From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 08 Jul 2022 17:14:10 +0200 Received: from metis.ext.pengutronix.de ([2001:67c:670:201:290:27ff:fe1d:cc33]) by lore.white.stw.pengutronix.de with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1o9pgE-00Ag48-T6 for lore@lore.pengutronix.de; Fri, 08 Jul 2022 17:14:10 +0200 Received: from localhost ([127.0.0.1] helo=metis.ext.pengutronix.de) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1o9pgH-0005ph-AX; Fri, 08 Jul 2022 17:14:09 +0200 Received: from ptx.hi.pengutronix.de ([2001:67c:670:100:1d::c0]) by metis.ext.pengutronix.de with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1o9pfi-0005pX-QM; Fri, 08 Jul 2022 17:13:34 +0200 Received: from mol by ptx.hi.pengutronix.de with local (Exim 4.92) (envelope-from ) id 1o9pfh-0002iK-Ji; Fri, 08 Jul 2022 17:13:33 +0200 Date: Fri, 8 Jul 2022 17:13:33 +0200 From: Michael Olbrich To: Alexander Dahl Message-ID: <20220708151333.GJ20240@pengutronix.de> Mail-Followup-To: Alexander Dahl , ptxdist@pengutronix.de, Ian Abbott , Bruno Thomsen References: <20220704121831.23787-1-ada@thorsis.com> <20220704121831.23787-2-ada@thorsis.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220704121831.23787-2-ada@thorsis.com> X-Sent-From: Pengutronix Hildesheim X-URL: http://www.pengutronix.de/ X-Accept-Language: de,en X-Accept-Content-Type: text/plain User-Agent: Mutt/1.10.1 (2018-07-13) Subject: Re: [ptxdist] [PATCH 1/8] dropbear: version bump 2020.81 -> 2022.82 X-BeenThere: ptxdist@pengutronix.de X-Mailman-Version: 2.1.29 Precedence: list List-Id: PTXdist Development Mailing List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: ptxdist@pengutronix.de Cc: Bruno Thomsen , Ian Abbott , ptxdist@pengutronix.de Sender: "ptxdist" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: ptxdist-bounces@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false On Mon, Jul 04, 2022 at 02:18:24PM +0200, Alexander Dahl wrote: > Noteworthy pieces from a longer list of changes and fixes: > > - New server support for U2F/FIDO keys (explicitly disabled for now) > - Removed Twofish cipher > - Dropbear now re-executes itself rather than just forking for each connection > - A missing home directory is now non-fatal, starting in / instead > > Link: https://matt.ucc.asn.au/dropbear/CHANGES > Signed-off-by: Alexander Dahl I've changed the patch to disable x11 forwarding entirely because it fails to build. Please take a look if that's relevant for you. I just wanted to get this stuff merged before I'm gone for 2 weeks. Michael > --- > rules/dropbear.in | 23 ----------------------- > rules/dropbear.make | 25 +++++++------------------ > 2 files changed, 7 insertions(+), 41 deletions(-) > > diff --git a/rules/dropbear.in b/rules/dropbear.in > index 8ae2d788b..553e0268c 100644 > --- a/rules/dropbear.in > +++ b/rules/dropbear.in > @@ -169,29 +169,6 @@ config DROPBEAR_AES256 > algorithm that may be used by U.S. Government organizations > (and others) to protect sensitive information. > > - > -config DROPBEAR_TWOFISH128 > - bool > - prompt "Twofish128" > - help > - Another great algorithm designed by Bruce Schneier. > - This block cipher was designed as a successor to > - the 64-bit Blowfish block cipher. > - Twofish combines a 16-round Feistel network with a > - bijective f function made by four key-dependent > - 8x8-bit S-boxes. > - > -config DROPBEAR_TWOFISH256 > - bool > - prompt "Twofish256" > - help > - Another great algorithm designed by Bruce Schneier. > - This block cipher was designed as a successor to > - the 64-bit Blowfish block cipher. > - Twofish combines a 16-round Feistel network with a > - bijective f function made by four key-dependent > - 8x8-bit S-boxes. > - > config DROPBEAR_CBC_CIPHERS > bool > prompt "CBC mode ciphers" > diff --git a/rules/dropbear.make b/rules/dropbear.make > index cb949d761..3a434e2c8 100644 > --- a/rules/dropbear.make > +++ b/rules/dropbear.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_DROPBEAR) += dropbear > # > # Paths and names > # > -DROPBEAR_VERSION := 2020.81 > -DROPBEAR_MD5 := a07438a6159a24c61f98f1bce2d479c0 > +DROPBEAR_VERSION := 2022.82 > +DROPBEAR_MD5 := 7a4a5f2c6d23ff2e6627c97d7c1aeceb > DROPBEAR := dropbear-$(DROPBEAR_VERSION) > DROPBEAR_SUFFIX := tar.bz2 > DROPBEAR_URL := https://matt.ucc.asn.au/dropbear/releases/$(DROPBEAR).$(DROPBEAR_SUFFIX) > @@ -42,6 +42,7 @@ DROPBEAR_CONF_TOOL := autoconf > DROPBEAR_CONF_OPT := \ > $(CROSS_AUTOCONF_USR) \ > --enable-harden \ > + --disable-werror \ > $(GLOBAL_LARGE_FILE_OPTION) \ > --$(call ptx/endis, PTXCONF_DROPBEAR_ZLIB)-zlib \ > --disable-pam \ > @@ -126,22 +127,6 @@ else > @echo "#define DROPBEAR_AES256 0" >> $(DROPBEAR_LOCALOPTIONS) > endif > > -ifdef PTXCONF_DROPBEAR_TWOFISH256 > - @echo "ptxdist: enabling twofish256" > - @echo "#define DROPBEAR_TWOFISH256 1" >> $(DROPBEAR_LOCALOPTIONS) > -else > - @echo "ptxdist: disabling twofish256" > - @echo "#define DROPBEAR_TWOFISH256 0" >> $(DROPBEAR_LOCALOPTIONS) > -endif > - > -ifdef PTXCONF_DROPBEAR_TWOFISH128 > - @echo "ptxdist: enabling twofish128" > - @echo "#define DROPBEAR_TWOFISH128 1" >> $(DROPBEAR_LOCALOPTIONS) > -else > - @echo "ptxdist: disabling twofish128" > - @echo "#define DROPBEAR_TWOFISH128 0" >> $(DROPBEAR_LOCALOPTIONS) > -endif > - > # ciphers > ifdef PTXCONF_DROPBEAR_CBC_CIPHERS > @echo "ptxdist: enabling cbc ciphers" > @@ -217,6 +202,10 @@ else > @echo "#define DROPBEAR_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS) > endif > > + @echo "ptxdist: disabling u2f security key support" > + @echo "#define DROPBEAR_SK_ECDSA 0" >> $(DROPBEAR_LOCALOPTIONS) > + @echo "#define DROPBEAR_SK_ED25519 0" >> $(DROPBEAR_LOCALOPTIONS) > + > # key exchange algorithm > ifdef PTXCONF_DROPBEAR_ECDH > @echo "ptxdist: enabling ecdh" > -- > 2.30.2 > > > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |