dropbear: update to 2017.75 Changes: - Security: Fix double-free in server TCP listener cleanup A double-free in the server could be triggered by an authenticated user if dropbear is running with -a (Allow connections to forwarded ports from any host) This could potentially allow arbitrary code execution as root by an authenticated user. Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. Dropbear parsed authorized_keys as root, even if it were a symlink. The fix is to switch to user permissions when opening authorized_keys A user could symlink their ~/.ssh/authorized_keys to a root-owned file they couldn't normally read. If they managed to get that file to contain valid authorized_keys with command= options it might be possible to read other contents of that file. This information disclosure is to an already authenticated user. Thanks to Jann Horn of Google Project Zero for reporting this. CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync. Thanks to Andrei Gherzan for a patch. - Fix out of tree builds with bundled libtom Thanks to Henrik Nordstræ—¦m and Peter Krefting for patches.diff -r1.33 -r1.34 pkgsrc/security/dropbear/Makefile
(snj)
| @@ -1,16 +1,16 @@ | @@ -1,16 +1,16 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.33 2017/09/23 20:14:57 wiedi Exp $ | 1 | # $NetBSD: Makefile,v 1.34 2017/11/09 19:00:25 snj Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= dropbear-2016.74 | 3 | DISTNAME= dropbear-2017.75 | |
| 4 | CATEGORIES= security | 4 | CATEGORIES= security | |
| 5 | MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/ | 5 | MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/ | |
| 6 | EXTRACT_SUFX= .tar.bz2 | 6 | EXTRACT_SUFX= .tar.bz2 | |
| 7 | 7 | |||
| 8 | MAINTAINER= snj@NetBSD.org | 8 | MAINTAINER= snj@NetBSD.org | |
| 9 | HOMEPAGE= http://matt.ucc.asn.au/dropbear/dropbear.html | 9 | HOMEPAGE= http://matt.ucc.asn.au/dropbear/dropbear.html | |
| 10 | COMMENT= Small SSH2 server and client, aimed at embedded market | 10 | COMMENT= Small SSH2 server and client, aimed at embedded market | |
| 11 | LICENSE= modified-bsd | 11 | LICENSE= modified-bsd | |
| 12 | 12 | |||
| 13 | GNU_CONFIGURE= yes | 13 | GNU_CONFIGURE= yes | |
| 14 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} --disable-bundled-libtom | 14 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} --disable-bundled-libtom | |
| 15 | USE_TOOLS+= gmake | 15 | USE_TOOLS+= gmake | |
| 16 | 16 |
| @@ -1,9 +1,9 @@ | @@ -1,9 +1,9 @@ | |||
| 1 | $NetBSD: distinfo,v 1.24 2017/05/16 21:54:21 snj Exp $ | 1 | $NetBSD: distinfo,v 1.25 2017/11/09 19:00:25 snj Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (dropbear-2016.74.tar.bz2) = 92483315a112c862667c3e90af854a52dab09a12 | 3 | SHA1 (dropbear-2017.75.tar.bz2) = c30c64dda9db228592e3a97313078ca71d9d283f | |
| 4 | RMD160 (dropbear-2016.74.tar.bz2) = ec0a5a45ce3f636ac25e8f1170aa75cc79cafe12 | 4 | RMD160 (dropbear-2017.75.tar.bz2) = 4ad8fafe8a5dd30066bec27af66a8e98bd6db7ed | |
| 5 | SHA512 (dropbear-2016.74.tar.bz2) = c0f4ea7840077b8302b48e27b5b588a4babac6583740dfdb845c40f633aa3ec96174d1d2ade81d2c3e23ea99b75e906312c512d8c7580e6e4105b2dbd37e5e22 | 5 | SHA512 (dropbear-2017.75.tar.bz2) = 9c2f2a5e718339f83abc0ad7719bda12bfc75e5bcb87a7c0eec0afefc743e5c0a1575d290d5fde152ff2100b0f0e6fd5ef4431f7bbcb5ca9a332d93c20f5a8f4 | |
| 6 | Size (dropbear-2016.74.tar.bz2) = 1622234 bytes | 6 | Size (dropbear-2017.75.tar.bz2) = 1623392 bytes | |
| 7 | SHA1 (patch-aa) = d23b69458c54933a4cafa6146ca2167c80453523 | 7 | SHA1 (patch-aa) = d23b69458c54933a4cafa6146ca2167c80453523 | |
| 8 | SHA1 (patch-ab) = 8595e4c65d8aa78c8d34af70619ced02f807e77b | 8 | SHA1 (patch-ab) = 8595e4c65d8aa78c8d34af70619ced02f807e77b | |
| 9 | SHA1 (patch-configure) = 95c82b951d16a5cca92a3d4d7ef67b7eb5f47540 | 9 | SHA1 (patch-configure) = 95c82b951d16a5cca92a3d4d7ef67b7eb5f47540 |