Hello community,
here is the log from the commit of package dropbear for openSUSE:Factory checked in at 2015-02-06 10:23:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dropbear (Old)
and /work/SRC/openSUSE:Factory/.dropbear.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dropbear"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dropbear/dropbear.changes 2014-12-16 14:47:33.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.dropbear.new/dropbear.changes 2015-02-06 10:23:30.000000000 +0100
@@ -1,0 +2,26 @@
+Thu Feb 5 16:26:06 UTC 2015 - thardeck@suse.com
+
+- fixed checksum URL
+
+-------------------------------------------------------------------
+Wed Jan 28 21:40:28 UTC 2015 - thardeck@suse.com
+
+- updated to upstream version 2015.67
+ * Call fsync() after generating private keys to ensure they aren't lost if a
+ reboot occurs. Thanks to Peter Korsgaard
+ * Disable non-delayed zlib compression by default on the server. Can be
+ enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
+ * Default client key path ~/.ssh/id_dropbear
+ * Prefer stronger algorithms by default, from Fedor Brunner.
+ AES256 over 3DES
+ Diffie-hellman group14 over group1
+ * Add option to disable CBC ciphers.
+ * Disable twofish in default options.h
+ * Enable sha2 HMAC algorithms by default, the code was already required
+ for ECC key exchange. sha1 is the first preference still for performance.
+ * Fix installing dropbear.8 in a separate build directory, from Like Ma
+ * Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
+ * Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
+ * Minor bug fixes, a few issues found by Coverity scan
+
+-------------------------------------------------------------------
Old:
----
dropbear-2014.66.tar.bz2
dropbear-2014.66.tar.bz2.asc
New:
----
dropbear-2015.67.tar.bz2
dropbear-2015.67.tar.bz2.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dropbear.spec ++++++
--- /var/tmp/diff_new_pack.6uiw4j/_old 2015-02-06 10:23:31.000000000 +0100
+++ /var/tmp/diff_new_pack.6uiw4j/_new 2015-02-06 10:23:31.000000000 +0100
@@ -1,7 +1,7 @@
#
# spec file for package dropbear
#
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,14 +21,14 @@
%endif
Name: dropbear
-Version: 2014.66
+Version: 2015.67
Release: 0
Summary: A relatively small SSH 2 server and client
License: MIT
Group: Productivity/Networking/SSH
Url: http://matt.ucc.asn.au/dropbear/dropbear.html
Source0: http://matt.ucc.asn.au/dropbear/releases/%{name}-%{version}.tar.bz2
-Source1: https://matt.ucc.asn.au/dropbear/SHA1SUM.asc#/%{name}-%{version}.tar.bz2.asc
+Source1: https://matt.ucc.asn.au/dropbear/SHA256SUM.asc#/%{name}-%{version}.tar.bz2.asc
Source2: dropbear.keyring
Source3: dropbear.service
Source4: dropbear-keygen.service
++++++ dropbear-2014.66.tar.bz2 -> dropbear-2015.67.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/.hg_archival.txt new/dropbear-2015.67/.hg_archival.txt
--- old/dropbear-2014.66/.hg_archival.txt 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/.hg_archival.txt 2015-01-28 15:57:36.000000000 +0100
@@ -1,5 +1,5 @@
repo: d7da3b1e15401eb234ec866d5eac992fc4cd5878
-node: 735511a4c761141416ad0e6728989d2dafa55bc2
+node: 48a0ba346de446e413433f93b731187fb4772508
branch: default
-latesttag: DROPBEAR_2014.65
-latesttagdistance: 12
+latesttag: DROPBEAR_2015.67
+latesttagdistance: 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/.hgsigs new/dropbear-2015.67/.hgsigs
--- old/dropbear-2014.66/.hgsigs 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/.hgsigs 2015-01-28 15:57:36.000000000 +0100
@@ -12,3 +12,4 @@
277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn
96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m
caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq
+2d421bc0545d1be6d59a4ebfe61606d94b124b0c 0 iEYEABECAAYFAlRJDCQACgkQjPn4sExkf7xUYACcCwVJkYWXJn5x/D5A+qMupy778lEAn0rg1oNiq96YU/4jOPsS5IMItihu
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/.hgtags new/dropbear-2015.67/.hgtags
--- old/dropbear-2014.66/.hgtags 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/.hgtags 2015-01-28 15:57:36.000000000 +0100
@@ -45,3 +45,5 @@
2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63
0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64
e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65
+735511a4c761141416ad0e6728989d2dafa55bc2 DROPBEAR_2014.66
+cbd674d63cd4f3781464a8d4056a5506c8ae926f DROPBEAR_2015.67
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/CHANGES new/dropbear-2015.67/CHANGES
--- old/dropbear-2014.66/CHANGES 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/CHANGES 2015-01-28 15:57:36.000000000 +0100
@@ -1,3 +1,32 @@
+2015.67 - Wednesday 28 January 2015
+
+- Call fsync() after generating private keys to ensure they aren't lost if a
+ reboot occurs. Thanks to Peter Korsgaard
+
+- Disable non-delayed zlib compression by default on the server. Can be
+ enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
+
+- Default client key path ~/.ssh/id_dropbear
+
+- Prefer stronger algorithms by default, from Fedor Brunner.
+ AES256 over 3DES
+ Diffie-hellman group14 over group1
+
+- Add option to disable CBC ciphers.
+
+- Disable twofish in default options.h
+
+- Enable sha2 HMAC algorithms by default, the code was already required
+ for ECC key exchange. sha1 is the first preference still for performance.
+
+- Fix installing dropbear.8 in a separate build directory, from Like Ma
+
+- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
+
+- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
+
+- Minor bug fixes, a few issues found by Coverity scan
+
2014.66 - Thursday 23 October 2014
- Use the same keepalive handling behaviour as OpenSSH. This will work better
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/Makefile.in new/dropbear-2015.67/Makefile.in
--- old/dropbear-2014.66/Makefile.in 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/Makefile.in 2015-01-28 15:57:36.000000000 +0100
@@ -131,7 +131,7 @@
-rm -f $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
-ln -s $(bindir)/dropbearmulti$(EXEEXT) $(DESTDIR)$(sbindir)/dropbear$(EXEEXT)
$(INSTALL) -d $(DESTDIR)$(mandir)/man8
- $(INSTALL) -m 644 dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
+ $(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
insmulti%: dropbearmulti
$(INSTALL) -d $(DESTDIR)$(bindir)
@@ -145,7 +145,7 @@
$(INSTALL) -d $(DESTDIR)$(sbindir)
$(INSTALL) dropbear$(EXEEXT) $(DESTDIR)$(sbindir)
$(INSTALL) -d $(DESTDIR)$(mandir)/man8
- $(INSTALL) -m 644 dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
+ $(INSTALL) -m 644 $(srcdir)/dropbear.8 $(DESTDIR)$(mandir)/man8/dropbear.8
inst_%: %
$(INSTALL) -d $(DESTDIR)$(bindir)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/algo.h new/dropbear-2015.67/algo.h
--- old/dropbear-2014.66/algo.h 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/algo.h 2015-01-28 15:57:36.000000000 +0100
@@ -51,6 +51,7 @@
extern algo_type sshciphers[];
extern algo_type sshhashes[];
extern algo_type ssh_compress[];
+extern algo_type ssh_delaycompress[];
extern algo_type ssh_nocompress[];
extern const struct dropbear_cipher dropbear_nocipher;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/cli-agentfwd.c new/dropbear-2015.67/cli-agentfwd.c
--- old/dropbear-2014.66/cli-agentfwd.c 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/cli-agentfwd.c 2015-01-28 15:57:36.000000000 +0100
@@ -210,13 +210,14 @@
ret = buf_get_pub_key(key_buf, pubkey, &key_type);
buf_free(key_buf);
if (ret != DROPBEAR_SUCCESS) {
- /* This is slack, properly would cleanup vars etc */
- dropbear_exit("Bad pubkey received from agent");
- }
- pubkey->type = key_type;
- pubkey->source = SIGNKEY_SOURCE_AGENT;
+ TRACE(("Skipping bad/unknown type pubkey from agent"));
+ sign_key_free(pubkey);
+ } else {
+ pubkey->type = key_type;
+ pubkey->source = SIGNKEY_SOURCE_AGENT;
- list_append(ret_list, pubkey);
+ list_append(ret_list, pubkey);
+ }
/* We'll ignore the comment for now. might want it later.*/
buf_eatstring(inbuf);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/cli-runopts.c new/dropbear-2015.67/cli-runopts.c
--- old/dropbear-2014.66/cli-runopts.c 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/cli-runopts.c 2015-01-28 15:57:36.000000000 +0100
@@ -38,7 +38,7 @@
static void parse_multihop_hostname(const char* orighostarg, const char* argv0);
static void fill_own_user();
#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename);
+static void loadidentityfile(const char* filename, int warnfail);
#endif
#ifdef ENABLE_CLI_ANYTCPFWD
static void addforward(const char* str, m_list *fwdlist);
@@ -65,7 +65,7 @@
"-y -y Don't perform any remote host key checking (caution)\n"
"-s Request a subsystem (use by external sftp)\n"
#ifdef ENABLE_CLI_PUBKEY_AUTH
- "-i <identityfile> (multiple allowed)\n"
+ "-i <identityfile> (multiple allowed, default %s)\n"
#endif
#ifdef ENABLE_CLI_AGENTFWD
"-A Enable agent auth forwarding\n"
@@ -95,6 +95,9 @@
"-v verbose (compiled with DEBUG_TRACE)\n"
#endif
,DROPBEAR_VERSION, cli_opts.progname,
+#ifdef ENABLE_CLI_PUBKEY_AUTH
+ DROPBEAR_DEFAULT_CLI_AUTHKEY,
+#endif
DEFAULT_RECV_WINDOW, DEFAULT_KEEPALIVE, DEFAULT_IDLE_TIMEOUT);
}
@@ -153,7 +156,7 @@
cli_opts.proxycmd = NULL;
#endif
#ifndef DISABLE_ZLIB
- opts.enable_compress = 1;
+ opts.compress_mode = DROPBEAR_COMPRESS_ON;
#endif
#ifdef ENABLE_USER_ALGO_LIST
opts.cipher_list = NULL;
@@ -174,7 +177,7 @@
#ifdef ENABLE_CLI_PUBKEY_AUTH
if (nextiskey) {
/* Load a hostkey since the previous argument was "-i" */
- loadidentityfile(argv[i]);
+ loadidentityfile(argv[i], 1);
nextiskey = 0;
continue;
}
@@ -231,7 +234,7 @@
case 'i': /* an identityfile */
/* Keep scp happy when it changes "-i file" to "-ifile" */
if (strlen(argv[i]) > 2) {
- loadidentityfile(&argv[i][2]);
+ loadidentityfile(&argv[i][2], 1);
} else {
nextiskey = 1;
}
@@ -444,6 +447,14 @@
}
#endif
+#ifdef DROPBEAR_DEFAULT_CLI_AUTHKEY
+ {
+ char *expand_path = expand_tilde(DROPBEAR_DEFAULT_CLI_AUTHKEY);
+ loadidentityfile(expand_path, 0);
+ m_free(expand_path);
+ }
+#endif
+
/* The hostname gets set up last, since
* in multi-hop mode it will require knowledge
* of other flags such as -i */
@@ -455,14 +466,18 @@
}
#ifdef ENABLE_CLI_PUBKEY_AUTH
-static void loadidentityfile(const char* filename) {
+static void loadidentityfile(const char* filename, int warnfail) {
sign_key *key;
enum signkey_type keytype;
+ TRACE(("loadidentityfile %s", filename))
+
key = new_sign_key();
keytype = DROPBEAR_SIGNKEY_ANY;
if ( readhostkey(filename, key, &keytype) != DROPBEAR_SUCCESS ) {
- fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
+ if (warnfail) {
+ fprintf(stderr, "Failed loading keyfile '%s'\n", filename);
+ }
sign_key_free(key);
} else {
key->type = keytype;
@@ -594,7 +609,7 @@
passthrough_args, remainder);
#ifndef DISABLE_ZLIB
/* The stream will be incompressible since it's encrypted. */
- opts.enable_compress = 0;
+ opts.compress_mode = DROPBEAR_COMPRESS_OFF;
#endif
m_free(passthrough_args);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/common-algo.c new/dropbear-2015.67/common-algo.c
--- old/dropbear-2014.66/common-algo.c 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/common-algo.c 2015-01-28 15:57:36.000000000 +0100
@@ -84,10 +84,14 @@
/* A few void* s are required to silence warnings
* about the symmetric_CBC vs symmetric_CTR cipher_state pointer */
+#ifdef DROPBEAR_ENABLE_CBC_MODE
const struct dropbear_cipher_mode dropbear_mode_cbc =
{(void*)cbc_start, (void*)cbc_encrypt, (void*)cbc_decrypt};
+#endif // DROPBEAR_ENABLE_CBC_MODE
+
const struct dropbear_cipher_mode dropbear_mode_none =
{void_start, void_cipher, void_cipher};
+
#ifdef DROPBEAR_ENABLE_CTR_MODE
/* a wrapper to make ctr_start and cbc_start look the same */
static int dropbear_big_endian_ctr_start(int cipher,
@@ -98,7 +102,7 @@
}
const struct dropbear_cipher_mode dropbear_mode_ctr =
{(void*)dropbear_big_endian_ctr_start, (void*)ctr_encrypt, (void*)ctr_decrypt};
-#endif
+#endif // DROPBEAR_ENABLE_CTR_MODE
/* Mapping of ssh hashes to libtomcrypt hashes, including keysize etc.
{&hash_desc, keysize, hashsize} */
@@ -137,21 +141,15 @@
#ifdef DROPBEAR_AES128
{"aes128-ctr", 0, &dropbear_aes128, 1, &dropbear_mode_ctr},
#endif
-#ifdef DROPBEAR_3DES
- {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr},
-#endif
#ifdef DROPBEAR_AES256
{"aes256-ctr", 0, &dropbear_aes256, 1, &dropbear_mode_ctr},
#endif
#endif /* DROPBEAR_ENABLE_CTR_MODE */
-/* CBC modes are always enabled */
+#ifdef DROPBEAR_ENABLE_CBC_MODE
#ifdef DROPBEAR_AES128
{"aes128-cbc", 0, &dropbear_aes128, 1, &dropbear_mode_cbc},
#endif
-#ifdef DROPBEAR_3DES
- {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc},
-#endif
#ifdef DROPBEAR_AES256
{"aes256-cbc", 0, &dropbear_aes256, 1, &dropbear_mode_cbc},
#endif
@@ -162,9 +160,16 @@
#ifdef DROPBEAR_TWOFISH128
{"twofish128-cbc", 0, &dropbear_twofish128, 1, &dropbear_mode_cbc},
#endif
+#ifdef DROPBEAR_3DES
+ {"3des-ctr", 0, &dropbear_3des, 1, &dropbear_mode_ctr},
+#endif
+#ifdef DROPBEAR_3DES
+ {"3des-cbc", 0, &dropbear_3des, 1, &dropbear_mode_cbc},
+#endif
#ifdef DROPBEAR_BLOWFISH
{"blowfish-cbc", 0, &dropbear_blowfish, 1, &dropbear_mode_cbc},
#endif
+#endif /* DROPBEAR_ENABLE_CBC_MODE */
#ifdef DROPBEAR_NONE_CIPHER
{"none", 0, (void*)&dropbear_nocipher, 1, &dropbear_mode_none},
#endif
@@ -195,7 +200,13 @@
#ifndef DISABLE_ZLIB
algo_type ssh_compress[] = {
+ {"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
{"zlib", DROPBEAR_COMP_ZLIB, NULL, 1, NULL},
+ {"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
+ {NULL, 0, NULL, 0, NULL}
+};
+
+algo_type ssh_delaycompress[] = {
{"zlib@openssh.com", DROPBEAR_COMP_ZLIB_DELAY, NULL, 1, NULL},
{"none", DROPBEAR_COMP_NONE, NULL, 1, NULL},
{NULL, 0, NULL, 0, NULL}
@@ -265,8 +276,8 @@
{"ecdh-sha2-nistp256", 0, &kex_ecdh_nistp256, 1, NULL},
#endif
#endif
- {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
{"diffie-hellman-group14-sha1", 0, &kex_dh_group14, 1, NULL},
+ {"diffie-hellman-group1-sha1", 0, &kex_dh_group1, 1, NULL},
#ifdef USE_KEXGUESS2
{KEXGUESS2_ALGO_NAME, KEXGUESS2_ALGO_ID, NULL, 1, NULL},
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/common-kex.c new/dropbear-2015.67/common-kex.c
--- old/dropbear-2014.66/common-kex.c 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/common-kex.c 2015-01-28 15:57:36.000000000 +0100
@@ -238,14 +238,24 @@
void kexfirstinitialise() {
ses.kexstate.donefirstkex = 0;
-#ifndef DISABLE_ZLIB
- if (opts.enable_compress) {
- ses.compress_algos = ssh_compress;
- } else
-#endif
+#ifdef DISABLE_ZLIB
+ ses.compress_algos = ssh_nocompress;
+#else
+ switch (opts.compress_mode)
{
- ses.compress_algos = ssh_nocompress;
+ case DROPBEAR_COMPRESS_DELAYED:
+ ses.compress_algos = ssh_delaycompress;
+ break;
+
+ case DROPBEAR_COMPRESS_ON:
+ ses.compress_algos = ssh_compress;
+ break;
+
+ case DROPBEAR_COMPRESS_OFF:
+ ses.compress_algos = ssh_nocompress;
+ break;
}
+#endif
kexinitialise();
}
@@ -303,7 +313,7 @@
hash_desc->done(&hs2, tmpout);
memcpy(&out[offset], tmpout, MIN(outlen - offset, hash_desc->hashsize));
}
-
+ m_burn(&hs2, sizeof(hash_state));
}
/* Generate the actual encryption/integrity keys, using the results of the
@@ -403,6 +413,7 @@
m_burn(C2S_key, sizeof(C2S_key));
m_burn(S2C_IV, sizeof(S2C_IV));
m_burn(S2C_key, sizeof(S2C_key));
+ m_burn(&hs, sizeof(hash_state));
TRACE(("leave gen_new_keys"))
}
@@ -798,6 +809,7 @@
buf_burn(ses.kexhashbuf);
buf_free(ses.kexhashbuf);
+ m_burn(&hs, sizeof(hash_state));
ses.kexhashbuf = NULL;
/* first time around, we set the session_id to H */
@@ -805,7 +817,6 @@
/* create the session_id, this never needs freeing */
ses.session_id = buf_newcopy(ses.hash);
}
-
}
/* read the other side's algo list. buf_match_algo is a callback to match
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/configure new/dropbear-2015.67/configure
--- old/dropbear-2014.66/configure 2014-10-23 15:43:39.000000000 +0200
+++ new/dropbear-2015.67/configure 2015-01-28 15:57:37.000000000 +0100
@@ -6798,6 +6798,7 @@
# XXX there must be a nicer way to do this
+if test $BUNDLED_LIBTOM = 1 ; then
as_dir=libtomcrypt/src/ciphers/aes; as_fn_mkdir_p
as_dir=libtomcrypt/src/ciphers/safer; as_fn_mkdir_p
as_dir=libtomcrypt/src/ciphers/twofish; as_fn_mkdir_p
@@ -6848,9 +6849,11 @@
as_dir=libtomcrypt/src/pk/pkcs1; as_fn_mkdir_p
as_dir=libtomcrypt/src/pk/rsa; as_fn_mkdir_p
as_dir=libtomcrypt/src/prngs; as_fn_mkdir_p
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
ac_config_headers="$ac_config_headers config.h"
-ac_config_files="$ac_config_files Makefile libtomcrypt/Makefile libtommath/Makefile"
+ac_config_files="$ac_config_files Makefile $LIBTOM_FILES"
cat >confcache <<\_ACEOF
# This file is a shell script that caches the results of configure
@@ -7543,8 +7546,7 @@
case $ac_config_target in
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
- "libtomcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES libtomcrypt/Makefile" ;;
- "libtommath/Makefile") CONFIG_FILES="$CONFIG_FILES libtommath/Makefile" ;;
+ "$LIBTOM_FILES") CONFIG_FILES="$CONFIG_FILES $LIBTOM_FILES" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
esac
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/configure.ac new/dropbear-2015.67/configure.ac
--- old/dropbear-2014.66/configure.ac 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/configure.ac 2015-01-28 15:57:36.000000000 +0100
@@ -660,6 +660,7 @@
AC_EXEEXT
# XXX there must be a nicer way to do this
+if test $BUNDLED_LIBTOM = 1 ; then
AS_MKDIR_P(libtomcrypt/src/ciphers/aes)
AS_MKDIR_P(libtomcrypt/src/ciphers/safer)
AS_MKDIR_P(libtomcrypt/src/ciphers/twofish)
@@ -710,8 +711,10 @@
AS_MKDIR_P(libtomcrypt/src/pk/pkcs1)
AS_MKDIR_P(libtomcrypt/src/pk/rsa)
AS_MKDIR_P(libtomcrypt/src/prngs)
+LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
+fi
AC_CONFIG_HEADER(config.h)
-AC_CONFIG_FILES(Makefile libtomcrypt/Makefile libtommath/Makefile)
+AC_CONFIG_FILES(Makefile $LIBTOM_FILES)
AC_OUTPUT
AC_MSG_NOTICE()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/dbclient.1 new/dropbear-2015.67/dbclient.1
--- old/dropbear-2014.66/dbclient.1 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/dbclient.1 2015-01-28 15:57:36.000000000 +0100
@@ -33,7 +33,7 @@
Read the identity key from file
.I idfile
(multiple allowed). This file is created with dropbearkey(1) or converted
-from OpenSSH with dropbearconvert(1).
+from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used
.TP
.B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR
Local port forwarding.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/dbutil.c new/dropbear-2015.67/dbutil.c
--- old/dropbear-2014.66/dbutil.c 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/dbutil.c 2015-01-28 15:57:36.000000000 +0100
@@ -936,6 +936,23 @@
}
}
+/* Returns malloced path. Only expands ~ in first character */
+char * expand_tilde(const char *inpath) {
+ struct passwd *pw = NULL;
+ if (inpath[0] == '~') {
+ pw = getpwuid(getuid());
+ if (pw && pw->pw_dir) {
+ int len = strlen(inpath) + strlen(pw->pw_dir) + 1;
+ char *buf = m_malloc(len);
+ snprintf(buf, len, "%s/%s", pw->pw_dir, &inpath[1]);
+ return buf;
+ }
+ }
+
+ /* Fallback */
+ return m_strdup(inpath);
+}
+
int constant_time_memcmp(const void* a, const void *b, size_t n)
{
const char *xa = a, *xb = b;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/dbutil.h new/dropbear-2015.67/dbutil.h
--- old/dropbear-2014.66/dbutil.h 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/dbutil.h 2015-01-28 15:57:36.000000000 +0100
@@ -91,7 +91,7 @@
void * m_malloc(size_t size);
void * m_strdup(const char * str);
void * m_realloc(void* ptr, size_t size);
-#define m_free(X) free(X); (X) = NULL;
+#define m_free(X) do {free(X); (X) = NULL;} while (0);
void m_burn(void* data, unsigned int len);
void setnonblocking(int fd);
void disallow_core();
@@ -110,5 +110,6 @@
a real-world clock */
time_t monotonic_now();
+char * expand_tilde(const char *inpath);
#endif /* _DBUTIL_H_ */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.66/debian/changelog new/dropbear-2015.67/debian/changelog
--- old/dropbear-2014.66/debian/changelog 2014-10-23 15:43:38.000000000 +0200
+++ new/dropbear-2015.67/debian/changelog 2015-01-28 15:57:36.000000000 +0100
@@ -1,3 +1,9 @@
+dropbear (2015.67-0.1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Matt Johnston