8 files changed, 194 insertions, 0 deletions

diff --git a/packages/dropbear/.mtn2git_empty b/packages/dropbear/.mtn2git_empty
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/packages/dropbear/.mtn2git_empty
diff --git a/packages/dropbear/dropbear-0.45/.mtn2git_empty b/packages/dropbear/dropbear-0.45/.mtn2git_empty
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/packages/dropbear/dropbear-0.45/.mtn2git_empty
diff --git a/packages/dropbear/dropbear-0.45/allow-nopw.patch b/packages/dropbear/dropbear-0.45/allow-nopw.patch
index e69de29bb2..1a709b8da0 100644
--- a/packages/dropbear/dropbear-0.45/allow-nopw.patch
+++ b/packages/dropbear/dropbear-0.45/allow-nopw.patch
@@ -0,0 +1,37 @@
+diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c
+--- dropbear-0.45/svr-auth.c	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-auth.c	2005-03-08 15:22:43.998592744 -0800
+@@ -237,6 +237,7 @@
+ 	}
+ 
+ 	/* check for an empty password */
++#ifdef DISALLOW_EMPTY_PW
+ 	if (ses.authstate.pw->pw_passwd[0] == '\0') {
+ 		TRACE(("leave checkusername: empty pword"))
+ 		dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+@@ -244,7 +245,7 @@
+ 		send_msg_userauth_failure(0, 1);
+ 		return DROPBEAR_FAILURE;
+ 	}
+-
++#endif
+ 	TRACE(("shell is %s", ses.authstate.pw->pw_shell))
+ 
+ 	/* check that the shell is set */
+diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c
+--- dropbear-0.45/svr-authpasswd.c	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-authpasswd.c	2005-03-08 15:22:44.010591023 -0800
+@@ -64,9 +64,13 @@
+ 	 * since the shadow password may differ to that tested
+ 	 * in auth.c */
+ 	if (passwdcrypt[0] == '\0') {
++#ifdef DISALLOW_EMPTY_PASSWD
+ 		dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+ 				ses.authstate.printableuser);
+ 		send_msg_userauth_failure(0, 1);
++#else
++		send_msg_userauth_success();
++#endif
+ 		return;
+ 	}
+ 
diff --git a/packages/dropbear/dropbear-0.45/configure.patch b/packages/dropbear/dropbear-0.45/configure.patch
index e69de29bb2..9ae84b2604 100644
--- a/packages/dropbear/dropbear-0.45/configure.patch
+++ b/packages/dropbear/dropbear-0.45/configure.patch
@@ -0,0 +1,27 @@
+diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
+--- dropbear-0.45/configure.in	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/configure.in	2005-03-08 15:22:44.040586721 -0800
+@@ -161,15 +161,20 @@
+ 			AC_MSG_RESULT(Not using openpty)
+ 		else
+ 			AC_MSG_RESULT(Using openpty if available)
+-			AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
++			AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ 		fi
+ 	],
+ 	[
+ 		AC_MSG_RESULT(Using openpty if available)
+-		AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
++		AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ 	]
+ )
+-		
++
++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
++	AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
++	no_ptc_check=yes
++	no_ptmx_check=yes
++fi
+ 
+ AC_ARG_ENABLE(syslog,
+ 	[  --disable-syslog        Don't include syslog support],
diff --git a/packages/dropbear/dropbear-0.45/fix-2kb-keys.patch b/packages/dropbear/dropbear-0.45/fix-2kb-keys.patch
index e69de29bb2..ba2b19d44a 100644
--- a/packages/dropbear/dropbear-0.45/fix-2kb-keys.patch
+++ b/packages/dropbear/dropbear-0.45/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
+diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
+--- dropbear-0.45/kex.h	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/kex.h	2005-03-08 15:22:44.064583279 -0800
+@@ -64,6 +64,6 @@
+ 
+ };
+ 
+-#define MAX_KEXHASHBUF 2000
++#define MAX_KEXHASHBUF 3000
+ 
+ #endif /* _KEX_H_ */
diff --git a/packages/dropbear/dropbear-0.45/urandom-xauth-changes-to-options.h.patch b/packages/dropbear/dropbear-0.45/urandom-xauth-changes-to-options.h.patch
index e69de29bb2..e2b1dd5da5 100644
--- a/packages/dropbear/dropbear-0.45/urandom-xauth-changes-to-options.h.patch
+++ b/packages/dropbear/dropbear-0.45/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,21 @@
+diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
+--- dropbear-0.45/options.h	2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/options.h	2005-03-08 15:25:09.368742090 -0800
+@@ -143,7 +143,7 @@
+  * however significantly reduce the security of your ssh connections
+  * if the PRNG state becomes guessable - make sure you know what you are
+  * doing if you change this. */
+-#define DROPBEAR_RANDOM_DEV "/dev/random"
++#define DROPBEAR_RANDOM_DEV "/dev/urandom"
+ 
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
+@@ -167,7 +167,7 @@
+ /* The command to invoke for xauth when using X11 forwarding.
+  * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
++#define XAUTH_COMMAND "xauth -q"
+ #endif
+ 
+ /* if you want to enable running an sftp server (such as the one included with
diff --git a/packages/dropbear/dropbear/.mtn2git_empty b/packages/dropbear/dropbear/.mtn2git_empty
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/packages/dropbear/dropbear/.mtn2git_empty
diff --git a/packages/dropbear/dropbear/init b/packages/dropbear/dropbear/init
index e69de29bb2..d019bdb4ba 100644..100755
--- a/packages/dropbear/dropbear/init
+++ b/packages/dropbear/dropbear/init
@@ -0,0 +1,98 @@
+#!/bin/sh
+#
+# Do not configure this file. Edit /etc/default/dropbear instead!
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/dropbear
+NAME=dropbear
+DESC="Dropbear SSH server"
+
+DROPBEAR_PORT=22
+DROPBEAR_EXTRA_ARGS=
+NO_START=0
+
+set -e
+
+test ! -r /etc/default/dropbear || . /etc/default/dropbear
+test "$NO_START" = "0" || exit 0
+test -x "$DAEMON" || exit 0
+test ! -h /var/service/dropbear || exit 0
+
+readonly_rootfs=0
+for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
+  case $flag in
+   ro)
+     readonly_rootfs=1
+     ;;
+  esac
+done
+
+if [ $readonly_rootfs = "1" ]; then
+  mkdir -p /var/lib/dropbear
+  DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
+  DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
+else
+  DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+  DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
+fi
+
+test -z "$DROPBEAR_BANNER" || \
+  DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
+test -n "$DROPBEAR_RSAKEY" || \
+  DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+test -n "$DROPBEAR_DSSKEY" || \
+  DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
+test -n "$DROPBEAR_KEYTYPES" || \
+  DROPBEAR_KEYTYPES="rsa"
+
+gen_keys() {
+for t in $DROPBEAR_KEYTYPES; do
+  case $t in
+    rsa)
+        test -f $DROPBEAR_RSAKEY || dropbearkey -t rsa -f $DROPBEAR_RSAKEY
+	;;
+    dsa)
+        test -f $DROPBEAR_DSSKEY || dropbearkey -t dss -f $DROPBEAR_DSSKEY
+	;;
+  esac
+done
+}
+
+case "$1" in
+  start)
+	echo -n "Starting $DESC: "
+	gen_keys
+	KEY_ARGS=""
+	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+	start-stop-daemon -S \
+	  -x "$DAEMON" -- $KEY_ARGS \
+	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+	echo "$NAME."
+	;;
+  stop)
+	echo -n "Stopping $DESC: "
+	start-stop-daemon -K -x "$DAEMON"
+	echo "$NAME."
+	;;
+  restart|force-reload)
+	echo -n "Restarting $DESC: "
+	start-stop-daemon -K -x "$DAEMON"
+	sleep 1
+	KEY_ARGS=""
+	test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+	test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+	start-stop-daemon -S \
+	  -x "$DAEMON" -- $KEY_ARGS \
+	    -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+	echo "$NAME."
+	;;
+  *)
+	N=/etc/init.d/$NAME
+	echo "Usage: $N {start|stop|restart|force-reload}" >&2
+	exit 1
+	;;
+esac
+
+exit 0