Dropbear 2016.74

Update dropbear to latest version. Fixes CVE-2016-7406 CVE-2016-7407 CVE-2016-7408 CVE-2016-7409 Plus small memory leaks and performance improvments Signed-off-by: Curt Brune <[email protected]>
ehdoyle · Oct 14, 2016 · 5934c1e · 5934c1e
1 parent 2099683
commit 5934c1e
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 4 deletions.
diff --git a/build-config/conf/dropbear.config.h b/build-config/conf/dropbear.config.h
@@ -163,6 +163,22 @@ much traffic. */
  * ECDSA above */
 #define DROPBEAR_ECDH
 
+/* Key exchange algorithm.
+ * group14_sha1 - 2048 bit, sha1
+ * group14_sha256 - 2048 bit, sha2-256
+ * group16 - 4096 bit, sha2-512
+ * group1 - 1024 bit, sha1
+ *
+ * group14 is supported by most implementations.
+ * group16 provides a greater strength level but is slower and increases binary size
+ * group1 is too small for security though is necessary if you need 
+     compatibility with some implementations such as Dropbear versions < 0.53
+ */ 
+#define DROPBEAR_DH_GROUP1 1
+#define DROPBEAR_DH_GROUP14_SHA1 1
+#define DROPBEAR_DH_GROUP14_SHA256 1
+#define DROPBEAR_DH_GROUP16 0
+
 /* Control the memory/performance/compression tradeoff for zlib.
  * Set windowBits=8 for least memory usage, see your system's
  * zlib.h for full details.
@@ -289,7 +305,7 @@ much traffic. */
 
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
+#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
 
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 

diff --git a/build-config/make/dropbear.make b/build-config/make/dropbear.make
@@ -1,7 +1,7 @@
 #-------------------------------------------------------------------------------
 #
 #  Copyright (C) 2013-2014 Curt Brune <[email protected]>
-#  Copyright (C) 2015 Nikolay Shopik <shopik@inblock.ru>
+#  Copyright (C) 2015 Nikolay Shopik <shopik@nvcube.net>
 #
 #  SPDX-License-Identifier:     GPL-2.0
 #
@@ -10,7 +10,7 @@
 # This is a makefile fragment that defines the build of dropbear
 #
 
-DROPBEAR_VERSION		= 2015.67
+DROPBEAR_VERSION		= 2016.74
 DROPBEAR_TARBALL		= dropbear-$(DROPBEAR_VERSION).tar.bz2
 DROPBEAR_TARBALL_URLS		+= $(ONIE_MIRROR) https://matt.ucc.asn.au/dropbear/releases
 DROPBEAR_BUILD_DIR		= $(MBUILDDIR)/dropbear

diff --git a/rootconf/default/etc/init.d/dropbear.sh b/rootconf/default/etc/init.d/dropbear.sh
@@ -14,7 +14,7 @@ daemon=/usr/sbin/$name
 
 [ -x $daemon ] || exit 0
 
-ARGS="-m -B -P"
+ARGS="-m -B"
 
 RSA_KEY=/etc/dropbear/dropbear_rsa_host_key
 DSS_KEY=/etc/dropbear/dropbear_dss_host_key

diff --git a/upstream/dropbear-2016.74.tar.bz2.sha1 b/upstream/dropbear-2016.74.tar.bz2.sha1
@@ -0,0 +1 @@
+92483315a112c862667c3e90af854a52dab09a12  dropbear-2016.74.tar.bz2
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		92483315a112c862667c3e90af854a52dab09a12 dropbear-2016.74.tar.bz2