From f7f54600f1ce3763705c6c6337bea052f77c5e33 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Thu, 23 Mar 2006 21:14:40 +0000 Subject: Dropbear 0.46 -> 0.47 git-svn-id: https://svn.o-hand.com/repos/poky/trunk@326 311d38ba-8fff-0310-9ca6-ca027cbcb966 --- .../dropbear/dropbear-0.46/allow-nopw.patch | 37 ----------- .../dropbear/dropbear-0.46/configure.patch | 27 -------- .../dropbear/dropbear-0.46/fix-2kb-keys.patch | 11 ---- .../urandom-xauth-changes-to-options.h.patch | 21 ------- openembedded/packages/dropbear/dropbear.inc | 73 ++++++++++++++++++++++ .../packages/dropbear/dropbear/allow-nopw.patch | 37 +++++++++++ .../packages/dropbear/dropbear/configure.patch | 27 ++++++++ .../packages/dropbear/dropbear/fix-2kb-keys.patch | 11 ++++ .../urandom-xauth-changes-to-options.h.patch | 21 +++++++ openembedded/packages/dropbear/dropbear_0.46.bb | 73 ---------------------- openembedded/packages/dropbear/dropbear_0.47.bb | 3 + 11 files changed, 172 insertions(+), 169 deletions(-) delete mode 100644 openembedded/packages/dropbear/dropbear-0.46/allow-nopw.patch delete mode 100644 openembedded/packages/dropbear/dropbear-0.46/configure.patch delete mode 100644 openembedded/packages/dropbear/dropbear-0.46/fix-2kb-keys.patch delete mode 100644 openembedded/packages/dropbear/dropbear-0.46/urandom-xauth-changes-to-options.h.patch create mode 100644 openembedded/packages/dropbear/dropbear.inc create mode 100644 openembedded/packages/dropbear/dropbear/allow-nopw.patch create mode 100644 openembedded/packages/dropbear/dropbear/configure.patch create mode 100644 openembedded/packages/dropbear/dropbear/fix-2kb-keys.patch create mode 100644 openembedded/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch delete mode 100644 openembedded/packages/dropbear/dropbear_0.46.bb create mode 100644 openembedded/packages/dropbear/dropbear_0.47.bb (limited to 'openembedded/packages') diff --git a/openembedded/packages/dropbear/dropbear-0.46/allow-nopw.patch b/openembedded/packages/dropbear/dropbear-0.46/allow-nopw.patch deleted file mode 100644 index 1a709b8da..000000000 --- a/openembedded/packages/dropbear/dropbear-0.46/allow-nopw.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c ---- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800 -@@ -237,6 +237,7 @@ - } - - /* check for an empty password */ -+#ifdef DISALLOW_EMPTY_PW - if (ses.authstate.pw->pw_passwd[0] == '\0') { - TRACE(("leave checkusername: empty pword")) - dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", -@@ -244,7 +245,7 @@ - send_msg_userauth_failure(0, 1); - return DROPBEAR_FAILURE; - } -- -+#endif - TRACE(("shell is %s", ses.authstate.pw->pw_shell)) - - /* check that the shell is set */ -diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c ---- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800 -@@ -64,9 +64,13 @@ - * since the shadow password may differ to that tested - * in auth.c */ - if (passwdcrypt[0] == '\0') { -+#ifdef DISALLOW_EMPTY_PASSWD - dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", - ses.authstate.printableuser); - send_msg_userauth_failure(0, 1); -+#else -+ send_msg_userauth_success(); -+#endif - return; - } - diff --git a/openembedded/packages/dropbear/dropbear-0.46/configure.patch b/openembedded/packages/dropbear/dropbear-0.46/configure.patch deleted file mode 100644 index 9ae84b260..000000000 --- a/openembedded/packages/dropbear/dropbear-0.46/configure.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in ---- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800 -@@ -161,15 +161,20 @@ - AC_MSG_RESULT(Not using openpty) - else - AC_MSG_RESULT(Using openpty if available) -- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) -+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) - fi - ], - [ - AC_MSG_RESULT(Using openpty if available) -- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) -+ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) - ] - ) -- -+ -+if test "x$dropbear_cv_func_have_openpty" = "xyes"; then -+ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) -+ no_ptc_check=yes -+ no_ptmx_check=yes -+fi - - AC_ARG_ENABLE(syslog, - [ --disable-syslog Don't include syslog support], diff --git a/openembedded/packages/dropbear/dropbear-0.46/fix-2kb-keys.patch b/openembedded/packages/dropbear/dropbear-0.46/fix-2kb-keys.patch deleted file mode 100644 index ba2b19d44..000000000 --- a/openembedded/packages/dropbear/dropbear-0.46/fix-2kb-keys.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h ---- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800 -@@ -64,6 +64,6 @@ - - }; - --#define MAX_KEXHASHBUF 2000 -+#define MAX_KEXHASHBUF 3000 - - #endif /* _KEX_H_ */ diff --git a/openembedded/packages/dropbear/dropbear-0.46/urandom-xauth-changes-to-options.h.patch b/openembedded/packages/dropbear/dropbear-0.46/urandom-xauth-changes-to-options.h.patch deleted file mode 100644 index e2b1dd5da..000000000 --- a/openembedded/packages/dropbear/dropbear-0.46/urandom-xauth-changes-to-options.h.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h ---- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800 -+++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800 -@@ -143,7 +143,7 @@ - * however significantly reduce the security of your ssh connections - * if the PRNG state becomes guessable - make sure you know what you are - * doing if you change this. */ --#define DROPBEAR_RANDOM_DEV "/dev/random" -+#define DROPBEAR_RANDOM_DEV "/dev/urandom" - - /* prngd must be manually set up to produce output */ - /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ -@@ -167,7 +167,7 @@ - /* The command to invoke for xauth when using X11 forwarding. - * "-q" for quiet */ - #ifndef XAUTH_COMMAND --#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" -+#define XAUTH_COMMAND "xauth -q" - #endif - - /* if you want to enable running an sftp server (such as the one included with diff --git a/openembedded/packages/dropbear/dropbear.inc b/openembedded/packages/dropbear/dropbear.inc new file mode 100644 index 000000000..301ac24cb --- /dev/null +++ b/openembedded/packages/dropbear/dropbear.inc @@ -0,0 +1,73 @@ +DESCRIPTION = "Dropbear is a lightweight SSH and SCP Implementation" +HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" +SECTION = "console/network" +LICENSE = "MIT" +DEPENDS = "zlib" +PROVIDES = "ssh sshd" +RPROVIDES = "ssh sshd" + +SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.gz \ + file://urandom-xauth-changes-to-options.h.patch;patch=1 \ + file://configure.patch;patch=1 \ + file://fix-2kb-keys.patch;patch=1 \ + file://allow-nopw.patch \ + file://init" + +inherit autotools update-rc.d + +INITSCRIPT_NAME = "dropbear" +INITSCRIPT_PARAMS = "defaults 10" + +CFLAGS_prepend = " -I. " +LD = "${CC}" + +SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" +BINCOMMANDS = "dbclient ssh scp" +EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' + +do_configure_prepend() { + if [ "x${DISTRO}" != "xfamiliar" -a "${DISTRO_TYPE}" == "debug" ]; then + oenote "WARNING: applying allow-nopw.patch which allows password-less logins!" + patch -p1 < ${WORKDIR}/allow-nopw.patch + fi +} + +do_install() { + install -d ${D}${sysconfdir} \ + ${D}${sysconfdir}/init.d \ + ${D}${sysconfdir}/default \ + ${D}${sysconfdir}/dropbear \ + ${D}${bindir} \ + ${D}${sbindir} \ + ${D}${localstatedir} + + install -m 0755 dropbearmulti ${D}${sbindir}/ + ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient + + for i in ${SBINCOMMANDS} + do + ln -s ./dropbearmulti ${D}${sbindir}/$i + done + cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \ + -e 's,/usr/sbin,${sbindir},g' \ + -e 's,/var,${localstatedir},g' \ + -e 's,/usr/bin,${bindir},g' \ + -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear + chmod 755 ${D}${sysconfdir}/init.d/dropbear +} + +pkg_postinst () { + update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20 + update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20 +} + +pkg_postrm_append () { + if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_rsa_host_key + fi + if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then + rm ${sysconfdir}/dropbear/dropbear_dss_host_key + fi + update-alternatives --remove ssh ${bindir}/dropbearmulti + update-alternatives --remove scp ${bindir}/dropbearmulti +} diff --git a/openembedded/packages/dropbear/dropbear/allow-nopw.patch b/openembedded/packages/dropbear/dropbear/allow-nopw.patch new file mode 100644 index 000000000..1a709b8da --- /dev/null +++ b/openembedded/packages/dropbear/dropbear/allow-nopw.patch @@ -0,0 +1,37 @@ +diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c +--- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800 +@@ -237,6 +237,7 @@ + } + + /* check for an empty password */ ++#ifdef DISALLOW_EMPTY_PW + if (ses.authstate.pw->pw_passwd[0] == '\0') { + TRACE(("leave checkusername: empty pword")) + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", +@@ -244,7 +245,7 @@ + send_msg_userauth_failure(0, 1); + return DROPBEAR_FAILURE; + } +- ++#endif + TRACE(("shell is %s", ses.authstate.pw->pw_shell)) + + /* check that the shell is set */ +diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c +--- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800 +@@ -64,9 +64,13 @@ + * since the shadow password may differ to that tested + * in auth.c */ + if (passwdcrypt[0] == '\0') { ++#ifdef DISALLOW_EMPTY_PASSWD + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected", + ses.authstate.printableuser); + send_msg_userauth_failure(0, 1); ++#else ++ send_msg_userauth_success(); ++#endif + return; + } + diff --git a/openembedded/packages/dropbear/dropbear/configure.patch b/openembedded/packages/dropbear/dropbear/configure.patch new file mode 100644 index 000000000..9ae84b260 --- /dev/null +++ b/openembedded/packages/dropbear/dropbear/configure.patch @@ -0,0 +1,27 @@ +diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in +--- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800 +@@ -161,15 +161,20 @@ + AC_MSG_RESULT(Not using openpty) + else + AC_MSG_RESULT(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + fi + ], + [ + AC_MSG_RESULT(Using openpty if available) +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) + ] + ) +- ++ ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) ++ no_ptc_check=yes ++ no_ptmx_check=yes ++fi + + AC_ARG_ENABLE(syslog, + [ --disable-syslog Don't include syslog support], diff --git a/openembedded/packages/dropbear/dropbear/fix-2kb-keys.patch b/openembedded/packages/dropbear/dropbear/fix-2kb-keys.patch new file mode 100644 index 000000000..ba2b19d44 --- /dev/null +++ b/openembedded/packages/dropbear/dropbear/fix-2kb-keys.patch @@ -0,0 +1,11 @@ +diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h +--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800 +@@ -64,6 +64,6 @@ + + }; + +-#define MAX_KEXHASHBUF 2000 ++#define MAX_KEXHASHBUF 3000 + + #endif /* _KEX_H_ */ diff --git a/openembedded/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/openembedded/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 000000000..e2b1dd5da --- /dev/null +++ b/openembedded/packages/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch @@ -0,0 +1,21 @@ +diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h +--- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800 ++++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800 +@@ -143,7 +143,7 @@ + * however significantly reduce the security of your ssh connections + * if the PRNG state becomes guessable - make sure you know what you are + * doing if you change this. */ +-#define DROPBEAR_RANDOM_DEV "/dev/random" ++#define DROPBEAR_RANDOM_DEV "/dev/urandom" + + /* prngd must be manually set up to produce output */ + /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ +@@ -167,7 +167,7 @@ + /* The command to invoke for xauth when using X11 forwarding. + * "-q" for quiet */ + #ifndef XAUTH_COMMAND +-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q" ++#define XAUTH_COMMAND "xauth -q" + #endif + + /* if you want to enable running an sftp server (such as the one included with diff --git a/openembedded/packages/dropbear/dropbear_0.46.bb b/openembedded/packages/dropbear/dropbear_0.46.bb deleted file mode 100644 index 5bce95a71..000000000 --- a/openembedded/packages/dropbear/dropbear_0.46.bb +++ /dev/null @@ -1,73 +0,0 @@ -DESCRIPTION = "Dropbear is a lightweight SSH and SCP Implementation" -HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html" -SECTION = "console/network" -LICENSE = "MIT" -DEPENDS = "zlib" -PROVIDES = "ssh sshd" -PR = "r4" - -SRC_URI = "http://matt.ucc.asn.au/dropbear/releases/dropbear-${PV}.tar.bz2 \ - file://urandom-xauth-changes-to-options.h.patch;patch=1 \ - file://configure.patch;patch=1 \ - file://allow-nopw.patch \ - file://fix-2kb-keys.patch;patch=1 \ - file://chansession-security-fix.patch;patch=1 \ - file://init" - -inherit autotools update-rc.d - -INITSCRIPT_NAME = "dropbear" -INITSCRIPT_PARAMS = "defaults 10" - -CFLAGS_prepend = "-I. " -LD = "${CC}" - -SBINCOMMANDS = "dropbear dropbearkey dropbearconvert" -BINCOMMANDS = "dbclient ssh scp" -EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"' - -do_configure_prepend() { - if [ "${DISTRO_TYPE}" == "debug" ]; then - patch -p1 < ${WORKDIR}/allow-nopw.patch - fi -} - -do_install() { - install -d ${D}${sysconfdir} \ - ${D}${sysconfdir}/init.d \ - ${D}${sysconfdir}/default \ - ${D}${sysconfdir}/dropbear \ - ${D}${bindir} \ - ${D}${sbindir} \ - ${D}${localstatedir} - - install -m 0755 dropbearmulti ${D}${sbindir}/ - ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient - - for i in ${SBINCOMMANDS} - do - ln -s ./dropbearmulti ${D}${sbindir}/$i - done - cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \ - -e 's,/usr/sbin,${sbindir},g' \ - -e 's,/var,${localstatedir},g' \ - -e 's,/usr/bin,${bindir},g' \ - -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear - chmod 755 ${D}${sysconfdir}/init.d/dropbear -} - -pkg_postinst () { - update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20 - update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20 -} - -pkg_postrm_append () { - if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then - rm ${sysconfdir}/dropbear/dropbear_rsa_host_key - fi - if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then - rm ${sysconfdir}/dropbear/dropbear_dss_host_key - fi - update-alternatives --remove ssh ${bindir}/dropbearmulti - update-alternatives --remove scp ${bindir}/dropbearmulti -} diff --git a/openembedded/packages/dropbear/dropbear_0.47.bb b/openembedded/packages/dropbear/dropbear_0.47.bb new file mode 100644 index 000000000..5990260b8 --- /dev/null +++ b/openembedded/packages/dropbear/dropbear_0.47.bb @@ -0,0 +1,3 @@ +include dropbear.inc + +PR = "r2" -- cgit v1.2.3