pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/dropbear
Module Name: pkgsrc
Committed By: adam
Date: Tue Jul 7 08:27:23 UTC 2026
Modified Files:
pkgsrc/security/dropbear: Makefile distinfo
Log Message:
dropbear: updated to 2026.92
2026.92 - 6 July 2026
Note >> for compatibility/configuration changes
- >> server auth plugins have been deprecated, the configure option
has been renamed to --enable-plugin-deprecated.
Planned to be removed in future.
- >> Two factor auth "-t" has been deprecated, it now requires
a configuration option DEPRECATED_TWO_FACTOR.
Planned to be removed in future.
- Security: server: Don't allow -B (accept blank password) with
-t (two factor auth). If run with -t and -B a user configured with a
blank password would be allowed to log in without pubkey auth.
https://github.com/mkj/dropbear/commit/23ec78285639edf068d86bb96f91cba755039740
Reported by nvidia
- Security: server: Fix parsing of long authorized_keys lines.
The remainder of a long line would be handled as the start of a new line.
In the case where external programs add semi-trusted public keys to
authorized_keys, a crafted key might bypass restrictions such as "command=".
https://github.com/mkj/dropbear/commit/8d8e1930b866eb44135ae393a793cbeb03b6b9d6
Reported by nvidia
- >> authorized_keys is now limited to 300 lines.
- server: Prevent unbounded memory use that could be triggered by an
authenticated peer. This would require waiting for the server to
trigger a rekey, so after 8 hours or transferring 1GB data.
Noticed while implementing Sunset SSH, also reported by nvidia
- >> all programs and scp: Disallow following symlinks when writing output
files. This could prevent symlink attacks. Writing keys to an untrusted
directory is not recommended regardless.
- server: "-o gatewayports=no" was treated as yes.
- server: Disallow -t multifactor with plugins.
Plugin interactions with -t are not well tested, plugins may
not correctly handle multiple successful authentications.
Reported by nvidia
- server: ensure that authorized_keys "permitopen" values are valid
ports. 0xffffffff (or signed equivalent) would be accepted as "any port".
- server: fix null pointer segfault when rejecting a stream forward.
Found by oss-fuzz
- dropbearconvert: Fix out of bounds read. dropbearconvert would exit
normally with an error, does not seem exploitable.
Reported by Yiyi Wang, Tsinghua University
- dbclient: Fixed a 1 byte out of bounds write in ssh-askpass handling
(not compiled by default)
- server: Increase pubkey query count. The limit added in
Dropbear 2026.90 was intended to be 15, but it was only 10.
Reported by Rui Salvaterra
- scp: escape terminal control codes from filenames printed by
progress (SCPPROGRESS=1, disabled by default).
Additional fix from Basavaraj S Maneppagol @basavaraj-sm05
- Fix sntrup/mlkem build on old platforms using debian/ directory
packaging. Note that this isn't well maintained, it is better
to use upstream Debian packaging if possible.
- Fix compile warning on 32 bit platforms in sntrup
- Suggest libcrypt-dev for crypt() in configure script if it's missing.
- Increase MAX_HOSTKEYS to 6, suggested by Darren Tucker.
- Allow DROPBEAR_ECC_256/384/521 to be specified in localoptions.h
Patch from Felipe Moura
- Fix typo in missing hostname message, from Robin Neatherway
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 pkgsrc/security/dropbear/Makefile
cvs rdiff -u -r1.39 -r1.40 pkgsrc/security/dropbear/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/dropbear/Makefile
diff -u pkgsrc/security/dropbear/Makefile:1.47 pkgsrc/security/dropbear/Makefile:1.48
--- pkgsrc/security/dropbear/Makefile:1.47 Thu May 28 12:34:50 2026
+++ pkgsrc/security/dropbear/Makefile Tue Jul 7 08:27:23 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.47 2026/05/28 12:34:50 adam Exp $
+# $NetBSD: Makefile,v 1.48 2026/07/07 08:27:23 adam Exp $
-DISTNAME= dropbear-2026.91
+DISTNAME= dropbear-2026.92
CATEGORIES= security
MASTER_SITES= https://matt.ucc.asn.au/dropbear/releases/
EXTRACT_SUFX= .tar.bz2
Index: pkgsrc/security/dropbear/distinfo
diff -u pkgsrc/security/dropbear/distinfo:1.39 pkgsrc/security/dropbear/distinfo:1.40
--- pkgsrc/security/dropbear/distinfo:1.39 Thu May 28 12:34:50 2026
+++ pkgsrc/security/dropbear/distinfo Tue Jul 7 08:27:23 2026
@@ -1,8 +1,8 @@
-$NetBSD: distinfo,v 1.39 2026/05/28 12:34:50 adam Exp $
+$NetBSD: distinfo,v 1.40 2026/07/07 08:27:23 adam Exp $
-BLAKE2s (dropbear-2026.91.tar.bz2) = 602b7266aa179a305a51f013f2af4e19246ab32e55c9ff9f834361a8befdfa75
-SHA512 (dropbear-2026.91.tar.bz2) = f335bffb18f6e4a261732b80d6887d1b2891a96a0eb5be0cc6bd96a8803eeea337967a2a9196bec78ac3f0d2cdb31e4b64598efb7f7ad97c652d51c458ccc5df
-Size (dropbear-2026.91.tar.bz2) = 2382176 bytes
+BLAKE2s (dropbear-2026.92.tar.bz2) = 0913c6c614747cf47cb499c9a6dfd0f26bfdbb296c20d2bc83e6b01956e4aec1
+SHA512 (dropbear-2026.92.tar.bz2) = 74701cf1a47c38a8236f89bf8f06701856b958d48e64945d1e0ee9c9765fc71a06549d6a4e7d2737d00ce945265673068889550d2f1cf3782a5cf19e96819f45
+Size (dropbear-2026.92.tar.bz2) = 2383311 bytes
SHA1 (patch-Makefile.in) = 0bb649ed8688666513c35e139e7e349fd83b3a1b
SHA1 (patch-configure) = b17f647043b212adda53aad7fb8dc7e639be9494
SHA1 (patch-localoptions.h) = 59ddfe3717e7fb961f597be7645557e11bd6e9fb
Home |
Main Index |
Thread Index |
Old Index