4 files changed, 167 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch
new file mode 100644
index 0000000000..2ae361c63e
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch
@@ -0,0 +1,38 @@
+diff --git a/svr-auth.c b/svr-auth.c
+index 5da0aa7..4de4964 100644
+--- a/svr-auth.c
+++ b/svr-auth.c
+@@ -249,6 +249,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
+        }
+ 
+        /* check for an empty password */
+#ifdef DISALLOW_EMPTY_PW
+        if (ses.authstate.pw_passwd[0] == '\0') {
+                TRACE(("leave checkusername: empty pword"))
+                dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+@@ -256,6 +257,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
+                send_msg_userauth_failure(0, 1);
+                return DROPBEAR_FAILURE;
+        }
+#endif
+ 
+        TRACE(("shell is %s", ses.authstate.pw_shell))
+ 
+diff --git a/svr-authpasswd.c b/svr-authpasswd.c
+index 53550a2..7b896bd 100644
+--- a/svr-authpasswd.c
+++ b/svr-authpasswd.c
+@@ -64,9 +64,13 @@ void svr_auth_password() {
+         * since the shadow password may differ to that tested
+         * in auth.c */
+        if (passwdcrypt[0] == '\0') {
+#ifdef DISALLOW_EMPTY_PASSWD
+                dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+                                ses.authstate.pw_name);
+                send_msg_userauth_failure(0, 1);
+#else
+               send_msg_userauth_success();
+#endif
+                return;
+        }
+ 
diff --git a/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch
new file mode 100644
index 0000000000..ba2b19d44a
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
+diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
+--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800
+@@ -64,6 +64,6 @@
+ 
+ };
+ 
+-#define MAX_KEXHASHBUF 2000
+#define MAX_KEXHASHBUF 3000
+ 
+ #endif /* _KEX_H_ */
diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init
new file mode 100755
index 0000000000..e882bae689
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/init
@@ -0,0 +1,106 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:             sshd
+# Required-Start:       $remote_fs $syslog $networking
+# Required-Stop:        $remote_fs $syslog
+# Default-Start:        2 3 4 5
+# Default-Stop:         1
+# Short-Description:    Dropbear Secure Shell server
+### END INIT INFO
+#
+# Do not configure this file. Edit /etc/default/dropbear instead!
+#
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/dropbear
+NAME=dropbear
+DESC="Dropbear SSH server"
+DROPBEAR_PORT=22
+DROPBEAR_EXTRA_ARGS=
+NO_START=0
+set -e
+test ! -r /etc/default/dropbear || . /etc/default/dropbear
+test "$NO_START" = "0" || exit 0
+test -x "$DAEMON" || exit 0
+test ! -h /var/service/dropbear || exit 0
+readonly_rootfs=0
+for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
+  case $flag in
+   ro)
+     readonly_rootfs=1
+     ;;
+  esac
+done
+if [ $readonly_rootfs = "1" ]; then
+  mkdir -p /var/lib/dropbear
+  DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
+  DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
+else
+  DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+  DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
+fi
+test -z "$DROPBEAR_BANNER" || \
+  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
+test -n "$DROPBEAR_RSAKEY" || \
+  DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+test -n "$DROPBEAR_DSSKEY" || \
+  DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
+test -n "$DROPBEAR_KEYTYPES" || \
+  DROPBEAR_KEYTYPES="rsa"
+gen_keys() {
+for t in $DROPBEAR_KEYTYPES; do
+  case $t in
+    rsa)
+        test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
+        ;;
+    dsa)
+        test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
+        ;;
+  esac
+done
+}
+case "$1" in
+  start)
+        echo -n "Starting $DESC: "
+        gen_keys
+        KEY_ARGS=""
+        test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+        test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+        start-stop-daemon -S \
+          -x "$DAEMON" -- $KEY_ARGS \
+            -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+        echo "$NAME."
+        ;;
+  stop)
+        echo -n "Stopping $DESC: "
+        start-stop-daemon -K -x "$DAEMON"
+        echo "$NAME."
+        ;;
+  restart|force-reload)
+        echo -n "Restarting $DESC: "
+        start-stop-daemon -K -x "$DAEMON"
+        sleep 1
+        KEY_ARGS=""
+        test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+        test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+        start-stop-daemon -S \
+          -x "$DAEMON" -- $KEY_ARGS \
+            -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+        echo "$NAME."
+        ;;
+  *)
+        N=/etc/init.d/$NAME
+        echo "Usage: $N {start|stop|restart|force-reload}" >&2
+        exit 1
+        ;;
+esac
+exit 0
diff --git a/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000000..75ba306565
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,12 @@
+diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
+--- dropbear-0.45/options.h     2005-03-06 20:27:02.000000000 -0800
+++ dropbear-0.45.patched/options.h     2005-03-08 15:25:09.368742090 -0800
+@@ -167,7 +167,7 @@
+ /* The command to invoke for xauth when using X11 forwarding.
+  * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
+#define XAUTH_COMMAND "xauth -q"
+ #endif
+ 
+ /* if you want to enable running an sftp server (such as the one included with

diff --git a/meta/recipes-core/dropbear/dropbear/allow-nopw.patch b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch new file mode 100644 index 0000000000..2ae361c63e --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/allow-nopw.patch
@@ -0,0 +1,38 @@
	1	diff --git a/svr-auth.c b/svr-auth.c
	2	index 5da0aa7..4de4964 100644
	3	--- a/svr-auth.c
	4	+++ b/svr-auth.c
	5	@@ -249,6 +249,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
	6	}
	7
	8	/* check for an empty password */
	9	+#ifdef DISALLOW_EMPTY_PW
	10	if (ses.authstate.pw_passwd[0] == '\0') {
	11	TRACE(("leave checkusername: empty pword"))
	12	dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
	13	@@ -256,6 +257,7 @@ static int checkusername(unsigned char *username, unsigned int userlen) {
	14	send_msg_userauth_failure(0, 1);
	15	return DROPBEAR_FAILURE;
	16	}
	17	+#endif
	18
	19	TRACE(("shell is %s", ses.authstate.pw_shell))
	20
	21	diff --git a/svr-authpasswd.c b/svr-authpasswd.c
	22	index 53550a2..7b896bd 100644
	23	--- a/svr-authpasswd.c
	24	+++ b/svr-authpasswd.c
	25	@@ -64,9 +64,13 @@ void svr_auth_password() {
	26	* since the shadow password may differ to that tested
	27	* in auth.c */
	28	if (passwdcrypt[0] == '\0') {
	29	+#ifdef DISALLOW_EMPTY_PASSWD
	30	dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
	31	ses.authstate.pw_name);
	32	send_msg_userauth_failure(0, 1);
	33	+#else
	34	+ send_msg_userauth_success();
	35	+#endif
	36	return;
	37	}
	38


diff --git a/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch new file mode 100644 index 0000000000..ba2b19d44a --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
	1	diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
	2	--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800
	3	+++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800
	4	@@ -64,6 +64,6 @@
	5
	6	};
	7
	8	-#define MAX_KEXHASHBUF 2000
	9	+#define MAX_KEXHASHBUF 3000
	10
	11	#endif /* _KEX_H_ */


diff --git a/meta/recipes-core/dropbear/dropbear/init b/meta/recipes-core/dropbear/dropbear/init new file mode 100755 index 0000000000..e882bae689 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/init
@@ -0,0 +1,106 @@
	1	#!/bin/sh
	2	### BEGIN INIT INFO
	3	# Provides: sshd
	4	# Required-Start: $remote_fs $syslog $networking
	5	# Required-Stop: $remote_fs $syslog
	6	# Default-Start: 2 3 4 5
	7	# Default-Stop: 1
	8	# Short-Description: Dropbear Secure Shell server
	9	### END INIT INFO
	10	#
	11	# Do not configure this file. Edit /etc/default/dropbear instead!
	12	#
	13
	14	PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
	15	DAEMON=/usr/sbin/dropbear
	16	NAME=dropbear
	17	DESC="Dropbear SSH server"
	18
	19	DROPBEAR_PORT=22
	20	DROPBEAR_EXTRA_ARGS=
	21	NO_START=0
	22
	23	set -e
	24
	25	test ! -r /etc/default/dropbear \|\| . /etc/default/dropbear
	26	test "$NO_START" = "0" \|\| exit 0
	27	test -x "$DAEMON" \|\| exit 0
	28	test ! -h /var/service/dropbear \|\| exit 0
	29
	30	readonly_rootfs=0
	31	for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
	32	case $flag in
	33	ro)
	34	readonly_rootfs=1
	35	;;
	36	esac
	37	done
	38
	39	if [ $readonly_rootfs = "1" ]; then
	40	mkdir -p /var/lib/dropbear
	41	DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
	42	DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
	43	else
	44	DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
	45	DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
	46	fi
	47
	48	test -z "$DROPBEAR_BANNER" \|\| \
	49	DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
	50	test -n "$DROPBEAR_RSAKEY" \|\| \
	51	DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
	52	test -n "$DROPBEAR_DSSKEY" \|\| \
	53	DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
	54	test -n "$DROPBEAR_KEYTYPES" \|\| \
	55	DROPBEAR_KEYTYPES="rsa"
	56
	57	gen_keys() {
	58	for t in $DROPBEAR_KEYTYPES; do
	59	case $t in
	60	rsa)
	61	test -f $DROPBEAR_RSAKEY \|\| dropbearkey -t rsa -f $DROPBEAR_RSAKEY
	62	;;
	63	dsa)
	64	test -f $DROPBEAR_DSSKEY \|\| dropbearkey -t dss -f $DROPBEAR_DSSKEY
	65	;;
	66	esac
	67	done
	68	}
	69
	70	case "$1" in
	71	start)
	72	echo -n "Starting $DESC: "
	73	gen_keys
	74	KEY_ARGS=""
	75	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
	76	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
	77	start-stop-daemon -S \
	78	-x "$DAEMON" -- $KEY_ARGS \
	79	-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
	80	echo "$NAME."
	81	;;
	82	stop)
	83	echo -n "Stopping $DESC: "
	84	start-stop-daemon -K -x "$DAEMON"
	85	echo "$NAME."
	86	;;
	87	restart\|force-reload)
	88	echo -n "Restarting $DESC: "
	89	start-stop-daemon -K -x "$DAEMON"
	90	sleep 1
	91	KEY_ARGS=""
	92	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
	93	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
	94	start-stop-daemon -S \
	95	-x "$DAEMON" -- $KEY_ARGS \
	96	-p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
	97	echo "$NAME."
	98	;;
	99	*)
	100	N=/etc/init.d/$NAME
	101	echo "Usage: $N {start\|stop\|restart\|force-reload}" >&2
	102	exit 1
	103	;;
	104	esac
	105
	106	exit 0


diff --git a/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..75ba306565 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,12 @@
	1	diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
	2	--- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800
	3	+++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800
	4	@@ -167,7 +167,7 @@
	5	/* The command to invoke for xauth when using X11 forwarding.
	6	* "-q" for quiet */
	7	#ifndef XAUTH_COMMAND
	8	-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
	9	+#define XAUTH_COMMAND "xauth -q"
	10	#endif
	11
	12	/* if you want to enable running an sftp server (such as the one included with