| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- drop patches applied upstream:
* 010-runtime-maxauthtries.patch
* 020-Wait-to-fail-invalid-usernames.patch
* 150-dbconvert_standalone.patch
* 610-skip-default-keys-in-custom-runs.patch
- refresh patches
- move OpenWrt configuration from patch to Build/Configure recipe,
thus drop patch 120-openwrt_options.patch
Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As MD5 is known weak for many years and more and more
penetration test tools complain about enabled MD5 HMAC
I think it's time to drop it.
By disabling the MD5 HMAC support dropbear will also
automatically use SHA1 for fingerprints.
This shouldn't be a problem too.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
|
|
|
|
|
|
|
| |
The only HMACs currently available use MD5 and SHA1, both of which have known
weaknesses. We already compile in the SHA256 code since we use Curve25519
by default, so there's no significant size penalty to enabling this.
Signed-off-by: Joseph C. Sible <josephcsible@users.noreply.github.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the dropbear package to version 2016.73, refresh patches.
The measured .ipk sizes on an x86_64 build are:
94588 dropbear_2015.71-3_x86_64.ipk
95316 dropbear_2016.73-1_x86_64.ipk
This is an increase of roughly 700 bytes after compression.
Tested-by: Kevin Darbyshire-Bryant <kevin@darbyshire-bryant.me.uk>
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
|
| |
Update dropbear to version 2015.71, released on 3 Dec 2015.
Refresh patches.
Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
SVN-Revision: 48243
|
|
|
|
|
|
|
|
|
| |
While technically required by the RFC, they are usually completely
unused (DSA), or have security issues (3DES, CBC)
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
SVN-Revision: 46814
|
|
|
|
|
|
|
|
|
|
| |
This enables passworldless login for root via SSH whenever no root
password is set (e.g. after reset, flashing without keeping config
or in failsafe) and removes telnet support alltogether.
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46809
|
|
|
|
|
|
| |
Signed-off-by: Steven Barth <steven@midlink.org>
SVN-Revision: 46769
|
|
|
|
|
|
|
|
|
|
|
| |
fixes dbclient login into OpenSSH 6.8p1
error: "Bad hostkey signature"
reported on irc, replicated with Arch Linux
Signed-off-by: Dirk Neukirchen <dirkneukirchen@web.de>
SVN-Revision: 45493
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream changelog:
https://matt.ucc.asn.au/dropbear/CHANGES
This adds elliptic curve cryptography (ECC) support as an option, disabled
by default.
dropbear mips 34kc uClibc binary size:
before: 161,672 bytes
after, without ECC (default): 164,968
after, with ECC: 198,008
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
SVN-Revision: 40297
|
|
|
|
|
|
|
|
|
|
|
| |
- drop mirror www.mirrors.wiretapped.net (not working anymore)
- drop patch 300-ipv6_addr_port_split.patch, included upstream
- refresh patches
- various upstream changes: http://matt.ucc.asn.au/dropbear/CHANGES
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
SVN-Revision: 38356
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upstream has a few code cleanups, more eagerly burns sensitive memory and
includes the fix for CVE-2012-0920. Full changelog:
https://matt.ucc.asn.au/dropbear/CHANGES
Local changes:
- Removed PKG_MULTI which is no longer in options.h (even before 2011.54)
- Merged DO_HOST_LOOKUP into 120-openwrt_options.patch
- Removed LD from make opts (now included in TARGET_CONFIGURE_OPTS)
- Removed 400-CVE-2012-0920.patch which is included in 2012.55
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
Signed-off-by: Florian Fainelli <florian@openwrt.org>
SVN-Revision: 34496
|
|
SVN-Revision: 33688
|