mtk-20170518/package/network/services/dropbear/Makefile, branch master MTK 20170518 : Mediatek SDK based on OpenWRT Barrier Breaker dropbear: backport upstream fix for CVE-2018-15599 2018-08-24T13:25:26+00:00 Hans Dedecker dedeckeh@gmail.com 2018-08-24T13:02:24+00:00 2211ee0037764e1c6b1576fe7a0975722cd4acdc CVE description : The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase. Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> 
CVE description :
The recv_msg_userauth_request function in svr-auth.c in Dropbear through
2018.76 is prone to a user enumeration vulnerability because username
validity affects how fields in SSH_MSG_USERAUTH messages are handled,
a similar issue to CVE-2018-15473 in an unrelated codebase.

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
dropbear: compile with LTO enabled 2018-07-13T15:22:53+00:00 Felix Fietkau nbd@nbd.name 2018-07-11T17:28:54+00:00 47b42137ce1e931ae5871952b1f98438396f5e07 Reduces size of the .ipk on MIPS from 87k to 84k Signed-off-by: Felix Fietkau <nbd@nbd.name> 
Reduces size of the .ipk on MIPS from 87k to 84k

Signed-off-by: Felix Fietkau <nbd@nbd.name>
dropbear: let opkg manage symlinks of ssh, scp 2018-06-25T07:21:24+00:00 Yousong Zhou yszhou4tech@gmail.com 2018-06-25T05:16:09+00:00 c4aadbdaf69bad3fbb3ef54601a3629ba24a6e9b Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com> 
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
dropbear: disable MD5 HMAC and switch to sha1 fingerprints 2017-12-12T21:24:17+00:00 Martin Schiller ms@dev.tdt.de 2017-11-22T12:39:51+00:00 65d62b5f4ffcb481994f6865d0e03d0e9ad58b2b As MD5 is known weak for many years and more and more penetration test tools complain about enabled MD5 HMAC I think it's time to drop it. By disabling the MD5 HMAC support dropbear will also automatically use SHA1 for fingerprints. This shouldn't be a problem too. Signed-off-by: Martin Schiller <ms@dev.tdt.de> 
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.

By disabling the MD5 HMAC support dropbear  will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.

Signed-off-by: Martin Schiller <ms@dev.tdt.de>
add PKG_CPE_ID ids to package and tools 2017-11-17T01:24:35+00:00 Alexander Couzens lynxis@fe80.eu 2017-09-28T02:55:46+00:00 c61a2395140d92cdd37d3d6ee43a765427e8e318 CPE ids helps to tracks CVE in packages. https://cpe.mitre.org/specification/ Thanks to swalker for CPE to package mapping and keep tracking CVEs. Acked-by: Jo-Philipp Wich <jo@mein.io> Signed-off-by: Alexander Couzens <lynxis@fe80.eu> 
CPE ids helps to tracks CVE in packages.
https://cpe.mitre.org/specification/

Thanks to swalker for CPE to package mapping and
keep tracking CVEs.

Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
dropbear: fix PKG_CONFIG_DEPENDS 2017-10-06T07:38:00+00:00 Hans Dedecker dedeckeh@gmail.com 2017-10-06T07:21:35+00:00 834c93e00bee4f7253a5c64d1a9c8202b1082b1a Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS Signed-off-by: Hans Dedecker <dedeckeh@gmail.com> 
Add CONFIG_DROPBEAR_UTMP, CONFIG_DROPBEAR_PUTUTLINE to PKG_CONFIG_DEPENDS

Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
dropbear: make ssh compression support configurable 2017-09-28T19:47:16+00:00 Marcin Jurkowski marcin1j@gmail.com 2017-06-30T11:13:50+00:00 a816e1eac761bfdac720d00d15feb18b7b9fd1e3 Adds config option to enable compression support which is usefull when using a terminal sessions over a slow link. Impact on binary size is negligible but additional 60 kB (uncompressed) is needed for a shared zlib library. Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com> 
Adds config option to enable compression support which is usefull
when using a terminal sessions over a slow link. Impact on binary
size is negligible but additional 60 kB (uncompressed) is needed for
a shared zlib library.

Signed-off-by: Marcin Jurkowski <marcin1j@gmail.com>
Revert "dropbear: Link ssh and scp command to /bin instead of /usr/bin" 2017-08-31T19:09:13+00:00 John Crispin john@phrozen.org 2017-08-31T19:09:05+00:00 12930fc0453ac019e3f9a9cde50699914f7ba1d0 This reverts commit f7528ed0a8586434e18e9007b1bf0d05a18d6418. Signed-off-by: John Crispin <john@phrozen.org> 
This reverts commit f7528ed0a8586434e18e9007b1bf0d05a18d6418.

Signed-off-by: John Crispin <john@phrozen.org>
dropbear: Link ssh and scp command to /bin instead of /usr/bin 2017-08-31T17:14:43+00:00 Rosen Penev rosenp@gmail.com 2017-08-30T22:58:09+00:00 f7528ed0a8586434e18e9007b1bf0d05a18d6418 ssh and scp commands interfere with OpenSSH when installed in /usr/bin . One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back. Signed-off-by: Rosen Penev <rosenp@gmail.com> 
ssh and scp commands interfere with OpenSSH when installed in /usr/bin .

One use case is when installing dropbear to get root access when only OpenSSH is available (OpenSSH disallows root password logins). Once dropbear installs, it replaces OpenSSH's executables, even when removed with opkg. OpenSSH must be reinstalled to get them back.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
dropbear: add option to set max auth tries 2017-06-28T00:18:20+00:00 Stijn Tintel stijn@linux-ipv6.be 2017-06-27T20:30:01+00:00 6371159b4ae8b4dd94d6319ac805b0c26962bb14 Add a uci option to set the new max auth tries paramater in dropbear. Set the default to 3, as 10 seems excessive. Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> 
Add a uci option to set the new max auth tries paramater in dropbear.
Set the default to 3, as 10 seems excessive.

Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>