21:52 Piotr Kubaj (pkubaj) 

security/dropbear: update to 2022.83

Features and Changes:
  Note >> for compatibility/configuration changes

- >> Disable DROPBEAR_DSS by default
  It is only 1024 bit and uses sha1, most distros disable it by default already.

- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
  >> RSA with sha1 will be disabled in a future release (rsa keys will continue
  to work OK, with sha256 signatures used instead).

- Add option for requiring both password and pubkey (-t)
  Patch from Jackkal

- Add 'no-touch-required' and 'verify-required' options for sk keys
  Patch from Egor Duda

  - >> DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
  and DROPBEAR_SK_ED25519 options.

- Add 'permitopen' option for authorized_keys to restrict forwarded ports
  Patch from Tuomas Haikarainen

- >> Added LTM_CFLAGS configure argument to set flags for building
  bundled libtommath. This also restores the previous arguments used
  in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
  key generation, which regressed in 2022.82.
  There is a tradeoff with code size, so -Os can be used if required.
  https://github.com/mkj/dropbear/issues/174
  Reported by David Bernard

- Add '-z' flag to disable setting QoS traffic class. This may be necessary
  to work with broken networks or network drivers, exposed after changes to use
  AF21 in 2022.82
  https://github.com/mkj/dropbear/issues/193
  Reported by yuhongwei380, patch from Petr Štetiar

- Allow overriding user shells with COMPAT_USER_SHELLS
  Based on a patch from Matt Robinson

- Improve permission error message
  Patch from k-kurematsu

- >> Remove HMAC_MD5 entirely

Regression fixes from 2022.82:

- Fix X11 build

- Fix build warning

- Fix compilation when disabling pubkey authentication
  Patch from MaxMougg

- Fix MAX_UNAUTH_CLIENTS regression
  Reported by ptpt52

- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled
  https://github.com/mkj/dropbear/issues/174
  Suggested by Steffen Jaeckel

- Fix Dropbear plugin support
  https://github.com/mkj/dropbear/issues/194
  Reported by Struan Bartlett

Other fixes:

- Fix long standing incorrect compression size check. Dropbear
  (client or server) would erroneously exit with
  "bad packet, oversized decompressed"
  when receiving a compressed packet of exactly the maximum size.

- Fix missing setsid() removed in 2020.79
  https://github.com/mkj/dropbear/issues/180
  Reported and debugged by m5jt and David Bernard

- Try keyboard-interactive auth before password, in dbclient.
  This was unintentionally changed back in 2013
  https://github.com/mkj/dropbear/pull/190
  Patch from Michele Giacomoli

- Drain the terminal when reading the fingerprint confirmation response
  https://github.com/mkj/dropbear/pull/191
  Patch from Michele Giacomoli

- Fix utx wtmp variable typo. This has been wrong for a long time but
  only recently became a problem when wtmp was detected.
  https://github.com/mkj/dropbear/pull/189
  Patch from Michele Giacomoli

- Improve configure test for hardening options.
  Fixes building on AIX
  https://github.com/mkj/dropbear/issues/158

- Fix debian/dropbear.init newline
  From wulei-student

Infrastructure:

- Test off-by-default compile options
- Set -Wundef to catch typos in #if statements

    1711222

21:22 Piotr Kubaj (pkubaj) 

security/dropbear: update to 2022.82

Remove the not supported TWOFISH options.

Changelog:	https://matt.ucc.asn.au/dropbear/CHANGES

    01fecbc

11:53 pkubaj 

security/dropbear: update to 2020.81

Changelog:
- Fix regression in 2020.79 which prevented connecting with some SSH
  implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log
  message if the limit is hit. This fixes interoperability with sshj
  library (used by PyCharm), and GoAnywhere.
  Reported by Pirmin Walthert and Piotr Jurkiewicz

- Fix building with non-GCC compilers, reported by Kazuo Kuroi

- Fix potential long delay in dbclient, found by OSS Fuzz

- Fix null pointer dereference crash, found by OSS Fuzz

- libtommath now uses the same random source as Dropbear (in 2020.79
  and 2020.80 used getrandom() separately)

- Some fuzzing improvements, start of a dbclient fuzzer

 

00:27 pkubaj 

security/dropbear: update to 2020.80

 

11:44 pkubaj 

security/dropbear: update to 2020.79

Add some new options, remove needless patching, move to Dropbear's system for
non-default options.

 

15:57 pkubaj 

security/dropbear: update to 2019.78, change maintainer

Update the port to 2019.78 and change maintainer to my FreeBSD address.

Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D20601

 

18:50 jrm 

security/dropbear: Update to version 2018.76

PR:		226339
Submitted by:	pkubaj@anongoth.pl (maintainer)
Differential Revision:	https://reviews.freebsd.org/D14829

 

19:32 ultima 

Updated to 2017.75

Changelog:	https://matt.ucc.asn.au/dropbear/CHANGES

PR:		220158
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
Reviewed by:	lifanov (mentor)
Approved by:	lifanov (mentor)
MFH:		2017Q3
Security:	http://www.vuxml.org/freebsd/60931f98-55a7-11e7-8514-589cfc0654e1.html
Differential Revision:	https://reviews.freebsd.org/D11400

 

17:43 pawel 

- Update to version 2016.74
- Add license information

Changelog:
- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

PR:		211298
Submitted by:	Piotr Kubaj (maintainer)
MFH:		2016Q3

 

09:24 lme 

Update to 2016.73

PR:		208962
Submitted by:	maintainer
Sponsored by:	Essen Linuxhotel Hackathon 2016

 

14:09 feld 

security/dropbear: Update to 2016.72

PR:		207903
MFH:		2016Q1
Security:	CVE-2016-3116

 

09:07 miwi 

- Update to 2015.71
- Update maintainer mail

PR:		206000
Submitted by:	maintainer

 

11:42 ak 

- Update to 2015.68 [1]
- Drop maintainership

PR:	203694 [1]
Submitted by:	pkubaj@riseup.net

 

10:43 ak 

- Update to 2015.67

 

10:45 ak 

- Update to 2014.66

 

14:16 ak 

- Update to 2014.65

 

07:06 ak 

- Update to 2014.63

 

06:35 ak 

- Update to 2013.62

 

11:25 ak 

- Update to 2013.60

 

08:56 ak 

- Update to 2013.59

 

07:36 ak 

- Update to 2013.58

Feature safe:	yes

 

02:58 ak 

- Update to 2013.57

Feature safe: yes

 

21:20 ak 

Update to 2012.55
- fix arbitrary code execution (CVE-2012-0920)

Approved by:    eadler (mentor)

23:10 scheidell 

- Fix compile if WITH_STATIC is enabled [1]
- Also pr ports/163593, which is a duplicate of this one. root@42.org [2]

PR:             ports/163217
Submitted by:   Mattia Rossi <mrossi@swin.edu.au> [1], root@42.org [2]
Approved by:    spam@rm-rf.kiev.ua (maintainer), gabor (mentor)

12:57 dhn 

- Update to 0.53.1

PR:             ports/158027
Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)

22:16 miwi 

- Update to 0.52

PR:             129961
Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)

06:52 rafan 

- Update to 0.51
- Use @dirrmtry

PR:             ports/123355
Submitted by:   Alex Kozlov <spam at rm-rf.kiev.ua> (maintainer)

13:52 itetcu 

- Update security/dropbear to 0.50.
-Drop deprecated WANT_* knob.

PR:             ports/115475
Submitted by:   Alex Kozlov (maintainer)

17:51 clement 

- Update to 0.49
- OPTIONify
- Fix some documentation
- drop maintainership

PR:             ports/108785
Submitted by:   Alex Kozlov<spam@rm-rf.kiev.ua>

11:15 clement 

- Update to 0.48.1

09:20 clement 

- Update to 0.47
- SECURITY: fix for buffer allocation error in server code, could potentially
  allow authenticated users to gain elevated privileges.

PR:             ports/90531
Submitted by:   Gea-Suan Lin <gslin@gslin.org>

19:52 clement 

- Update to 0.46

16:49 clement 

- Update to 0.44

09:10 clement 

Security fix.
- Update to 0.43
  This release fixes a DSS verification vulnerability.
  See:
 
http://www.freebsd.org/ports/portaudit/0316f983-dfb6-11d8-9b0a-000347a4fa7d.html

17:16 clement 

- SIZEify distinfo

10:38 clement 

- Update to 0.41

12:17 clement 

- Update to 0.40

Approved by:        erwin (mentor) (implicitly)

11:56 krion 

- Update to version 0.39

PR:             60296
Submitted by:   maintainer

18:05 erwin 

Update to 0.38

PR:             57866
Submitted by:   maintainer

10:22 krion 

- Update to version 0.37

PR:             57188
Submitted by:   maintainer

09:09 edwin 

[new port] security/dropbear: a lightweight SSH2 server

        Dropbear is an SSH 2 server, designed to be usable in small
        memory environments.

        It supports:
                * Main features of SSH 2 protocol
                * Implements X11 forwarding, and authentication-agent forwarding
                for OpenSSH clients
                * Compatible with OpenSSH ~/.ssh/authorized_keys public key
                authentication

        WWW: http://matt.ucc.asn.au/dropbear/dropbear.html

PR:             ports/55795
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>