An update is available for dropbear which fixes multiple issues.
Changelog can be found at https://matt.ucc.asn.au/dropbear/CHANGES
While here add dropbear.rc, which generates a key upon first connection
(-R), and attaches to 127.0.0.1:8022.
Comments/OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/security/dropbear/Makefile,v
retrieving revision 1.4
diff -u -p -r1.4 Makefile
--- Makefile 4 Dec 2017 17:56:27 -0000 1.4
+++ Makefile 6 Mar 2018 07:02:38 -0000
@@ -2,7 +2,7 @@
COMMENT= small SSH server and client
-DISTNAME= dropbear-2017.75
+DISTNAME= dropbear-2018.76
EXTRACT_SUFX= .tar.bz2
CATEGORIES= security net
@@ -21,7 +21,10 @@ USE_GMAKE= Yes
CONFIGURE_STYLE= gnu
#NO_TEST= Yes
+post-extract:
+ cp ${WRKDIST}/default_options.h ${WRKDIST}/localoptions.h
+
post-configure:
- ${SUBST_CMD} ${WRKSRC}/options.h
+ ${SUBST_CMD} ${WRKSRC}/localoptions.h
.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/security/dropbear/distinfo,v
retrieving revision 1.3
diff -u -p -r1.3 distinfo
--- distinfo 23 May 2017 13:44:13 -0000 1.3
+++ distinfo 6 Mar 2018 07:02:38 -0000
@@ -1,2 +1,2 @@
-SHA256 (dropbear-2017.75.tar.bz2) =
bLwdyxyXCdIm3/Zp5WBBcqGM9dv5ogFHTVYYrkRlCYw=
-SIZE (dropbear-2017.75.tar.bz2) = 1623392
+SHA256 (dropbear-2018.76.tar.bz2) =
8vuRZ+yoz5NFal/B1Pr3CZAqOrcN1E41LzrLw//a6mU=
+SIZE (dropbear-2018.76.tar.bz2) = 2688697
Index: patches/patch-localoptions_h
===================================================================
RCS file: patches/patch-localoptions_h
diff -N patches/patch-localoptions_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-localoptions_h 6 Mar 2018 07:02:38 -0000
@@ -0,0 +1,53 @@
+$OpenBSD$
+
+Index: localoptions.h
+--- localoptions.h.orig
++++ localoptions.h
+@@ -19,9 +19,9 @@ IMPORTANT: Some options will require "make clean" afte
+ #define DROPBEAR_DEFADDRESS ""
+
+ /* Default hostkey paths - these can be specified on the command line */
+-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
+-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
+-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
++#define DSS_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_dss_host_key"
++#define RSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_rsa_host_key"
++#define ECDSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_ecdsa_host_key"
+
+ /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
+ * on chosen ports and keeps accepting connections. This is the default.
+@@ -44,7 +44,7 @@ IMPORTANT: Some options will require "make clean" afte
+ * several kB in binary size however will make the symmetrical ciphers and
hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
+-#define DROPBEAR_SMALL_CODE 1
++#define DROPBEAR_SMALL_CODE 0
+
+ /* Enable X11 Forwarding - server only */
+ #define DROPBEAR_X11FWD 1
+@@ -243,7 +243,7 @@ Homedir is prepended unless path begins with / */
+
+ /* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+-#define XAUTH_COMMAND "/usr/bin/xauth -q"
++#define XAUTH_COMMAND "${X11BASE}/bin/xauth -q"
+
+
+ /* if you want to enable running an sftp server (such as the one included with
+@@ -254,7 +254,7 @@ Homedir is prepended unless path begins with / */
+
+ /* This is used by the scp binary when used as a client binary. If you're
+ * not using the Dropbear client, you'll need to change it */
+-#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
++#define DROPBEAR_PATH_SSH_PROGRAM "${TRUEPREFIX}//bin/dbclient"
+
+ /* Whether to log commands executed by a client. This only logs the
+ * (single) command sent to the server, not what a user did in a
+@@ -290,6 +290,6 @@ be overridden at runtime with -I. 0 disables idle time
+ #define DEFAULT_IDLE_TIMEOUT 0
+
+ /* The default path. This will often get replaced by the shell */
+-#define DEFAULT_PATH "/usr/bin:/bin"
++#define DEFAULT_PATH
"/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin"
+
+ #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
Index: patches/patch-options_h
===================================================================
RCS file: patches/patch-options_h
diff -N patches/patch-options_h
--- patches/patch-options_h 6 Apr 2016 22:03:15 -0000 1.1.1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,56 +0,0 @@
-$OpenBSD: patch-options_h,v 1.1.1.1 2016/04/06 22:03:15 sthen Exp $
---- options.h.orig Fri Mar 18 14:44:43 2016
-+++ options.h Wed Apr 6 21:47:42 2016
-@@ -21,13 +21,13 @@
-
- /* Default hostkey paths - these can be specified on the command line */
- #ifndef DSS_PRIV_FILENAME
--#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
-+#define DSS_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_dss_host_key"
- #endif
- #ifndef RSA_PRIV_FILENAME
--#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
-+#define RSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_rsa_host_key"
- #endif
- #ifndef ECDSA_PRIV_FILENAME
--#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
-+#define ECDSA_PRIV_FILENAME "${SYSCONFDIR}/dropbear/dropbear_ecdsa_host_key"
- #endif
-
- /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
-@@ -52,7 +52,7 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
--#define DROPBEAR_SMALL_CODE
-+// #define DROPBEAR_SMALL_CODE
-
- /* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
-@@ -293,7 +293,7 @@ Homedir is prepended unless path begins with / */
- /* The command to invoke for xauth when using X11 forwarding.
- * "-q" for quiet */
- #ifndef XAUTH_COMMAND
--#define XAUTH_COMMAND "/usr/bin/xauth -q"
-+#define XAUTH_COMMAND "${X11BASE}/bin/xauth -q"
- #endif
-
- /* if you want to enable running an sftp server (such as the one included with
-@@ -305,7 +305,7 @@ Homedir is prepended unless path begins with / */
-
- /* This is used by the scp binary when used as a client binary. If you're
- * not using the Dropbear client, you'll need to change it */
--#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
-+#define DROPBEAR_PATH_SSH_PROGRAM "${TRUEPREFIX}/bin/dbclient"
-
- /* Whether to log commands executed by a client. This only logs the
- * (single) command sent to the server, not what a user did in a
-@@ -347,7 +347,7 @@ be overridden at runtime with -I. 0 disables idle time
- #define DEFAULT_IDLE_TIMEOUT 0
-
- /* The default path. This will often get replaced by the shell */
--#define DEFAULT_PATH "/usr/bin:/bin"
-+#define DEFAULT_PATH
"/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin"
-
- /* Some other defines (that mostly should be left alone) are defined
- * in sysoptions.h */
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/dropbear/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST 6 Apr 2016 22:03:15 -0000 1.1.1.1
+++ pkg/PLIST 6 Mar 2018 07:02:38 -0000
@@ -11,3 +11,4 @@
@man man/man8/dropbear.8
@bin sbin/dropbear
@sample ${SYSCONFDIR}/dropbear/
+@rcscript ${RCDIR}/dropbear
Index: pkg/dropbear.rc
===================================================================
RCS file: pkg/dropbear.rc
diff -N pkg/dropbear.rc
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/dropbear.rc 6 Mar 2018 07:02:38 -0000
@@ -0,0 +1,12 @@
+#!/bin/ksh
+#
+# $OpenBSD$
+
+daemon="${TRUEPREFIX}/sbin/dropbear"
+daemon_flags="-p 127.0.0.1:8022 -R"
+
+. /etc/rc.d/rc.subr
+
+rc_reload=NO
+
+rc_cmd $1
