include $(TOPDIR)/rules.mk
PKG_NAME:=dropbear
-PKG_VERSION:=2026.91
+PKG_VERSION:=2026.92
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:= \
https://matt.ucc.asn.au/dropbear/releases/ \
https://dropbear.nl/mirror/releases/
-PKG_HASH:=defa924475abf6bc1e74abc00173e46bfdc804bd47caafa14f5a4ef0cc76da34
+PKG_HASH:=91dcb5234de8dea68dd82c55411c9fc986b457ab58372a780ee8a870419c2f7e
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
# - IDENT_VERSION_PART
# disable unused functionality:
# - DO_MOTD
+# enable (deprecated) 2FA in server:
+# - DEPRECATED_TWO_FACTOR
DB_OPT_COMMON = \
IDENT_VERSION_PART,"" \
COMPAT_USER_SHELLS,"/bin/ash","/bin/sh" \
DEFAULT_PATH,"$(TARGET_INIT_PATH)" \
DEFAULT_ROOT_PATH,"$(TARGET_INIT_PATH)" \
+ DEPRECATED_TWO_FACTOR,1 \
DO_MOTD,0 \
AUTH_TIMEOUT,$(CONFIG_DROPBEAR_AUTH_TIMEOUT) \
DEBUG_TRACE,$(CONFIG_DROPBEAR_DEBUG_TRACE) \
DB_OPT_CONFIG = \
!!DROPBEAR_CLI_MULTIHOP,CONFIG_DROPBEAR_CLI_MULTIHOP,1,0 \
- !!DROPBEAR_ECC_256,CONFIG_DROPBEAR_ECC_256,1,0 \
- !!DROPBEAR_ECC_384,CONFIG_DROPBEAR_ECC_384,1,0 \
- !!DROPBEAR_ECC_521,CONFIG_DROPBEAR_ECC_521,1,0 \
DO_HOST_LOOKUP,CONFIG_DROPBEAR_DO_HOST_LOOKUP,1,0 \
DROPBEAR_3DES,CONFIG_DROPBEAR_3DES,1,0 \
DROPBEAR_AES128,CONFIG_DROPBEAR_AES128,1,0 \
DROPBEAR_DH_GROUP14_SHA256,CONFIG_DROPBEAR_DH_GROUP14_SHA256,1,0 \
DROPBEAR_DH_GROUP16,CONFIG_DROPBEAR_DH_GROUP16,1,0 \
DROPBEAR_DSS,CONFIG_DROPBEAR_DSS,1,0 \
+ DROPBEAR_ECC_256,CONFIG_DROPBEAR_ECC_256,1,0 \
+ DROPBEAR_ECC_384,CONFIG_DROPBEAR_ECC_384,1,0 \
+ DROPBEAR_ECC_521,CONFIG_DROPBEAR_ECC_521,1,0 \
DROPBEAR_ECDH,CONFIG_DROPBEAR_ECDH,1,0 \
DROPBEAR_ECDSA,CONFIG_DROPBEAR_ECDSA,1,0 \
DROPBEAR_ED25519,CONFIG_DROPBEAR_ED25519,1,0 \
--- /dev/null
+From cfedf9889222e44b2a31ecc14a289b7d0d86c563 Mon Sep 17 00:00:00 2001
+From: basavaraj-sm05 <basavaraj@digiscrypt.com>
+Date: Tue, 7 Jul 2026 13:05:32 +0530
+Subject: avoid out-of-bounds read matching ecdsa curve identifier
+
+---
+ src/ecdsa.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/ecdsa.c
++++ b/src/ecdsa.c
+@@ -103,7 +103,7 @@ ecc_key *buf_get_ecdsa_pub_key(buffer* b
+ }
+
+ for (curve = dropbear_ecc_curves; *curve; curve++) {
+- if (memcmp(identifier, (char*)(*curve)->name, strlen((char*)(*curve)->name)) == 0) {
++ if (strcmp((char*)identifier, (*curve)->name) == 0) {
+ break;
+ }
+ }
+++ /dev/null
-From b487b111d0cf735c640e6668aa888f7da4e78b3c Mon Sep 17 00:00:00 2001
-From: Matt Johnston <matt@ucc.asn.au>
-Date: Mon, 11 May 2026 20:43:50 +0800
-Subject: sntrup: Fix 64-bit literals
-
-Avoids warning on 32-bit platform
-
-src/sntrup761.c:1643: warning: integer constant is too large for 'long' type
----
- src/sntrup761.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/src/sntrup761.c
-+++ b/src/sntrup761.c
-@@ -1640,9 +1640,9 @@ __attribute__((unused))
- static inline
- int crypto_int64_ones_num(crypto_int64 crypto_int64_x) {
- crypto_int64_unsigned crypto_int64_y = crypto_int64_x;
-- const crypto_int64 C0 = 0x5555555555555555;
-- const crypto_int64 C1 = 0x3333333333333333;
-- const crypto_int64 C2 = 0x0f0f0f0f0f0f0f0f;
-+ const crypto_int64 C0 = INT64_C(0x5555555555555555);
-+ const crypto_int64 C1 = INT64_C(0x3333333333333333);
-+ const crypto_int64 C2 = INT64_C(0x0f0f0f0f0f0f0f0f);
- crypto_int64_y -= ((crypto_int64_y >> 1) & C0);
- crypto_int64_y = (crypto_int64_y & C1) + ((crypto_int64_y >> 2) & C1);
- crypto_int64_y = (crypto_int64_y + (crypto_int64_y >> 4)) & C2;
+++ /dev/null
-From a05569c6124006bd9b4823db30e824953c5024de Mon Sep 17 00:00:00 2001
-From: Matt Johnston <matt@ucc.asn.au>
-Date: Wed, 13 May 2026 08:40:17 +0800
-Subject: Increase MAX_HOSTKEYS to 6
-
-This allows all key types to be loaded at once, including different
-ecdsa sizes.
-Suggested by Darren Tucker.
----
- src/sysoptions.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/src/sysoptions.h
-+++ b/src/sysoptions.h
-@@ -283,7 +283,7 @@
- #define MAX_KEX_PARTS 1000
- #endif
-
--#define MAX_HOSTKEYS 4
-+#define MAX_HOSTKEYS 6
-
- /* The maximum size of the bignum portion of the kexhash buffer */
- /* K_S + Q_C + Q_S + K */
+++ /dev/null
-From ee65bff1567576a223febcdd5ae552326a4da4b1 Mon Sep 17 00:00:00 2001
-From: Matt Johnston <matt@ucc.asn.au>
-Date: Tue, 19 May 2026 19:03:39 +0800
-Subject: Fix too-low pubkey key query count
-
-Dropbear 2026.90 added a limit to the number of queries that could be
-made to a server when determining usable keys. This was intended to be
-set to 15 (MAX_PUBKEY_QUERIES) but the logic was incorrect (and also
-debug code was accidentally committed). This meant only 10 (default
-MAX_AUTH_TRIES/-T) tried keys would be allowed - not a huge difference.
-
-Reported by Rui Salvaterra
-
-Fixes: db0d3fd0a9e9 ("Limit server number of public key queries")
----
- src/svr-authpubkey.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/src/svr-authpubkey.c
-+++ b/src/svr-authpubkey.c
-@@ -173,9 +173,9 @@ void svr_auth_pubkey(int valid_user) {
- * Start counting failures (incrfail) only when it's reaching
- * the limit.
- */
-- unsigned int free_query_limit = 0;
-- MAX(0, (int)svr_opts.maxauthtries - MAX_PUBKEY_QUERIES);
-- int incrfail = ses.authstate.serv_pubkey_query_count > free_query_limit;
-+ unsigned int free_query_limit =
-+ MAX(0, MAX_PUBKEY_QUERIES - (int)svr_opts.maxauthtries);
-+ int incrfail = ses.authstate.serv_pubkey_query_count >= free_query_limit;
- send_msg_userauth_failure(0, incrfail);
- ses.authstate.serv_pubkey_query_count++;
- goto out;
--- a/src/svr-authpubkey.c
+++ b/src/svr-authpubkey.c
-@@ -80,6 +80,39 @@ static void send_msg_userauth_pk_ok(cons
+@@ -84,6 +84,39 @@ static void send_msg_userauth_pk_ok(cons
const unsigned char* keyblob, unsigned int keybloblen);
static int checkfileperm(char * filename);
/* process a pubkey auth request, sending success or failure message as
* appropriate */
void svr_auth_pubkey(int valid_user) {
-@@ -459,16 +492,22 @@ out:
+@@ -463,16 +496,22 @@ out:
static char *authorized_keys_filepath() {
size_t len = 0;
char *pathname = NULL, *dir = NULL;
m_free(dir);
return pathname;
}
-@@ -572,11 +611,23 @@ out:
+@@ -576,11 +615,23 @@ out:
* When this path is inside the user's home dir it checks up to and including
* the home dir, otherwise it checks every path component. */
static int checkpubkeyperms() {
--- a/src/dbutil.h
+++ b/src/dbutil.h
-@@ -81,7 +81,11 @@ int m_snprintf(char *str, size_t size, c
+@@ -83,7 +83,11 @@ void cleantext(char* dirtytext, int allo
#define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
/* Dropbear assertion */