Date: Fri, 23 Oct 2020 00:19:21 +0000 (UTC) From: Piotr Kubaj <pkubaj@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r553062 - in branches/2020Q4/security/dropbear: . files Message-ID: <202010230019.09N0JL2K096538@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pkubaj Date: Fri Oct 23 00:19:21 2020 New Revision: 553062 URL: https://svnweb.freebsd.org/changeset/ports/553062 Log: MFH: r553061 security/dropbear: change in rc DSS to ed25519 dropbear no longer supports DSS keys, use ed25519 instead. rc file needs to be updated. currently starting dropbear fails with error: % service dropbear start ... Unknown key type 'dss' ... Submitted by: waitman@waitman.net PR: 250192 Approved by: portmgr (runtime fix) Modified: branches/2020Q4/security/dropbear/Makefile branches/2020Q4/security/dropbear/files/dropbear.in Directory Properties: branches/2020Q4/ (props changed) Modified: branches/2020Q4/security/dropbear/Makefile ============================================================================== --- branches/2020Q4/security/dropbear/Makefile Fri Oct 23 00:18:21 2020 (r553061) +++ branches/2020Q4/security/dropbear/Makefile Fri Oct 23 00:19:21 2020 (r553062) @@ -3,7 +3,7 @@ PORTNAME= dropbear PORTVERSION= 2020.80 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://matt.ucc.asn.au/dropbear/releases/ @@ -27,7 +27,7 @@ OPTIONS_DEFAULT= AES128 AES256 CURVE25519 ED25519 GCM OPTIONS_MULTI= ENC KEY KEX MAC MODE OPTIONS_MULTI_ENC= 3DES AES128 AES256 CHACHA20POLY1305 TWOFISH128 \ TWOFISH256 -OPTIONS_MULTI_KEY= ECDSA ED25519 DSA RSA +OPTIONS_MULTI_KEY= ECDSA ED25519 RSA OPTIONS_MULTI_KEX= CURVE25519 ECDH GROUP1 GROUP14_SHA1 GROUP14_SHA256 \ GROUP16 OPTIONS_MULTI_MAC= MD5 SHA1 SHA1_96 SHA2_256 SHA2_512 @@ -40,7 +40,6 @@ CBC_DESC= Use CBC mode for ciphers (less secure) CHACHA20POLY1305_DESC= Enable chacha20poly1305-based encryption CTR_DESC= Use CTR mode for ciphers CURVE25519_DESC= Enable Curve25519 -DSA_DESC= Enable DSA public key support ECDH_DESC= Enable ECDH (insecure) ECDSA_DESC= Enable ECDSA public key support ED25519_DESC= Enable ED25519 public key support @@ -116,9 +115,6 @@ post-patch-GROUP14_SHA256-off: post-patch-GROUP16-on: @${ECHO} "#define DROPBEAR_DH_GROUP16 1" >> ${WRKSRC}/localoptions.h - -post-patch-DSA-off: - @${ECHO} "#define DROPBEAR_DSS 0" >> ${WRKSRC}/localoptions.h post-patch-RSA-off: @${ECHO} "#define DROPBEAR_RSA 0" >> ${WRKSRC}/localoptions.h Modified: branches/2020Q4/security/dropbear/files/dropbear.in ============================================================================== --- branches/2020Q4/security/dropbear/files/dropbear.in Fri Oct 23 00:18:21 2020 (r553061) +++ branches/2020Q4/security/dropbear/files/dropbear.in Fri Oct 23 00:19:21 2020 (r553062) @@ -35,12 +35,12 @@ dropbear_keygen() %%PREFIX%%/bin/dropbearkey -t rsa -f ${etcdir}/dropbear_rsa_host_key fi - if [ -f ${etcdir}/dropbear_dss_host_key ]; then - echo "You already have an DSS host key" \ - "in ${etcdir}/dropbear_dss_host_key" - echo "Skipping protocol version 2 DSS Key Generation" + if [ -f ${etcdir}/dropbear_ed25519_host_key ]; then + echo "You already have an ed25519 host key" \ + "in ${etcdir}/dropbear_ed25519_host_key" + echo "Skipping protocol version 2 ed25519 Key Generation" else - %%PREFIX%%/bin/dropbearkey -t dss -f ${etcdir}/dropbear_dss_host_key + %%PREFIX%%/bin/dropbearkey -t ed25519 -f ${etcdir}/dropbear_ed25519_host_key fi ) } @@ -48,7 +48,7 @@ dropbear_keygen() dropbear_precmd() { if [ ! -f ${etcdir}/dropbear_rsa_host_key -o \ - ! -f ${etcdir}/dropbear_dss_host_key ]; then + ! -f ${etcdir}/dropbear_ed25519_host_key ]; then run_rc_command keygen fi }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202010230019.09N0JL2K096538>