Hi folks, I'm still interested in getting this merged. If there's anything I can do to speed up the process, please let me know.
On Thu, Mar 13, 2014 at 3:55 PM, Gui Iribarren <g...@altermundi.net> wrote: > On 03/13/2014 03:15 AM, Catalin Patulea wrote: >> >> ping?? > > > +1 > 2014.63 also fixes the brown-paper-bag bug that prevented from doing ssh to > link-local addresses, since the '%' operator had been (incorrectly) > reassigned. > >> >> On Sat, Mar 1, 2014 at 4:05 AM, Catalin Patulea <c...@vv.carleton.ca> >> wrote: >>> >>> ping >>> >>> On Mon, Feb 24, 2014 at 1:02 AM, Catalin Patulea <c...@vv.carleton.ca> >>> wrote: >>>> >>>> Upstream changelog: >>>> https://matt.ucc.asn.au/dropbear/CHANGES >>>> >>>> This adds elliptic curve cryptography (ECC) support as an option, >>>> disabled >>>> by default. >>>> >>>> dropbear mips 34kc uClibc binary size: >>>> before: 161,672 bytes >>>> after, without ECC (default): 164,968 >>>> after, with ECC: 198,008 >>>> >>>> Signed-off-by: Catalin Patulea <c...@vv.carleton.ca> >>>> --- >>>> package/network/services/dropbear/Config.in | 27 >>>> ++++++++++++++++++ >>>> package/network/services/dropbear/Makefile | 24 >>>> ++++++++++++++-- >>>> .../dropbear/patches/100-pubkey_path.patch | 4 +-- >>>> .../dropbear/patches/110-change_user.patch | 2 +- >>>> .../dropbear/patches/120-openwrt_options.patch | 21 >>>> ++++---------- >>>> .../dropbear/patches/140-disable_assert.patch | 2 +- >>>> .../patches/150-dbconvert_standalone.patch | 6 ++-- >>>> .../dropbear/patches/200-lcrypt_bsdfix.patch | 29 >>>> -------------------- >>>> .../dropbear/patches/500-set-default-path.patch | 2 +- >>>> 9 files changed, 63 insertions(+), 54 deletions(-) >>>> create mode 100644 package/network/services/dropbear/Config.in >>>> delete mode 100644 >>>> package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch >>>> >>>> diff --git a/package/network/services/dropbear/Config.in >>>> b/package/network/services/dropbear/Config.in >>>> new file mode 100644 >>>> index 0000000..e2a7610 >>>> --- /dev/null >>>> +++ b/package/network/services/dropbear/Config.in >>>> @@ -0,0 +1,27 @@ >>>> +menu "Configuration" >>>> + depends on PACKAGE_dropbear >>>> + >>>> +config DROPBEAR_ECC >>>> + bool "Elliptic curve cryptography (ECC)" >>>> + default n >>>> + help >>>> + Enables elliptic curve cryptography (ECC) support in key >>>> exchange and public key >>>> + authentication. >>>> + >>>> + Key exchange algorithms: >>>> + ecdh-sha2-nistp256 >>>> + ecdh-sha2-nistp384 >>>> + ecdh-sha2-nistp521 >>>> + curve25519-sha...@libssh.org >>>> + >>>> + Public key algorithms: >>>> + ecdsa-sha2-nistp256 >>>> + ecdsa-sha2-nistp384 >>>> + ecdsa-sha2-nistp521 >>>> + >>>> + Does not generate ECC host keys by default (ECC key >>>> exchange will not be used, >>>> + only ECC public key auth). >>>> + >>>> + Increases binary size by about 36 kB (MIPS). >>>> + >>>> +endmenu >>>> diff --git a/package/network/services/dropbear/Makefile >>>> b/package/network/services/dropbear/Makefile >>>> index 02be761..692199e 100644 >>>> --- a/package/network/services/dropbear/Makefile >>>> +++ b/package/network/services/dropbear/Makefile >>>> @@ -8,26 +8,32 @@ >>>> include $(TOPDIR)/rules.mk >>>> >>>> PKG_NAME:=dropbear >>>> -PKG_VERSION:=2013.59 >>>> +PKG_VERSION:=2014.63 >>>> PKG_RELEASE:=1 >>>> >>>> PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 >>>> PKG_SOURCE_URL:= \ >>>> http://matt.ucc.asn.au/dropbear/releases/ \ >>>> https://dropbear.nl/mirror/releases/ >>>> -PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9 >>>> +PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd >>>> >>>> PKG_LICENSE:=MIT >>>> PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE >>>> >>>> PKG_BUILD_PARALLEL:=1 >>>> >>>> +PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC >>>> + >>>> include $(INCLUDE_DIR)/package.mk >>>> >>>> define Package/dropbear/Default >>>> URL:=http://matt.ucc.asn.au/dropbear/ >>>> endef >>>> >>>> +define Package/dropbear/config >>>> + source "$(SOURCE)/Config.in" >>>> +endef >>>> + >>>> define Package/dropbear >>>> $(call Package/dropbear/Default) >>>> SECTION:=net >>>> @@ -72,6 +78,20 @@ CONFIGURE_ARGS += \ >>>> TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections >>>> TARGET_LDFLAGS += -Wl,--gc-sections >>>> >>>> +define Build/Prepare >>>> + $(call Build/Prepare/Default) >>>> + # Enforce that all replacements are made, otherwise options.h >>>> has changed >>>> + # format and this logic is broken. >>>> + for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; >>>> do \ >>>> + awk 'BEGIN { rc = 1 } \ >>>> + /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// >>>> )#define '$$$$OPTION'"; rc = 0 } \ >>>> + { print } \ >>>> + END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ >>>> + >$(PKG_BUILD_DIR)/options.h.new && \ >>>> + mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h >>>> || exit 1; \ >>>> + done >>>> +endef >>>> + >>>> define Build/Compile >>>> +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ >>>> $(TARGET_CONFIGURE_OPTS) \ >>>> diff --git >>>> a/package/network/services/dropbear/patches/100-pubkey_path.patch >>>> b/package/network/services/dropbear/patches/100-pubkey_path.patch >>>> index c1802f5..456874b 100644 >>>> --- a/package/network/services/dropbear/patches/100-pubkey_path.patch >>>> +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch >>>> @@ -1,6 +1,6 @@ >>>> --- a/svr-authpubkey.c >>>> +++ b/svr-authpubkey.c >>>> -@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al >>>> +@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al >>>> goto out; >>>> } >>>> >>>> @@ -33,7 +33,7 @@ >>>> if (authfile == NULL) { >>>> goto out; >>>> } >>>> -@@ -372,26 +376,35 @@ static int checkpubkeyperms() { >>>> +@@ -371,26 +375,35 @@ static int checkpubkeyperms() { >>>> goto out; >>>> } >>>> >>>> diff --git >>>> a/package/network/services/dropbear/patches/110-change_user.patch >>>> b/package/network/services/dropbear/patches/110-change_user.patch >>>> index 48228ea..659e257 100644 >>>> --- a/package/network/services/dropbear/patches/110-change_user.patch >>>> +++ b/package/network/services/dropbear/patches/110-change_user.patch >>>> @@ -1,6 +1,6 @@ >>>> --- a/svr-chansession.c >>>> +++ b/svr-chansession.c >>>> -@@ -889,12 +889,12 @@ static void execchild(void *user_data) { >>>> +@@ -894,12 +894,12 @@ static void execchild(void *user_data) { >>>> /* We can only change uid/gid as root ... */ >>>> if (getuid() == 0) { >>>> >>>> diff --git >>>> a/package/network/services/dropbear/patches/120-openwrt_options.patch >>>> b/package/network/services/dropbear/patches/120-openwrt_options.patch >>>> index 9300a27..1b5c5cb 100644 >>>> --- >>>> a/package/network/services/dropbear/patches/120-openwrt_options.patch >>>> +++ >>>> b/package/network/services/dropbear/patches/120-openwrt_options.patch >>>> @@ -1,6 +1,6 @@ >>>> --- a/options.h >>>> +++ b/options.h >>>> -@@ -38,7 +38,7 @@ >>>> +@@ -41,7 +41,7 @@ >>>> * Both of these flags can be defined at once, don't compile without >>>> at least >>>> * one of them. */ >>>> #define NON_INETD_MODE >>>> @@ -9,16 +9,7 @@ >>>> >>>> /* Setting this disables the fast exptmod bignum code. It saves ~5kB, >>>> but is >>>> * perhaps 20% slower for pubkey operations (it is probably worth >>>> experimenting >>>> -@@ -49,7 +49,7 @@ >>>> - several kB in binary size however will make the symmetrical ciphers >>>> and hashes >>>> - slower, perhaps by 50%. Recommended for small systems that aren't >>>> doing >>>> - much traffic. */ >>>> --/*#define DROPBEAR_SMALL_CODE*/ >>>> -+#define DROPBEAR_SMALL_CODE >>>> - >>>> - /* Enable X11 Forwarding - server only */ >>>> - #define ENABLE_X11FWD >>>> -@@ -78,7 +78,7 @@ much traffic. */ >>>> +@@ -81,7 +81,7 @@ much traffic. */ >>>> >>>> /* Enable "Netcat mode" option. This will forward standard >>>> input/output >>>> * to a remote TCP-forwarded connection */ >>>> @@ -27,7 +18,7 @@ >>>> >>>> /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at >>>> runtime */ >>>> #define ENABLE_USER_ALGO_LIST >>>> -@@ -92,8 +92,8 @@ much traffic. */ >>>> +@@ -95,8 +95,8 @@ much traffic. */ >>>> #define DROPBEAR_AES256 >>>> /* Compiling in Blowfish will add ~6kB to runtime heap memory usage >>>> */ >>>> /*#define DROPBEAR_BLOWFISH*/ >>>> @@ -38,7 +29,7 @@ >>>> >>>> /* Enable "Counter Mode" for ciphers. This is more secure than normal >>>> * CBC mode against certain attacks. This adds around 1kB to binary >>>> -@@ -119,7 +119,7 @@ much traffic. */ >>>> +@@ -122,7 +122,7 @@ much traffic. */ >>>> * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, >>>> * which are not the standard form. */ >>>> #define DROPBEAR_SHA1_HMAC >>>> @@ -47,7 +38,7 @@ >>>> /*#define DROPBEAR_SHA2_256_HMAC*/ >>>> /*#define DROPBEAR_SHA2_512_HMAC*/ >>>> #define DROPBEAR_MD5_HMAC >>>> -@@ -157,7 +157,7 @@ much traffic. */ >>>> +@@ -175,7 +175,7 @@ much traffic. */ >>>> >>>> /* Whether to print the message of the day (MOTD). This doesn't add >>>> much code >>>> * size */ >>>> @@ -56,7 +47,7 @@ >>>> >>>> /* The MOTD file path */ >>>> #ifndef MOTD_FILENAME >>>> -@@ -195,7 +195,7 @@ much traffic. */ >>>> +@@ -213,7 +213,7 @@ much traffic. */ >>>> * note that it will be provided for all "hidden" client-interactive >>>> * style prompts - if you want something more sophisticated, use >>>> * SSH_ASKPASS instead. Comment out this var to remove this >>>> functionality.*/ >>>> diff --git >>>> a/package/network/services/dropbear/patches/140-disable_assert.patch >>>> b/package/network/services/dropbear/patches/140-disable_assert.patch >>>> index edc7547..0717228 100644 >>>> --- a/package/network/services/dropbear/patches/140-disable_assert.patch >>>> +++ b/package/network/services/dropbear/patches/140-disable_assert.patch >>>> @@ -1,6 +1,6 @@ >>>> --- a/dbutil.h >>>> +++ b/dbutil.h >>>> -@@ -92,7 +92,11 @@ int m_str_to_uint(const char* str, unsig >>>> +@@ -101,7 +101,11 @@ int m_str_to_uint(const char* str, unsig >>>> #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} >>>> >>>> /* Dropbear assertion */ >>>> diff --git >>>> a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch >>>> b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch >>>> index 3e0b008..367dc2c 100644 >>>> --- >>>> a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch >>>> +++ >>>> b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch >>>> @@ -9,6 +9,6 @@ >>>> +#define DROPBEAR_CLIENT >>>> +#endif >>>> + >>>> - /****************************************************************** >>>> - * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... >>>> #endif" >>>> - * parts are to allow for commandline -DDROPBEAR_XXX options etc. >>>> + /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... >>>> #endif" >>>> + * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ >>>> + >>>> diff --git >>>> a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch >>>> b/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch >>>> deleted file mode 100644 >>>> index a5697e2..0000000 >>>> --- a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch >>>> +++ /dev/null >>>> @@ -1,29 +0,0 @@ >>>> ---- a/Makefile.in >>>> -+++ b/Makefile.in >>>> -@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac >>>> - loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h >>>> compat.h \ >>>> - listener.h fake-rfc2553.h >>>> - >>>> --dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ >>>> -+dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) >>>> - dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS) >>>> - dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS) >>>> - dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS) >>>> -@@ -78,7 +78,7 @@ STRIP=@STRIP@ >>>> - INSTALL=@INSTALL@ >>>> - CPPFLAGS=@CPPFLAGS@ >>>> - CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@ >>>> --LIBS+=@LIBS@ >>>> -+LIBS+=@CRYPTLIB@ @LIBS@ >>>> - LDFLAGS=@LDFLAGS@ >>>> - >>>> - EXEEXT=@EXEEXT@ >>>> -@@ -168,7 +168,7 @@ scp: $(SCPOBJS) $(HEADERS) Makefile >>>> - # multi-binary compilation. >>>> - MULTIOBJS= >>>> - ifeq ($(MULTI),1) >>>> -- MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), >>>> $($(prog)objs))) @CRYPTLIB@ >>>> -+ MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), >>>> $($(prog)objs))) >>>> - CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI >>>> - endif >>>> - >>>> diff --git >>>> a/package/network/services/dropbear/patches/500-set-default-path.patch >>>> b/package/network/services/dropbear/patches/500-set-default-path.patch >>>> index 702ad6c..4eea57d 100644 >>>> --- >>>> a/package/network/services/dropbear/patches/500-set-default-path.patch >>>> +++ >>>> b/package/network/services/dropbear/patches/500-set-default-path.patch >>>> @@ -1,6 +1,6 @@ >>>> --- a/options.h >>>> +++ b/options.h >>>> -@@ -301,7 +301,7 @@ be overridden at runtime with -I. 0 disa >>>> +@@ -318,7 +318,7 @@ be overridden at runtime with -I. 0 disa >>>> #define DEFAULT_IDLE_TIMEOUT 0 >>>> >>>> /* The default path. This will often get replaced by the shell */ >>>> -- >>>> 1.7.9.5 >>>> >> _______________________________________________ >> openwrt-devel mailing list >> openwrt-devel@lists.openwrt.org >> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel >> > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
