summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2018-03-23 02:32:57 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2018-03-23 02:32:57 +0000
commit8557dc459cd4deec3d40cfeb3880ff9e3fe448dd (patch)
tree6c2a2219866cfb7cca37b399035ee930232ac9af
parent46988725a588f90ee69c9c78459be62b1dcc2fca (diff)
downloadlh-bootstrap-8557dc459cd4deec3d40cfeb3880ff9e3fe448dd.tar.xz
Update dropbear
-rw-r--r--sub/dropbear/Makefile8
-rw-r--r--sub/dropbear/Makefile.sftp-server4
-rw-r--r--sub/dropbear/localoptions.h24
-rw-r--r--sub/dropbear/options.patch66
4 files changed, 30 insertions, 72 deletions
diff --git a/sub/dropbear/Makefile b/sub/dropbear/Makefile
index 9b094c9..ed3f2ba 100644
--- a/sub/dropbear/Makefile
+++ b/sub/dropbear/Makefile
@@ -18,16 +18,16 @@ $(OUTPUT)/build-host/.lh_dropbear_copied: $(OUTPUT)/build-host/.lh_dropbear_dled
exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host tar jxpvf $(OUTPUT)/sources/dropbear-$(DROPBEAR_VERSION).tar.bz2
exec setuidgid $(NORMALUSER) s6-touch $@
-$(OUTPUT)/build-host/.lh_dropbear_patched: $(OUTPUT)/build-host/.lh_dropbear_copied
- if test \! -r "$@"; then exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) redirfd -r 0 $(WD)/sub/dropbear/options.patch patch -p0; fi
+$(OUTPUT)/build-host/.lh_dropbear_patched: $(OUTPUT)/build-host/.lh_dropbear_copied sub/dropbear/localoptions.h
+ exec setuidgid $(NORMALUSER) cp -f sub/dropbear/localoptions.h $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION)/src/localoptions.h
exec setuidgid $(NORMALUSER) s6-touch $@
$(OUTPUT)/build-host/.lh_dropbear_configured: $(OUTPUT)/build-host/.lh_dropbear_patched $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
- exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(TRIPLE)-muslgcc export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib
+ exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export ARCH $(KERNEL_ARCH) export CC $(TRIPLE)-muslgcc export LDFLAGS '-s -static' ./configure --host=$(TRIPLE) --prefix=/opt/dropbear-$(DROPBEAR_VERSION) --disable-syslog --disable-lastlog --disable-utmp --disable-utmpx --disable-wtmp --disable-wtmpx --disable-pututline --disable-pututxline --without-pam --enable-bundled-libtom --disable-zlib --enable-static
exec setuidgid $(NORMALUSER) s6-touch $@
$(OUTPUT)/build-host/.lh_dropbear_built: $(OUTPUT)/build-host/.lh_dropbear_configured $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/build-build/.lh_skarnet_installed
- exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export PROGRAMS "dropbear dbclient dropbearkey dropbearconvert scp" $(MAKE) STATIC=1 ARCH=$(KERNEL_ARCH)
+ exec setuidgid $(NORMALUSER) cd $(OUTPUT)/build-host/dropbear-$(DROPBEAR_VERSION) export PROGRAMS "dropbear dbclient dropbearkey dropbearconvert scp" $(MAKE) ARCH=$(KERNEL_ARCH)
exec setuidgid $(NORMALUSER) s6-touch $@
$(OUTPUT)/build-host/.lh_dropbear_installed: $(OUTPUT)/build-host/.lh_dropbear_built $(OUTPUT)/build-host/$(OPENSSH_NAME)-$(OPENSSH_VERSION)/sftp-server $(OUTPUT)/build-host/bin/muslgcc | $(OUTPUT)/tmp/.lh_prepared $(OUTPUT)/build-build/.lh_skarnet_installed
diff --git a/sub/dropbear/Makefile.sftp-server b/sub/dropbear/Makefile.sftp-server
index 970ef20..9d44911 100644
--- a/sub/dropbear/Makefile.sftp-server
+++ b/sub/dropbear/Makefile.sftp-server
@@ -27,7 +27,7 @@ $(OUTPUT)/build-host/.lh_zlib_installed: $(OUTPUT)/build-host/.lh_zlib_built $(O
LIBRESSL_NAME := libressl
-LIBRESSL_VERSION := 2.5.5
+LIBRESSL_VERSION := 2.7.0
LIBRESSL_URLDIR := https://ftp.openbsd.org/pub/OpenBSD/LibreSSL
LIBRESSL_TAREXT := tar.gz
LIBRESSL_TARLETTER := z
@@ -63,7 +63,7 @@ $(OUTPUT)/build-host/.lh_$(LIBRESSL_NAME)_installed: $(OUTPUT)/build-host/.lh_$(
OPENSSH_NAME := openssh
-OPENSSH_VERSION := 7.5p1
+OPENSSH_VERSION := 7.6p1
OPENSSH_URLDIR := http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable
OPENSSH_TAREXT := tar.gz
OPENSSH_TARLETTER := z
diff --git a/sub/dropbear/localoptions.h b/sub/dropbear/localoptions.h
new file mode 100644
index 0000000..493cec3
--- /dev/null
+++ b/sub/dropbear/localoptions.h
@@ -0,0 +1,24 @@
+#ifndef LOCALOPTIONS_H
+
+#define NON_INETD_MODE 0
+#define INETD_MODE 1
+
+#define DROPBEAR_SMALL_CODE 0
+#define DROPBEAR_X11FWD 0
+#define DROPBEAR_BLOWFISH 0
+#define DROPBEAR_TWOFISH256 0
+#define DROPBEAR_TWOFISH128 0
+
+#define DROPBEAR_DELAY_HOSTKEY 0
+#define DROPBEAR_CURVE25519 1
+
+#define DROPBEAR_DH_GROUP1 0
+#define DROPBEAR_DH_GROUP16 1
+
+#define XAUTH_COMMAND "/bin/xauth -q"
+#define SFTPSERVER_PATH "/opt/dropbear/bin/sftp-server"
+#define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient"
+#define DEFAULT_PATH "/command:/bin"
+
+#endif
+
diff --git a/sub/dropbear/options.patch b/sub/dropbear/options.patch
deleted file mode 100644
index 6e653d1..0000000
--- a/sub/dropbear/options.patch
+++ /dev/null
@@ -1,66 +0,0 @@
---- options.h.old
-+++ options.h
-@@ -40,7 +40,7 @@
- *
- * Both of these flags can be defined at once, don't compile without at least
- * one of them. */
--#define NON_INETD_MODE
-+/* #define NON_INETD_MODE */
- #define INETD_MODE
-
- /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
-@@ -52,10 +52,10 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
--#define DROPBEAR_SMALL_CODE
-+/* #define DROPBEAR_SMALL_CODE */
-
- /* Enable X11 Forwarding - server only */
--#define ENABLE_X11FWD
-+/* #define ENABLE_X11FWD */
-
- /* Enable TCP Fowarding */
- /* 'Local' is "-L" style (client listening port forwarded via server)
-@@ -157,7 +157,7 @@
- with badly seeded /dev/urandom when systems first boot.
- This also requires a runtime flag "-R". This adds ~4kB to binary size (or hardly
- anything if dropbearkey is linked in a "dropbearmulti" binary) */
--#define DROPBEAR_DELAY_HOSTKEY
-+/* #define DROPBEAR_DELAY_HOSTKEY */
-
- /* Enable Curve25519 for key exchange. This is another elliptic
- * curve method with good security properties. Increases binary size
-@@ -244,7 +244,7 @@
- * specified in the SSH_ASKPASS environment variable, and dbclient
- * should be run with DISPLAY set and no tty. The program should
- * return the password on standard output */
--/*#define ENABLE_CLI_ASKPASS_HELPER*/
-+#define ENABLE_CLI_ASKPASS_HELPER
-
- /* Save a network roundtrip by sendng a real auth request immediately after
- * sending a query for the available methods. It is at the expense of < 100
-@@ -295,12 +295,12 @@
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
- * be enabled */
- #ifndef SFTPSERVER_PATH
--#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
-+#define SFTPSERVER_PATH "/opt/dropbear/bin/sftp-server"
- #endif
-
- /* This is used by the scp binary when used as a client binary. If you're
- * not using the Dropbear client, you'll need to change it */
--#define DROPBEAR_PATH_SSH_PROGRAM "/usr/bin/dbclient"
-+#define DROPBEAR_PATH_SSH_PROGRAM "/bin/dbclient"
-
- /* Whether to log commands executed by a client. This only logs the
- * (single) command sent to the server, not what a user did in a
-@@ -342,7 +342,7 @@
- #define DEFAULT_IDLE_TIMEOUT 0
-
- /* The default path. This will often get replaced by the shell */
--#define DEFAULT_PATH "/usr/bin:/bin"
-+#define DEFAULT_PATH "/command:/bin"
-
- /* Some other defines (that mostly should be left alone) are defined
- * in sysoptions.h */