ping
On Sun, Feb 9, 2014 at 4:22 PM, Catalin Patulea <c...@vv.carleton.ca> wrote: > Upstream changelog: > https://matt.ucc.asn.au/dropbear/CHANGES > > Notably, this adds elliptic curve cryptography (ECC) support. > > dropbear mips 34kc uClibc binary size: > before: 161,672 bytes > after: 198,008 > > Signed-off-by: Catalin Patulea <c...@vv.carleton.ca> > --- > package/network/services/dropbear/Makefile | 4 ++-- > .../dropbear/patches/100-pubkey_path.patch | 4 ++-- > .../dropbear/patches/110-change_user.patch | 2 +- > .../dropbear/patches/120-openwrt_options.patch | 21 > ++++++-------------- > .../dropbear/patches/140-disable_assert.patch | 2 +- > .../patches/150-dbconvert_standalone.patch | 6 +++--- > .../dropbear/patches/200-lcrypt_bsdfix.patch | 8 ++++---- > .../dropbear/patches/500-set-default-path.patch | 2 +- > 8 files changed, 20 insertions(+), 29 deletions(-) > > diff --git a/package/network/services/dropbear/Makefile > b/package/network/services/dropbear/Makefile > index 02be761..b593198 100644 > --- a/package/network/services/dropbear/Makefile > +++ b/package/network/services/dropbear/Makefile > @@ -8,14 +8,14 @@ > include $(TOPDIR)/rules.mk > > PKG_NAME:=dropbear > -PKG_VERSION:=2013.59 > +PKG_VERSION:=2013.62 > PKG_RELEASE:=1 > > PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 > PKG_SOURCE_URL:= \ > http://matt.ucc.asn.au/dropbear/releases/ \ > https://dropbear.nl/mirror/releases/ > -PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9 > +PKG_MD5SUM:=ca2c7932a1399cf361f795aaa3843998 > > PKG_LICENSE:=MIT > PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE > diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch > b/package/network/services/dropbear/patches/100-pubkey_path.patch > index c1802f5..456874b 100644 > --- a/package/network/services/dropbear/patches/100-pubkey_path.patch > +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch > @@ -1,6 +1,6 @@ > --- a/svr-authpubkey.c > +++ b/svr-authpubkey.c > -@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al > +@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al > goto out; > } > > @@ -33,7 +33,7 @@ > if (authfile == NULL) { > goto out; > } > -@@ -372,26 +376,35 @@ static int checkpubkeyperms() { > +@@ -371,26 +375,35 @@ static int checkpubkeyperms() { > goto out; > } > > diff --git a/package/network/services/dropbear/patches/110-change_user.patch > b/package/network/services/dropbear/patches/110-change_user.patch > index 48228ea..fa608e7 100644 > --- a/package/network/services/dropbear/patches/110-change_user.patch > +++ b/package/network/services/dropbear/patches/110-change_user.patch > @@ -1,6 +1,6 @@ > --- a/svr-chansession.c > +++ b/svr-chansession.c > -@@ -889,12 +889,12 @@ static void execchild(void *user_data) { > +@@ -890,12 +890,12 @@ static void execchild(void *user_data) { > /* We can only change uid/gid as root ... */ > if (getuid() == 0) { > > diff --git > a/package/network/services/dropbear/patches/120-openwrt_options.patch > b/package/network/services/dropbear/patches/120-openwrt_options.patch > index 9300a27..1b5c5cb 100644 > --- a/package/network/services/dropbear/patches/120-openwrt_options.patch > +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch > @@ -1,6 +1,6 @@ > --- a/options.h > +++ b/options.h > -@@ -38,7 +38,7 @@ > +@@ -41,7 +41,7 @@ > * Both of these flags can be defined at once, don't compile without at > least > * one of them. */ > #define NON_INETD_MODE > @@ -9,16 +9,7 @@ > > /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is > * perhaps 20% slower for pubkey operations (it is probably worth > experimenting > -@@ -49,7 +49,7 @@ > - several kB in binary size however will make the symmetrical ciphers and > hashes > - slower, perhaps by 50%. Recommended for small systems that aren't doing > - much traffic. */ > --/*#define DROPBEAR_SMALL_CODE*/ > -+#define DROPBEAR_SMALL_CODE > - > - /* Enable X11 Forwarding - server only */ > - #define ENABLE_X11FWD > -@@ -78,7 +78,7 @@ much traffic. */ > +@@ -81,7 +81,7 @@ much traffic. */ > > /* Enable "Netcat mode" option. This will forward standard input/output > * to a remote TCP-forwarded connection */ > @@ -27,7 +18,7 @@ > > /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime > */ > #define ENABLE_USER_ALGO_LIST > -@@ -92,8 +92,8 @@ much traffic. */ > +@@ -95,8 +95,8 @@ much traffic. */ > #define DROPBEAR_AES256 > /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ > /*#define DROPBEAR_BLOWFISH*/ > @@ -38,7 +29,7 @@ > > /* Enable "Counter Mode" for ciphers. This is more secure than normal > * CBC mode against certain attacks. This adds around 1kB to binary > -@@ -119,7 +119,7 @@ much traffic. */ > +@@ -122,7 +122,7 @@ much traffic. */ > * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, > * which are not the standard form. */ > #define DROPBEAR_SHA1_HMAC > @@ -47,7 +38,7 @@ > /*#define DROPBEAR_SHA2_256_HMAC*/ > /*#define DROPBEAR_SHA2_512_HMAC*/ > #define DROPBEAR_MD5_HMAC > -@@ -157,7 +157,7 @@ much traffic. */ > +@@ -175,7 +175,7 @@ much traffic. */ > > /* Whether to print the message of the day (MOTD). This doesn't add much > code > * size */ > @@ -56,7 +47,7 @@ > > /* The MOTD file path */ > #ifndef MOTD_FILENAME > -@@ -195,7 +195,7 @@ much traffic. */ > +@@ -213,7 +213,7 @@ much traffic. */ > * note that it will be provided for all "hidden" client-interactive > * style prompts - if you want something more sophisticated, use > * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ > diff --git > a/package/network/services/dropbear/patches/140-disable_assert.patch > b/package/network/services/dropbear/patches/140-disable_assert.patch > index edc7547..0717228 100644 > --- a/package/network/services/dropbear/patches/140-disable_assert.patch > +++ b/package/network/services/dropbear/patches/140-disable_assert.patch > @@ -1,6 +1,6 @@ > --- a/dbutil.h > +++ b/dbutil.h > -@@ -92,7 +92,11 @@ int m_str_to_uint(const char* str, unsig > +@@ -101,7 +101,11 @@ int m_str_to_uint(const char* str, unsig > #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} > > /* Dropbear assertion */ > diff --git > a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > index 3e0b008..367dc2c 100644 > --- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > +++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch > @@ -9,6 +9,6 @@ > +#define DROPBEAR_CLIENT > +#endif > + > - /****************************************************************** > - * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... > #endif" > - * parts are to allow for commandline -DDROPBEAR_XXX options etc. > + /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... > #endif" > + * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ > + > diff --git > a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch > b/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch > index a5697e2..940e428 100644 > --- a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch > +++ b/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch > @@ -1,15 +1,15 @@ > --- a/Makefile.in > +++ b/Makefile.in > -@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac > +@@ -58,7 +58,7 @@ HEADERS=options.h dbutil.h session.h pac > loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \ > - listener.h fake-rfc2553.h > + listener.h fake-rfc2553.h ecc.h ecdsa.h > > -dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ > +dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) > dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS) > dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS) > dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS) > -@@ -78,7 +78,7 @@ STRIP=@STRIP@ > +@@ -81,7 +81,7 @@ STRIP=@STRIP@ > INSTALL=@INSTALL@ > CPPFLAGS=@CPPFLAGS@ > CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@ > @@ -18,7 +18,7 @@ > LDFLAGS=@LDFLAGS@ > > EXEEXT=@EXEEXT@ > -@@ -168,7 +168,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile > +@@ -171,7 +171,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile > # multi-binary compilation. > MULTIOBJS= > ifeq ($(MULTI),1) > diff --git > a/package/network/services/dropbear/patches/500-set-default-path.patch > b/package/network/services/dropbear/patches/500-set-default-path.patch > index 702ad6c..cf1634a 100644 > --- a/package/network/services/dropbear/patches/500-set-default-path.patch > +++ b/package/network/services/dropbear/patches/500-set-default-path.patch > @@ -1,6 +1,6 @@ > --- a/options.h > +++ b/options.h > -@@ -301,7 +301,7 @@ be overridden at runtime with -I. 0 disa > +@@ -319,7 +319,7 @@ be overridden at runtime with -I. 0 disa > #define DEFAULT_IDLE_TIMEOUT 0 > > /* The default path. This will often get replaced by the shell */ > -- > 1.7.9.5 > _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
