support ecdsa and refresh patches
Signed-off-by: Reiner Herrmann <rei...@reiner-h.de>
---
package/network/services/dropbear/Makefile | 8 +++++---
.../network/services/dropbear/files/dropbear.init | 11 +++++++----
.../services/dropbear/patches/100-pubkey_path.patch | 4 ++--
.../services/dropbear/patches/110-change_user.patch | 2 +-
.../dropbear/patches/120-openwrt_options.patch | 21 ++++++---------------
.../dropbear/patches/140-disable_assert.patch | 2 +-
.../dropbear/patches/150-dbconvert_standalone.patch | 6 +++---
.../dropbear/patches/200-lcrypt_bsdfix.patch | 8 ++++----
.../dropbear/patches/500-set-default-path.patch | 2 +-
9 files changed, 30 insertions(+), 34 deletions(-)
diff --git a/package/network/services/dropbear/Makefile
b/package/network/services/dropbear/Makefile
index 02be761..04dd8b9 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2013.62
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=ca2c7932a1399cf361f795aaa3843998
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
@@ -41,7 +41,8 @@ endef
define Package/dropbear/conffiles
/etc/dropbear/dropbear_rsa_host_key
-/etc/dropbear/dropbear_dss_host_key
+/etc/dropbear/dropbear_dss_host_key
+/etc/dropbear/dropbear_ecdsa_host_key
/etc/config/dropbear
endef
@@ -98,6 +99,7 @@ define Package/dropbear/install
$(INSTALL_DIR) $(1)/etc/dropbear
touch $(1)/etc/dropbear/dropbear_rsa_host_key
touch $(1)/etc/dropbear/dropbear_dss_host_key
+ touch $(1)/etc/dropbear/dropbear_ecdsa_host_key
endef
define Package/dropbearconvert/install
diff --git a/package/network/services/dropbear/files/dropbear.init
b/package/network/services/dropbear/files/dropbear.init
index ebef526..a2fedcd 100755
--- a/package/network/services/dropbear/files/dropbear.init
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -43,6 +43,7 @@ validate_section_dropbear()
'RootLogin:bool:1' \
'rsakeyfile:file' \
'dsskeyfile:file' \
+ 'ecdsakeyfile:file' \
'BannerFile:file' \
'Port:list(port):22'
return $?
@@ -52,7 +53,7 @@ dropbear_instance()
{
local PasswordAuth enable Interface GatewayPorts \
RootPasswordAuth RootLogin rsakeyfile \
- dsskeyfile BannerFile Port
+ dsskeyfile ecdsakeyfile BannerFile Port
validate_section_dropbear "${1}" || {
echo "validation failed"
@@ -70,7 +71,8 @@ dropbear_instance()
[ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g
[ "${RootLogin}" -eq 0 ] && procd_append_param command -w
[ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}"
- [ -n "${dsskeyfile}" ] && procd_append_param command -d "${dsskeyfile}"
+ [ -n "${dsskeyfile}" ] && procd_append_param command -r "${dsskeyfile}"
+ [ -n "${ecdsakeyfile}" ] && procd_append_param command -r
"${ecdsakeyfile}"
[ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}"
[ -n "${interface}" ] && network_get_device interface "${interface}"
append_ports "${interface}" "${Port}"
@@ -79,7 +81,7 @@ dropbear_instance()
keygen()
{
- for keytype in rsa dss; do
+ for keytype in rsa dss ecdsa; do
# check for keys
key=dropbear/dropbear_${keytype}_host_key
[ -f /tmp/$key -o -s /etc/$key ] || {
@@ -103,7 +105,8 @@ keygen()
start_service()
{
[ -s /etc/dropbear/dropbear_rsa_host_key -a \
- -s /etc/dropbear/dropbear_dss_host_key ] || keygen
+ -s /etc/dropbear/dropbear_dss_host_key -a \
+ -s /etc/dropbear/dropbear_ecdsa_host_key ] || keygen
. /lib/functions.sh
. /lib/functions/network.sh
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch
b/package/network/services/dropbear/patches/100-pubkey_path.patch
index c1802f5..456874b 100644
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
-@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
goto out;
}
@@ -33,7 +33,7 @@
if (authfile == NULL) {
goto out;
}
-@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
+@@ -371,26 +375,35 @@ static int checkpubkeyperms() {
goto out;
}
diff --git a/package/network/services/dropbear/patches/110-change_user.patch
b/package/network/services/dropbear/patches/110-change_user.patch
index 48228ea..fa608e7 100644
--- a/package/network/services/dropbear/patches/110-change_user.patch
+++ b/package/network/services/dropbear/patches/110-change_user.patch
@@ -1,6 +1,6 @@
--- a/svr-chansession.c
+++ b/svr-chansession.c
-@@ -889,12 +889,12 @@ static void execchild(void *user_data) {
+@@ -890,12 +890,12 @@ static void execchild(void *user_data) {
/* We can only change uid/gid as root ... */
if (getuid() == 0) {
diff --git
a/package/network/services/dropbear/patches/120-openwrt_options.patch
b/package/network/services/dropbear/patches/120-openwrt_options.patch
index 9300a27..1b5c5cb 100644
--- a/package/network/services/dropbear/patches/120-openwrt_options.patch
+++ b/package/network/services/dropbear/patches/120-openwrt_options.patch
@@ -1,6 +1,6 @@
--- a/options.h
+++ b/options.h
-@@ -38,7 +38,7 @@
+@@ -41,7 +41,7 @@
* Both of these flags can be defined at once, don't compile without at least
* one of them. */
#define NON_INETD_MODE
@@ -9,16 +9,7 @@
/* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
* perhaps 20% slower for pubkey operations (it is probably worth
experimenting
-@@ -49,7 +49,7 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
--/*#define DROPBEAR_SMALL_CODE*/
-+#define DROPBEAR_SMALL_CODE
-
- /* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
-@@ -78,7 +78,7 @@ much traffic. */
+@@ -81,7 +81,7 @@ much traffic. */
/* Enable "Netcat mode" option. This will forward standard input/output
* to a remote TCP-forwarded connection */
@@ -27,7 +18,7 @@
/* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
#define ENABLE_USER_ALGO_LIST
-@@ -92,8 +92,8 @@ much traffic. */
+@@ -95,8 +95,8 @@ much traffic. */
#define DROPBEAR_AES256
/* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
/*#define DROPBEAR_BLOWFISH*/
@@ -38,7 +29,7 @@
/* Enable "Counter Mode" for ciphers. This is more secure than normal
* CBC mode against certain attacks. This adds around 1kB to binary
-@@ -119,7 +119,7 @@ much traffic. */
+@@ -122,7 +122,7 @@ much traffic. */
* If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
* which are not the standard form. */
#define DROPBEAR_SHA1_HMAC
@@ -47,7 +38,7 @@
/*#define DROPBEAR_SHA2_256_HMAC*/
/*#define DROPBEAR_SHA2_512_HMAC*/
#define DROPBEAR_MD5_HMAC
-@@ -157,7 +157,7 @@ much traffic. */
+@@ -175,7 +175,7 @@ much traffic. */
/* Whether to print the message of the day (MOTD). This doesn't add much code
* size */
@@ -56,7 +47,7 @@
/* The MOTD file path */
#ifndef MOTD_FILENAME
-@@ -195,7 +195,7 @@ much traffic. */
+@@ -213,7 +213,7 @@ much traffic. */
* note that it will be provided for all "hidden" client-interactive
* style prompts - if you want something more sophisticated, use
* SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch
b/package/network/services/dropbear/patches/140-disable_assert.patch
index edc7547..0717228 100644
--- a/package/network/services/dropbear/patches/140-disable_assert.patch
+++ b/package/network/services/dropbear/patches/140-disable_assert.patch
@@ -1,6 +1,6 @@
--- a/dbutil.h
+++ b/dbutil.h
-@@ -92,7 +92,11 @@ int m_str_to_uint(const char* str, unsig
+@@ -101,7 +101,11 @@ int m_str_to_uint(const char* str, unsig
#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
/* Dropbear assertion */
diff --git
a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch
b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch
index 3e0b008..367dc2c 100644
--- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch
+++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch
@@ -9,6 +9,6 @@
+#define DROPBEAR_CLIENT
+#endif
+
- /******************************************************************
- * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
- * parts are to allow for commandline -DDROPBEAR_XXX options etc.
+ /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
+ * parts are to allow for commandline -DDROPBEAR_XXX options etc. */
+
diff --git a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
b/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
index a5697e2..940e428 100644
--- a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
+++ b/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
@@ -1,15 +1,15 @@
--- a/Makefile.in
+++ b/Makefile.in
-@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac
+@@ -58,7 +58,7 @@ HEADERS=options.h dbutil.h session.h pac
loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
- listener.h fake-rfc2553.h
+ listener.h fake-rfc2553.h ecc.h ecdsa.h
-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@
+dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
-@@ -78,7 +78,7 @@ STRIP=@STRIP@
+@@ -81,7 +81,7 @@ STRIP=@STRIP@
INSTALL=@INSTALL@
CPPFLAGS=@CPPFLAGS@
CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
@@ -18,7 +18,7 @@
LDFLAGS=@LDFLAGS@
EXEEXT=@EXEEXT@
-@@ -168,7 +168,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile
+@@ -171,7 +171,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile
# multi-binary compilation.
MULTIOBJS=
ifeq ($(MULTI),1)
diff --git
a/package/network/services/dropbear/patches/500-set-default-path.patch
b/package/network/services/dropbear/patches/500-set-default-path.patch
index 702ad6c..cf1634a 100644
--- a/package/network/services/dropbear/patches/500-set-default-path.patch
+++ b/package/network/services/dropbear/patches/500-set-default-path.patch
@@ -1,6 +1,6 @@
--- a/options.h
+++ b/options.h
-@@ -301,7 +301,7 @@ be overridden at runtime with -I. 0 disa
+@@ -319,7 +319,7 @@ be overridden at runtime with -I. 0 disa
#define DEFAULT_IDLE_TIMEOUT 0
/* The default path. This will often get replaced by the shell */
--
1.9.rc1
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
