Date: Wednesday, October 3, 2018 @ 08:15:26 Author: arodseth Revision: 389116
upgpkg: dropbear 2018.76-2 Added: dropbear/trunk/localoptions.h Modified: dropbear/trunk/PKGBUILD dropbear/trunk/dropbear.service ------------------+ PKGBUILD | 15 ++++++++------- dropbear.service | 2 +- localoptions.h | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 50 insertions(+), 8 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2018-10-03 06:57:29 UTC (rev 389115) +++ PKGBUILD 2018-10-03 08:15:26 UTC (rev 389116) @@ -1,4 +1,4 @@ -# Maintainer: Alexander F Rødseth <[email protected]> +# Maintainer: Alexander F. Rødseth <[email protected]> # Contributor: Timothy Redaelli <[email protected]> # Contributor: Bartlomiej Piotrowski <[email protected]> # Contributor: Jaroslav Lichtblau <[email protected]> @@ -9,28 +9,29 @@ pkgbase=dropbear pkgname=(dropbear scp) pkgver=2018.76 -pkgrel=1 +pkgrel=2 pkgdesc='Lightweight SSH server' arch=('x86_64') url='https://matt.ucc.asn.au/dropbear/dropbear.html' license=('MIT') -options=(!emptydirs) +options=(emptydirs) validpgpkeys=('F7347EF2EE2E07A267628CA944931494F29C6773') source=("https://matt.ucc.asn.au/$pkgname/releases/$pkgname-$pkgver.tar.bz2"{,.asc} + 'localoptions.h' "$pkgname.service") sha256sums=('f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65' 'SKIP' - '8890a35b6cb14745c1b22f80d3a8532de2a853c78a30eac72b954012e286504a') + 'ad524b470170ecb297df2c4a7307f56d4c56b65fb643b0356775799c4928e879' + '0c0e5b9d121b9d728fed92d6574f2a96d74e4f8a61169dc1e452488f43bb1484') prepare() { - sed -i 's,usr/libexec/sftp,usr/lib/ssh/sftp,;/#define DROPBEAR_SMALL_CODE/d' \ - "$pkgname-$pkgver/options.h" + cp -f localoptions.h "$pkgname-$pkgver/" } build() { cd "$pkgname-$pkgver" - ./configure --prefix=/usr --bindir=/usr/bin --sbindir=/usr/bin + ./configure --bindir=/usr/bin --prefix=/usr --sbindir=/usr/bin make PROGRAMS="dbclient dropbear dropbearconvert dropbearkey scp" SCPPROGRESS=1 } Modified: dropbear.service =================================================================== --- dropbear.service 2018-10-03 06:57:29 UTC (rev 389115) +++ dropbear.service 2018-10-03 08:15:26 UTC (rev 389116) @@ -1,5 +1,5 @@ [Unit] -Description=Dropbear SSH Daemon +Description=Dropbear SSH Server After=network.target [Service] Added: localoptions.h =================================================================== --- localoptions.h (rev 0) +++ localoptions.h 2018-10-03 08:15:26 UTC (rev 389116) @@ -0,0 +1,41 @@ +/* + * Arch Linux configuration for DropBear + * + * The majority of these options are disabled or enabled as a result of + * running ssh-audit. + * + * https://github.com/arthepsy/ssh-audit + */ + +/* Disable CBC mode for ciphers */ +#define DROPBEAR_ENABLE_CBC_MODE 0 + +/* Disable X11 Forwarding on the server */ +#define DROPBEAR_X11FWD 0 + +/* Disable reverse DNS lookups */ +#define DO_HOST_LOOKUP 0 + +/* Enable twofish128 and twofish256 */ +#define DROPBEAR_TWOFISH128 1 +#define DROPBEAR_TWOFISH256 1 + +/* Disable SHA-96 */ +#define DROPBEAR_SHA1_HMAC 0 +#define DROPBEAR_SHA1_96_HMAC 0 + +/* Disable DSS */ +#define DROPBEAR_DSS 0 + +/* Disable ECDH */ +#define DROPBEAR_ECDH 0 +#define DROPBEAR_ECDSA 0 + +/* SFTP server path */ +#define SFTPSERVER_PATH "/usr/lib/ssh/sftp-server" + +/* Spend a small mount of bytes for an increase in performance */ +#define DROPBEAR_SMALL_CODE 0 + +/* Default path */ +#define DEFAULT_PATH "/usr/bin"
