version bump to latest 2012.55 to 2013.58 also added a netbsd-specific build option (changes) 2013.58 - Thursday 18 April 2013 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder - Reject logins for other users when running as non-root, from Hans Harder - Disable client immediate authentication request by default, it prevents passwordless logins from working 2013.57 - Monday 15 April 2013 - Decreased connection setup time particularly with high latency connections, the number of round trips has been reduced for both client and server. CPU time hasn't been changed. - Client will send an initial key exchange guess to save a round trip. Dropbear implements an extension kexguess2@matt.ucc.asn.au to allow the first packet guess to succeed in wider circumstances than the standard behaviour. When communicating with other implementations the standard behaviour is used. - Client side: when public key or password authentication with $DROPBEAR_PASSWORD is used an initial authentication request will be sent immediately rather than querying the list of available methods. This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default), please let the Dropbear author know if it causes any interoperability problems. - Implement client escape characters ~. (terminate session) and ~^Z (background session) - Server will more reliably clean up utmp when connection is closed, reported by Mattias Walstr<C3><B6>m - Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case - Add "-y -y" client option to skip host key checking, thanks to Hans Harder - scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen - Added IUTF8 terminal mode support (Linux and Mac OS). Not standardised yet though probably will be soon - Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2 enviroment variable is set - Fix using asymmetric MAC algorithms (broke in ) - Renamed configure.in to configure.ac to quieten autoconf, from Mike Frysinger 2013.56 - Thursday 21 March 2013 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient - Allow using 'none' cipher or MAC (off by default, use options.h). Encryption is used during authentication then disabled, similar to OpenSSH HPN mode - Allow a user in immediately if the account has a blank password and blank passwords are enabled - Include a few extra sources of entropy from /proc on Linux, hash private keys as well. Dropbear will also write gathered entropy back into /dev/urandom - Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h) - Don't sent bad address "localhost" for -R forward connections, reported by Denis Bider - Add "-B" runtime option to allow blank passwords - Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks - A few improvements for Android from Reimar D<C3><B6>ffinger - Fix memory leak for TCP forwarded connections to hosts that timed out, reported by Norbert Bencz<C3><BA>r. Appears to be a very long-standing bug. - Fix "make clean" for out of tree builds - Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unsetdiff -r1.27 -r1.28 pkgsrc/security/dropbear/Makefile
(mspo)
@@ -1,25 +1,26 @@ | @@ -1,25 +1,26 @@ | |||
1 | # $NetBSD: Makefile,v 1.27 2012/10/23 18:16:26 asau Exp $ | 1 | # $NetBSD: Makefile,v 1.28 2013/09/14 03:40:01 mspo Exp $ | |
2 | 2 | |||
3 | DISTNAME= dropbear-2012.55 | 3 | DISTNAME= dropbear-2013.58 | |
4 | CATEGORIES= security | 4 | CATEGORIES= security | |
5 | MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/ | 5 | MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/ | |
6 | 6 | |||
7 | MAINTAINER= snj@NetBSD.org | 7 | MAINTAINER= snj@NetBSD.org | |
8 | HOMEPAGE= http://matt.ucc.asn.au/dropbear/dropbear.html | 8 | HOMEPAGE= http://matt.ucc.asn.au/dropbear/dropbear.html | |
9 | COMMENT= Small SSH2 server and client, aimed at embedded market | 9 | COMMENT= Small SSH2 server and client, aimed at embedded market | |
10 | 10 | |||
11 | GNU_CONFIGURE= yes | 11 | GNU_CONFIGURE= yes | |
12 | USE_TOOLS+= gmake | 12 | USE_TOOLS+= gmake | |
13 | EXTRACT_SUFX= .tar.bz2 | |||
13 | 14 | |||
14 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} | 15 | CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR:Q} | |
15 | 16 | |||
16 | PKG_OPTIONS_VAR= PKG_OPTIONS.dropbear | 17 | PKG_OPTIONS_VAR= PKG_OPTIONS.dropbear | |
17 | PKG_SUPPORTED_OPTIONS= pam | 18 | PKG_SUPPORTED_OPTIONS= pam | |
18 | .include "../../mk/bsd.options.mk" | 19 | .include "../../mk/bsd.options.mk" | |
19 | 20 | |||
20 | .if !empty(PKG_OPTIONS:Mpam) | 21 | .if !empty(PKG_OPTIONS:Mpam) | |
21 | . include "../../mk/pam.buildlink3.mk" | 22 | . include "../../mk/pam.buildlink3.mk" | |
22 | CONFIGURE_ARGS+= --enable-pam | 23 | CONFIGURE_ARGS+= --enable-pam | |
23 | SUBST_CLASSES+= pam | 24 | SUBST_CLASSES+= pam | |
24 | SUBST_MESSAGE.pam= Enabling PAM in options.h | 25 | SUBST_MESSAGE.pam= Enabling PAM in options.h | |
25 | SUBST_STAGE.pam= post-patch | 26 | SUBST_STAGE.pam= post-patch | |
@@ -37,26 +38,30 @@ SUBST_STAGE.config= post-build | @@ -37,26 +38,30 @@ SUBST_STAGE.config= post-build | |||
37 | SUBST_FILES.config= dropbear.8 dropbearkey.8 | 38 | SUBST_FILES.config= dropbear.8 dropbearkey.8 | |
38 | SUBST_SED.config= -e "s,/etc/dropbear/,"${PKG_SYSCONFDIR:Q}"/dropbear/,g" | 39 | SUBST_SED.config= -e "s,/etc/dropbear/,"${PKG_SYSCONFDIR:Q}"/dropbear/,g" | |
39 | 40 | |||
40 | # used by dbscp | 41 | # used by dbscp | |
41 | CPPFLAGS+= -D_PATH_SSH_PROGRAM="\"${PREFIX}/bin/dbclient\"" | 42 | CPPFLAGS+= -D_PATH_SSH_PROGRAM="\"${PREFIX}/bin/dbclient\"" | |
42 | 43 | |||
43 | # XXX use base xauth if present, otherwise _ass_ume pkgsrc. better than nothing | 44 | # XXX use base xauth if present, otherwise _ass_ume pkgsrc. better than nothing | |
44 | .if exists(${X11BASE}/bin/xauth) | 45 | .if exists(${X11BASE}/bin/xauth) | |
45 | CPPFLAGS+=-DXAUTH_COMMAND="\"${X11BASE}/bin/xauth\"" | 46 | CPPFLAGS+=-DXAUTH_COMMAND="\"${X11BASE}/bin/xauth\"" | |
46 | .else | 47 | .else | |
47 | CPPFLAGS+=-DXAUTH_COMMAND="\"${X11PREFIX}/bin/xauth\"" | 48 | CPPFLAGS+=-DXAUTH_COMMAND="\"${X11PREFIX}/bin/xauth\"" | |
48 | .endif | 49 | .endif | |
49 | 50 | |||
51 | .if ${OPSYS} == "NetBSD" | |||
52 | CFLAGS+= -DHAVE_NETINET_IN_SYSTM_H | |||
53 | .endif | |||
54 | ||||
50 | INSTALLATION_DIRS= share/doc/dropbear ${PKGMANDIR}/man1 ${PKGMANDIR}/man8 | 55 | INSTALLATION_DIRS= share/doc/dropbear ${PKGMANDIR}/man1 ${PKGMANDIR}/man8 | |
51 | 56 | |||
52 | BUILD_TARGET= all scp | 57 | BUILD_TARGET= all scp | |
53 | 58 | |||
54 | post-install: | 59 | post-install: | |
55 | ${INSTALL_MAN} ${WRKSRC}/dbclient.1 \ | 60 | ${INSTALL_MAN} ${WRKSRC}/dbclient.1 \ | |
56 | ${DESTDIR}/${PREFIX}/${PKGMANDIR}/man1 | 61 | ${DESTDIR}/${PREFIX}/${PKGMANDIR}/man1 | |
57 | ${INSTALL_MAN} ${WRKSRC}/dropbear.8 \ | 62 | ${INSTALL_MAN} ${WRKSRC}/dropbear.8 \ | |
58 | ${DESTDIR}/${PREFIX}/${PKGMANDIR}/man8 | 63 | ${DESTDIR}/${PREFIX}/${PKGMANDIR}/man8 | |
59 | ${INSTALL_MAN} ${WRKSRC}/dropbearkey.8 \ | 64 | ${INSTALL_MAN} ${WRKSRC}/dropbearkey.8 \ | |
60 | ${DESTDIR}/${PREFIX}/${PKGMANDIR}/man8 | 65 | ${DESTDIR}/${PREFIX}/${PKGMANDIR}/man8 | |
61 | ${INSTALL_DATA} ${WRKSRC}/README \ | 66 | ${INSTALL_DATA} ${WRKSRC}/README \ | |
62 | ${DESTDIR}/${PREFIX}/share/doc/dropbear | 67 | ${DESTDIR}/${PREFIX}/share/doc/dropbear |
@@ -1,7 +1,7 @@ | @@ -1,7 +1,7 @@ | |||
1 | $NetBSD: distinfo,v 1.19 2012/08/13 17:47:26 drochner Exp $ | 1 | $NetBSD: distinfo,v 1.20 2013/09/14 03:40:01 mspo Exp $ | |
2 | 2 | |||
3 | SHA1 (dropbear-2012.55.tar.gz) = 2c65dd1f423884a38079f5e4386c698015222279 | 3 | SHA1 (dropbear-2013.58.tar.bz2) = fdbc0ed332b17fc7579dbce6d95d585cf5d653d7 | |
4 | RMD160 (dropbear-2012.55.tar.gz) = 1eff6fa5260e938a4b34cf426a6d29fe1e9e4a34 | 4 | RMD160 (dropbear-2013.58.tar.bz2) = 4eac17f92d90d06556034432e9a2f7bbd51e3eaa | |
5 | Size (dropbear-2012.55.tar.gz) = 1774927 bytes | 5 | Size (dropbear-2013.58.tar.bz2) = 1580584 bytes | |
6 | SHA1 (patch-aa) = 01bf4d80c4e76f9a60341b448cd7e77b2a03c286 | 6 | SHA1 (patch-aa) = 01bf4d80c4e76f9a60341b448cd7e77b2a03c286 | |
7 | SHA1 (patch-ab) = 911a0525f309386901d32c23404d13ae67c2e2d1 | 7 | SHA1 (patch-ab) = 911a0525f309386901d32c23404d13ae67c2e2d1 |