From aaeee9c66883c6c8bdc1656494110eeaa3264977 Mon Sep 17 00:00:00 2001 From: drochner Date: Wed, 5 Sep 2007 21:08:06 +0000 Subject: update to 0.50 changes: - Add DROPBEAR_PASSWORD environment variable to specify a dbclient password - Use /dev/urandom by default, since that's what everyone does anyway - Exit with an exit code of 1 if dropbear can't bind to any ports - Improve network performance and add a -W argument for adjusting the tradeoff between network performance and memory consumption - Fix a problem where reply packets could be sent during key exchange, in violation of the SSH spec. This could manifest itself with connections being terminated after 8 hours with new TCP-forward connections being established - Add -K argument, ensuring that data is transmitted over the connection at least every N seconds - dropbearkey will no longer generate DSS keys of sizes other than 1024 bits, as required by the DSS specification. (Other sizes are still accepted for use to provide backwards compatibility) --- security/dropbear/Makefile | 4 ++-- security/dropbear/distinfo | 10 +++++----- security/dropbear/patches/patch-ab | 13 ++----------- 3 files changed, 9 insertions(+), 18 deletions(-) (limited to 'security') diff --git a/security/dropbear/Makefile b/security/dropbear/Makefile index f06dd32dcef..b4f13792e25 100644 --- a/security/dropbear/Makefile +++ b/security/dropbear/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.19 2007/03/23 20:07:02 drochner Exp $ +# $NetBSD: Makefile,v 1.20 2007/09/05 21:08:06 drochner Exp $ -DISTNAME= dropbear-0.49 +DISTNAME= dropbear-0.50 CATEGORIES= security MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/ diff --git a/security/dropbear/distinfo b/security/dropbear/distinfo index 15abc9d7d2c..3d2c7ebcaee 100644 --- a/security/dropbear/distinfo +++ b/security/dropbear/distinfo @@ -1,8 +1,8 @@ -$NetBSD: distinfo,v 1.13 2007/03/23 20:07:02 drochner Exp $ +$NetBSD: distinfo,v 1.14 2007/09/05 21:08:06 drochner Exp $ -SHA1 (dropbear-0.49.tar.gz) = 97ac3d863ffca386aa25b6f60c71ab086aaef591 -RMD160 (dropbear-0.49.tar.gz) = 1e9606fb7e20c62c86629d7c97eaedc4fe22c099 -Size (dropbear-0.49.tar.gz) = 1764444 bytes +SHA1 (dropbear-0.50.tar.gz) = 6f56bc88bc29a99c58fe85c98a60249b9782ef36 +RMD160 (dropbear-0.50.tar.gz) = c5e643cf068d6cdc19f5da8318ec90e0a0dfb0c3 +Size (dropbear-0.50.tar.gz) = 1790358 bytes SHA1 (patch-aa) = 3246fce39551e97f0b9ecd3397479ea2f3e22abd -SHA1 (patch-ab) = efe5766a6c2c28ef71e7fe49afbf9d10a73d4a5d +SHA1 (patch-ab) = 2eb7675e013edbe80b0e456dbaac310f1bb6cbbc SHA1 (patch-ac) = 69b1349bb47ad6a6ae02096f1ebde87a1461dd9b diff --git a/security/dropbear/patches/patch-ab b/security/dropbear/patches/patch-ab index 0dd6e1be44f..bb684c83907 100644 --- a/security/dropbear/patches/patch-ab +++ b/security/dropbear/patches/patch-ab @@ -1,6 +1,6 @@ -$NetBSD: patch-ab,v 1.5 2007/03/23 20:07:02 drochner Exp $ +$NetBSD: patch-ab,v 1.6 2007/09/05 21:08:06 drochner Exp $ ---- options.h.orig 2007-02-22 16:51:35.000000000 +0100 +--- options.h.orig 2007-08-08 17:39:37.000000000 +0200 +++ options.h @@ -132,8 +132,11 @@ etc) slower (perhaps by 50%). Recommende * but there's an interface via a PAM module - don't bother using it otherwise. @@ -15,12 +15,3 @@ $NetBSD: patch-ab,v 1.5 2007/03/23 20:07:02 drochner Exp $ #define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_CLI_PASSWORD_AUTH -@@ -159,7 +162,7 @@ etc) slower (perhaps by 50%). Recommende - * however significantly reduce the security of your ssh connections - * if the PRNG state becomes guessable - make sure you know what you are - * doing if you change this. */ --#define DROPBEAR_RANDOM_DEV "/dev/random" -+#define DROPBEAR_RANDOM_DEV "/dev/urandom" - - /* prngd must be manually set up to produce output */ - /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ -- cgit v1.2.3