# HG changeset patch
# User Stanislas Leduc <shann@slitaz.org>
# Date 1733388756 0
# Node ID ce316b1ccf3c7f30008b7705464583b42289afce
# Parent  5926178cd6fa2033bd3508e9c67bc6f00921724f# Parent  b37d8510dda9dcac2a6de1f1f40bd6b3ed99119a
Merge wok for both arch and few updates (again)

diff -r 5926178cd6fa -r ce316b1ccf3c dbus-c++-dev/receipt
--- a/dbus-c++-dev/receipt	Thu Dec 05 08:39:45 2024 +0000
+++ b/dbus-c++-dev/receipt	Thu Dec 05 08:52:36 2024 +0000
@@ -18,5 +18,5 @@
 	get_dev_files
 
 	# Ensure remove .la files
-	find $fs -name "*.la" -delete	
+	find $fs -name "*.la" -delete
 }
diff -r 5926178cd6fa -r ce316b1ccf3c openssh-pam/receipt
--- a/openssh-pam/receipt	Thu Dec 05 08:39:45 2024 +0000
+++ b/openssh-pam/receipt	Thu Dec 05 08:52:36 2024 +0000
@@ -34,6 +34,10 @@
 # Rules to configure and make the package.
 compile_rules()
 {
+        # Patch CVE-2024-6387
+        # see https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
+        patch -p1 < $stuff/CVE-2024-6387.patch
+
 	unset LD # for cross compiling with --disable-strip
 	./configure					\
 		--prefix=/usr				\
diff -r 5926178cd6fa -r ce316b1ccf3c openssh-pam/stuff/CVE-2024-6387.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/openssh-pam/stuff/CVE-2024-6387.patch	Thu Dec 05 08:52:36 2024 +0000
@@ -0,0 +1,17 @@
+--- a/log.c
++++ b/log.c
+@@ -451,12 +451,14 @@
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
++#endif
+ 	_exit(1);
+ }
+ 
diff -r 5926178cd6fa -r ce316b1ccf3c openssh-pam/stuff/openssh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/openssh-pam/stuff/openssh	Thu Dec 05 08:52:36 2024 +0000
@@ -0,0 +1,69 @@
+#!/bin/sh
+# /etc/init.d/openssh : Start, stop and restart OpenSSH server on SliTaz, at
+# boot time or with the command line.
+#
+# To start OpenSSH server at boot time, just put openssh in the $RUN_DAEMONS
+# variable of /etc/rcS.conf and configure options with /etc/daemons.conf
+#
+. /etc/init.d/rc.functions
+. /etc/daemons.conf
+
+NAME=OpenSSH
+DESC="$(_ '%s server' OpenSSH)"
+DAEMON=/usr/sbin/sshd
+OPTIONS=$OPENSSH_OPTIONS
+PIDFILE=/var/run/sshd.pid
+
+[ -d /var/run/sshd ] || mkdir -p /var/run/sshd
+
+case "$1" in
+	start)
+		# We need rsa and dsa host key file to start dropbear.
+		for type in rsa dsa ecdsa ed25519 ; do
+			[ -s /etc/ssh/ssh_host_${type}_key ] && continue
+			_ 'Generating OpenSSH %s key... ' $type
+			ssh-keygen -t $type -f /etc/ssh/ssh_host_${type}_key -C '' -N ''
+		done
+		if active_pidfile $PIDFILE sshd ; then
+			_ '%s is already running.' $NAME
+			exit 1
+		fi
+		if [ -n "$(which iptables)" ] && ! iptables -L | grep 'tcp dpt:ssh ' ; then
+		    	tcp22new='iptables -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent'
+			$tcp22new --set --name DEFAULT --rsource
+			limit='--seconds 300 --hitcount 5 --name DEFAULT --rsource'
+			$tcp22new --update $limit -j LOG --log-prefix "SSH-Bruteforce : "
+			$tcp22new --update $limit -j DROP
+		fi
+		action 'Starting %s: %s...' "$DESC" $NAME
+		$DAEMON $OPTIONS
+		status
+		;;
+	stop)
+		if ! active_pidfile $PIDFILE sshd ; then
+			_ '%s is not running.' $NAME
+			exit 1
+		fi
+		action 'Stopping %s: %s...' "$DESC" $NAME
+		kill $(cat $PIDFILE)
+		status
+		;;
+	restart)
+		if ! active_pidfile $PIDFILE sshd ; then
+			_ '%s is not running.' $NAME
+			exit 1
+		fi
+		action 'Restarting %s: %s...' "$DESC" $NAME
+		kill $(cat $PIDFILE)
+		sleep 2
+		$DAEMON $OPTIONS
+		status
+		;;
+	*)
+		emsg "<n><b>$(_ 'Usage:')</b> $0 [start|stop|restart]"
+		newline
+		exit 1
+		;;
+esac
+
+exit 0
diff -r 5926178cd6fa -r ce316b1ccf3c openssh/receipt
--- a/openssh/receipt	Thu Dec 05 08:39:45 2024 +0000
+++ b/openssh/receipt	Thu Dec 05 08:52:36 2024 +0000
@@ -35,6 +35,10 @@
 # Rules to configure and make the package.
 compile_rules()
 {
+	# Patch CVE-2024-6387
+	# see https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
+	patch -p1 < $stuff/CVE-2024-6387.patch
+
 	unset LD # for cross compiling with --disable-strip
 	./configure					\
 		--prefix=/usr				\
diff -r 5926178cd6fa -r ce316b1ccf3c openssh/stuff/CVE-2024-6387.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/openssh/stuff/CVE-2024-6387.patch	Thu Dec 05 08:52:36 2024 +0000
@@ -0,0 +1,17 @@
+--- a/log.c
++++ b/log.c
+@@ -451,12 +451,14 @@
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
++#endif
+ 	_exit(1);
+ }
+