CVS commit: pkgsrc/security/dropbear

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security/dropbear
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Thu, 6 Mar 2025 11:53:50 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu Mar  6 11:53:50 UTC 2025

Modified Files:
        pkgsrc/security/dropbear: Makefile distinfo

Log Message:
dropbear: updated to 2025.87

2025.87 - 5 March 2025

Note >> for compatibility/configuration changes

- >> Disable SHA-1 algorithms by default. SHA-1 has known weakness and
  most implementations support alternatives.

- Add post-quantum key exchange. These avoid the possibility of current
  stored traffic being decrypted using a possible future quantum
  computer.

  sntrup761 added by Matt Johnston, using sntrup761 implementation from
  Daniel J. Bernstein, Chitchanok Chuengsatiansup, Tanja Lange and
  Christine van Vredendaal, with integration work from OpenSSH.

  ML-KEM added by Loganaden Velvindron, Jaykishan Mutkawoa, Kavish Nadan,
  using libcrux, also based on OpenSSH work.

  These do increase code size, at least sntrup761 is recommended,
  see default_options.h

- >> Decompression is disabled on the server, compression
  is still supported.
  This avoids attack surface for zlib and saves runtime memory.

- Add -D server flag to specify authorized_keys directory, from Darren Tucker.

- Include remote host in "Login attempt with wrong user" message for fail2ban,
  patch from MichaIng.

- Workaround writing hostkeys on FUSE filesystem that don't
  support hardlinks, reported by elijahr.

- Fix truncated error messages such as host key mismatch.

- >> Preference aes256 ahead of aes128 for the client. chacha20-poly1305
  is still first preference.

- Fix ubsan failure in curve25519 code, reported by Steven Bytnar.
  Has no effect on execution.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/dropbear/Makefile
cvs rdiff -u -r1.34 -r1.35 pkgsrc/security/dropbear/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/dropbear/Makefile
diff -u pkgsrc/security/dropbear/Makefile:1.42 pkgsrc/security/dropbear/Makefile:1.43
--- pkgsrc/security/dropbear/Makefile:1.42      Thu Nov 21 19:06:41 2024
+++ pkgsrc/security/dropbear/Makefile   Thu Mar  6 11:53:50 2025
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.42 2024/11/21 19:06:41 adam Exp $
+# $NetBSD: Makefile,v 1.43 2025/03/06 11:53:50 adam Exp $
 
-DISTNAME=      dropbear-2024.86
+DISTNAME=      dropbear-2025.87
 CATEGORIES=    security
 MASTER_SITES=  https://matt.ucc.asn.au/dropbear/releases/
 EXTRACT_SUFX=  .tar.bz2
@@ -11,7 +11,7 @@ COMMENT=      Small SSH2 server and client, a
 LICENSE=       modified-bsd
 
 GNU_CONFIGURE=         yes
-CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR:Q} --disable-bundled-libtom
+CONFIGURE_ARGS+=       --sysconfdir=${PKG_SYSCONFDIR} --disable-bundled-libtom
 USE_TOOLS+=            gmake
 
 PKG_OPTIONS_VAR=       PKG_OPTIONS.dropbear
@@ -36,7 +36,7 @@ SUBST_CLASSES+=               config
 SUBST_MESSAGE.config=  Fixing path to config directory.
 SUBST_STAGE.config=    post-build
 SUBST_FILES.config=    manpages/dropbear.8 manpages/dropbearkey.1
-SUBST_SED.config=      -e "s,/etc/dropbear/,"${PKG_SYSCONFDIR:Q}"/dropbear/,g"
+SUBST_SED.config=      -e "s,/etc/dropbear/,"${PKG_SYSCONFDIR}"/dropbear/,g"
 
 # needed by dbscp
 CPPFLAGS+=             -DDROPBEAR_PATH_SSH_PROGRAM="\"${PREFIX}/bin/dbclient\""

Index: pkgsrc/security/dropbear/distinfo
diff -u pkgsrc/security/dropbear/distinfo:1.34 pkgsrc/security/dropbear/distinfo:1.35
--- pkgsrc/security/dropbear/distinfo:1.34      Thu Nov 21 19:06:41 2024
+++ pkgsrc/security/dropbear/distinfo   Thu Mar  6 11:53:50 2025
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.34 2024/11/21 19:06:41 adam Exp $
+$NetBSD: distinfo,v 1.35 2025/03/06 11:53:50 adam Exp $
 
-BLAKE2s (dropbear-2024.86.tar.bz2) = 54a101e2d5bdf5644b67e1e9cbf53f89d285773804bb22f265c988b8fea91667
-SHA512 (dropbear-2024.86.tar.bz2) = 6be3d2efd79e49e1f9fe13654c26b9c14d1504c9543720e59600f6d689aafae7365b4a0bbfa309f7bf692995672adbbd9e660b2c907ea3d68d9f71023d05f54e
-Size (dropbear-2024.86.tar.bz2) = 2306244 bytes
+BLAKE2s (dropbear-2025.87.tar.bz2) = b31ac4f3febd9eb9bfb981c75fcdc2edb3794d86db0d7d25c3f3614b259c5ac5
+SHA512 (dropbear-2025.87.tar.bz2) = afe30b2c795c21ba76d0e4f7b95d9f61ca0ce31510c5fd5183feef2984b49122ccb600c5eae8ac05d9c3cf6bb6237f760cfcf4f7c546656f555e46e992d1efeb
+Size (dropbear-2025.87.tar.bz2) = 2368085 bytes
 SHA1 (patch-Makefile.in) = 0bb649ed8688666513c35e139e7e349fd83b3a1b
 SHA1 (patch-configure) = b17f647043b212adda53aad7fb8dc7e639be9494
 SHA1 (patch-src_default__options.h) = af60ea91516639e055266b3dd74f100aa6100f0d

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/devel/mold
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/devel/mold
Indexes:

Home | Main Index | Thread Index | Old Index