[oe] [PATCH v2] dropbear: add 0.53.1

Khem Raj raj.khem at gmail.com
Tue Mar 8 01:26:27 UTC 2011 

On Mon, Mar 7, 2011 at 4:33 PM, Eric Bénard <eric at eukrea.com> wrote:
> * 0.53.1 brings some improvements over 0.52 which was released
> more than 2 years ago. For more details, check the changelog here :
> http://matt.ucc.asn.au/dropbear/CHANGES
>
> Signed-off-by: Eric Bénard <eric at eukrea.com>

a line or two about the define would be nice so people can
disable/enable it if they want otherwise it looks better.

Acked-by: Khem Raj <raj.khem at gmail.com>


> ---
>  recipes/dropbear/dropbear-0.53.1/allow-nopw.patch  |   40 ++++++++++++++++++++
>  recipes/dropbear/dropbear-0.53.1/configure.patch   |   27 +++++++++++++
>  .../dropbear/dropbear-0.53.1/fix-2kb-keys.patch    |   12 ++++++
>  .../dropbear/dropbear-0.53.1/no-host-lookup.patch  |   12 ++++++
>  .../urandom-xauth-changes-to-options.h.patch       |   13 ++++++
>  recipes/dropbear/dropbear_0.53.1.bb                |   13 ++++++
>  6 files changed, 117 insertions(+), 0 deletions(-)
>  create mode 100644 recipes/dropbear/dropbear-0.53.1/allow-nopw.patch
>  create mode 100644 recipes/dropbear/dropbear-0.53.1/configure.patch
>  create mode 100644 recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch
>  create mode 100644 recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch
>  create mode 100644 recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch
>  create mode 100644 recipes/dropbear/dropbear_0.53.1.bb
>
> diff --git a/recipes/dropbear/dropbear-0.53.1/allow-nopw.patch b/recipes/dropbear/dropbear-0.53.1/allow-nopw.patch
> new file mode 100644
> index 0000000..3f3e8b1
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/allow-nopw.patch
> @@ -0,0 +1,40 @@
> +Index: dropbear-0.51/svr-auth.c
> +===================================================================
> +--- dropbear-0.51.orig/svr-auth.c
> ++++ dropbear-0.51/svr-auth.c
> +@@ -270,7 +270,7 @@ static int checkusername(unsigned char *
> +               send_msg_userauth_failure(0, 1);
> +               return DROPBEAR_FAILURE;
> +       }
> +-
> ++#ifdef DISALLOW_EMPTY_PW
> +       /* check for an empty password */
> +       if (ses.authstate.pw_passwd[0] == '\0') {
> +               TRACE(("leave checkusername: empty pword"))
> +@@ -279,7 +279,7 @@ static int checkusername(unsigned char *
> +               send_msg_userauth_failure(0, 1);
> +               return DROPBEAR_FAILURE;
> +       }
> +-
> ++#endif
> +       TRACE(("shell is %s", ses.authstate.pw_shell))
> +
> +       /* check that the shell is set */
> +Index: dropbear-0.51/svr-authpasswd.c
> +===================================================================
> +--- dropbear-0.51.orig/svr-authpasswd.c
> ++++ dropbear-0.51/svr-authpasswd.c
> +@@ -64,9 +64,13 @@ void svr_auth_password() {
> +        * since the shadow password may differ to that tested
> +        * in auth.c */
> +       if (passwdcrypt[0] == '\0') {
> ++#ifdef DISALLOW_EMPTY_PW
> +               dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
> +                               ses.authstate.pw_name);
> +               send_msg_userauth_failure(0, 1);
> ++#else
> ++              send_msg_userauth_success();
> ++#endif
> +               return;
> +       }
> +
> diff --git a/recipes/dropbear/dropbear-0.53.1/configure.patch b/recipes/dropbear/dropbear-0.53.1/configure.patch
> new file mode 100644
> index 0000000..fa24efc
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/configure.patch
> @@ -0,0 +1,27 @@
> +Index: dropbear-0.50/configure.in
> +===================================================================
> +--- dropbear-0.50.orig/configure.in
> ++++ dropbear-0.50/configure.in
> +@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
> +                       AC_MSG_NOTICE(Not using openpty)
> +               else
> +                       AC_MSG_NOTICE(Using openpty if available)
> +-                      AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
> ++                      AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
> +               fi
> +       ],
> +       [
> +               AC_MSG_NOTICE(Using openpty if available)
> +-              AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
> ++              AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
> +       ]
> + )
> ++
> ++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
> ++      AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
> ++      no_ptc_check=yes
> ++      no_ptmx_check=yes
> ++fi
> +
> +
> + AC_ARG_ENABLE(syslog,
> diff --git a/recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch b/recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch
> new file mode 100644
> index 0000000..bb7a4d3
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/fix-2kb-keys.patch
> @@ -0,0 +1,12 @@
> +Index: dropbear-0.50/kex.h
> +===================================================================
> +--- dropbear-0.50.orig/kex.h
> ++++ dropbear-0.50/kex.h
> +@@ -59,6 +59,6 @@ struct KEXState {
> +
> + };
> +
> +-#define MAX_KEXHASHBUF 2000
> ++#define MAX_KEXHASHBUF 3000
> +
> + #endif /* _KEX_H_ */
> diff --git a/recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch b/recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch
> new file mode 100644
> index 0000000..d7c2ccd
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/no-host-lookup.patch
> @@ -0,0 +1,12 @@
> +diff -urN dropbear-0.51/options.h dropbear-0.51.new/options.h
> +--- dropbear-0.51/options.h    2008-03-27 14:34:39.000000000 +0100
> ++++ dropbear-0.51.new/options.h        2008-06-22 00:22:09.000000000 +0200
> +@@ -112,7 +112,7 @@
> + /* #define DSS_PROTOK */
> +
> + /* Whether to do reverse DNS lookups. */
> +-#define DO_HOST_LOOKUP
> ++/* #define DO_HOST_LOOKUP */
> +
> + /* Whether to print the message of the day (MOTD). This doesn't add much code
> +  * size */
> diff --git a/recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch
> new file mode 100644
> index 0000000..bd1657d
> --- /dev/null
> +++ b/recipes/dropbear/dropbear-0.53.1/urandom-xauth-changes-to-options.h.patch
> @@ -0,0 +1,13 @@
> +diff --git a/options.h b/options.h
> +index d309ab4..7fbe97b 100644
> +--- a/options.h
> ++++ b/options.h
> +@@ -236,7 +236,7 @@ much traffic. */
> + /* The command to invoke for xauth when using X11 forwarding.
> +  * "-q" for quiet */
> + #ifndef XAUTH_COMMAND
> +-#define XAUTH_COMMAND "/usr/bin/X11/xauth -q"
> ++#define XAUTH_COMMAND "xauth -q"
> + #endif
> +
> + /* if you want to enable running an sftp server (such as the one included with
> diff --git a/recipes/dropbear/dropbear_0.53.1.bb b/recipes/dropbear/dropbear_0.53.1.bb
> new file mode 100644
> index 0000000..d26b9e8
> --- /dev/null
> +++ b/recipes/dropbear/dropbear_0.53.1.bb
> @@ -0,0 +1,13 @@
> +require dropbear.inc
> +PR = "${INC_PR}.0"
> +
> +SRC_URI += "file://no-host-lookup.patch"
> +
> +do_configure_prepend() {
> +       echo "#define DROPBEAR_SMALL_CODE" >>${S}/options.h
> +}
> +
> +DEFAULT_PREFERENCE = "-1"
> +
> +SRC_URI[md5sum] = "0284ea239083f04c8b874e08e1aca243"
> +SRC_URI[sha256sum] = "e24d3cbecd3bc850b2b336b8eb50c845a285ceef8e22544938a582e163d36393"
> --
> 1.7.0.4
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.linuxtogo.org/cgi-bin/mailman/listinfo/openembedded-devel
>

More information about the Openembedded-devel mailing list