Commit graph

32 commits

Author SHA1 Message Date
asau
1a433eae91 Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days. 2012-10-23 18:16:19 +00:00
drochner
80051dbe31 update to 2012.55
changes: fix a use-after-free bug which could be used to potentially
execute arbitrary code with root privileges, provided that the user
has been authenticated using a public key and also that a command
restriction is enforced (the "command" option must be used in
the authorized_keys file)
2012-08-13 17:47:26 +00:00
drochner
e91c6066f8 update to 0.53.1
changes:
-misc fixes and improvements
-build against system libtommath/crypt
2011-03-10 10:20:16 +00:00
snj
655fbf8432 Update dropbear to 0.52. Build an scp binary and call it dbscp so it
doesn't conflict with openssh.

Changes since 0.50:

0.52 - Wed 12 November 2008

- Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to
  tunnel standard input/output to a TCP port-forwarded remote host.

- Add "proxy command" support to dbclient, to allow using a spawned
  process for IO rather than a direct TCP connection. eg
	  dbclient remotehost
  is equivalent to
	  dbclient -J 'nc remotehost 22' remotehost
  (the hostname is still provided purely for looking up saved host keys)

- Combine netcat-alike and proxy support to allow "multihop"
  connections, with comma-separated host syntax.  Allows running

	  dbclient user1@host1,user2@host2,user3@host3

  to end up at host3 via the other two, using SSH TCP forwarding. It's
  a bit like onion-routing. All connections are established from the
  local machine.  The comma-separated syntax can also be used for
  scp/rsync, eg

  rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/

  to bounce through a few hosts.

- Add -I "idle timeout" option (contributed by Farrell Aultman)

- Allow restrictions on authorized_keys logins such as restricting
  commands to be run etc. This is a subset of those allowed by OpenSSH,
  doesn't yet allow restricting source host.

- Use vfork() for scp on uClinux

- Default to PATH=/usr/bin:/bin for shells.

- Report errors if -R forwarding fails

- Add counter mode cipher support, which avoids some security problems
  with the standard CBC mode.

- Support zlib@openssh.com delayed compression for client/server. It
  can be required for the Dropbear server with the '-Z' option. This
  is useful for security as it avoids exposing the server to attacks
  on zlib by unauthenticated remote users, though requires client side
  support.

- options.h has been split into options.h (user-changable) and
  sysoptions.h (less commonly changed)

- Support "dbclient -s sftp" to specify a subsystem

- Fix a bug in replies to channel requests that could be triggered by
  recent versions of PuTTY

0.51 - Thu 27 March 2008

- Make a copy of password fields rather erroneously relying on getwpnam()
  to be safe to call multiple times

- If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is
  as well) always use that program, ignoring isatty() and $DISPLAY

- Wait until a process exits before the server closes a connection, so
  that an exit code can be sent. This fixes problems with exit codes not
  being returned, which could cause scp to fail.
2009-08-26 21:10:11 +00:00
joerg
f0bbd1517d Remove @dirrm entries from PLISTs 2009-06-14 18:13:25 +00:00
jlam
86ec3742a6 Honor PKG_SYSCONFDIR. The default host keys for dropbear are now found in
${PKG_SYSCONFDIR}/dropbear.  Bump the PKGREVISION to 2.
2007-09-06 19:15:10 +00:00
jlam
b1fb9270c5 Install the manual pages for dropbear. Bump the PKGREVISION to 1. 2007-09-06 16:31:55 +00:00
jlam
f76b802e8d Put variable declarations at beginning of a block to work with older
compilers.
2007-09-06 16:07:51 +00:00
jlam
f51a7b0324 For the "pam" package option, one needs to include pam.buildlink3.mk. 2007-09-06 15:55:06 +00:00
drochner
aaeee9c668 update to 0.50
changes:
- Add DROPBEAR_PASSWORD environment variable to specify a dbclient password
- Use /dev/urandom by default, since that's what everyone does anyway
- Exit with an exit code of 1 if dropbear can't bind to any ports
- Improve network performance and add a -W <receive_window> argument for
  adjusting the tradeoff between network performance and memory consumption
- Fix a problem where reply packets could be sent during key exchange,
  in violation of the SSH spec. This could manifest itself with connections
  being terminated after 8 hours with new TCP-forward connections being
  established
- Add -K <keepalive_time> argument, ensuring that data is transmitted
  over the connection at least every N seconds
- dropbearkey will no longer generate DSS keys of sizes other than 1024
  bits, as required by the DSS specification. (Other sizes are still
  accepted for use to provide backwards compatibility)
2007-09-05 21:08:06 +00:00
drochner
4d67262cc9 update to 0.49
change: warn strongly when a hostkey mismatch occurred
2007-03-23 20:07:02 +00:00
drochner
6989a54eea update to 0.48.1
changes:
-a security fix which was already in pkgsrc (0.46nb1)
-bugfixes
-zlib compression for dbclient
-Set "low delay" TOS bit
-client keyboard-interactive mode support
-logging improvements
-Added aes-256 cipher and sha1-96 hmac
-allow connections to listening forwarded ports from remote machines
2006-03-14 20:03:43 +00:00
jlam
9c8b5ede43 Point MAINTAINER to pkgsrc-users@NetBSD.org in the case where no
developer is officially maintaining the package.

The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list).  Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
2006-03-04 21:28:51 +00:00
joerg
5911def816 Recursive revision bump / recommended bump for gettext ABI change. 2006-02-05 23:08:03 +00:00
joerg
48e94040e3 Prefer NAME_MAX over MAXNAMLEN. 2006-01-19 23:53:54 +00:00
reed
5e3987319b Add to description:
It includes a server, client and tools to generate server keys
 and to convert OpenSSH keys for Dropbear.
2005-12-27 23:46:51 +00:00
reed
08f031e16d Add security patch from
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html

Noted by waldeck of hk2.uwaterloo.ca via pkgsrc-bugs.

Bump PKGREVISION.

Tested build on NetBSD and Linux. Tested dropbear server on NetBSD.

(This is during a freeze. Other stuff to be done later:
update to latest version. Install man pages. Mention "client" in
COMMENT and DESCR. Use CONF_FILES and sysconfdir. And maybe install the
"scp" tool also.)
2005-12-14 18:00:12 +00:00
rillig
b71a1d488b Fixed pkglint warnings. The warnings are mostly quoting issues, for
example MAKE_ENV+=FOO=${BAR} is changed to MAKE_ENV+=FOO=${BAR:Q}. Some
other changes are outlined in

    http://mail-index.netbsd.org/tech-pkg/2005/12/02/0034.html
2005-12-05 20:49:47 +00:00
drochner
1fc5019ca6 add a "pam" pkg option and make it work with NetBSD's openpam if enabled 2005-08-09 17:31:06 +00:00
drochner
9390555361 update to 0.46
changes:
-Update to LibTomCrypt 1.05 and LibTomMath 0.35
-bugfixes and code cleanup
2005-07-19 18:07:59 +00:00
jlam
585534220c Remove USE_GNU_TOOLS and replace with the correct USE_TOOLS definitions:
USE_GNU_TOOLS	-> USE_TOOLS
	awk		-> gawk
	m4		-> gm4
	make		-> gmake
	sed		-> gsed
	yacc		-> bison
2005-05-22 20:07:36 +00:00
drochner
d4ec42c6fe update to 0.45
changes:
- Makefile no longer appends 'static' to statically linked binaries
- Add optional SSH_ASKPASS support to the client
- Respect HOST_LOOKUP option
- Fix accidentally removed "return;" statement which was removed in 0.44
  (causing clients which sent an empty terminal-modes string to fail to
  connect - including pssh, ssh.com, danger hiptop). (patches
  independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
- Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
  will work with scp.
2005-04-29 16:14:41 +00:00
tv
f816d81489 Remove USE_BUILDLINK3 and NO_BUILDLINK; these are no longer used. 2005-04-11 21:44:48 +00:00
agc
d81d19f8e0 Add RMD160 digests. 2005-02-24 12:51:41 +00:00
drochner
942ff705df update to 0.44
changes:
-IPv6 support
-client added
-bugfixes
XXX dropbear wants to use /dev/random per default now which makes it
unusable on systems w/o entropy source. I've patched it back to
/dev/urandom. There might be security concerns.
2005-01-18 17:30:59 +00:00
tv
c487cb967a Libtool fix for PR pkg/26633, and other issues. Update libtool to 1.5.10
in the process.  (More information on tech-pkg.)

Bump PKGREVISION and BUILDLINK_DEPENDS of all packages using libtool and
installing .la files.

Bump PKGREVISION (only) of all packages depending directly on the above
via a buildlink3 include.
2004-10-03 00:12:51 +00:00
martti
34f8f2645b Updated dropbear to 0.43
- SECURITY: Don't try to free() uninitialised variables in DSS verification
  code. Thanks to Arne Bernin for pointing out this bug. This is possibly
  exploitable, all users with DSS and pubkey-auth compiled in are advised to
  upgrade.

- Clean up agent forwarding socket files correctly, patch from Gerrit Pape.

- Don't go into an infinite loop when portforwarding to servers which don't
  send any initial data/banner. Patch from Nikola Vladov

- Fix for network vs. host byte order in logging remote TCP ports, also
  from Gerrit Pape.

- Initialise many pointers to NULL, for general safety. Also checked cleanup
  code for mp_ints (related to security issues above).
2004-08-31 10:27:38 +00:00
grant
da83d1c44d this uses zlib, so use buildlink3 and include zlib/buildlink3.mk. 2004-06-26 19:30:58 +00:00
drochner
b8ae38c3a0 update to 0.42
Many fixes and feature additions since 0.38. Too many to list here.
2004-06-21 18:27:47 +00:00
grant
a07396feb8 replace deprecated USE_GMAKE with USE_GNU_TOOLS+=make. 2004-01-24 15:00:22 +00:00
xtraeme
ad1ebfb279 Upgrade to 0.38. This closes PR pkg/22984 by Matt Jhonston.
Changes:

0.38 - Sat Oct 11 2003 16:28:13 +0800

o Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key
  rather than /etc/dropbear_{rsa,dss}_host_key
o Added SMALL and MULTI text files which have info on compiling for multiple
  binaries or small binaries
o Allow for commandline definition of some options.h settings
  (without warnings)
o Be more careful handling EINTR
o More fixes for channel closing
o Added multi-binary support
o Improved logging of IPs, now get logged in all cases
o Don't chew cpu when waiting for version identification string, also
  make sure that we kick off people if they don't auth within 5 minutes.
o Various small fixes, warnings etc
o sftp support works (relies on OpenSSH sftp binary or similar)
o Added --disable-shadow option (requested by the floppyfw guys)

0.37 - Wed Sept 24 2003 19:42:12 +0800

o Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2,
  AIX, BSDs
o Updated LibTomMath to 0.27 and LibTomCrypt to 0.90
o Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h
o Added some small changes so it'll work with AIX (plus Linux Affinity).
  Thanks to Shig for them.

More bugfixes, etc.
2003-10-30 23:22:32 +00:00
agc
17e0e1d5d6 Initial import of dropbear-0.36 into the NetBSD Packages Collection.
The search for a small Secure Shell server to fit on a laptop with 4
megs ram and no hard disk was fruitless, so Matt Johnston decided to
write his own, and Dropbear is the result.  It implements various
features of the SSH 2 protocol, including X11 and Authentication Agent
forwarding.  Dropbear is Open Source software, distributed under a
MIT-style license.

Features

    * A small memory footprint - Dropbear can compile to a 110kB
      statically linked binary with uClibc (and only minimal options
      selected).
    * Implements X11 forwarding, and authentication-agent forwarding
      for OpenSSH clients
    * Compatible with OpenSSH ~/.ssh/authorized_keys public key
      authentication
    * Features can easily be disabled when compiling to save space.
    * Preliminary TCP forwarding support (-L style only)
2003-08-19 15:46:44 +00:00