aboutsummaryrefslogtreecommitdiff
path: root/package/network/services/dropbear/patches/910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch
Commit message (Collapse)AuthorAge
* dropbear: add option to enable modern crypto onlyKonstantin Demin2024-02-09
| | | | | | | | | | reduces binary/package size and increases overall performance also: - adjust 910-signkey-fix-use-of-rsa-sha2-256-pubkeys.patch to build without DROPBEAR_RSA/DROPBEAR_RSA_SHA256 Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: cherry-pick upstream patchesKonstantin Demin2024-02-09
| | | | | | | | | | | | | | | | | | | | | | critical fixes: - libtommath: possible integer overflow (CVE-2023-36328) - implement Strict KEX mode (CVE-2023-48795) various fixes: - fix DROPBEAR_DSS and DROPBEAR_RSA config options - y2038 issues - remove SO_LINGER socket option - make banner reading failure non-fatal - fix "noremotetcp" behavior - don't try to shutdown a pty - fix test for multiuser kernels adds new features: - option to bind to interface - allow inetd with non-syslog - ignore unsupported command line options with dropbearkey Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: bump to 2022.82Konstantin Demin2022-04-09
| | | | | | | | | | | | | | | | | | | | | | - update dropbear to latest stable 2022.82; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES - use $(AUTORELEASE) in PKG_RELEASE - use https for all uris - refresh all patches - rewrite patches: - 100-pubkey_path.patch - 130-ssh_ignore_x_args.patch binary/pkg size changes: - ath79/generic, mips: - binary: 215112 -> 219228 (+4116) - pkg: 111914 -> 113404 (+1490) - ath79/tiny, mips: - binary: 172501 -> 172485 (-16) - pkg: 89871 -> 90904 (+1033) Tested-by: Stijn Segers <foss@volatilesystems.org> Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
* dropbear: update to 2.81Hans Dedecker2020-11-15
| | | | | | | | Update dropbear to latest stable 2.81; for the changes see https://matt.ucc.asn.au/dropbear/CHANGES Refresh patches Signed-off-by: Hans Dedecker <dedeckeh@gmail.com>
* dropbear: make rsa-sha2-256 pubkeys usable againPetr Štetiar2020-07-07
Upstream in commit 972d723484d8 ("split signkey_type and signature_type for RSA sha1 vs sha256") has added strict checking of pubkey algorithms which made keys with SHA-256 hashing algorithm unusable as they still reuse the `ssh-rsa` public key format. So fix this by disabling the check for `rsa-sha2-256` pubkeys. Ref: https://tools.ietf.org/html/rfc8332#section-3 Fixes: d4c80f5b172e ("dropbear: bump to 2020.80") Tested-by: Russell Senior <russell@personaltelco.net> Signed-off-by: Petr Štetiar <ynezz@true.cz>
Powered by cgit, Themed by Ted Yin.