wok-current view dropbear/receipt @ rev 25681
Up openssl, add openssl-compat, openssl11, patch dropbear CVE-2023-48795
| author | Stanislas Leduc <shann@slitaz.org> |
|---|---|
| date | Tue Mar 12 19:49:16 2024 +0000 (3 months ago) |
| parents | 48dff2952881 |
| children |
line source
1 # SliTaz package receipt.
3 PACKAGE="dropbear"
4 VERSION="2022.83"
5 CATEGORY="security"
6 SHORT_DESC="Lightweight SSH2 server and client"
7 MAINTAINER="pascal.bellard@slitaz.org"
8 LICENSE="MIT"
9 TARBALL="$PACKAGE-$VERSION.tar.bz2"
10 WEB_SITE="https://github.com/mkj/dropbear"
11 WGET_URL="https://matt.ucc.asn.au/dropbear/releases/$TARBALL"
12 CONFIG_FILES="/etc/dropbear/banner"
13 SECRET_FILES="/etc/dropbear/*key"
14 SUGGESTED="sftp-server"
15 PROVIDE="ssh"
16 TAGS="ssh"
17 HOST_ARCH="i486 arm"
19 DEPENDS="zlib"
20 BUILD_DEPENDS="zlib-dev pam pam-dev"
22 # Handle multiarch compilation.
23 case "$ARCH" in
24 arm)
25 BUILD_DEPENDS=""
26 CROSS_ARGS="--disable-zlib"
27 CROSS_BUGS="Fails to find zlib: -lz... no" ;;
28 esac
30 # What is the latest version available today?
31 current_version()
32 {
33 wget -O - $WEB_SITE 2>/dev/null | \
34 sed "/tar/!d;s|.*$PACKAGE-\\(.*\\).tar.*\".*|\\1|;q"
35 }
37 # Rules to configure and make the package.
38 compile_rules()
39 {
40 # CVE-2023-48795
41 patch -p1 < $stuff/CVE-2023-48795.patch
43 local i
44 local DROPBEARS
45 DROPBEARS="dropbearkey dropbearconvert dbclient scp"
46 cat > localoptions.h <<EOT
47 #define SFTPSERVER_PATH "/usr/sbin/sftp-server"
48 #define DROPBEAR_X11FWD 1
49 EOT
50 sed -i 's|"SSH-2.0-dropbear_" DROPBEAR_VERSION|"SSH-2.0-dropbear"|' sysoptions.h
51 sed -i 's|DROPBEAR_CHANNEL_PRIO_INTERACTIVE|DROPBEAR_PRIO_LOWDELAY|' svr-x11fwd.c
52 sed -i 's|shell arch|shell uname -m|' libtommath/makefile_include.mk
53 ./configure --prefix=/usr --without-pam $CONFIGURE_ARGS $CROSS_ARGS &&
54 make PROGRAMS="dropbear $DROPBEARS" MULTI=1 SCPPROGRESS=1 &&
55 install -d -m 755 $DESTDIR/usr/sbin &&
56 install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear &&
57 chown 0.0 $DESTDIR/usr/sbin/dropbear || exit 1
59 # No pam support in ARM
60 case "$ARCH" in
61 arm) echo "Skipping Dropbear PAM..." ;;
62 i?86)
63 cat >> localoptions.h <<EOT
64 #define DROPBEAR_SVR_PASSWORD_AUTH 0
65 #define DROPBEAR_SVR_PAM_AUTH 1
66 EOT
67 ./configure --prefix=/usr --enable-pam $CONFIGURE_ARGS &&
68 make PROGRAMS="dropbear $DROPBEARS" MULTI=1 SCPPROGRESS=1 &&
69 install -m 755 dropbearmulti $DESTDIR/usr/sbin/dropbear-pam &&
70 chown 0.0 $DESTDIR/usr/sbin/dropbear-pam || exit 1 ;;
71 esac
73 install -d -m 755 $DESTDIR/usr/bin &&
74 for i in $DROPBEARS ssh; do
75 ln -s ../sbin/dropbear $DESTDIR/usr/bin/$i || exit 1
76 done
77 install -d -m 755 $DESTDIR/usr/share/man/man1 &&
78 install -m 644 $src/*.1 $DESTDIR/usr/share/man/man1 &&
79 install -d -m 755 $DESTDIR/usr/share/man/man8 &&
80 install -m 644 $src/*.8 $DESTDIR/usr/share/man/man8 &&
81 install -d -m 755 $DESTDIR/usr/share/doc &&
82 install -m 644 $src/[A-Z][A-Z]* $DESTDIR/usr/share/doc
83 }
85 # Rules to gen a SliTaz package suitable for Tazpkg.
86 genpkg_rules()
87 {
88 mkdir -p $fs/usr
89 cp -a $install/usr/bin $fs/usr
90 cp -a $install/usr/sbin $fs/usr
91 rm -f $fs/usr/sbin/dropbear-pam
92 # Config file and init script.
93 mkdir -p $fs/etc
94 cp -a $stuff/dropbear $fs/etc
95 cp -a $stuff/init.d $fs/etc
96 ln -s daemon $fs/etc/init.d/sshd
97 cp -a $stuff/sshx $fs/usr/bin
98 ln -s sshx $fs/usr/bin/pppssh
99 ln -s sshx $fs/usr/bin/sshfbvnc
100 touch $fs/etc/dropbear/dropbear_rsa_host_key \
101 $fs/etc/dropbear/dropbear_ecdsa_host_key \
102 $fs/etc/dropbear/dropbear_ed25519_host_key
104 # Fix dropbear initscript perms
105 chown -R root.root $fs
106 }
108 # Post message when installing.
109 post_install()
110 {
111 while read dropbear openssh ; do
112 [ -s "$1/$openssh" ] || continue
113 [ -s "$1/$dropbear" ] && continue
114 chroot "$1/" dropbearconvert openssh dropbear $openssh $dropbear
115 chroot "$1/" dropbearkey -y -f $dropbear | grep Fingerprint
116 done <<EOT
117 /etc/dropbear/dropbear_rsa_host_key /etc/ssh/ssh_host_rsa_key
118 /etc/dropbear/dropbear_ecdsa_host_key /etc/ssh/ssh_host_ecdsa_key
119 /etc/dropbear/dropbear_ed25519_host_key /etc/ssh/ssh_host_ed25519_key
120 EOT
121 grep -q ssh "$1/etc/inetd.conf" || cat >> "$1/etc/inetd.conf" <<EOT
122 #ssh stream tcp nowait root dropbear dropbear -i -b /etc/dropbear/banner
123 EOT
124 [ -n "$quiet" ] && return
125 echo -e "\nTo starts $PACKAGE server you can run :\n"
126 echo "/etc/init.d/$PACKAGE start"
127 echo -e "Or add $PACKAGE to RUN_DAEMONS in /etc/rcS.conf\n"
128 }
130 post_remove()
131 {
132 grep -q dropbear "$1/etc/inetd.conf" && sed -i '/dropbear/d' "$1/etc/inetd.conf"
133 }