notbugAs an Amazon Associate I earn from qualifying purchases.
Want a good read? Try FreeBSD Mastery: Jails (IT Mastery Book 15)
Want a good monitor light? See my photosAll times are UTC
Ukraine
This referral link gives you 10% off a Fastmail.com account and gives me a discount on my Fastmail account.
New feature planned: get notified when the package is available. Now is the time to contribute ideas/suggestions.
non port: security/dropbear/distinfo

Number of commits found: 41

Tuesday, 15 Nov 2022
21:52 Piotr Kubaj (pkubaj) search for other commits by this committer
security/dropbear: update to 2022.83

Features and Changes:
  Note >> for compatibility/configuration changes

- >> Disable DROPBEAR_DSS by default
  It is only 1024 bit and uses sha1, most distros disable it by default already.

- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
  >> RSA with sha1 will be disabled in a future release (rsa keys will continue
  to work OK, with sha256 signatures used instead).

- Add option for requiring both password and pubkey (-t)
  Patch from Jackkal

- Add 'no-touch-required' and 'verify-required' options for sk keys
  Patch from Egor Duda

  - >> DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
  and DROPBEAR_SK_ED25519 options.

- Add 'permitopen' option for authorized_keys to restrict forwarded ports
  Patch from Tuomas Haikarainen

- >> Added LTM_CFLAGS configure argument to set flags for building
  bundled libtommath. This also restores the previous arguments used
  in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
  key generation, which regressed in 2022.82.
  There is a tradeoff with code size, so -Os can be used if required.
  https://github.com/mkj/dropbear/issues/174
  Reported by David Bernard

- Add '-z' flag to disable setting QoS traffic class. This may be necessary
  to work with broken networks or network drivers, exposed after changes to use
  AF21 in 2022.82
  https://github.com/mkj/dropbear/issues/193
  Reported by yuhongwei380, patch from Petr Štetiar

- Allow overriding user shells with COMPAT_USER_SHELLS
  Based on a patch from Matt Robinson

- Improve permission error message
  Patch from k-kurematsu

- >> Remove HMAC_MD5 entirely

Regression fixes from 2022.82:

- Fix X11 build

- Fix build warning

- Fix compilation when disabling pubkey authentication
  Patch from MaxMougg

- Fix MAX_UNAUTH_CLIENTS regression
  Reported by ptpt52

- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled
  https://github.com/mkj/dropbear/issues/174
  Suggested by Steffen Jaeckel

- Fix Dropbear plugin support
  https://github.com/mkj/dropbear/issues/194
  Reported by Struan Bartlett

Other fixes:

- Fix long standing incorrect compression size check. Dropbear
  (client or server) would erroneously exit with
  "bad packet, oversized decompressed"
  when receiving a compressed packet of exactly the maximum size.

- Fix missing setsid() removed in 2020.79
  https://github.com/mkj/dropbear/issues/180
  Reported and debugged by m5jt and David Bernard

- Try keyboard-interactive auth before password, in dbclient.
  This was unintentionally changed back in 2013
  https://github.com/mkj/dropbear/pull/190
  Patch from Michele Giacomoli

- Drain the terminal when reading the fingerprint confirmation response
  https://github.com/mkj/dropbear/pull/191
  Patch from Michele Giacomoli

- Fix utx wtmp variable typo. This has been wrong for a long time but
  only recently became a problem when wtmp was detected.
  https://github.com/mkj/dropbear/pull/189
  Patch from Michele Giacomoli

- Improve configure test for hardening options.
  Fixes building on AIX
  https://github.com/mkj/dropbear/issues/158

- Fix debian/dropbear.init newline
  From wulei-student

Infrastructure:

- Test off-by-default compile options
- Set -Wundef to catch typos in #if statements
commit hash: 17112226551be3350d06a66040413a26f252cb30 commit hash: 17112226551be3350d06a66040413a26f252cb30 commit hash: 17112226551be3350d06a66040413a26f252cb30 commit hash: 17112226551be3350d06a66040413a26f252cb30 1711222
Wednesday, 6 Apr 2022
21:22 Piotr Kubaj (pkubaj) search for other commits by this committer
security/dropbear: update to 2022.82

Remove the not supported TWOFISH options.

Changelog:	https://matt.ucc.asn.au/dropbear/CHANGES
commit hash: 01fecbcf810d82cc82064bf5440238a4b621f2df commit hash: 01fecbcf810d82cc82064bf5440238a4b621f2df commit hash: 01fecbcf810d82cc82064bf5440238a4b621f2df commit hash: 01fecbcf810d82cc82064bf5440238a4b621f2df 01fecbc
Friday, 30 Oct 2020
11:53 pkubaj search for other commits by this committer
security/dropbear: update to 2020.81

Changelog:
- Fix regression in 2020.79 which prevented connecting with some SSH
  implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log
  message if the limit is hit. This fixes interoperability with sshj
  library (used by PyCharm), and GoAnywhere.
  Reported by Pirmin Walthert and Piotr Jurkiewicz

- Fix building with non-GCC compilers, reported by Kazuo Kuroi

- Fix potential long delay in dbclient, found by OSS Fuzz

- Fix null pointer dereference crash, found by OSS Fuzz

- libtommath now uses the same random source as Dropbear (in 2020.79
  and 2020.80 used getrandom() separately)

- Some fuzzing improvements, start of a dbclient fuzzer
Original commitRevision:553685 
Sunday, 28 Jun 2020
00:27 pkubaj search for other commits by this committer
security/dropbear: update to 2020.80
Original commitRevision:540659 
Tuesday, 16 Jun 2020
11:44 pkubaj search for other commits by this committer
security/dropbear: update to 2020.79

Add some new options, remove needless patching, move to Dropbear's system for
non-default options.
Original commitRevision:539342 
Tuesday, 11 Jun 2019
15:57 pkubaj search for other commits by this committer
security/dropbear: update to 2019.78, change maintainer

Update the port to 2019.78 and change maintainer to my FreeBSD address.

Approved by:	mat (mentor)
Differential Revision:	https://reviews.freebsd.org/D20601
Original commitRevision:503966 
Tuesday, 27 Mar 2018
18:50 jrm search for other commits by this committer
security/dropbear: Update to version 2018.76

PR:		226339
Submitted by:	pkubaj@anongoth.pl (maintainer)
Differential Revision:	https://reviews.freebsd.org/D14829
Original commitRevision:465733 
Monday, 3 Jul 2017
19:32 ultima search for other commits by this committer
Updated to 2017.75

Changelog:	https://matt.ucc.asn.au/dropbear/CHANGES

PR:		220158
Submitted by:	Piotr Kubaj <pkubaj@anongoth.pl> (maintainer)
Reviewed by:	lifanov (mentor)
Approved by:	lifanov (mentor)
MFH:		2017Q3
Security:	http://www.vuxml.org/freebsd/60931f98-55a7-11e7-8514-589cfc0654e1.html
Differential Revision:	https://reviews.freebsd.org/D11400
Original commitRevision:444987 
Monday, 1 Aug 2016
17:43 pawel search for other commits by this committer
- Update to version 2016.74
- Add license information

Changelog:
- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v

PR:		211298
Submitted by:	Piotr Kubaj (maintainer)
MFH:		2016Q3
Original commitRevision:419445 
Sunday, 24 Apr 2016
09:24 lme search for other commits by this committer
Update to 2016.73

PR:		208962
Submitted by:	maintainer
Sponsored by:	Essen Linuxhotel Hackathon 2016
Original commitRevision:413929 
Monday, 14 Mar 2016
14:09 feld search for other commits by this committer
security/dropbear: Update to 2016.72

PR:		207903
MFH:		2016Q1
Security:	CVE-2016-3116
Original commitRevision:411074 
Saturday, 9 Jan 2016
09:07 miwi search for other commits by this committer
- Update to 2015.71
- Update maintainer mail

PR:		206000
Submitted by:	maintainer
Original commitRevision:405616 
Sunday, 11 Oct 2015
11:42 ak search for other commits by this committer
- Update to 2015.68 [1]
- Drop maintainership

PR:	203694 [1]
Submitted by:	pkubaj@riseup.net
Original commitRevision:399084 
Friday, 27 Mar 2015
10:43 ak search for other commits by this committer
- Update to 2015.67
Original commitRevision:382395 
Friday, 24 Oct 2014
10:45 ak search for other commits by this committer
- Update to 2014.66
Original commitRevision:371432 
Friday, 22 Aug 2014
14:16 ak search for other commits by this committer
- Update to 2014.65
Original commitRevision:365661 
Tuesday, 20 May 2014
07:06 ak search for other commits by this committer
- Update to 2014.63
Original commitRevision:354608 
Friday, 24 Jan 2014
06:35 ak search for other commits by this committer
- Update to 2013.62
Original commitRevision:340879 
Thursday, 17 Oct 2013
11:25 ak search for other commits by this committer
- Update to 2013.60
Original commitRevision:330630 
Monday, 14 Oct 2013
08:56 ak search for other commits by this committer
- Update to 2013.59
Original commitRevision:330285 
Sunday, 21 Apr 2013
07:36 ak search for other commits by this committer
- Update to 2013.58

Feature safe:	yes
Original commitRevision:316170 
Wednesday, 17 Apr 2013
02:58 ak search for other commits by this committer
- Update to 2013.57

Feature safe: yes
Original commitRevision:315925 
Sunday, 4 Mar 2012
21:20 ak search for other commits by this committer
Update to 2012.55
- fix arbitrary code execution (CVE-2012-0920)

Approved by:    eadler (mentor)
Original commit
Tuesday, 27 Dec 2011
23:10 scheidell search for other commits by this committer
- Fix compile if WITH_STATIC is enabled [1]
- Also pr ports/163593, which is a duplicate of this one. root@42.org [2]

PR:             ports/163217
Submitted by:   Mattia Rossi <mrossi@swin.edu.au> [1], root@42.org [2]
Approved by:    spam@rm-rf.kiev.ua (maintainer), gabor (mentor)
Original commit
Monday, 20 Jun 2011
12:57 dhn search for other commits by this committer
- Update to 0.53.1

PR:             ports/158027
Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)
Original commit
Friday, 26 Dec 2008
22:16 miwi search for other commits by this committer
- Update to 0.52

PR:             129961
Submitted by:   Alex Kozlov <spam@rm-rf.kiev.ua> (maintainer)
Original commit
Monday, 5 May 2008
06:52 rafan search for other commits by this committer
- Update to 0.51
- Use @dirrmtry

PR:             ports/123355
Submitted by:   Alex Kozlov <spam at rm-rf.kiev.ua> (maintainer)
Original commit
Tuesday, 14 Aug 2007
13:52 itetcu search for other commits by this committer
- Update security/dropbear to 0.50.
-Drop deprecated WANT_* knob.

PR:             ports/115475
Submitted by:   Alex Kozlov (maintainer)
Original commit
Sunday, 18 Mar 2007
17:51 clement search for other commits by this committer
- Update to 0.49
- OPTIONify
- Fix some documentation
- drop maintainership

PR:             ports/108785
Submitted by:   Alex Kozlov<spam@rm-rf.kiev.ua>
Original commit
Friday, 3 Nov 2006
11:15 clement search for other commits by this committer
- Update to 0.48.1
Original commit
Monday, 19 Dec 2005
09:20 clement search for other commits by this committer
- Update to 0.47
- SECURITY: fix for buffer allocation error in server code, could potentially
  allow authenticated users to gain elevated privileges.

PR:             ports/90531
Submitted by:   Gea-Suan Lin <gslin@gslin.org>
Original commit
Sunday, 10 Jul 2005
19:52 clement search for other commits by this committer
- Update to 0.46
Original commit
Saturday, 8 Jan 2005
16:49 clement search for other commits by this committer
- Update to 0.44
Original commit
Saturday, 31 Jul 2004
09:10 clement search for other commits by this committer
Security fix.
- Update to 0.43
  This release fixes a DSS verification vulnerability.
  See:
 
http://www.freebsd.org/ports/portaudit/0316f983-dfb6-11d8-9b0a-000347a4fa7d.html
Original commit
Saturday, 7 Feb 2004
17:16 clement search for other commits by this committer
- SIZEify distinfo
Original commit
Wednesday, 21 Jan 2004
10:38 clement search for other commits by this committer
- Update to 0.41
Original commit
Wednesday, 14 Jan 2004
12:17 clement search for other commits by this committer
- Update to 0.40

Approved by:        erwin (mentor) (implicitly)
Original commit
Wednesday, 17 Dec 2003
11:56 krion search for other commits by this committer
- Update to version 0.39

PR:             60296
Submitted by:   maintainer
Original commit
Saturday, 11 Oct 2003
18:05 erwin search for other commits by this committer
Update to 0.38

PR:             57866
Submitted by:   maintainer
Original commit
Thursday, 25 Sep 2003
10:22 krion search for other commits by this committer
- Update to version 0.37

PR:             57188
Submitted by:   maintainer
Original commit
Monday, 8 Sep 2003
09:09 edwin search for other commits by this committer
[new port] security/dropbear: a lightweight SSH2 server

        Dropbear is an SSH 2 server, designed to be usable in small
        memory environments.

        It supports:
                * Main features of SSH 2 protocol
                * Implements X11 forwarding, and authentication-agent forwarding
                for OpenSSH clients
                * Compatible with OpenSSH ~/.ssh/authorized_keys public key
                authentication

        WWW: http://matt.ucc.asn.au/dropbear/dropbear.html

PR:             ports/55795
Submitted by:   Clement Laforet <sheepkiller@cultdeadsheep.org>
Original commit

Number of commits found: 41