Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
On 2014-02-24 07:02, Catalin Patulea wrote: Upstream changelog: https://matt.ucc.asn.au/dropbear/CHANGES This adds elliptic curve cryptography (ECC) support as an option, disabled by default. dropbear mips 34kc uClibc binary size: before: 161,672 bytes after, without ECC (default): 164,968 after, with ECC: 198,008 Signed-off-by: Catalin Patulea c...@vv.carleton.ca Committed in r40297, thanks - Felix ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
Incremental build bugfix: https://github.com/cpatulea/openwrt/commit/0211a7b272fc5fabf9cce87dcaaa4f62892377c9 On Thu, Mar 27, 2014 at 2:15 AM, Catalin Patulea c...@vv.carleton.ca wrote: I've pushed my dropbear patch to this github tree: https://github.com/cpatulea/openwrt/tree/next If you have any new dropbear updates, feel free to cc me and I will merge. On Tue, Mar 25, 2014 at 2:43 PM, Pau p...@dabax.net wrote: Dammit, I've seen this thread after preparing a patch to upgrade dropbear to 2014.63 I don't think it is needed, but just in case I leave it here... @Felix, it would be nice to have the Catalin or mine applied to trunk. The ipv6 link-local bug is very annoying. Thanks. From 8d93d9fd4bbd65246eb1602d8a606e48ec921810 Mon Sep 17 00:00:00 2001 From: Pau Escrich p...@dabax.net Date: Tue, 25 Mar 2014 14:39:29 -0400 Subject: [PATCH] Update dropbear to 2014.63 Signed-off-by: Pau Escrich p...@dabax.net --- package/network/services/dropbear/Makefile | 4 ++-- .../dropbear/patches/120-openwrt_options.patch | 21 ++--- .../dropbear/patches/150-dbconvert_standalone.patch | 5 ++--- .../dropbear/patches/200-lcrypt_bsdfix.patch| 19 +-- 4 files changed, 11 insertions(+), 38 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 02be761..1340e8d 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2013.59 +PKG_VERSION:=2014.63 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9 +PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 9300a27..1b5c5cb 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -1,6 +1,6 @@ --- a/options.h +++ b/options.h -@@ -38,7 +38,7 @@ +@@ -41,7 +41,7 @@ * Both of these flags can be defined at once, don't compile without at least * one of them. */ #define NON_INETD_MODE @@ -9,16 +9,7 @@ /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is * perhaps 20% slower for pubkey operations (it is probably worth experimenting -@@ -49,7 +49,7 @@ - several kB in binary size however will make the symmetrical ciphers and hashes - slower, perhaps by 50%. Recommended for small systems that aren't doing - much traffic. */ --/*#define DROPBEAR_SMALL_CODE*/ -+#define DROPBEAR_SMALL_CODE - - /* Enable X11 Forwarding - server only */ - #define ENABLE_X11FWD -@@ -78,7 +78,7 @@ much traffic. */ +@@ -81,7 +81,7 @@ much traffic. */ /* Enable Netcat mode option. This will forward standard input/output * to a remote TCP-forwarded connection */ @@ -27,7 +18,7 @@ /* Whether to support -c and -m flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST -@@ -92,8 +92,8 @@ much traffic. */ +@@ -95,8 +95,8 @@ much traffic. */ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ @@ -38,7 +29,7 @@ /* Enable Counter Mode for ciphers. This is more secure than normal * CBC mode against certain attacks. This adds around 1kB to binary -@@ -119,7 +119,7 @@ much traffic. */ +@@ -122,7 +122,7 @@ much traffic. */ * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC @@ -47,7 +38,7 @@ /*#define DROPBEAR_SHA2_256_HMAC*/ /*#define DROPBEAR_SHA2_512_HMAC*/ #define DROPBEAR_MD5_HMAC -@@ -157,7 +157,7 @@ much traffic. */ +@@ -175,7 +175,7 @@ much traffic. */ /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ @@ -56,7 +47,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -195,7 +195,7 @@ much traffic. */ +@@ -213,7 +213,7 @@ much traffic. */ * note that it will be provided for all hidden client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ diff --git a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch index 3e0b008..2b5e201 100644 --- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch +++
Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
I've pushed my dropbear patch to this github tree: https://github.com/cpatulea/openwrt/tree/next If you have any new dropbear updates, feel free to cc me and I will merge. On Tue, Mar 25, 2014 at 2:43 PM, Pau p...@dabax.net wrote: Dammit, I've seen this thread after preparing a patch to upgrade dropbear to 2014.63 I don't think it is needed, but just in case I leave it here... @Felix, it would be nice to have the Catalin or mine applied to trunk. The ipv6 link-local bug is very annoying. Thanks. From 8d93d9fd4bbd65246eb1602d8a606e48ec921810 Mon Sep 17 00:00:00 2001 From: Pau Escrich p...@dabax.net Date: Tue, 25 Mar 2014 14:39:29 -0400 Subject: [PATCH] Update dropbear to 2014.63 Signed-off-by: Pau Escrich p...@dabax.net --- package/network/services/dropbear/Makefile | 4 ++-- .../dropbear/patches/120-openwrt_options.patch | 21 ++--- .../dropbear/patches/150-dbconvert_standalone.patch | 5 ++--- .../dropbear/patches/200-lcrypt_bsdfix.patch| 19 +-- 4 files changed, 11 insertions(+), 38 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 02be761..1340e8d 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2013.59 +PKG_VERSION:=2014.63 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9 +PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 9300a27..1b5c5cb 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -1,6 +1,6 @@ --- a/options.h +++ b/options.h -@@ -38,7 +38,7 @@ +@@ -41,7 +41,7 @@ * Both of these flags can be defined at once, don't compile without at least * one of them. */ #define NON_INETD_MODE @@ -9,16 +9,7 @@ /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is * perhaps 20% slower for pubkey operations (it is probably worth experimenting -@@ -49,7 +49,7 @@ - several kB in binary size however will make the symmetrical ciphers and hashes - slower, perhaps by 50%. Recommended for small systems that aren't doing - much traffic. */ --/*#define DROPBEAR_SMALL_CODE*/ -+#define DROPBEAR_SMALL_CODE - - /* Enable X11 Forwarding - server only */ - #define ENABLE_X11FWD -@@ -78,7 +78,7 @@ much traffic. */ +@@ -81,7 +81,7 @@ much traffic. */ /* Enable Netcat mode option. This will forward standard input/output * to a remote TCP-forwarded connection */ @@ -27,7 +18,7 @@ /* Whether to support -c and -m flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST -@@ -92,8 +92,8 @@ much traffic. */ +@@ -95,8 +95,8 @@ much traffic. */ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ @@ -38,7 +29,7 @@ /* Enable Counter Mode for ciphers. This is more secure than normal * CBC mode against certain attacks. This adds around 1kB to binary -@@ -119,7 +119,7 @@ much traffic. */ +@@ -122,7 +122,7 @@ much traffic. */ * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC @@ -47,7 +38,7 @@ /*#define DROPBEAR_SHA2_256_HMAC*/ /*#define DROPBEAR_SHA2_512_HMAC*/ #define DROPBEAR_MD5_HMAC -@@ -157,7 +157,7 @@ much traffic. */ +@@ -175,7 +175,7 @@ much traffic. */ /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ @@ -56,7 +47,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -195,7 +195,7 @@ much traffic. */ +@@ -213,7 +213,7 @@ much traffic. */ * note that it will be provided for all hidden client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ diff --git a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch index 3e0b008..2b5e201 100644 --- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch +++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch @@ -9,6 +9,5 @@ +#define DROPBEAR_CLIENT +#endif + - /** - * Define compile-time
Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
Dammit, I've seen this thread after preparing a patch to upgrade dropbear to 2014.63 I don't think it is needed, but just in case I leave it here... @Felix, it would be nice to have the Catalin or mine applied to trunk. The ipv6 link-local bug is very annoying. Thanks. From 8d93d9fd4bbd65246eb1602d8a606e48ec921810 Mon Sep 17 00:00:00 2001 From: Pau Escrich p...@dabax.net Date: Tue, 25 Mar 2014 14:39:29 -0400 Subject: [PATCH] Update dropbear to 2014.63 Signed-off-by: Pau Escrich p...@dabax.net --- package/network/services/dropbear/Makefile | 4 ++-- .../dropbear/patches/120-openwrt_options.patch | 21 ++--- .../dropbear/patches/150-dbconvert_standalone.patch | 5 ++--- .../dropbear/patches/200-lcrypt_bsdfix.patch| 19 +-- 4 files changed, 11 insertions(+), 38 deletions(-) diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 02be761..1340e8d 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -8,14 +8,14 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=2013.59 +PKG_VERSION:=2014.63 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ http://matt.ucc.asn.au/dropbear/releases/ \ https://dropbear.nl/mirror/releases/ -PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9 +PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd PKG_LICENSE:=MIT PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 9300a27..1b5c5cb 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -1,6 +1,6 @@ --- a/options.h +++ b/options.h -@@ -38,7 +38,7 @@ +@@ -41,7 +41,7 @@ * Both of these flags can be defined at once, don't compile without at least * one of them. */ #define NON_INETD_MODE @@ -9,16 +9,7 @@ /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is * perhaps 20% slower for pubkey operations (it is probably worth experimenting -@@ -49,7 +49,7 @@ - several kB in binary size however will make the symmetrical ciphers and hashes - slower, perhaps by 50%. Recommended for small systems that aren't doing - much traffic. */ --/*#define DROPBEAR_SMALL_CODE*/ -+#define DROPBEAR_SMALL_CODE - - /* Enable X11 Forwarding - server only */ - #define ENABLE_X11FWD -@@ -78,7 +78,7 @@ much traffic. */ +@@ -81,7 +81,7 @@ much traffic. */ /* Enable Netcat mode option. This will forward standard input/output * to a remote TCP-forwarded connection */ @@ -27,7 +18,7 @@ /* Whether to support -c and -m flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST -@@ -92,8 +92,8 @@ much traffic. */ +@@ -95,8 +95,8 @@ much traffic. */ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ @@ -38,7 +29,7 @@ /* Enable Counter Mode for ciphers. This is more secure than normal * CBC mode against certain attacks. This adds around 1kB to binary -@@ -119,7 +119,7 @@ much traffic. */ +@@ -122,7 +122,7 @@ much traffic. */ * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC @@ -47,7 +38,7 @@ /*#define DROPBEAR_SHA2_256_HMAC*/ /*#define DROPBEAR_SHA2_512_HMAC*/ #define DROPBEAR_MD5_HMAC -@@ -157,7 +157,7 @@ much traffic. */ +@@ -175,7 +175,7 @@ much traffic. */ /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ @@ -56,7 +47,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -195,7 +195,7 @@ much traffic. */ +@@ -213,7 +213,7 @@ much traffic. */ * note that it will be provided for all hidden client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ diff --git a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch index 3e0b008..2b5e201 100644 --- a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch +++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch @@ -9,6 +9,5 @@ +#define DROPBEAR_CLIENT +#endif + - /** - * Define compile-time options below - the #ifndef DROPBEAR_XXX #endif - * parts are to allow for commandline -DDROPBEAR_XXX options etc. + /* Define compile-time options below - the #ifndef DROPBEAR_XXX #endif + * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ diff --git a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
Hi folks, I'm still interested in getting this merged. If there's
anything I can do to speed up the process, please let me know.
On Thu, Mar 13, 2014 at 3:55 PM, Gui Iribarren g...@altermundi.net wrote:
On 03/13/2014 03:15 AM, Catalin Patulea wrote:
ping??
+1
2014.63 also fixes the brown-paper-bag bug that prevented from doing ssh to
link-local addresses, since the '%' operator had been (incorrectly)
reassigned.
On Sat, Mar 1, 2014 at 4:05 AM, Catalin Patulea c...@vv.carleton.ca
wrote:
ping
On Mon, Feb 24, 2014 at 1:02 AM, Catalin Patulea c...@vv.carleton.ca
wrote:
Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES
This adds elliptic curve cryptography (ECC) support as an option,
disabled
by default.
dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008
Signed-off-by: Catalin Patulea c...@vv.carleton.ca
---
package/network/services/dropbear/Config.in| 27
++
package/network/services/dropbear/Makefile | 24
++--
.../dropbear/patches/100-pubkey_path.patch |4 +--
.../dropbear/patches/110-change_user.patch |2 +-
.../dropbear/patches/120-openwrt_options.patch | 21
--
.../dropbear/patches/140-disable_assert.patch |2 +-
.../patches/150-dbconvert_standalone.patch |6 ++--
.../dropbear/patches/200-lcrypt_bsdfix.patch | 29
.../dropbear/patches/500-set-default-path.patch|2 +-
9 files changed, 63 insertions(+), 54 deletions(-)
create mode 100644 package/network/services/dropbear/Config.in
delete mode 100644
package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
diff --git a/package/network/services/dropbear/Config.in
b/package/network/services/dropbear/Config.in
new file mode 100644
index 000..e2a7610
--- /dev/null
+++ b/package/network/services/dropbear/Config.in
@@ -0,0 +1,27 @@
+menu Configuration
+ depends on PACKAGE_dropbear
+
+config DROPBEAR_ECC
+ bool Elliptic curve cryptography (ECC)
+ default n
+ help
+ Enables elliptic curve cryptography (ECC) support in key
exchange and public key
+ authentication.
+
+ Key exchange algorithms:
+ ecdh-sha2-nistp256
+ ecdh-sha2-nistp384
+ ecdh-sha2-nistp521
+ curve25519-sha...@libssh.org
+
+ Public key algorithms:
+ ecdsa-sha2-nistp256
+ ecdsa-sha2-nistp384
+ ecdsa-sha2-nistp521
+
+ Does not generate ECC host keys by default (ECC key
exchange will not be used,
+ only ECC public key auth).
+
+ Increases binary size by about 36 kB (MIPS).
+
+endmenu
diff --git a/package/network/services/dropbear/Makefile
b/package/network/services/dropbear/Makefile
index 02be761..692199e 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,26 +8,32 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2014.63
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_BUILD_PARALLEL:=1
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+
include $(INCLUDE_DIR)/package.mk
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
+define Package/dropbear/config
+ source $(SOURCE)/Config.in
+endef
+
define Package/dropbear
$(call Package/dropbear/Default)
SECTION:=net
@@ -72,6 +78,20 @@ CONFIGURE_ARGS += \
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ # Enforce that all replacements are made, otherwise options.h
has changed
+ # format and this logic is broken.
+ for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519;
do \
+ awk 'BEGIN { rc = 1 } \
+ /'OPTION'/ { 0 = $(if $(CONFIG_DROPBEAR_ECC),,//
)#define 'OPTION'; rc = 0 } \
+ { print } \
+ END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+ $(PKG_BUILD_DIR)/options.h.new \
+ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h
|| exit 1; \
+ done
+endef
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
diff --git
Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
ping??
On Sat, Mar 1, 2014 at 4:05 AM, Catalin Patulea c...@vv.carleton.ca wrote:
ping
On Mon, Feb 24, 2014 at 1:02 AM, Catalin Patulea c...@vv.carleton.ca wrote:
Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES
This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.
dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008
Signed-off-by: Catalin Patulea c...@vv.carleton.ca
---
package/network/services/dropbear/Config.in| 27 ++
package/network/services/dropbear/Makefile | 24 ++--
.../dropbear/patches/100-pubkey_path.patch |4 +--
.../dropbear/patches/110-change_user.patch |2 +-
.../dropbear/patches/120-openwrt_options.patch | 21 --
.../dropbear/patches/140-disable_assert.patch |2 +-
.../patches/150-dbconvert_standalone.patch |6 ++--
.../dropbear/patches/200-lcrypt_bsdfix.patch | 29
.../dropbear/patches/500-set-default-path.patch|2 +-
9 files changed, 63 insertions(+), 54 deletions(-)
create mode 100644 package/network/services/dropbear/Config.in
delete mode 100644
package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
diff --git a/package/network/services/dropbear/Config.in
b/package/network/services/dropbear/Config.in
new file mode 100644
index 000..e2a7610
--- /dev/null
+++ b/package/network/services/dropbear/Config.in
@@ -0,0 +1,27 @@
+menu Configuration
+ depends on PACKAGE_dropbear
+
+config DROPBEAR_ECC
+ bool Elliptic curve cryptography (ECC)
+ default n
+ help
+ Enables elliptic curve cryptography (ECC) support in key
exchange and public key
+ authentication.
+
+ Key exchange algorithms:
+ ecdh-sha2-nistp256
+ ecdh-sha2-nistp384
+ ecdh-sha2-nistp521
+ curve25519-sha...@libssh.org
+
+ Public key algorithms:
+ ecdsa-sha2-nistp256
+ ecdsa-sha2-nistp384
+ ecdsa-sha2-nistp521
+
+ Does not generate ECC host keys by default (ECC key exchange
will not be used,
+ only ECC public key auth).
+
+ Increases binary size by about 36 kB (MIPS).
+
+endmenu
diff --git a/package/network/services/dropbear/Makefile
b/package/network/services/dropbear/Makefile
index 02be761..692199e 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,26 +8,32 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2014.63
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_BUILD_PARALLEL:=1
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+
include $(INCLUDE_DIR)/package.mk
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
+define Package/dropbear/config
+ source $(SOURCE)/Config.in
+endef
+
define Package/dropbear
$(call Package/dropbear/Default)
SECTION:=net
@@ -72,6 +78,20 @@ CONFIGURE_ARGS += \
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ # Enforce that all replacements are made, otherwise options.h has
changed
+ # format and this logic is broken.
+ for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+ awk 'BEGIN { rc = 1 } \
+ /'OPTION'/ { 0 = $(if $(CONFIG_DROPBEAR_ECC),,//
)#define 'OPTION'; rc = 0 } \
+ { print } \
+ END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+ $(PKG_BUILD_DIR)/options.h.new \
+ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h ||
exit 1; \
+ done
+endef
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch
b/package/network/services/dropbear/patches/100-pubkey_path.patch
index c1802f5..456874b 100644
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
-@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
On 03/13/2014 03:15 AM, Catalin Patulea wrote:
ping??
+1
2014.63 also fixes the brown-paper-bag bug that prevented from doing ssh
to link-local addresses, since the '%' operator had been (incorrectly)
reassigned.
On Sat, Mar 1, 2014 at 4:05 AM, Catalin Patulea c...@vv.carleton.ca wrote:
ping
On Mon, Feb 24, 2014 at 1:02 AM, Catalin Patulea c...@vv.carleton.ca wrote:
Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES
This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.
dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008
Signed-off-by: Catalin Patulea c...@vv.carleton.ca
---
package/network/services/dropbear/Config.in| 27 ++
package/network/services/dropbear/Makefile | 24 ++--
.../dropbear/patches/100-pubkey_path.patch |4 +--
.../dropbear/patches/110-change_user.patch |2 +-
.../dropbear/patches/120-openwrt_options.patch | 21 --
.../dropbear/patches/140-disable_assert.patch |2 +-
.../patches/150-dbconvert_standalone.patch |6 ++--
.../dropbear/patches/200-lcrypt_bsdfix.patch | 29
.../dropbear/patches/500-set-default-path.patch|2 +-
9 files changed, 63 insertions(+), 54 deletions(-)
create mode 100644 package/network/services/dropbear/Config.in
delete mode 100644
package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
diff --git a/package/network/services/dropbear/Config.in
b/package/network/services/dropbear/Config.in
new file mode 100644
index 000..e2a7610
--- /dev/null
+++ b/package/network/services/dropbear/Config.in
@@ -0,0 +1,27 @@
+menu Configuration
+ depends on PACKAGE_dropbear
+
+config DROPBEAR_ECC
+ bool Elliptic curve cryptography (ECC)
+ default n
+ help
+ Enables elliptic curve cryptography (ECC) support in key
exchange and public key
+ authentication.
+
+ Key exchange algorithms:
+ ecdh-sha2-nistp256
+ ecdh-sha2-nistp384
+ ecdh-sha2-nistp521
+ curve25519-sha...@libssh.org
+
+ Public key algorithms:
+ ecdsa-sha2-nistp256
+ ecdsa-sha2-nistp384
+ ecdsa-sha2-nistp521
+
+ Does not generate ECC host keys by default (ECC key exchange
will not be used,
+ only ECC public key auth).
+
+ Increases binary size by about 36 kB (MIPS).
+
+endmenu
diff --git a/package/network/services/dropbear/Makefile
b/package/network/services/dropbear/Makefile
index 02be761..692199e 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,26 +8,32 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2014.63
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_BUILD_PARALLEL:=1
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+
include $(INCLUDE_DIR)/package.mk
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
+define Package/dropbear/config
+ source $(SOURCE)/Config.in
+endef
+
define Package/dropbear
$(call Package/dropbear/Default)
SECTION:=net
@@ -72,6 +78,20 @@ CONFIGURE_ARGS += \
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ # Enforce that all replacements are made, otherwise options.h has
changed
+ # format and this logic is broken.
+ for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+ awk 'BEGIN { rc = 1 } \
+ /'OPTION'/ { 0 = $(if $(CONFIG_DROPBEAR_ECC),,// )#define
'OPTION'; rc = 0 } \
+ { print } \
+ END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+ $(PKG_BUILD_DIR)/options.h.new \
+ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit
1; \
+ done
+endef
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch
b/package/network/services/dropbear/patches/100-pubkey_path.patch
index c1802f5..456874b 100644
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
-@@ -209,17
Re: [OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
ping
On Mon, Feb 24, 2014 at 1:02 AM, Catalin Patulea c...@vv.carleton.ca wrote:
Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES
This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.
dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008
Signed-off-by: Catalin Patulea c...@vv.carleton.ca
---
package/network/services/dropbear/Config.in| 27 ++
package/network/services/dropbear/Makefile | 24 ++--
.../dropbear/patches/100-pubkey_path.patch |4 +--
.../dropbear/patches/110-change_user.patch |2 +-
.../dropbear/patches/120-openwrt_options.patch | 21 --
.../dropbear/patches/140-disable_assert.patch |2 +-
.../patches/150-dbconvert_standalone.patch |6 ++--
.../dropbear/patches/200-lcrypt_bsdfix.patch | 29
.../dropbear/patches/500-set-default-path.patch|2 +-
9 files changed, 63 insertions(+), 54 deletions(-)
create mode 100644 package/network/services/dropbear/Config.in
delete mode 100644
package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
diff --git a/package/network/services/dropbear/Config.in
b/package/network/services/dropbear/Config.in
new file mode 100644
index 000..e2a7610
--- /dev/null
+++ b/package/network/services/dropbear/Config.in
@@ -0,0 +1,27 @@
+menu Configuration
+ depends on PACKAGE_dropbear
+
+config DROPBEAR_ECC
+ bool Elliptic curve cryptography (ECC)
+ default n
+ help
+ Enables elliptic curve cryptography (ECC) support in key
exchange and public key
+ authentication.
+
+ Key exchange algorithms:
+ ecdh-sha2-nistp256
+ ecdh-sha2-nistp384
+ ecdh-sha2-nistp521
+ curve25519-sha...@libssh.org
+
+ Public key algorithms:
+ ecdsa-sha2-nistp256
+ ecdsa-sha2-nistp384
+ ecdsa-sha2-nistp521
+
+ Does not generate ECC host keys by default (ECC key exchange
will not be used,
+ only ECC public key auth).
+
+ Increases binary size by about 36 kB (MIPS).
+
+endmenu
diff --git a/package/network/services/dropbear/Makefile
b/package/network/services/dropbear/Makefile
index 02be761..692199e 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,26 +8,32 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2014.63
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_BUILD_PARALLEL:=1
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+
include $(INCLUDE_DIR)/package.mk
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
+define Package/dropbear/config
+ source $(SOURCE)/Config.in
+endef
+
define Package/dropbear
$(call Package/dropbear/Default)
SECTION:=net
@@ -72,6 +78,20 @@ CONFIGURE_ARGS += \
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ # Enforce that all replacements are made, otherwise options.h has
changed
+ # format and this logic is broken.
+ for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+ awk 'BEGIN { rc = 1 } \
+ /'OPTION'/ { 0 = $(if $(CONFIG_DROPBEAR_ECC),,//
)#define 'OPTION'; rc = 0 } \
+ { print } \
+ END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+ $(PKG_BUILD_DIR)/options.h.new \
+ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h ||
exit 1; \
+ done
+endef
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch
b/package/network/services/dropbear/patches/100-pubkey_path.patch
index c1802f5..456874b 100644
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
-@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
goto out;
}
@@ -33,7 +33,7 @@
if (authfile == NULL) {
[OpenWrt-Devel] [PATCH] dropbear: update to 2014.63
Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES
This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.
dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008
Signed-off-by: Catalin Patulea c...@vv.carleton.ca
---
package/network/services/dropbear/Config.in| 27 ++
package/network/services/dropbear/Makefile | 24 ++--
.../dropbear/patches/100-pubkey_path.patch |4 +--
.../dropbear/patches/110-change_user.patch |2 +-
.../dropbear/patches/120-openwrt_options.patch | 21 --
.../dropbear/patches/140-disable_assert.patch |2 +-
.../patches/150-dbconvert_standalone.patch |6 ++--
.../dropbear/patches/200-lcrypt_bsdfix.patch | 29
.../dropbear/patches/500-set-default-path.patch|2 +-
9 files changed, 63 insertions(+), 54 deletions(-)
create mode 100644 package/network/services/dropbear/Config.in
delete mode 100644
package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
diff --git a/package/network/services/dropbear/Config.in
b/package/network/services/dropbear/Config.in
new file mode 100644
index 000..e2a7610
--- /dev/null
+++ b/package/network/services/dropbear/Config.in
@@ -0,0 +1,27 @@
+menu Configuration
+ depends on PACKAGE_dropbear
+
+config DROPBEAR_ECC
+ bool Elliptic curve cryptography (ECC)
+ default n
+ help
+ Enables elliptic curve cryptography (ECC) support in key
exchange and public key
+ authentication.
+
+ Key exchange algorithms:
+ ecdh-sha2-nistp256
+ ecdh-sha2-nistp384
+ ecdh-sha2-nistp521
+ curve25519-sha...@libssh.org
+
+ Public key algorithms:
+ ecdsa-sha2-nistp256
+ ecdsa-sha2-nistp384
+ ecdsa-sha2-nistp521
+
+ Does not generate ECC host keys by default (ECC key exchange
will not be used,
+ only ECC public key auth).
+
+ Increases binary size by about 36 kB (MIPS).
+
+endmenu
diff --git a/package/network/services/dropbear/Makefile
b/package/network/services/dropbear/Makefile
index 02be761..692199e 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -8,26 +8,32 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2013.59
+PKG_VERSION:=2014.63
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
http://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_MD5SUM:=6c1e6c2c297f4034488ffc95e8b7e6e9
+PKG_MD5SUM:=7066bb9a2da708f3ed06314fdc9c47fd
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
PKG_BUILD_PARALLEL:=1
+PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC
+
include $(INCLUDE_DIR)/package.mk
define Package/dropbear/Default
URL:=http://matt.ucc.asn.au/dropbear/
endef
+define Package/dropbear/config
+ source $(SOURCE)/Config.in
+endef
+
define Package/dropbear
$(call Package/dropbear/Default)
SECTION:=net
@@ -72,6 +78,20 @@ CONFIGURE_ARGS += \
TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
TARGET_LDFLAGS += -Wl,--gc-sections
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ # Enforce that all replacements are made, otherwise options.h has
changed
+ # format and this logic is broken.
+ for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \
+ awk 'BEGIN { rc = 1 } \
+ /'OPTION'/ { 0 = $(if $(CONFIG_DROPBEAR_ECC),,//
)#define 'OPTION'; rc = 0 } \
+ { print } \
+ END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \
+ $(PKG_BUILD_DIR)/options.h.new \
+ mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit
1; \
+ done
+endef
+
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(TARGET_CONFIGURE_OPTS) \
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch
b/package/network/services/dropbear/patches/100-pubkey_path.patch
index c1802f5..456874b 100644
--- a/package/network/services/dropbear/patches/100-pubkey_path.patch
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -1,6 +1,6 @@
--- a/svr-authpubkey.c
+++ b/svr-authpubkey.c
-@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+@@ -208,17 +208,21 @@ static int checkpubkey(unsigned char* al
goto out;
}
@@ -33,7 +33,7 @@
if (authfile == NULL) {
goto out;
}
-@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
+@@ -371,26 +375,35 @@ static int checkpubkeyperms() {
goto out;
}
diff --git
