An update is available for dropbear which fixes multiple issues. Changelog can be found at https://matt.ucc.asn.au/dropbear/CHANGES
While here add dropbear.rc, which generates a key upon first connection (-R), and attaches to 127.0.0.1:8022. Comments/OK? Index: Makefile =================================================================== RCS file: /cvs/ports/security/dropbear/Makefile,v retrieving revision 1.4 diff -u -p -r1.4 Makefile --- Makefile 4 Dec 2017 17:56:27 -0000 1.4 +++ Makefile 6 Mar 2018 07:02:38 -0000 @@ -2,7 +2,7 @@ COMMENT= small SSH server and client -DISTNAME= dropbear-2017.75 +DISTNAME= dropbear-2018.76 EXTRACT_SUFX= .tar.bz2 CATEGORIES= security net @@ -21,7 +21,10 @@ USE_GMAKE= Yes CONFIGURE_STYLE= gnu #NO_TEST= Yes +post-extract: + cp ${WRKDIST}/default_options.h ${WRKDIST}/localoptions.h + post-configure: - ${SUBST_CMD} ${WRKSRC}/options.h + ${SUBST_CMD} ${WRKSRC}/localoptions.h .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/security/dropbear/distinfo,v retrieving revision 1.3 diff -u -p -r1.3 distinfo --- distinfo 23 May 2017 13:44:13 -0000 1.3 +++ distinfo 6 Mar 2018 07:02:38 -0000 @@ -1,2 +1,2 @@ -SHA256 (dropbear-2017.75.tar.bz2) = bLwdyxyXCdIm3/Zp5WBBcqGM9dv5ogFHTVYYrkRlCYw= -SIZE (dropbear-2017.75.tar.bz2) = 1623392 +SHA256 (dropbear-2018.76.tar.bz2) = 8vuRZ+yoz5NFal/B1Pr3CZAqOrcN1E41LzrLw//a6mU= +SIZE (dropbear-2018.76.tar.bz2) = 2688697 Index: patches/patch-localoptions_h =================================================================== RCS file: patches/patch-localoptions_h diff -N patches/patch-localoptions_h --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-localoptions_h 6 Mar 2018 07:02:38 -0000 @@ -0,0 +1,53 @@ +$OpenBSD$ + +Index: localoptions.h +--- localoptions.h.orig ++++ localoptions.h +@@ -19,9 +19,9 @@ IMPORTANT: Some options will require "make clean" afte + #define DROPBEAR_DEFADDRESS "" + + /* Default hostkey paths - these can be specified on the command line */ +-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" +-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" +-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" ++#define DSS_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_dss_host_key" ++#define RSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_rsa_host_key" ++#define ECDSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_ecdsa_host_key" + + /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens + * on chosen ports and keeps accepting connections. This is the default. +@@ -44,7 +44,7 @@ IMPORTANT: Some options will require "make clean" afte + * several kB in binary size however will make the symmetrical ciphers and hashes + * slower, perhaps by 50%. Recommended for small systems that aren't doing + * much traffic. */ +-#define DROPBEAR_SMALL_CODE 1 ++#define DROPBEAR_SMALL_CODE 0 + + /* Enable X11 Forwarding - server only */ + #define DROPBEAR_X11FWD 1 +@@ -243,7 +243,7 @@ Homedir is prepended unless path begins with / */ + + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ +-#define XAUTH_COMMAND "/usr/bin/xauth -q" ++#define XAUTH_COMMAND "${X11BASE}/bin/xauth -q" + + + /* if you want to enable running an sftp server (such as the one included with +@@ -254,7 +254,7 @@ Homedir is prepended unless path begins with / */ + + /* This is used by the scp binary when used as a client binary. If you're + * not using the Dropbear client, you'll need to change it */ +-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" ++#define DROPBEAR_PATH_SSH_PROGRAM "${TRUEPREFIX}//bin/dbclient" + + /* Whether to log commands executed by a client. This only logs the + * (single) command sent to the server, not what a user did in a +@@ -290,6 +290,6 @@ be overridden at runtime with -I. 0 disables idle time + #define DEFAULT_IDLE_TIMEOUT 0 + + /* The default path. This will often get replaced by the shell */ +-#define DEFAULT_PATH "/usr/bin:/bin" ++#define DEFAULT_PATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin" + + #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */ Index: patches/patch-options_h =================================================================== RCS file: patches/patch-options_h diff -N patches/patch-options_h --- patches/patch-options_h 6 Apr 2016 22:03:15 -0000 1.1.1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,56 +0,0 @@ -$OpenBSD: patch-options_h,v 1.1.1.1 2016/04/06 22:03:15 sthen Exp $ ---- options.h.orig Fri Mar 18 14:44:43 2016 -+++ options.h Wed Apr 6 21:47:42 2016 -@@ -21,13 +21,13 @@ - - /* Default hostkey paths - these can be specified on the command line */ - #ifndef DSS_PRIV_FILENAME --#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" -+#define DSS_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_dss_host_key" - #endif - #ifndef RSA_PRIV_FILENAME --#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" -+#define RSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_rsa_host_key" - #endif - #ifndef ECDSA_PRIV_FILENAME --#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" -+#define ECDSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_ecdsa_host_key" - #endif - - /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens -@@ -52,7 +52,7 @@ - several kB in binary size however will make the symmetrical ciphers and hashes - slower, perhaps by 50%. Recommended for small systems that aren't doing - much traffic. */ --#define DROPBEAR_SMALL_CODE -+// #define DROPBEAR_SMALL_CODE - - /* Enable X11 Forwarding - server only */ - #define ENABLE_X11FWD -@@ -293,7 +293,7 @@ Homedir is prepended unless path begins with / */ - /* The command to invoke for xauth when using X11 forwarding. - * "-q" for quiet */ - #ifndef XAUTH_COMMAND --#define XAUTH_COMMAND "/usr/bin/xauth -q" -+#define XAUTH_COMMAND "${X11BASE}/bin/xauth -q" - #endif - - /* if you want to enable running an sftp server (such as the one included with -@@ -305,7 +305,7 @@ Homedir is prepended unless path begins with / */ - - /* This is used by the scp binary when used as a client binary. If you're - * not using the Dropbear client, you'll need to change it */ --#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient" -+#define DROPBEAR_PATH_SSH_PROGRAM "${TRUEPREFIX}/bin/dbclient" - - /* Whether to log commands executed by a client. This only logs the - * (single) command sent to the server, not what a user did in a -@@ -347,7 +347,7 @@ be overridden at runtime with -I. 0 disables idle time - #define DEFAULT_IDLE_TIMEOUT 0 - - /* The default path. This will often get replaced by the shell */ --#define DEFAULT_PATH "/usr/bin:/bin" -+#define DEFAULT_PATH "/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin" - - /* Some other defines (that mostly should be left alone) are defined - * in sysoptions.h */ Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/security/dropbear/pkg/PLIST,v retrieving revision 1.1.1.1 diff -u -p -r1.1.1.1 PLIST --- pkg/PLIST 6 Apr 2016 22:03:15 -0000 1.1.1.1 +++ pkg/PLIST 6 Mar 2018 07:02:38 -0000 @@ -11,3 +11,4 @@ @man man/man8/dropbear.8 @bin sbin/dropbear @sample ${SYSCONFDIR}/dropbear/ +@rcscript ${RCDIR}/dropbear Index: pkg/dropbear.rc =================================================================== RCS file: pkg/dropbear.rc diff -N pkg/dropbear.rc --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pkg/dropbear.rc 6 Mar 2018 07:02:38 -0000 @@ -0,0 +1,12 @@ +#!/bin/ksh +# +# $OpenBSD$ + +daemon="${TRUEPREFIX}/sbin/dropbear" +daemon_flags="-p 127.0.0.1:8022 -R" + +. /etc/rc.d/rc.subr + +rc_reload=NO + +rc_cmd $1