An update is available for dropbear which fixes multiple issues.
Changelog can be found at https://matt.ucc.asn.au/dropbear/CHANGES
While here add dropbear.rc, which generates a key upon first connection
(-R), and attaches to 127.0.0.1:8022.
Comments/OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/dropbear/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- Makefile 4 Dec 2017 17:56:27 -0000 1.4
+++ Makefile 6 Mar 2018 07:02:38 -0000
@@ -2,7 +2,7 @@
COMMENT= small SSH server and client
-DISTNAME= dropbear-2017.75
+DISTNAME= dropbear-2018.76
EXTRACT_SUFX= .tar.bz2
CATEGORIES= security net
@@ -21,7 +21,10 @@ USE_GMAKE= Yes
CONFIGURE_STYLE= gnu
#NO_TEST= Yes
+post-extract:
+ cp ${WRKDIST}/default_options.h ${WRKDIST}/localoptions.h
+
post-configure:
- ${SUBST_CMD} ${WRKSRC}/options.h
+ ${SUBST_CMD} ${WRKSRC}/localoptions.h
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/dropbear/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo 23 May 2017 13:44:13 -0000 1.3
+++ distinfo 6 Mar 2018 07:02:38 -0000
@@ -1,2 +1,2 @@
-SHA256 (dropbear-2017.75.tar.bz2) = bLwdyxyXCdIm3/Zp5WBBcqGM9dv5ogFHTVYYrkRlCYw=
-SIZE (dropbear-2017.75.tar.bz2) = 1623392
+SHA256 (dropbear-2018.76.tar.bz2) = 8vuRZ+yoz5NFal/B1Pr3CZAqOrcN1E41LzrLw//a6mU=
+SIZE (dropbear-2018.76.tar.bz2) = 2688697
Index: patches/patch-localoptions_h
===================================================================
RCS file: patches/patch-localoptions_h
diff -N patches/patch-localoptions_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-localoptions_h 6 Mar 2018 07:02:38 -0000
@@ -0,0 +1,53 @@
+$OpenBSD$
+
+Index: localoptions.h
+--- localoptions.h.orig
++++ localoptions.h
+@@ -19,9 +19,9 @@ IMPORTANT: Some options will require "make clean" afte
+ #define DROPBEAR_DEFADDRESS ""
+
+ /* Default hostkey paths - these can be specified on the command line */
+-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
+-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
+-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
++#define DSS_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_dss_host_key"
++#define RSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_rsa_host_key"
++#define ECDSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_ecdsa_host_key"
+
+ /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
+ * on chosen ports and keeps accepting connections. This is the default.
+@@ -44,7 +44,7 @@ IMPORTANT: Some options will require "make clean" afte
+ * several kB in binary size however will make the symmetrical ciphers and hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
+-#define DROPBEAR_SMALL_CODE 1
++#define DROPBEAR_SMALL_CODE 0
+
+ /* Enable X11 Forwarding - server only */
+ #define DROPBEAR_X11FWD 1
+@@ -243,7 +243,7 @@ Homedir is prepended unless path begins with / */
+
+ /* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+-#define XAUTH_COMMAND "/usr/bin/xauth -q"
++#define XAUTH_COMMAND "${X11BASE}/bin/xauth -q"
+
+
+ /* if you want to enable running an sftp server (such as the one included with
+@@ -254,7 +254,7 @@ Homedir is prepended unless path begins with / */
+
+ /* This is used by the scp binary when used as a client binary. If you're
+ * not using the Dropbear client, you'll need to change it */
+-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
++#define DROPBEAR_PATH_SSH_PROGRAM "${TRUEPREFIX}//bin/dbclient"
+
+ /* Whether to log commands executed by a client. This only logs the
+ * (single) command sent to the server, not what a user did in a
+@@ -290,6 +290,6 @@ be overridden at runtime with -I. 0 disables idle time
+ #define DEFAULT_IDLE_TIMEOUT 0
+
+ /* The default path. This will often get replaced by the shell */
+-#define DEFAULT_PATH "/usr/bin:/bin"
++#define DEFAULT_PATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin"
+
+
No comments:
Post a Comment