non port: security/dropbear/distinfo |
Number of commits found: 41 |
Tuesday, 15 Nov 2022
|
21:52 Piotr Kubaj (pkubaj)
security/dropbear: update to 2022.83
Features and Changes:
Note >> for compatibility/configuration changes
- >> Disable DROPBEAR_DSS by default
It is only 1024 bit and uses sha1, most distros disable it by default already.
- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
>> RSA with sha1 will be disabled in a future release (rsa keys will continue
to work OK, with sha256 signatures used instead).
- Add option for requiring both password and pubkey (-t)
Patch from Jackkal
- Add 'no-touch-required' and 'verify-required' options for sk keys
Patch from Egor Duda
- >> DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
and DROPBEAR_SK_ED25519 options.
- Add 'permitopen' option for authorized_keys to restrict forwarded ports
Patch from Tuomas Haikarainen
- >> Added LTM_CFLAGS configure argument to set flags for building
bundled libtommath. This also restores the previous arguments used
in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
key generation, which regressed in 2022.82.
There is a tradeoff with code size, so -Os can be used if required.
https://github.com/mkj/dropbear/issues/174
Reported by David Bernard
- Add '-z' flag to disable setting QoS traffic class. This may be necessary
to work with broken networks or network drivers, exposed after changes to use
AF21 in 2022.82
https://github.com/mkj/dropbear/issues/193
Reported by yuhongwei380, patch from Petr Štetiar
- Allow overriding user shells with COMPAT_USER_SHELLS
Based on a patch from Matt Robinson
- Improve permission error message
Patch from k-kurematsu
- >> Remove HMAC_MD5 entirely
Regression fixes from 2022.82:
- Fix X11 build
- Fix build warning
- Fix compilation when disabling pubkey authentication
Patch from MaxMougg
- Fix MAX_UNAUTH_CLIENTS regression
Reported by ptpt52
- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled
https://github.com/mkj/dropbear/issues/174
Suggested by Steffen Jaeckel
- Fix Dropbear plugin support
https://github.com/mkj/dropbear/issues/194
Reported by Struan Bartlett
Other fixes:
- Fix long standing incorrect compression size check. Dropbear
(client or server) would erroneously exit with
"bad packet, oversized decompressed"
when receiving a compressed packet of exactly the maximum size.
- Fix missing setsid() removed in 2020.79
https://github.com/mkj/dropbear/issues/180
Reported and debugged by m5jt and David Bernard
- Try keyboard-interactive auth before password, in dbclient.
This was unintentionally changed back in 2013
https://github.com/mkj/dropbear/pull/190
Patch from Michele Giacomoli
- Drain the terminal when reading the fingerprint confirmation response
https://github.com/mkj/dropbear/pull/191
Patch from Michele Giacomoli
- Fix utx wtmp variable typo. This has been wrong for a long time but
only recently became a problem when wtmp was detected.
https://github.com/mkj/dropbear/pull/189
Patch from Michele Giacomoli
- Improve configure test for hardening options.
Fixes building on AIX
https://github.com/mkj/dropbear/issues/158
- Fix debian/dropbear.init newline
From wulei-student
Infrastructure:
- Test off-by-default compile options
- Set -Wundef to catch typos in #if statements
1711222 |
Wednesday, 6 Apr 2022
|
21:22 Piotr Kubaj (pkubaj)
security/dropbear: update to 2022.82
Remove the not supported TWOFISH options.
Changelog: https://matt.ucc.asn.au/dropbear/CHANGES
01fecbc |
Friday, 30 Oct 2020
|
11:53 pkubaj
security/dropbear: update to 2020.81
Changelog:
- Fix regression in 2020.79 which prevented connecting with some SSH
implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log
message if the limit is hit. This fixes interoperability with sshj
library (used by PyCharm), and GoAnywhere.
Reported by Pirmin Walthert and Piotr Jurkiewicz
- Fix building with non-GCC compilers, reported by Kazuo Kuroi
- Fix potential long delay in dbclient, found by OSS Fuzz
- Fix null pointer dereference crash, found by OSS Fuzz
- libtommath now uses the same random source as Dropbear (in 2020.79
and 2020.80 used getrandom() separately)
- Some fuzzing improvements, start of a dbclient fuzzer
|
Sunday, 28 Jun 2020
|
00:27 pkubaj
security/dropbear: update to 2020.80
|
Tuesday, 16 Jun 2020
|
11:44 pkubaj
security/dropbear: update to 2020.79
Add some new options, remove needless patching, move to Dropbear's system for
non-default options.
|
Tuesday, 11 Jun 2019
|
15:57 pkubaj
security/dropbear: update to 2019.78, change maintainer
Update the port to 2019.78 and change maintainer to my FreeBSD address.
Approved by: mat (mentor)
Differential Revision: https://reviews.freebsd.org/D20601
|
Tuesday, 27 Mar 2018
|
18:50 jrm
security/dropbear: Update to version 2018.76
PR: 226339
Submitted by: pkubaj@anongoth.pl (maintainer)
Differential Revision: https://reviews.freebsd.org/D14829
|
Monday, 3 Jul 2017
|
19:32 ultima
Updated to 2017.75
Changelog: https://matt.ucc.asn.au/dropbear/CHANGES
PR: 220158
Submitted by: Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
Reviewed by: lifanov (mentor)
Approved by: lifanov (mentor)
MFH: 2017Q3
Security: http://www.vuxml.org/freebsd/60931f98-55a7-11e7-8514-589cfc0654e1.html
Differential Revision: https://reviews.freebsd.org/D11400
|
Monday, 1 Aug 2016
|
17:43 pawel
- Update to version 2016.74
- Add license information
Changelog:
- Security: Message printout was vulnerable to format string injection.
If specific usernames including "%" symbols can be created on a system
(validated by getpwnam()) then an attacker could run arbitrary code as root
when connecting to Dropbear server.
A dbclient user who can control username or host arguments could potentially
run arbitrary code as the dbclient user. This could be a problem if scripts
or webpages pass untrusted input to the dbclient program.
- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
the local dropbearconvert user when parsing malicious key files
- Security: dbclient could run arbitrary code as the local dbclient user if
particular -m or -c arguments are provided. This could be an issue where
dbclient is used in scripts.
- Security: dbclient or dropbear server could expose process memory to the
running user if compiled with DEBUG_TRACE and running with -v
PR: 211298
Submitted by: Piotr Kubaj (maintainer)
MFH: 2016Q3
|
Sunday, 24 Apr 2016
|
09:24 lme
Update to 2016.73
PR: 208962
Submitted by: maintainer
Sponsored by: Essen Linuxhotel Hackathon 2016
|
Monday, 14 Mar 2016
|
14:09 feld
security/dropbear: Update to 2016.72
PR: 207903
MFH: 2016Q1
Security: CVE-2016-3116
|
Saturday, 9 Jan 2016
|
09:07 miwi
- Update to 2015.71
- Update maintainer mail
PR: 206000
Submitted by: maintainer
|
Sunday, 11 Oct 2015
|
11:42 ak
- Update to 2015.68 [1]
- Drop maintainership
PR: 203694 [1]
Submitted by: pkubaj@riseup.net
|
Friday, 27 Mar 2015
|
10:43 ak
- Update to 2015.67
|
Friday, 24 Oct 2014
|
10:45 ak
- Update to 2014.66
|
Friday, 22 Aug 2014
|
14:16 ak
- Update to 2014.65
|
Tuesday, 20 May 2014
|
07:06 ak
- Update to 2014.63
|
Friday, 24 Jan 2014
|
06:35 ak
- Update to 2013.62
|
Thursday, 17 Oct 2013
|
11:25 ak
- Update to 2013.60
|
Monday, 14 Oct 2013
|
08:56 ak
- Update to 2013.59
|
Sunday, 21 Apr 2013
|
07:36 ak
- Update to 2013.58
Feature safe: yes
|
Wednesday, 17 Apr 2013
|
02:58 ak
- Update to 2013.57
Feature safe: yes
|
Sunday, 4 Mar 2012
|
21:20 ak
Update to 2012.55
- fix arbitrary code execution (CVE-2012-0920)
Approved by: eadler (mentor)
|
Tuesday, 27 Dec 2011
|
23:10 scheidell
- Fix compile if WITH_STATIC is enabled [1]
- Also pr ports/163593, which is a duplicate of this one. root@42.org [2]
PR: ports/163217
Submitted by: Mattia Rossi <mrossi@swin.edu.au> [1], root@42.org [2]
Approved by: spam@rm-rf.kiev.ua (maintainer), gabor (mentor)
|
Monday, 20 Jun 2011
|
12:57 dhn
- Update to 0.53.1
PR: ports/158027
Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)
|
Friday, 26 Dec 2008
|
22:16 miwi
- Update to 0.52
PR: 129961
Submitted by: Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)
|
Monday, 5 May 2008
|
06:52 rafan
- Update to 0.51
- Use @dirrmtry
PR: ports/123355
Submitted by: Alex Kozlov <spam at rm-rf.kiev.ua> (maintainer)
|
Tuesday, 14 Aug 2007
|
13:52 itetcu
- Update security/dropbear to 0.50.
-Drop deprecated WANT_* knob.
PR: ports/115475
Submitted by: Alex Kozlov (maintainer)
|
Sunday, 18 Mar 2007
|
17:51 clement
- Update to 0.49
- OPTIONify
- Fix some documentation
- drop maintainership
PR: ports/108785
Submitted by: Alex Kozlov<spam@rm-rf.kiev.ua>
|
Friday, 3 Nov 2006
|
11:15 clement
- Update to 0.48.1
|
Monday, 19 Dec 2005
|
09:20 clement
- Update to 0.47
- SECURITY: fix for buffer allocation error in server code, could potentially
allow authenticated users to gain elevated privileges.
PR: ports/90531
Submitted by: Gea-Suan Lin <gslin@gslin.org>
|
Sunday, 10 Jul 2005
|
19:52 clement
- Update to 0.46
|
Saturday, 8 Jan 2005
|
16:49 clement
- Update to 0.44
|
Saturday, 31 Jul 2004
|
09:10 clement
Security fix.
- Update to 0.43
This release fixes a DSS verification vulnerability.
See:
http://www.freebsd.org/ports/portaudit/0316f983-dfb6-11d8-9b0a-000347a4fa7d.html
|
Saturday, 7 Feb 2004
|
17:16 clement
- SIZEify distinfo
|
Wednesday, 21 Jan 2004
|
10:38 clement
- Update to 0.41
|
Wednesday, 14 Jan 2004
|
12:17 clement
- Update to 0.40
Approved by: erwin (mentor) (implicitly)
|
Wednesday, 17 Dec 2003
|
11:56 krion
- Update to version 0.39
PR: 60296
Submitted by: maintainer
|
Saturday, 11 Oct 2003
|
18:05 erwin
Update to 0.38
PR: 57866
Submitted by: maintainer
|
Thursday, 25 Sep 2003
|
10:22 krion
- Update to version 0.37
PR: 57188
Submitted by: maintainer
|
Monday, 8 Sep 2003
|
09:09 edwin
[new port] security/dropbear: a lightweight SSH2 server
Dropbear is an SSH 2 server, designed to be usable in small
memory environments.
It supports:
* Main features of SSH 2 protocol
* Implements X11 forwarding, and authentication-agent forwarding
for OpenSSH clients
* Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
WWW: http://matt.ucc.asn.au/dropbear/dropbear.html
PR: ports/55795
Submitted by: Clement Laforet <sheepkiller@cultdeadsheep.org>
|
Number of commits found: 41 |