dropbear: version bump 2014.65 -> 2015.67

The new version contain options to enable/disable cipher modes.
Default security level increased by disabling CBC mode and enabling CTR mode.

Tenable Network Security - Nessus:
http://www.tenable.com/plugins/index.php?view=single&id=70658

Signed-off-by: Bruno Thomsen <bth@kamstrup.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

1 files changed, 15 insertions, 0 deletions

diff --git a/rules/dropbear.in b/rules/dropbear.in
index fe2ada369..1c1d813fc 100644
--- a/rules/dropbear.in
+++ b/rules/dropbear.in
@@ -203,6 +203,21 @@ config DROPBEAR_TWOFISH256
 	  bijective f function made by four key-dependent
 	  8x8-bit S-boxes.
 
+config DROPBEAR_CBC_CIPHERS
+	bool
+	prompt "CBC mode ciphers"
+	help
+	  Enable CBC mode for ciphers. This has security issues though
+	  is the most compatible with older SSH implementations.
+
+config DROPBEAR_CTR_CIPHERS
+	bool
+	prompt "Counter mode ciphers"
+	default y
+	help
+	  Enable "Counter Mode" for ciphers. This is more secure than normal
+	  CBC mode against certain attacks. This adds around 1kB to binary
+	  size and is recommended for most cases.
 
 comment "Integrity, at least one required --- RFC Draft requires sha1-hmac and recommends sha1-96"