From owner-svn-ports-branches@freebsd.org Fri Oct 23 00:19:22 2020 Return-Path: Delivered-To: svn-ports-branches@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 430D542DEF7; Fri, 23 Oct 2020 00:19:22 +0000 (UTC) (envelope-from pkubaj@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CHPx611Tdz4dxp; Fri, 23 Oct 2020 00:19:22 +0000 (UTC) (envelope-from pkubaj@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 074751EE57; Fri, 23 Oct 2020 00:19:22 +0000 (UTC) (envelope-from pkubaj@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 09N0JLK5096539; Fri, 23 Oct 2020 00:19:21 GMT (envelope-from pkubaj@FreeBSD.org) Received: (from pkubaj@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 09N0JL2K096538; Fri, 23 Oct 2020 00:19:21 GMT (envelope-from pkubaj@FreeBSD.org) Message-Id: <202010230019.09N0JL2K096538@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pkubaj set sender to pkubaj@FreeBSD.org using -f From: Piotr Kubaj Date: Fri, 23 Oct 2020 00:19:21 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r553062 - in branches/2020Q4/security/dropbear: . files X-SVN-Group: ports-branches X-SVN-Commit-Author: pkubaj X-SVN-Commit-Paths: in branches/2020Q4/security/dropbear: . files X-SVN-Commit-Revision: 553062 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-branches@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: SVN commit messages for all the branches of the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2020 00:19:22 -0000 Author: pkubaj Date: Fri Oct 23 00:19:21 2020 New Revision: 553062 URL: https://svnweb.freebsd.org/changeset/ports/553062 Log: MFH: r553061 security/dropbear: change in rc DSS to ed25519 dropbear no longer supports DSS keys, use ed25519 instead. rc file needs to be updated. currently starting dropbear fails with error: % service dropbear start ... Unknown key type 'dss' ... Submitted by: waitman@waitman.net PR: 250192 Approved by: portmgr (runtime fix) Modified: branches/2020Q4/security/dropbear/Makefile branches/2020Q4/security/dropbear/files/dropbear.in Directory Properties: branches/2020Q4/ (props changed) Modified: branches/2020Q4/security/dropbear/Makefile ============================================================================== --- branches/2020Q4/security/dropbear/Makefile Fri Oct 23 00:18:21 2020 (r553061) +++ branches/2020Q4/security/dropbear/Makefile Fri Oct 23 00:19:21 2020 (r553062) @@ -3,7 +3,7 @@ PORTNAME= dropbear PORTVERSION= 2020.80 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://matt.ucc.asn.au/dropbear/releases/ @@ -27,7 +27,7 @@ OPTIONS_DEFAULT= AES128 AES256 CURVE25519 ED25519 GCM OPTIONS_MULTI= ENC KEY KEX MAC MODE OPTIONS_MULTI_ENC= 3DES AES128 AES256 CHACHA20POLY1305 TWOFISH128 \ TWOFISH256 -OPTIONS_MULTI_KEY= ECDSA ED25519 DSA RSA +OPTIONS_MULTI_KEY= ECDSA ED25519 RSA OPTIONS_MULTI_KEX= CURVE25519 ECDH GROUP1 GROUP14_SHA1 GROUP14_SHA256 \ GROUP16 OPTIONS_MULTI_MAC= MD5 SHA1 SHA1_96 SHA2_256 SHA2_512 @@ -40,7 +40,6 @@ CBC_DESC= Use CBC mode for ciphers (less secure) CHACHA20POLY1305_DESC= Enable chacha20poly1305-based encryption CTR_DESC= Use CTR mode for ciphers CURVE25519_DESC= Enable Curve25519 -DSA_DESC= Enable DSA public key support ECDH_DESC= Enable ECDH (insecure) ECDSA_DESC= Enable ECDSA public key support ED25519_DESC= Enable ED25519 public key support @@ -116,9 +115,6 @@ post-patch-GROUP14_SHA256-off: post-patch-GROUP16-on: @${ECHO} "#define DROPBEAR_DH_GROUP16 1" >> ${WRKSRC}/localoptions.h - -post-patch-DSA-off: - @${ECHO} "#define DROPBEAR_DSS 0" >> ${WRKSRC}/localoptions.h post-patch-RSA-off: @${ECHO} "#define DROPBEAR_RSA 0" >> ${WRKSRC}/localoptions.h Modified: branches/2020Q4/security/dropbear/files/dropbear.in ============================================================================== --- branches/2020Q4/security/dropbear/files/dropbear.in Fri Oct 23 00:18:21 2020 (r553061) +++ branches/2020Q4/security/dropbear/files/dropbear.in Fri Oct 23 00:19:21 2020 (r553062) @@ -35,12 +35,12 @@ dropbear_keygen() %%PREFIX%%/bin/dropbearkey -t rsa -f ${etcdir}/dropbear_rsa_host_key fi - if [ -f ${etcdir}/dropbear_dss_host_key ]; then - echo "You already have an DSS host key" \ - "in ${etcdir}/dropbear_dss_host_key" - echo "Skipping protocol version 2 DSS Key Generation" + if [ -f ${etcdir}/dropbear_ed25519_host_key ]; then + echo "You already have an ed25519 host key" \ + "in ${etcdir}/dropbear_ed25519_host_key" + echo "Skipping protocol version 2 ed25519 Key Generation" else - %%PREFIX%%/bin/dropbearkey -t dss -f ${etcdir}/dropbear_dss_host_key + %%PREFIX%%/bin/dropbearkey -t ed25519 -f ${etcdir}/dropbear_ed25519_host_key fi ) } @@ -48,7 +48,7 @@ dropbear_keygen() dropbear_precmd() { if [ ! -f ${etcdir}/dropbear_rsa_host_key -o \ - ! -f ${etcdir}/dropbear_dss_host_key ]; then + ! -f ${etcdir}/dropbear_ed25519_host_key ]; then run_rc_command keygen fi }