patulea <cat@vv.carleton.ca> Signed-off-by: Florian Fainelli <florian@openwrt.org> git-svn-id: svn://svn.openwrt.org/openwrt/trunk@34496 3c298f89-4303-0410-b956-a3cf2f4a3e73
* licensing: Add licensing metadata to many packagesHamish Guthrie2012-10-191-0/+3
| | | | | | | | | | | | | | Two new variables are introduces to many packages, namely PKG_LICENSE and PKG_LICENSE_FILES - there may be more than one license applied to packages, and these are listed in the PKG_LICENSE variable and separated by spaces. All relevant license files are also added to the PKG_LICENSE_FILES variable, also space separated. The licensing metadata is put into the bin/<platform>/packages/Packages file for later parsing. A script for that is on it's way! git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33861 3c298f89-4303-0410-b956-a3cf2f4a3e73
* packages: sort network related packages into package/network/Felix Fietkau2012-10-1013-0/+677
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@33688 3c298f89-4303-0410-b956-a3cf2f4a3e73
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 05:11:06 +0000