diff options
-rw-r--r-- | main/dropbear/APKBUILD | 8 | ||||
-rw-r--r-- | main/dropbear/CVE-2018-20685.patch | 23 |
2 files changed, 29 insertions, 2 deletions
diff --git a/main/dropbear/APKBUILD b/main/dropbear/APKBUILD index 46669578959..53f520d8a03 100644 --- a/main/dropbear/APKBUILD +++ b/main/dropbear/APKBUILD @@ -3,7 +3,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=dropbear pkgver=2019.78 -pkgrel=0 +pkgrel=1 pkgdesc="small SSH 2 client/server designed for small memory environments" url="http://matt.ucc.asn.au/dropbear/dropbear.html" arch="all" @@ -21,9 +21,12 @@ source="https://matt.ucc.asn.au/dropbear/releases/${pkgname}-${pkgver}.tar.bz2 dropbear.confd dropbear-0.53.1-static_build_fix.patch dropbear-options_sftp-server_path.patch + CVE-2018-20685.patch " # secfixes: +# 2019.78-r1: +# - CVE-2018-20685 # 2018.76-r2: # - CVE-2018-15599 @@ -86,4 +89,5 @@ sha512sums="f667ba8dae17ea89c118642b566f2c134c71bfd0b8bacea5cf7ec87d75ac79bd7cd1 9c55ab3d8b61955cde1ccc1b8acbd3d2ef123feb9489e92737304c35315d07b7f85fad8a12ac7b0ec2c1dcee3d76b8bc4aa18518f4ddd963917805db33e48826 dropbear.initd 83f2c1eaf7687917a4b2bae7d599d4378c4bd64f9126ba42fc5d235f2b3c9a474d1b3168d70ed64bb4101cc251d30bc9ae20604da9b5d819fcd635ee4d0ebb0f dropbear.confd 413cef467db35ddc430a773af943ff650d51bdb6fb262dcabc625eb6c9f4170b5711998df5577dd05c60e21e0a9771bff022adc8273083b85a18f4d5659ffd50 dropbear-0.53.1-static_build_fix.patch -9b078548c6850c9b45e9b68a8ebd746a4a0648607c8ad0cf4106f09f7a63768c83a3e4e4fbec38b665ae283503fd3cdd054775aa3c9afe02567be3e775aef50b dropbear-options_sftp-server_path.patch" +9b078548c6850c9b45e9b68a8ebd746a4a0648607c8ad0cf4106f09f7a63768c83a3e4e4fbec38b665ae283503fd3cdd054775aa3c9afe02567be3e775aef50b dropbear-options_sftp-server_path.patch +6f17cf2b344b97457d2e0c1588fd285fac9757aa5e46aa2c103783978cc5fd9f7085aba36e7409270380d1250a277b43b0f5ff860d157148c6c28a0bbcbdce4c CVE-2018-20685.patch" diff --git a/main/dropbear/CVE-2018-20685.patch b/main/dropbear/CVE-2018-20685.patch new file mode 100644 index 00000000000..a8ea2af85b4 --- /dev/null +++ b/main/dropbear/CVE-2018-20685.patch @@ -0,0 +1,23 @@ +From 8f8a3dff705fad774a10864a2e3dbcfa9779ceff Mon Sep 17 00:00:00 2001 +From: Haelwenn Monnier <contact+github.com@hacktivis.me> +Date: Mon, 25 May 2020 14:54:29 +0200 +Subject: [PATCH] scp.c: Port OpenSSH CVE-2018-20685 fix (#80) + +--- + scp.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/scp.c b/scp.c +index 742ae00f..7b8e7d22 100644 +--- a/scp.c ++++ b/scp.c +@@ -935,7 +935,8 @@ sink(int argc, char **argv) + size = size * 10 + (*cp++ - '0'); + if (*cp++ != ' ') + SCREWUP("size not delimited"); +- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) { ++ if (*cp == '\0' || strchr(cp, '/') != NULL || ++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) { + run_err("error: unexpected filename: %s", cp); + exit(1); + }
\ No newline at end of file |