fishHEADmaster

34 files changed, 1683 insertions, 0 deletions

diff --git a/package/network/services/dropbear/.svn/entries b/package/network/services/dropbear/.svn/entries
new file mode 100644
index 0000000..e3f2362
--- /dev/null
+++ b/package/network/services/dropbear/.svn/entries
@@ -0,0 +1,68 @@
+10
+
+dir
+36060
+svn://svn.openwrt.org/openwrt/trunk/package/network/services/dropbear
+svn://svn.openwrt.org/openwrt
+
+
+
+2012-12-22T18:56:13.427662Z
+34867
+nbd
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+3c298f89-4303-0410-b956-a3cf2f4a3e73
+
+files
+dir
+
+patches
+dir
+
+Makefile
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+89a8ed8bbc66e59523f7a3e140097543
+2012-12-04T16:40:17.503431Z
+34496
+florian
+has-props
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+2913
+
diff --git a/package/network/services/dropbear/.svn/prop-base/Makefile.svn-base b/package/network/services/dropbear/.svn/prop-base/Makefile.svn-base
new file mode 100644
index 0000000..8e522ae
--- /dev/null
+++ b/package/network/services/dropbear/.svn/prop-base/Makefile.svn-base
@@ -0,0 +1,9 @@
+K 13
+svn:copyright
+V 30
+Copyright (C) 2006 OpenWrt.org
+K 13
+svn:eol-style
+V 6
+native
+END
diff --git a/package/network/services/dropbear/.svn/text-base/Makefile.svn-base b/package/network/services/dropbear/.svn/text-base/Makefile.svn-base
new file mode 100644
index 0000000..b7708b1
--- /dev/null
+++ b/package/network/services/dropbear/.svn/text-base/Makefile.svn-base
@@ -0,0 +1,109 @@
+#
+# Copyright (C) 2006-2012 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dropbear
+PKG_VERSION:=2012.55
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:= \
+	http://matt.ucc.asn.au/dropbear/releases/ \
+	http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/
+PKG_MD5SUM:=8c784baec3054cdb1bb4bfa792c87812
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dropbear/Default
+  URL:=http://matt.ucc.asn.au/dropbear/
+endef
+
+define Package/dropbear
+  $(call Package/dropbear/Default)
+  SECTION:=net
+  CATEGORY:=Base system
+  TITLE:=Small SSH2 client/server
+endef
+
+define Package/dropbear/description
+ A small SSH2 server/client designed for small memory environments.
+endef
+
+define Package/dropbear/conffiles
+/etc/dropbear/dropbear_rsa_host_key
+/etc/dropbear/dropbear_dss_host_key 
+/etc/config/dropbear 
+endef
+
+define Package/dropbearconvert
+  $(call Package/dropbear/Default)
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Utility for converting SSH keys
+endef
+
+CONFIGURE_ARGS += \
+	--with-shared \
+	--disable-pam \
+	--enable-openpty \
+	--enable-syslog \
+	$(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \
+	--disable-lastlog \
+	--disable-utmp \
+	--disable-utmpx \
+	--disable-wtmp \
+	--disable-wtmpx \
+	--disable-loginfunc \
+	--disable-pututline \
+	--disable-pututxline \
+	--disable-zlib \
+	--enable-bundled-libtom
+
+TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		$(TARGET_CONFIGURE_OPTS) \
+		PROGRAMS="dropbear dbclient dropbearkey scp" \
+		MULTI=1 SCPPROGRESS=1
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		$(TARGET_CONFIGURE_OPTS) \
+		PROGRAMS="dropbearconvert"
+endef
+
+define Package/dropbear/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearmulti $(1)/usr/sbin/dropbear
+	$(INSTALL_DIR) $(1)/usr/bin
+	ln -sf ../sbin/dropbear $(1)/usr/bin/scp
+	ln -sf ../sbin/dropbear $(1)/usr/bin/ssh
+	ln -sf ../sbin/dropbear $(1)/usr/bin/dbclient
+	ln -sf ../sbin/dropbear $(1)/usr/bin/dropbearkey
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) ./files/dropbear.config $(1)/etc/config/dropbear
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear
+	$(INSTALL_DIR) $(1)/usr/lib/opkg/info
+	$(INSTALL_DIR) $(1)/etc/dropbear
+	touch $(1)/etc/dropbear/dropbear_rsa_host_key
+	touch $(1)/etc/dropbear/dropbear_dss_host_key
+endef
+
+define Package/dropbearconvert/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearconvert $(1)/usr/bin/dropbearconvert
+endef
+
+$(eval $(call BuildPackage,dropbear))
+$(eval $(call BuildPackage,dropbearconvert))
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
new file mode 100644
index 0000000..b7708b1
--- /dev/null
+++ b/package/network/services/dropbear/Makefile
@@ -0,0 +1,109 @@
+#
+# Copyright (C) 2006-2012 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=dropbear
+PKG_VERSION:=2012.55
+PKG_RELEASE:=2
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
+PKG_SOURCE_URL:= \
+	http://matt.ucc.asn.au/dropbear/releases/ \
+	http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/
+PKG_MD5SUM:=8c784baec3054cdb1bb4bfa792c87812
+
+PKG_LICENSE:=MIT
+PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE
+
+PKG_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/dropbear/Default
+  URL:=http://matt.ucc.asn.au/dropbear/
+endef
+
+define Package/dropbear
+  $(call Package/dropbear/Default)
+  SECTION:=net
+  CATEGORY:=Base system
+  TITLE:=Small SSH2 client/server
+endef
+
+define Package/dropbear/description
+ A small SSH2 server/client designed for small memory environments.
+endef
+
+define Package/dropbear/conffiles
+/etc/dropbear/dropbear_rsa_host_key
+/etc/dropbear/dropbear_dss_host_key 
+/etc/config/dropbear 
+endef
+
+define Package/dropbearconvert
+  $(call Package/dropbear/Default)
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Utility for converting SSH keys
+endef
+
+CONFIGURE_ARGS += \
+	--with-shared \
+	--disable-pam \
+	--enable-openpty \
+	--enable-syslog \
+	$(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \
+	--disable-lastlog \
+	--disable-utmp \
+	--disable-utmpx \
+	--disable-wtmp \
+	--disable-wtmpx \
+	--disable-loginfunc \
+	--disable-pututline \
+	--disable-pututxline \
+	--disable-zlib \
+	--enable-bundled-libtom
+
+TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+define Build/Compile
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		$(TARGET_CONFIGURE_OPTS) \
+		PROGRAMS="dropbear dbclient dropbearkey scp" \
+		MULTI=1 SCPPROGRESS=1
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		$(TARGET_CONFIGURE_OPTS) \
+		PROGRAMS="dropbearconvert"
+endef
+
+define Package/dropbear/install
+	$(INSTALL_DIR) $(1)/usr/sbin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearmulti $(1)/usr/sbin/dropbear
+	$(INSTALL_DIR) $(1)/usr/bin
+	ln -sf ../sbin/dropbear $(1)/usr/bin/scp
+	ln -sf ../sbin/dropbear $(1)/usr/bin/ssh
+	ln -sf ../sbin/dropbear $(1)/usr/bin/dbclient
+	ln -sf ../sbin/dropbear $(1)/usr/bin/dropbearkey
+	$(INSTALL_DIR) $(1)/etc/config
+	$(INSTALL_DATA) ./files/dropbear.config $(1)/etc/config/dropbear
+	$(INSTALL_DIR) $(1)/etc/init.d
+	$(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear
+	$(INSTALL_DIR) $(1)/usr/lib/opkg/info
+	$(INSTALL_DIR) $(1)/etc/dropbear
+	touch $(1)/etc/dropbear/dropbear_rsa_host_key
+	touch $(1)/etc/dropbear/dropbear_dss_host_key
+endef
+
+define Package/dropbearconvert/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearconvert $(1)/usr/bin/dropbearconvert
+endef
+
+$(eval $(call BuildPackage,dropbear))
+$(eval $(call BuildPackage,dropbearconvert))
diff --git a/package/network/services/dropbear/files/.svn/entries b/package/network/services/dropbear/files/.svn/entries
new file mode 100644
index 0000000..e6f6c66
--- /dev/null
+++ b/package/network/services/dropbear/files/.svn/entries
@@ -0,0 +1,96 @@
+10
+
+dir
+36060
+svn://svn.openwrt.org/openwrt/trunk/package/network/services/dropbear/files
+svn://svn.openwrt.org/openwrt
+
+
+
+2012-12-22T18:56:13.427662Z
+34867
+nbd
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+3c298f89-4303-0410-b956-a3cf2f4a3e73
+
+dropbear.init
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+2d44624a881b1c20cc18e6ff8d3a5cec
+2012-12-22T18:56:13.427662Z
+34867
+nbd
+has-props
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+4061
+
+dropbear.config
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+4ff9c827d4f95ca5082a5520c03e1419
+2010-07-27T03:36:27.330805Z
+22394
+cshore
+has-props
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+134
+
diff --git a/package/network/services/dropbear/files/.svn/prop-base/dropbear.config.svn-base b/package/network/services/dropbear/files/.svn/prop-base/dropbear.config.svn-base
new file mode 100644
index 0000000..bdbd305
--- /dev/null
+++ b/package/network/services/dropbear/files/.svn/prop-base/dropbear.config.svn-base
@@ -0,0 +1,5 @@
+K 13
+svn:eol-style
+V 6
+native
+END
diff --git a/package/network/services/dropbear/files/.svn/prop-base/dropbear.init.svn-base b/package/network/services/dropbear/files/.svn/prop-base/dropbear.init.svn-base
new file mode 100644
index 0000000..03b5bfa
--- /dev/null
+++ b/package/network/services/dropbear/files/.svn/prop-base/dropbear.init.svn-base
@@ -0,0 +1,9 @@
+K 13
+svn:eol-style
+V 6
+native
+K 14
+svn:executable
+V 1
+*
+END
diff --git a/package/network/services/dropbear/files/.svn/text-base/dropbear.config.svn-base b/package/network/services/dropbear/files/.svn/text-base/dropbear.config.svn-base
new file mode 100644
index 0000000..2139ba0
--- /dev/null
+++ b/package/network/services/dropbear/files/.svn/text-base/dropbear.config.svn-base
@@ -0,0 +1,5 @@
+config dropbear
+	option PasswordAuth 'on'
+	option RootPasswordAuth 'on'
+	option Port         '22'
+#	option BannerFile   '/etc/banner'
diff --git a/package/network/services/dropbear/files/.svn/text-base/dropbear.init.svn-base b/package/network/services/dropbear/files/.svn/text-base/dropbear.init.svn-base
new file mode 100644
index 0000000..66ed8b9
--- /dev/null
+++ b/package/network/services/dropbear/files/.svn/text-base/dropbear.init.svn-base
@@ -0,0 +1,176 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2010 OpenWrt.org
+# Copyright (C) 2006 Carlos Sobrinho
+
+START=50
+STOP=50
+
+USE_PROCD=1
+
+NAME=dropbear
+PROG=/usr/sbin/dropbear
+PIDCOUNT=0
+EXTRA_COMMANDS="killclients"
+EXTRA_HELP="	killclients Kill ${NAME} processes except servers and yourself"
+
+dropbear_instance()
+{
+	append_ports()
+	{
+		local ifname="$1"
+		local port="$2"
+
+		grep -qs "^ *$ifname:" /proc/net/dev || {
+			procd_append_param command -p "$port"
+			return
+		}
+
+		for addr in $(
+			ifconfig "$ifname" | sed -ne '
+				/addr: *fe[89ab][0-9a-f]:/d
+				s/.* addr: *\([0-9a-f:\.]*\).*/\1/p
+			'
+		); do
+			procd_append_param command -p "$addr:$port"
+		done
+	}
+
+
+	local section="$1"
+
+	# check if section is enabled (default)
+	local enabled
+	config_get_bool enabled "${section}" enable 1
+	[ "${enabled}" -eq 0 ] && return 1
+
+	# increase pid file count to handle multiple instances correctly
+	PIDCOUNT="$(( ${PIDCOUNT} + 1))"
+
+	local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
+
+	procd_open_instance
+	procd_set_param command "$PROG" -F -P "$pid_file"
+
+	# prepare parameters (initialise with pid file)
+	local val
+
+	# A) password authentication
+	config_get_bool val "${section}" PasswordAuth 1
+	[ "${val}" -eq 0 ] && procd_append_param command -s
+
+	# B) listen interface and port
+	local port
+	local interface
+	config_get interface "${section}" Interface
+	[ -n "$interface" ] && network_get_device interface "$interface"
+	config_get port "${section}" Port 22
+	append_ports "$interface" "$port"
+	# C) banner file
+	config_get val "${section}" BannerFile
+	[ -f "${val}" ] && procd_append_param command -b "${val}"
+	# D) gatewayports
+	config_get_bool val "${section}" GatewayPorts 0
+	[ "${val}" -eq 1 ] && procd_append_param command -a
+	# E) root password authentication
+	config_get_bool val "${section}" RootPasswordAuth 1
+	[ "${val}" -eq 0 ] && procd_append_param command -g
+	# F) root login
+	config_get_bool val "${section}" RootLogin 1
+	[ "${val}" -eq 0 ] && procd_append_param command -w
+	# G) host keys
+	config_get val "${section}" rsakeyfile
+	[ -f "${val}" ] && procd_append_param command -r "${val}"
+	config_get val "${section}" dsskeyfile
+	[ -f "${val}" ] && procd_append_param command -d "${val}"
+
+	procd_close_instance
+}
+
+keygen()
+{
+	for keytype in rsa dss; do
+		# check for keys
+		key=dropbear/dropbear_${keytype}_host_key
+		[ -f /tmp/$key -o -s /etc/$key ] || {
+			# generate missing keys
+			mkdir -p /tmp/dropbear
+			[ -x /usr/bin/dropbearkey ] && {
+				/usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
+			} &
+		exit 0
+		}
+	done
+
+	lock /tmp/.switch2jffs
+	mkdir -p /etc/dropbear
+	mv /tmp/dropbear/dropbear_* /etc/dropbear/
+	lock -u /tmp/.switch2jffs
+	chown root /etc/dropbear
+	chmod 0700 /etc/dropbear
+}
+
+start_service()
+{
+	[ -s /etc/dropbear/dropbear_rsa_host_key -a \
+	  -s /etc/dropbear/dropbear_dss_host_key ] || keygen
+
+	. /lib/functions.sh
+	. /lib/functions/network.sh
+
+	config_load "${NAME}"
+	config_foreach dropbear_instance dropbear
+}
+
+killclients()
+{
+	local ignore=''
+	local server
+	local pid
+
+	# if this script is run from inside a client session, then ignore that session
+	pid="$$"
+	while [ "${pid}" -ne 0 ]
+	 do
+		# get parent process id
+		pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
+		[ "${pid}" -eq 0 ] && break
+
+		# check if client connection
+		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
+			append ignore "${pid}"
+			break
+		}
+	done
+
+	# get all server pids that should be ignored
+	for server in `cat /var/run/${NAME}.*.pid`
+	 do
+		append ignore "${server}"
+	done
+
+	# get all running pids and kill client connections
+	local skip
+	for pid in `pidof "${NAME}"`
+	 do
+		# check if correct program, otherwise process next pid
+		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
+			continue
+		}
+
+		# check if pid should be ignored (servers, ourself)
+		skip=0
+		for server in ${ignore}
+		 do
+			if [ "${pid}" == "${server}" ]
+			 then
+				skip=1
+				break
+			fi
+		done
+		[ "${skip}" -ne 0 ] && continue
+
+		# kill process
+		echo "${initscript}: Killing ${pid}..."
+		kill -KILL ${pid}
+	done
+}
diff --git a/package/network/services/dropbear/files/dropbear.config b/package/network/services/dropbear/files/dropbear.config
new file mode 100644
index 0000000..2139ba0
--- /dev/null
+++ b/package/network/services/dropbear/files/dropbear.config
@@ -0,0 +1,5 @@
+config dropbear
+	option PasswordAuth 'on'
+	option RootPasswordAuth 'on'
+	option Port         '22'
+#	option BannerFile   '/etc/banner'
diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init
new file mode 100755
index 0000000..66ed8b9
--- /dev/null
+++ b/package/network/services/dropbear/files/dropbear.init
@@ -0,0 +1,176 @@
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2006-2010 OpenWrt.org
+# Copyright (C) 2006 Carlos Sobrinho
+
+START=50
+STOP=50
+
+USE_PROCD=1
+
+NAME=dropbear
+PROG=/usr/sbin/dropbear
+PIDCOUNT=0
+EXTRA_COMMANDS="killclients"
+EXTRA_HELP="	killclients Kill ${NAME} processes except servers and yourself"
+
+dropbear_instance()
+{
+	append_ports()
+	{
+		local ifname="$1"
+		local port="$2"
+
+		grep -qs "^ *$ifname:" /proc/net/dev || {
+			procd_append_param command -p "$port"
+			return
+		}
+
+		for addr in $(
+			ifconfig "$ifname" | sed -ne '
+				/addr: *fe[89ab][0-9a-f]:/d
+				s/.* addr: *\([0-9a-f:\.]*\).*/\1/p
+			'
+		); do
+			procd_append_param command -p "$addr:$port"
+		done
+	}
+
+
+	local section="$1"
+
+	# check if section is enabled (default)
+	local enabled
+	config_get_bool enabled "${section}" enable 1
+	[ "${enabled}" -eq 0 ] && return 1
+
+	# increase pid file count to handle multiple instances correctly
+	PIDCOUNT="$(( ${PIDCOUNT} + 1))"
+
+	local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid"
+
+	procd_open_instance
+	procd_set_param command "$PROG" -F -P "$pid_file"
+
+	# prepare parameters (initialise with pid file)
+	local val
+
+	# A) password authentication
+	config_get_bool val "${section}" PasswordAuth 1
+	[ "${val}" -eq 0 ] && procd_append_param command -s
+
+	# B) listen interface and port
+	local port
+	local interface
+	config_get interface "${section}" Interface
+	[ -n "$interface" ] && network_get_device interface "$interface"
+	config_get port "${section}" Port 22
+	append_ports "$interface" "$port"
+	# C) banner file
+	config_get val "${section}" BannerFile
+	[ -f "${val}" ] && procd_append_param command -b "${val}"
+	# D) gatewayports
+	config_get_bool val "${section}" GatewayPorts 0
+	[ "${val}" -eq 1 ] && procd_append_param command -a
+	# E) root password authentication
+	config_get_bool val "${section}" RootPasswordAuth 1
+	[ "${val}" -eq 0 ] && procd_append_param command -g
+	# F) root login
+	config_get_bool val "${section}" RootLogin 1
+	[ "${val}" -eq 0 ] && procd_append_param command -w
+	# G) host keys
+	config_get val "${section}" rsakeyfile
+	[ -f "${val}" ] && procd_append_param command -r "${val}"
+	config_get val "${section}" dsskeyfile
+	[ -f "${val}" ] && procd_append_param command -d "${val}"
+
+	procd_close_instance
+}
+
+keygen()
+{
+	for keytype in rsa dss; do
+		# check for keys
+		key=dropbear/dropbear_${keytype}_host_key
+		[ -f /tmp/$key -o -s /etc/$key ] || {
+			# generate missing keys
+			mkdir -p /tmp/dropbear
+			[ -x /usr/bin/dropbearkey ] && {
+				/usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start
+			} &
+		exit 0
+		}
+	done
+
+	lock /tmp/.switch2jffs
+	mkdir -p /etc/dropbear
+	mv /tmp/dropbear/dropbear_* /etc/dropbear/
+	lock -u /tmp/.switch2jffs
+	chown root /etc/dropbear
+	chmod 0700 /etc/dropbear
+}
+
+start_service()
+{
+	[ -s /etc/dropbear/dropbear_rsa_host_key -a \
+	  -s /etc/dropbear/dropbear_dss_host_key ] || keygen
+
+	. /lib/functions.sh
+	. /lib/functions/network.sh
+
+	config_load "${NAME}"
+	config_foreach dropbear_instance dropbear
+}
+
+killclients()
+{
+	local ignore=''
+	local server
+	local pid
+
+	# if this script is run from inside a client session, then ignore that session
+	pid="$$"
+	while [ "${pid}" -ne 0 ]
+	 do
+		# get parent process id
+		pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"`
+		[ "${pid}" -eq 0 ] && break
+
+		# check if client connection
+		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && {
+			append ignore "${pid}"
+			break
+		}
+	done
+
+	# get all server pids that should be ignored
+	for server in `cat /var/run/${NAME}.*.pid`
+	 do
+		append ignore "${server}"
+	done
+
+	# get all running pids and kill client connections
+	local skip
+	for pid in `pidof "${NAME}"`
+	 do
+		# check if correct program, otherwise process next pid
+		grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || {
+			continue
+		}
+
+		# check if pid should be ignored (servers, ourself)
+		skip=0
+		for server in ${ignore}
+		 do
+			if [ "${pid}" == "${server}" ]
+			 then
+				skip=1
+				break
+			fi
+		done
+		[ "${skip}" -ne 0 ] && continue
+
+		# kill process
+		echo "${initscript}: Killing ${pid}..."
+		kill -KILL ${pid}
+	done
+}
diff --git a/package/network/services/dropbear/patches/.svn/entries b/package/network/services/dropbear/patches/.svn/entries
new file mode 100644
index 0000000..4ed7e24
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/entries
@@ -0,0 +1,334 @@
+10
+
+dir
+36060
+svn://svn.openwrt.org/openwrt/trunk/package/network/services/dropbear/patches
+svn://svn.openwrt.org/openwrt
+
+
+
+2012-12-04T16:40:17.503431Z
+34496
+florian
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+3c298f89-4303-0410-b956-a3cf2f4a3e73
+
+150-dbconvert_standalone.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+490bc116a67cb88d34a52e7c001d0d5b
+2010-03-26T14:28:14.286264Z
+20460
+juhosg
+has-props
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+428
+
+110-change_user.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+548064938765048619a9b2dc51e528f2
+2012-12-04T16:40:17.503431Z
+34496
+florian
+has-props
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+650
+
+130-ssh_ignore_o_and_x_args.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+d2d006c283731c07f60a744fec073059
+2011-03-02T14:20:51.200331Z
+25830
+kaloz
+has-props
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+436
+
+140-disable_assert.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+b3f0c44716e9012c0ee2dcdb77398cb2
+2012-12-04T16:40:17.503431Z
+34496
+florian
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+492
+
+100-pubkey_path.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+2801ed1078c9b1e4cc3125dc59d46b80
+2010-03-26T14:28:14.286264Z
+20460
+juhosg
+has-props
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+2688
+
+120-openwrt_options.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+509184b0f5878fe1126e47181606aec8
+2012-12-04T16:40:17.503431Z
+34496
+florian
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+2625
+
+500-set-default-path.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+4af5dda35dadf543cc6eac9e13900c83
+2012-07-05T16:44:05.821154Z
+32620
+jow
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+381
+
+200-lcrypt_bsdfix.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+247abfb50081f54104be13a60c8bf83d
+2011-11-27T05:30:40.263917Z
+29340
+nbd
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+1001
+
+300-ipv6_addr_port_split.patch
+file
+
+
+
+
+2013-03-17T12:13:19.000000Z
+adb6edd1738c0e03f247ab1d08feda24
+2011-07-31T12:05:54.493748Z
+27843
+jow
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+425
+
diff --git a/package/network/services/dropbear/patches/.svn/prop-base/100-pubkey_path.patch.svn-base b/package/network/services/dropbear/patches/.svn/prop-base/100-pubkey_path.patch.svn-base
new file mode 100644
index 0000000..bdbd305
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/prop-base/100-pubkey_path.patch.svn-base
@@ -0,0 +1,5 @@
+K 13
+svn:eol-style
+V 6
+native
+END
diff --git a/package/network/services/dropbear/patches/.svn/prop-base/110-change_user.patch.svn-base b/package/network/services/dropbear/patches/.svn/prop-base/110-change_user.patch.svn-base
new file mode 100644
index 0000000..bdbd305
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/prop-base/110-change_user.patch.svn-base
@@ -0,0 +1,5 @@
+K 13
+svn:eol-style
+V 6
+native
+END
diff --git a/package/network/services/dropbear/patches/.svn/prop-base/130-ssh_ignore_o_and_x_args.patch.svn-base b/package/network/services/dropbear/patches/.svn/prop-base/130-ssh_ignore_o_and_x_args.patch.svn-base
new file mode 100644
index 0000000..bdbd305
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/prop-base/130-ssh_ignore_o_and_x_args.patch.svn-base
@@ -0,0 +1,5 @@
+K 13
+svn:eol-style
+V 6
+native
+END
diff --git a/package/network/services/dropbear/patches/.svn/prop-base/150-dbconvert_standalone.patch.svn-base b/package/network/services/dropbear/patches/.svn/prop-base/150-dbconvert_standalone.patch.svn-base
new file mode 100644
index 0000000..bdbd305
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/prop-base/150-dbconvert_standalone.patch.svn-base
@@ -0,0 +1,5 @@
+K 13
+svn:eol-style
+V 6
+native
+END
diff --git a/package/network/services/dropbear/patches/.svn/text-base/100-pubkey_path.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/100-pubkey_path.patch.svn-base
new file mode 100644
index 0000000..c1802f5
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/100-pubkey_path.patch.svn-base
@@ -0,0 +1,91 @@
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+ 		goto out;
+ 	}
+ 
+-	/* we don't need to check pw and pw_dir for validity, since
+-	 * its been done in checkpubkeyperms. */
+-	len = strlen(ses.authstate.pw_dir);
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
+-				ses.authstate.pw_dir);
+-
+-	/* open the file */
+-	authfile = fopen(filename, "r");
++	if (ses.authstate.pw_uid != 0) {
++		/* we don't need to check pw and pw_dir for validity, since
++		 * its been done in checkpubkeyperms. */
++		len = strlen(ses.authstate.pw_dir);
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
++		         ses.authstate.pw_dir);
++
++		/* open the file */
++		authfile = fopen(filename, "r");
++	} else {
++		authfile = fopen("/etc/dropbear/authorized_keys","r");
++	}
+ 	if (authfile == NULL) {
+ 		goto out;
+ 	}
+@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
+ 		goto out;
+ 	}
+ 
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	strncpy(filename, ses.authstate.pw_dir, len+1);
+-
+-	/* check ~ */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* check ~/.ssh */
+-	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* now check ~/.ssh/authorized_keys */
+-	strncat(filename, "/authorized_keys", 16);
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
++	if (ses.authstate.pw_uid == 0) {
++		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++	} else {
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		strncpy(filename, ses.authstate.pw_dir, len+1);
++
++		/* check ~ */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* check ~/.ssh */
++		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* now check ~/.ssh/authorized_keys */
++		strncat(filename, "/authorized_keys", 16);
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
+ 	}
+ 
+ 	/* file looks ok, return success */
diff --git a/package/network/services/dropbear/patches/.svn/text-base/110-change_user.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/110-change_user.patch.svn-base
new file mode 100644
index 0000000..a354eda
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/110-change_user.patch.svn-base
@@ -0,0 +1,18 @@
+--- a/svr-chansession.c
++++ b/svr-chansession.c
+@@ -891,12 +891,12 @@ static void execchild(void *user_data) {
+ 	/* We can only change uid/gid as root ... */
+ 	if (getuid() == 0) {
+ 
+-		if ((setgid(ses.authstate.pw_gid) < 0) ||
++		if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
+ 			(initgroups(ses.authstate.pw_name, 
+-						ses.authstate.pw_gid) < 0)) {
++						ses.authstate.pw_gid) < 0))) {
+ 			dropbear_exit("Error changing user group");
+ 		}
+-		if (setuid(ses.authstate.pw_uid) < 0) {
++		if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
+ 			dropbear_exit("Error changing user");
+ 		}
+ 	} else {
diff --git a/package/network/services/dropbear/patches/.svn/text-base/120-openwrt_options.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/120-openwrt_options.patch.svn-base
new file mode 100644
index 0000000..977f631
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/120-openwrt_options.patch.svn-base
@@ -0,0 +1,72 @@
+--- a/options.h
++++ b/options.h
+@@ -38,7 +38,7 @@
+  * Both of these flags can be defined at once, don't compile without at least
+  * one of them. */
+ #define NON_INETD_MODE
+-#define INETD_MODE
++/*#define INETD_MODE*/
+ 
+ /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
+  * perhaps 20% slower for pubkey operations (it is probably worth experimenting
+@@ -49,7 +49,7 @@
+ several kB in binary size however will make the symmetrical ciphers and hashes
+ slower, perhaps by 50%. Recommended for small systems that aren't doing
+ much traffic. */
+-/*#define DROPBEAR_SMALL_CODE*/
++#define DROPBEAR_SMALL_CODE
+ 
+ /* Enable X11 Forwarding - server only */
+ #define ENABLE_X11FWD
+@@ -78,7 +78,7 @@ much traffic. */
+ 
+ /* Enable "Netcat mode" option. This will forward standard input/output
+  * to a remote TCP-forwarded connection */
+-#define ENABLE_CLI_NETCAT
++/*#define ENABLE_CLI_NETCAT*/
+ 
+ /* Encryption - at least one required.
+  * Protocol RFC requires 3DES and recommends AES128 for interoperability.
+@@ -89,8 +89,8 @@ much traffic. */
+ #define DROPBEAR_AES256
+ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+ /*#define DROPBEAR_BLOWFISH*/
+-#define DROPBEAR_TWOFISH256
+-#define DROPBEAR_TWOFISH128
++/*#define DROPBEAR_TWOFISH256
++#define DROPBEAR_TWOFISH128*/
+ 
+ /* Enable "Counter Mode" for ciphers. This is more secure than normal
+  * CBC mode against certain attacks. This adds around 1kB to binary 
+@@ -110,7 +110,7 @@ much traffic. */
+  * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
+  * which are not the standard form. */
+ #define DROPBEAR_SHA1_HMAC
+-#define DROPBEAR_SHA1_96_HMAC
++/*#define DROPBEAR_SHA1_96_HMAC*/
+ #define DROPBEAR_MD5_HMAC
+ 
+ /* Hostkey/public key algorithms - at least one required, these are used
+@@ -144,11 +144,11 @@ much traffic. */
+ #endif
+ 
+ /* Whether to do reverse DNS lookups. */
+-#define DO_HOST_LOOKUP
++/*#define DO_HOST_LOOKUP*/
+ 
+ /* Whether to print the message of the day (MOTD). This doesn't add much code
+  * size */
+-#define DO_MOTD
++/*#define DO_MOTD*/
+ 
+ /* The MOTD file path */
+ #ifndef MOTD_FILENAME
+@@ -192,7 +192,7 @@ much traffic. */
+  * note that it will be provided for all "hidden" client-interactive
+  * style prompts - if you want something more sophisticated, use 
+  * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
+-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
++/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/
+ 
+ /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
+  * a helper program for the ssh client. The helper program should be
diff --git a/package/network/services/dropbear/patches/.svn/text-base/130-ssh_ignore_o_and_x_args.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/130-ssh_ignore_o_and_x_args.patch.svn-base
new file mode 100644
index 0000000..93647a9
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/130-ssh_ignore_o_and_x_args.patch.svn-base
@@ -0,0 +1,21 @@
+--- a/cli-runopts.c
++++ b/cli-runopts.c
+@@ -287,6 +287,10 @@ void cli_getopts(int argc, char ** argv)
+ 					debug_trace = 1;
+ 					break;
+ #endif
++				case 'o':
++					next = &dummy;
++				case 'x':
++					break;
+ 				case 'F':
+ 				case 'e':
+ 				case 'c':
+@@ -298,7 +302,6 @@ void cli_getopts(int argc, char ** argv)
+ #ifndef ENABLE_CLI_LOCALTCPFWD
+ 				case 'L':
+ #endif
+-				case 'o':
+ 				case 'b':
+ 					next = &dummy;
+ 				default:
diff --git a/package/network/services/dropbear/patches/.svn/text-base/140-disable_assert.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/140-disable_assert.patch.svn-base
new file mode 100644
index 0000000..e00184a
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/140-disable_assert.patch.svn-base
@@ -0,0 +1,14 @@
+--- a/dbutil.h
++++ b/dbutil.h
+@@ -93,6 +93,10 @@ int m_str_to_uint(const char* str, unsig
+ #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
+ 
+ /* Dropbear assertion */
+-#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
++#ifndef DROPBEAR_ASSERT_ENABLED
++#define DROPBEAR_ASSERT_ENABLED 0
++#endif
++
++#define dropbear_assert(X) do { if (DROPBEAR_ASSERT_ENABLED && !(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
+ 
+ #endif /* _DBUTIL_H_ */
diff --git a/package/network/services/dropbear/patches/.svn/text-base/150-dbconvert_standalone.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/150-dbconvert_standalone.patch.svn-base
new file mode 100644
index 0000000..3e0b008
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/150-dbconvert_standalone.patch.svn-base
@@ -0,0 +1,14 @@
+--- a/options.h
++++ b/options.h
+@@ -5,6 +5,11 @@
+ #ifndef _OPTIONS_H_
+ #define _OPTIONS_H_
+ 
++#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER)
++#define DROPBEAR_SERVER
++#define DROPBEAR_CLIENT
++#endif
++
+ /******************************************************************
+  * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
+  * parts are to allow for commandline -DDROPBEAR_XXX options etc.
diff --git a/package/network/services/dropbear/patches/.svn/text-base/200-lcrypt_bsdfix.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/200-lcrypt_bsdfix.patch.svn-base
new file mode 100644
index 0000000..57eb967
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/200-lcrypt_bsdfix.patch.svn-base
@@ -0,0 +1,29 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac
+ 		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
+ 		listener.h fake-rfc2553.h
+ 
+-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ 
++dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
+ dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
+ dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
+ dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
+@@ -77,7 +77,7 @@ STRIP=@STRIP@
+ INSTALL=@INSTALL@
+ CPPFLAGS=@CPPFLAGS@
+ CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
+-LIBS+=@LIBS@
++LIBS+=@CRYPTLIB@ @LIBS@
+ LDFLAGS=@LDFLAGS@
+ 
+ EXEEXT=@EXEEXT@
+@@ -169,7 +169,7 @@ scp: $(SCPOBJS)  $(HEADERS) Makefile
+ # multi-binary compilation.
+ MULTIOBJS=
+ ifeq ($(MULTI),1)
+-	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@ 
++	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
+ 	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
+ endif
+ 
diff --git a/package/network/services/dropbear/patches/.svn/text-base/300-ipv6_addr_port_split.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/300-ipv6_addr_port_split.patch.svn-base
new file mode 100644
index 0000000..7da435a
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/300-ipv6_addr_port_split.patch.svn-base
@@ -0,0 +1,11 @@
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -325,7 +325,7 @@ static void addportandaddress(char* spec
+ 		myspec = m_strdup(spec);
+ 
+ 		/* search for ':', that separates address and port */
+-		svr_opts.ports[svr_opts.portcount] = strchr(myspec, ':');
++		svr_opts.ports[svr_opts.portcount] = strrchr(myspec, ':');
+ 
+ 		if (svr_opts.ports[svr_opts.portcount] == NULL) {
+ 			/* no ':' -> the whole string specifies just a port */
diff --git a/package/network/services/dropbear/patches/.svn/text-base/500-set-default-path.patch.svn-base b/package/network/services/dropbear/patches/.svn/text-base/500-set-default-path.patch.svn-base
new file mode 100644
index 0000000..0bd3ffc
--- /dev/null
+++ b/package/network/services/dropbear/patches/.svn/text-base/500-set-default-path.patch.svn-base
@@ -0,0 +1,11 @@
+--- a/options.h
++++ b/options.h
+@@ -297,7 +297,7 @@ be overridden at runtime with -I. 0 disa
+ #define DEFAULT_IDLE_TIMEOUT 0
+ 
+ /* The default path. This will often get replaced by the shell */
+-#define DEFAULT_PATH "/usr/bin:/bin"
++#define DEFAULT_PATH "/bin:/sbin:/usr/bin:/usr/sbin"
+ 
+ /* Some other defines (that mostly should be left alone) are defined
+  * in sysoptions.h */
diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch
new file mode 100644
index 0000000..c1802f5
--- /dev/null
+++ b/package/network/services/dropbear/patches/100-pubkey_path.patch
@@ -0,0 +1,91 @@
+--- a/svr-authpubkey.c
++++ b/svr-authpubkey.c
+@@ -209,17 +209,21 @@ static int checkpubkey(unsigned char* al
+ 		goto out;
+ 	}
+ 
+-	/* we don't need to check pw and pw_dir for validity, since
+-	 * its been done in checkpubkeyperms. */
+-	len = strlen(ses.authstate.pw_dir);
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
+-				ses.authstate.pw_dir);
+-
+-	/* open the file */
+-	authfile = fopen(filename, "r");
++	if (ses.authstate.pw_uid != 0) {
++		/* we don't need to check pw and pw_dir for validity, since
++		 * its been done in checkpubkeyperms. */
++		len = strlen(ses.authstate.pw_dir);
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		snprintf(filename, len + 22, "%s/.ssh/authorized_keys", 
++		         ses.authstate.pw_dir);
++
++		/* open the file */
++		authfile = fopen(filename, "r");
++	} else {
++		authfile = fopen("/etc/dropbear/authorized_keys","r");
++	}
+ 	if (authfile == NULL) {
+ 		goto out;
+ 	}
+@@ -372,26 +376,35 @@ static int checkpubkeyperms() {
+ 		goto out;
+ 	}
+ 
+-	/* allocate max required pathname storage,
+-	 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
+-	filename = m_malloc(len + 22);
+-	strncpy(filename, ses.authstate.pw_dir, len+1);
+-
+-	/* check ~ */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* check ~/.ssh */
+-	strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
+-	}
+-
+-	/* now check ~/.ssh/authorized_keys */
+-	strncat(filename, "/authorized_keys", 16);
+-	if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
+-		goto out;
++	if (ses.authstate.pw_uid == 0) {
++		if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++		if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++	} else {
++		/* allocate max required pathname storage,
++		 * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */
++		filename = m_malloc(len + 22);
++		strncpy(filename, ses.authstate.pw_dir, len+1);
++
++		/* check ~ */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* check ~/.ssh */
++		strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
++
++		/* now check ~/.ssh/authorized_keys */
++		strncat(filename, "/authorized_keys", 16);
++		if (checkfileperm(filename) != DROPBEAR_SUCCESS) {
++			goto out;
++		}
+ 	}
+ 
+ 	/* file looks ok, return success */
diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch
new file mode 100644
index 0000000..a354eda
--- /dev/null
+++ b/package/network/services/dropbear/patches/110-change_user.patch
@@ -0,0 +1,18 @@
+--- a/svr-chansession.c
++++ b/svr-chansession.c
+@@ -891,12 +891,12 @@ static void execchild(void *user_data) {
+ 	/* We can only change uid/gid as root ... */
+ 	if (getuid() == 0) {
+ 
+-		if ((setgid(ses.authstate.pw_gid) < 0) ||
++		if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) ||
+ 			(initgroups(ses.authstate.pw_name, 
+-						ses.authstate.pw_gid) < 0)) {
++						ses.authstate.pw_gid) < 0))) {
+ 			dropbear_exit("Error changing user group");
+ 		}
+-		if (setuid(ses.authstate.pw_uid) < 0) {
++		if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) {
+ 			dropbear_exit("Error changing user");
+ 		}
+ 	} else {
diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch
new file mode 100644
index 0000000..977f631
--- /dev/null
+++ b/package/network/services/dropbear/patches/120-openwrt_options.patch
@@ -0,0 +1,72 @@
+--- a/options.h
++++ b/options.h
+@@ -38,7 +38,7 @@
+  * Both of these flags can be defined at once, don't compile without at least
+  * one of them. */
+ #define NON_INETD_MODE
+-#define INETD_MODE
++/*#define INETD_MODE*/
+ 
+ /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is
+  * perhaps 20% slower for pubkey operations (it is probably worth experimenting
+@@ -49,7 +49,7 @@
+ several kB in binary size however will make the symmetrical ciphers and hashes
+ slower, perhaps by 50%. Recommended for small systems that aren't doing
+ much traffic. */
+-/*#define DROPBEAR_SMALL_CODE*/
++#define DROPBEAR_SMALL_CODE
+ 
+ /* Enable X11 Forwarding - server only */
+ #define ENABLE_X11FWD
+@@ -78,7 +78,7 @@ much traffic. */
+ 
+ /* Enable "Netcat mode" option. This will forward standard input/output
+  * to a remote TCP-forwarded connection */
+-#define ENABLE_CLI_NETCAT
++/*#define ENABLE_CLI_NETCAT*/
+ 
+ /* Encryption - at least one required.
+  * Protocol RFC requires 3DES and recommends AES128 for interoperability.
+@@ -89,8 +89,8 @@ much traffic. */
+ #define DROPBEAR_AES256
+ /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */
+ /*#define DROPBEAR_BLOWFISH*/
+-#define DROPBEAR_TWOFISH256
+-#define DROPBEAR_TWOFISH128
++/*#define DROPBEAR_TWOFISH256
++#define DROPBEAR_TWOFISH128*/
+ 
+ /* Enable "Counter Mode" for ciphers. This is more secure than normal
+  * CBC mode against certain attacks. This adds around 1kB to binary 
+@@ -110,7 +110,7 @@ much traffic. */
+  * If you disable MD5, Dropbear will fall back to SHA1 fingerprints,
+  * which are not the standard form. */
+ #define DROPBEAR_SHA1_HMAC
+-#define DROPBEAR_SHA1_96_HMAC
++/*#define DROPBEAR_SHA1_96_HMAC*/
+ #define DROPBEAR_MD5_HMAC
+ 
+ /* Hostkey/public key algorithms - at least one required, these are used
+@@ -144,11 +144,11 @@ much traffic. */
+ #endif
+ 
+ /* Whether to do reverse DNS lookups. */
+-#define DO_HOST_LOOKUP
++/*#define DO_HOST_LOOKUP*/
+ 
+ /* Whether to print the message of the day (MOTD). This doesn't add much code
+  * size */
+-#define DO_MOTD
++/*#define DO_MOTD*/
+ 
+ /* The MOTD file path */
+ #ifndef MOTD_FILENAME
+@@ -192,7 +192,7 @@ much traffic. */
+  * note that it will be provided for all "hidden" client-interactive
+  * style prompts - if you want something more sophisticated, use 
+  * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/
+-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
++/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/
+ 
+ /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of
+  * a helper program for the ssh client. The helper program should be
diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch
new file mode 100644
index 0000000..93647a9
--- /dev/null
+++ b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch
@@ -0,0 +1,21 @@
+--- a/cli-runopts.c
++++ b/cli-runopts.c
+@@ -287,6 +287,10 @@ void cli_getopts(int argc, char ** argv)
+ 					debug_trace = 1;
+ 					break;
+ #endif
++				case 'o':
++					next = &dummy;
++				case 'x':
++					break;
+ 				case 'F':
+ 				case 'e':
+ 				case 'c':
+@@ -298,7 +302,6 @@ void cli_getopts(int argc, char ** argv)
+ #ifndef ENABLE_CLI_LOCALTCPFWD
+ 				case 'L':
+ #endif
+-				case 'o':
+ 				case 'b':
+ 					next = &dummy;
+ 				default:
diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch
new file mode 100644
index 0000000..e00184a
--- /dev/null
+++ b/package/network/services/dropbear/patches/140-disable_assert.patch
@@ -0,0 +1,14 @@
+--- a/dbutil.h
++++ b/dbutil.h
+@@ -93,6 +93,10 @@ int m_str_to_uint(const char* str, unsig
+ #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL}
+ 
+ /* Dropbear assertion */
+-#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
++#ifndef DROPBEAR_ASSERT_ENABLED
++#define DROPBEAR_ASSERT_ENABLED 0
++#endif
++
++#define dropbear_assert(X) do { if (DROPBEAR_ASSERT_ENABLED && !(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0)
+ 
+ #endif /* _DBUTIL_H_ */
diff --git a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch
new file mode 100644
index 0000000..3e0b008
--- /dev/null
+++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch
@@ -0,0 +1,14 @@
+--- a/options.h
++++ b/options.h
+@@ -5,6 +5,11 @@
+ #ifndef _OPTIONS_H_
+ #define _OPTIONS_H_
+ 
++#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER)
++#define DROPBEAR_SERVER
++#define DROPBEAR_CLIENT
++#endif
++
+ /******************************************************************
+  * Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif"
+  * parts are to allow for commandline -DDROPBEAR_XXX options etc.
diff --git a/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch b/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
new file mode 100644
index 0000000..57eb967
--- /dev/null
+++ b/package/network/services/dropbear/patches/200-lcrypt_bsdfix.patch
@@ -0,0 +1,29 @@
+--- a/Makefile.in
++++ b/Makefile.in
+@@ -56,7 +56,7 @@ HEADERS=options.h dbutil.h session.h pac
+ 		loginrec.h atomicio.h x11fwd.h agentfwd.h tcpfwd.h compat.h \
+ 		listener.h fake-rfc2553.h
+ 
+-dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS) @CRYPTLIB@ 
++dropbearobjs=$(COMMONOBJS) $(CLISVROBJS) $(SVROBJS)
+ dbclientobjs=$(COMMONOBJS) $(CLISVROBJS) $(CLIOBJS)
+ dropbearkeyobjs=$(COMMONOBJS) $(KEYOBJS)
+ dropbearconvertobjs=$(COMMONOBJS) $(CONVERTOBJS)
+@@ -77,7 +77,7 @@ STRIP=@STRIP@
+ INSTALL=@INSTALL@
+ CPPFLAGS=@CPPFLAGS@
+ CFLAGS+=-I. -I$(srcdir) $(CPPFLAGS) @CFLAGS@
+-LIBS+=@LIBS@
++LIBS+=@CRYPTLIB@ @LIBS@
+ LDFLAGS=@LDFLAGS@
+ 
+ EXEEXT=@EXEEXT@
+@@ -169,7 +169,7 @@ scp: $(SCPOBJS)  $(HEADERS) Makefile
+ # multi-binary compilation.
+ MULTIOBJS=
+ ifeq ($(MULTI),1)
+-	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs))) @CRYPTLIB@ 
++	MULTIOBJS=dbmulti.o $(sort $(foreach prog, $(PROGRAMS), $($(prog)objs)))
+ 	CFLAGS+=$(addprefix -DDBMULTI_, $(PROGRAMS)) -DDROPBEAR_MULTI
+ endif
+ 
diff --git a/package/network/services/dropbear/patches/300-ipv6_addr_port_split.patch b/package/network/services/dropbear/patches/300-ipv6_addr_port_split.patch
new file mode 100644
index 0000000..7da435a
--- /dev/null
+++ b/package/network/services/dropbear/patches/300-ipv6_addr_port_split.patch
@@ -0,0 +1,11 @@
+--- a/svr-runopts.c
++++ b/svr-runopts.c
+@@ -325,7 +325,7 @@ static void addportandaddress(char* spec
+ 		myspec = m_strdup(spec);
+ 
+ 		/* search for ':', that separates address and port */
+-		svr_opts.ports[svr_opts.portcount] = strchr(myspec, ':');
++		svr_opts.ports[svr_opts.portcount] = strrchr(myspec, ':');
+ 
+ 		if (svr_opts.ports[svr_opts.portcount] == NULL) {
+ 			/* no ':' -> the whole string specifies just a port */
diff --git a/package/network/services/dropbear/patches/500-set-default-path.patch b/package/network/services/dropbear/patches/500-set-default-path.patch
new file mode 100644
index 0000000..0bd3ffc
--- /dev/null
+++ b/package/network/services/dropbear/patches/500-set-default-path.patch
@@ -0,0 +1,11 @@
+--- a/options.h
++++ b/options.h
+@@ -297,7 +297,7 @@ be overridden at runtime with -I. 0 disa
+ #define DEFAULT_IDLE_TIMEOUT 0
+ 
+ /* The default path. This will often get replaced by the shell */
+-#define DEFAULT_PATH "/usr/bin:/bin"
++#define DEFAULT_PATH "/bin:/sbin:/usr/bin:/usr/sbin"
+ 
+ /* Some other defines (that mostly should be left alone) are defined
+  * in sysoptions.h */