aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/dropbear
Commit message (Collapse)AuthorAgeFilesLines
* dropbear: allow build without dbclientRosy Song2019-04-182-4/+9
| | | | | | This can save ~16KBytes size for the ipk Signed-off-by: Rosy Song <rosysong@rosinson.com>
* dropbear: bump to 2019.78Hans Dedecker2019-04-072-48/+2
| | | | | | | | | | Fix dbclient regression in 2019.77. After exiting the terminal would be left in a bad state. Reported by Ryan Woodsmall drop patch applied upstream: 010-tty-modes-werent-reset-for-client.patch Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: split ECC support to basic and fullKonstantin Demin2019-03-252-8/+31
| | | | | | | | | | - limit ECC support to ec*-sha2-nistp256: * DROPBEAR_ECC now provides only basic support for ECC - provide full ECC support as an option: * DROPBEAR_ECC_FULL brings back support for ec{dh,dsa}-sha2-nistp{384,521} - update feature costs in binary size Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: rewrite init script startup logic to handle both host key filesKonstantin Demin2019-03-251-24/+38
| | | | Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: change type of config option "Port" to scalar type "port"Konstantin Demin2019-03-251-1/+1
| | | | | | it was never used anywhere, even LuCI works with "Port" as scalar type. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: introduce config option "keyfile" (replacement for "rsakeyfile")Konstantin Demin2019-03-251-1/+56
| | | | | | | | | | | | * option "keyfile" is more generic than "rsakeyfile". * option "rsakeyfile" is considered to be deprecated and should be removed in future releases. * warn user (in syslog) if option "rsakeyfile" is used * better check options ("rsakeyfile" and "keyfile"): don't append "-r keyfile" to command line if file is absent (doesn't exist or empty), warn user (in syslog) about such files Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: add initial support for ECC host keyKonstantin Demin2019-03-251-0/+2
| | | | Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: fix regression where TTY modes weren't reset for clientKonstantin Demin2019-03-251-0/+46
| | | | | | cherry-pick upstream commit 7bc6280613f5ab4ee86c14c779739070e5784dfe Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: honour CFLAGS while building bundled libtomcrypt/libtommathKonstantin Demin2019-03-251-0/+48
| | | | | | | | Felix Fietkau pointed out that bundled libtomcrypt/libtommath do funny stuff with CFLAGS. fix this with checking environment variable OPENWRT_BUILD in both libs. change in dropbear binary size is drastical: 221621 -> 164277. Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: fix hardening flags during configureKonstantin Demin2019-03-251-0/+56
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | compiler complains about messed up CFLAGS in build log: <command-line>: warning: "_FORTIFY_SOURCE" redefined <command-line>: note: this is the location of the previous definition and then linker fails: mips-openwrt-linux-musl-gcc [...] -o dropbearmulti [...] collect2: fatal error: ld terminated with signal 11 [Segmentation fault] compilation terminated. /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans0.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans1.ltrans.o: relocation R_MIPS_HI16 against `ses' can not be used when making a shared object; recompile with -fPIC /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: /tmp/cc27zORz.ltrans2.ltrans.o: relocation R_MIPS_HI16 against `cipher_descriptor' can not be used when making a shared object; recompile with -fPIC /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550 [...] /staging_dir/toolchain-mips_24kc_gcc-8.2.0_musl/mips-openwrt-linux-musl/bin/ld: BFD (GNU Binutils) 2.31.1 assertion fail elfxx-mips.c:6550 make[3]: *** [Makefile:198: dropbearmulti] Error 1 make[3]: *** Deleting file 'dropbearmulti' make[3]: Leaving directory '/build_dir/target-mips_24kc_musl/dropbear-2018.76' make[2]: *** [Makefile:158: /build_dir/target-mips_24kc_musl/dropbear-2018.76/.built] Error 2 make[2]: Leaving directory '/package/network/services/dropbear' This FTBFS issue was caused by hardening flags set up by dropbear's configure script. By default, Dropbear offers hardening via CFLAGS and LDFLAGS, but this may break or confuse OpenWrt settings. Remove most Dropbear's hardening settings in favour of precise build, but preserve Spectre v2 mitigations: * -mfunction-return=thunk * -mindirect-branch=thunk Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: bump to 2019.77Konstantin Demin2019-03-2512-517/+52
| | | | | | | | | | | | | - drop patches applied upstream: * 010-runtime-maxauthtries.patch * 020-Wait-to-fail-invalid-usernames.patch * 150-dbconvert_standalone.patch * 610-skip-default-keys-in-custom-runs.patch - refresh patches - move OpenWrt configuration from patch to Build/Configure recipe, thus drop patch 120-openwrt_options.patch Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* procd: Add wrapper for uci_validate_section()Jeffery To2019-01-221-7/+4
| | | | | | | | | | | | | | | | | This adds a wrapper (uci_load_validate) for uci_validate_section() that allows callers (through a callback function) to access the values set by uci_validate_section(), without having to manually declare a (potentially long) list of local variables. The callback function receives two arguments when called, the config section name and the return value of uci_validate_section(). If no callback function is given, then the wrapper exits with the value returned by uci_validate_section(). This also updates several init scripts to use the new wrapper function. Signed-off-by: Jeffery To <jeffery.to@gmail.com>
* dropbear: fix dropbear startup issueHans Dedecker2018-12-182-2/+10
| | | | | | | | | | | | | | | Interface triggers are installed by the dropbear init script in case an interface is configured for a given dropbear uci section. As dropbear is started after network the interface trigger event can be missed during a small window; this is especially the case if lan is specified as interface. Fix this by starting dropbear before network so no interface trigger is missed. As dropbear is started earlier than netifd add a boot function to avoid the usage of network.sh functions as call to such functions will fail at boottime. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> Acked-by: Jo-Philipp Wich <jo@mein.io>
* dropbear: Install /etc/config as 600Rosen Penev2018-09-191-3/+3
| | | | | | | | /etc/config/dropbear is used by the init script which only runs as root. Small whitespace change. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dropbear: backport upstream fix for CVE-2018-15599Hans Dedecker2018-08-243-3/+224
| | | | | | | | | | CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: close all active clients on shutdownChristian Schoenebeck2018-07-161-0/+5
| | | | | | | | | | | | | | | | | | | | Override the default shutdown action (stop) and close all processes of dropbear Since commit 498fe85, the stop action only closes the process that's listening for new connections, maintaining the ones with existing clients. This poses a problem when restarting or shutting-down a device, because the connections with existing SSH clients, like OpenSSH, are not properly closed, causing them to hang. This situation can be avoided by closing all dropbear processes when shutting-down the system, which closes properly the connections with current clients. Signed-off-by: Christian Schoenebeck <christian.schoenebeck@gmail.com> [Luis: Rework commit message] Signed-off-by: Luis Araneda <luaraneda@gmail.com>
* dropbear: compile with LTO enabledFelix Fietkau2018-07-132-2/+35
| | | | | | Reduces size of the .ipk on MIPS from 87k to 84k Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: let opkg manage symlinks of ssh, scpYousong Zhou2018-06-251-3/+5
| | | | Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
* dropbear: add option to set receive window sizeStijn Tintel2018-02-181-1/+4
| | | | | | | | | | | | | | | | | The default receive window size in dropbear is hardcoded to 24576 byte to limit memory usage. This value was chosen for 100Mbps networks, and limits the throughput of scp on faster networks. It also severely limits scp throughput on high-latency links. Add an option to set the receive window size so that people can improve performance without having to recompile dropbear. Setting the window size to the highest value supported by dropbear improves throughput from my build machine to an APU2 on the same LAN from 7MB/s to 7.9MB/s, and to an APU2 over a link with ~65ms latency from 320KB/s to 7.5MB/s. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: disable MD5 HMAC and switch to sha1 fingerprintsMartin Schiller2017-12-122-3/+5
| | | | | | | | | | | | As MD5 is known weak for many years and more and more penetration test tools complain about enabled MD5 HMAC I think it's time to drop it. By disabling the MD5 HMAC support dropbear will also automatically use SHA1 for fingerprints. This shouldn't be a problem too. Signed-off-by: Martin Schiller <ms@dev.tdt.de>
* add PKG_CPE_ID ids to package and toolsAlexander Couzens2017-11-171-0/+1
| | | | | | | | | | | CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
* dropbear: fix PKG_CONFIG_DEPENDSHans Dedecker2017-10-061-1/+4
| | | | | | Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: make ssh compression support configurableMarcin Jurkowski2017-09-282-3/+13
| | | | | | | | | Adds config option to enable compression support which is usefull when using a terminal sessions over a slow link. Impact on binary size is negligible but additional 60 kB (uncompressed) is needed for a shared zlib library. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
* Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin"John Crispin2017-08-311-3/+3
| | | | | | This reverts commit f7528ed0a8586434e18e9007b1bf0d05a18d6418. Signed-off-by: John Crispin <john@phrozen.org>
* dropbear: Link ssh and scp command to /bin instead of /usr/binRosen Penev2017-08-311-3/+3
| | | | | | | | ssh and scp commands interfere with OpenSSH when installed in /usr/bin . One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back. Signed-off-by: Rosen Penev <rosenp@gmail.com>
* dropbear: add option to set max auth triesStijn Tintel2017-06-282-2/+4
| | | | | | | Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: server support option '-T' max auth triesKevin Darbyshire-Bryant2017-06-282-2/+132
| | | | | | | | | | | | Add support for '-T n' for a run-time specification for maximum number of authentication attempts where 'n' is between 1 and compile time option MAX_AUTH_TRIES. A default number of tries can be specified at compile time using 'DEFAULT_AUTH_TRIES' which itself defaults to MAX_AUTH_TRIES for backwards compatibility. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dropbear: fix service trigger syntax errorKevin Darbyshire-Bryant2017-06-162-2/+2
| | | | | | The classic single '&' when double '&&' conditional was meant. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dropbear: bump to 2017.75Kevin Darbyshire-Bryant2017-05-212-17/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 Refresh patches, rework 100-pubkey_path.patch to work with new authorized_keys validation. Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
* dropbear: fix procd interface trigger installHans Dedecker2017-04-261-1/+3
| | | | | | | | Install procd interface triggers only for interfaces which are enabled so dropbear instances running on (an) enabled interface(s) are not restarted due to an interface trigger of an interface which is disabled. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: bump PKG_RELEASEStijn Tintel2017-02-171-1/+1
| | | | Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
* dropbear: enable SHA256 HMACsJoseph C. Sible2017-02-101-3/+2
| | | | | | | The only HMACs currently available use MD5 and SHA1, both of which have known weaknesses. We already compile in the SHA256 code since we use Curve25519 by default, so there's no significant size penalty to enabling this. Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
* build: use mkhash to replace various quirky md5sum/openssl callsFelix Fietkau2017-01-051-1/+1
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* treewide: clean up download hashesFelix Fietkau2016-12-161-1/+1
| | | | | | Replace *MD5SUM with *HASH, replace MD5 hashes with SHA256 Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: clean up default PATH handling in makefileDario Ernst2016-12-142-14/+2
| | | | | | | | Harmonise handling of DEFAULT_PATH by removing the patch introducing #ifndef guards around the path, and only using one means to set the path in the makefile. Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
* config: enable shadow passwords unconditionallyMatthias Schiffer2016-09-261-1/+0
| | | | | | | | | | | | | Configurations without shadow passwords have been broken since the removal of telnet: as the default entry in /etc/passwd is not empty (but rather unset), there will be no way to log onto such a system by default. As disabling shadow passwords is not useful anyways, remove this configuration option. The config symbol is kept (for a while), as packages from feeds depend on it. Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
* dropbear: hide dropbear versionKevin Darbyshire-Bryant2016-09-101-0/+4
| | | | | | | | | | | | As security precaution and to limit the attack surface based on the version reported by tools like nmap mask out the dropbear version so the version is not visible anymore by snooping on the wire. Version is still visible by 'dropbear -V' Based on a patch by Hans Dedecker <dedeckeh@gmail.com> Signed-off-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Felix Fietkau <nbd@nbd.name> [remove trailing _]
* dropbear: mdns flag is a bool, not integerKarl Palsson2016-09-051-1/+1
| | | | | | Effectively the same for most purposes, but more accurate. Signed-off-by: Karl Palsson <karlp@etactica.com>
* dropbear: security update to 2016.74Jo-Philipp Wich2016-08-121-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | - Security: Message printout was vulnerable to format string injection. If specific usernames including "%" symbols can be created on a system (validated by getpwnam()) then an attacker could run arbitrary code as root when connecting to Dropbear server. A dbclient user who can control username or host arguments could potentially run arbitrary code as the dbclient user. This could be a problem if scripts or webpages pass untrusted input to the dbclient program. - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as the local dropbearconvert user when parsing malicious key files - Security: dbclient could run arbitrary code as the local dbclient user if particular -m or -c arguments are provided. This could be an issue where dbclient is used in scripts. - Security: dbclient or dropbear server could expose process memory to the running user if compiled with DEBUG_TRACE and running with -v The security issues were reported by an anonymous researcher working with Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dropbear: remove procd_open_trigger/procd_close_trigger callsFelix Fietkau2016-07-291-2/+0
| | | | Signed-off-by: Felix Fietkau <nbd@nbd.name>
* dropbear: Fix incorrect CONFIG_TARGET_INIT_PATH.Dario Ernst2016-05-241-2/+2
| | | | | | | Fix a „semantic typo“ introduced in b78aae793e20e06defa1e75ab4d30dbb6807c139, where TARGET_INIT_PATH was used instead of CONFIG_TARGET_INIT_PATH. Signed-off-by: Dario Ernst <Dario.Ernst@riverbed.com>
* dropbear: update to 2016.73Jo-Philipp Wich2016-05-136-28/+18
| | | | | | | | | | | | | Update the dropbear package to version 2016.73, refresh patches. The measured .ipk sizes on an x86_64 build are: 94588 dropbear_2015.71-3_x86_64.ipk 95316 dropbear_2016.73-1_x86_64.ipk This is an increase of roughly 700 bytes after compression. Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk> Signed-off-by: Jo-Philipp Wich <jo@mein.io>
* dropbear: Add --disable-utmpx againHans Dedecker2016-05-121-0/+1
| | | | | | | The option --disable-utmpx was deleted by accident in commit 7545c1d; add it again to the CONFIGURE_ARGS list Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: Add procd interface triggers when interface config is specifiedHans Dedecker2016-04-282-2/+22
| | | | | | | | | A dropbear instance having an interface config won't start if the interface is down as no IP address is available. Adding interface triggers for each configured interface executing the dropbear reload script will start the dropbear instance when the interface is up. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: Make utmp and putuline support configurable via seperate config ↵Hans Dedecker2016-04-282-3/+17
| | | | | | | | | options Utmp support tracks who is currenlty logged in by logging info to the file /var/run/utmp (supported by busybox) Putuline support will use the utmp structure to write to the utmp file Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: honor CONFIG_TARGET_INIT_PATHJo-Philipp Wich2016-02-082-6/+17
| | | | | | Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> SVN-Revision: 48679
* dropbear: update version to 2015.71Felix Fietkau2016-01-155-10/+10
| | | | | | | | | Update dropbear to version 2015.71, released on 3 Dec 2015. Refresh patches. Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi> SVN-Revision: 48243
* dropbear: enable curve25519 support by default, increases compressed binary ↵Felix Fietkau2016-01-101-1/+1
| | | | | | | | size by ~5 kb Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48196
* dropbear: split out curve25519 support into a separate config optionFelix Fietkau2016-01-102-4/+19
| | | | | | Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48195
* dropbear: add respawn param in case dropbear crashesFelix Fietkau2015-09-241-0/+1
| | | | | | Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com> SVN-Revision: 47033