dropbear: update to 2016.73

[openwrt/openwrt.git] / package / network / services / dropbear / patches / 120-openwrt_options.patch

diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch
index 1b5c5cb1e801843d0011d7c05994fc70029f7da2..f16aaf001eee11811be81fa1db399cf117e66595 100644 (file)
--- a/package/network/services/dropbear/patches/120-openwrt_options.patch
+++ b/package/network/services/dropbear/patches/120-openwrt_options.patch
@@ -18,27 +18,50 @@
  
  /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */
  #define ENABLE_USER_ALGO_LIST
-@@ -95,8 +95,8 @@ much traffic. */
+@@ -91,16 +91,16 @@ much traffic. */
+  * Including multiple keysize variants the same cipher 
+  * (eg AES256 as well as AES128) will result in a minimal size increase.*/
+ #define DROPBEAR_AES128
+-#define DROPBEAR_3DES
++/*#define DROPBEAR_3DES*/
  #define DROPBEAR_AES256
  /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
  /*#define DROPBEAR_BLOWFISH*/
 -#define DROPBEAR_TWOFISH256
 -#define DROPBEAR_TWOFISH128
-+/*#define DROPBEAR_TWOFISH256
-+#define DROPBEAR_TWOFISH128*/
++/*#define DROPBEAR_TWOFISH256*/
++/*#define DROPBEAR_TWOFISH128*/
+ 
+ /* Enable CBC mode for ciphers. This has security issues though
+  * is the most compatible with older SSH implementations */
+-#define DROPBEAR_ENABLE_CBC_MODE
++/*#define DROPBEAR_ENABLE_CBC_MODE*/
  
  /* Enable "Counter Mode" for ciphers. This is more secure than normal
-  * CBC mode against certain attacks. This adds around 1kB to binary 
-@@ -122,7 +122,7 @@ much traffic. */
+  * CBC mode against certain attacks. It is recommended for security
+@@ -131,9 +131,9 @@ If you test it please contact the Dropbe
   * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
   * which are not the standard form. */
  #define DROPBEAR_SHA1_HMAC
 -#define DROPBEAR_SHA1_96_HMAC
+-#define DROPBEAR_SHA2_256_HMAC
+-#define DROPBEAR_SHA2_512_HMAC
 +/*#define DROPBEAR_SHA1_96_HMAC*/
- /*#define DROPBEAR_SHA2_256_HMAC*/
- /*#define DROPBEAR_SHA2_512_HMAC*/
++/*#define DROPBEAR_SHA2_256_HMAC*/
++/*#define DROPBEAR_SHA2_512_HMAC*/
  #define DROPBEAR_MD5_HMAC
-@@ -175,7 +175,7 @@ much traffic. */
+ 
+ /* You can also disable integrity. Don't bother disabling this if you're
+@@ -146,7 +146,7 @@ If you test it please contact the Dropbe
+  * Removing either of these won't save very much space.
+  * SSH2 RFC Draft requires dss, recommends rsa */
+ #define DROPBEAR_RSA
+-#define DROPBEAR_DSS
++/*#define DROPBEAR_DSS*/
+ /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
+  * code (either ECDSA or ECDH) increases binary size - around 30kB
+  * on x86-64 */
+@@ -194,7 +194,7 @@ If you test it please contact the Dropbe
  
  /* Whether to print the message of the day (MOTD). This doesn't add much code
   * size */
@@ -47,7 +70,7 @@
  
  /* The MOTD file path */
  #ifndef MOTD_FILENAME
-@@ -213,7 +213,7 @@ much traffic. */
+@@ -242,7 +242,7 @@ Homedir is prepended unless path begins
   * note that it will be provided for all "hidden" client-interactive
   * style prompts - if you want something more sophisticated, use 
   * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/