Your message dated Sat, 09 Jun 2007 11:47:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#386976: fixed in dropbear 0.49-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dropbear
Version: 0.48.1-1
I'm hitting the same problem as in bugs #310732 and #355414 - trying to
run dropbear on a small mipsel system, but /dev/random does not have
enough entropy. This makes dropbear unreliable on this system without
a recompile.
The attached patch adds a -u runtime option for using urandom.
Would this be an acceptable solution ?
Thanks,
--
Michel "Walken" Lespinasse
"Bill Gates is a monocle and a Persian cat away from being the villain
in a James Bond movie." -- Dennis Miller
diff -ru dropbear-0.48.1.orig/Makefile.in dropbear-0.48.1.urandom/Makefile.in
--- dropbear-0.48.1.orig/Makefile.in 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/Makefile.in 2006-09-11 05:14:42.000000000 -0700
@@ -20,7 +20,8 @@
dss.o bignum.o \
signkey.o rsa.o random.o \
queue.o \
- atomicio.o compat.o fake-rfc2553.o
+ atomicio.o compat.o fake-rfc2553.o \
+ common-runopts.o
SVROBJS=svr-kex.o svr-algo.o svr-auth.o sshpty.o \
svr-authpasswd.o svr-authpubkey.o svr-session.o svr-service.o \
@@ -34,7 +35,7 @@
CLISVROBJS=common-session.o packet.o common-algo.o common-kex.o \
common-channel.o common-chansession.o termcodes.o
loginrec.o \
tcp-accept.o listener.o process-packet.o \
- common-runopts.o circbuffer.o
+ circbuffer.o
KEYOBJS=dropbearkey.o gendss.o genrsa.o
diff -ru dropbear-0.48.1.orig/cli-runopts.c
dropbear-0.48.1.urandom/cli-runopts.c
--- dropbear-0.48.1.orig/cli-runopts.c 2006-03-11 20:52:52.000000000 -0800
+++ dropbear-0.48.1.urandom/cli-runopts.c 2006-09-11 04:54:00.000000000
-0700
@@ -63,6 +63,9 @@
#ifdef DEBUG_TRACE
"-v verbose\n"
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ "-u use urandom device\n"
+#endif
,DROPBEAR_VERSION, cli_opts.progname);
}
@@ -99,6 +102,9 @@
#ifdef ENABLE_CLI_REMOTETCPFWD
cli_opts.remotefwds = NULL;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
/* not yet
opts.ipv4 = 1;
opts.ipv6 = 1;
@@ -188,6 +194,11 @@
debug_trace = 1;
break;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ case 'u':
+ opts.use_urandom_dev = 1;
+ break;
+#endif
case 'F':
case 'e':
case 'c':
diff -ru dropbear-0.48.1.orig/dropbearconvert.c
dropbear-0.48.1.urandom/dropbearconvert.c
--- dropbear-0.48.1.orig/dropbearconvert.c 2006-03-11 20:52:51.000000000
-0800
+++ dropbear-0.48.1.urandom/dropbearconvert.c 2006-09-11 05:22:26.000000000
-0700
@@ -24,6 +24,7 @@
/* This program converts to/from Dropbear and OpenSSH private-key formats */
#include "includes.h"
+#include "runopts.h"
#include "signkey.h"
#include "buffer.h"
#include "dbutil.h"
@@ -66,6 +67,9 @@
/* It's hard for it to get in the way _too_ much */
debug_trace = 1;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
/* get the commandline options */
if (argc != 5) {
diff -ru dropbear-0.48.1.orig/dropbearkey.c
dropbear-0.48.1.urandom/dropbearkey.c
--- dropbear-0.48.1.orig/dropbearkey.c 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/dropbearkey.c 2006-09-11 05:20:45.000000000
-0700
@@ -45,6 +45,7 @@
*
*/
#include "includes.h"
+#include "runopts.h"
#include "signkey.h"
#include "buffer.h"
#include "dbutil.h"
@@ -79,6 +80,9 @@
#ifdef DEBUG_TRACE
"-v verbose\n"
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ "-u use urandom device\n"
+#endif
,progname);
}
@@ -101,6 +105,10 @@
unsigned int keysize;
int printpub = 0;
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
+
/* get the commandline options */
for (i = 1; i < argc; i++) {
if (argv[i] == NULL) {
@@ -135,6 +143,11 @@
debug_trace = 1;
break;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ case 'u':
+ opts.use_urandom_dev = 1;
+ break;
+#endif
default:
fprintf(stderr, "Unknown argument
%s\n", argv[i]);
printhelp(argv[0]);
diff -ru dropbear-0.48.1.orig/options.h dropbear-0.48.1.urandom/options.h
--- dropbear-0.48.1.orig/options.h 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/options.h 2006-09-11 04:32:40.000000000 -0700
@@ -156,6 +156,10 @@
* doing if you change this. */
#define DROPBEAR_RANDOM_DEV "/dev/random"
+/* If DROPBEAR_URANDOM_DEV is defined in addition of DROPBEAR_RANDOM_DEV,
+ * it will be selectable at runtime using the -u option. */
+#define DROPBEAR_URANDOM_DEV "/dev/urandom"
+
/* prngd must be manually set up to produce output */
/*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
@@ -379,6 +383,10 @@
#error "You must choose one of DROPBEAR_PRNGD_SOCKET or DROPBEAR_RANDOM_DEV in
options.h"
#endif
+#if defined(DROPBEAR_URANDOM_DEV) && !defined(DROPBEAR_RANDOM_DEV)
+#error "You can't turn on DROPBEAR_URANDOM_DEV when DROPBEAR_RANDOM_DEV is off"
+#endif
+
/* We use dropbear_client and dropbear_server as shortcuts to avoid redundant
* code, if we're just compiling as client or server */
#if defined(DROPBEAR_SERVER) && defined(DROPBEAR_CLIENT)
diff -ru dropbear-0.48.1.orig/random.c dropbear-0.48.1.urandom/random.c
--- dropbear-0.48.1.orig/random.c 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/random.c 2006-09-11 04:52:39.000000000 -0700
@@ -23,6 +23,7 @@
* SOFTWARE. */
#include "includes.h"
+#include "runopts.h"
#include "buffer.h"
#include "dbutil.h"
#include "bignum.h"
@@ -55,13 +56,21 @@
int readfd;
unsigned int readpos;
int readlen;
+#ifdef DROPBEAR_RANDOM_DEV
+ char *random_dev = DROPBEAR_RANDOM_DEV;
+#endif
#ifdef DROPBEAR_PRNGD_SOCKET
struct sockaddr_un egdsock;
char egdcmd[2];
#endif
#ifdef DROPBEAR_RANDOM_DEV
- readfd = open(DROPBEAR_RANDOM_DEV, O_RDONLY);
+#ifdef DROPBEAR_URANDOM_DEV
+ if (opts.use_urandom_dev) {
+ random_dev = DROPBEAR_URANDOM_DEV;
+ }
+#endif
+ readfd = open(random_dev, O_RDONLY);
if (readfd < 0) {
dropbear_exit("couldn't open random device");
}
diff -ru dropbear-0.48.1.orig/runopts.h dropbear-0.48.1.urandom/runopts.h
--- dropbear-0.48.1.orig/runopts.h 2006-03-11 20:52:51.000000000 -0800
+++ dropbear-0.48.1.urandom/runopts.h 2006-09-11 04:38:31.000000000 -0700
@@ -37,6 +37,10 @@
int listen_fwd_all;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ int use_urandom_dev;
+#endif
+
} runopts;
extern runopts opts;
diff -ru dropbear-0.48.1.orig/svr-runopts.c
dropbear-0.48.1.urandom/svr-runopts.c
--- dropbear-0.48.1.orig/svr-runopts.c 2006-03-11 20:52:52.000000000 -0800
+++ dropbear-0.48.1.urandom/svr-runopts.c 2006-09-11 04:43:55.000000000
-0700
@@ -78,6 +78,9 @@
#ifdef DEBUG_TRACE
"-v verbose\n"
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ "-u use urandom device\n"
+#endif
,DROPBEAR_VERSION, progname,
#ifdef DROPBEAR_DSS
DSS_PRIV_FILENAME,
@@ -124,6 +127,9 @@
#ifdef ENABLE_SVR_REMOTETCPFWD
opts.listen_fwd_all = 0;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ opts.use_urandom_dev = 0;
+#endif
for (i = 1; i < (unsigned int)argc; i++) {
if (next) {
@@ -211,6 +217,11 @@
debug_trace = 1;
break;
#endif
+#ifdef DROPBEAR_URANDOM_DEV
+ case 'u':
+ opts.use_urandom_dev = 1;
+ break;
+#endif
default:
fprintf(stderr, "Unknown argument
%s\n", argv[i]);
printhelp(argv[0]);
--- End Message ---
--- Begin Message ---
Source: dropbear
Source-Version: 0.49-2
We believe that the bug you reported is fixed in the latest version of
dropbear, which is due to be installed in the Debian FTP archive:
dropbear_0.49-2.diff.gz
to pool/main/d/dropbear/dropbear_0.49-2.diff.gz
dropbear_0.49-2.dsc
to pool/main/d/dropbear/dropbear_0.49-2.dsc
dropbear_0.49-2_powerpc.deb
to pool/main/d/dropbear/dropbear_0.49-2_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gerrit Pape <[EMAIL PROTECTED]> (supplier of updated dropbear package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 09 Jun 2007 08:59:59 +0000
Source: dropbear
Binary: dropbear
Architecture: source powerpc
Version: 0.49-2
Distribution: unstable
Urgency: low
Maintainer: Gerrit Pape <[EMAIL PROTECTED]>
Changed-By: Gerrit Pape <[EMAIL PROTECTED]>
Description:
dropbear - lightweight SSH2 server and client
Closes: 386976
Changes:
dropbear (0.49-2) unstable; urgency=low
.
* debian/rules: apply diffs from debian/diff/ with patch -p1 instead of
-p0.
* debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
new; options.h: use /dev/urandom instead of /dev/random as
DROPBEAR_RANDOM_DEV (closes: #386976).
* debian/rules: target clean: remove libtomcrypt/Makefile,
libtommath/Makefile.
Files:
27c803443e7796c398b78fc5a821246e 550 net optional dropbear_0.49-2.dsc
d1f2c434634df3202da60ea7191b0e13 3471 net optional dropbear_0.49-2.diff.gz
e138d3948252f72d9827021397d3c411 245112 net optional
dropbear_0.49-2_powerpc.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGapIFGJoyQbxwpv8RAo3EAJ4g+Qo+iEnA6g+CYgDpK/84Ta0tQQCfXyyz
hiB2W29n7hNuSn7e2hxXdF0=
=Ziew
-----END PGP SIGNATURE-----
--- End Message ---
