aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/dropbear/Makefile137
-rw-r--r--security/dropbear/distinfo6
-rw-r--r--security/dropbear/files/patch-configure16
-rw-r--r--security/dropbear/pkg-descr2
-rw-r--r--security/dropbear/pkg-plist4
5 files changed, 99 insertions, 66 deletions
diff --git a/security/dropbear/Makefile b/security/dropbear/Makefile
index 6f1774f2af7c..6f66511e940b 100644
--- a/security/dropbear/Makefile
+++ b/security/dropbear/Makefile
@@ -2,9 +2,9 @@
# $FreeBSD$
PORTNAME= dropbear
-PORTVERSION= 2017.75
+PORTVERSION= 2018.76
CATEGORIES= security ipv6
-MASTER_SITES= http://matt.ucc.asn.au/dropbear/releases/
+MASTER_SITES= https://matt.ucc.asn.au/dropbear/releases/
MAINTAINER= pkubaj@anongoth.pl
COMMENT= SSH 2 server, designed to be usable in small memory environments
@@ -12,126 +12,143 @@ COMMENT= SSH 2 server, designed to be usable in small memory environments
LICENSE= MIT
LICENSE_FILE= ${WRKSRC}/LICENSE
-GNU_CONFIGURE= yes
USES= cpe gmake tar:bzip2
CPE_VENDOR= matt_johnston
CPE_PRODUCT= dropbear_ssh_server
+GNU_CONFIGURE= yes
+CONFIGURE_ARGS= --disable-harden
USE_RC_SUBR= ${PORTNAME}
-OPTIONS_DEFINE= DH_GROUP1 SMALL_CODE STATIC
-OPTIONS_DEFAULT= AES128 AES256 CTR RSA SHA2_256 SHA2_512 SMALL_CODE TWOFISH128 TWOFISH256
-OPTIONS_MULTI= ENC KEY MAC MODE
-OPTIONS_MULTI_ENC= AES128 3DES AES256 BLOWFISH TWOFISH256 TWOFISH128
-OPTIONS_MULTI_MODE= CBC CTR
+OPTIONS_DEFINE= SMALL_CODE STATIC
+OPTIONS_DEFAULT= AES128 AES256 CTR CURVE25519 GROUP14_SHA256 GROUP16 RSA SHA2_256 TWOFISH128 TWOFISH256
+OPTIONS_MULTI= ENC KEY KEX MAC MODE
+OPTIONS_MULTI_ENC= 3DES AES128 AES256 BLOWFISH TWOFISH128 TWOFISH256
OPTIONS_MULTI_KEY= ECDSA DSA RSA
-OPTIONS_MULTI_MAC= MD5 SHA1 SHA1_96 SHA2_256 SHA2_512
+OPTIONS_MULTI_KEX= CURVE25519 ECDH GROUP1 GROUP14_SHA1 GROUP14_SHA256 GROUP16
+OPTIONS_MULTI_MAC= MD5 SHA1 SHA1_96 SHA2_256
+OPTIONS_MULTI_MODE= CBC CTR
-3DES_DESC= Enable 3DES-based encryption
-3DES_IMPLIES= CTR
-AES128_DESC= Enable AES128-based encryption
-AES256_DESC= Enable AES256-based encryption
+3DES_DESC= Enable 3DES-based encryption
+AES128_DESC= Enable AES128-based encryption
+AES256_DESC= Enable AES256-based encryption
+BLOWFISH_DESC= Enable Blowfish-based encryption
+CBC_DESC= Use CBC mode for ciphers (less secure)
+CTR_DESC= Use CTR mode for ciphers (more secure)
+CURVE25519_DESC= Enable Curve25519
+DSA_DESC= Enable DSA public key support
+ECDH_DESC= Enable ECDH (insecure)
+ECDSA_DESC= Enable ECDSA public key support
+GROUP14_SHA1_DESC= Enable Group14 Diffie-Helman with SHA1 (insecure)
+GROUP14_SHA256_DESC= Enable Group14 Diffie-Helman with SHA256
+GROUP16_DESC= Enable Group16 Diffie-Hellman
+GROUP1_DESC= Enable Group1 Diffie-Hellman (insecure)
+MD5_DESC= Enable MD5 MAC (broken)
+RSA_DESC= Enable RSA public key support
+SHA1_96_DESC= Enable SHA1_96 MAC (less secure)
+SHA1_DESC= Enable SHA1 MAC (less secure)
+SHA2_256_DESC= Enable SHA2_256 MAC
+SMALL_CODE_DESC= Make binary smaller in exchange for 50% performance hit
TWOFISH128_DESC= Enable Twofish128-based encryption
TWOFISH256_DESC= Enable Twofish256-based encryption
-BLOWFISH_DESC= Enable Blowfish-based encryption
-
-DH_GROUP1_DESC= Enable Group1 Diffie-Hellman (less secure)
-
-CBC_DESC= Use CBC mode for ciphers (less secure)
-CTR_DESC= Use CTR mode for ciphers (more secure)
-
-ECDSA_DESC= Enable ECDSA public key support
-DSA_DESC= Enable DSA public key support
-RSA_DESC= Enable RSA public key support
-
-MD5_DESC= Enable MD5 MAC (broken)
-SHA1_DESC= Enable SHA1 MAC (less secure)
-SHA1_96_DESC= Enable SHA1_96 MAC (less secure)
-SHA2_256_DESC= Enable SHA2_256 MAC
-SHA2_512_DESC= Enable SHA2_512 MAC
-SMALL_CODE_DESC= Make binary smaller in exchange for 50% performance hit
-
-STATIC_LDFLAGS= -static
+3DES_IMPLIES= CTR
+STATIC_CONFIGURE_ENABLE= static
post-patch:
@${REINPLACE_CMD} -e "s,_PRIV_FILENAME \"/etc/,_PRIV_FILENAME \"${PREFIX}/etc/,g; \
- s,/usr/bin/X11/,${LOCALBASE}/,g" ${WRKSRC}/options.h
+ s,/usr/bin/X11/,${LOCALBASE}/,g" ${WRKSRC}/default_options.h
@${REINPLACE_CMD} -e "s,sys/dir.h,dirent.h," ${WRKSRC}/*.[ch]
@${REINPLACE_CMD} -e "s,make clean,\$${MAKE} clean," \
${WRKSRC}/libtomcrypt/Makefile.in
post-patch-SMALL_CODE-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_SMALL_CODE/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-3DES-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_3DES/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-AES128-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_AES128/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-AES256-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_AES256/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
-post-patch-TWOFISH256-off:
- @${REINPLACE_CMD} -e "/#define DROPBEAR_TWOFISH256/d" \
- ${WRKSRC}/options.h
+post-patch-TWOFISH256-on:
+ @${REINPLACE_CMD} -e "s,#define DROPBEAR_TWOFISH256 0,#define DROPBEAR_TWOFISH256 1,g" \
+ ${WRKSRC}/default_options.h
-post-patch-TWOFISH128-off:
- @${REINPLACE_CMD} -e "/#define DROPBEAR_TWOFISH128/d" \
- ${WRKSRC}/options.h
+post-patch-TWOFISH128-on:
+ @${REINPLACE_CMD} -e "s,#define DROPBEAR_TWOFISH128 0,#define DROPBEAR_TWOFISH128 1,g" \
+ ${WRKSRC}/default_options.h
post-patch-BLOWFISH-on:
- @${REINPLACE_CMD} -e "s,/\*#define DROPBEAR_BLOWFISH\*/,#define DROPBEAR_BLOWFISH,g" \
- ${WRKSRC}/options.h
+ @${REINPLACE_CMD} -e "s,#define DROPBEAR_BLOWFISH 0,#define DROPBEAR_BLOWFISH 1,g" \
+ ${WRKSRC}/default_options.h
post-patch-CBC-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_ENABLE_CBC_MODE/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-CTR-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_ENABLE_CTR_MODE/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
+
+post-patch-CURVE25519-off:
+ @${REINPLACE_CMD} -e "/#define DROPBEAR_CURVE25519 1/d" \
+ ${WRKSRC}/default_options.h
+
+post-patch-ECDH-off:
+ @${REINPLACE_CMD} -e "/#define DROPBEAR_ECDH 1/d" \
+ ${WRKSRC}/default_options.h
-post-patch-DH_GROUP1-off:
+post-patch-GROUP1-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_DH_GROUP1 1/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
+
+post-patch-GROUP14_SHA1-off:
+ @${REINPLACE_CMD} -e "/#define DROPBEAR_DH_GROUP14_SHA1 1/d" \
+ ${WRKSRC}/default_options.h
+
+post-patch-GROUP14_SHA256-off:
+ @${REINPLACE_CMD} -e "/#define DROPBEAR_DH_GROUP14_SHA256 1/d" \
+ ${WRKSRC}/default_options.h
+
+post-patch-GROUP16-on:
+ @${REINPLACE_CMD} -e "s,#define DROPBEAR_DH_GROUP16 0,#define DROPBEAR_DH_GROUP16 1,g" \
+ ${WRKSRC}/default_options.h
post-patch-DSA-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_DSS/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-RSA-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_RSA/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-ECDSA-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_ECDSA/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-MD5-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_MD5_HMAC/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-SHA1-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_SHA1_HMAC/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-SHA1_96-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_SHA1_96_HMAC/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
post-patch-SHA2_256-off:
@${REINPLACE_CMD} -e "/#define DROPBEAR_SHA2_256_HMAC/d" \
- ${WRKSRC}/options.h
-
-post-patch-SHA2_512-off:
- @${REINPLACE_CMD} -e "/#define DROPBEAR_SHA2_512_HMAC/d" \
- ${WRKSRC}/options.h
+ ${WRKSRC}/default_options.h
do-install:
@${MKDIR} ${STAGEDIR}${PREFIX}/etc/dropbear
diff --git a/security/dropbear/distinfo b/security/dropbear/distinfo
index 2dabbc7f135b..118ce93e7931 100644
--- a/security/dropbear/distinfo
+++ b/security/dropbear/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1497947793
-SHA256 (dropbear-2017.75.tar.bz2) = 6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c
-SIZE (dropbear-2017.75.tar.bz2) = 1623392
+TIMESTAMP = 1519931080
+SHA256 (dropbear-2018.76.tar.bz2) = f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65
+SIZE (dropbear-2018.76.tar.bz2) = 2688697
diff --git a/security/dropbear/files/patch-configure b/security/dropbear/files/patch-configure
new file mode 100644
index 000000000000..aa57c3a2800c
--- /dev/null
+++ b/security/dropbear/files/patch-configure
@@ -0,0 +1,16 @@
+--- configure.orig 2018-03-01 21:26:15 UTC
++++ configure
+@@ -3103,13 +3103,6 @@ fi
+
+
+
+-# set compile flags prior to other tests
+-if test -z "$OLDCFLAGS" && test "$GCC" = "yes"; then
+- { $as_echo "$as_me:${as_lineno-$LINENO}: No \$CFLAGS set... using \"-Os -W -Wall\" for GCC" >&5
+-$as_echo "$as_me: No \$CFLAGS set... using \"-Os -W -Wall\" for GCC" >&6;}
+- CFLAGS="-Os -W -Wall"
+-fi
+-
+ { $as_echo "$as_me:${as_lineno-$LINENO}: Checking if compiler '$CC' supports -Wno-pointer-sign" >&5
+ $as_echo "$as_me: Checking if compiler '$CC' supports -Wno-pointer-sign" >&6;}
+
diff --git a/security/dropbear/pkg-descr b/security/dropbear/pkg-descr
index 746b9f881bad..c80d5ba0e73a 100644
--- a/security/dropbear/pkg-descr
+++ b/security/dropbear/pkg-descr
@@ -7,4 +7,4 @@ environments. It supports:
* Compatible with OpenSSH ~/.ssh/authorized_keys public key
authentication
-WWW: http://matt.ucc.asn.au/dropbear/dropbear.html
+WWW: https://matt.ucc.asn.au/dropbear/dropbear.html
diff --git a/security/dropbear/pkg-plist b/security/dropbear/pkg-plist
index a8c320f12d8c..87e3417bf7c3 100644
--- a/security/dropbear/pkg-plist
+++ b/security/dropbear/pkg-plist
@@ -1,9 +1,9 @@
bin/dbclient
bin/dropbearconvert
bin/dropbearkey
-sbin/dropbear
man/man1/dbclient.1.gz
man/man1/dropbearconvert.1.gz
man/man1/dropbearkey.1.gz
man/man8/dropbear.8.gz
-@dir etc/dropbear
+sbin/dropbear
+@dir %%ETCDIR%%