dropbear: improve dropbear security by listening only on usb0 by default

trac #1853, originated by RuiSeabra

diff --git a/packages/dropbear/dropbear.inc b/packages/dropbear/dropbear.inc
index 31edd26..37ce47c 100644 (file)
--- a/packages/dropbear/dropbear.inc
+++ b/packages/dropbear/dropbear.inc
@@ -14,6 +14,9 @@ SRC_URI = "\
   file://allow-nopw.patch \
   file://init \
 "
+SRC_URI_append_openmoko = "\
+  file://default \
+"
 
 inherit autotools update-rc.d
 
@@ -56,6 +59,8 @@ do_install() {
                                  -e 's,/usr/bin,${bindir},g' \
                                  -e 's,/usr,${prefix},g' > ${D}${sysconfdir}/init.d/dropbear
        chmod 755 ${D}${sysconfdir}/init.d/dropbear
+       test -e ${WORKDIR}/default && \
+       install -m 0644 ${WORKDIR}/default ${D}${sysconfdir}/default/dropbear
 }
 
 pkg_postinst () {
@@ -73,3 +78,5 @@ pkg_postrm_append () {
        update-alternatives --remove ssh ${bindir}/dropbearmulti
        update-alternatives --remove scp ${bindir}/dropbearmulti
 }
+
+CONFFILES_${PN} += "${sysconfdir}/default/dropbear"

diff --git a/packages/dropbear/dropbear/openmoko/default b/packages/dropbear/dropbear/openmoko/default
new file mode 100644 (file)
index 0000000..19816b3
--- /dev/null
+++ b/packages/dropbear/dropbear/openmoko/default
@@ -0,0 +1 @@
+DROPBEAR_PORT=`ip addr list usb0 | awk 'BEGIN { FS="[ /]+" } /inet / { print  $3 }'`:22

diff --git a/packages/dropbear/dropbear_0.51.bb b/packages/dropbear/dropbear_0.51.bb
index 888819c..2566fbb 100644 (file)
--- a/packages/dropbear/dropbear_0.51.bb
+++ b/packages/dropbear/dropbear_0.51.bb
@@ -1,4 +1,4 @@
 require dropbear.inc
-PR = "r1"
+PR = "r1.01"
 
-SRC_URI += "file://no-host-lookup.patch;patch=1"
\ No newline at end of file
+SRC_URI += "file://no-host-lookup.patch;patch=1"