wok-current annotate dropbear/receipt @ rev 25734
Up rsync (CVE-2024-12084-88, CVE-2024-12747), xorg-server CVE-2024-9632, expat CVE-2024-50602, deps for webkit2gtk, up mesa 21.3.8, rework xorg proto, up get-LibreOffice/get-LibreOffice for x86_64
author | Stanislas Leduc <shann@slitaz.org> |
---|---|
date | Thu Jan 16 13:14:32 2025 +0000 (2 days ago) |
parents | 1f1c16803460 |
children |
rev | line source |
---|---|
pankso@126 | 1 # SliTaz package receipt. |
pankso@126 | 2 |
pankso@126 | 3 PACKAGE="dropbear" |
pascal@25498 | 4 VERSION="2022.83" |
pankso@209 | 5 CATEGORY="security" |
al@17992 | 6 SHORT_DESC="Lightweight SSH2 server and client" |
pankso@126 | 7 MAINTAINER="pascal.bellard@slitaz.org" |
pascal@14657 | 8 LICENSE="MIT" |
pankso@12689 | 9 TARBALL="$PACKAGE-$VERSION.tar.bz2" |
pascal@25421 | 10 WEB_SITE="https://github.com/mkj/dropbear" |
pascal@23881 | 11 WGET_URL="https://matt.ucc.asn.au/dropbear/releases/$TARBALL" |
pascal@23902 | 12 CONFIG_FILES="/etc/dropbear/banner" |
pascal@23902 | 13 SECRET_FILES="/etc/dropbear/*key" |
pankso@12839 | 14 SUGGESTED="sftp-server" |
pascal@4904 | 15 PROVIDE="ssh" |
jozee@4934 | 16 TAGS="ssh" |
shann@25728 | 17 HOST_ARCH="i486 arm x86_64" |
pankso@126 | 18 |
pankso@12689 | 19 DEPENDS="zlib" |
pankso@12689 | 20 BUILD_DEPENDS="zlib-dev pam pam-dev" |
pankso@12689 | 21 |
pankso@12839 | 22 # Handle multiarch compilation. |
pankso@12834 | 23 case "$ARCH" in |
pankso@12839 | 24 arm) |
pankso@12839 | 25 BUILD_DEPENDS="" |
pankso@12839 | 26 CROSS_ARGS="--disable-zlib" |
pankso@12839 | 27 CROSS_BUGS="Fails to find zlib: -lz... no" ;; |
pankso@12834 | 28 esac |
pankso@12834 | 29 |
pascal@25073 | 30 # What is the latest version available today? |
pascal@22822 | 31 current_version() |
pascal@22822 | 32 { |
pascal@22822 | 33 wget -O - $WEB_SITE 2>/dev/null | \ |
pascal@22822 | 34 sed "/tar/!d;s|.*$PACKAGE-\\(.*\\).tar.*\".*|\\1|;q" |
pascal@22822 | 35 } |
pascal@22822 | 36 |
pankso@126 | 37 # Rules to configure and make the package. |
pankso@126 | 38 compile_rules() |
pankso@126 | 39 { |
shann@25681 | 40 # CVE-2023-48795 |
shann@25681 | 41 patch -p1 < $stuff/CVE-2023-48795.patch |
shann@25681 | 42 |
pankso@126 | 43 local i |
pankso@126 | 44 local DROPBEARS |
pankso@126 | 45 DROPBEARS="dropbearkey dropbearconvert dbclient scp" |
pascal@20233 | 46 cat > localoptions.h <<EOT |
pascal@20233 | 47 #define SFTPSERVER_PATH "/usr/sbin/sftp-server" |
pascal@23872 | 48 #define DROPBEAR_X11FWD 1 |
pascal@20233 | 49 EOT |
shann@25681 | 50 sed -i 's|"SSH-2.0-dropbear_" DROPBEAR_VERSION|"SSH-2.0-dropbear"|' sysoptions.h |
pascal@25073 | 51 sed -i 's|DROPBEAR_CHANNEL_PRIO_INTERACTIVE|DROPBEAR_PRIO_LOWDELAY|' svr-x11fwd.c |
pascal@20234 | 52 sed -i 's|shell arch|shell uname -m|' libtommath/makefile_include.mk |
pankso@12839 | 53 ./configure --prefix=/usr --without-pam $CONFIGURE_ARGS $CROSS_ARGS && |
pankso@12834 | 54 make PROGRAMS="dropbear $DROPBEARS" MULTI=1 SCPPROGRESS=1 && |
slaxemulator@11100 | 55 install -d -m 755 $DESTDIR/usr/sbin && |
slaxemulator@11100 | 56 install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear && |
pankso@12834 | 57 chown 0.0 $DESTDIR/usr/sbin/dropbear || exit 1 |
pankso@12834 | 58 |
pankso@12834 | 59 # No pam support in ARM |
pankso@12834 | 60 case "$ARCH" in |
pankso@12834 | 61 arm) echo "Skipping Dropbear PAM..." ;; |
shann@25728 | 62 i?86|x86_64) |
pascal@20233 | 63 cat >> localoptions.h <<EOT |
pascal@20233 | 64 #define DROPBEAR_SVR_PASSWORD_AUTH 0 |
pascal@20233 | 65 #define DROPBEAR_SVR_PAM_AUTH 1 |
pascal@20233 | 66 EOT |
pankso@12834 | 67 ./configure --prefix=/usr --enable-pam $CONFIGURE_ARGS && |
pankso@12834 | 68 make PROGRAMS="dropbear $DROPBEARS" MULTI=1 SCPPROGRESS=1 && |
pankso@12834 | 69 install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear-pam && |
pankso@12834 | 70 chown 0.0 $DESTDIR/usr/sbin/dropbear-pam || exit 1 ;; |
pankso@12834 | 71 esac |
pankso@12834 | 72 |
slaxemulator@11100 | 73 install -d -m 755 $DESTDIR/usr/bin && |
pascal@1440 | 74 for i in $DROPBEARS ssh; do |
pankso@12834 | 75 ln -s ../sbin/dropbear $DESTDIR/usr/bin/$i || exit 1 |
pankso@126 | 76 done |
pascal@19369 | 77 install -d -m 755 $DESTDIR/usr/share/man/man1 && |
pascal@19371 | 78 install -m 644 $src/*.1 $DESTDIR/usr/share/man/man1 && |
pascal@19369 | 79 install -d -m 755 $DESTDIR/usr/share/man/man8 && |
pascal@19371 | 80 install -m 644 $src/*.8 $DESTDIR/usr/share/man/man8 && |
pascal@19369 | 81 install -d -m 755 $DESTDIR/usr/share/doc && |
pascal@19371 | 82 install -m 644 $src/[A-Z][A-Z]* $DESTDIR/usr/share/doc |
pankso@126 | 83 } |
pankso@126 | 84 |
pankso@126 | 85 # Rules to gen a SliTaz package suitable for Tazpkg. |
pankso@126 | 86 genpkg_rules() |
pankso@126 | 87 { |
pankso@126 | 88 mkdir -p $fs/usr |
pankso@12689 | 89 cp -a $install/usr/bin $fs/usr |
pankso@12689 | 90 cp -a $install/usr/sbin $fs/usr |
pascal@11595 | 91 rm -f $fs/usr/sbin/dropbear-pam |
pankso@126 | 92 # Config file and init script. |
pankso@126 | 93 mkdir -p $fs/etc |
slaxemulator@11100 | 94 cp -a $stuff/dropbear $fs/etc |
slaxemulator@11100 | 95 cp -a $stuff/init.d $fs/etc |
devl547@18881 | 96 ln -s daemon $fs/etc/init.d/sshd |
slaxemulator@11100 | 97 cp -a $stuff/sshx $fs/usr/bin |
pascal@14027 | 98 ln -s sshx $fs/usr/bin/pppssh |
pascal@18330 | 99 ln -s sshx $fs/usr/bin/sshfbvnc |
pascal@25498 | 100 touch $fs/etc/dropbear/dropbear_rsa_host_key \ |
pascal@23872 | 101 $fs/etc/dropbear/dropbear_ecdsa_host_key \ |
pascal@23872 | 102 $fs/etc/dropbear/dropbear_ed25519_host_key |
pankso@12689 | 103 |
erjo@1074 | 104 # Fix dropbear initscript perms |
pankso@1091 | 105 chown -R root.root $fs |
pankso@126 | 106 } |
pankso@126 | 107 |
pankso@126 | 108 # Post message when installing. |
pankso@126 | 109 post_install() |
pankso@126 | 110 { |
pascal@18730 | 111 while read dropbear openssh ; do |
pascal@18730 | 112 [ -s "$1/$openssh" ] || continue |
pascal@23995 | 113 [ -s "$1/$dropbear" ] && continue |
pascal@18730 | 114 chroot "$1/" dropbearconvert openssh dropbear $openssh $dropbear |
pascal@18730 | 115 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint |
pascal@7304 | 116 done <<EOT |
pascal@7304 | 117 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key |
pascal@19829 | 118 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key |
pascal@23868 | 119 /etc/dropbear/dropbear_ed25519_host_key /etc/ssh/ssh_host_ed25519_key |
pascal@7304 | 120 EOT |
mojo@19390 | 121 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT |
pascal@17046 | 122 #ssh stream tcp nowait root dropbear dropbear -i -b /etc/dropbear/banner |
pascal@17046 | 123 EOT |
al@18968 | 124 [ -n "$quiet" ] && return |
pankso@126 | 125 echo -e "\nTo starts $PACKAGE server you can run :\n" |
pankso@126 | 126 echo "/etc/init.d/$PACKAGE start" |
pankso@126 | 127 echo -e "Or add $PACKAGE to RUN_DAEMONS in /etc/rcS.conf\n" |
pankso@126 | 128 } |
pascal@17046 | 129 |
pascal@17046 | 130 post_remove() |
pascal@17046 | 131 { |
pascal@18730 | 132 grep -q dropbear "$1/etc/inetd.conf" && sed -i '/dropbear/d' "$1/etc/inetd.conf" |
pascal@17046 | 133 } |