dropbear: cherry-pick upstream patches

critical fixes:
- libtommath: possible integer overflow (CVE-2023-36328)
- implement Strict KEX mode (CVE-2023-48795)

various fixes:
- fix DROPBEAR_DSS and DROPBEAR_RSA config options
- y2038 issues
- remove SO_LINGER socket option
- make banner reading failure non-fatal
- fix "noremotetcp" behavior
- don't try to shutdown a pty
- fix test for multiuser kernels

adds new features:
- option to bind to interface
- allow inetd with non-syslog
- ignore unsupported command line options with dropbearkey

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>

1 files changed, 27 insertions, 0 deletions

diff --git a/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch b/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch
new file mode 100644
index 00000000000..e1538a4c1f7
--- /dev/null
+++ b/package/network/services/dropbear/patches/009-use-write-rather-than-fprintf-in-segv-handler.patch
@@ -0,0 +1,27 @@
+From 3292b8c6f1e5fcc405fa0f7a20e90a60f74037b2 Mon Sep 17 00:00:00 2001
+From: Matt Johnston <matt@ucc.asn.au>
+Date: Sun, 12 Feb 2023 23:00:00 +0800
+Subject: Use write() rather than fprintf() in segv handler
+
+fprintf isn't guaranteed safe (though hasn't had any problems reported).
+---
+ svr-main.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+--- a/svr-main.c
++++ b/svr-main.c
+@@ -420,8 +420,12 @@ static void sigchld_handler(int UNUSED(u
+ 
+ /* catch any segvs */
+ static void sigsegv_handler(int UNUSED(unused)) {
+-	fprintf(stderr, "Aiee, segfault! You should probably report "
+-			"this as a bug to the developer\n");
++	int i;
++	const char *msg = "Aiee, segfault! You should probably report "
++			"this as a bug to the developer\n";
++	i = write(STDERR_FILENO, msg, strlen(msg));
++	/* ignore short writes */
++	(void)i;
+ 	_exit(EXIT_FAILURE);
+ }
+