* [ptxdist] dropbear: fixing some stuff, version bump, new hashes
@ 2013-03-26 13:05 Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 1/4] remove long gone options Alexander Dahl
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Alexander Dahl @ 2013-03-26 13:05 UTC (permalink / raw)
To: ptxdist
This patch series addresses some problems I came across when updating
dropbear to the newest upstream release. First removes some options I
could not even find in the upstream version control anymore (changed
from anything to mercurial some time ago). Second fixes some macros
which were renamed in option.h years (!) ago upstream. Third is the
version bump and fourth adds options for SHA256 and SHA512. Since this
is security related stuff I would be happy for a rigorous review.
Greets
Alex
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH 1/4] remove long gone options
2013-03-26 13:05 [ptxdist] dropbear: fixing some stuff, version bump, new hashes Alexander Dahl
@ 2013-03-26 13:05 ` Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 2/4] fix renamed macros Alexander Dahl
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Alexander Dahl @ 2013-03-26 13:05 UTC (permalink / raw)
To: ptxdist
In current versions dropbear is always linked against libutil.
The option --disable-nls is also long gone upstream.
Signed-off-by: Alexander Dahl <post@lespocky.de>
---
rules/dropbear.in | 7 -------
rules/dropbear.make | 7 +------
2 files changed, 1 insertions(+), 13 deletions(-)
diff --git a/rules/dropbear.in b/rules/dropbear.in
index 16624d8..8c878ec 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -99,13 +99,6 @@ config DROPBEAR_DIS_WTMPX
Keep dropbear from writing to wtmpx.
This option is useful for small or flash-based filesystems.
-config DROPBEAR_DIS_LIBUTIL
- bool
- prompt "disable use of libutil"
- help
- Enable this option to leave out the use of libutil.
- This might help to reduce the size of the binary.
-
config DROPBEAR_DIS_PUTUTLINE
bool
prompt "disable use of pututline"
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 0c3183f..efa00c2 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -34,8 +34,7 @@ DROPBEAR_DIR := $(BUILDDIR)/$(DROPBEAR)
# autoconf
#
DROPBEAR_AUTOCONF := \
- $(CROSS_AUTOCONF_USR) \
- --disable-nls
+ $(CROSS_AUTOCONF_USR)
ifdef PTXCONF_DROPBEAR_ZLIB
DROPBEAR_AUTOCONF += --enable-zlib
@@ -71,10 +70,6 @@ ifdef PTXCONF_DROPBEAR_DIS_WTMPX
DROPBEAR_AUTOCONF += --disable-wtmpx
endif
-ifdef PTXCONF_DROPBEAR_DIS_LIBUTIL
-DROPBEAR_AUTOCONF += --disable-libutil
-endif
-
ifdef PTXCONF_DROPBEAR_DIS_PUTUTLINE
DROPBEAR_AUTOCONF += --disable-pututline
endif
--
1.7.2.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH 2/4] fix renamed macros
2013-03-26 13:05 [ptxdist] dropbear: fixing some stuff, version bump, new hashes Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 1/4] remove long gone options Alexander Dahl
@ 2013-03-26 13:05 ` Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 3/4] bump upstream version and recreate patch series Alexander Dahl
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Alexander Dahl @ 2013-03-26 13:05 UTC (permalink / raw)
To: ptxdist
Some macros in options.h were split up in two long time ago. Nobody
adapted this makefile up to now. This solution uses the same way it's
solved with ENABLE_CLI_LOCALTCPFW and ENABLE_SRV_LOCALTCPFWD and does
not introduce new options in menu but simply sets both options in
option.h.
Signed-off-by: Alexander Dahl <post@lespocky.de>
---
rules/dropbear.make | 18 ++++++++++++------
1 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/rules/dropbear.make b/rules/dropbear.make
index efa00c2..57dfe0b 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -106,10 +106,12 @@ endif
ifdef PTXCONF_DROPBEAR_DIS_AGENT
@echo "ptxdist: disabling agent"
- @$(call disable_c, $(DROPBEAR_DIR)/options.h,ENABLE_AGENTFWD)
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_AGENTFWD)
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,ENABLE_CLI_AGENTFWD)
else
@echo "ptxdist: enabling agent"
- @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_AGENTFWD)
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_AGENTFWD)
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_CLI_AGENTFWD)
endif
@@ -206,18 +208,22 @@ endif
ifdef PTXCONF_DROPBEAR_PASSWD
@echo "ptxdist: enabling passwd"
- @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_PASSWORD_AUTH)
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH)
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_CLI_PASSWORD_AUTH)
else
@echo "ptxdist: disabling passwd"
- @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_PASSWORD_AUTH)
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PASSWORD_AUTH)
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,ENABLE_CLI_PASSWORD_AUTH)
endif
ifdef PTXCONF_DROPBEAR_PUBKEY
@echo "ptxdist: enabling pubkey"
- @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_PUBKEY_AUTH)
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PUBKEY_AUTH)
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,ENABLE_CLI_PUBKEY_AUTH)
else
@echo "ptxdist: disabling pubkey"
- @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_PUBKEY_AUTH)
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,ENABLE_SVR_PUBKEY_AUTH)
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,ENABLE_CLI_PUBKEY_AUTH)
endif
@$(call touch)
--
1.7.2.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH 3/4] bump upstream version and recreate patch series
2013-03-26 13:05 [ptxdist] dropbear: fixing some stuff, version bump, new hashes Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 1/4] remove long gone options Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 2/4] fix renamed macros Alexander Dahl
@ 2013-03-26 13:05 ` Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 4/4] add options for recently added SHA256 and SHA512 hashes Alexander Dahl
2013-03-27 18:21 ` [ptxdist] dropbear: fixing some stuff, version bump, new hashes Michael Olbrich
4 siblings, 0 replies; 6+ messages in thread
From: Alexander Dahl @ 2013-03-26 13:05 UTC (permalink / raw)
To: ptxdist
Upgrade to upstream version 2013.56 fixing some minor issues and
adding support for SHA-2 hashes. See
https://matt.ucc.asn.au/dropbear/CHANGES for a complete list of
changes.
Signed-off-by: Alexander Dahl <post@lespocky.de>
---
.../0001-Fix-build-on-Darwin.patch | 1 -
.../{dropbear-2012.55 => dropbear-2013.56}/series | 0
rules/dropbear.make | 4 ++--
3 files changed, 2 insertions(+), 3 deletions(-)
rename patches/{dropbear-2012.55 => dropbear-2013.56}/0001-Fix-build-on-Darwin.patch (95%)
rename patches/{dropbear-2012.55 => dropbear-2013.56}/series (100%)
diff --git a/patches/dropbear-2012.55/0001-Fix-build-on-Darwin.patch b/patches/dropbear-2013.56/0001-Fix-build-on-Darwin.patch
similarity index 95%
rename from patches/dropbear-2012.55/0001-Fix-build-on-Darwin.patch
rename to patches/dropbear-2013.56/0001-Fix-build-on-Darwin.patch
index bc0d210..18756c5 100644
--- a/patches/dropbear-2012.55/0001-Fix-build-on-Darwin.patch
+++ b/patches/dropbear-2013.56/0001-Fix-build-on-Darwin.patch
@@ -1,4 +1,3 @@
-From e96df81ee2364f45724ef91389a5633337216214 Mon Sep 17 00:00:00 2001
From: Bernhard Walle <bernhard@bwalle.de>
Date: Tue, 20 Mar 2012 08:28:57 +0100
Subject: [PATCH] Fix build on Darwin
diff --git a/patches/dropbear-2012.55/series b/patches/dropbear-2013.56/series
similarity index 100%
rename from patches/dropbear-2012.55/series
rename to patches/dropbear-2013.56/series
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 57dfe0b..2beb7ef 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -18,8 +18,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
#
# Paths and names
#
-DROPBEAR_VERSION := 2012.55
-DROPBEAR_MD5 := 8c784baec3054cdb1bb4bfa792c87812
+DROPBEAR_VERSION := 2013.56
+DROPBEAR_MD5 := 700f1ae51ff008486465968db692b6dc
DROPBEAR := dropbear-$(DROPBEAR_VERSION)
DROPBEAR_SUFFIX := tar.bz2
DROPBEAR_URL := http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
--
1.7.2.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* [ptxdist] [PATCH 4/4] add options for recently added SHA256 and SHA512 hashes
2013-03-26 13:05 [ptxdist] dropbear: fixing some stuff, version bump, new hashes Alexander Dahl
` (2 preceding siblings ...)
2013-03-26 13:05 ` [ptxdist] [PATCH 3/4] bump upstream version and recreate patch series Alexander Dahl
@ 2013-03-26 13:05 ` Alexander Dahl
2013-03-27 18:21 ` [ptxdist] dropbear: fixing some stuff, version bump, new hashes Michael Olbrich
4 siblings, 0 replies; 6+ messages in thread
From: Alexander Dahl @ 2013-03-26 13:05 UTC (permalink / raw)
To: ptxdist
Make new hash functions available through ptxdist config menu.
Signed-off-by: Alexander Dahl <post@lespocky.de>
---
rules/dropbear.in | 26 ++++++++++++++++++++++++++
rules/dropbear.make | 16 ++++++++++++++++
2 files changed, 42 insertions(+), 0 deletions(-)
diff --git a/rules/dropbear.in b/rules/dropbear.in
index 8c878ec..21301ba 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -232,6 +232,32 @@ config DROPBEAR_SHA1_96
Although slower than MD5, this larger digest size makes it
stronger against brute force attacks.
+config DROPBEAR_SHA256
+ bool
+ prompt "sha256"
+ default n
+ help
+ SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256,
+ SHA-384, SHA-512) designed by the National Security Agency (NSA)
+ and published in 2001 by the NIST as a U.S. Federal Information
+ Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2
+ includes a significant number of changes from its predecessor,
+ SHA-1. SHA-2 consists of a set of four hash functions with digests
+ that are 224, 256, 384 or 512 bits.
+
+config DROPBEAR_SHA512
+ bool
+ prompt "sha512"
+ default n
+ help
+ SHA-2 is a set of cryptographic hash functions (SHA-224, SHA-256,
+ SHA-384, SHA-512) designed by the National Security Agency (NSA)
+ and published in 2001 by the NIST as a U.S. Federal Information
+ Processing Standard. SHA stands for Secure Hash Algorithm. SHA-2
+ includes a significant number of changes from its predecessor,
+ SHA-1. SHA-2 consists of a set of four hash functions with digests
+ that are 224, 256, 384 or 512 bits.
+
config DROPBEAR_MD5
bool
prompt "md5"
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 2beb7ef..74f273f 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -181,6 +181,22 @@ else
@$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_SHA1_96_HMAC)
endif
+ifdef PTXCONF_DROPBEAR_SHA256
+ @echo "ptxdist: enabling sha256"
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_SHA2_256_HMAC)
+else
+ @echo "ptxdist: disabling sha256"
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_SHA2_256_HMAC)
+endif
+
+ifdef PTXCONF_DROPBEAR_SHA512
+ @echo "ptxdist: enabling sha512"
+ @$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_SHA2_512_HMAC)
+else
+ @echo "ptxdist: disabling sha512"
+ @$(call disable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_SHA2_512_HMAC)
+endif
+
ifdef PTXCONF_DROPBEAR_MD5
@echo "ptxdist: enabling md5"
@$(call enable_c, $(DROPBEAR_DIR)/options.h,DROPBEAR_MD5_HMAC)
--
1.7.2.5
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [ptxdist] dropbear: fixing some stuff, version bump, new hashes
2013-03-26 13:05 [ptxdist] dropbear: fixing some stuff, version bump, new hashes Alexander Dahl
` (3 preceding siblings ...)
2013-03-26 13:05 ` [ptxdist] [PATCH 4/4] add options for recently added SHA256 and SHA512 hashes Alexander Dahl
@ 2013-03-27 18:21 ` Michael Olbrich
4 siblings, 0 replies; 6+ messages in thread
From: Michael Olbrich @ 2013-03-27 18:21 UTC (permalink / raw)
To: ptxdist
On Tue, Mar 26, 2013 at 02:05:21PM +0100, Alexander Dahl wrote:
> This patch series addresses some problems I came across when updating
> dropbear to the newest upstream release. First removes some options I
> could not even find in the upstream version control anymore (changed
> from anything to mercurial some time ago). Second fixes some macros
> which were renamed in option.h years (!) ago upstream. Third is the
> version bump and fourth adds options for SHA256 and SHA512. Since this
> is security related stuff I would be happy for a rigorous review.
Thanks, all applied.
Michael
>
> Greets
> Alex
>
>
> --
> ptxdist mailing list
> ptxdist@pengutronix.de
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
--
ptxdist mailing list
ptxdist@pengutronix.de
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2013-03-27 18:21 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-03-26 13:05 [ptxdist] dropbear: fixing some stuff, version bump, new hashes Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 1/4] remove long gone options Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 2/4] fix renamed macros Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 3/4] bump upstream version and recreate patch series Alexander Dahl
2013-03-26 13:05 ` [ptxdist] [PATCH 4/4] add options for recently added SHA256 and SHA512 hashes Alexander Dahl
2013-03-27 18:21 ` [ptxdist] dropbear: fixing some stuff, version bump, new hashes Michael Olbrich
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox