dropbear: version bump 2017.75 -> 2019.78

The major change with 2018.76 was in configuration, moving from editing
'options.h' to adding things to 'localoptions.h'. The latter file must
be created in the extracted sources, a pragmatic approach was used to
add the defines, as seen in the buildroot project.

All options were compared to 'default_options.h' and 'sysoptions.h' from
the dropbear source. Not all options are in default_options, e.g. the
deprecated md5 hmac. A warning for that one was added.

Various things were fixed and improved in dropbear, changes notable:

+ 2019.78 / 2019.77
  - Fix 2018.76 regressions
  - Improve failure delay consistency
  - Change handling of failed authentication to avoid disclosing valid
    usernames, CVE-2018-15599.

+ 2018.76
  - Enable hardening build flags
  - New key exchange options
  - Improved DSS and RSA pubkey validation
  - Fix null pointer crash on malformed keys
  - Update curve25519-donna implementation

Signed-off-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20200311132408.11924-3-ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

3 files changed, 52 insertions, 0 deletions

diff --git a/patches/dropbear-2019.78/0001-configure-Fix-disable-fuzz.patch b/patches/dropbear-2019.78/0001-configure-Fix-disable-fuzz.patch
new file mode 100644
index 000000000..03aec183a
--- /dev/null
+++ b/patches/dropbear-2019.78/0001-configure-Fix-disable-fuzz.patch
@@ -0,0 +1,47 @@
+From: Alexander Dahl <ada@thorsis.com>
+Date: Wed, 11 Mar 2020 10:50:45 +0100
+Subject: [PATCH] configure: Fix --disable-fuzz
+
+When explicitly passing --disable-fuzz to ./configure fuzz was actually
+enabled.
+
+Signed-off-by: Alexander Dahl <ada@thorsis.com>
+---
+
+Notes:
+    Sent upstream: https://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2020q1/002202.html
+
+ configure.ac | 17 ++++++++++++-----
+ 1 file changed, 12 insertions(+), 5 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 7199d7cb2300..104d60cfaf53 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -326,14 +326,21 @@ AC_ARG_ENABLE(shadow,
+ AC_ARG_ENABLE(fuzz,
+ 	[  --enable-fuzz           Build fuzzing. Not recommended for deployment.],
+ 	[
+-		AC_DEFINE(DROPBEAR_FUZZ, 1, Fuzzing)
+-		AC_MSG_NOTICE(Enabling fuzzing)
+-		DROPBEAR_FUZZ=1
+-		# libfuzzer needs linking with c++ libraries
+-		AC_PROG_CXX
++		if test "x$enableval" = "xyes"; then
++            AC_DEFINE(DROPBEAR_FUZZ, 1, Fuzzing)
++            AC_MSG_NOTICE(Enabling fuzzing)
++            DROPBEAR_FUZZ=1
++            # libfuzzer needs linking with c++ libraries
++            AC_PROG_CXX
++        else
++            AC_DEFINE(DROPBEAR_FUZZ, 0, Fuzzing)
++            AC_MSG_NOTICE(Disabling fuzzing)
++            DROPBEAR_FUZZ=0
++        fi
+ 	],
+ 	[
+ 		AC_DEFINE(DROPBEAR_FUZZ, 0, Fuzzing)
++		AC_MSG_NOTICE(Disabling fuzzing)
+ 		DROPBEAR_FUZZ=0
+ 	]
+ 
diff --git a/patches/dropbear-2019.78/autogen.sh b/patches/dropbear-2019.78/autogen.sh
new file mode 120000
index 000000000..9f8a4cb7d
--- /dev/null
+++ b/patches/dropbear-2019.78/autogen.sh
@@ -0,0 +1 @@
+../autogen.sh
\ No newline at end of file
diff --git a/patches/dropbear-2019.78/series b/patches/dropbear-2019.78/series
new file mode 100644
index 000000000..3e5a5247e
--- /dev/null
+++ b/patches/dropbear-2019.78/series
@@ -0,0 +1,4 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+0001-configure-Fix-disable-fuzz.patch
+# c03ca050bdd0c61ac96e5bd22c9d0947  - git-ptx-patches magic