summaryrefslogtreecommitdiff
path: root/recipes/dropbear
diff options
context:
space:
mode:
Diffstat (limited to 'recipes/dropbear')
-rw-r--r--recipes/dropbear/dropbear-0.49/configure.patch27
-rw-r--r--recipes/dropbear/dropbear-0.49/scp-argument-fix.patch21
-rw-r--r--recipes/dropbear/dropbear-0.51/allow-nopw.patch40
-rw-r--r--recipes/dropbear/dropbear-0.51/configure.patch27
-rw-r--r--recipes/dropbear/dropbear-0.51/fix-2kb-keys.patch12
-rw-r--r--recipes/dropbear/dropbear-0.51/no-host-lookup.patch12
-rw-r--r--recipes/dropbear/dropbear-0.51/urandom-xauth-changes-to-options.h.patch13
-rw-r--r--recipes/dropbear/dropbear-0.52/allow-nopw.patch40
-rw-r--r--recipes/dropbear/dropbear-0.52/configure.patch27
-rw-r--r--recipes/dropbear/dropbear-0.52/fix-2kb-keys.patch12
-rw-r--r--recipes/dropbear/dropbear-0.52/no-host-lookup.patch12
-rw-r--r--recipes/dropbear/dropbear-0.52/urandom-xauth-changes-to-options.h.patch13
-rw-r--r--recipes/dropbear/dropbear-early/dropbear-early10
-rw-r--r--recipes/dropbear/dropbear-early_1.0.bb18
-rw-r--r--recipes/dropbear/dropbear.inc83
-rw-r--r--recipes/dropbear/dropbear/allow-nopw.patch37
-rw-r--r--recipes/dropbear/dropbear/configure.patch27
-rw-r--r--recipes/dropbear/dropbear/fix-2kb-keys.patch11
-rwxr-xr-xrecipes/dropbear/dropbear/init104
-rw-r--r--recipes/dropbear/dropbear/openmoko/default1
-rw-r--r--recipes/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch21
-rw-r--r--recipes/dropbear/dropbear_0.49.bb5
-rw-r--r--recipes/dropbear/dropbear_0.51.bb4
-rw-r--r--recipes/dropbear/dropbear_0.52.bb7
24 files changed, 584 insertions, 0 deletions
diff --git a/recipes/dropbear/dropbear-0.49/configure.patch b/recipes/dropbear/dropbear-0.49/configure.patch
new file mode 100644
index 0000000000..8d11b23f14
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.49/configure.patch
@@ -0,0 +1,27 @@
+Index: dropbear-0.49/configure.in
+===================================================================
+--- dropbear-0.49.orig/configure.in
++++ dropbear-0.49/configure.in
+@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
+ AC_MSG_NOTICE(Not using openpty)
+ else
+ AC_MSG_NOTICE(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ fi
+ ],
+ [
+ AC_MSG_NOTICE(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ ]
+ )
++
++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
++ no_ptc_check=yes
++ no_ptmx_check=yes
++fi
+
+
+ AC_ARG_ENABLE(syslog,
diff --git a/recipes/dropbear/dropbear-0.49/scp-argument-fix.patch b/recipes/dropbear/dropbear-0.49/scp-argument-fix.patch
new file mode 100644
index 0000000000..716a9670fe
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.49/scp-argument-fix.patch
@@ -0,0 +1,21 @@
+source: https://dev.openwrt.org/browser/trunk/openwrt/package/dropbear/patches/scp-argument-fix.patch?rev=453
+comment: remove unsupported default arguments in scp. Fixes OE bug 3227.
+
+diff -ur dropbear-0.49-orig/scp.c dropbear-0.49/scp.c
+--- dropbear-0.49-orig/scp.c 2007-02-22 16:51:35.000000000 +0100
++++ dropbear-0.49/scp.c 2007-10-19 14:19:08.000000000 +0200
+@@ -308,10 +308,10 @@
+ memset(&args, '\0', sizeof(args));
+ args.list = NULL;
+ addargs(&args, "%s", ssh_program);
+- addargs(&args, "-x");
+- addargs(&args, "-oForwardAgent no");
+- addargs(&args, "-oPermitLocalCommand no");
+- addargs(&args, "-oClearAllForwardings yes");
++// addargs(&args, "-x");
++// addargs(&args, "-oForwardAgent no");
++// addargs(&args, "-oPermitLocalCommand no");
++// addargs(&args, "-oClearAllForwardings yes");
+
+ fflag = tflag = 0;
+ while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1)
diff --git a/recipes/dropbear/dropbear-0.51/allow-nopw.patch b/recipes/dropbear/dropbear-0.51/allow-nopw.patch
new file mode 100644
index 0000000000..3f3e8b167f
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.51/allow-nopw.patch
@@ -0,0 +1,40 @@
+Index: dropbear-0.51/svr-auth.c
+===================================================================
+--- dropbear-0.51.orig/svr-auth.c
++++ dropbear-0.51/svr-auth.c
+@@ -270,7 +270,7 @@ static int checkusername(unsigned char *
+ send_msg_userauth_failure(0, 1);
+ return DROPBEAR_FAILURE;
+ }
+-
++#ifdef DISALLOW_EMPTY_PW
+ /* check for an empty password */
+ if (ses.authstate.pw_passwd[0] == '\0') {
+ TRACE(("leave checkusername: empty pword"))
+@@ -279,7 +279,7 @@ static int checkusername(unsigned char *
+ send_msg_userauth_failure(0, 1);
+ return DROPBEAR_FAILURE;
+ }
+-
++#endif
+ TRACE(("shell is %s", ses.authstate.pw_shell))
+
+ /* check that the shell is set */
+Index: dropbear-0.51/svr-authpasswd.c
+===================================================================
+--- dropbear-0.51.orig/svr-authpasswd.c
++++ dropbear-0.51/svr-authpasswd.c
+@@ -64,9 +64,13 @@ void svr_auth_password() {
+ * since the shadow password may differ to that tested
+ * in auth.c */
+ if (passwdcrypt[0] == '\0') {
++#ifdef DISALLOW_EMPTY_PW
+ dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+ ses.authstate.pw_name);
+ send_msg_userauth_failure(0, 1);
++#else
++ send_msg_userauth_success();
++#endif
+ return;
+ }
+
diff --git a/recipes/dropbear/dropbear-0.51/configure.patch b/recipes/dropbear/dropbear-0.51/configure.patch
new file mode 100644
index 0000000000..fa24efc066
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.51/configure.patch
@@ -0,0 +1,27 @@
+Index: dropbear-0.50/configure.in
+===================================================================
+--- dropbear-0.50.orig/configure.in
++++ dropbear-0.50/configure.in
+@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
+ AC_MSG_NOTICE(Not using openpty)
+ else
+ AC_MSG_NOTICE(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ fi
+ ],
+ [
+ AC_MSG_NOTICE(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ ]
+ )
++
++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
++ no_ptc_check=yes
++ no_ptmx_check=yes
++fi
+
+
+ AC_ARG_ENABLE(syslog,
diff --git a/recipes/dropbear/dropbear-0.51/fix-2kb-keys.patch b/recipes/dropbear/dropbear-0.51/fix-2kb-keys.patch
new file mode 100644
index 0000000000..bb7a4d32ac
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.51/fix-2kb-keys.patch
@@ -0,0 +1,12 @@
+Index: dropbear-0.50/kex.h
+===================================================================
+--- dropbear-0.50.orig/kex.h
++++ dropbear-0.50/kex.h
+@@ -59,6 +59,6 @@ struct KEXState {
+
+ };
+
+-#define MAX_KEXHASHBUF 2000
++#define MAX_KEXHASHBUF 3000
+
+ #endif /* _KEX_H_ */
diff --git a/recipes/dropbear/dropbear-0.51/no-host-lookup.patch b/recipes/dropbear/dropbear-0.51/no-host-lookup.patch
new file mode 100644
index 0000000000..d7c2ccdc62
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.51/no-host-lookup.patch
@@ -0,0 +1,12 @@
+diff -urN dropbear-0.51/options.h dropbear-0.51.new/options.h
+--- dropbear-0.51/options.h 2008-03-27 14:34:39.000000000 +0100
++++ dropbear-0.51.new/options.h 2008-06-22 00:22:09.000000000 +0200
+@@ -112,7 +112,7 @@
+ /* #define DSS_PROTOK */
+
+ /* Whether to do reverse DNS lookups. */
+-#define DO_HOST_LOOKUP
++/* #define DO_HOST_LOOKUP */
+
+ /* Whether to print the message of the day (MOTD). This doesn't add much code
+ * size */
diff --git a/recipes/dropbear/dropbear-0.51/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear-0.51/urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000000..787b801643
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.51/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,13 @@
+Index: dropbear-0.50/options.h
+===================================================================
+--- dropbear-0.50.orig/options.h
++++ dropbear-0.50/options.h
+@@ -197,7 +197,7 @@ etc) slower (perhaps by 50%). Recommende
+ /* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
++#define XAUTH_COMMAND "xauth -q"
+ #endif
+
+ /* if you want to enable running an sftp server (such as the one included with
diff --git a/recipes/dropbear/dropbear-0.52/allow-nopw.patch b/recipes/dropbear/dropbear-0.52/allow-nopw.patch
new file mode 100644
index 0000000000..3f3e8b167f
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.52/allow-nopw.patch
@@ -0,0 +1,40 @@
+Index: dropbear-0.51/svr-auth.c
+===================================================================
+--- dropbear-0.51.orig/svr-auth.c
++++ dropbear-0.51/svr-auth.c
+@@ -270,7 +270,7 @@ static int checkusername(unsigned char *
+ send_msg_userauth_failure(0, 1);
+ return DROPBEAR_FAILURE;
+ }
+-
++#ifdef DISALLOW_EMPTY_PW
+ /* check for an empty password */
+ if (ses.authstate.pw_passwd[0] == '\0') {
+ TRACE(("leave checkusername: empty pword"))
+@@ -279,7 +279,7 @@ static int checkusername(unsigned char *
+ send_msg_userauth_failure(0, 1);
+ return DROPBEAR_FAILURE;
+ }
+-
++#endif
+ TRACE(("shell is %s", ses.authstate.pw_shell))
+
+ /* check that the shell is set */
+Index: dropbear-0.51/svr-authpasswd.c
+===================================================================
+--- dropbear-0.51.orig/svr-authpasswd.c
++++ dropbear-0.51/svr-authpasswd.c
+@@ -64,9 +64,13 @@ void svr_auth_password() {
+ * since the shadow password may differ to that tested
+ * in auth.c */
+ if (passwdcrypt[0] == '\0') {
++#ifdef DISALLOW_EMPTY_PW
+ dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+ ses.authstate.pw_name);
+ send_msg_userauth_failure(0, 1);
++#else
++ send_msg_userauth_success();
++#endif
+ return;
+ }
+
diff --git a/recipes/dropbear/dropbear-0.52/configure.patch b/recipes/dropbear/dropbear-0.52/configure.patch
new file mode 100644
index 0000000000..fa24efc066
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.52/configure.patch
@@ -0,0 +1,27 @@
+Index: dropbear-0.50/configure.in
+===================================================================
+--- dropbear-0.50.orig/configure.in
++++ dropbear-0.50/configure.in
+@@ -164,14 +164,20 @@ AC_ARG_ENABLE(openpty,
+ AC_MSG_NOTICE(Not using openpty)
+ else
+ AC_MSG_NOTICE(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ fi
+ ],
+ [
+ AC_MSG_NOTICE(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ ]
+ )
++
++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
++ no_ptc_check=yes
++ no_ptmx_check=yes
++fi
+
+
+ AC_ARG_ENABLE(syslog,
diff --git a/recipes/dropbear/dropbear-0.52/fix-2kb-keys.patch b/recipes/dropbear/dropbear-0.52/fix-2kb-keys.patch
new file mode 100644
index 0000000000..bb7a4d32ac
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.52/fix-2kb-keys.patch
@@ -0,0 +1,12 @@
+Index: dropbear-0.50/kex.h
+===================================================================
+--- dropbear-0.50.orig/kex.h
++++ dropbear-0.50/kex.h
+@@ -59,6 +59,6 @@ struct KEXState {
+
+ };
+
+-#define MAX_KEXHASHBUF 2000
++#define MAX_KEXHASHBUF 3000
+
+ #endif /* _KEX_H_ */
diff --git a/recipes/dropbear/dropbear-0.52/no-host-lookup.patch b/recipes/dropbear/dropbear-0.52/no-host-lookup.patch
new file mode 100644
index 0000000000..d7c2ccdc62
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.52/no-host-lookup.patch
@@ -0,0 +1,12 @@
+diff -urN dropbear-0.51/options.h dropbear-0.51.new/options.h
+--- dropbear-0.51/options.h 2008-03-27 14:34:39.000000000 +0100
++++ dropbear-0.51.new/options.h 2008-06-22 00:22:09.000000000 +0200
+@@ -112,7 +112,7 @@
+ /* #define DSS_PROTOK */
+
+ /* Whether to do reverse DNS lookups. */
+-#define DO_HOST_LOOKUP
++/* #define DO_HOST_LOOKUP */
+
+ /* Whether to print the message of the day (MOTD). This doesn't add much code
+ * size */
diff --git a/recipes/dropbear/dropbear-0.52/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear-0.52/urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000000..787b801643
--- /dev/null
+++ b/recipes/dropbear/dropbear-0.52/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,13 @@
+Index: dropbear-0.50/options.h
+===================================================================
+--- dropbear-0.50.orig/options.h
++++ dropbear-0.50/options.h
+@@ -197,7 +197,7 @@ etc) slower (perhaps by 50%). Recommende
+ /* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
++#define XAUTH_COMMAND "xauth -q"
+ #endif
+
+ /* if you want to enable running an sftp server (such as the one included with
diff --git a/recipes/dropbear/dropbear-early/dropbear-early b/recipes/dropbear/dropbear-early/dropbear-early
new file mode 100644
index 0000000000..fa06a93003
--- /dev/null
+++ b/recipes/dropbear/dropbear-early/dropbear-early
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+for x in $(cat /proc/cmdline); do
+ case $x in
+ dropbear=early)
+ echo "Starting dropbear early"
+ exec /etc/init.d/dropbear $*
+ ;;
+ esac
+done
diff --git a/recipes/dropbear/dropbear-early_1.0.bb b/recipes/dropbear/dropbear-early_1.0.bb
new file mode 100644
index 0000000000..c947cf0e74
--- /dev/null
+++ b/recipes/dropbear/dropbear-early_1.0.bb
@@ -0,0 +1,18 @@
+DESCRIPTION = "Allow to start dropbear soon after boot, depending on kernel command line option."
+SECTION = "devel"
+RDEPENDS = "dropbear"
+PR = "r3"
+
+SRC_URI = "file://dropbear-early"
+
+inherit update-rc.d
+
+do_install() {
+ install -d ${D}${sysconfdir}/init.d
+ install -m 0755 ${WORKDIR}/${INITSCRIPT_NAME} ${D}${sysconfdir}/init.d/
+}
+
+PACKAGE_ARCH = "all"
+
+INITSCRIPT_NAME = "dropbear-early"
+INITSCRIPT_PARAMS = "start 00 S ."
diff --git a/recipes/dropbear/dropbear.inc b/recipes/dropbear/dropbear.inc
new file mode 100644
index 0000000000..364799f12e
--- /dev/null
+++ b/recipes/dropbear/dropbear.inc
@@ -0,0 +1,83 @@
+DESCRIPTION = "Dropbear is a lightweight SSH and SCP implementation"
+HOMEPAGE = "http://matt.ucc.asn.au/dropbear/dropbear.html"
+SECTION = "console/network"
+LICENSE = "MIT"
+DEPENDS = "zlib"
+PROVIDES = "ssh sshd"
+RPROVIDES = "ssh sshd"
+
+SRC_URI = "\
+ http://matt.ucc.asn.au/dropbear/dropbear-${PV}.tar.bz2 \
+ file://urandom-xauth-changes-to-options.h.patch;patch=1 \
+ file://configure.patch;patch=1 \
+ file://fix-2kb-keys.patch;patch=1 \
+ file://allow-nopw.patch \
+ file://init \
+"
+SRC_URI_append_openmoko = "\
+ file://default \
+"
+
+inherit autotools update-rc.d
+
+INITSCRIPT_NAME = "dropbear"
+INITSCRIPT_PARAMS = "defaults 10"
+
+CFLAGS =+ "-I."
+LD = "${CC}"
+
+SBINCOMMANDS = "dropbear dropbearkey dropbearconvert"
+BINCOMMANDS = "dbclient ssh scp"
+EXTRA_OEMAKE = 'MULTI=1 SCPPROGRESS=1 PROGRAMS="${SBINCOMMANDS} ${BINCOMMANDS}"'
+
+do_configure_prepend() {
+ if [ "x${DISTRO_TYPE}" = "xdebug" ]; then
+ oenote "WARNING: applying allow-nopw.patch which allows password-less logins!"
+ patch -p1 < ${WORKDIR}/allow-nopw.patch
+ fi
+}
+
+do_install() {
+ install -d ${D}${sysconfdir}
+ install -d ${D}${sysconfdir}/init.d
+ install -d ${D}${sysconfdir}/default
+ install -d ${D}${sysconfdir}/dropbear
+ install -d ${D}${bindir}
+ install -d ${D}${sbindir}
+ install -d ${D}${localstatedir}
+
+ install -m 0755 dropbearmulti ${D}${sbindir}/
+ ln -s ${sbindir}/dropbearmulti ${D}${bindir}/dbclient
+
+ for i in ${SBINCOMMANDS}
+ do
+ ln -sf ./dropbearmulti ${D}${sbindir}/$i
+ done
+ cat ${WORKDIR}/init | sed -e 's,/etc,${sysconfdir},g' \
+ -e 's,/usr/sbin,${sbindir},g' \
+ -e 's,/var,${localstatedir},g' \
+ -e 's,/usr/bin,${bindir},g' \
+ -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear
+ chmod 755 ${D}${sysconfdir}/init.d/dropbear
+ if test -e ${WORKDIR}/default ; then
+ install -m 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/dropbear
+ fi
+}
+
+pkg_postinst () {
+ update-alternatives --install ${bindir}/scp scp ${sbindir}/dropbearmulti 20
+ update-alternatives --install ${bindir}/ssh ssh ${sbindir}/dropbearmulti 20
+}
+
+pkg_postrm_append () {
+ if [ -f "${sysconfdir}/dropbear/dropbear_rsa_host_key" ]; then
+ rm ${sysconfdir}/dropbear/dropbear_rsa_host_key
+ fi
+ if [ -f "${sysconfdir}/dropbear/dropbear_dss_host_key" ]; then
+ rm ${sysconfdir}/dropbear/dropbear_dss_host_key
+ fi
+ update-alternatives --remove ssh ${bindir}/dropbearmulti
+ update-alternatives --remove scp ${bindir}/dropbearmulti
+}
+
+CONFFILES_${PN}_openmoko += "${sysconfdir}/default/dropbear"
diff --git a/recipes/dropbear/dropbear/allow-nopw.patch b/recipes/dropbear/dropbear/allow-nopw.patch
new file mode 100644
index 0000000000..1a709b8da0
--- /dev/null
+++ b/recipes/dropbear/dropbear/allow-nopw.patch
@@ -0,0 +1,37 @@
+diff -Nurd dropbear-0.45/svr-auth.c dropbear-0.45.patched/svr-auth.c
+--- dropbear-0.45/svr-auth.c 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-auth.c 2005-03-08 15:22:43.998592744 -0800
+@@ -237,6 +237,7 @@
+ }
+
+ /* check for an empty password */
++#ifdef DISALLOW_EMPTY_PW
+ if (ses.authstate.pw->pw_passwd[0] == '\0') {
+ TRACE(("leave checkusername: empty pword"))
+ dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+@@ -244,7 +245,7 @@
+ send_msg_userauth_failure(0, 1);
+ return DROPBEAR_FAILURE;
+ }
+-
++#endif
+ TRACE(("shell is %s", ses.authstate.pw->pw_shell))
+
+ /* check that the shell is set */
+diff -Nurd dropbear-0.45/svr-authpasswd.c dropbear-0.45.patched/svr-authpasswd.c
+--- dropbear-0.45/svr-authpasswd.c 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/svr-authpasswd.c 2005-03-08 15:22:44.010591023 -0800
+@@ -64,9 +64,13 @@
+ * since the shadow password may differ to that tested
+ * in auth.c */
+ if (passwdcrypt[0] == '\0') {
++#ifdef DISALLOW_EMPTY_PASSWD
+ dropbear_log(LOG_WARNING, "user '%s' has blank password, rejected",
+ ses.authstate.printableuser);
+ send_msg_userauth_failure(0, 1);
++#else
++ send_msg_userauth_success();
++#endif
+ return;
+ }
+
diff --git a/recipes/dropbear/dropbear/configure.patch b/recipes/dropbear/dropbear/configure.patch
new file mode 100644
index 0000000000..9ae84b2604
--- /dev/null
+++ b/recipes/dropbear/dropbear/configure.patch
@@ -0,0 +1,27 @@
+diff -Nurd dropbear-0.45/configure.in dropbear-0.45.patched/configure.in
+--- dropbear-0.45/configure.in 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/configure.in 2005-03-08 15:22:44.040586721 -0800
+@@ -161,15 +161,20 @@
+ AC_MSG_RESULT(Not using openpty)
+ else
+ AC_MSG_RESULT(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ fi
+ ],
+ [
+ AC_MSG_RESULT(Using openpty if available)
+- AC_SEARCH_LIBS(openpty, util, [AC_DEFINE(HAVE_OPENPTY)])
++ AC_SEARCH_LIBS(openpty, util, [dropbear_cv_func_have_openpty=yes])
+ ]
+ )
+-
++
++if test "x$dropbear_cv_func_have_openpty" = "xyes"; then
++ AC_DEFINE(HAVE_OPENPTY,,Have openpty() function)
++ no_ptc_check=yes
++ no_ptmx_check=yes
++fi
+
+ AC_ARG_ENABLE(syslog,
+ [ --disable-syslog Don't include syslog support],
diff --git a/recipes/dropbear/dropbear/fix-2kb-keys.patch b/recipes/dropbear/dropbear/fix-2kb-keys.patch
new file mode 100644
index 0000000000..ba2b19d44a
--- /dev/null
+++ b/recipes/dropbear/dropbear/fix-2kb-keys.patch
@@ -0,0 +1,11 @@
+diff -Nurd dropbear-0.45/kex.h dropbear-0.45.patched/kex.h
+--- dropbear-0.45/kex.h 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/kex.h 2005-03-08 15:22:44.064583279 -0800
+@@ -64,6 +64,6 @@
+
+ };
+
+-#define MAX_KEXHASHBUF 2000
++#define MAX_KEXHASHBUF 3000
+
+ #endif /* _KEX_H_ */
diff --git a/recipes/dropbear/dropbear/init b/recipes/dropbear/dropbear/init
new file mode 100755
index 0000000000..5c8dfc12a8
--- /dev/null
+++ b/recipes/dropbear/dropbear/init
@@ -0,0 +1,104 @@
+#!/bin/sh
+#
+# Do not configure this file. Edit /etc/default/dropbear instead!
+#
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/dropbear
+NAME=dropbear
+DESC="Dropbear SSH server"
+
+DROPBEAR_PORT=22
+DROPBEAR_EXTRA_ARGS=
+NO_START=0
+
+set -e
+
+test ! -r /etc/default/dropbear || . /etc/default/dropbear
+test "$NO_START" = "0" || exit 0
+test -x "$DAEMON" || exit 0
+test ! -h /var/service/dropbear || exit 0
+
+readonly_rootfs=0
+for flag in `awk '{ if ($2 == "/") { split($4,FLAGS,",") } }; END { for (f in FLAGS) print FLAGS[f] }' </proc/mounts`; do
+ case $flag in
+ ro)
+ readonly_rootfs=1
+ ;;
+ esac
+done
+
+if [ $readonly_rootfs = "1" ]; then
+ mkdir -p /var/lib/dropbear
+ DROPBEAR_RSAKEY_DEFAULT="/var/lib/dropbear/dropbear_rsa_host_key"
+ DROPBEAR_DSSKEY_DEFAULT="/var/lib/dropbear/dropbear_dss_host_key"
+else
+ DROPBEAR_RSAKEY_DEFAULT="/etc/dropbear/dropbear_rsa_host_key"
+ DROPBEAR_DSSKEY_DEFAULT="/etc/dropbear/dropbear_dss_host_key"
+fi
+
+test -z "$DROPBEAR_BANNER" || \
+ DROPBEAR_EXTRA_ARGS="$DROPBEAR_EXTRA_ARGS -b $DROPBEAR_BANNER"
+test -n "$DROPBEAR_RSAKEY" || \
+ DROPBEAR_RSAKEY=$DROPBEAR_RSAKEY_DEFAULT
+test -n "$DROPBEAR_DSSKEY" || \
+ DROPBEAR_DSSKEY=$DROPBEAR_DSSKEY_DEFAULT
+test -n "$DROPBEAR_KEYTYPES" || \
+ DROPBEAR_KEYTYPES="rsa"
+
+gen_keys() {
+for t in $DROPBEAR_KEYTYPES; do
+ case $t in
+ rsa)
+ if [ ! -f $DROPBEAR_RSAKEY ]; then
+ echo "Creating $DESC RSA host key."
+ dropbearkey -t rsa -f $DROPBEAR_RSAKEY
+ fi
+ ;;
+ dsa)
+ if [ ! -f $DROPBEAR_DSSKEY ]; then
+ echo "Creating $DESC DSA host key."
+ dropbearkey -t dss -f $DROPBEAR_DSSKEY
+ fi
+ ;;
+ esac
+done
+}
+
+case "$1" in
+ start)
+ gen_keys
+ echo -n "Starting $DESC: "
+ KEY_ARGS=""
+ test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+ test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+ start-stop-daemon -S \
+ -x "$DAEMON" -- $KEY_ARGS \
+ -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ start-stop-daemon -K -x "$DAEMON"
+ echo "$NAME."
+ ;;
+ restart|force-reload)
+ echo -n "Restarting $DESC: "
+ start-stop-daemon -K -x "$DAEMON"
+ sleep 1
+ KEY_ARGS=""
+ test -f $DROPBEAR_DSSKEY && KEY_ARGS="$KEY_ARGS -d $DROPBEAR_DSSKEY"
+ test -f $DROPBEAR_RSAKEY && KEY_ARGS="$KEY_ARGS -r $DROPBEAR_RSAKEY"
+ start-stop-daemon -S \
+ -x "$DAEMON" -- $KEY_ARGS \
+ -p "$DROPBEAR_PORT" $DROPBEAR_EXTRA_ARGS
+ echo "$NAME."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/recipes/dropbear/dropbear/openmoko/default b/recipes/dropbear/dropbear/openmoko/default
new file mode 100644
index 0000000000..19816b32a6
--- /dev/null
+++ b/recipes/dropbear/dropbear/openmoko/default
@@ -0,0 +1 @@
+DROPBEAR_PORT=`ip addr list usb0 | awk 'BEGIN { FS="[ /]+" } /inet / { print $3 }'`:22
diff --git a/recipes/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch b/recipes/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
new file mode 100644
index 0000000000..e2b1dd5da5
--- /dev/null
+++ b/recipes/dropbear/dropbear/urandom-xauth-changes-to-options.h.patch
@@ -0,0 +1,21 @@
+diff -Nurd dropbear-0.45/options.h dropbear-0.45.patched/options.h
+--- dropbear-0.45/options.h 2005-03-06 20:27:02.000000000 -0800
++++ dropbear-0.45.patched/options.h 2005-03-08 15:25:09.368742090 -0800
+@@ -143,7 +143,7 @@
+ * however significantly reduce the security of your ssh connections
+ * if the PRNG state becomes guessable - make sure you know what you are
+ * doing if you change this. */
+-#define DROPBEAR_RANDOM_DEV "/dev/random"
++#define DROPBEAR_RANDOM_DEV "/dev/urandom"
+
+ /* prngd must be manually set up to produce output */
+ /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/
+@@ -167,7 +167,7 @@
+ /* The command to invoke for xauth when using X11 forwarding.
+ * "-q" for quiet */
+ #ifndef XAUTH_COMMAND
+-#define XAUTH_COMMAND "/usr/X11R6/bin/xauth -q"
++#define XAUTH_COMMAND "xauth -q"
+ #endif
+
+ /* if you want to enable running an sftp server (such as the one included with
diff --git a/recipes/dropbear/dropbear_0.49.bb b/recipes/dropbear/dropbear_0.49.bb
new file mode 100644
index 0000000000..bf2f2add60
--- /dev/null
+++ b/recipes/dropbear/dropbear_0.49.bb
@@ -0,0 +1,5 @@
+require dropbear.inc
+
+PR = "r2"
+
+SRC_URI += "file://scp-argument-fix.patch;patch=1"
diff --git a/recipes/dropbear/dropbear_0.51.bb b/recipes/dropbear/dropbear_0.51.bb
new file mode 100644
index 0000000000..2566fbbd9b
--- /dev/null
+++ b/recipes/dropbear/dropbear_0.51.bb
@@ -0,0 +1,4 @@
+require dropbear.inc
+PR = "r1.01"
+
+SRC_URI += "file://no-host-lookup.patch;patch=1"
diff --git a/recipes/dropbear/dropbear_0.52.bb b/recipes/dropbear/dropbear_0.52.bb
new file mode 100644
index 0000000000..6b2517b69a
--- /dev/null
+++ b/recipes/dropbear/dropbear_0.52.bb
@@ -0,0 +1,7 @@
+require dropbear.inc
+PR = "r0"
+
+SRC_URI += "file://no-host-lookup.patch;patch=1"
+
+DEFAULT_PREFERENCE = "-1"
+