X-Git-Url: http://git.openwrt.org/?a=blobdiff_plain;f=package%2Fnetwork%2Fservices%2Fdropbear%2Fpatches%2F120-openwrt_options.patch;h=7f47a74304791ae6d073157ecc0716c1e2c3dba6;hb=65d62b5f4ffcb481994f6865d0e03d0e9ad58b2b;hp=9300a274299178dea9ecb3aa48f6115572ef6408;hpb=61e83f9c29f873c89c725b9deae479b8f6b2401a;p=openwrt%2Fopenwrt.git diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index 9300a27429..7f47a74304 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -1,6 +1,6 @@ --- a/options.h +++ b/options.h -@@ -38,7 +38,7 @@ +@@ -41,7 +41,7 @@ * Both of these flags can be defined at once, don't compile without at least * one of them. */ #define NON_INETD_MODE @@ -9,16 +9,7 @@ /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is * perhaps 20% slower for pubkey operations (it is probably worth experimenting -@@ -49,7 +49,7 @@ - several kB in binary size however will make the symmetrical ciphers and hashes - slower, perhaps by 50%. Recommended for small systems that aren't doing - much traffic. */ --/*#define DROPBEAR_SMALL_CODE*/ -+#define DROPBEAR_SMALL_CODE - - /* Enable X11 Forwarding - server only */ - #define ENABLE_X11FWD -@@ -78,7 +78,7 @@ much traffic. */ +@@ -81,7 +81,7 @@ much traffic. */ /* Enable "Netcat mode" option. This will forward standard input/output * to a remote TCP-forwarded connection */ @@ -27,27 +18,51 @@ /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST -@@ -92,8 +92,8 @@ much traffic. */ +@@ -91,16 +91,16 @@ much traffic. */ + * Including multiple keysize variants the same cipher + * (eg AES256 as well as AES128) will result in a minimal size increase.*/ + #define DROPBEAR_AES128 +-#define DROPBEAR_3DES ++/*#define DROPBEAR_3DES*/ #define DROPBEAR_AES256 /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ /*#define DROPBEAR_BLOWFISH*/ -#define DROPBEAR_TWOFISH256 -#define DROPBEAR_TWOFISH128 -+/*#define DROPBEAR_TWOFISH256 -+#define DROPBEAR_TWOFISH128*/ ++/*#define DROPBEAR_TWOFISH256*/ ++/*#define DROPBEAR_TWOFISH128*/ + + /* Enable CBC mode for ciphers. This has security issues though + * is the most compatible with older SSH implementations */ +-#define DROPBEAR_ENABLE_CBC_MODE ++/*#define DROPBEAR_ENABLE_CBC_MODE*/ /* Enable "Counter Mode" for ciphers. This is more secure than normal - * CBC mode against certain attacks. This adds around 1kB to binary -@@ -119,7 +119,7 @@ much traffic. */ + * CBC mode against certain attacks. It is recommended for security +@@ -131,10 +131,10 @@ If you test it please contact the Dropbe * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ #define DROPBEAR_SHA1_HMAC -#define DROPBEAR_SHA1_96_HMAC +/*#define DROPBEAR_SHA1_96_HMAC*/ - /*#define DROPBEAR_SHA2_256_HMAC*/ - /*#define DROPBEAR_SHA2_512_HMAC*/ - #define DROPBEAR_MD5_HMAC -@@ -157,7 +157,7 @@ much traffic. */ + #define DROPBEAR_SHA2_256_HMAC +-#define DROPBEAR_SHA2_512_HMAC +-#define DROPBEAR_MD5_HMAC ++/*#define DROPBEAR_SHA2_512_HMAC*/ ++/*#define DROPBEAR_MD5_HMAC*/ + + /* You can also disable integrity. Don't bother disabling this if you're + * still using a cipher, it's relatively cheap. If you disable this it's dead +@@ -146,7 +146,7 @@ If you test it please contact the Dropbe + * Removing either of these won't save very much space. + * SSH2 RFC Draft requires dss, recommends rsa */ + #define DROPBEAR_RSA +-#define DROPBEAR_DSS ++/*#define DROPBEAR_DSS*/ + /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC + * code (either ECDSA or ECDH) increases binary size - around 30kB + * on x86-64 */ +@@ -194,7 +194,7 @@ If you test it please contact the Dropbe /* Whether to print the message of the day (MOTD). This doesn't add much code * size */ @@ -56,7 +71,7 @@ /* The MOTD file path */ #ifndef MOTD_FILENAME -@@ -195,7 +195,7 @@ much traffic. */ +@@ -242,7 +242,7 @@ Homedir is prepended unless path begins * note that it will be provided for all "hidden" client-interactive * style prompts - if you want something more sophisticated, use * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/