diff options
Diffstat (limited to 'package/network/services')
4 files changed, 41 insertions, 1 deletions
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile index 8988e0db12..f140f36dcc 100644 --- a/package/network/services/dropbear/Makefile +++ b/package/network/services/dropbear/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear PKG_VERSION:=2015.68 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:= \ diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch index f3931b0ccc..805a0964ab 100644 --- a/package/network/services/dropbear/patches/120-openwrt_options.patch +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -18,6 +18,17 @@ /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ #define ENABLE_USER_ALGO_LIST +@@ -95,8 +95,8 @@ much traffic. */ + #define DROPBEAR_AES256 + /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ + /*#define DROPBEAR_BLOWFISH*/ +-#define DROPBEAR_TWOFISH256 +-#define DROPBEAR_TWOFISH128 ++/*#define DROPBEAR_TWOFISH256*/ ++/*#define DROPBEAR_TWOFISH128*/ + + /* Enable CBC mode for ciphers. This has security issues though + * is the most compatible with older SSH implementations */ @@ -131,9 +131,9 @@ If you test it please contact the Dropbe * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, * which are not the standard form. */ diff --git a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch new file mode 100644 index 0000000000..7c67b086bb --- /dev/null +++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch @@ -0,0 +1,11 @@ +--- a/svr-auth.c ++++ b/svr-auth.c +@@ -149,7 +149,7 @@ void recv_msg_userauth_request() { + AUTH_METHOD_NONE_LEN) == 0) { + TRACE(("recv_msg_userauth_request: 'none' request")) + if (valid_user +- && svr_opts.allowblankpass ++ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root")) + && !svr_opts.noauthpass + && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) + && ses.authstate.pw_passwd[0] == '\0') diff --git a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch new file mode 100644 index 0000000000..ee6d273344 --- /dev/null +++ b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch @@ -0,0 +1,18 @@ +--- a/svr-runopts.c ++++ b/svr-runopts.c +@@ -475,6 +475,7 @@ void load_all_hostkeys() { + m_free(hostkey_file); + } + ++ if (svr_opts.num_hostkey_files <= 0) { + #ifdef DROPBEAR_RSA + loadhostkey(RSA_PRIV_FILENAME, 0); + #endif +@@ -486,6 +487,7 @@ void load_all_hostkeys() { + #ifdef DROPBEAR_ECDSA + loadhostkey(ECDSA_PRIV_FILENAME, 0); + #endif ++ } + + #ifdef DROPBEAR_DELAY_HOSTKEY + if (svr_opts.delay_hostkey) { |