summaryrefslogtreecommitdiff
path: root/source/installer
diff options
context:
space:
mode:
Diffstat (limited to 'source/installer')
-rwxr-xr-xsource/installer/dropbear/dropbear.Slackbuild57
-rw-r--r--source/installer/dropbear/dropbear.glibc.crypt.diff28
-rw-r--r--source/installer/dropbear/dropbear.xauth.patch8
-rw-r--r--source/installer/dropbear/dropbear_dbclientpath.patch16
-rw-r--r--source/installer/dropbear/dropbear_emptypass.patch63
5 files changed, 86 insertions, 86 deletions
diff --git a/source/installer/dropbear/dropbear.Slackbuild b/source/installer/dropbear/dropbear.Slackbuild
index 5bd3bd99..37ab7c01 100755
--- a/source/installer/dropbear/dropbear.Slackbuild
+++ b/source/installer/dropbear/dropbear.Slackbuild
@@ -23,11 +23,18 @@
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=dropbear
-VERSION=0.50
-ARCH=${ARCH:-i486}
+VERSION=2012.55
BUILD=${BUILD:-10}
TAG=${TAG:-''}
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i486 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
# The programs we want to have as symlinks to dropbearmulti binary:
PROGS="dropbear dbclient dropbearkey dropbearconvert scp ssh"
@@ -36,33 +43,37 @@ PROGS="dropbear dbclient dropbearkey dropbearconvert scp ssh"
# and adding symlinks for ssh and scp without worry
# about overwriting any pre-existing binaries.
-CWD=`pwd`
+CWD=$(pwd)
TMP=${TMP:-/tmp}
PKG=$TMP/pkg-$PRGNAM
-OUTPUT=${OUTPUT:-/tmp}
-if [ "$ARCH" = "i386" ]; then
- SLKCFLAGS="-O2 -march=i386 -mcpu=i686"
-elif [ "$ARCH" = "i486" ]; then
+if [ "$ARCH" = "i486" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686"
-elif [ "$ARCH" = "s390" ]; then
- SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
fi
rm -rf $PKG
-mkdir -p $TMP $PKG $OUTPUT
+mkdir -p $TMP $PKG
cd $TMP || exit 1
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1
cd $PRGNAM-$VERSION || exit 1
-# Fix ownership and permissions inside the source tarball.
-# It's appalling how many projects have 777 permissions or
-# even suid, sgid, and sticky bits set on things.
chown -R root:root .
-chmod -R u+w,go+r-w,a-s .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
# Patch to allow empty passwords (used in Slackware's installer):
patch -p1 < $CWD/dropbear_emptypass.patch
@@ -70,6 +81,8 @@ patch -p1 < $CWD/dropbear_emptypass.patch
patch -p0 < $CWD/dropbear.xauth.patch
# Change the path used for dbclient because our prefix is '/' not '/usr':
patch -p1 < $CWD/dropbear_dbclientpath.patch
+# Patch for new glibc crypt() that may return NULL:
+patch -p1 < $CWD/dropbear.glibc.crypt.diff
CFLAGS="$SLKCFLAGS" \
CXXFLAGS="$SLKCFLAGS" \
@@ -96,10 +109,8 @@ cp dbclient.1 $PKG/usr/man/man1
cp dropbearkey.8 dropbear.8 $PKG/usr/man/man8
if [ -d $PKG/usr/man ]; then
- (cd $PKG/usr/man
- find . -type f -exec gzip -9 {} \;
- for i in `find . -type l` ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
- )
+ find $PKG/usr/man -type f -exec gzip -9 {} \;
+ for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
fi
# Link binaries to dropbearmulti since the 'make install' does not do that
@@ -111,10 +122,10 @@ fi
done
)
-(cd $PKG
- find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
- find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
-)
+make install DESTDIR=$PKG
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | \
+ grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
mkdir -p $PKG/etc/rc.d $PKG/etc/dropbear
cp $CWD/rc.dropbear.new $PKG/etc/rc.d/ # doinst.sh will handle .new
@@ -128,4 +139,4 @@ cat $CWD/slack-desc > $PKG/install/slack-desc
cat $CWD/doinst.sh > $PKG/install/doinst.sh
cd $PKG
-/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
+/sbin/makepkg -l y -c n $TMP/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
diff --git a/source/installer/dropbear/dropbear.glibc.crypt.diff b/source/installer/dropbear/dropbear.glibc.crypt.diff
new file mode 100644
index 00000000..3184210d
--- /dev/null
+++ b/source/installer/dropbear/dropbear.glibc.crypt.diff
@@ -0,0 +1,28 @@
+
+# HG changeset patch
+# User Matt Johnston <matt@ucc.asn.au>
+# Date 1367250157 -28800
+# Node ID 7bd88d546627ff31d0e2d91e6022b3e77a943efb
+# Parent ea04e3eb03e2c3d59d82e361882711de844068a4
+Avoid segfault for locked accounts (invalid salt to crypt())
+
+diff -r ea04e3eb03e2 -r 7bd88d546627 svr-authpasswd.c
+--- a/svr-authpasswd.c Thu Apr 18 23:15:17 2013 +0800
++++ b/svr-authpasswd.c Mon Apr 29 23:42:37 2013 +0800
+@@ -66,6 +66,14 @@
+ m_burn(password, passwordlen);
+ m_free(password);
+
++ if (testcrypt == NULL) {
++ /* crypt() with an invalid salt like "!!" */
++ dropbear_log(LOG_WARNING, "User account '%s' is locked",
++ ses.authstate.pw_name);
++ send_msg_userauth_failure(0, 1);
++ return;
++ }
++
+ /* check for empty password */
+ if (passwdcrypt[0] == '\0') {
+ dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
+
+
diff --git a/source/installer/dropbear/dropbear.xauth.patch b/source/installer/dropbear/dropbear.xauth.patch
index d01e15e0..e32f0c64 100644
--- a/source/installer/dropbear/dropbear.xauth.patch
+++ b/source/installer/dropbear/dropbear.xauth.patch
@@ -1,10 +1,10 @@
---- options.h.old 2008-01-29 11:54:45.000000000 -0200
-+++ options.h 2008-01-29 11:54:52.000000000 -0200
-@@ -197,7 +197,7 @@
+--- options.h.orig 2013-06-21 21:50:34.859528230 -0500
++++ options.h 2013-06-21 21:52:59.208516285 -0500
+@@ -243,7 +243,7 @@
/* The command to invoke for xauth when using X11 forwarding.
* "-q" for quiet */
#ifndef XAUTH_COMMAND
--#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
+-#define XAUTH_COMMAND "/usr/bin/X11/xauth -q"
+#define XAUTH_COMMAND "/usr/bin/xauth -q"
#endif
diff --git a/source/installer/dropbear/dropbear_dbclientpath.patch b/source/installer/dropbear/dropbear_dbclientpath.patch
index ef5cddc7..781349f8 100644
--- a/source/installer/dropbear/dropbear_dbclientpath.patch
+++ b/source/installer/dropbear/dropbear_dbclientpath.patch
@@ -1,12 +1,12 @@
-diff -uarN dropbear-0.50.orig/options.h dropbear-0.50/options.h
---- dropbear-0.50.orig/options.h 2007-08-08 18:39:38.000000000 +0200
-+++ dropbear-0.50/options.h 2008-03-10 14:43:29.261618300 +0100
-@@ -209,7 +209,7 @@
-
+diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h
+--- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600
++++ dropbear-2012.55/options.h 2012-04-07 15:12:46.040452209 -0500
+@@ -255,7 +255,7 @@
+
/* This is used by the scp binary when used as a client binary. If you're
* not using the Dropbear client, you'll need to change it */
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
+#define _PATH_SSH_PROGRAM "/bin/dbclient"
-
- /* Whether to log commands executed by a client. This only logs the
- * (single) command sent to the server, not what a user did in a
+
+ /* Whether to log commands executed by a client. This only logs the
+ * (single) command sent to the server, not what a user did in a
diff --git a/source/installer/dropbear/dropbear_emptypass.patch b/source/installer/dropbear/dropbear_emptypass.patch
index 995b4d5c..25924008 100644
--- a/source/installer/dropbear/dropbear_emptypass.patch
+++ b/source/installer/dropbear/dropbear_emptypass.patch
@@ -1,51 +1,12 @@
-diff -uarN dropbear-0.50.orig/options.h dropbear-0.50/options.h
---- dropbear-0.50.orig/options.h 2007-08-08 17:39:37.000000000 +0200
-+++ dropbear-0.50/options.h 2008-02-01 00:22:07.000000000 +0100
-@@ -148,6 +148,9 @@
- * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
- #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
-
-+/* disable server empty password check because root has no password on EZX */
-+#define DISABLE_SVR_EMPTY_PASSWD_CHECK
-+
- /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
- * a helper program for the ssh client. The helper program should be
- * specified in the SSH_ASKPASS environment variable, and dbclient
-diff -uarN dropbear-0.50.orig/svr-auth.c dropbear-0.50/svr-auth.c
---- dropbear-0.50.orig/svr-auth.c 2007-08-08 17:39:37.000000000 +0200
-+++ dropbear-0.50/svr-auth.c 2008-02-01 00:22:07.000000000 +0100
-@@ -236,6 +236,7 @@
- return DROPBEAR_FAILURE;
- }
-
-+#ifndef DISABLE_SVR_EMPTY_PASSWD_CHECK
- /* check for an empty password */
- if (ses.authstate.pw->pw_passwd[0] == '\0') {
- TRACE(("leave checkusername: empty pword"))
-@@ -244,6 +245,7 @@
- send_msg_userauth_failure(0, 1);
- return DROPBEAR_FAILURE;
- }
-+#endif
-
- TRACE(("shell is %s", ses.authstate.pw->pw_shell))
-
-diff -uarN dropbear-0.50.orig/svr-authpasswd.c dropbear-0.50/svr-authpasswd.c
---- dropbear-0.50.orig/svr-authpasswd.c 2007-08-08 17:39:37.000000000 +0200
-+++ dropbear-0.50/svr-authpasswd.c 2008-02-01 00:23:00.000000000 +0100
-@@ -60,6 +60,7 @@
- passwdcrypt = DEBUG_HACKCRYPT;
- #endif
-
-+#ifndef DISABLE_SVR_EMPTY_PASSWD_CHECK
- /* check for empty password - need to do this again here
- * since the shadow password may differ to that tested
- * in auth.c */
-@@ -69,6 +70,7 @@
- send_msg_userauth_failure(0, 1);
- return;
- }
-+#endif
-
- /* check if client wants to change password */
- changepw = buf_getbool(ses.payload);
+diff -Nur dropbear-2012.55.orig/options.h dropbear-2012.55/options.h
+--- dropbear-2012.55.orig/options.h 2012-02-23 07:47:06.000000000 -0600
++++ dropbear-2012.55/options.h 2012-04-07 15:09:15.676322495 -0500
+@@ -180,7 +180,7 @@
+ * Public key logins are allowed for blank-password accounts regardless of this
+ * setting. PAM is not affected by this setting, it uses the normal pam.d
+ * settings ('nullok' option) */
+-/* #define ALLOW_BLANK_PASSWORD */
++#define ALLOW_BLANK_PASSWORD
+
+ #define ENABLE_CLI_PASSWORD_AUTH
+ #define ENABLE_CLI_PUBKEY_AUTH