![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / pkgsrc / security / dropbear
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.18 / (download) - annotate - [select for diffs], Thu Mar 10 10:20:16 2011 UTC (14 months, 2 weeks ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base,
pkgsrc-2012Q1,
pkgsrc-2011Q4-base,
pkgsrc-2011Q4,
pkgsrc-2011Q3-base,
pkgsrc-2011Q3,
pkgsrc-2011Q2-base,
pkgsrc-2011Q2,
pkgsrc-2011Q1-base,
pkgsrc-2011Q1,
HEAD
Changes since 1.17: +4 -5
lines
Diff to previous 1.17 (colored)
update to 0.53.1 changes: -misc fixes and improvements -build against system libtommath/crypt
Revision 1.17 / (download) - annotate - [select for diffs], Wed Aug 26 21:10:11 2009 UTC (2 years, 8 months ago) by snj
Branch: MAIN
CVS Tags: pkgsrc-2010Q4-base,
pkgsrc-2010Q4,
pkgsrc-2010Q3-base,
pkgsrc-2010Q3,
pkgsrc-2010Q2-base,
pkgsrc-2010Q2,
pkgsrc-2010Q1-base,
pkgsrc-2010Q1,
pkgsrc-2009Q4-base,
pkgsrc-2009Q4,
pkgsrc-2009Q3-base,
pkgsrc-2009Q3
Changes since 1.16: +5 -6
lines
Diff to previous 1.16 (colored)
Update dropbear to 0.52. Build an scp binary and call it dbscp so it doesn't conflict with openssh. Changes since 0.50: 0.52 - Wed 12 November 2008 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel standard input/output to a TCP port-forwarded remote host. - Add "proxy command" support to dbclient, to allow using a spawned process for IO rather than a direct TCP connection. eg dbclient remotehost is equivalent to dbclient -J 'nc remotehost 22' remotehost (the hostname is still provided purely for looking up saved host keys) - Combine netcat-alike and proxy support to allow "multihop" connections, with comma-separated host syntax. Allows running dbclient user1@host1,user2@host2,user3@host3 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit like onion-routing. All connections are established from the local machine. The comma-separated syntax can also be used for scp/rsync, eg rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/ to bounce through a few hosts. - Add -I "idle timeout" option (contributed by Farrell Aultman) - Allow restrictions on authorized_keys logins such as restricting commands to be run etc. This is a subset of those allowed by OpenSSH, doesn't yet allow restricting source host. - Use vfork() for scp on uClinux - Default to PATH=/usr/bin:/bin for shells. - Report errors if -R forwarding fails - Add counter mode cipher support, which avoids some security problems with the standard CBC mode. - Support zlib@openssh.com delayed compression for client/server. It can be required for the Dropbear server with the '-Z' option. This is useful for security as it avoids exposing the server to attacks on zlib by unauthenticated remote users, though requires client side support. - options.h has been split into options.h (user-changable) and sysoptions.h (less commonly changed) - Support "dbclient -s sftp" to specify a subsystem - Fix a bug in replies to channel requests that could be triggered by recent versions of PuTTY 0.51 - Thu 27 March 2008 - Make a copy of password fields rather erroneously relying on getwpnam() to be safe to call multiple times - If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is as well) always use that program, ignoring isatty() and $DISPLAY - Wait until a process exits before the server closes a connection, so that an exit code can be sent. This fixes problems with exit codes not being returned, which could cause scp to fail.
Revision 1.16 / (download) - annotate - [select for diffs], Thu Sep 6 19:15:10 2007 UTC (4 years, 8 months ago) by jlam
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base,
pkgsrc-2009Q2,
pkgsrc-2009Q1-base,
pkgsrc-2009Q1,
pkgsrc-2008Q4-base,
pkgsrc-2008Q4,
pkgsrc-2008Q3-base,
pkgsrc-2008Q3,
pkgsrc-2008Q2-base,
pkgsrc-2008Q2,
pkgsrc-2008Q1-base,
pkgsrc-2008Q1,
pkgsrc-2007Q4-base,
pkgsrc-2007Q4,
pkgsrc-2007Q3-base,
pkgsrc-2007Q3,
cwrapper,
cube-native-xorg-base,
cube-native-xorg
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
Honor PKG_SYSCONFDIR. The default host keys for dropbear are now found in
${PKG_SYSCONFDIR}/dropbear. Bump the PKGREVISION to 2.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Sep 6 16:07:51 2007 UTC (4 years, 8 months ago) by jlam
Branch: MAIN
Changes since 1.14: +2 -1
lines
Diff to previous 1.14 (colored)
Put variable declarations at beginning of a block to work with older compilers.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Sep 5 21:08:06 2007 UTC (4 years, 8 months ago) by drochner
Branch: MAIN
Changes since 1.13: +5 -5
lines
Diff to previous 1.13 (colored)
update to 0.50 changes: - Add DROPBEAR_PASSWORD environment variable to specify a dbclient password - Use /dev/urandom by default, since that's what everyone does anyway - Exit with an exit code of 1 if dropbear can't bind to any ports - Improve network performance and add a -W <receive_window> argument for adjusting the tradeoff between network performance and memory consumption - Fix a problem where reply packets could be sent during key exchange, in violation of the SSH spec. This could manifest itself with connections being terminated after 8 hours with new TCP-forward connections being established - Add -K <keepalive_time> argument, ensuring that data is transmitted over the connection at least every N seconds - dropbearkey will no longer generate DSS keys of sizes other than 1024 bits, as required by the DSS specification. (Other sizes are still accepted for use to provide backwards compatibility)
Revision 1.13 / (download) - annotate - [select for diffs], Fri Mar 23 20:07:02 2007 UTC (5 years, 2 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base,
pkgsrc-2007Q2,
pkgsrc-2007Q1-base,
pkgsrc-2007Q1
Changes since 1.12: +5 -5
lines
Diff to previous 1.12 (colored)
update to 0.49 change: warn strongly when a hostkey mismatch occurred
Revision 1.12 / (download) - annotate - [select for diffs], Tue Mar 14 20:03:43 2006 UTC (6 years, 2 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base,
pkgsrc-2006Q4,
pkgsrc-2006Q3-base,
pkgsrc-2006Q3,
pkgsrc-2006Q2-base,
pkgsrc-2006Q2,
pkgsrc-2006Q1-base,
pkgsrc-2006Q1
Changes since 1.11: +6 -8
lines
Diff to previous 1.11 (colored)
update to 0.48.1 changes: -a security fix which was already in pkgsrc (0.46nb1) -bugfixes -zlib compression for dbclient -Set "low delay" TOS bit -client keyboard-interactive mode support -logging improvements -Added aes-256 cipher and sha1-96 hmac -allow connections to listening forwarded ports from remote machines
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 19 23:53:54 2006 UTC (6 years, 4 months ago) by joerg
Branch: MAIN
Changes since 1.10: +2 -1
lines
Diff to previous 1.10 (colored)
Prefer NAME_MAX over MAXNAMLEN.
Revision 1.9.2.1 / (download) - annotate - [select for diffs], Sat Dec 17 23:44:25 2005 UTC (6 years, 5 months ago) by salo
Branch: pkgsrc-2005Q3
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored) next main 1.10 (colored)
Pullup ticket 962 - requested by Jeremy C. Reed
security fix for dropbear
Revisions pulled up:
- pkgsrc/security/dropbear/Makefile 1.15
- pkgsrc/security/dropbear/distinfo 1.10
- pkgsrc/security/dropbear/patches/patch-ad 1.1
Module Name: pkgsrc
Committed By: reed
Date: Wed Dec 14 18:00:12 UTC 2005
Modified Files:
pkgsrc/security/dropbear: Makefile distinfo
Added Files:
pkgsrc/security/dropbear/patches: patch-ad
Log Message:
Add security patch from
http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html
Noted by waldeck of hk2.uwaterloo.ca via pkgsrc-bugs.
Bump PKGREVISION.
Tested build on NetBSD and Linux. Tested dropbear server on NetBSD.
(This is during a freeze. Other stuff to be done later:
update to latest version. Install man pages. Mention "client" in
COMMENT and DESCR. Use CONF_FILES and sysconfdir. And maybe install the
"scp" tool also.)
Revision 1.10 / (download) - annotate - [select for diffs], Wed Dec 14 18:00:12 2005 UTC (6 years, 5 months ago) by reed
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base,
pkgsrc-2005Q4
Changes since 1.9: +2 -1
lines
Diff to previous 1.9 (colored)
Add security patch from http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html Noted by waldeck of hk2.uwaterloo.ca via pkgsrc-bugs. Bump PKGREVISION. Tested build on NetBSD and Linux. Tested dropbear server on NetBSD. (This is during a freeze. Other stuff to be done later: update to latest version. Install man pages. Mention "client" in COMMENT and DESCR. Use CONF_FILES and sysconfdir. And maybe install the "scp" tool also.)
Revision 1.9 / (download) - annotate - [select for diffs], Tue Aug 9 17:31:06 2005 UTC (6 years, 9 months ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base
Branch point for: pkgsrc-2005Q3
Changes since 1.8: +3 -2
lines
Diff to previous 1.8 (colored)
add a "pam" pkg option and make it work with NetBSD's openpam if enabled
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jul 19 18:07:59 2005 UTC (6 years, 10 months ago) by drochner
Branch: MAIN
Changes since 1.7: +5 -5
lines
Diff to previous 1.7 (colored)
update to 0.46 changes: -Update to LibTomCrypt 1.05 and LibTomMath 0.35 -bugfixes and code cleanup
Revision 1.7 / (download) - annotate - [select for diffs], Fri Apr 29 16:14:41 2005 UTC (7 years ago) by drochner
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base,
pkgsrc-2005Q2
Changes since 1.6: +6 -6
lines
Diff to previous 1.6 (colored)
update to 0.45 changes: - Makefile no longer appends 'static' to statically linked binaries - Add optional SSH_ASKPASS support to the client - Respect HOST_LOOKUP option - Fix accidentally removed "return;" statement which was removed in 0.44 (causing clients which sent an empty terminal-modes string to fail to connect - including pssh, ssh.com, danger hiptop). (patches independently from Paul Fox, David Horwitt and Sven-Ola Tuecke) - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient will work with scp.
Revision 1.6 / (download) - annotate - [select for diffs], Thu Feb 24 13:10:05 2005 UTC (7 years, 3 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2005Q1-base,
pkgsrc-2005Q1
Changes since 1.5: +2 -1
lines
Diff to previous 1.5 (colored)
Add RMD160 digests.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jan 18 17:30:59 2005 UTC (7 years, 4 months ago) by drochner
Branch: MAIN
Changes since 1.4: +5 -4
lines
Diff to previous 1.4 (colored)
update to 0.44 changes: -IPv6 support -client added -bugfixes XXX dropbear wants to use /dev/random per default now which makes it unusable on systems w/o entropy source. I've patched it back to /dev/urandom. There might be security concerns.
Revision 1.4 / (download) - annotate - [select for diffs], Tue Aug 31 10:27:38 2004 UTC (7 years, 8 months ago) by martti
Branch: MAIN
CVS Tags: pkgsrc-2004Q4-base,
pkgsrc-2004Q4,
pkgsrc-2004Q3-base,
pkgsrc-2004Q3
Changes since 1.3: +4 -4
lines
Diff to previous 1.3 (colored)
Updated dropbear to 0.43 - SECURITY: Don't try to free() uninitialised variables in DSS verification code. Thanks to Arne Bernin for pointing out this bug. This is possibly exploitable, all users with DSS and pubkey-auth compiled in are advised to upgrade. - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. - Don't go into an infinite loop when portforwarding to servers which don't send any initial data/banner. Patch from Nikola Vladov - Fix for network vs. host byte order in logging remote TCP ports, also from Gerrit Pape. - Initialise many pointers to NULL, for general safety. Also checked cleanup code for mp_ints (related to security issues above).
Revision 1.3 / (download) - annotate - [select for diffs], Mon Jun 21 18:27:47 2004 UTC (7 years, 11 months ago) by drochner
Branch: MAIN
Changes since 1.2: +4 -4
lines
Diff to previous 1.2 (colored)
update to 0.42 Many fixes and feature additions since 0.38. Too many to list here.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Oct 30 23:22:32 2003 UTC (8 years, 6 months ago) by xtraeme
Branch: MAIN
CVS Tags: pkgsrc-2004Q2-base,
pkgsrc-2004Q2,
pkgsrc-2004Q1-base,
pkgsrc-2004Q1,
pkgsrc-2003Q4-base,
pkgsrc-2003Q4
Changes since 1.1: +4 -4
lines
Diff to previous 1.1 (colored)
Upgrade to 0.38. This closes PR pkg/22984 by Matt Jhonston.
Changes:
0.38 - Sat Oct 11 2003 16:28:13 +0800
o Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key
rather than /etc/dropbear_{rsa,dss}_host_key
o Added SMALL and MULTI text files which have info on compiling for multiple
binaries or small binaries
o Allow for commandline definition of some options.h settings
(without warnings)
o Be more careful handling EINTR
o More fixes for channel closing
o Added multi-binary support
o Improved logging of IPs, now get logged in all cases
o Don't chew cpu when waiting for version identification string, also
make sure that we kick off people if they don't auth within 5 minutes.
o Various small fixes, warnings etc
o sftp support works (relies on OpenSSH sftp binary or similar)
o Added --disable-shadow option (requested by the floppyfw guys)
0.37 - Wed Sept 24 2003 19:42:12 +0800
o Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2,
AIX, BSDs
o Updated LibTomMath to 0.27 and LibTomCrypt to 0.90
o Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h
o Added some small changes so it'll work with AIX (plus Linux Affinity).
Thanks to Shig for them.
More bugfixes, etc.
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Tue Aug 19 15:46:44 2003 UTC (8 years, 9 months ago) by agc
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Initial import of dropbear-0.36 into the NetBSD Packages Collection.
The search for a small Secure Shell server to fit on a laptop with 4
megs ram and no hard disk was fruitless, so Matt Johnston decided to
write his own, and Dropbear is the result. It implements various
features of the SSH 2 protocol, including X11 and Authentication Agent
forwarding. Dropbear is Open Source software, distributed under a
MIT-style license.
Features
* A small memory footprint - Dropbear can compile to a 110kB
statically linked binary with uClibc (and only minimal options
selected).
* Implements X11 forwarding, and authentication-agent forwarding
for OpenSSH clients
* Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
* Features can easily be disabled when compiling to save space.
* Preliminary TCP forwarding support (-L style only)
Revision 1.1 / (download) - annotate - [select for diffs], Tue Aug 19 15:46:44 2003 UTC (8 years, 9 months ago) by agc
Branch: MAIN
Initial revision