[oe] [PATCH 1/2] dropbear: add 0.53.1
Khem Raj
raj.khem at gmail.com
Sat Mar 5 23:08:36 UTC 2011
On Sat, Mar 5, 2011 at 1:30 PM, Eric Bénard <eric at eukrea.com> wrote:
> * 0.53.1 brings some improvements over 0.52 which was released
> more than 2 years ago. For more details, check the changelog here :
> http://matt.ucc.asn.au/dropbear/CHANGES
> * Please note that DROPBEAR_SMALL_CODEis now disabled which may
> increase the size of the binaries.
can you compare the sizes of .52 and .53.1 so we know how much it will be
>
> Signed-off-by: Eric Bénard <eric at eukrea.com>
Patch itself looks ok
Acked-by: Khem Raj <raj.khem at gmail.com>
> ---
> recipes/dropbear/dropbear-0.53.1/allow-nopw.patch | 40 ++++++++++++++++++++
> recipes/dropbear/dropbear-0.53.1/configure.patch | 27 +++++++++++++
> .../dropbear/dropbear-0.53.1/fix-2kb-keys.patch | 12 ++++++
> .../dropbear/dropbear-0.53.1/no-host-lookup.patch | 12 ++++++
> .../urandom-xauth-changes-to-options.h.patch | 13 ++++++
> recipes/dropbear/dropbear_0.53.1.bb | 9 ++++
> 6 files changed, 113 insertions(+), 0 deletions(-)
> create mode 100644 recipes/dropbear/dropbear-0.53.1/allow-nopw.patch
> create mode 100644 recipes/dropbear/dropbear-0.53.1/configure.patch
> create mode 100644 recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch
> create mode 100644 recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch
> create mode 100644 recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch
> create mode 100644 recipes/dropbear/dropbear_0.53.1.bb
>
> diff --git a/recipes/dropbear/dropbear-0.53.1/allow-nopw.patch b/recipes/dropbear/dropbear-0.53.1/allow-nopw.patch
> new file mode 100644
> index 0000000..3f3e8b1
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/allow-nopw.patch
> @@ -0,0 +1,40 @@
> +Index: dropbear-0.51/svr-auth.c
> +===================================================================
> +--- dropbear-0.51.orig/svr-auth.c
> ++++ dropbear-0.51/svr-auth.c
> +@@ -270,7 +270,7 @@ static int checkusername(unsigned char *
> + send_msg_userauth_failure(0, 1);
> + return DROPBEAR_FAILURE;
> + }
> +-
> ++#ifdef DISALLOW_EMPTY_PW
> + /* check for an empty password */
> + if (ses.authstate.pw_passwd[0] == '\0') {
> + TRACE(("leave checkusername: empty pword"))
> +@@ -279,7 +279,7 @@ static int checkusername(unsigned char *
> + send_msg_userauth_failure(0, 1);
> + return DROPBEAR_FAILURE;
> + }
> +-
> ++#endif
> + TRACE(("shell is %s", ses.authstate.pw_shell))
> +
> + /* check that the shell is set */
> +Index: dropbear-0.51/svr-authpasswd.c
> +===================================================================
> +--- dropbear-0.51.orig/svr-authpasswd.c
> ++++ dropbear-0.51/svr-authpasswd.c
> +@@ -64,9 +64,13 @@ void svr_auth_password() {
> + * since the shadow password may differ to that tested
> + * in auth.c */
> + if (passwdcrypt[0] == '\0') {
> ++#ifdef DISALLOW_EMPTY_PW
> + dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
> + ses.authstate.pw_name);
> + send_msg_userauth_failure(0, 1);
> ++#else
> ++ send_msg_userauth_success();
> ++#endif
> + return;
> + }
> +
> diff --git a/recipes/dropbear/dropbear-0.53.1/configure.patch b/recipes/dropbear/dropbear-0.53.1/configure.patch
> new file mode 100644
> index 0000000..fa24efc
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/configure.patch
> @@ -0,0 +1,27 @@
> +Index: dropbear-0.50/configure.in
> +===================================================================
> +--- dropbear-0.50.orig/configure.in
> ++++ dropbear-0.50/configure.in
> +@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
> + AC_MSG_NOTICE(Not using openpty)
> + else
> + AC_MSG_NOTICE(Using openpty if available)
> +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
> ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
> + fi
> + ],
> + [
> + AC_MSG_NOTICE(Using openpty if available)
> +- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
> ++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
> + ]
> + )
> ++
> ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
> ++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
> ++ no_ptc_check=yes
> ++ no_ptmx_check=yes
> ++fi
> +
> +
> + AC_ARG_ENABLE(syslog,
> diff --git a/recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch b/recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch
> new file mode 100644
> index 0000000..bb7a4d3
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch
> @@ -0,0 +1,12 @@
> +Index: dropbear-0.50/kex.h
> +===================================================================
> +--- dropbear-0.50.orig/kex.h
> ++++ dropbear-0.50/kex.h
> +@@ -59,6 +59,6 @@ struct KEXState {
> +
> + };
> +
> +-#define MAX_KEXHASHBUF 2000
> ++#define MAX_KEXHASHBUF 3000
> +
> + #endif /* _KEX_H_ */
> diff --git a/recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch b/recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch
> new file mode 100644
> index 0000000..d7c2ccd
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch
> @@ -0,0 +1,12 @@
> +diff -urN dropbear-0.51/options.h dropbear-0.51.new/options.h
> +--- dropbear-0.51/options.h 2008-03-27 14:34:39.000000000 +0100
> ++++ dropbear-0.51.new/options.h 2008-06-22 00:22:09.000000000 +0200
> +@@ -112,7 +112,7 @@
> + /* #define DSS_PROTOK */
> +
> + /* Whether to do reverse DNS lookups. */
> +-#define DO_HOST_LOOKUP
> ++/* #define DO_HOST_LOOKUP */
> +
> + /* Whether to print the message of the day (MOTD). This doesn't add much code
> + * size */
> diff --git a/recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch
> new file mode 100644
> index 0000000..bd1657d
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch
> @@ -0,0 +1,13 @@
> +diff --git a/options.h b/options.h
> +index d309ab4..7fbe97b 100644
> +--- a/options.h
> ++++ b/options.h
> +@@ -236,7 +236,7 @@ much traffic. */
> + /* The command to invoke for xauth when using X11 forwarding.
> + * "-q" for quiet */
> + #ifndef XAUTH_COMMAND
> +-#define XAUTH_COMMAND "/usr/bin/X11/xauth -q"
> ++#define XAUTH_COMMAND "xauth -q"
> + #endif
> +
> + /* if you want to enable running an sftp server (such as the one included with
> diff --git a/recipes/dropbear/dropbear_0.53.1.bb b/recipes/dropbear/dropbear_0.53.1.bb
> new file mode 100644
> index 0000000..fd6b970
> --- /dev/null
> +++ b/recipes/dropbear/dropbear_0.53.1.bb
> @@ -0,0 +1,9 @@
> +require dropbear.inc
> +PR = "${INC_PR}.0"
> +
> +SRC_URI += "file://no-host-lookup.patch"
> +
> +DEFAULT_PREFERENCE = "-1"
> +
> +SRC_URI[md5sum] = "0284ea239083f04c8b874e08e1aca243"
> +SRC_URI[sha256sum] = "e24d3cbecd3bc850b2b336b8eb50c845a285ceef8e22544938a582e163d36393"
> --
> 1.7.0.4
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
>
More information about the Openembedded-devel
mailing list