commit 7bfdb025288e5607661a1212ad2e04cbe6e32057 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

dropbear: 2020.81 -> 2022.82

Fixes CVE-2021-36369
https://github.com/mkj/dropbear/releases/tag/DROPBEAR_2022.82

Thomas Gerbet 3 years ago 7bfdb025 83733b55

+21 -18

2 changed files

expand all

unified split

pkgs

tools

networking

dropbear

default.nix

pass-path.patch

+2 -2

pkgs/tools/networking/dropbear/default.nix

··· 16 16 17 17 stdenv.mkDerivation rec { 18 18 pname = "dropbear"; 19 - version = "2020.81"; 19 + version = "2022.82"; 20 20 21 21 src = fetchurl { 22 22 url = "https://matt.ucc.asn.au/dropbear/releases/dropbear-${version}.tar.bz2"; 23 - sha256 = "0fy5ma4cfc2pk25mcccc67b2mf1rnb2c06ilb7ddnxbpnc85s8s8"; 23 + sha256 = "sha256-OgONK7wCvyi73SDAEgkfdBo+xcvkYGkYEdcUh2qtddE="; 24 24 }; 25 25 26 26 dontDisableStatic = enableStatic;

+19 -16

pkgs/tools/networking/dropbear/pass-path.patch

··· 1 1 diff --git a/svr-chansession.c b/svr-chansession.c 2 - index e44299e..7ef750a 100644 2 + index 9ae2e60..2db7598 100644 3 3 --- a/svr-chansession.c 4 4 +++ b/svr-chansession.c 5 - @@ -893,6 +893,8 @@ static void addchildpid(struct ChanSess *chansess, pid_t pid) { 6 - static void execchild(void *user_data) { 7 - struct ChanSess *chansess = user_data; 5 + @@ -948,6 +948,8 @@ static void addchildpid(struct ChanSess *chansess, pid_t pid) { 6 + static void execchild(const void *user_data) { 7 + const struct ChanSess *chansess = user_data; 8 8 char *usershell = NULL; 9 - + const char *path = DEFAULT_PATH; 9 + + const char *path = (getuid() == 0) ? DEFAULT_ROOT_PATH : DEFAULT_PATH; 10 10 + const char *ldpath = NULL; 11 - 12 - /* with uClinux we'll have vfork()ed, so don't want to overwrite the 13 - * hostkey. can't think of a workaround to clear it */ 14 - @@ -905,6 +907,10 @@ static void execchild(void *user_data) { 11 + char *cp = NULL; 12 + char *envcp = getenv("LANG"); 13 + if (envcp != NULL) { 14 + @@ -965,6 +967,11 @@ static void execchild(const void *user_data) { 15 15 seedrandom(); 16 16 #endif 17 17 18 - + if (getenv("PATH")) 18 + + if (getenv("PATH")) { 19 19 + path = getenv("PATH"); 20 + + } 20 21 + ldpath = getenv("LD_LIBRARY_PATH"); 21 22 + 22 - /* clear environment */ 23 + /* clear environment if -e was not set */ 23 24 /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD 24 25 * etc. This is hazardous, so should only be used for debugging. */ 25 - @@ -948,7 +954,10 @@ static void execchild(void *user_data) { 26 + @@ -1012,10 +1019,9 @@ static void execchild(const void *user_data) { 26 27 addnewvar("LOGNAME", ses.authstate.pw_name); 27 28 addnewvar("HOME", ses.authstate.pw_dir); 28 29 addnewvar("SHELL", get_user_shell()); 29 - - addnewvar("PATH", DEFAULT_PATH); 30 + - if (getuid() == 0) { 31 + - addnewvar("PATH", DEFAULT_ROOT_PATH); 32 + - } else { 33 + - addnewvar("PATH", DEFAULT_PATH); 30 34 + addnewvar("PATH", path); 31 35 + if (ldpath != NULL) { 32 36 + addnewvar("LD_LIBRARY_PATH", ldpath); 33 - + } 34 - if (chansess->term != NULL) { 35 - addnewvar("TERM", chansess->term); 36 37 } 38 + if (cp != NULL) { 39 + addnewvar("LANG", cp);