git.ipfire.org Git - thirdparty/openwrt.git/commit

]> git.ipfire.org Git - thirdparty/openwrt.git/commit

projects / thirdparty / openwrt.git / commit

author	Hauke Mehrtens <hauke@hauke-m.de>
	Tue, 16 Dec 2025 23:41:30 +0000 (00:41 +0100)
committer	Hauke Mehrtens <hauke@hauke-m.de>
	Wed, 17 Dec 2025 20:19:28 +0000 (21:19 +0100)
commit	0f52a05723988633882d6c52122009ce11f8956b
tree	1971910048bc74746c093e532500553c4b246ed2	tree
parent	58a0211f8201ab622b7b11d31629d6d755bd6526	commit \| diff

dropbear: backport security fixes

This fixes the following security problems:
CVE-2025-14282: Avoid privilege escalation via unix stream forwarding in Dropbear server.
CVE-2019-6111: This allowed a malicious server to overwrite arbitrary local files.

This backports two upstream merged PRs:
https://github.com/mkj/dropbear/pull/391
https://github.com/mkj/dropbear/pull/394
and this upstream commit:
https://github.com/mkj/dropbear/commit/48a17cff6aa104b8e806ddb2191f83f1024060f1

Link: https://github.com/openwrt/openwrt/pull/21192
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>

package/network/services/dropbear/Makefile		diff \| blob \| blame \| history
package/network/services/dropbear/patches/001-Drop-privileges-after-user-authentication.patch	[new file with mode: 0644]	blob
package/network/services/dropbear/patches/002-Remove-return-code-from-login_login.patch	[new file with mode: 0644]	blob
package/network/services/dropbear/patches/003-Retain-utmp-saved-group-when-dropping-privileges.patch	[new file with mode: 0644]	blob
package/network/services/dropbear/patches/004-Limit-rekey-to-current-hostkey-type.patch	[new file with mode: 0644]	blob
package/network/services/dropbear/patches/005-Restore-seteuid-for-authorized_keys.patch	[new file with mode: 0644]	blob
package/network/services/dropbear/patches/006-scp-CVE-2019-6111-fix.patch	[new file with mode: 0644]	blob
package/network/services/dropbear/patches/110-change_user.patch		diff \| blob \| blame \| history

Mirror of https://github.com/openwrt/openwrt.git

RSS Atom