commit af91638817af6b95420213dbacedd80e9b7c9659 Author: Juergen Daubert <jue@jue.li> Date: Thu Aug 30 11:13:01 2018 +0200 [notify] dropbear: fix for CVE-2018-15599 diff --git a/dropbear/.signature b/dropbear/.signature index 256a4e715..704c6c267 100644 --- a/dropbear/.signature +++ b/dropbear/.signature @@ -1,6 +1,7 @@ untrusted comment: verify with /etc/ports/opt.pub -RWSE3ohX2g5d/aM/VCJQcchPZByyjLXWkIpUr9BU9OPBVGaP40mqd6c7pefQUHp4QSyQeoiFKqIwvmqQwPK21r30Ans7MktfLAE= -SHA256 (Pkgfile) = e59a8afd742c5470beefb72d51d9251fd520f77a0a3f4bd9711294d9c3337410 +RWSE3ohX2g5d/fYoSjOlXrVgdVZjSJWCm9ISaxGKVH365kFEj0OWUVRz5fTnuy3CfkroLhr8DzWaVMFqavELeCW0PE2EXJhHpwc= +SHA256 (Pkgfile) = 6e5947b4c0a75449ab2677121757588e436f4420278b90f2427ddf43f2a338f2 SHA256 (.footprint) = 62bfe7191a20fcd5f6ec3511c951dee47aefdae734f7d616302e6bfc3a0c1923 SHA256 (dropbear-2018.76.tar.bz2) = f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65 SHA256 (dropbear) = def8d4ebda5759a3bc55055957235fa47f7e40216badf07830f487f05e7fbd42 +SHA256 (CVE-2018-15599.diff) = 42b5720cf6c888638cfb84fdd862fc0d323b2e023cbe5f9ccdaa2e0c35b6873e diff --git a/dropbear/Pkgfile b/dropbear/Pkgfile index 664dd2975..2315df8f0 100644 --- a/dropbear/Pkgfile +++ b/dropbear/Pkgfile @@ -5,13 +5,15 @@ name=dropbear version=2018.76 -release=1 +release=2 source=(http://matt.ucc.asn.au/$name/releases/$name-$version.tar.bz2 \ - $name) + $name CVE-2018-15599.diff) build () { cd $name-$version + patch -p1 -i $SRC/CVE-2018-15599.diff + echo '#define SFTPSERVER_PATH "/usr/lib/ssh/sftp-server"' > localoptions.h ./configure --prefix=/usr