wok-current annotate dropbear/receipt @ rev 25734

Up rsync (CVE-2024-12084-88, CVE-2024-12747), xorg-server CVE-2024-9632, expat CVE-2024-50602, deps for webkit2gtk, up mesa 21.3.8, rework xorg proto, up get-LibreOffice/get-LibreOffice for x86_64
author Stanislas Leduc <shann@slitaz.org>
date Thu Jan 16 13:14:32 2025 +0000 (2 days ago)
parents 1f1c16803460
children
rev   line source
pankso@126 1 # SliTaz package receipt.
pankso@126 2
pankso@126 3 PACKAGE="dropbear"
pascal@25498 4 VERSION="2022.83"
pankso@209 5 CATEGORY="security"
al@17992 6 SHORT_DESC="Lightweight SSH2 server and client"
pankso@126 7 MAINTAINER="pascal.bellard@slitaz.org"
pascal@14657 8 LICENSE="MIT"
pankso@12689 9 TARBALL="$PACKAGE-$VERSION.tar.bz2"
pascal@25421 10 WEB_SITE="https://github.com/mkj/dropbear"
pascal@23881 11 WGET_URL="https://matt.ucc.asn.au/dropbear/releases/$TARBALL"
pascal@23902 12 CONFIG_FILES="/etc/dropbear/banner"
pascal@23902 13 SECRET_FILES="/etc/dropbear/*key"
pankso@12839 14 SUGGESTED="sftp-server"
pascal@4904 15 PROVIDE="ssh"
jozee@4934 16 TAGS="ssh"
shann@25728 17 HOST_ARCH="i486 arm x86_64"
pankso@126 18
pankso@12689 19 DEPENDS="zlib"
pankso@12689 20 BUILD_DEPENDS="zlib-dev pam pam-dev"
pankso@12689 21
pankso@12839 22 # Handle multiarch compilation.
pankso@12834 23 case "$ARCH" in
pankso@12839 24 arm)
pankso@12839 25 BUILD_DEPENDS=""
pankso@12839 26 CROSS_ARGS="--disable-zlib"
pankso@12839 27 CROSS_BUGS="Fails to find zlib: -lz... no" ;;
pankso@12834 28 esac
pankso@12834 29
pascal@25073 30 # What is the latest version available today?
pascal@22822 31 current_version()
pascal@22822 32 {
pascal@22822 33 wget -O - $WEB_SITE 2>/dev/null | \
pascal@22822 34 sed "/tar/!d;s|.*$PACKAGE-\\(.*\\).tar.*\".*|\\1|;q"
pascal@22822 35 }
pascal@22822 36
pankso@126 37 # Rules to configure and make the package.
pankso@126 38 compile_rules()
pankso@126 39 {
shann@25681 40 # CVE-2023-48795
shann@25681 41 patch -p1 < $stuff/CVE-2023-48795.patch
shann@25681 42
pankso@126 43 local i
pankso@126 44 local DROPBEARS
pankso@126 45 DROPBEARS="dropbearkey dropbearconvert dbclient scp"
pascal@20233 46 cat > localoptions.h <<EOT
pascal@20233 47 #define SFTPSERVER_PATH "/usr/sbin/sftp-server"
pascal@23872 48 #define DROPBEAR_X11FWD 1
pascal@20233 49 EOT
shann@25681 50 sed -i 's|"SSH-2.0-dropbear_" DROPBEAR_VERSION|"SSH-2.0-dropbear"|' sysoptions.h
pascal@25073 51 sed -i 's|DROPBEAR_CHANNEL_PRIO_INTERACTIVE|DROPBEAR_PRIO_LOWDELAY|' svr-x11fwd.c
pascal@20234 52 sed -i 's|shell arch|shell uname -m|' libtommath/makefile_include.mk
pankso@12839 53 ./configure --prefix=/usr --without-pam $CONFIGURE_ARGS $CROSS_ARGS &&
pankso@12834 54 make PROGRAMS="dropbear $DROPBEARS" MULTI=1 SCPPROGRESS=1 &&
slaxemulator@11100 55 install -d -m 755 $DESTDIR/usr/sbin &&
slaxemulator@11100 56 install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear &&
pankso@12834 57 chown 0.0 $DESTDIR/usr/sbin/dropbear || exit 1
pankso@12834 58
pankso@12834 59 # No pam support in ARM
pankso@12834 60 case "$ARCH" in
pankso@12834 61 arm) echo "Skipping Dropbear PAM..." ;;
shann@25728 62 i?86|x86_64)
pascal@20233 63 cat >> localoptions.h <<EOT
pascal@20233 64 #define DROPBEAR_SVR_PASSWORD_AUTH 0
pascal@20233 65 #define DROPBEAR_SVR_PAM_AUTH 1
pascal@20233 66 EOT
pankso@12834 67 ./configure --prefix=/usr --enable-pam $CONFIGURE_ARGS &&
pankso@12834 68 make PROGRAMS="dropbear $DROPBEARS" MULTI=1 SCPPROGRESS=1 &&
pankso@12834 69 install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear-pam &&
pankso@12834 70 chown 0.0 $DESTDIR/usr/sbin/dropbear-pam || exit 1 ;;
pankso@12834 71 esac
pankso@12834 72
slaxemulator@11100 73 install -d -m 755 $DESTDIR/usr/bin &&
pascal@1440 74 for i in $DROPBEARS ssh; do
pankso@12834 75 ln -s ../sbin/dropbear $DESTDIR/usr/bin/$i || exit 1
pankso@126 76 done
pascal@19369 77 install -d -m 755 $DESTDIR/usr/share/man/man1 &&
pascal@19371 78 install -m 644 $src/*.1 $DESTDIR/usr/share/man/man1 &&
pascal@19369 79 install -d -m 755 $DESTDIR/usr/share/man/man8 &&
pascal@19371 80 install -m 644 $src/*.8 $DESTDIR/usr/share/man/man8 &&
pascal@19369 81 install -d -m 755 $DESTDIR/usr/share/doc &&
pascal@19371 82 install -m 644 $src/[A-Z][A-Z]* $DESTDIR/usr/share/doc
pankso@126 83 }
pankso@126 84
pankso@126 85 # Rules to gen a SliTaz package suitable for Tazpkg.
pankso@126 86 genpkg_rules()
pankso@126 87 {
pankso@126 88 mkdir -p $fs/usr
pankso@12689 89 cp -a $install/usr/bin $fs/usr
pankso@12689 90 cp -a $install/usr/sbin $fs/usr
pascal@11595 91 rm -f $fs/usr/sbin/dropbear-pam
pankso@126 92 # Config file and init script.
pankso@126 93 mkdir -p $fs/etc
slaxemulator@11100 94 cp -a $stuff/dropbear $fs/etc
slaxemulator@11100 95 cp -a $stuff/init.d $fs/etc
devl547@18881 96 ln -s daemon $fs/etc/init.d/sshd
slaxemulator@11100 97 cp -a $stuff/sshx $fs/usr/bin
pascal@14027 98 ln -s sshx $fs/usr/bin/pppssh
pascal@18330 99 ln -s sshx $fs/usr/bin/sshfbvnc
pascal@25498 100 touch $fs/etc/dropbear/dropbear_rsa_host_key \
pascal@23872 101 $fs/etc/dropbear/dropbear_ecdsa_host_key \
pascal@23872 102 $fs/etc/dropbear/dropbear_ed25519_host_key
pankso@12689 103
erjo@1074 104 # Fix dropbear initscript perms
pankso@1091 105 chown -R root.root $fs
pankso@126 106 }
pankso@126 107
pankso@126 108 # Post message when installing.
pankso@126 109 post_install()
pankso@126 110 {
pascal@18730 111 while read dropbear openssh ; do
pascal@18730 112 [ -s "$1/$openssh" ] || continue
pascal@23995 113 [ -s "$1/$dropbear" ] && continue
pascal@18730 114 chroot "$1/" dropbearconvert openssh dropbear $openssh $dropbear
pascal@18730 115 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
pascal@7304 116 done <<EOT
pascal@7304 117 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
pascal@19829 118 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
pascal@23868 119 /etc/dropbear/dropbear_ed25519_host_key /etc/ssh/ssh_host_ed25519_key
pascal@7304 120 EOT
mojo@19390 121 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
pascal@17046 122 #ssh stream tcp nowait root dropbear dropbear -i -b /etc/dropbear/banner
pascal@17046 123 EOT
al@18968 124 [ -n "$quiet" ] && return
pankso@126 125 echo -e "\nTo starts $PACKAGE server you can run :\n"
pankso@126 126 echo "/etc/init.d/$PACKAGE start"
pankso@126 127 echo -e "Or add $PACKAGE to RUN_DAEMONS in /etc/rcS.conf\n"
pankso@126 128 }
pascal@17046 129
pascal@17046 130 post_remove()
pascal@17046 131 {
pascal@18730 132 grep -q dropbear "$1/etc/inetd.conf" && sed -i '/dropbear/d' "$1/etc/inetd.conf"
pascal@17046 133 }