Bug 265590 - ftp/proftpd: add libsodium support
Summary: ftp/proftpd: add libsodium support
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Martin Matuska
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-08-03 07:41 UTC by Alexander Pücker
Modified: 2024-01-08 00:10 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (mm)


Attachments
Makefile patch (864 bytes, patch)
2022-08-03 07:43 UTC, Alexander Pücker
no flags Details | Diff
Makefile patch for libsodium (895 bytes, patch)
2023-12-20 18:40 UTC, Miroslav Lachman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Pücker 2022-08-03 07:41:36 UTC
The attached patch would add a new option to configure Proftpd with libsodium support. With libsodium will the usage of ED25519 SSH keys be supported:
http://bugs.proftpd.org/show_bug.cgi?id=4221
http://www.proftpd.org/docs/contrib/mod_sftp.html#:~:text=Ed25519%20algorithm%20requires%20the%20libsodium

Patch was tested with FreeBSD 13.
Comment 1 Alexander Pücker 2022-08-03 07:43:10 UTC
Created attachment 235651 [details]
Makefile patch
Comment 2 Miroslav Lachman 2023-12-20 18:40:21 UTC
Created attachment 247173 [details]
Makefile patch for libsodium

libsodium support for Scrypt and Argon2 passwords plus additional public key format ed25519
Comment 3 Miroslav Lachman 2023-12-20 18:41:12 UTC
I ran into this exact problem with the ed25519 key for mod_sftp so I found I need libsodium at build time, I patched Makefile, built, tested and right now I see there is this PR with patch already made.
Libsodium provides additional strong algorithms for passwords too (namely Scrypt and Argon2 http://www.proftpd.org/docs/contrib/mod_sql_passwd.html)

Can somebody commit the patch? (I don't care which one)
Comment 4 commit-hook freebsd_committer freebsd_triage 2024-01-08 00:08:25 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=fc281da4dc2af0f1aaac1fc3ca29fa6f04dcdcc9

commit fc281da4dc2af0f1aaac1fc3ca29fa6f04dcdcc9
Author:     Martin Matuska <mm@FreeBSD.org>
AuthorDate: 2024-01-08 00:00:42 +0000
Commit:     Martin Matuska <mm@FreeBSD.org>
CommitDate: 2024-01-08 00:08:05 +0000

    ftp/proftpd: update to 1.3.8b and add libsodium support

    Provides mitigation for "Terrapin" SSH attack.
    Support stronger key algorithms using libsodium by default.

    PR:             265590, 276168
    Security:       CVE-2023-48795

 databases/proftpd-mod_sql_tds/distinfo |  6 +++---
 ftp/proftpd-mod_vroot/distinfo         |  6 +++---
 ftp/proftpd/Makefile                   | 13 +++++++++----
 ftp/proftpd/distinfo                   |  6 +++---
 security/proftpd-mod_clamav/distinfo   |  6 +++---
 5 files changed, 21 insertions(+), 16 deletions(-)