diff options
Diffstat (limited to 'openembedded/packages/dropbear')
8 files changed, 0 insertions, 344 deletions
diff --git a/openembedded/packages/dropbear/dropbear.inc b/openembedded/packages/dropbear/dropbear.inc deleted file mode 100644 index 301ac24cb..000000000 --- a/openembedded/packages/dropbear/dropbear.inc +++ /dev/null @@ -1,73 +0,0 @@ -DESCRIPTION = "Dropbear is a lightweight SSH and SCP Implementation" -HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" -SECTION = "console/network" -LICENSE = "MIT" -DEPENDS = "zlib" -PROVIDES = "ssh sshd" -RPROVIDES = "ssh sshd" - -SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \ - file://urandom-xauth-changes-to-options.h.patch;patch=1 \ - file://configure.patch;patch=1 \ - file://fix-2kb-keys.patch;patch=1 \ - file://allow-nopw.patch \ - file://init" - -inherit autotools update-rc.d - -INITSCRIPT_NAME = "dropbear" -INITSCRIPT_PARAMS = "defaults 10" - -CFLAGS_prepend = " -I. " -LD = "${CC}" - -SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" -BINCOMMANDS = "dbclient ssh scp" -EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' - -do_configure_prepend() { - if [ "x${DISTRO}" != "xfamiliar" -a "${DISTRO_TYPE}" == "debug" ]; then - oenote "WARNING: applying allow-nopw.patch which allows password-less logins!" - patch -p1 < ${WORKDIR}/allow-nopw.patch - fi -} - -do_install() { - install -d ${D}${sysconfdir} \ - ${D}${sysconfdir}/init.d \ - ${D}${sysconfdir}/default \ - ${D}${sysconfdir}/dropbear \ - ${D}${bindir} \ - ${D}${sbindir} \ - ${D}${localstatedir} - - install -m 0755 dropbearmulti ${D}${sbindir}/ - ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient - - for i in ${SBINCOMMANDS} - do - ln -s ./dropbearmulti ${D}${sbindir}/$i - done - cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \ - -e 's,/usr/sbin,${sbindir},g' \ - -e 's,/var,${localstatedir},g' \ - -e 's,/usr/bin,${bindir},g' \ - -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear - chmod 755 ${D}${sysconfdir}/init.d/dropbear -} - -pkg_postinst () { - update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20 - update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20 -} - -pkg_postrm_append () { - if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then - rm ${sysconfdir}/dropbear/dropbear_rsa_host_key - fi - if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then - rm ${sysconfdir}/dropbear/dropbear_dss_host_key - fi - update-alternatives --remove ssh ${bindir}/dropbearmulti - update-alternatives --remove scp ${bindir}/dropbearmulti -} diff --git a/openembedded/packages/dropbear/dropbear/allow-nopw.patch b/openembedded/packages/dropbear/dropbear/allow-nopw.patch deleted file mode 100644 index 1a709b8da..000000000 --- a/openembedded/packages/dropbear/dropbear/allow-nopw.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c ---- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800 -@@ -237,6 +237,7 @@ - } - - /* check for an empty password */ -+#ifdef DISALLOW_EMPTY_PW - if (ses.authstate.pw->pw_passwd[0] == '\0') { - TRACE(("leave checkusername: empty pword")) - dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", -@@ -244,7 +245,7 @@ - send_msg_userauth_failure(0, 1); - return DROPBEAR_FAILURE; - } -- -+#endif - TRACE(("shell is %s", ses.authstate.pw->pw_shell)) - - /* check that the shell is set */ -diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c ---- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800 -@@ -64,9 +64,13 @@ - * since the shadow password may differ to that tested - * in auth.c */ - if (passwdcrypt[0] == '\0') { -+#ifdef DISALLOW_EMPTY_PASSWD - dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", - ses.authstate.printableuser); - send_msg_userauth_failure(0, 1); -+#else -+ send_msg_userauth_success(); -+#endif - return; - } - diff --git a/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch b/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch deleted file mode 100644 index bc4c461fe..000000000 --- a/openembedded/packages/dropbear/dropbear/chansession-security-fix.patch +++ /dev/null @@ -1,74 +0,0 @@ -Date: Sun, 11 Dec 2005 23:30:02 +0800 -From: Matt Johnston <matt@ucc.asn.au> -To: dropbear@ucc.gu.uwa.edu.au -Subject: Dropbear 0.47 (and security fix) -Message-ID: <20051211153002.GH28839@ucc.gu.uwa.edu.au> - -Hi all. - -I've put up a new release 0.47 of Dropbear, which has -various fixes and new features - see the change summary -below. -http://matt.ucc.asn.au/dropbear/dropbear.html is the -url as usual or directly at -http://matt.ucc.asn.au/dropbear/dropbear-0.47.tar.bz2 - -This release also fixes a potential security issue, which -may allow authenticated users to run arbitrary code as the -server user. I'm unsure exactly how likely it is to be -exploitable, but anyone who's running a multi-user server is -advised to upgrade. For older releases, the patch is: -(against chanesssion.c for 0.43 and earlier). - ---- dropbear/svr-chansession.c -+++ dropbear/svr-chansession.c -@@ -810,7 +810,7 @@ - /* need to increase size */ - if (i == svr_ses.childpidsize) { - svr_ses.childpids = (struct ChildPid*)m_realloc(svr_ses.childpids, -- sizeof(struct ChildPid) * svr_ses.childpidsize+1); -+ sizeof(struct ChildPid) * (svr_ses.childpidsize+1)); - svr_ses.childpidsize++; - } - - -Matt - - -0.47 - Thurs Dec 8 2005 - -- SECURITY: fix for buffer allocation error in server code, could potentially - allow authenticated users to gain elevated privileges. All multi-user systems - running the server should upgrade (or apply the patch available on the - Dropbear webpage). - -- Fix channel handling code so that redirecting to /dev/null doesn't use - 100% CPU. - -- Turn on zlib compression for dbclient. - -- Set "low delay" TOS bit, can significantly improve interactivity - over some links. - -- Added client keyboard-interactive mode support, allows operation with - newer OpenSSH servers in default config. - -- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions - -- Improve logging of assertions - -- Added aes-256 cipher and sha1-96 hmac. - -- Fix twofish so that it actually works. - -- Improve PAM prompt comparison. - -- Added -g (dbclient) and -a (dropbear server) options to allow - connections to listening forwarded ports from remote machines. - -- Various other minor fixes - -- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD - (netinet/in_systm.h needs to be included). - - diff --git a/openembedded/packages/dropbear/dropbear/configure.patch b/openembedded/packages/dropbear/dropbear/configure.patch deleted file mode 100644 index 9ae84b260..000000000 --- a/openembedded/packages/dropbear/dropbear/configure.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in ---- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800 -@@ -161,15 +161,20 @@ - AC_MSG_RESULT(Not using openpty) - else - AC_MSG_RESULT(Using openpty if available) -- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) -+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) - fi - ], - [ - AC_MSG_RESULT(Using openpty if available) -- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) -+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) - ] - ) -- -+ -+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then -+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) -+ no_ptc_check=yes -+ no_ptmx_check=yes -+fi - - AC_ARG_ENABLE(syslog, - [ --disable-syslog Don't include syslog support], diff --git a/openembedded/packages/dropbear/dropbear/fix-2kb-keys.patch b/openembedded/packages/dropbear/dropbear/fix-2kb-keys.patch deleted file mode 100644 index ba2b19d44..000000000 --- a/openembedded/packages/dropbear/dropbear/fix-2kb-keys.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h ---- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800 -@@ -64,6 +64,6 @@ - - }; - --#define MAX_KEXHASHBUF 2000 -+#define MAX_KEXHASHBUF 3000 - - #endif /* _KEX_H_ */ diff --git a/openembedded/packages/dropbear/dropbear/init b/openembedded/packages/dropbear/dropbear/init deleted file mode 100755 index d019bdb4b..000000000 --- a/openembedded/packages/dropbear/dropbear/init +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/sh -# -# Do not configure this file. Edit /etc/default/dropbear instead! -# - -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -DAEMON=/usr/sbin/dropbear -NAME=dropbear -DESC="Dropbear SSH server" - -DROPBEAR_PORT=22 -DROPBEAR_EXTRA_ARGS= -NO_START=0 - -set -e - -test ! -r /etc/default/dropbear || . /etc/default/dropbear -test "$NO_START" = "0" || exit 0 -test -x "$DAEMON" || exit 0 -test ! -h /var/service/dropbear || exit 0 - -readonly_rootfs=0 -for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do - case $flag in - ro) - readonly_rootfs=1 - ;; - esac -done - -if [ $readonly_rootfs = "1" ]; then - mkdir -p /var/lib/dropbear - DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key" - DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key" -else - DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key" - DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key" -fi - -test -z "$DROPBEAR_BANNER" || \ - DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER" -test -n "$DROPBEAR_RSAKEY" || \ - DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT -test -n "$DROPBEAR_DSSKEY" || \ - DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT -test -n "$DROPBEAR_KEYTYPES" || \ - DROPBEAR_KEYTYPES="rsa" - -gen_keys() { -for t in $DROPBEAR_KEYTYPES; do - case $t in - rsa) - test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY - ;; - dsa) - test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY - ;; - esac -done -} - -case "$1" in - start) - echo -n "Starting $DESC: " - gen_keys - KEY_ARGS="" - test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" - test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" - start-stop-daemon -S \ - -x "$DAEMON" -- $KEY_ARGS \ - -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS - echo "$NAME." - ;; - stop) - echo -n "Stopping $DESC: " - start-stop-daemon -K -x "$DAEMON" - echo "$NAME." - ;; - restart|force-reload) - echo -n "Restarting $DESC: " - start-stop-daemon -K -x "$DAEMON" - sleep 1 - KEY_ARGS="" - test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY" - test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY" - start-stop-daemon -S \ - -x "$DAEMON" -- $KEY_ARGS \ - -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS - echo "$NAME." - ;; - *) - N=/etc/init.d/$NAME - echo "Usage: $N {start|stop|restart|force-reload}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/openembedded/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/openembedded/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch deleted file mode 100644 index e2b1dd5da..000000000 --- a/openembedded/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h ---- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800 -@@ -143,7 +143,7 @@ - * however significantly reduce the security of your ssh connections - * if the PRNG state becomes guessable - make sure you know what you are - * doing if you change this. */ --#define DROPBEAR_RANDOM_DEV "/dev/random" -+#define DROPBEAR_RANDOM_DEV "/dev/urandom" - - /* prngd must be manually set up to produce output */ - /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ -@@ -167,7 +167,7 @@ - /* The command to invoke for xauth when using X11 forwarding. - * "-q" for quiet */ - #ifndef XAUTH_COMMAND --#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" -+#define XAUTH_COMMAND "xauth -q" - #endif - - /* if you want to enable running an sftp server (such as the one included with diff --git a/openembedded/packages/dropbear/dropbear_0.47.bb b/openembedded/packages/dropbear/dropbear_0.47.bb deleted file mode 100644 index 5990260b8..000000000 --- a/openembedded/packages/dropbear/dropbear_0.47.bb +++ /dev/null @@ -1,3 +0,0 @@ -include dropbear.inc - -PR = "r2" |