commit:     5558e745954113ae526ec57ff9d1f8744ed94810
Author:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 18 19:38:25 2025 +0000
Commit:     Viorel Munteanu <ceamac <AT> gentoo <DOT> org>
CommitDate: Thu Dec 18 19:47:19 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5558e745

net-misc/dropbear: add 2025.89

Includes security updates for CVE-2025-14282 and CVE-2019-6111.

Bug: https://bugs.gentoo.org/967696
Bug: https://bugs.gentoo.org/675522
Signed-off-by: Viorel Munteanu <ceamac <AT> gentoo.org>

 net-misc/dropbear/Manifest                |   2 +
 net-misc/dropbear/dropbear-2025.89.ebuild | 214 ++++++++++++++++++++++++++++++
 2 files changed, 216 insertions(+)

diff --git a/net-misc/dropbear/Manifest b/net-misc/dropbear/Manifest
index b1c5e6eb2614..bb1fa5d79e2b 100644
--- a/net-misc/dropbear/Manifest
+++ b/net-misc/dropbear/Manifest
@@ -2,3 +2,5 @@ DIST dropbear-2025.87.tar.bz2 2368085 BLAKE2B 
14c47f8311502a821a1b67e4bcedcdc80c
 DIST dropbear-2025.87.tar.bz2.asc 833 BLAKE2B 
86f1ac7bd968eddad2d43bca21864db44c21e5875b7fec54fcc0ddce5bc748462d2639bc2394ca682b84527d49b3b0ef46cfbf07c244ded0b86812b1c6aa7894
 SHA512 
a5b1dcfb0bd5f5de12959f4b47e526cf3844ad8b7ef26fa0692fac6c2a77d36d5171d37fc405f7d4a2e4e70a6d8cc30366cac9046745a5126593c45b54998a7c
 DIST dropbear-2025.88.tar.bz2 2370480 BLAKE2B 
d64f51227a19c77218a32815f75538df96961008c9fd9effec133e457bed0aa3c0837ca1cfdd877101ff09014e5fdd3a1500135887799eaeb0f2207d74799585
 SHA512 
71194f4792287b9e56e07cfa9a3e97d23b7fda82c858e0219d0d54aee48e77892997330ad1af5654a738b970965a92a79468bbf5c8ba0358b046fd053dfc87ed
 DIST dropbear-2025.88.tar.bz2.asc 833 BLAKE2B 
2399086027e07d186e1199f2a4442d8eb8cbc14476acb004c6879e782c263d760ffb03623dd062e7f3fd381041c503cdc589d6ab4a47db652018a0db6b641d31
 SHA512 
ac7e5c94668bccdeeeb2bb85722107df7216dc605769ed82638227e7922c85bda9d2b76d219a87d49f276a1c9f18bccfbf7950a009410cb49b958b2f7d9eec04
+DIST dropbear-2025.89.tar.bz2 2374006 BLAKE2B 
8533083cccf11329b07dda123df4f875e9d11d59b5aead96fd725b58d513504ac13a8045c8e70498678535e1b38b9d93ec1c880f341b900da8a7adda153b047c
 SHA512 
5420b0c6de08c2e796abe9d0819ce322e244a0d9670678dc750aa07da8426a782b7f8685fa65c8fe053fc5ae0118cc5f31fe7b60d817e6c57000a189f2c97176
+DIST dropbear-2025.89.tar.bz2.asc 833 BLAKE2B 
b3300da3ebd4384050a523ab5f905b58e561267733c4a31651b9b6781ab041afa53054b5cae091f083bf82e6ca6514de8c687d931dea43dbf72cb510cf9afdf1
 SHA512 
98049964c10da20502b2623621f2f52b76e356d3d60d933d172232229e1627448a48b767e965c1ff59b3ca3159873e9e8902f6a9ba0a72720b71c0443962701d

diff --git a/net-misc/dropbear/dropbear-2025.89.ebuild 
b/net-misc/dropbear/dropbear-2025.89.ebuild
new file mode 100644
index 000000000000..04728c2b4a81
--- /dev/null
+++ b/net-misc/dropbear/dropbear-2025.89.ebuild
@@ -0,0 +1,214 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{11..13} )
+VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/dropbear.asc
+inherit autotools pam python-any-r1 savedconfig verify-sig
+
+DESCRIPTION="Small SSH 2 client/server designed for small memory environments"
+HOMEPAGE="https://matt.ucc.asn.au/dropbear/dropbear.html";
+SRC_URI="https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2
+       https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2";
+SRC_URI+=" verify-sig? (
+               https://matt.ucc.asn.au/dropbear/releases/${P}.tar.bz2.asc
+               https://matt.ucc.asn.au/dropbear/testing/${P}.tar.bz2.asc
+       )"
+
+LICENSE="MIT GPL-2" # (init script is GPL-2 #426056)
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~m68k ~mips ~ppc ~ppc64 ~s390 ~sparc 
~x86 ~amd64-linux ~x86-linux ~x64-macos"
+IUSE="bsdpty legacy-ciphers minimal multicall pam +shadow static +syslog test 
+test-async zlib"
+RESTRICT="!test? ( test )"
+
+LIB_DEPEND="
+       virtual/libcrypt:=[static-libs(+)]
+       zlib? ( virtual/zlib:=[static-libs(+)] )
+"
+RDEPEND="
+       acct-group/sshd
+       acct-user/sshd
+       !static? (
+               >=dev-libs/libtomcrypt-1.18.2-r2[libtommath]
+               >=dev-libs/libtommath-1.2.0
+               ${LIB_DEPEND//\[static-libs(+)]}
+       )
+       pam? ( sys-libs/pam )
+"
+DEPEND="
+       ${RDEPEND}
+       static? ( ${LIB_DEPEND} )
+"
+RDEPEND+=" pam? ( >=sys-auth/pambase-20080219.1 )"
+BDEPEND="
+       test? (
+               sys-libs/nss_wrapper
+               $(python_gen_any_dep '
+                       dev-python/attrs[${PYTHON_USEDEP}]
+                       dev-python/iniconfig[${PYTHON_USEDEP}]
+                       dev-python/packaging[${PYTHON_USEDEP}]
+                       dev-python/pluggy[${PYTHON_USEDEP}]
+                       dev-python/py[${PYTHON_USEDEP}]
+                       dev-python/pyparsing[${PYTHON_USEDEP}]
+                       dev-python/pytest[${PYTHON_USEDEP}]
+                       dev-python/psutil[${PYTHON_USEDEP}]
+               ')
+               test-async? (
+                       $(python_gen_any_dep '
+                               dev-python/asyncssh[${PYTHON_USEDEP}]
+                       ')
+               )
+       )
+       verify-sig? ( sec-keys/openpgp-keys-dropbear )
+"
+
+REQUIRED_USE="pam? ( !static )"
+
+PATCHES=(
+       "${FILESDIR}"/${PN}-2024.84-dbscp.patch
+       "${FILESDIR}"/${PN}-2024.86-tests.patch
+       "${FILESDIR}"/${PN}-2024.84-test-bg-sleep.patch
+)
+
+set_options() {
+       progs=(
+               dropbear dbclient dropbearkey
+               $(usev !minimal "dropbearconvert scp")
+       )
+       makeopts=(
+               MULTI=$(usex multicall 1 0)
+       )
+}
+
+python_check_deps() {
+       if use test-async; then
+                python_has_version "dev-python/asyncssh[${PYTHON_USEDEP}]"
+       fi
+
+       python_has_version "dev-python/attrs[${PYTHON_USEDEP}]" && \
+               python_has_version "dev-python/iniconfig[${PYTHON_USEDEP}]" && \
+               python_has_version "dev-python/packaging[${PYTHON_USEDEP}]" && \
+               python_has_version "dev-python/pluggy[${PYTHON_USEDEP}]" && \
+               python_has_version "dev-python/py[${PYTHON_USEDEP}]" && \
+               python_has_version "dev-python/pyparsing[${PYTHON_USEDEP}]" && \
+               python_has_version "dev-python/pytest[${PYTHON_USEDEP}]" && \
+               python_has_version "dev-python/psutil[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+       use test && python-any-r1_pkg_setup
+
+       if use static ; then
+               ewarn "Using bundled copies of libtommath and libtomcrypt"
+       fi
+}
+
+src_prepare() {
+       default
+
+       eautoreconf
+
+       # dropbear does not accept -E if built w/o syslog support and fails the 
tests
+       if use syslog; then
+               eapply "${FILESDIR}"/${PN}-2024.84-non-interactive-tests.patch
+       else
+               eapply 
"${FILESDIR}"/${PN}-2024.84-non-interactive-tests-no-syslog.patch
+       fi
+
+       sed \
+               -e '/SFTPSERVER_PATH/s:".*":"/usr/lib/misc/sftp-server":' \
+               -e '/DROPBEAR_X11FWD/s:0:1:' \
+               -e "/DROPBEAR_DSS/s:0: "$(usex legacy-ciphers 1 0)":" \
+               src/default_options.h > localoptions.h || die
+       sed \
+               -e '/pam_start/s:sshd:dropbear:' \
+               -i src/svr-authpam.c || die
+       restore_config localoptions.h
+
+       use test && python_fix_shebang test/parent_dropbear_map.py
+
+       # dropbearconvert is not built with USE minimal
+       # test_concurrent needs dropbearconvert to convert the key before 
running
+       if use minimal; then
+               rm test/test_dropbearconvert.py test/test_concurrent.py || die
+       elif ! use test-async; then
+               # remove this test on platforms where dev-python/asyncssh is 
not available
+               rm test/test_concurrent.py || die
+       fi
+
+       # bsdpty requires CONFIG_LEGACY_PTYS in kernel; disable tests.
+       # bug #939601
+       if use bsdpty; then
+               rm test/test_channels.py || die
+       fi
+}
+
+src_configure() {
+       # Notes:
+       # 1) We use bundled libtom* when static build is enabled because
+       #    libtomcrypt lacks it and we don't particularly want to add it.
+       # 2) We disable the hardening flags as our compiler already enables them
+       #    by default as is appropriate for the target.
+       local myeconfargs=(
+               --disable-harden
+
+               # bug #836900
+               $(use_enable !elibc_musl lastlog)
+               $(use_enable !elibc_musl wtmp)
+
+               $(use_enable static bundled-libtom)
+               $(use_enable zlib)
+               $(use_enable pam)
+               $(use_enable !bsdpty openpty)
+               $(use_enable shadow)
+               $(use_enable static)
+               $(use_enable syslog)
+       )
+
+       econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+       set_options
+       emake "${makeopts[@]}" PROGRAMS="${progs[*]}"
+
+       # need symlinks for tests
+       if use multicall && use test; then
+               local x
+               for x in "${progs[@]}" ; do
+                       ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti 
to ${x} failed"
+               done
+       fi
+}
+
+src_install() {
+       set_options
+       emake "${makeopts[@]}" PROGRAMS="${progs[*]}" DESTDIR="${D}" install
+       doman manpages/*.8
+       newinitd "${FILESDIR}"/dropbear.init.d-r1 dropbear
+       newconfd "${FILESDIR}"/dropbear.conf.d dropbear
+       dodoc CHANGES README.md SMALL.md MULTI.md
+
+       # The multi install target does not install the links right.
+       if use multicall ; then
+               pushd "${ED}"/usr/bin &> /dev/null || die
+               local x
+               for x in "${progs[@]}" ; do
+                       ln -sf dropbearmulti ${x} || die "ln -s dropbearmulti 
to ${x} failed"
+               done
+               rm -f dropbear
+               dodir /usr/sbin
+               dosym -r /usr/bin/dropbearmulti /usr/sbin/dropbear
+               popd &> /dev/null || die
+       fi
+       save_config localoptions.h
+
+       if ! use minimal ; then
+               mv "${ED}"/usr/bin/{,db}scp || die
+       fi
+
+       if use pam; then
+               pamd_mimic system-remote-login dropbear auth account password 
session
+       fi
+}

Reply via email to