svn commit: r553062 - in branches/2020Q4/security/dropbear: . files

Fri Oct 23 00:19:22 UTC 2020

Author: pkubaj
Date: Fri Oct 23 00:19:21 2020
New Revision: 553062
URL: https://svnweb.freebsd.org/changeset/ports/553062

Log:
  MFH: r553061
  
  security/dropbear: change in rc DSS to ed25519
  
  dropbear no longer supports DSS keys, use ed25519 instead. rc file needs to be updated.
  currently starting dropbear fails with error:
  % service dropbear start
  ...
  Unknown key type 'dss'
  ...
  
  Submitted by:	waitman at waitman.net
  PR:		250192
  
  Approved by:	portmgr (runtime fix)

Modified:
  branches/2020Q4/security/dropbear/Makefile
  branches/2020Q4/security/dropbear/files/dropbear.in
Directory Properties:
  branches/2020Q4/   (props changed)

Modified: branches/2020Q4/security/dropbear/Makefile
==============================================================================

--- branches/2020Q4/security/dropbear/Makefile	Fri Oct 23 00:18:21 2020	(r553061)
+++ branches/2020Q4/security/dropbear/Makefile	Fri Oct 23 00:19:21 2020	(r553062)
@@ -3,7 +3,7 @@
 
 PORTNAME=	dropbear
 PORTVERSION=	2020.80
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	https://matt.ucc.asn.au/dropbear/releases/
 
@@ -27,7 +27,7 @@ OPTIONS_DEFAULT=	AES128 AES256 CURVE25519 ED25519 GCM 
 OPTIONS_MULTI=		ENC KEY KEX MAC MODE
 OPTIONS_MULTI_ENC=	3DES AES128 AES256 CHACHA20POLY1305 TWOFISH128 \
 			TWOFISH256
-OPTIONS_MULTI_KEY=	ECDSA ED25519 DSA RSA
+OPTIONS_MULTI_KEY=	ECDSA ED25519 RSA
 OPTIONS_MULTI_KEX=	CURVE25519 ECDH GROUP1 GROUP14_SHA1 GROUP14_SHA256 \
 			GROUP16
 OPTIONS_MULTI_MAC=	MD5 SHA1 SHA1_96 SHA2_256 SHA2_512
@@ -40,7 +40,6 @@ CBC_DESC=		Use CBC mode for ciphers (less secure)
 CHACHA20POLY1305_DESC=	Enable chacha20poly1305-based encryption
 CTR_DESC=		Use CTR mode for ciphers
 CURVE25519_DESC=	Enable Curve25519
-DSA_DESC=		Enable DSA public key support
 ECDH_DESC=		Enable ECDH (insecure)
 ECDSA_DESC=		Enable ECDSA public key support
 ED25519_DESC=		Enable ED25519 public key support
@@ -116,9 +115,6 @@ post-patch-GROUP14_SHA256-off:
 
 post-patch-GROUP16-on:
 	@${ECHO} "#define DROPBEAR_DH_GROUP16 1" >> ${WRKSRC}/localoptions.h
-
-post-patch-DSA-off:
-	@${ECHO} "#define DROPBEAR_DSS 0" >> ${WRKSRC}/localoptions.h
 
 post-patch-RSA-off:
 	@${ECHO} "#define DROPBEAR_RSA 0" >> ${WRKSRC}/localoptions.h

Modified: branches/2020Q4/security/dropbear/files/dropbear.in
==============================================================================
--- branches/2020Q4/security/dropbear/files/dropbear.in	Fri Oct 23 00:18:21 2020	(r553061)
+++ branches/2020Q4/security/dropbear/files/dropbear.in	Fri Oct 23 00:19:21 2020	(r553062)
@@ -35,12 +35,12 @@ dropbear_keygen()
 		%%PREFIX%%/bin/dropbearkey -t rsa -f ${etcdir}/dropbear_rsa_host_key
 	fi
 
-	if [ -f ${etcdir}/dropbear_dss_host_key ]; then
-		echo "You already have an DSS host key" \
-		    "in ${etcdir}/dropbear_dss_host_key"
-		echo "Skipping protocol version 2 DSS Key Generation"
+	if [ -f ${etcdir}/dropbear_ed25519_host_key ]; then
+		echo "You already have an ed25519 host key" \
+		    "in ${etcdir}/dropbear_ed25519_host_key"
+		echo "Skipping protocol version 2 ed25519 Key Generation"
 	else
-		%%PREFIX%%/bin/dropbearkey -t dss -f ${etcdir}/dropbear_dss_host_key
+		%%PREFIX%%/bin/dropbearkey -t ed25519 -f ${etcdir}/dropbear_ed25519_host_key
 	fi
 	)
 }
@@ -48,7 +48,7 @@ dropbear_keygen()
 dropbear_precmd()
 {
 	if [ ! -f ${etcdir}/dropbear_rsa_host_key -o \
-		! -f ${etcdir}/dropbear_dss_host_key ]; then
+		! -f ${etcdir}/dropbear_ed25519_host_key ]; then
 		run_rc_command keygen
 	fi
 }
