|
Christopher Meng |
6b0300d |
%global _hardened_build 1
|
|
Christopher Meng |
6b0300d |
|
|
Christopher Meng |
6aaf3c8 |
Name: dropbear
|
|
|
13a80d4 |
Version: 2019.78
|
|
|
6ad611f |
Release: 5%{?dist}
|
|
|
712fc09 |
Summary: Lightweight SSH server and client
|
|
Christopher Meng |
6aaf3c8 |
License: MIT
|
|
|
7be9258 |
URL: https://matt.ucc.asn.au/dropbear/dropbear.html
|
|
|
7be9258 |
Source0: https://matt.ucc.asn.au/%{name}/releases/%{name}-%{version}.tar.bz2
|
|
Christopher Meng |
6aaf3c8 |
Source1: dropbear.service
|
|
Christopher Meng |
6aaf3c8 |
Source2: dropbear-keygen.service
|
|
|
8a80043 |
# CVE-2020-36254
|
|
|
8a80043 |
# https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff
|
|
|
8a80043 |
Patch0: 0001-scp.c-Port-OpenSSH-CVE-2018-20685-fix-80-CVE-2020-36254.patch
|
|
|
6ad611f |
# CVE-2021-36369
|
|
|
6ad611f |
# https://github.com/mkj/dropbear/commit/210a9833496ed2a93b8da93924874938127ce0b5
|
|
|
6ad611f |
Patch1: 0002-added-option-to-disable-trivial-auth-methods-128-CVE-2021-36369.patch
|
|
|
97e36b8 |
BuildRequires: gcc
|
|
Christopher Meng |
6aaf3c8 |
BuildRequires: libtomcrypt-devel
|
|
Christopher Meng |
6aaf3c8 |
BuildRequires: libtommath-devel
|
|
Christopher Meng |
6aaf3c8 |
BuildRequires: pam-devel
|
|
Christopher Meng |
6aaf3c8 |
BuildRequires: systemd
|
|
|
b1e09ad |
%{?systemd_requires}
|
|
|
3b7f576 |
# For triggerun
|
|
Christopher Meng |
6aaf3c8 |
Requires(post): systemd-sysv
|
|
|
b1e09ad |
BuildRequires: zlib-devel
|
|
|
0c01628 |
|
|
|
0c01628 |
%description
|
|
|
712fc09 |
Dropbear is a relatively small SSH server and client. It's particularly useful
|
|
|
712fc09 |
for "embedded"-type Linux (or other Unix) systems, such as wireless routers.
|
|
|
0c01628 |
|
|
|
0c01628 |
%prep
|
|
|
8a80043 |
%autosetup -p 1
|
|
|
0c01628 |
iconv -f iso-8859-1 -t utf-8 -o CHANGES{.utf8,}
|
|
|
0c01628 |
mv CHANGES{.utf8,}
|
|
|
0c01628 |
|
|
|
0c01628 |
%build
|
|
|
fa42f7e |
%configure --enable-pam --disable-bundled-libtom
|
|
|
eb72655 |
|
|
|
eb72655 |
cat > localoptions.h <
|
|
|
eb72655 |
#define SFTPSERVER_PATH "/usr/libexec/openssh/sftp-server"
|
|
|
eb72655 |
EOT
|
|
|
eb72655 |
|
|
|
1e7a159 |
%make_build
|
|
|
0c01628 |
|
|
|
0c01628 |
%install
|
|
|
1e7a159 |
%make_install
|
|
Christopher Meng |
6aaf3c8 |
install -d %{buildroot}%{_sysconfdir}/%{name}
|
|
Christopher Meng |
c0c7442 |
install -d %{buildroot}%{_unitdir}
|
|
Christopher Meng |
c8ae5ec |
install -pm644 %{S:1} %{buildroot}%{_unitdir}/%{name}.service
|
|
Christopher Meng |
c8ae5ec |
install -pm644 %{S:2} %{buildroot}%{_unitdir}/dropbear-keygen.service
|
|
|
0c01628 |
|
|
|
0c01628 |
%post
|
|
Christopher Meng |
6aaf3c8 |
%systemd_post %{name}.service
|
|
|
3b7f576 |
|
|
|
0c01628 |
%postun
|
|
Christopher Meng |
6aaf3c8 |
%systemd_postun_with_restart %{name}.service
|
|
|
0c01628 |
|
|
|
0c01628 |
%preun
|
|
Christopher Meng |
6aaf3c8 |
%systemd_preun %{name}.service
|
|
|
0c01628 |
|
|
|
3b7f576 |
%triggerun -- dropbear < 0.55-2
|
|
|
3b7f576 |
# Save the current service runlevel info
|
|
|
3b7f576 |
# User must manually run systemd-sysv-convert --apply dropbear
|
|
|
3b7f576 |
# to migrate them to systemd targets
|
|
Christopher Meng |
6aaf3c8 |
systemd-sysv-convert --save dropbear >/dev/null 2>&1 ||:
|
|
|
3b7f576 |
|
|
|
3b7f576 |
# Run these because the SysV package being removed won't do them
|
|
Christopher Meng |
6aaf3c8 |
chkconfig --del dropbear >/dev/null 2>&1 || :
|
|
Christopher Meng |
6aaf3c8 |
systemctl try-restart dropbear.service >/dev/null 2>&1 || :
|
|
|
3b7f576 |
|
|
|
0c01628 |
%files
|
|
|
b1e09ad |
%doc CHANGES README
|
|
|
7be9258 |
%license LICENSE
|
|
Christopher Meng |
6aaf3c8 |
%dir %{_sysconfdir}/dropbear
|
|
Christopher Meng |
6aaf3c8 |
%{_unitdir}/dropbear*
|
|
Christopher Meng |
c8ae5ec |
%{_bindir}/dropbearkey
|
|
Christopher Meng |
c8ae5ec |
%{_bindir}/dropbearconvert
|
|
Christopher Meng |
c8ae5ec |
%{_bindir}/dbclient
|
|
Christopher Meng |
c8ae5ec |
%{_sbindir}/dropbear
|
|
Christopher Meng |
6aaf3c8 |
%{_mandir}/man1/*.1*
|
|
Christopher Meng |
6aaf3c8 |
%{_mandir}/man8/*.8*
|
|
|
0c01628 |
|
|
|
0c01628 |
%changelog
|
|
|
6ad611f |
* Wed May 17 2023 Carl George <carl@george.computer> - 2019.78-5
|
|
|
6ad611f |
- Backport fix for CVE-2021-36369, resolves rhbz#2135231
|
|
|
6ad611f |
|
|
|
8a80043 |
* Wed Sep 28 2022 Carl George <carl@george.computer> - 2019.78-4
|
|
|
8a80043 |
- Backport fix for CVE-2020-36254, resolves rhbz#1933067
|
|
|
8a80043 |
|
|
|
d99f692 |
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2019.78-3
|
|
|
d99f692 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
d99f692 |
|
|
|
5727eea |
* Wed Jul 24 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2019.78-2
|
|
|
5727eea |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
5727eea |
|
|
|
13a80d4 |
* Thu Mar 27 2019 Daniel Lara <danniel@fedoraproject.org> - 2019.78.1
|
|
|
13a80d4 |
- new version 2019.78
|
|
|
13a80d4 |
|
|
|
9a6af46 |
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2018.76-5
|
|
|
9a6af46 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
9a6af46 |
|
|
|
b4c6b7d |
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2018.76-4
|
|
|
b4c6b7d |
- Rebuilt for libcrypt.so.2 (#1666033)
|
|
|
b4c6b7d |
|
|
|
c0bc238 |
* Thu Jul 12 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2018.76-3
|
|
|
c0bc238 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
c0bc238 |
|
|
|
eb72655 |
* Sun May 06 2018 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2018.76-2
|
|
|
eb72655 |
- adjust sftp-server path
|
|
|
eb72655 |
|
|
|
b1e09ad |
* Wed Feb 28 2018 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2018.76-1
|
|
|
b1e09ad |
- new version 2018.76
|
|
|
b1e09ad |
|
|
|
97e36b8 |
* Mon Feb 19 2018 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2017.75-7
|
|
|
97e36b8 |
- add gcc into buildrequires
|
|
|
97e36b8 |
|
|
|
c316677 |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2017.75-6
|
|
|
c316677 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
c316677 |
|
|
|
44f9646 |
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2017.75-5
|
|
|
44f9646 |
- Rebuilt for switch to libxcrypt
|
|
|
44f9646 |
|
|
|
f07e468 |
* Mon Oct 23 2017 Simone Caronni <negativo17@gmail.com> - 2017.75-4
|
|
|
f07e468 |
- Rebuild for libtomcrypt update.
|
|
|
f07e468 |
|
|
|
26df657 |
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2017.75-3
|
|
|
26df657 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
26df657 |
|
|
|
c44cc26 |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2017.75-2
|
|
|
c44cc26 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
c44cc26 |
|
|
|
9777096 |
* Fri May 26 2017 Lennert Buytenhek <buytenh@wantstofly.org> - 2017.75-1
|
|
|
9777096 |
- Update to 2017.75 (#1452738)
|
|
|
9777096 |
|
|
|
f2332aa |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2016.74-2
|
|
|
f2332aa |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
f2332aa |
|
|
Daniel Lara |
e9a1b34 |
* Fri Jul 22 2016 Daniel Lara <danniel@fedoraproject.org> - 2016.74-1
|
|
Daniel Lara |
e9a1b34 |
- new version
|
|
Daniel Lara |
e9a1b34 |
|
|
|
9268831 |
* Fri Mar 18 2016 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2016.73-1
|
|
|
9268831 |
- new version
|
|
|
9268831 |
|
|
|
d7a1833 |
* Thu Mar 10 2016 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 2016.72-1
|
|
|
d7a1833 |
- new version
|
|
|
d7a1833 |
|
|
|
3ea31ca |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 2015.71-2
|
|
|
3ea31ca |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
3ea31ca |
|
|
|
b496539 |
* Fri Dec 04 2015 Fedora Release Monitoring <release-monitoring@fedoraproject.org> - 2015.71-1
|
|
|
b496539 |
- Update to 2015.71 (#1251704)
|
|
|
b496539 |
|
|
|
712fc09 |
* Sun Aug 09 2015 Christopher Meng <rpm@cicku.me> - 2015.68-1
|
|
|
712fc09 |
- Update to 2015.68
|
|
|
712fc09 |
|
|
|
d4b842d |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2015.67-2
|
|
|
d4b842d |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
d4b842d |
|
|
|
7be9258 |
* Sun Feb 01 2015 Christopher Meng <rpm@cicku.me> - 2015.67-1
|
|
|
7be9258 |
- Update to 2015.67
|
|
|
7be9258 |
|
|
|
1a5ccfd |
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2014.65-2
|
|
|
1a5ccfd |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
1a5ccfd |
|
|
|
bdf720a |
* Fri Aug 08 2014 Christopher Meng <rpm@cicku.me> - 2014.65-1
|
|
|
bdf720a |
- Update to 2014.65
|
|
|
bdf720a |
|
|
|
00a2f5b |
* Mon Jul 28 2014 Christopher Meng <rpm@cicku.me> - 2014.64-1
|
|
|
00a2f5b |
- Update to 2014.64
|
|
|
00a2f5b |
|
|
|
d7c7ef1 |
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2014.63-2
|
|
|
d7c7ef1 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
|
|
|
d7c7ef1 |
|
|
|
fa42f7e |
* Wed Feb 19 2014 Christopher Meng <rpm@cicku.me> - 2014.63-1
|
|
|
fa42f7e |
- Update to 2014.63
|
|
|
fa42f7e |
|
|
Christopher Meng |
c8ae5ec |
* Wed Dec 04 2013 Christopher Meng <rpm@cicku.me> - 2013.62-1
|
|
Christopher Meng |
c8ae5ec |
- Update to 2013.62
|
|
Christopher Meng |
c8ae5ec |
|
|
Christopher Meng |
6aaf3c8 |
* Mon Oct 07 2013 Christopher Meng <rpm@cicku.me> - 2013.59-1
|
|
Christopher Meng |
6aaf3c8 |
- New version.
|
|
Christopher Meng |
6aaf3c8 |
- Adapt the version tag to match the actual one.
|
|
Christopher Meng |
6aaf3c8 |
- Add systemd BR(BZ#992141).
|
|
Christopher Meng |
6aaf3c8 |
- Unbundle libtom libraries(BZ#992141).
|
|
Christopher Meng |
6aaf3c8 |
- Add AArch64 support(BZ#925278).
|
|
Christopher Meng |
6aaf3c8 |
- SPEC cleanup.
|
|
Christopher Meng |
6aaf3c8 |
|
|
|
4b611d9 |
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.58-5
|
|
|
4b611d9 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
4b611d9 |
|
|
Christopher Meng |
8ced33b |
* Tue May 21 2013 Christopher Meng <rpm@cicku.me> - 0.58-4
|
|
Christopher Meng |
8ced33b |
- Cleanup systemd unit files.
|
|
Christopher Meng |
8ced33b |
|
|
Christopher Meng |
caf3b48 |
* Thu May 16 2013 Christopher Meng <rpm@cicku.me> - 0.58-3
|
|
Christopher Meng |
ef89da5 |
- Rebuilt.
|
|
Christopher Meng |
ef89da5 |
|
|
Christopher Meng |
ef89da5 |
* Thu May 16 2013 Christopher Meng <rpm@cicku.me> - 0.58-2
|
|
Christopher Meng |
6b0300d |
- Force PIE build for security issue.
|
|
Christopher Meng |
6b0300d |
|
|
Itamar Reis Peixoto |
c4c8fb0 |
* Wed May 08 2013 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 0.58-1
|
|
Itamar Reis Peixoto |
c4c8fb0 |
- new version
|
|
Itamar Reis Peixoto |
c4c8fb0 |
|
|
|
b02191c |
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.55-5
|
|
|
b02191c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
b02191c |
|
|
|
6178d8c |
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.55-4
|
|
|
6178d8c |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
6178d8c |
|
|
Christopher Meng |
6aaf3c8 |
* Sun Apr 22 2012 Jon Ciesla <limburgher@gmail.com> - 0.55-3
|
|
|
f555b29 |
- Enable pam support, fix unit file.
|
|
|
f555b29 |
|
|
|
3b7f576 |
* Fri Apr 20 2012 Jon Ciesla <limburgher@gmail.com> - 0.55-2
|
|
|
3b7f576 |
- Migrate to systemd, BZ 770251.
|
|
|
3b7f576 |
|
|
|
f636900 |
* Sun Apr 01 2012 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 0.55-1
|
|
|
f636900 |
- new version 2012.55
|
|
|
f636900 |
|
|
|
b06907a |
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.52-3
|
|
|
b06907a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
b06907a |
|
|
|
f701fc9 |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.52-2
|
|
|
f701fc9 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
f701fc9 |
|
|
|
c1399fa |
* Mon Apr 19 2010 Itamar Reis Peixoto <itamar@ispbrasil.com.br> - 0.52-1
|
|
|
c1399fa |
- New version 0.5.2
|
|
|
c1399fa |
|
|
|
99078f1 |
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.50-5
|
|
|
99078f1 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
99078f1 |
|
|
|
69f4a3a |
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.50-4
|
|
|
69f4a3a |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
69f4a3a |
|
|
|
ec944a8 |
* Mon Feb 18 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 0.50-3
|
|
|
ec944a8 |
- Autorebuild for GCC 4.3
|
|
|
ec944a8 |
|
|
Christopher Meng |
6aaf3c8 |
* Thu Jan 10 2008 Lennert Buytenhek <buytenh@wantstofly.org> - 0.50-2
|
|
|
0c01628 |
- Incorporate changes from Fedora package review:
|
|
|
0c01628 |
- Use full URL for Source0.
|
|
|
0c01628 |
- Ship dropbear.init with mode 0644 in the SRPM.
|
|
|
0c01628 |
- Convert CHANGES to utf-8 in %%setup, as the version shipped with
|
|
|
0c01628 |
dropbear 0.50 isn't utf-8 clean (it's in iso-8859-1.)
|
|
|
0c01628 |
- Add a reload entry to the init script, and don't enable the
|
|
|
0c01628 |
service by default.
|
|
|
0c01628 |
|
|
|
0c01628 |
* Mon Jan 7 2008 Lennert Buytenhek <buytenh@wantstofly.org> - 0.50-1
|
|
|
0c01628 |
- Update to 0.50.
|
|
|
0c01628 |
- Add init script.
|
|
|
0c01628 |
|
|
|
0c01628 |
* Fri Aug 3 2007 Lennert Buytenhek <buytenh@wantstofly.org> - 0.49-1
|
|
|
0c01628 |
- Initial packaging.
|