diff options
Diffstat (limited to 'meta/recipes-core/dropbear/dropbear')
7 files changed, 342 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch new file mode 100644 index 0000000000..71a4666b5c --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0001-urandom-xauth-changes-to-options.h.patch | |||
@@ -0,0 +1,23 @@ | |||
1 | Subject: [PATCH 1/6] urandom-xauth-changes-to-options.h | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | --- | ||
5 | options.h | 2 +- | ||
6 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
7 | |||
8 | diff --git a/options.h b/options.h | ||
9 | index 7d06322..71a21c2 100644 | ||
10 | --- a/options.h | ||
11 | +++ b/options.h | ||
12 | @@ -247,7 +247,7 @@ much traffic. */ | ||
13 | /* The command to invoke for xauth when using X11 forwarding. | ||
14 | * "-q" for quiet */ | ||
15 | #ifndef XAUTH_COMMAND | ||
16 | -#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" | ||
17 | +#define XAUTH_COMMAND "xauth -q" | ||
18 | #endif | ||
19 | |||
20 | /* if you want to enable running an sftp server (such as the one included with | ||
21 | -- | ||
22 | 1.7.11.7 | ||
23 | |||
diff --git a/meta/recipes-core/dropbear/dropbear/0002-static_build_fix.patch b/meta/recipes-core/dropbear/dropbear/0002-static_build_fix.patch new file mode 100644 index 0000000000..552bee8996 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0002-static_build_fix.patch | |||
@@ -0,0 +1,64 @@ | |||
1 | Subject: [PATCH 2/6] static_build_fix | ||
2 | Upstream-Status: Submitted | ||
3 | |||
4 | dropbear: fix static build | ||
5 | |||
6 | A more appropriate fix is to remove @CRYPTLIB@ from the objs | ||
7 | line, since it will cause problems with target checking, | ||
8 | this change also meets the goals of the orignal change which | ||
9 | was to not link libcrypt to all binaries. | ||
10 | |||
11 | svr-authpasswd.o: In function `svr_auth_password': | ||
12 | svr-authpasswd.c:(.text+0xfc): undefined reference to `crypt' | ||
13 | collect2: ld returned 1 exit status | ||
14 | |||
15 | Signed-off-by: Saul Wold <sgw@linux.intel.com> | ||
16 | --- | ||
17 | Makefile.in | 11 +++++++---- | ||
18 | 1 file changed, 7 insertions(+), 4 deletions(-) | ||
19 | |||
20 | diff --git a/Makefile.in b/Makefile.in | ||
21 | index 4bdd845..e82e561 100644 | ||
22 | --- a/Makefile.in | ||
23 | +++ b/Makefile.in | ||
24 | @@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h packet.h algo.h ssh.h buffer.h kex.h \ | ||
25 | loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \ | ||
26 | listener.h fake-rfc2553.h | ||
27 | |||
28 | -dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ | ||
29 | +dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) | ||
30 | dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS) | ||
31 | dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS) | ||
32 | dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS) | ||
33 | @@ -158,7 +158,10 @@ dbclient: $(dbclientobjs) | ||
34 | dropbearkey: $(dropbearkeyobjs) | ||
35 | dropbearconvert: $(dropbearconvertobjs) | ||
36 | |||
37 | -dropbear dbclient dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile | ||
38 | +dropbear: $(HEADERS) $(LIBTOM_DEPS) Makefile | ||
39 | + $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBS) @CRYPTLIB@ | ||
40 | + | ||
41 | +dbclient dropbearkey dropbearconvert: $(HEADERS) $(LIBTOM_DEPS) Makefile | ||
42 | $(CC) $(LDFLAGS) -o $@$(EXEEXT) $($@objs) $(LIBS) | ||
43 | |||
44 | # scp doesn't use the libs so is special. | ||
45 | @@ -169,14 +172,14 @@ scp: $(SCPOBJS) $(HEADERS) Makefile | ||
46 | # multi-binary compilation. | ||
47 | MULTIOBJS= | ||
48 | ifeq ($(MULTI),1) | ||
49 | - MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@ | ||
50 | + MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) | ||
51 | CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI | ||
52 | endif | ||
53 | |||
54 | dropbearmulti: multilink | ||
55 | |||
56 | multibinary: $(HEADERS) $(MULTIOBJS) $(LIBTOM_DEPS) Makefile | ||
57 | - $(CC) $(LDFLAGS) -o dropbearmulti$(EXEEXT) $(MULTIOBJS) $(LIBS) | ||
58 | + $(CC) $(LDFLAGS) -o dropbearmulti$(EXEEXT) $(MULTIOBJS) $(LIBS) @CRYPTLIB@ | ||
59 | |||
60 | multilink: multibinary $(addprefix link, $(PROGRAMS)) | ||
61 | |||
62 | -- | ||
63 | 1.7.11.7 | ||
64 | |||
diff --git a/meta/recipes-core/dropbear/dropbear/0003-configure.patch b/meta/recipes-core/dropbear/dropbear/0003-configure.patch new file mode 100644 index 0000000000..2baf665ae4 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0003-configure.patch | |||
@@ -0,0 +1,40 @@ | |||
1 | From c5f5c5054c1b15539dccf866e2c3faba7ed68456 Mon Sep 17 00:00:00 2001 | ||
2 | From: =?UTF-8?q?Eric=20B=C3=A9nard?= <eric@eukrea.com> | ||
3 | Date: Thu, 25 Apr 2013 00:27:25 +0200 | ||
4 | Subject: [PATCH 3/6] configure | ||
5 | |||
6 | --- | ||
7 | configure.ac | 11 ++++++++--- | ||
8 | 1 file changed, 8 insertions(+), 3 deletions(-) | ||
9 | |||
10 | diff --git a/configure.ac b/configure.ac | ||
11 | index 05461f3..9c16d90 100644 | ||
12 | --- a/configure.ac | ||
13 | +++ b/configure.ac | ||
14 | @@ -166,15 +166,20 @@ AC_ARG_ENABLE(openpty, | ||
15 | AC_MSG_NOTICE(Not using openpty) | ||
16 | else | ||
17 | AC_MSG_NOTICE(Using openpty if available) | ||
18 | - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)]) | ||
19 | + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) | ||
20 | fi | ||
21 | ], | ||
22 | [ | ||
23 | AC_MSG_NOTICE(Using openpty if available) | ||
24 | - AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)]) | ||
25 | + AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes]) | ||
26 | ] | ||
27 | ) | ||
28 | - | ||
29 | + | ||
30 | +if test "x$dropbear_cv_func_have_openpty" = "xyes"; then | ||
31 | + AC_DEFINE(HAVE_OPENPTY,,Have openpty() function) | ||
32 | + no_ptc_check=yes | ||
33 | + no_ptmx_check=yes | ||
34 | +fi | ||
35 | |||
36 | AC_ARG_ENABLE(syslog, | ||
37 | [ --disable-syslog Don't include syslog support], | ||
38 | -- | ||
39 | 1.7.11.7 | ||
40 | |||
diff --git a/meta/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch b/meta/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch new file mode 100644 index 0000000000..7539d2034f --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0004-fix-2kb-keys.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | Subject: [PATCH 4/6] fix 2kb keys | ||
2 | |||
3 | Upstream-Status: Inappropriate [configuration] | ||
4 | --- | ||
5 | kex.h | 2 +- | ||
6 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
7 | |||
8 | diff --git a/kex.h b/kex.h | ||
9 | index 72430e9..375c677 100644 | ||
10 | --- a/kex.h | ||
11 | +++ b/kex.h | ||
12 | @@ -67,6 +67,6 @@ struct KEXState { | ||
13 | }; | ||
14 | |||
15 | |||
16 | -#define MAX_KEXHASHBUF 2000 | ||
17 | +#define MAX_KEXHASHBUF 3000 | ||
18 | |||
19 | #endif /* _KEX_H_ */ | ||
20 | -- | ||
21 | 1.7.11.7 | ||
22 | |||
diff --git a/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch new file mode 100644 index 0000000000..e9307339ce --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0005-dropbear-enable-pam.patch | |||
@@ -0,0 +1,31 @@ | |||
1 | Subject: [PATCH 5/6] dropbear enable pam | ||
2 | |||
3 | dropbear: We need modify file option.h besides enabling pam in \ | ||
4 | configure if we want dropbear to support pam. | ||
5 | |||
6 | Upstream-Status: Pending | ||
7 | |||
8 | Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com> | ||
9 | --- | ||
10 | options.h | 4 ++-- | ||
11 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
12 | |||
13 | diff --git a/options.h b/options.h | ||
14 | index 71a21c2..305f789 100644 | ||
15 | --- a/options.h | ||
16 | +++ b/options.h | ||
17 | @@ -174,9 +174,9 @@ much traffic. */ | ||
18 | * PAM challenge/response. | ||
19 | * You can't enable both PASSWORD and PAM. */ | ||
20 | |||
21 | -#define ENABLE_SVR_PASSWORD_AUTH | ||
22 | +//#define ENABLE_SVR_PASSWORD_AUTH | ||
23 | /* PAM requires ./configure --enable-pam */ | ||
24 | -//#define ENABLE_SVR_PAM_AUTH | ||
25 | +#define ENABLE_SVR_PAM_AUTH | ||
26 | #define ENABLE_SVR_PUBKEY_AUTH | ||
27 | |||
28 | /* Whether to take public key options in | ||
29 | -- | ||
30 | 1.7.11.7 | ||
31 | |||
diff --git a/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch new file mode 100644 index 0000000000..fa4c8d0a67 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0006-dropbear-configuration-file.patch | |||
@@ -0,0 +1,22 @@ | |||
1 | Subject: [PATCH 6/6] dropbear configuration file | ||
2 | |||
3 | dropbear: Change the path ("/etc/pam.d/sshd" as default) to find a pam configuration file \ | ||
4 | to "/etc/pam.d/dropbear for dropbear when enabling pam supporting" | ||
5 | |||
6 | Upstream-Status: Inappropriate [configuration] | ||
7 | |||
8 | Signed-off-by: Maxin B. John <maxin.john@enea.com> | ||
9 | Signed-off-by: Xiaofeng Yan <xiaofeng.yan@windriver.com> | ||
10 | --- | ||
11 | diff -Naur dropbear-2013.60-orig/svr-authpam.c dropbear-2013.60/svr-authpam.c | ||
12 | --- dropbear-2013.60-orig/svr-authpam.c 2013-10-16 16:34:53.000000000 +0200 | ||
13 | +++ dropbear-2013.60/svr-authpam.c 2013-10-21 17:04:04.969416055 +0200 | ||
14 | @@ -211,7 +211,7 @@ | ||
15 | userData.passwd = password; | ||
16 | |||
17 | /* Init pam */ | ||
18 | - if ((rc = pam_start("sshd", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { | ||
19 | + if ((rc = pam_start("dropbear", NULL, &pamConv, &pamHandlep)) != PAM_SUCCESS) { | ||
20 | dropbear_log(LOG_WARNING, "pam_start() failed, rc=%d, %s", | ||
21 | rc, pam_strerror(pamHandlep, rc)); | ||
22 | goto cleanup; | ||
diff --git a/meta/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch b/meta/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch new file mode 100644 index 0000000000..b4501211c3 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/0007-dropbear-fix-for-x32-abi.patch | |||
@@ -0,0 +1,140 @@ | |||
1 | Upstream-Status: Pending | ||
2 | |||
3 | The dropbearkey utility built in x32 abi format, when generating ssh | ||
4 | keys, was getting lost in the infinite loop. | ||
5 | |||
6 | This patch fixes the issue by fixing types of variables and | ||
7 | parameters of functions used in the code, which were getting | ||
8 | undesired size, when compiled with the x32 abi toolchain. | ||
9 | |||
10 | 2013/05/23 | ||
11 | Received this fix from H J Lu. | ||
12 | |||
13 | Signed-Off-By: Nitin A Kamble <nitin.a.kamble@intel.com> | ||
14 | |||
15 | # HG changeset patch | ||
16 | # User H.J. Lu <hjl.tools@gmail.com> | ||
17 | # Date 1369344079 25200 | ||
18 | # Node ID a10a1c46b857cc8a3923c3bb6d1504aa25b6052f | ||
19 | # Parent e76614145aea67f66e4a4257685c771efba21aa1 | ||
20 | Typdef mp_digit to unsigned long long for MP_64BIT | ||
21 | |||
22 | When GCC is used with MP_64BIT, we should typedef mp_digit to unsigned | ||
23 | long long instead of unsigned long since for x32, unsigned long is | ||
24 | 32-bit and unsigned long long is 64-bit and it is safe to use unsigned | ||
25 | long long for 64-bit integer with GCC. | ||
26 | |||
27 | diff -r e76614145aea -r a10a1c46b857 libtommath/tommath.h | ||
28 | --- a/libtommath/tommath.h Thu Apr 18 22:57:47 2013 +0800 | ||
29 | +++ b/libtommath/tommath.h Thu May 23 14:21:19 2013 -0700 | ||
30 | @@ -73,7 +73,7 @@ | ||
31 | typedef signed long long long64; | ||
32 | #endif | ||
33 | |||
34 | - typedef unsigned long mp_digit; | ||
35 | + typedef unsigned long long mp_digit; | ||
36 | typedef unsigned long mp_word __attribute__ ((mode(TI))); | ||
37 | |||
38 | #define DIGIT_BIT 60 | ||
39 | # HG changeset patch | ||
40 | # User H.J. Lu <hjl.tools@gmail.com> | ||
41 | # Date 1369344241 25200 | ||
42 | # Node ID c7555a4cb7ded3a88409ba85f4027baa7af5f536 | ||
43 | # Parent a10a1c46b857cc8a3923c3bb6d1504aa25b6052f | ||
44 | Cast to mp_digit when updating *rho | ||
45 | |||
46 | There is | ||
47 | |||
48 | int | ||
49 | mp_montgomery_setup (mp_int * n, mp_digit * rho) | ||
50 | |||
51 | We should cast to mp_digit instead of unsigned long when updating | ||
52 | *rho since mp_digit may be unsigned long long and unsigned long long | ||
53 | may be different from unsigned long, like in x32. | ||
54 | |||
55 | diff -r a10a1c46b857 -r c7555a4cb7de libtommath/bn_mp_montgomery_setup.c | ||
56 | --- a/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:21:19 2013 -0700 | ||
57 | +++ b/libtommath/bn_mp_montgomery_setup.c Thu May 23 14:24:01 2013 -0700 | ||
58 | @@ -48,7 +48,7 @@ | ||
59 | #endif | ||
60 | |||
61 | /* rho = -1/m mod b */ | ||
62 | - *rho = (unsigned long)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; | ||
63 | + *rho = (mp_digit)(((mp_word)1 << ((mp_word) DIGIT_BIT)) - x) & MP_MASK; | ||
64 | |||
65 | return MP_OKAY; | ||
66 | } | ||
67 | # HG changeset patch | ||
68 | # User H.J. Lu <hjl.tools@gmail.com> | ||
69 | # Date 1369344541 25200 | ||
70 | # Node ID 7c656e7071a6412688b2f30a529a9afac6c7bf5a | ||
71 | # Parent c7555a4cb7ded3a88409ba85f4027baa7af5f536 | ||
72 | Define LTC_FAST_TYPE to unsigned long long for __x86_64__ | ||
73 | |||
74 | We should define LTC_FAST_TYPE to unsigned long long instead of unsigned | ||
75 | long if __x86_64__ to support x32 where unsigned long long is 64-bit | ||
76 | and unsigned long is 32-bit. | ||
77 | |||
78 | diff -r c7555a4cb7de -r 7c656e7071a6 libtomcrypt/src/headers/tomcrypt_cfg.h | ||
79 | --- a/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:24:01 2013 -0700 | ||
80 | +++ b/libtomcrypt/src/headers/tomcrypt_cfg.h Thu May 23 14:29:01 2013 -0700 | ||
81 | @@ -74,7 +74,7 @@ | ||
82 | #define ENDIAN_LITTLE | ||
83 | #define ENDIAN_64BITWORD | ||
84 | #define LTC_FAST | ||
85 | - #define LTC_FAST_TYPE unsigned long | ||
86 | + #define LTC_FAST_TYPE unsigned long long | ||
87 | #endif | ||
88 | |||
89 | /* detect PPC32 */ | ||
90 | # HG changeset patch | ||
91 | # User H.J. Lu <hjl.tools@gmail.com> | ||
92 | # Date 1369344730 25200 | ||
93 | # Node ID a7d4690158fae4ede2c4e5b56233e83730bf38ee | ||
94 | # Parent 7c656e7071a6412688b2f30a529a9afac6c7bf5a | ||
95 | Use unsigned long long aas unsigned 64-bit integer for x86-64 GCC | ||
96 | |||
97 | We should use unsigned long long instead of unsigned long as unsigned | ||
98 | 64-bit integer for x86-64 GCC to support x32 where unsigned long is | ||
99 | 32-bit. | ||
100 | |||
101 | diff -r 7c656e7071a6 -r a7d4690158fa libtomcrypt/src/headers/tomcrypt_macros.h | ||
102 | --- a/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:29:01 2013 -0700 | ||
103 | +++ b/libtomcrypt/src/headers/tomcrypt_macros.h Thu May 23 14:32:10 2013 -0700 | ||
104 | @@ -343,7 +343,7 @@ | ||
105 | /* 64-bit Rotates */ | ||
106 | #if !defined(__STRICT_ANSI__) && defined(__GNUC__) && defined(__x86_64__) && !defined(LTC_NO_ASM) | ||
107 | |||
108 | -static inline unsigned long ROL64(unsigned long word, int i) | ||
109 | +static inline unsigned long long ROL64(unsigned long long word, int i) | ||
110 | { | ||
111 | asm("rolq %%cl,%0" | ||
112 | :"=r" (word) | ||
113 | @@ -351,7 +351,7 @@ | ||
114 | return word; | ||
115 | } | ||
116 | |||
117 | -static inline unsigned long ROR64(unsigned long word, int i) | ||
118 | +static inline unsigned long long ROR64(unsigned long long word, int i) | ||
119 | { | ||
120 | asm("rorq %%cl,%0" | ||
121 | :"=r" (word) | ||
122 | @@ -361,7 +361,7 @@ | ||
123 | |||
124 | #ifndef LTC_NO_ROLC | ||
125 | |||
126 | -static inline unsigned long ROL64c(unsigned long word, const int i) | ||
127 | +static inline unsigned long long ROL64c(unsigned long long word, const int i) | ||
128 | { | ||
129 | asm("rolq %2,%0" | ||
130 | :"=r" (word) | ||
131 | @@ -369,7 +369,7 @@ | ||
132 | return word; | ||
133 | } | ||
134 | |||
135 | -static inline unsigned long ROR64c(unsigned long word, const int i) | ||
136 | +static inline unsigned long long ROR64c(unsigned long long word, const int i) | ||
137 | { | ||
138 | asm("rorq %2,%0" | ||
139 | :"=r" (word) | ||
140 | |||