Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 134512

Summary: Version bump to dropbear-0.48.1
Product: Gentoo Linux Reporter: Milan Holzäpfel <mail>
Component: New packagesAssignee: SpanKY <vapier>
Status: RESOLVED FIXED    
Severity: enhancement    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://matt.ucc.asn.au/dropbear/dropbear.html
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: Diff from dropbear-0.47-r1.ebuild to my dropbear-0.48.1.ebuild

Description Milan Holzäpfel 2006-05-27 05:38:57 UTC 
Hello, 

A new version of dropbear is available.  It reduces the delays one is likely to get on non-busy, dedicated servers on log-in, mainly caused by waiting for /dev/random. 
I will attach a patch from the 0.47-r1 ebuild to the 0.48.1-one I successfully used.  It removes dropbear-0.47-CVE-2006-0225.patch (see ChangeLog of Dropbear) and renames the tar.bz2 into tar.gz, as no tar.bz2 is available on the Dropbear site. 



Full ChangeLog:
0.48.1 - Sat 11 March 2006

- Compile fix for scp

0.48 - Thurs 9 March 2006

- Check that the circular buffer is properly empty before
  closing a channel, which could cause truncated transfers
  (thanks to Tomas Vanek for helping track it down)

- Implement per-IP pre-authentication connection limits 
  (after some poking from Pablo Fernandez)

- Exit gracefully if trying to connect to as SSH v1 server 
  (reported by Rushi Lala)

- Only read /dev/random once at startup when in non-inetd mode

- Allow ctrl-c to close a dbclient password prompt (may
  still have to press enter on some platforms)

- Merged in uClinux patch for inetd mode

- Updated to scp from OpenSSH 4.3p2 - fixes a security issue
  where use of system() could cause users to execute arbitrary
  code through malformed filenames, ref CVE-2006-0225



Regards,
Milan
Comment 1 Milan Holzäpfel 2006-05-27 05:41:13 UTC 
Created attachment 87637 [details, diff]
Diff from dropbear-0.47-r1.ebuild to my dropbear-0.48.1.ebuild

- Rename source files from tar.bz2 to tar.gz (no tar.bz2 available)
- Remove dropbear-0.47-CVE-2006-0225.patch (fix is included in this release)
Comment 2 SpanKY gentoo-dev 2006-06-07 06:07:35 UTC 
in portage, thanks