dropbear: bump version, fixes CVE-2012-0920

From the release notes: Security: Fix use-after-free bug that could be triggered if command="..." authorized_keys restrictions are used. Could allow arbitrary code execution or bypass of the command="..." restriction to an authenticated user. Signed-off-by: Peter Korsgaard <jacmet@sunsite.dk>
2024-11-25 14:33:29 +08:00 · 2012-02-24 14:11:16 +01:00 · 2012-02-24 14:11:16 +01:00 · 086bdfd378
commit 086bdfd378
parent 3d6ff4f527
2 changed files with 1 additions and 19 deletions
--- a/package/dropbear/dropbear-2011.54-no-ipv6.patch
+++ b/package/dropbear/dropbear-2011.54-no-ipv6.patch
@ -1,18 +0,0 @@
-Check for IPV6_TCLASS instead of IPPROTO_IPV6 since
-it's present on non-IPv6 enabled toolchains too.
-
-Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
-
-diff -Nura dropbear-2011.54.orig/dbutil.c dropbear-2011.54/dbutil.c
--- dropbear-2011.54.orig/dbutil.c	2011-11-08 09:48:15.000000000 -0300
-+++ dropbear-2011.54/dbutil.c	2011-11-09 12:14:59.430074138 -0300
-@@ -164,7 +164,7 @@
- 	/* set the TOS bit for either ipv4 or ipv6 */
- #ifdef IPTOS_LOWDELAY
- 	val = IPTOS_LOWDELAY;
-#ifdef IPPROTO_IPV6
-+#ifdef IPV6_TCLASS
- 	setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&val, sizeof(val));
- #endif
- 	setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&val, sizeof(val));
--- a/package/dropbear/dropbear.mk
+++ b/package/dropbear/dropbear.mk
@ -4,7 +4,7 @@
 #
 #############################################################

-DROPBEAR_VERSION = 2011.54
+DROPBEAR_VERSION = 2012.55
 DROPBEAR_SITE = http://matt.ucc.asn.au/dropbear/releases
 DROPBEAR_TARGET_BINS = dbclient dropbearkey dropbearconvert scp ssh
 DROPBEAR_MAKE =	$(MAKE) MULTI=1 SCPPROGRESS=1 \