Update dropbear to 0.52. Build an scp binary and call it dbscp so it
doesn't conflict with openssh. Changes since 0.50: 0.52 - Wed 12 November 2008 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel standard input/output to a TCP port-forwarded remote host. - Add "proxy command" support to dbclient, to allow using a spawned process for IO rather than a direct TCP connection. eg dbclient remotehost is equivalent to dbclient -J 'nc remotehost 22' remotehost (the hostname is still provided purely for looking up saved host keys) - Combine netcat-alike and proxy support to allow "multihop" connections, with comma-separated host syntax. Allows running dbclient user1@host1,user2@host2,user3@host3 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit like onion-routing. All connections are established from the local machine. The comma-separated syntax can also be used for scp/rsync, eg rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/ to bounce through a few hosts. - Add -I "idle timeout" option (contributed by Farrell Aultman) - Allow restrictions on authorized_keys logins such as restricting commands to be run etc. This is a subset of those allowed by OpenSSH, doesn't yet allow restricting source host. - Use vfork() for scp on uClinux - Default to PATH=/usr/bin:/bin for shells. - Report errors if -R forwarding fails - Add counter mode cipher support, which avoids some security problems with the standard CBC mode. - Support zlib@openssh.com delayed compression for client/server. It can be required for the Dropbear server with the '-Z' option. This is useful for security as it avoids exposing the server to attacks on zlib by unauthenticated remote users, though requires client side support. - options.h has been split into options.h (user-changable) and sysoptions.h (less commonly changed) - Support "dbclient -s sftp" to specify a subsystem - Fix a bug in replies to channel requests that could be triggered by recent versions of PuTTY 0.51 - Thu 27 March 2008 - Make a copy of password fields rather erroneously relying on getwpnam() to be safe to call multiple times - If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is as well) always use that program, ignoring isatty() and $DISPLAY - Wait until a process exits before the server closes a connection, so that an exit code can be sent. This fixes problems with exit codes not being returned, which could cause scp to fail.
This commit is contained in:
snj
parent
de21f2dd16
commit
655fbf8432
5 changed files with 52 additions and 55 deletions
|
|
@ -1,17 +1,18 @@
|
|||
# $NetBSD: Makefile,v 1.23 2007/09/06 19:15:10 jlam Exp $
|
||||
# $NetBSD: Makefile,v 1.24 2009/08/26 21:10:11 snj Exp $
|
||||
|
||||
DISTNAME= dropbear-0.50
|
||||
PKGREVISION= 2
|
||||
DISTNAME= dropbear-0.52
|
||||
CATEGORIES= security
|
||||
MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/
|
||||
|
||||
MAINTAINER= pkgsrc-users@NetBSD.org
|
||||
MAINTAINER= snj@NetBSD.org
|
||||
HOMEPAGE= http://matt.ucc.asn.au/dropbear/dropbear.html
|
||||
COMMENT= SSH2 server, aimed at embedded market
|
||||
COMMENT= Small SSH2 server and client, aimed at embedded market
|
||||
|
||||
GNU_CONFIGURE= yes
|
||||
USE_TOOLS+= gmake
|
||||
|
||||
PKG_DESTDIR_SUPPORT= user-destdir
|
||||
|
||||
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q}
|
||||
|
||||
PKG_OPTIONS_VAR= PKG_OPTIONS.dropbear
|
||||
|
|
@ -21,24 +22,47 @@ PKG_SUPPORTED_OPTIONS= pam
|
|||
.if !empty(PKG_OPTIONS:Mpam)
|
||||
. include "../../mk/pam.buildlink3.mk"
|
||||
CONFIGURE_ARGS+= --enable-pam
|
||||
SUBST_CLASSES+= pam
|
||||
SUBST_MESSAGE.pam= Enabling PAM in options.h
|
||||
SUBST_STAGE.pam= post-patch
|
||||
SUBST_FILES.pam= options.h
|
||||
SUBST_SED.pam= -e "s/ENABLE_SVR_PASSWORD_AUTH/ENABLE_SVR_PAM_AUTH/"
|
||||
.endif
|
||||
|
||||
MAKEFLAGS+= ROOT_USER=${ROOT_USER:Q} ROOT_GROUP=${ROOT_GROUP:Q}
|
||||
|
||||
OWN_DIRS+= ${PKG_SYSCONFDIR}/dropbear
|
||||
|
||||
SUBST_CLASSES+= config
|
||||
SUBST_MESSAGE.config= Fixing path to config directory.
|
||||
SUBST_STAGE.config= post-build
|
||||
SUBST_FILES.config= dropbear.8 dropbearkey.8
|
||||
SUBST_SED.config= -e "s,/etc/dropbear/,"${PKG_SYSCONFDIR:Q}"/dropbear/,g"
|
||||
|
||||
INSTALLATION_DIRS= ${PKGMANDIR}/man1 ${PKGMANDIR}/man8
|
||||
# used by dbscp
|
||||
CPPFLAGS+= -D_PATH_SSH_PROGRAM="\"${PREFIX}/bin/dbclient\""
|
||||
|
||||
# XXX use base xauth if present, otherwise _ass_ume pkgsrc. better than nothing
|
||||
.if exists(${X11BASE}/bin/xauth)
|
||||
CPPFLAGS+=-DXAUTH_COMMAND="\"${X11BASE}/bin/xauth\""
|
||||
.else
|
||||
CPPFLAGS+=-DXAUTH_COMMAND="\"${X11PREFIX}/bin/xauth\""
|
||||
.endif
|
||||
|
||||
INSTALLATION_DIRS= share/doc/dropbear ${PKGMANDIR}/man1 ${PKGMANDIR}/man8
|
||||
|
||||
BUILD_TARGET= all scp
|
||||
|
||||
post-install:
|
||||
${INSTALL_MAN} ${WRKSRC}/dbclient.1 ${PREFIX}/${PKGMANDIR}/man1
|
||||
${INSTALL_MAN} ${WRKSRC}/dropbear.8 ${PREFIX}/${PKGMANDIR}/man8
|
||||
${INSTALL_MAN} ${WRKSRC}/dropbearkey.8 ${PREFIX}/${PKGMANDIR}/man8
|
||||
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/dropbear
|
||||
${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/dropbear
|
||||
${INSTALL_MAN} ${WRKSRC}/dbclient.1 \
|
||||
${DESTDIR}/${PREFIX}/${PKGMANDIR}/man1
|
||||
${INSTALL_MAN} ${WRKSRC}/dropbear.8 \
|
||||
${DESTDIR}/${PREFIX}/${PKGMANDIR}/man8
|
||||
${INSTALL_MAN} ${WRKSRC}/dropbearkey.8 \
|
||||
${DESTDIR}/${PREFIX}/${PKGMANDIR}/man8
|
||||
${INSTALL_DATA} ${WRKSRC}/README \
|
||||
${DESTDIR}/${PREFIX}/share/doc/dropbear
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/scp ${DESTDIR}/${PREFIX}/bin/dbscp
|
||||
|
||||
.include "../../devel/zlib/buildlink3.mk"
|
||||
.include "../../mk/bsd.pkg.mk"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
@comment $NetBSD: PLIST,v 1.4 2009/06/14 18:13:28 joerg Exp $
|
||||
@comment $NetBSD: PLIST,v 1.5 2009/08/26 21:10:11 snj Exp $
|
||||
bin/dbclient
|
||||
bin/dbscp
|
||||
bin/dropbearconvert
|
||||
bin/dropbearkey
|
||||
man/man1/dbclient.1
|
||||
|
|
|
|||
|
|
@ -1,9 +1,8 @@
|
|||
$NetBSD: distinfo,v 1.16 2007/09/06 19:15:10 jlam Exp $
|
||||
$NetBSD: distinfo,v 1.17 2009/08/26 21:10:11 snj Exp $
|
||||
|
||||
SHA1 (dropbear-0.50.tar.gz) = 6f56bc88bc29a99c58fe85c98a60249b9782ef36
|
||||
RMD160 (dropbear-0.50.tar.gz) = c5e643cf068d6cdc19f5da8318ec90e0a0dfb0c3
|
||||
Size (dropbear-0.50.tar.gz) = 1790358 bytes
|
||||
SHA1 (dropbear-0.52.tar.gz) = ae927e8b90059a7ba2b2b514d9824c12885b1949
|
||||
RMD160 (dropbear-0.52.tar.gz) = 3cc8398ffc265e28d8c8d3c80845236b143a6268
|
||||
Size (dropbear-0.52.tar.gz) = 1789901 bytes
|
||||
SHA1 (patch-aa) = 01bf4d80c4e76f9a60341b448cd7e77b2a03c286
|
||||
SHA1 (patch-ab) = 2eb7675e013edbe80b0e456dbaac310f1bb6cbbc
|
||||
SHA1 (patch-ab) = 911a0525f309386901d32c23404d13ae67c2e2d1
|
||||
SHA1 (patch-ac) = 69b1349bb47ad6a6ae02096f1ebde87a1461dd9b
|
||||
SHA1 (patch-af) = 356a8ac535d2d08ff9fd9fe7e84ae58181ce32a0
|
||||
|
|
|
|||
|
|
@ -1,17 +1,13 @@
|
|||
$NetBSD: patch-ab,v 1.6 2007/09/05 21:08:06 drochner Exp $
|
||||
$NetBSD: patch-ab,v 1.7 2009/08/26 21:10:11 snj Exp $
|
||||
|
||||
--- options.h.orig 2007-08-08 17:39:37.000000000 +0200
|
||||
+++ options.h
|
||||
@@ -132,8 +132,11 @@ etc) slower (perhaps by 50%). Recommende
|
||||
* but there's an interface via a PAM module - don't bother using it otherwise.
|
||||
* You can't enable both PASSWORD and PAM. */
|
||||
--- options.h.orig 2009-08-26 13:15:07.000000000 -0700
|
||||
+++ options.h 2009-08-26 13:15:14.000000000 -0700
|
||||
@@ -232,7 +232,7 @@ etc) slower (perhaps by 50%). Recommende
|
||||
|
||||
+#ifdef DISABLE_PAM
|
||||
#define ENABLE_SVR_PASSWORD_AUTH
|
||||
-/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
|
||||
+#else
|
||||
+#define ENABLE_SVR_PAM_AUTH /* requires ./configure --enable-pam */
|
||||
+#endif
|
||||
#define ENABLE_SVR_PUBKEY_AUTH
|
||||
/* This is used by the scp binary when used as a client binary. If you're
|
||||
* not using the Dropbear client, you'll need to change it */
|
||||
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
|
||||
+/*#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"*/
|
||||
|
||||
#define ENABLE_CLI_PASSWORD_AUTH
|
||||
/* Whether to log commands executed by a client. This only logs the
|
||||
* (single) command sent to the server, not what a user did in a
|
||||
|
|
|
|||
|
|
@ -1,23 +0,0 @@
|
|||
$NetBSD: patch-af,v 1.1 2007/09/06 16:07:51 jlam Exp $
|
||||
|
||||
--- cli-runopts.c.orig 2007-08-08 11:39:36.000000000 -0400
|
||||
+++ cli-runopts.c
|
||||
@@ -89,6 +89,9 @@ void cli_getopts(int argc, char ** argv)
|
||||
#endif
|
||||
char* dummy = NULL; /* Not used for anything real */
|
||||
|
||||
+ char* recv_window_arg = NULL;
|
||||
+ char* keepalive_arg = NULL;
|
||||
+
|
||||
/* see printhelp() for options */
|
||||
cli_opts.progname = argv[0];
|
||||
cli_opts.remotehost = NULL;
|
||||
@@ -114,8 +117,6 @@ void cli_getopts(int argc, char ** argv)
|
||||
opts.ipv6 = 1;
|
||||
*/
|
||||
opts.recv_window = DEFAULT_RECV_WINDOW;
|
||||
- char* recv_window_arg = NULL;
|
||||
- char* keepalive_arg = NULL;
|
||||
|
||||
/* Iterate all the arguments */
|
||||
for (i = 1; i < (unsigned int)argc; i++) {
|
||||
Loading…
Reference in a new issue