ports/opt (3.4): [notify] dropbear: fix for CVE-2018-15599

crux at crux.nu crux at crux.nu
Thu Aug 30 09:13:30 UTC 2018


commit af91638817af6b95420213dbacedd80e9b7c9659
Author: Juergen Daubert <jue at jue.li>
Date:   Thu Aug 30 11:13:01 2018 +0200

    [notify] dropbear: fix for CVE-2018-15599

diff --git a/dropbear/.signature b/dropbear/.signature
index 256a4e715..704c6c267 100644
--- a/dropbear/.signature
+++ b/dropbear/.signature
@@ -1,6 +1,7 @@
 untrusted comment: verify with /etc/ports/opt.pub
-RWSE3ohX2g5d/aM/VCJQcchPZByyjLXWkIpUr9BU9OPBVGaP40mqd6c7pefQUHp4QSyQeoiFKqIwvmqQwPK21r30Ans7MktfLAE=
-SHA256 (Pkgfile) = e59a8afd742c5470beefb72d51d9251fd520f77a0a3f4bd9711294d9c3337410
+RWSE3ohX2g5d/fYoSjOlXrVgdVZjSJWCm9ISaxGKVH365kFEj0OWUVRz5fTnuy3CfkroLhr8DzWaVMFqavELeCW0PE2EXJhHpwc=
+SHA256 (Pkgfile) = 6e5947b4c0a75449ab2677121757588e436f4420278b90f2427ddf43f2a338f2
 SHA256 (.footprint) = 62bfe7191a20fcd5f6ec3511c951dee47aefdae734f7d616302e6bfc3a0c1923
 SHA256 (dropbear-2018.76.tar.bz2) = f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65
 SHA256 (dropbear) = def8d4ebda5759a3bc55055957235fa47f7e40216badf07830f487f05e7fbd42
+SHA256 (CVE-2018-15599.diff) = 42b5720cf6c888638cfb84fdd862fc0d323b2e023cbe5f9ccdaa2e0c35b6873e
diff --git a/dropbear/Pkgfile b/dropbear/Pkgfile
index 664dd2975..2315df8f0 100644
--- a/dropbear/Pkgfile
+++ b/dropbear/Pkgfile
@@ -5,13 +5,15 @@
 
 name=dropbear
 version=2018.76
-release=1
+release=2
 source=(http://matt.ucc.asn.au/$name/releases/$name-$version.tar.bz2 \
-        $name)
+        $name CVE-2018-15599.diff)
 
 build () {
     cd $name-$version
 
+    patch -p1 -i $SRC/CVE-2018-15599.diff
+
     echo '#define SFTPSERVER_PATH "/usr/lib/ssh/sftp-server"' > localoptions.h
 
     ./configure --prefix=/usr


More information about the CRUX mailing list