notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Port details
dropbear SSH 2 server, designed to be usable in small memory environments
2020.81 security on this many watch lists=5 search for ports that depend on this port An older version of this port was marked as vulnerable. Find issues related to this port Report an issue related to this port View this port on Repology. pkg-fallout 2020.81Version of this port present on the latest quarterly branch.
Maintainer: pkubaj@FreeBSD.org search for ports maintained by this maintainer
Port Added: 2003-09-08 09:10:57
Last Update: 2021-04-06 14:31:07
Commit Hash: 305f148
People watching this port, also watch:: vim, postfix, coreutils, python, dspam
License: MIT
Description:
SVNWeb : git : Homepage
pkg-plist: as obtained via: make generate-plist
Expand this list (16 items)
Collapse this list.
  1. /usr/local/share/licenses/dropbear-2020.81/catalog.mk
  2. /usr/local/share/licenses/dropbear-2020.81/LICENSE
  3. /usr/local/share/licenses/dropbear-2020.81/MIT
  4. bin/dbclient
  5. bin/dbscp
  6. bin/dropbearconvert
  7. bin/dropbearkey
  8. man/man1/dbclient.1.gz
  9. man/man1/dropbearconvert.1.gz
  10. man/man1/dropbearkey.1.gz
  11. man/man8/dropbear.8.gz
  12. sbin/dropbear
  13. @dir etc/dropbear
  14. @owner
  15. @group
  16. @mode
Collapse this list.
Dependency lines:
  • dropbear>0:security/dropbear
To install the port: cd /usr/ports/security/dropbear/ && make install clean
To add the package, run one of these commands:
  • pkg install security/dropbear
  • pkg install dropbear
PKGNAME: dropbear
Flavors: there is no flavor information for this port.
distinfo:
Packages (timestamps in pop-ups are UTC):
dropbear
ABIlatestquarterly
FreeBSD:11:aarch642018.762020.80
FreeBSD:11:amd642020.812020.81
FreeBSD:11:armv62016.732020.80
FreeBSD:11:i3862020.812020.81
FreeBSD:11:mips--
FreeBSD:11:mips642016.732020.80
FreeBSD:12:aarch642018.762020.81
FreeBSD:12:amd642020.812020.81
FreeBSD:12:armv62018.762020.80_2
FreeBSD:12:armv72018.762020.80_2
FreeBSD:12:i3862020.812020.81
FreeBSD:12:mips--
FreeBSD:12:mips642018.762020.80
FreeBSD:12:powerpc64-2020.81
FreeBSD:13:aarch642020.812020.81
FreeBSD:13:amd642020.812020.81
FreeBSD:13:armv62020.812020.81
FreeBSD:13:armv72020.812020.81
FreeBSD:13:i3862020.812020.81
FreeBSD:13:mips--
FreeBSD:13:mips642020.812020.81
FreeBSD:13:powerpc642020.812020.81
FreeBSD:14:aarch642020.81-
FreeBSD:14:amd642020.81-
FreeBSD:14:armv62020.81-
FreeBSD:14:armv72020.81-
FreeBSD:14:i3862020.81-
FreeBSD:14:mips--
FreeBSD:14:mips642020.81-
FreeBSD:14:powerpc642020.81-
 

Dependencies
NOTE: FreshPorts displays only information on required and default dependencies. Optional dependencies are not covered.
Build dependencies:
  1. gmake>=4.3 : devel/gmake
There are no ports dependent upon this port

Configuration Options:
Options name:

USES:

Master Sites:
Expand this list (1 items)
Collapse this list.
  1. https://matt.ucc.asn.au/dropbear/releases/
Collapse this list.
Notes from UPDATING
These upgrade notes are taken from /usr/ports/UPDATING
  • 2014-05-20
    Affects: users of security/dropbear
    Author: ak@FreeBSD.org
    Reason: 
      security/dropbear port separator syntax was changed (again), now using
      host^port instead of host%port.
    
      You may need to update your config files while updating to 2014.63 from
      the previous versions.
    
    

Number of commits found: 70

Commit History - (may be incomplete: see SVNWeb link above for full details)
DateByDescription
06 Apr 2021 14:31:07
 files touched by this commit commit hash:305f148f482daf30dcf728039d03d019f88344eb  2020.81
mat search for other commits by this committer
Remove # $FreeBSD$ from Makefiles.
30 Oct 2020 11:53:41
Original commit files touched by this commit Revision:553685  2020.81
pkubaj search for other commits by this committer
security/dropbear: update to 2020.81

Changelog:
- Fix regression in 2020.79 which prevented connecting with some SSH
  implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log
  message if the limit is hit. This fixes interoperability with sshj
  library (used by PyCharm), and GoAnywhere.
  Reported by Pirmin Walthert and Piotr Jurkiewicz

- Fix building with non-GCC compilers, reported by Kazuo Kuroi

- Fix potential long delay in dbclient, found by OSS Fuzz

- Fix null pointer dereference crash, found by OSS Fuzz

- libtommath now uses the same random source as Dropbear (in 2020.79
  and 2020.80 used getrandom() separately)

- Some fuzzing improvements, start of a dbclient fuzzer
23 Oct 2020 00:18:21
Original commit files touched by this commit Revision:553061  2020.80_2
pkubaj search for other commits by this committer
security/dropbear: change in rc DSS to ed25519

dropbear no longer supports DSS keys, use ed25519 instead. rc file needs to be
updated.
currently starting dropbear fails with error:
% service dropbear start
...
Unknown key type 'dss'
...

Submitted by:	waitman@waitman.net
PR:		250192
MFH:		2020Q4 (runtime fix)
07 Jul 2020 12:25:53
Original commit files touched by this commit Revision:541416  2020.80_1
tobik search for other commits by this committer
security/dropbear: Fix typo and unbreak SHA2_512 option

Reported by:	portscan
28 Jun 2020 00:27:22
Original commit files touched by this commit Revision:540659  2020.80
pkubaj search for other commits by this committer
security/dropbear: update to 2020.80
16 Jun 2020 11:44:43
Original commit files touched by this commit Revision:539342  2020.79
pkubaj search for other commits by this committer
security/dropbear: update to 2020.79

Add some new options, remove needless patching, move to Dropbear's system for
non-default options.
06 Jan 2020 12:44:25
Original commit files touched by this commit Revision:522218  2019.78_1
pkubaj search for other commits by this committer
security/dropbear: add scp

Build and install the scp binary with the dropbear package. To avoid a name
colision with openssh-portable, call binary dbscp.

PR:		242551
Submitted by:	mm
09 Oct 2019 12:20:31
Original commit files touched by this commit Revision:514144  2019.78
bapt search for other commits by this committer
Drop the ipv6 virtual category for s* category as it is not relevant anymore
11 Jun 2019 15:57:19
Original commit files touched by this commit Revision:503966  2019.78
pkubaj search for other commits by this committer
security/dropbear: update to 2019.78, change maintainer

Update the port to 2019.78 and change maintainer to my FreeBSD address.

Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D20601
09 Nov 2018 19:42:12
Original commit files touched by this commit Revision:484543  2018.76
swills search for other commits by this committer
security/dropbear: fix CBC option

PR:		232143
Reported by:	dewayne@heuristicsystems.com.au
Approved by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
27 Jul 2018 21:01:50
Original commit files touched by this commit Revision:475463  2018.76
swills search for other commits by this committer
security/dropbear: mark CBC option broken

PR:		226339
Approved by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
27 Mar 2018 18:50:24
Original commit files touched by this commit Revision:465733  2018.76
jrm search for other commits by this committer
security/dropbear: Update to version 2018.76

PR:		226339
Submitted by:	pkubaj@anongoth.pl (maintainer)
Differential Revision:	https://reviews.freebsd.org/D14829
03 Jul 2017 19:32:12
Original commit files touched by this commit Revision:444987  2017.75
ultima search for other commits by this committer
Updated to 2017.75

Changelog:	https://matt.ucc.asn.au/dropbear/CHANGES

PR:		220158
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
Reviewed by:	lifanov (mentor)
Approved by:	lifanov (mentor)
MFH:		2017Q3
Security:	http://www.vuxml.org/freebsd/60931f98-55a7-11e7-8514-589cfc0654e1.html
Differential Revision:	https://reviews.freebsd.org/D11400
01 Aug 2016 17:43:19
Original commit files touched by this commit Revision:419445  2016.74 This port version is marked as vulnerable.
pawel search for other commits by this committer
- Update to version 2016.74
- Add license information

Changelog:
- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
(Only the first 15 lines of the commit message are shown above View all of this commit message)
24 Apr 2016 09:24:04
Original commit files touched by this commit Revision:413929  2016.73 This port version is marked as vulnerable.
lme search for other commits by this committer
Update to 2016.73

PR:		208962
Submitted by:	maintainer
Sponsored by:	Essen Linuxhotel Hackathon 2016
29 Mar 2016 18:51:15
Original commit files touched by this commit Revision:412129  2016.72 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Add CPE information

PR:		208327
Submitted by:	shun.fbsd.pr@dropcut.net
Approved by:	portmgr blanket
14 Mar 2016 14:09:07
Original commit files touched by this commit Revision:411074  2016.72 This port version is marked as vulnerable.
feld search for other commits by this committer
security/dropbear: Update to 2016.72

PR:		207903
MFH:		2016Q1
Security:	CVE-2016-3116
15 Jan 2016 09:18:54
Original commit files touched by this commit Revision:406146  2015.71 This port version is marked as vulnerable.
gahr search for other commits by this committer
security/dropbear: support extra arguments in rc.conf

PR:		206211
Submitted by:	gahr
Approved by:	pkubaj@anongoth.pl (maintainer)
09 Jan 2016 09:07:27
Original commit files touched by this commit Revision:405616  2015.71 This port version is marked as vulnerable.
miwi search for other commits by this committer
- Update to 2015.71
- Update maintainer mail

PR:		206000
Submitted by:	maintainer
11 Oct 2015 12:02:39
Original commit files touched by this commit Revision:399085  2015.68 This port version is marked as vulnerable.
ak search for other commits by this committer
- Pass maintainership to submitter

Submitted by:	Piotr Kubaj <pkubaj@riseup.net>
11 Oct 2015 11:42:27
Original commit files touched by this commit Revision:399084  2015.68 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2015.68 [1]
- Drop maintainership

PR:	203694 [1]
Submitted by:	pkubaj@riseup.net
27 Mar 2015 10:43:50
Original commit files touched by this commit Revision:382395  2015.67 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2015.67
21 Dec 2014 21:39:06
Original commit files touched by this commit Revision:375196  2014.66_1 This port version is marked as vulnerable.
ak search for other commits by this committer
- Convert to pkg-plist
21 Dec 2014 17:44:26
Original commit files touched by this commit Revision:375172  2014.66_1 This port version is marked as vulnerable.
antoine search for other commits by this committer
Put back empty dir in plist
20 Dec 2014 19:37:45
Original commit files touched by this commit Revision:375111  2014.66 This port version is marked as vulnerable.
bapt search for other commits by this committer
cleanup plist
24 Oct 2014 10:45:20
Original commit files touched by this commit Revision:371432  2014.66 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2014.66
25 Sep 2014 11:35:44
Original commit files touched by this commit Revision:369242  2014.65 This port version is marked as vulnerable.
ak search for other commits by this committer
- Remove obsolete @dirrm(try)
- Convert PLIST_DIRSTRY to PLIST_DIRS
22 Aug 2014 14:16:56
Original commit files touched by this commit Revision:365661  2014.65 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2014.65
20 May 2014 07:06:09
Original commit files touched by this commit Revision:354608  2014.63 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2014.63
20 May 2014 06:06:36
Original commit files touched by this commit Revision:354597  2013.62 This port version is marked as vulnerable.
ak search for other commits by this committer
- Add/update license when possible
- Modernize ports Makefiles
- Update MASTER_SITES/distfile for converters/chmview
24 Jan 2014 06:35:29
Original commit files touched by this commit Revision:340879  2013.62 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2013.62
17 Oct 2013 11:25:36
Original commit files touched by this commit Revision:330630  2013.60 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2013.60
14 Oct 2013 08:56:37
Original commit files touched by this commit Revision:330285  2013.59 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2013.59
25 Sep 2013 20:02:05
Original commit files touched by this commit Revision:328311  2013.58 This port version is marked as vulnerable.
ak search for other commits by this committer
- Support STAGEDIR
- Convert to USES=gmake
- Convert to options helpers
- Reformat pkg-descr
20 Sep 2013 22:55:26
Original commit files touched by this commit Revision:327769  2013.58 This port version is marked as vulnerable.
bapt search for other commits by this committer
Add NO_STAGE all over the place in preparation for the staging support (cat:
security)
21 Apr 2013 07:36:55
Original commit files touched by this commit Revision:316170  2013.58 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2013.58

Feature safe:	yes
17 Apr 2013 02:58:24
Original commit files touched by this commit Revision:315925  2013.57 This port version is marked as vulnerable.
ak search for other commits by this committer
- Update to 2013.57

Feature safe: yes
17 Feb 2013 08:43:17
Original commit files touched by this commit Revision:312405  2012.55 This port version is marked as vulnerable.
ak search for other commits by this committer
- Install manpages [1]
- Convert Makefile headers to new style
- Remove indefinite article from COMMENT

PR:	ports/176198 (based on) [1]
Submitted by:	Brett Wynkoop <bsdbugs@wynn.com>
25 Jun 2012 04:15:50
Original commit files touched by this commit   2012.55 This port version is marked as vulnerable.
ak search for other commits by this committer
- Convert to optionsNG
- Pet portlint
- Remove pkg-plist from security/dropbear

Approved by:    eadler (mentor)
04 Mar 2012 21:20:55
Original commit files touched by this commit   2012.55 This port version is marked as vulnerable.
ak search for other commits by this committer
Update to 2012.55
- fix arbitrary code execution (CVE-2012-0920)

Approved by:    eadler (mentor)
02 Mar 2012 23:43:45
Original commit files touched by this commit   2011.54 This port version is marked as vulnerable.
ak search for other commits by this committer
Update maintainer email in my ports

Approved by:    eadler (mentor)
14 Jan 2012 08:57:23
Original commit files touched by this commit   2011.54 This port version is marked as vulnerable.
dougb search for other commits by this committer
In the rc.d scripts, change assignments to rcvar to use the
literal name_enable wherever possible, and ${name}_enable
when it's not, to prepare for the demise of set_rcvar().

In cases where I had to hand-edit unusual instances also
modify formatting slightly to be more uniform (and in
some cases, correct). This includes adding some $FreeBSD$
tags, and most importantly moving rcvar= to right after
name= so it's clear that one is derived from the other.
27 Dec 2011 23:10:11
Original commit files touched by this commit   2011.54 This port version is marked as vulnerable.
scheidell search for other commits by this committer
- Fix compile if WITH_STATIC is enabled [1]
- Also pr ports/163593, which is a duplicate of this one. root@42.org [2]

PR:             ports/163217
Submitted by:   Mattia Rossi <mrossi@swin.edu.au> [1], root@42.org [2]
Approved by:    spam@rm-rf.kiev.ua (maintainer), gabor (mentor)
23 Sep 2011 22:26:39
Original commit files touched by this commit   0.53.1 This port version is marked as vulnerable.
amdmi3 search for other commits by this committer
- Add LDFLAGS to CONFIGURE_ENV and MAKE_ENV (as it was done with LDFLAGS)
- Fix all ports that add {CPP,LD}FLAGS to *_ENV to modify flags instead

PR:             157936
Submitted by:   myself
Exp-runs by:    pav
Approved by:    pav
20 Jun 2011 12:57:56
Original commit files touched by this commit   0.53.1 This port version is marked as vulnerable.
dhn search for other commits by this committer
- Update to 0.53.1

PR:             ports/158027
Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)
27 Mar 2010 00:15:24
Original commit files touched by this commit   0.52 This port version is marked as vulnerable.
dougb search for other commits by this committer
Begin the process of deprecating sysutils/rc_subr by
s#. %%RC_SUBR%%#. /etc/rc.subr#
20 Jan 2010 09:24:24
Original commit files touched by this commit   0.52 This port version is marked as vulnerable.
ed search for other commits by this committer
Remove an unneeded inclusion of <utmp.h>.

Submitted by:   Alex Kozlov <spam rm-rf kiev ua>
26 Dec 2008 22:16:27
Original commit files touched by this commit   0.52 This port version is marked as vulnerable.
miwi search for other commits by this committer
- Update to 0.52

PR:             129961
Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)
05 May 2008 06:52:58
Original commit files touched by this commit   0.51 This port version is marked as vulnerable.
rafan search for other commits by this committer
- Update to 0.51
- Use @dirrmtry

PR:             ports/123355
Submitted by:   Alex Kozlov <spam at rm-rf.kiev.ua> (maintainer)
19 Apr 2008 17:56:05
Original commit files touched by this commit   0.50  Sanity Test Failure This port version is marked as vulnerable.
miwi search for other commits by this committer
- Remove unneeded dependency from gtk12/gtk20 [1]
- Remove USE_XLIB/USE_X_PREFIX/USE_XPM in favor of USE_XORG
- Remove X11BASE support in favor of LOCALBASE or PREFIX
- Use USE_LDCONFIG instead of INSTALLS_SHLIB
- Remove unneeded USE_GCC 3.4+

Thanks to all Helpers:
        Dmitry Marakasov, Chess Griffin, beech@, dinoex, rafan, gahr,
        ehaupt, nox, itetcu, flz, pav

PR:             116263
Tested on:      pointyhat
Approved by:    portmgr (pav)
14 Aug 2007 13:52:32
Original commit files touched by this commit   0.50 This port version is marked as vulnerable.
itetcu search for other commits by this committer
- Update security/dropbear to 0.50.
-Drop deprecated WANT_* knob.

PR:             ports/115475
Submitted by:   Alex Kozlov (maintainer)
16 Apr 2007 19:33:06
Original commit files touched by this commit   0.49_1 This port version is marked as vulnerable.
rafan search for other commits by this committer
- Use new world rc script

PR:             ports/111361
Approved by:    Alex Kozlov (maintainer)
Tested by:      Alex Kozlov, rafan
23 Mar 2007 08:41:18
Original commit files touched by this commit   0.49 This port version is marked as vulnerable.
clement search for other commits by this committer
- Pass maintainership to Alex Kozlov.
18 Mar 2007 17:51:19
Original commit files touched by this commit   0.49 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update to 0.49
- OPTIONify
- Fix some documentation
- drop maintainership

PR:             ports/108785
Submitted by:   Alex Kozlov<spam@rm-rf.kiev.ua>
03 Nov 2006 11:15:46
Original commit files touched by this commit   0.48.1 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update to 0.48.1
13 May 2006 04:15:53
Original commit files touched by this commit   0.47 This port version is marked as vulnerable.
edwin search for other commits by this committer
Remove USE_REINPLACE from all categories starting with S
19 Dec 2005 09:20:32
Original commit files touched by this commit   0.47 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update to 0.47
- SECURITY: fix for buffer allocation error in server code, could potentially
  allow authenticated users to gain elevated privileges.

PR:             ports/90531
Submitted by:   Gea-Suan Lin <gslin@gslin.org>
10 Jul 2005 19:52:15
Original commit files touched by this commit   0.46 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update to 0.46
08 Jan 2005 16:49:03
Original commit files touched by this commit   0.44 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update to 0.44
31 Jul 2004 09:10:43
Original commit files touched by this commit   0.43 This port version is marked as vulnerable.
clement search for other commits by this committer
Security fix.
- Update to 0.43
  This release fixes a DSS verification vulnerability.
  See:
 
http://www.freebsd.org/ports/portaudit/0316f983-dfb6-11d8-9b0a-000347a4fa7d.html
07 Feb 2004 17:16:21
Original commit files touched by this commit   0.41_1 This port version is marked as vulnerable.
clement search for other commits by this committer
- SIZEify distinfo
04 Feb 2004 05:10:27
Original commit files touched by this commit   0.41_1 This port version is marked as vulnerable.
marcus search for other commits by this committer
Bump PORTREVISION on all ports that depend on gettext to aid with upgrading.

(Part 1)
21 Jan 2004 10:38:58
Original commit files touched by this commit   0.41 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update to 0.41
14 Jan 2004 12:17:49
Original commit files touched by this commit   0.40 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update to 0.40

Approved by:        erwin (mentor) (implicitly)
13 Jan 2004 15:04:51
Original commit files touched by this commit   0.39 This port version is marked as vulnerable.
clement search for other commits by this committer
- Update my email address

Approved and reviewed by:    erwin (mentor)
17 Dec 2003 11:56:01
Original commit files touched by this commit   0.39 This port version is marked as vulnerable.
krion search for other commits by this committer
- Update to version 0.39

PR:             60296
Submitted by:   maintainer
11 Oct 2003 18:05:09
Original commit files touched by this commit   0.38 This port version is marked as vulnerable.
erwin search for other commits by this committer
Update to 0.38

PR:             57866
Submitted by:   maintainer
06 Oct 2003 12:30:06
Original commit files touched by this commit   0.37 This port version is marked as vulnerable.
edwin search for other commits by this committer
[maintainer patch] security/dropbear: Change fetch location

        I'm rearranging the files a bit on the Dropbear site to
        avoid problems with links going away for previous versions,
        would you be able to change the source url for Dropbear to
        be the package in the http://matt.ucc.asn.au/dropbear/releases/
        directory, rather than just the /dropbear/ dir?

PR:             ports/57643
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>
25 Sep 2003 10:22:59
Original commit files touched by this commit   0.37 This port version is marked as vulnerable.
krion search for other commits by this committer
- Update to version 0.37

PR:             57188
Submitted by:   maintainer
08 Sep 2003 09:09:36
Original commit files touched by this commit   0.36 This port version is marked as vulnerable.
edwin search for other commits by this committer
[new port] security/dropbear: a lightweight SSH2 server

        Dropbear is an SSH 2 server, designed to be usable in small
        memory environments.

        It supports:
                * Main features of SSH 2 protocol
                * Implements X11 forwarding, and authentication-agent forwarding
                for OpenSSH clients
                * Compatible with OpenSSH ~/.ssh/authorized_keys public key
                authentication

        WWW: http://matt.ucc.asn.au/dropbear/dropbear.html

PR:             ports/55795
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>

Number of commits found: 70