diff options
author | Alexander Dahl <ada@thorsis.com> | 2020-11-16 09:05:51 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2020-11-16 12:44:56 +0100 |
commit | 80326bc43e71d1b012b33287d64aa4768a28e00d (patch) | |
tree | b72dc10cd310d60e1b235340c1ba0c7678bb12a0 /rules/dropbear.in | |
parent | 55129e58359e94cecae7c158d63cbf9d0a44ea6f (diff) | |
download | ptxdist-80326bc43e71d1b012b33287d64aa4768a28e00d.tar.gz ptxdist-80326bc43e71d1b012b33287d64aa4768a28e00d.tar.xz |
dropbear: version bump 2019.78 -> 2020.79
Noteworthy changes (not all options accessible through ptxdist menu):
- added support for ed25519 hostkeys and authorized_keys
- added support for chacha20-poly1305 authenticated cipher
- added support for and rsa-sha2 signatures
- disabled some options by default (kconfig defaults adapted accordingly)
- blowfish has been removed
- fix idle detection clashing with keepalives
- scp fix for CVE-2018-20685 where a server could modify name of output
files
- Call fsync() is called on parent directory when writing key files to
ensure they are flushed
One especially important change:
> Use getrandom() call on Linux to ensure sufficient entropy has been
> gathered at startup. Dropbear now avoids reading from the random
> source at startup, instead waiting until the first connection. It is
> possible that some platforms were running without enough entropy
> previously, those could potentially block at first boot generating
> host keys. The dropbear "-R" option is one way to avoid that.
On older toolchains/kernel headers/kernels without getrandom() support,
dropbear should behave like before.
The curve25519 implementation was replaced with the one by TweetNaCl,
which induced a change in 'LICENSE' summary. The old implementation was
licensed BSD-3-Clause and the new is public domain.
The bundled libtommath changed its license from dual license (public
domain || WTFPL) to 'Unlicense' which is also a public domain license,
but with a differently worded license text and an actual SPDX
identifier.
The patch stack was dropped, the one patch was integrated upstream.
Signed-off-by: Alexander Dahl <ada@thorsis.com>
Message-Id: <20201116080552.25031-5-ada@thorsis.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'rules/dropbear.in')
-rw-r--r-- | rules/dropbear.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index 7f777ae64..c0da7e222 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -116,6 +116,7 @@ comment "features" config DROPBEAR_DIS_X11 bool prompt "disable X11 Forwarding" + default y help X11 forwarding means passing X11 (graphical interface) information over the SSH connection. @@ -149,7 +150,6 @@ config DROPBEAR_AES128 config DROPBEAR_3DES bool prompt "3DES" - default y help DES is an IBM algorithm designed during the 1970s. In 1976, NIST has officially adopted it as an encryption |