head	1.10;
access;
symbols
	pkgsrc-2019Q1:1.9.0.18
	pkgsrc-2019Q1-base:1.9
	pkgsrc-2018Q4:1.9.0.16
	pkgsrc-2018Q4-base:1.9
	pkgsrc-2018Q3:1.9.0.14
	pkgsrc-2018Q3-base:1.9
	pkgsrc-2018Q2:1.9.0.12
	pkgsrc-2018Q2-base:1.9
	pkgsrc-2018Q1:1.9.0.10
	pkgsrc-2018Q1-base:1.9
	pkgsrc-2017Q4:1.9.0.8
	pkgsrc-2017Q4-base:1.9
	pkgsrc-2017Q3:1.9.0.6
	pkgsrc-2017Q3-base:1.9
	pkgsrc-2017Q2:1.9.0.2
	pkgsrc-2017Q2-base:1.9
	pkgsrc-2017Q1:1.8.0.26
	pkgsrc-2017Q1-base:1.8
	pkgsrc-2016Q4:1.8.0.24
	pkgsrc-2016Q4-base:1.8
	pkgsrc-2016Q3:1.8.0.22
	pkgsrc-2016Q3-base:1.8
	pkgsrc-2016Q2:1.8.0.20
	pkgsrc-2016Q2-base:1.8
	pkgsrc-2016Q1:1.8.0.18
	pkgsrc-2016Q1-base:1.8
	pkgsrc-2015Q4:1.8.0.16
	pkgsrc-2015Q4-base:1.8
	pkgsrc-2015Q3:1.8.0.14
	pkgsrc-2015Q3-base:1.8
	pkgsrc-2015Q2:1.8.0.12
	pkgsrc-2015Q2-base:1.8
	pkgsrc-2015Q1:1.8.0.10
	pkgsrc-2015Q1-base:1.8
	pkgsrc-2014Q4:1.8.0.8
	pkgsrc-2014Q4-base:1.8
	pkgsrc-2014Q3:1.8.0.6
	pkgsrc-2014Q3-base:1.8
	pkgsrc-2014Q2:1.8.0.4
	pkgsrc-2014Q2-base:1.8
	pkgsrc-2014Q1:1.8.0.2
	pkgsrc-2014Q1-base:1.8
	pkgsrc-2013Q4:1.7.0.36
	pkgsrc-2013Q4-base:1.7
	pkgsrc-2013Q3:1.7.0.34
	pkgsrc-2013Q3-base:1.7
	pkgsrc-2013Q2:1.7.0.32
	pkgsrc-2013Q2-base:1.7
	pkgsrc-2013Q1:1.7.0.30
	pkgsrc-2013Q1-base:1.7
	pkgsrc-2012Q4:1.7.0.28
	pkgsrc-2012Q4-base:1.7
	pkgsrc-2012Q3:1.7.0.26
	pkgsrc-2012Q3-base:1.7
	pkgsrc-2012Q2:1.7.0.24
	pkgsrc-2012Q2-base:1.7
	pkgsrc-2012Q1:1.7.0.22
	pkgsrc-2012Q1-base:1.7
	pkgsrc-2011Q4:1.7.0.20
	pkgsrc-2011Q4-base:1.7
	pkgsrc-2011Q3:1.7.0.18
	pkgsrc-2011Q3-base:1.7
	pkgsrc-2011Q2:1.7.0.16
	pkgsrc-2011Q2-base:1.7
	pkgsrc-2011Q1:1.7.0.14
	pkgsrc-2011Q1-base:1.7
	pkgsrc-2010Q4:1.7.0.12
	pkgsrc-2010Q4-base:1.7
	pkgsrc-2010Q3:1.7.0.10
	pkgsrc-2010Q3-base:1.7
	pkgsrc-2010Q2:1.7.0.8
	pkgsrc-2010Q2-base:1.7
	pkgsrc-2010Q1:1.7.0.6
	pkgsrc-2010Q1-base:1.7
	pkgsrc-2009Q4:1.7.0.4
	pkgsrc-2009Q4-base:1.7
	pkgsrc-2009Q3:1.7.0.2
	pkgsrc-2009Q3-base:1.7
	pkgsrc-2009Q2:1.6.0.20
	pkgsrc-2009Q2-base:1.6
	pkgsrc-2009Q1:1.6.0.18
	pkgsrc-2009Q1-base:1.6
	pkgsrc-2008Q4:1.6.0.16
	pkgsrc-2008Q4-base:1.6
	pkgsrc-2008Q3:1.6.0.14
	pkgsrc-2008Q3-base:1.6
	cube-native-xorg:1.6.0.12
	cube-native-xorg-base:1.6
	pkgsrc-2008Q2:1.6.0.10
	pkgsrc-2008Q2-base:1.6
	cwrapper:1.6.0.8
	pkgsrc-2008Q1:1.6.0.6
	pkgsrc-2008Q1-base:1.6
	pkgsrc-2007Q4:1.6.0.4
	pkgsrc-2007Q4-base:1.6
	pkgsrc-2007Q3:1.6.0.2
	pkgsrc-2007Q3-base:1.6
	pkgsrc-2007Q2:1.5.0.4
	pkgsrc-2007Q2-base:1.5
	pkgsrc-2007Q1:1.5.0.2
	pkgsrc-2007Q1-base:1.5
	pkgsrc-2006Q4:1.4.0.8
	pkgsrc-2006Q4-base:1.4
	pkgsrc-2006Q3:1.4.0.6
	pkgsrc-2006Q3-base:1.4
	pkgsrc-2006Q2:1.4.0.4
	pkgsrc-2006Q2-base:1.4
	pkgsrc-2006Q1:1.4.0.2
	pkgsrc-2006Q1-base:1.4
	pkgsrc-2005Q4:1.3.0.4
	pkgsrc-2005Q4-base:1.3
	pkgsrc-2005Q3:1.3.0.2
	pkgsrc-2005Q3-base:1.3
	pkgsrc-2005Q2:1.2.0.2
	pkgsrc-2005Q2-base:1.2
	pkgsrc-2005Q1:1.1.0.2
	pkgsrc-2005Q1-base:1.1;
locks; strict;
comment	@# @;


1.10
date	2019.06.10.13.44.35;	author nia;	state dead;
branches;
next	1.9;
commitid	MzDiMRQsgZEs8EqB;

1.9
date	2017.05.16.21.54.21;	author snj;	state Exp;
branches;
next	1.8;
commitid	lZPazwhkZpVV6FRz;

1.8
date	2014.01.31.17.32.19;	author agc;	state Exp;
branches
	1.8.26.1;
next	1.7;
commitid	U2j958CUmogXfinx;

1.7
date	2009.08.26.21.10.11;	author snj;	state Exp;
branches;
next	1.6;

1.6
date	2007.09.05.21.08.06;	author drochner;	state Exp;
branches;
next	1.5;

1.5
date	2007.03.23.20.07.02;	author drochner;	state Exp;
branches;
next	1.4;

1.4
date	2006.03.14.20.03.43;	author drochner;	state Exp;
branches;
next	1.3;

1.3
date	2005.08.09.17.31.06;	author drochner;	state Exp;
branches;
next	1.2;

1.2
date	2005.04.29.16.14.41;	author drochner;	state Exp;
branches;
next	1.1;

1.1
date	2005.01.18.17.30.59;	author drochner;	state Exp;
branches;
next	;

1.8.26.1
date	2017.05.29.18.21.24;	author bsiegert;	state Exp;
branches;
next	;
commitid	f8DQajWwxOHMwjTz;


desc
@@


1.10
log
@dropbear: Update to 2019.78

Changes:

2019.78 - 27 March 2019

- Fix dbclient regression in 2019.77. After exiting the terminal would be left
  in a bad state. Reported by Ryan Woodsmall

2019.77 - 23 March 2019

- Fix server -R option with ECDSA - only advertise one key size which will be accepted.
  Reported by Peter Krefting, 2018.76 regression.

- Fix server regression in 2018.76 where multiple client -R forwards were all forwarded
  to the first destination. Reported by Iddo Samet.

- Make failure delay more consistent to avoid revealing valid usernames, set server password
  limit of 100 characters. Problem reported by usd responsible disclosure team

- Change handling of failed authentication to avoid disclosing valid usernames,
  CVE-2018-15599.

- Fix dbclient to reliably return the exit code from the remote server.
  Reported by W. Mike Petullo

- Fix export of 521-bit ECDSA keys, from Christian Hohnstädt

- Add -o Port=xxx option to work with sshfs, from xcko

- Merged fuzzing code, see FUZZER-NOTES.md

- Add a DROPBEAR_SVR_MULTIUSER=0 compile option to run on
  single-user Linux kernels (CONFIG_MULTIUSER disabled). From Patrick Stewart

- Increase allowed username to 100 characters, reported by W. Mike Petullo

- Update config.sub and config.guess, should now work with RISC-V

- Cygwin compile fix from karel-m

- Don't require GNU sed (accidentally in 2018.76), reported by Samuel Hsu

- Fix for IRIX and writev(), reported by Kazuo Kuroi

- Other fixes and cleanups from François Perrad, Andre McCurdy, Konstantin Demin,
  Michael Jones, Pawel Rapkiewicz


2018.76 - 27 February 2018

> > > Configuration/compatibility changes
  IMPORTANT
  Custom configuration is now specified in localoptions.h rather than options.h
  Available options and defaults can be seen in default_options.h

  To migrate your configuration, compare your customised options.h against the
  upstream options.h from your relevant version. Any customised options should
  be put in localoptions.h in the build directory.

- "configure --enable-static" should now be used instead of "make STATIC=1"
  This will avoid 'hardened build' flags that conflict with static binaries

- Set 'hardened build' flags by default if supported by the compiler.
  These can be disabled with configure --disable-harden if needed.
  -Wl,-pie
  -Wl,-z,now -Wl,-z,relro
  -fstack-protector-strong
  -D_FORTIFY_SOURCE=2
  # spectre v2 mitigation
  -mfunction-return=thunk
  -mindirect-branch=thunk

  Spectre patch from Loganaden Velvindron

- "dropbear -r" option for hostkeys no longer attempts to load the default
  hostkey paths as well. If desired these can be specified manually.
  Patch from CamVan Nguyen

- group1-sha1 key exchange is disabled in the server by default since
  the fixed 1024-bit group may be susceptible to attacks

- twofish ciphers are now disabled in the default configuration

- Default generated ECDSA key size is now 256 (rather than 521)
  for better interoperability

- Minimum RSA key length has been increased to 1024 bits

> > > Other features and fixes

- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant

- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
  See dbclient manpage for a socat example. Patch from Harald Becker

- Add "-c forced_command" option. Patch from Jeremy Kerr

- Restricted group -G option added with patch from stellarpower

- Support server-chosen TCP forwarding ports, patch from houseofkodai

- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
  Patch from houseofkodai

- Makefile will now rebuild object files when header files are modified

- Add group14-256 and group16 key exchange options

- curve25519-sha256 also supported without @@libssh.org suffix

- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
  This fixes building with some recent versions of clang

- Set PAM_RHOST which is needed by modules such as pam_abl

- Improvements to DSS and RSA public key validation, found by OSS-Fuzz.

- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz

- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz

- Numerous code cleanups and small issues fixed by Francois Perrad

- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
  platforms. Reported by Oliver Schneider and Andrew Bainbridge

- Fix some platform portability problems, from Ben Gardner

- Add EXEEXT filename suffix for building dropbearmulti, from William Foster

- Support --enable-<option> properly for configure, from Stefan Hauser

- configure have_openpty result can be cached, from Eric Bénard

- handle platforms that return close() < -1 on failure, from Marco Wenzel

- Build and configuration cleanups from Michael Witten

- Fix libtomcrypt/libtommath linking order, from Andre McCurdy

- Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC

- Update curve25519-donna implementation to current version
@
text
@$NetBSD: patch-ab,v 1.9 2017/05/16 21:54:21 snj Exp $

comment out the path to the dropbear ssh client
- this is passed through CFLAGS

--- options.h.orig	2016-07-21 08:17:09.000000000 -0700
+++ options.h	2017-03-18 00:25:05.000000000 -0700
@@@@ -305,7 +305,7 @@@@ Homedir is prepended unless path begins 
 
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
+/*#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"*/
 
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 
@


1.9
log
@update dropbear to 2016.74.  changes:

2016.74 - 21 July 2016

- Security: Message printout was vulnerable to format string injection.

  If specific usernames including "%" symbols can be created on a system
  (validated by getpwnam()) then an attacker could run arbitrary code as root
  when connecting to Dropbear server.

  A dbclient user who can control username or host arguments could potentially
  run arbitrary code as the dbclient user. This could be a problem if scripts
  or webpages pass untrusted input to the dbclient program.
  CVE-2016-7406
  https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb

- Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
  the local dropbearconvert user when parsing malicious key files
  CVE-2016-7407
  https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e

- Security: dbclient could run arbitrary code as the local dbclient user if
  particular -m or -c arguments are provided. This could be an issue where
  dbclient is used in scripts.
  CVE-2016-7408
  https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6

- Security: dbclient or dropbear server could expose process memory to the
  running user if compiled with DEBUG_TRACE and running with -v
  CVE-2016-7409
  https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04

  The security issues were reported by an anonymous researcher working with
  Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html

- Fix port forwarding failure when connecting to domains that have both
  IPv4 and IPv6 addresses. The bug was introduced in 2015.68

- Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P
  for the patch


2016.73 - 18 March 2016

- Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev

- Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev

- Option to exit when a TCP forward fails, patch from Konstantin Tokarev

- New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
  in the style of OpenSSH, though implementing all OpenSSH options is not planned.

- Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou

- Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks

- Various cleanups for issues found by a lint tool, patch from Francois Perrad

- Fix tab indent consistency, patch from Francois Perrad

- Fix issues found by cppcheck, reported by Mike Tzou

- Use system memset_s() or explicit_bzero() if available to clear memory. Also make
  libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).

- Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.

- Improved Travis CI test running, thanks to Mike Tzou

- Improve some code that was flagged by Coverity and Fortify Static Code Analyzer

2016.72 - 9 March 2016

- Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
  found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
  https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff

2015.71 - 3 December 2015

- Fix "bad buf_incrpos" when data is transferred, broke in 2015.69

- Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to
  Frank Stollenwerk for reporting and investigation

- Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev

- Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
  broke in 2015.70

- Fix server race condition that could cause sessions to hang on exit,
  https://github.com/robotframework/SSHLibrary/issues/128

2015.70 - 26 November 2015

- Fix server password authentication on Linux, broke in 2015.69

2015.69 - 25 November 2015

- Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)

- Avoid hang on session close when multiple sessions are started, affects Qt Creator
  Patch from Andrzej Szombierski

- Reduce per-channel memory consumption in common case, increase default
  channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
  webpages

- Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin

- Manpage improvements from Guilhem Moulin

- Build fixes for Android from Mike Frysinger

- Don't display the MOTD when an explicit command is run from Guilhem Moulin

- Check curve25519 shared secret isn't zero

2015.68 - Saturday 8 August 2015

- Reduce local data copying for improved efficiency. Measured 30%
  increase in throughput for connections to localhost

- Forwarded TCP ports connect asynchronously and try all available addresses
  (IPv4, IPv6, round robin DNS)

- Fix all compile warnings, many patches from Gaël Portay
  Note that configure with -Werror may not be successful on some platforms (OS X)
  and some configuration options may still result in unused variable
  warnings.

- Use TCP Fast Open on Linux if available. Saves a round trip at connection
  to hosts that have previously been connected.
  Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
  Client side is disabled by default pending further compatibility testing
  with networks and systems.

- Increase maximum command length to 9000 bytes

- Free memory before exiting, patch from Thorsten Horstmann. Useful for
  Dropbear ports to embedded systems and for checking memory leaks
  with valgrind. Only partially implemented for dbclient.
  This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h

- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
  there is a leading slash (~ isn't treated specially)

- Fix small ECC memory leaks

- Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
  Matta Consulting. Odds of bad values are around 2**-512 -- improbable.

- Twofish-ctr cipher is supported though disabled by default

- Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
  to CL Ouyang

- Fix null pointer crash with restrictions in authorized_keys without a command, patch from
  Guilhem Moulin

- Ensure authentication timeout is handled while reading the initial banner,
  thanks to CL Ouyang for finding it.

- Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz

2015.67 - Wednesday 28 January 2015

- Call fsync() after generating private keys to ensure they aren't lost if a
  reboot occurs. Thanks to Peter Korsgaard

- Disable non-delayed zlib compression by default on the server. Can be
  enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB

- Default client key path ~/.ssh/id_dropbear

- Prefer stronger algorithms by default, from Fedor Brunner.
  AES256 over 3DES
  Diffie-hellman group14 over group1

- Add option to disable CBC ciphers.

- Disable twofish in default options.h

- Enable sha2 HMAC algorithms by default, the code was already required
  for ECC key exchange. sha1 is the first preference still for performance.

- Fix installing dropbear.8 in a separate build directory, from Like Ma

- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe

- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea

- Minor bug fixes, a few issues found by Coverity scan

2014.66 - Thursday 23 October 2014

- Use the same keepalive handling behaviour as OpenSSH. This will work better
  with some SSH implementations that have different behaviour with unknown
  message types.

- Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
  keepalive message

- Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere

- Fix wtmp which broke since 2013.62, patch from Whoopie

2014.65 - Friday 8 August 2014

- Fix 2014.64 regression, server session hang on exit with scp (and probably
  others), thanks to NiLuJe for tracking it down

- Fix 2014.64 regression, clock_gettime() error handling which broke on older
  Linux kernels, reported by NiLuJe

- Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
  wasn't caught

- Avoid error message when trying to set QoS on proxycommand or multihop pipes

- Use /usr/bin/xauth, thanks to Mike Frysinger

- Don't exit the client if the local user entry can't be found, thanks to iquaba

2014.64 - Sunday 27 July 2014

- Fix compiling with ECDSA and DSS disabled

- Don't exit abruptly if too many outgoing packets are queued for writev(). Patch
  thanks to Ronny Meeus

- The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval".
  If no response is received after 3 keepalives then the session is terminated. This
  will close connections faster than waiting for a TCP timeout.

- Rework TCP priority setting. New settings are
	if (connecting || ptys || x11) tos = LOWDELAY
	else if (tcp_forwards) tos = 0
	else tos = BULK
  Thanks to Catalin Patulea for the suggestion.

- Improve handling of many concurrent new TCP forwarded connections, should now
  be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting
  and investigating it.

- Make sure that exit messages from the client are printed, regression in 2013.57

- Use monotonic clock where available, timeouts won't be affected by system time
  changes

- Add -V for version

2014.63 - Wednesday 19 February 2014

- Fix ~. to terminate a client interactive session after waking a laptop
  from sleep.

- Changed port separator syntax again, now using host^port. This is because
  IPv6 link-local addresses use %. Reported by Gui Iribarren

- Avoid constantly relinking dropbearmulti target, fix "make install"
  for multi target, thanks to Mike Frysinger

- Avoid getting stuck in a loop writing huge key files, reported by Bruno
  Thomsen

- Don't link dropbearkey or dropbearconvert to libz or libutil,
  thanks to Nicolas Boos

- Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos

- Avoid crash on exit due to cleaned up keys before last packets are sent,
  debugged by Ronald Wahl

- Fix a race condition in rekeying where Dropbear would exit if it received a
  still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
  This is a longstanding bug but is triggered more easily since 2013.57

- Fix README for ecdsa keys, from Catalin Patulea

- Ensure that generated RSA keys are always exactly the length
  requested. Previously Dropbear always generated N+16 or N+15 bit keys.
  Thanks to Unit 193

- Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the
  first public key succeeds. Still not enabled by default, needs more
  compatibility testing with other implementations.

- Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD.

- Fix for bad system linux/pkt-sched.h header file with older Linux
kernels, from Steve Dover

- Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch
  and Mark Wickham for independently spotting the same problem.
@
text
@d1 1
a1 1
$NetBSD$
@


1.8
log
@First part of minor dropbear package cleanup - this part lets the
package build as a normal user

+ don't refer to MAKEFLAGS outside of pkgsrc/mk
+ add comments to patch files
+ use BSD_INSTALL_* definitions in the build Makefile
+ re-order some parts of the pkgsrc Makefile
+ use pkgsrc definitions for CFLAGS.${OPSYS} rather than conditionals

XXX - TO DO - fix the xauth issue here
@
text
@d1 1
a1 1
$NetBSD: patch-ab,v 1.7 2009/08/26 21:10:11 snj Exp $
d6 3
a8 3
--- options.h.orig	2009-08-26 13:15:07.000000000 -0700
+++ options.h	2009-08-26 13:15:14.000000000 -0700
@@@@ -232,7 +232,7 @@@@ etc) slower (perhaps by 50%). Recommende
d12 2
a13 2
-#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"
+/*#define _PATH_SSH_PROGRAM "/usr/bin/dbclient"*/
@


1.8.26.1
log
@Pullup ticket #5468 - requested by sevan
security/dropbear: security fix

Revisions pulled up:
- security/dropbear/Makefile                                    1.32
- security/dropbear/distinfo                                    1.24
- security/dropbear/patches/patch-aa                            1.11
- security/dropbear/patches/patch-ab                            1.9
- security/dropbear/patches/patch-configure                     1.1

---
   Module Name:    pkgsrc
   Committed By:   snj
   Date:           Tue May 16 21:54:21 UTC 2017

   Modified Files:
           pkgsrc/security/dropbear: Makefile distinfo
           pkgsrc/security/dropbear/patches: patch-aa patch-ab
   Added Files:
           pkgsrc/security/dropbear/patches: patch-configure

   Log Message:
   update dropbear to 2016.74.  changes:

   2016.74 - 21 July 2016

   - Security: Message printout was vulnerable to format string injection.

     If specific usernames including "%" symbols can be created on a system
     (validated by getpwnam()) then an attacker could run arbitrary code as
   root
     when connecting to Dropbear server.

     A dbclient user who can control username or host arguments could
   potentially
     run arbitrary code as the dbclient user. This could be a problem if
   scripts
     or webpages pass untrusted input to the dbclient program.
     CVE-2016-7406
     https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb

   - Security: dropbearconvert import of OpenSSH keys could run arbitrary
   code as
     the local dropbearconvert user when parsing malicious key files
     CVE-2016-7407
     https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e

   - Security: dbclient could run arbitrary code as the local dbclient user if
     particular -m or -c arguments are provided. This could be an issue where
     dbclient is used in scripts.
     CVE-2016-7408
     https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6

   - Security: dbclient or dropbear server could expose process memory to the
     running user if compiled with DEBUG_TRACE and running with -v
     CVE-2016-7409
     https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04

     The security issues were reported by an anonymous researcher working with
     Beyond Security's SecuriTeam Secure Disclosure
   www.beyondsecurity.com/ssd.html

   - Fix port forwarding failure when connecting to domains that have both
     IPv4 and IPv6 addresses. The bug was introduced in 2015.68

   - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang
   Hui P
     for the patch

   2016.73 - 18 March 2016

   - Support syslog in dbclient, option -o usesyslog=yes. Patch from
   Konstantin Tokarev

   - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev

   - Option to exit when a TCP forward fails, patch from Konstantin Tokarev

   - New "-o" option parsing from Konstantin Tokarev. This allows handling
   some extra options
     in the style of OpenSSH, though implementing all OpenSSH options is
   not planned.

   - Fix crash when fallback initshells() is used, reported by Michael
   Nowak and Mike Tzou

   - Allow specifying commands eg "dropbearmulti dbclient ..." instead of
   symlinks

   - Various cleanups for issues found by a lint tool, patch from Francois
   Perrad

   - Fix tab indent consistency, patch from Francois Perrad

   - Fix issues found by cppcheck, reported by Mike Tzou

   - Use system memset_s() or explicit_bzero() if available to clear
   memory. Also make
     libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).

   - Prevent scp failing when the local user doesn't exist. Based on patch
   from Michael Witten.

   - Improved Travis CI test running, thanks to Mike Tzou

   - Improve some code that was flagged by Coverity and Fortify Static Code
   Analyzer

   2016.72 - 9 March 2016

   - Validate X11 forwarding input. Could allow bypass of authorized_keys
   command= restrictions,
     found by github.com/tintinweb. Thanks for Damien Miller for a patch.
   CVE-2016-3116
     https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff

   2015.71 - 3 December 2015

   - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69

   - Fix crash on exit when -p address:port is used, broke in 2015.68,
   thanks to
     Frank Stollenwerk for reporting and investigation

   - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from
   Konstantin Tokarev

   - Fix bad configure script test which didn't work with dash shell, patch
   from Juergen Daubert,
     broke in 2015.70

   - Fix server race condition that could cause sessions to hang on exit,
     https://github.com/robotframework/SSHLibrary/issues/128

   2015.70 - 26 November 2015

   - Fix server password authentication on Linux, broke in 2015.69

   2015.69 - 25 November 2015

   - Fix crash when forwarded TCP connections fail to connect (bug
   introduced in 2015.68)

   - Avoid hang on session close when multiple sessions are started,
   affects Qt Creator
     Patch from Andrzej Szombierski

   - Reduce per-channel memory consumption in common case, increase default
     channel limit from 100 to 1000 which should improve SOCKS forwarding
   for modern
     webpages

   - Handle multiple command line arguments in a single flag, thanks to
   Guilhem Moulin

   - Manpage improvements from Guilhem Moulin

   - Build fixes for Android from Mike Frysinger

   - Don't display the MOTD when an explicit command is run from Guilhem Moulin

   - Check curve25519 shared secret isn't zero

   2015.68 - Saturday 8 August 2015

   - Reduce local data copying for improved efficiency. Measured 30%
     increase in throughput for connections to localhost

   - Forwarded TCP ports connect asynchronously and try all available addresses
     (IPv4, IPv6, round robin DNS)

   - Fix all compile warnings, many patches from Gaël Portay
     Note that configure with -Werror may not be successful on some
   platforms (OS X)
     and some configuration options may still result in unused variable
     warnings.

   - Use TCP Fast Open on Linux if available. Saves a round trip at connection
     to hosts that have previously been connected.
     Needs a recent Linux kernel and possibly "sysctl -w
   net.ipv4.tcp_fastopen=3"
     Client side is disabled by default pending further compatibility testing
     with networks and systems.

   - Increase maximum command length to 9000 bytes

   - Free memory before exiting, patch from Thorsten Horstmann. Useful for
     Dropbear ports to embedded systems and for checking memory leaks
     with valgrind. Only partially implemented for dbclient.
     This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h

   - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home
   directory unless
     there is a leading slash (~ isn't treated specially)

   - Fix small ECC memory leaks

   - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
     Matta Consulting. Odds of bad values are around 2**-512 -- improbable.

   - Twofish-ctr cipher is supported though disabled by default

   - Fix pre-authentication timeout when waiting for client SSH-2.0 banner,
   thanks
     to CL Ouyang

   - Fix null pointer crash with restrictions in authorized_keys without a
   command, patch from
     Guilhem Moulin

   - Ensure authentication timeout is handled while reading the initial banner,
     thanks to CL Ouyang for finding it.

   - Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz

   2015.67 - Wednesday 28 January 2015

   - Call fsync() after generating private keys to ensure they aren't lost if a
     reboot occurs. Thanks to Peter Korsgaard

   - Disable non-delayed zlib compression by default on the server. Can be
     enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB

   - Default client key path ~/.ssh/id_dropbear

   - Prefer stronger algorithms by default, from Fedor Brunner.
     AES256 over 3DES
     Diffie-hellman group14 over group1

   - Add option to disable CBC ciphers.

   - Disable twofish in default options.h

   - Enable sha2 HMAC algorithms by default, the code was already required
     for ECC key exchange. sha1 is the first preference still for performance.

   - Fix installing dropbear.8 in a separate build directory, from Like Ma

   - Allow configure to succeed if libtomcrypt/libtommath are missing, from
   Elan Ruusamäe

   - Don't crash if ssh-agent provides an unknown type of key. From Catalin
   Patulea

   - Minor bug fixes, a few issues found by Coverity scan

   2014.66 - Thursday 23 October 2014

   - Use the same keepalive handling behaviour as OpenSSH. This will work
   better
     with some SSH implementations that have different behaviour with unknown
     message types.

   - Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
     keepalive message

   - Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere

   - Fix wtmp which broke since 2013.62, patch from Whoopie

   2014.65 - Friday 8 August 2014

   - Fix 2014.64 regression, server session hang on exit with scp (and probably
     others), thanks to NiLuJe for tracking it down

   - Fix 2014.64 regression, clock_gettime() error handling which broke on
   older
     Linux kernels, reported by NiLuJe

   - Fix 2014.64 regression, writev() could occassionally fail with EAGAIN
   which
     wasn't caught

   - Avoid error message when trying to set QoS on proxycommand or multihop
   pipes

   - Use /usr/bin/xauth, thanks to Mike Frysinger

   - Don't exit the client if the local user entry can't be found, thanks
   to iquaba

   2014.64 - Sunday 27 July 2014

   - Fix compiling with ECDSA and DSS disabled

   - Don't exit abruptly if too many outgoing packets are queued for
   writev(). Patch
     thanks to Ronny Meeus

   - The -K keepalive option now behaves more like OpenSSH's
   "ServerAliveInterval".
     If no response is received after 3 keepalives then the session is
   terminated. This
     will close connections faster than waiting for a TCP timeout.

   - Rework TCP priority setting. New settings are
           if (connecting || ptys || x11) tos = LOWDELAY
           else if (tcp_forwards) tos = 0
           else tos = BULK
     Thanks to Catalin Patulea for the suggestion.

   - Improve handling of many concurrent new TCP forwarded connections,
   should now
     be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for
   reporting
     and investigating it.

   - Make sure that exit messages from the client are printed, regression
   in 2013.57

   - Use monotonic clock where available, timeouts won't be affected by
   system time
     changes

   - Add -V for version

   2014.63 - Wednesday 19 February 2014

   - Fix ~. to terminate a client interactive session after waking a laptop
     from sleep.

   - Changed port separator syntax again, now using host^port. This is because
     IPv6 link-local addresses use %. Reported by Gui Iribarren

   - Avoid constantly relinking dropbearmulti target, fix "make install"
     for multi target, thanks to Mike Frysinger

   - Avoid getting stuck in a loop writing huge key files, reported by Bruno
     Thomsen

   - Don't link dropbearkey or dropbearconvert to libz or libutil,
     thanks to Nicolas Boos

   - Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos

   - Avoid crash on exit due to cleaned up keys before last packets are sent,
     debugged by Ronald Wahl

   - Fix a race condition in rekeying where Dropbear would exit if it
   received a
     still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
     This is a longstanding bug but is triggered more easily since 2013.57

   - Fix README for ecdsa keys, from Catalin Patulea

   - Ensure that generated RSA keys are always exactly the length
     requested. Previously Dropbear always generated N+16 or N+15 bit keys.
     Thanks to Unit 193

   - Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip
   if the
     first public key succeeds. Still not enabled by default, needs more
     compatibility testing with other implementations.

   - Fix for port 0 forwarding in the client and port forwarding with
   Apache MINA SSHD.

   - Fix for bad system linux/pkt-sched.h header file with older Linux
   kernels, from Steve Dover

   - Fix signal handlers so that errno is saved, thanks to Erik Ahl�n for a
   patch
     and Mark Wickham for independently spotting the same problem.
@
text
@d1 1
a1 1
$NetBSD$
d6 3
a8 3
--- options.h.orig	2016-07-21 08:17:09.000000000 -0700
+++ options.h	2017-03-18 00:25:05.000000000 -0700
@@@@ -305,7 +305,7 @@@@ Homedir is prepended unless path begins 
d12 2
a13 2
-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
+/*#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"*/
@


1.7
log
@Update dropbear to 0.52.  Build an scp binary and call it dbscp so it
doesn't conflict with openssh.

Changes since 0.50:

0.52 - Wed 12 November 2008

- Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to
  tunnel standard input/output to a TCP port-forwarded remote host.

- Add "proxy command" support to dbclient, to allow using a spawned
  process for IO rather than a direct TCP connection. eg
	  dbclient remotehost
  is equivalent to
	  dbclient -J 'nc remotehost 22' remotehost
  (the hostname is still provided purely for looking up saved host keys)

- Combine netcat-alike and proxy support to allow "multihop"
  connections, with comma-separated host syntax.  Allows running

	  dbclient user1@@host1,user2@@host2,user3@@host3

  to end up at host3 via the other two, using SSH TCP forwarding. It's
  a bit like onion-routing. All connections are established from the
  local machine.  The comma-separated syntax can also be used for
  scp/rsync, eg

  rsync -a -e dbclient m@@gateway,m2@@host,martello:/home/matt/ ~/backup/

  to bounce through a few hosts.

- Add -I "idle timeout" option (contributed by Farrell Aultman)

- Allow restrictions on authorized_keys logins such as restricting
  commands to be run etc. This is a subset of those allowed by OpenSSH,
  doesn't yet allow restricting source host.

- Use vfork() for scp on uClinux

- Default to PATH=/usr/bin:/bin for shells.

- Report errors if -R forwarding fails

- Add counter mode cipher support, which avoids some security problems
  with the standard CBC mode.

- Support zlib@@openssh.com delayed compression for client/server. It
  can be required for the Dropbear server with the '-Z' option. This
  is useful for security as it avoids exposing the server to attacks
  on zlib by unauthenticated remote users, though requires client side
  support.

- options.h has been split into options.h (user-changable) and
  sysoptions.h (less commonly changed)

- Support "dbclient -s sftp" to specify a subsystem

- Fix a bug in replies to channel requests that could be triggered by
  recent versions of PuTTY

0.51 - Thu 27 March 2008

- Make a copy of password fields rather erroneously relying on getwpnam()
  to be safe to call multiple times

- If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is
  as well) always use that program, ignoring isatty() and $DISPLAY

- Wait until a process exits before the server closes a connection, so
  that an exit code can be sent. This fixes problems with exit codes not
  being returned, which could cause scp to fail.
@
text
@d1 4
a4 1
$NetBSD$
@


1.6
log
@update to 0.50
changes:
- Add DROPBEAR_PASSWORD environment variable to specify a dbclient password
- Use /dev/urandom by default, since that's what everyone does anyway
- Exit with an exit code of 1 if dropbear can't bind to any ports
- Improve network performance and add a -W <receive_window> argument for
  adjusting the tradeoff between network performance and memory consumption
- Fix a problem where reply packets could be sent during key exchange,
  in violation of the SSH spec. This could manifest itself with connections
  being terminated after 8 hours with new TCP-forward connections being
  established
- Add -K <keepalive_time> argument, ensuring that data is transmitted
  over the connection at least every N seconds
- dropbearkey will no longer generate DSS keys of sizes other than 1024
  bits, as required by the DSS specification. (Other sizes are still
  accepted for use to provide backwards compatibility)
@
text
@d3 3
a5 5
--- options.h.orig	2007-08-08 17:39:37.000000000 +0200
+++ options.h
@@@@ -132,8 +132,11 @@@@ etc) slower (perhaps by 50%). Recommende
  * but there's an interface via a PAM module - don't bother using it otherwise.
  * You can't enable both PASSWORD and PAM. */
d7 4
a10 7
+#ifdef DISABLE_PAM
 #define ENABLE_SVR_PASSWORD_AUTH
-/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
+#else
+#define ENABLE_SVR_PAM_AUTH /* requires ./configure --enable-pam */
+#endif
 #define ENABLE_SVR_PUBKEY_AUTH
d12 2
a13 1
 #define ENABLE_CLI_PASSWORD_AUTH
@


1.5
log
@update to 0.49
change: warn strongly when a hostkey mismatch occurred
@
text
@d3 1
a3 1
--- options.h.orig	2007-02-22 16:51:35.000000000 +0100
a17 9
@@@@ -159,7 +162,7 @@@@ etc) slower (perhaps by 50%). Recommende
  * however significantly reduce the security of your ssh connections
  * if the PRNG state becomes guessable - make sure you know what you are
  * doing if you change this. */
-#define DROPBEAR_RANDOM_DEV "/dev/random"
+#define DROPBEAR_RANDOM_DEV "/dev/urandom"
 
 /* prngd must be manually set up to produce output */
 /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
@


1.4
log
@update to 0.48.1
changes:
-a security fix which was already in pkgsrc (0.46nb1)
-bugfixes
-zlib compression for dbclient
-Set "low delay" TOS bit
-client keyboard-interactive mode support
-logging improvements
-Added aes-256 cipher and sha1-96 hmac
-allow connections to listening forwarded ports from remote machines
@
text
@d3 1
a3 1
--- options.h.orig	2006-03-12 05:52:51.000000000 +0100
d5 1
a5 1
@@@@ -127,8 +127,11 @@@@ etc) slower (perhaps by 50%). Recommende
d11 1
a11 1
-/* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
d18 1
a18 1
@@@@ -154,7 +157,7 @@@@ etc) slower (perhaps by 50%). Recommende
@


1.3
log
@add a "pam" pkg option and make it work with NetBSD's openpam if enabled
@
text
@d3 1
a3 1
--- options.h.orig	2005-07-08 21:20:58.000000000 +0200
d5 1
a5 1
@@@@ -122,8 +122,11 @@@@ etc) slower (perhaps by 50%). Recommende
d11 1
a11 1
-/*#define ENABLE_SVR_PAM_AUTH*/
d13 1
a13 1
+#define ENABLE_SVR_PAM_AUTH
d18 1
a18 1
@@@@ -148,7 +151,7 @@@@ etc) slower (perhaps by 50%). Recommende
@


1.2
log
@update to 0.45
changes:
- Makefile no longer appends 'static' to statically linked binaries
- Add optional SSH_ASKPASS support to the client
- Respect HOST_LOOKUP option
- Fix accidentally removed "return;" statement which was removed in 0.44
  (causing clients which sent an empty terminal-modes string to fail to
  connect - including pssh, ssh.com, danger hiptop). (patches
  independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
- Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
  will work with scp.
@
text
@d3 1
a3 1
--- options.h.orig	2005-03-07 05:27:02.000000000 +0100
d5 14
a18 1
@@@@ -143,7 +143,7 @@@@ etc) slower (perhaps by 50%). Recommende
@


1.1
log
@update to 0.44
changes:
-IPv6 support
-client added
-bugfixes
XXX dropbear wants to use /dev/random per default now which makes it
unusable on systems w/o entropy source. I've patched it back to
/dev/urandom. There might be security concerns.
@
text
@d3 1
a3 1
--- options.h.orig	2005-01-18 15:42:25.000000000 +0100
d5 1
a5 2
@@@@ -139,7 +139,7 @@@@ etc) slower (perhaps by 50%). Recommende
  * will prevent Dropbear from blocking on the device. This could
d7 2
a8 1
  * if the PRNG state becomes simpler. */
@