[ptxdist] [PATCH 0/4] dropbear: version bump 2019.78 -> 2020.81

[ptxdist] [PATCH 0/4] dropbear: version bump 2019.78 -> 2020.81

[Alexander Dahl]

Hei hei,

this is the version bump for the dropbear SSH server split in four
patches for easier review.

- 1/4 fixes the license information

- 2/4 updates comments in kconfig and make file, first is for user,
  second for easier maintenance of the ptxdist package (I used that when
  reviewing what changed in dropbear from 2019.78 to 2020.79)

- 3/4 is a version bump with quite some upstream changes, including the
  fix for CVE-2018-20685.

- 4/4 is a second version bump, combining two more versions with
  regression fixes and other minor fixes, which I put in a second commit
  for easier review. This might also be squashed?

Software itself briefly tested on armv7a aka sama5d27.

Greets
Alex

Alexander Dahl (4):
  dropbear: Consider licenses of bundled libs
  dropbear: Revise comments
  dropbear: version bump 2019.78 -> 2020.79
  dropbear: version bump 2020.79 -> 2020.81

 rules/dropbear.in   | 14 ++++++++------
 rules/dropbear.make | 30 +++++++++++++++++++-----------
 2 files changed, 27 insertions(+), 17 deletions(-)


base-commit: 8617870454388edf0f0728a92f3f188edbc14986
-- 
2.27.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

[ptxdist] [PATCH 1/4] dropbear: Consider licenses of bundled libs

[Alexander Dahl]

Since 673655b40733 ("dropbear: clean up the rule file and add bugfix")
it's explicitly stated, bundled libtomcrypt and libtommath are used in
the ptxdist dropbear package.  Before very likely also the bundled libs
were used, because no separate packages exist in ptxdist.  So the
dropbear package should consider the licenses of the bundled libs.

As of dropbear 2019.78, dropbear itself states in its 'LICENSE' file
those libs are public domain, but in fact those libs are dual licensed
public_domain and WTFPL, as their license files state.

Adding hashes for the bundled libs will help detect future changes, as
long as the dropbear package uses the bundled variant of that libs.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/dropbear.make | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rules/dropbear.make b/rules/dropbear.make
index d52efa396..acd9ef5f9 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -23,9 +23,12 @@ DROPBEAR_SUFFIX		:= tar.bz2
 DROPBEAR_URL		:= http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
 DROPBEAR_SOURCE		:= $(SRCDIR)/$(DROPBEAR).$(DROPBEAR_SUFFIX)
 DROPBEAR_DIR		:= $(BUILDDIR)/$(DROPBEAR)
-DROPBEAR_LICENSE	:= MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short
+DROPBEAR_LICENSE	:= \
+	MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short AND (public_domain OR WTFPL)
 DROPBEAR_LICENSE_FILES	:= \
 	file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01 \
+	file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \
+	file://libtommath/LICENSE;md5=f72771f4af5e8c382974750f9f8701ad \
 	file://loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1
 
 # ----------------------------------------------------------------------------
-- 
2.27.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

[ptxdist] [PATCH 2/4] dropbear: Revise comments

[Alexander Dahl]

Add more section markers and update recommendations based on upstream's
'default_options.h' file.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/dropbear.in   | 12 +++++++-----
 rules/dropbear.make | 18 +++++++++++-------
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/rules/dropbear.in b/rules/dropbear.in
index 62a4a8427..d01f2c73e 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -219,7 +219,7 @@ config DROPBEAR_CTR_CIPHERS
 	  CBC mode against certain attacks. This adds around 1kB to binary
 	  size and is recommended for most cases.
 
-comment "Integrity, at least one required --- RFC Draft requires sha1-hmac and recommends sha1-96"
+comment "Integrity, at least one required --- sha2-256 is recommended as a default, sha1 for compatibility"
 
 config DROPBEAR_SHA1
 	bool
@@ -273,13 +273,13 @@ config DROPBEAR_SHA512
 
 config DROPBEAR_MD5
 	bool
-	prompt "md5"
+	prompt "md5 (not recommended!)"
 	help
 	  MD5 was developed by Professor Ronald L. Rivest in 1994.
 	  Its 128 bit (16 byte) message digest makes it a faster
 	  implementation than SHA-1.
 
-comment "Hostkey/public key algorithms, at least one required --- SSH2 RFC Draft requires dss, recommends rsa"
+comment "Hostkey/public key algorithms, at least one required --- RSA is recommended, DSS is not recommended for new keys"
 
 config DROPBEAR_RSA
 	bool
@@ -293,7 +293,7 @@ config DROPBEAR_RSA
 
 config DROPBEAR_DSS
 	bool
-	prompt "dss"
+	prompt "dss (not recommended!)"
 	help
 	  DSS stands for Digital Signature Standard.
 	  DSS employs the ElGamal and Schnorr PK systems to produce
@@ -308,6 +308,8 @@ config DROPBEAR_ECDSA
 	  ECDSA stands for Elliptic Curve Digital Signature Algorithm.
 	  ECDSA is significantly faster than RSA or DSS.
 
+comment "Key exchange algorithm ---"
+
 config DROPBEAR_ECDH
 	bool
 	prompt "ecdh"
@@ -377,7 +379,7 @@ config DROPBEAR_SCP
 comment "OpenSSH scp is selected!"
 	depends on OPENSSH_SCP
 
-comment "runtime options   ---"
+comment "runtime options        ---"
 
 config DROPBEAR_STARTSCRIPT
 	bool
diff --git a/rules/dropbear.make b/rules/dropbear.make
index acd9ef5f9..4f55fac48 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -67,6 +67,7 @@ $(STATEDIR)/dropbear.prepare:
 
 	@echo "/* localoptions.h created by ptxdist */" > $(DROPBEAR_LOCALOPTIONS)
 
+# features
 ifdef PTXCONF_DROPBEAR_DIS_X11
 	@echo "ptxdist: disabling x11 forwarding"
 	@echo "#define DROPBEAR_X11FWD 0" >> $(DROPBEAR_LOCALOPTIONS)
@@ -76,13 +77,13 @@ else
 endif
 
 ifdef PTXCONF_DROPBEAR_DIS_TCP
-	@echo "ptxdist: disabling tcp"
+	@echo "ptxdist: disabling tcp forwarding"
 	@echo "#define DROPBEAR_CLI_LOCALTCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_CLI_REMOTETCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_SVR_LOCALTCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_SVR_REMOTETCPFWD 0" >> $(DROPBEAR_LOCALOPTIONS)
 else
-	@echo "ptxdist: enabling tcp"
+	@echo "ptxdist: enabling tcp forwarding"
 	@echo "#define DROPBEAR_CLI_LOCALTCPFWD 1" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_CLI_REMOTETCPFWD 1" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_SVR_LOCALTCPFWD 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -90,16 +91,16 @@ else
 endif
 
 ifdef PTXCONF_DROPBEAR_DIS_AGENT
-	@echo "ptxdist: disabling agent"
+	@echo "ptxdist: disabling auth agent forwarding"
 	@echo "#define DROPBEAR_SVR_AGENTFWD 0" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_CLI_AGENTFWD 0" >> $(DROPBEAR_LOCALOPTIONS)
 else
-	@echo "ptxdist: enabling agent"
+	@echo "ptxdist: enabling auth agent forwarding"
 	@echo "#define DROPBEAR_SVR_AGENTFWD 1" >> $(DROPBEAR_LOCALOPTIONS)
 	@echo "#define DROPBEAR_CLI_AGENTFWD 1" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
-
+# encryption
 ifdef PTXCONF_DROPBEAR_AES128
 	@echo "ptxdist: enabling aes128"
 	@echo "#define DROPBEAR_AES128 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -148,6 +149,7 @@ else
 	@echo "#define DROPBEAR_TWOFISH128 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
+# ciphers
 ifdef PTXCONF_DROPBEAR_CBC_CIPHERS
 	@echo "ptxdist: enabling cbc ciphers"
 	@echo "#define DROPBEAR_ENABLE_CBC_MODE 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -165,6 +167,7 @@ else
 	@echo "#define DROPBEAR_ENABLE_CTR_MODE 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
+# integrity
 ifdef PTXCONF_DROPBEAR_SHA1
 	@echo "ptxdist: enabling sha1"
 	@echo "#define DROPBEAR_SHA1_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -210,7 +213,7 @@ else
 	@echo "#define DROPBEAR_MD5_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
-
+# host key / public key
 ifdef PTXCONF_DROPBEAR_RSA
 	@echo "ptxdist: enabling rsa"
 	@echo "#define DROPBEAR_RSA 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -235,6 +238,7 @@ else
 	@echo "#define DROPBEAR_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
+# key exchange algorithm
 ifdef PTXCONF_DROPBEAR_ECDH
 	@echo "ptxdist: enabling ecdh"
 	@echo "#define DROPBEAR_ECDH 1" >> $(DROPBEAR_LOCALOPTIONS)
@@ -251,7 +255,7 @@ else
 	@echo "#define DROPBEAR_CURVE25519 0" >> $(DROPBEAR_LOCALOPTIONS)
 endif
 
-
+# authentication types
 ifdef PTXCONF_DROPBEAR_PASSWD
 	@echo "ptxdist: enabling passwd"
 	@echo "#define DROPBEAR_SVR_PASSWORD_AUTH 1" >> $(DROPBEAR_LOCALOPTIONS)
-- 
2.27.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

[ptxdist] [PATCH 3/4] dropbear: version bump 2019.78 -> 2020.79

[Alexander Dahl]

Noteworthy changes (not all options accessible through ptxdist menu):

- added support for ed25519 hostkeys and authorized_keys
- added support for chacha20-poly1305 authenticated cipher
- added support for and rsa-sha2 signatures
- disabled some options by default (kconfig defaults adapted accordingly)
- fix idle detection clashing with keepalives
- scp fix for CVE-2018-20685 where a server could modify name of output
  files
- Call fsync() is called on parent directory when writing key files to
  ensure they are flushed

One especially important change:

> Use getrandom() call on Linux to ensure sufficient entropy has been
> gathered at startup.  Dropbear now avoids reading from the random
> source at startup, instead waiting until the first connection. It is
> possible that some platforms were running without enough entropy
> previously, those could potentially block at first boot generating
> host keys.  The dropbear "-R" option is one way to avoid that.

On older toolchains/kernel headers/kernels without getrandom() support,
dropbear should behave like before.

The curve25519 implementation was replaced with the one by TweetNaCl,
which induced a change in 'LICENSE' summary.  The old implementation was
licensed BSD-3-Clause and the new is public domain.

The bundled libtommath changed its license from dual license (public
domain || WTFPL) to 'Unlicense' which is also a public domain license,
but with a differently worded license text and an actual SPDX
identifier.

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/dropbear.in   |  2 +-
 rules/dropbear.make | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/rules/dropbear.in b/rules/dropbear.in
index d01f2c73e..dbe1a34bc 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -116,6 +116,7 @@ comment "features"
 config DROPBEAR_DIS_X11
 	bool
 	prompt "disable X11 Forwarding"
+	default y
 	help
 	  X11 forwarding means passing X11 (graphical interface)
 	  information over the SSH connection.
@@ -149,7 +150,6 @@ config DROPBEAR_AES128
 config DROPBEAR_3DES
 	bool
 	prompt "3DES"
-	default y
 	help
 	  DES is an IBM algorithm designed during the 1970s.
 	  In 1976, NIST has officially adopted it as an encryption
diff --git a/rules/dropbear.make b/rules/dropbear.make
index 4f55fac48..1907bc0ae 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -16,19 +16,19 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
 #
 # Paths and names
 #
-DROPBEAR_VERSION	:= 2019.78
-DROPBEAR_MD5		:= a972c85ed678ad0fdcb7844e1294fb54
+DROPBEAR_VERSION	:= 2020.79
+DROPBEAR_MD5		:= 830a7bf6349ac52a39c487d061efb352
 DROPBEAR		:= dropbear-$(DROPBEAR_VERSION)
 DROPBEAR_SUFFIX		:= tar.bz2
 DROPBEAR_URL		:= http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
 DROPBEAR_SOURCE		:= $(SRCDIR)/$(DROPBEAR).$(DROPBEAR_SUFFIX)
 DROPBEAR_DIR		:= $(BUILDDIR)/$(DROPBEAR)
 DROPBEAR_LICENSE	:= \
-	MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short AND (public_domain OR WTFPL)
+	MIT AND BSD-2-Clause AND public_domain AND SSH-short AND (public_domain OR WTFPL) AND Unlicense
 DROPBEAR_LICENSE_FILES	:= \
-	file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01 \
+	file://LICENSE;md5=da58928b5d844c6667963cb5a109272d \
 	file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \
-	file://libtommath/LICENSE;md5=f72771f4af5e8c382974750f9f8701ad \
+	file://libtommath/LICENSE;md5=23e7e0a32e53a2b1d35f5fd9ef053402 \
 	file://loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1
 
 # ----------------------------------------------------------------------------
@@ -48,6 +48,7 @@ DROPBEAR_CONF_OPT 	:= \
 	--$(call ptx/disen, PTXCONF_DROPBEAR_DIS_OPENPTY)-openpty \
 	--$(call ptx/disen, PTXCONF_DROPBEAR_DIS_SYSLOG)-syslog \
 	--enable-shadow \
+	--disable-plugin \
 	--disable-fuzz \
 	--enable-bundled-libtom \
 	--$(call ptx/disen, PTXCONF_DROPBEAR_DIS_LASTLOG)-lastlog \
-- 
2.27.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

[ptxdist] [PATCH 4/4] dropbear: version bump 2020.79 -> 2020.81

[Alexander Dahl]

Changes in LICENSE file:

- updated copyright years
- pointed to licenses of bundled libs, instead of just stating their
  license

Signed-off-by: Alexander Dahl <ada@thorsis.com>
---
 rules/dropbear.make | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/rules/dropbear.make b/rules/dropbear.make
index 1907bc0ae..47fed4938 100644
--- a/rules/dropbear.make
+++ b/rules/dropbear.make
@@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
 #
 # Paths and names
 #
-DROPBEAR_VERSION	:= 2020.79
-DROPBEAR_MD5		:= 830a7bf6349ac52a39c487d061efb352
+DROPBEAR_VERSION	:= 2020.81
+DROPBEAR_MD5		:= a07438a6159a24c61f98f1bce2d479c0
 DROPBEAR		:= dropbear-$(DROPBEAR_VERSION)
 DROPBEAR_SUFFIX		:= tar.bz2
 DROPBEAR_URL		:= http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
@@ -26,7 +26,7 @@ DROPBEAR_DIR		:= $(BUILDDIR)/$(DROPBEAR)
 DROPBEAR_LICENSE	:= \
 	MIT AND BSD-2-Clause AND public_domain AND SSH-short AND (public_domain OR WTFPL) AND Unlicense
 DROPBEAR_LICENSE_FILES	:= \
-	file://LICENSE;md5=da58928b5d844c6667963cb5a109272d \
+	file://LICENSE;md5=25cf44512b7bc8966a48b6b1a9b7605f \
 	file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \
 	file://libtommath/LICENSE;md5=23e7e0a32e53a2b1d35f5fd9ef053402 \
 	file://loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1
-- 
2.27.0


_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

Re: [ptxdist] [PATCH 3/4] dropbear: version bump 2019.78 -> 2020.79

[Alexander Dahl]

[-- Attachment #1.1: Type: text/plain, Size: 4994 bytes --]

Hei hei,

On Thu, Nov 05, 2020 at 09:13:01AM +0100, Alexander Dahl wrote:
> Noteworthy changes (not all options accessible through ptxdist menu):
> 
> - added support for ed25519 hostkeys and authorized_keys
> - added support for chacha20-poly1305 authenticated cipher
> - added support for and rsa-sha2 signatures
> - disabled some options by default (kconfig defaults adapted accordingly)
> - fix idle detection clashing with keepalives
> - scp fix for CVE-2018-20685 where a server could modify name of output
>   files
> - Call fsync() is called on parent directory when writing key files to
>   ensure they are flushed
> 
> One especially important change:
> 
> > Use getrandom() call on Linux to ensure sufficient entropy has been
> > gathered at startup.  Dropbear now avoids reading from the random
> > source at startup, instead waiting until the first connection. It is
> > possible that some platforms were running without enough entropy
> > previously, those could potentially block at first boot generating
> > host keys.  The dropbear "-R" option is one way to avoid that.
> 
> On older toolchains/kernel headers/kernels without getrandom() support,
> dropbear should behave like before.
> 
> The curve25519 implementation was replaced with the one by TweetNaCl,
> which induced a change in 'LICENSE' summary.  The old implementation was
> licensed BSD-3-Clause and the new is public domain.
> 
> The bundled libtommath changed its license from dual license (public
> domain || WTFPL) to 'Unlicense' which is also a public domain license,
> but with a differently worded license text and an actual SPDX
> identifier.
> 
> Signed-off-by: Alexander Dahl <ada@thorsis.com>
> ---
>  rules/dropbear.in   |  2 +-
>  rules/dropbear.make | 11 ++++++-----
>  2 files changed, 7 insertions(+), 6 deletions(-)

When reworking this patch today in the morning I forgot to remove the
2019.78 patch series. The one patch in there had gone upstream with
2020.79 and can be dropped.

I'll send a v2 tomorrow.

A

> 
> diff --git a/rules/dropbear.in b/rules/dropbear.in
> index d01f2c73e..dbe1a34bc 100644
> --- a/rules/dropbear.in
> +++ b/rules/dropbear.in
> @@ -116,6 +116,7 @@ comment "features"
>  config DROPBEAR_DIS_X11
>  	bool
>  	prompt "disable X11 Forwarding"
> +	default y
>  	help
>  	  X11 forwarding means passing X11 (graphical interface)
>  	  information over the SSH connection.
> @@ -149,7 +150,6 @@ config DROPBEAR_AES128
>  config DROPBEAR_3DES
>  	bool
>  	prompt "3DES"
> -	default y
>  	help
>  	  DES is an IBM algorithm designed during the 1970s.
>  	  In 1976, NIST has officially adopted it as an encryption
> diff --git a/rules/dropbear.make b/rules/dropbear.make
> index 4f55fac48..1907bc0ae 100644
> --- a/rules/dropbear.make
> +++ b/rules/dropbear.make
> @@ -16,19 +16,19 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear
>  #
>  # Paths and names
>  #
> -DROPBEAR_VERSION	:= 2019.78
> -DROPBEAR_MD5		:= a972c85ed678ad0fdcb7844e1294fb54
> +DROPBEAR_VERSION	:= 2020.79
> +DROPBEAR_MD5		:= 830a7bf6349ac52a39c487d061efb352
>  DROPBEAR		:= dropbear-$(DROPBEAR_VERSION)
>  DROPBEAR_SUFFIX		:= tar.bz2
>  DROPBEAR_URL		:= http://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX)
>  DROPBEAR_SOURCE		:= $(SRCDIR)/$(DROPBEAR).$(DROPBEAR_SUFFIX)
>  DROPBEAR_DIR		:= $(BUILDDIR)/$(DROPBEAR)
>  DROPBEAR_LICENSE	:= \
> -	MIT AND BSD-2-Clause AND BSD-3-Clause AND SSH-short AND (public_domain OR WTFPL)
> +	MIT AND BSD-2-Clause AND public_domain AND SSH-short AND (public_domain OR WTFPL) AND Unlicense
>  DROPBEAR_LICENSE_FILES	:= \
> -	file://LICENSE;md5=a5ec40cafba26fc4396d0b550f824e01 \
> +	file://LICENSE;md5=da58928b5d844c6667963cb5a109272d \
>  	file://libtomcrypt/LICENSE;md5=71baacc459522324ef3e2b9e052e8180 \
> -	file://libtommath/LICENSE;md5=f72771f4af5e8c382974750f9f8701ad \
> +	file://libtommath/LICENSE;md5=23e7e0a32e53a2b1d35f5fd9ef053402 \
>  	file://loginrec.c;startline=1;endline=26;md5=0d785ee11fab1cead2c7fee9c35574f1
>  
>  # ----------------------------------------------------------------------------
> @@ -48,6 +48,7 @@ DROPBEAR_CONF_OPT 	:= \
>  	--$(call ptx/disen, PTXCONF_DROPBEAR_DIS_OPENPTY)-openpty \
>  	--$(call ptx/disen, PTXCONF_DROPBEAR_DIS_SYSLOG)-syslog \
>  	--enable-shadow \
> +	--disable-plugin \
>  	--disable-fuzz \
>  	--enable-bundled-libtom \
>  	--$(call ptx/disen, PTXCONF_DROPBEAR_DIS_LASTLOG)-lastlog \
> -- 
> 2.27.0
> 
> 
> _______________________________________________
> ptxdist mailing list
> ptxdist@pengutronix.de
> To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de

-- 
/"\ ASCII RIBBON | »With the first link, the chain is forged. The first
\ / CAMPAIGN     | speech censured, the first thought forbidden, the
 X  AGAINST      | first freedom denied, chains us all irrevocably.«
/ \ HTML MAIL    | (Jean-Luc Picard, quoting Judge Aaron Satie)

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[-- Attachment #2: Type: text/plain, Size: 181 bytes --]

_______________________________________________
ptxdist mailing list
ptxdist@pengutronix.de
To unsubscribe, send a mail with subject "unsubscribe" to ptxdist-request@pengutronix.de