diff options
author | Piotr Kubaj <pkubaj@FreeBSD.org> | 2022-11-15 21:32:03 +0000 |
---|---|---|
committer | Piotr Kubaj <pkubaj@FreeBSD.org> | 2022-11-15 21:52:51 +0000 |
commit | 17112226551be3350d06a66040413a26f252cb30 (patch) | |
tree | c9f7048db96f9c9a603eafd5ebcbc0e85fbee508 | |
parent | 00ef172a51155e941cc51effcc6311c4633ad34b (diff) | |
download | ports-17112226551be3350d06a66040413a26f252cb30.tar.gz ports-17112226551be3350d06a66040413a26f252cb30.zip |
security/dropbear: update to 2022.83
Features and Changes:
Note >> for compatibility/configuration changes
- >> Disable DROPBEAR_DSS by default
It is only 1024 bit and uses sha1, most distros disable it by default already.
- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
>> RSA with sha1 will be disabled in a future release (rsa keys will continue
to work OK, with sha256 signatures used instead).
- Add option for requiring both password and pubkey (-t)
Patch from Jackkal
- Add 'no-touch-required' and 'verify-required' options for sk keys
Patch from Egor Duda
- >> DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
and DROPBEAR_SK_ED25519 options.
- Add 'permitopen' option for authorized_keys to restrict forwarded ports
Patch from Tuomas Haikarainen
- >> Added LTM_CFLAGS configure argument to set flags for building
bundled libtommath. This also restores the previous arguments used
in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
key generation, which regressed in 2022.82.
There is a tradeoff with code size, so -Os can be used if required.
https://github.com/mkj/dropbear/issues/174
Reported by David Bernard
- Add '-z' flag to disable setting QoS traffic class. This may be necessary
to work with broken networks or network drivers, exposed after changes to use
AF21 in 2022.82
https://github.com/mkj/dropbear/issues/193
Reported by yuhongwei380, patch from Petr Štetiar
- Allow overriding user shells with COMPAT_USER_SHELLS
Based on a patch from Matt Robinson
- Improve permission error message
Patch from k-kurematsu
- >> Remove HMAC_MD5 entirely
Regression fixes from 2022.82:
- Fix X11 build
- Fix build warning
- Fix compilation when disabling pubkey authentication
Patch from MaxMougg
- Fix MAX_UNAUTH_CLIENTS regression
Reported by ptpt52
- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled
https://github.com/mkj/dropbear/issues/174
Suggested by Steffen Jaeckel
- Fix Dropbear plugin support
https://github.com/mkj/dropbear/issues/194
Reported by Struan Bartlett
Other fixes:
- Fix long standing incorrect compression size check. Dropbear
(client or server) would erroneously exit with
"bad packet, oversized decompressed"
when receiving a compressed packet of exactly the maximum size.
- Fix missing setsid() removed in 2020.79
https://github.com/mkj/dropbear/issues/180
Reported and debugged by m5jt and David Bernard
- Try keyboard-interactive auth before password, in dbclient.
This was unintentionally changed back in 2013
https://github.com/mkj/dropbear/pull/190
Patch from Michele Giacomoli
- Drain the terminal when reading the fingerprint confirmation response
https://github.com/mkj/dropbear/pull/191
Patch from Michele Giacomoli
- Fix utx wtmp variable typo. This has been wrong for a long time but
only recently became a problem when wtmp was detected.
https://github.com/mkj/dropbear/pull/189
Patch from Michele Giacomoli
- Improve configure test for hardening options.
Fixes building on AIX
https://github.com/mkj/dropbear/issues/158
- Fix debian/dropbear.init newline
From wulei-student
Infrastructure:
- Test off-by-default compile options
- Set -Wundef to catch typos in #if statements
-rw-r--r-- | security/dropbear/Makefile | 14 | ||||
-rw-r--r-- | security/dropbear/distinfo | 6 |
2 files changed, 14 insertions, 6 deletions
diff --git a/security/dropbear/Makefile b/security/dropbear/Makefile index 7afc1bf72496..b4d920a1c25f 100644 --- a/security/dropbear/Makefile +++ b/security/dropbear/Makefile @@ -1,5 +1,5 @@ PORTNAME= dropbear -PORTVERSION= 2022.82 +PORTVERSION= 2022.83 CATEGORIES= security MASTER_SITES= https://matt.ucc.asn.au/dropbear/releases/ @@ -23,10 +23,10 @@ OPTIONS_DEFAULT= AES128 AES256 CURVE25519 ECDSA ED25519 GCM \ GROUP14_SHA256 GROUP16 RSA SHA2_256 OPTIONS_MULTI= ENC KEY KEX MAC MODE OPTIONS_MULTI_ENC= 3DES AES128 AES256 CHACHA20POLY1305 -OPTIONS_MULTI_KEY= ECDSA ED25519 RSA +OPTIONS_MULTI_KEY= DSS ECDSA ED25519 RSA OPTIONS_MULTI_KEX= CURVE25519 ECDH GROUP1 GROUP14_SHA1 GROUP14_SHA256 \ GROUP16 -OPTIONS_MULTI_MAC= MD5 SHA1 SHA1_96 SHA2_256 SHA2_512 +OPTIONS_MULTI_MAC= MD5 RSA_SHA1 SHA1 SHA1_96 SHA2_256 SHA2_512 OPTIONS_MULTI_MODE= CBC CTR GCM 3DES_DESC= Enable 3DES-based encryption @@ -36,6 +36,7 @@ CBC_DESC= Use CBC mode for ciphers (less secure) CHACHA20POLY1305_DESC= Enable chacha20poly1305-based encryption CTR_DESC= Use CTR mode for ciphers CURVE25519_DESC= Enable Curve25519 +DSS_DESC= Enable DSS (insecure) ECDH_DESC= Enable ECDH (insecure) ECDSA_DESC= Enable ECDSA public key support ED25519_DESC= Enable ED25519 public key support @@ -46,6 +47,7 @@ GROUP16_DESC= Enable Group16 Diffie-Hellman GROUP1_DESC= Enable Group1 Diffie-Hellman (insecure) MD5_DESC= Enable MD5 MAC (broken) RSA_DESC= Enable RSA public key support +RSA_SHA1_DESC= Enable RSA SHA1 MAC (insecure) SHA1_96_DESC= Enable SHA1_96 MAC (less secure) SHA1_DESC= Enable SHA1 MAC (less secure) SHA2_256_DESC= Enable SHA2_256 MAC @@ -89,6 +91,9 @@ post-patch-GCM-on: post-patch-CURVE25519-off: @${ECHO} "#define DROPBEAR_CURVE25519 0" >> ${WRKSRC}/localoptions.h +post-patch-DSS-on: + @${ECHO} "#define DROPBEAR_DSS 1" >> ${WRKSRC}/localoptions.h + post-patch-ECDH-off: @${ECHO} "#define DROPBEAR_ECDH 0" >> ${WRKSRC}/localoptions.h @@ -107,6 +112,9 @@ post-patch-GROUP16-on: post-patch-RSA-off: @${ECHO} "#define DROPBEAR_RSA 0" >> ${WRKSRC}/localoptions.h +post-patch-RSA_SHA1-off: + @${ECHO} "#define DROPBEAR_RSA_SHA1 0" >> ${WRKSRC}/localoptions.h + post-patch-ECDSA-off: @${ECHO} "#define DROPBEAR_ECDSA 0" >> ${WRKSRC}/localoptions.h diff --git a/security/dropbear/distinfo b/security/dropbear/distinfo index 2eb40d600511..74bcc7f48d49 100644 --- a/security/dropbear/distinfo +++ b/security/dropbear/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1649278626 -SHA256 (dropbear-2022.82.tar.bz2) = 3a038d2bbc02bf28bbdd20c012091f741a3ec5cbe460691811d714876aad75d1 -SIZE (dropbear-2022.82.tar.bz2) = 2309514 +TIMESTAMP = 1668547002 +SHA256 (dropbear-2022.83.tar.bz2) = bc5a121ffbc94b5171ad5ebe01be42746d50aa797c9549a4639894a16749443b +SIZE (dropbear-2022.83.tar.bz2) = 2322904 |