Hello community, here is the log from the commit of package dropbear for openSUSE:Factory checked in at 2014-08-20 10:50:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dropbear (Old) and /work/SRC/openSUSE:Factory/.dropbear.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dropbear" Changes: -------- --- /work/SRC/openSUSE:Factory/dropbear/dropbear.changes 2014-07-31 21:50:52.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.dropbear.new/dropbear.changes 2014-08-20 10:51:05.000000000 +0200 @@ -1,0 +2,14 @@ +Mon Aug 11 08:38:04 UTC 2014 - [email protected] + +- updated to upstream version 2014.65 + * Fix 2014.64 regression, server session hang on exit with scp (and probably + others), thanks to NiLuJe for tracking it down + * Fix 2014.64 regression, clock_gettime() error handling which broke on older + Linux kernels, reported by NiLuJe + * Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which + wasn't caught + * Avoid error message when trying to set QoS on proxycommand or multihop pipes + * Use /usr/bin/xauth, thanks to Mike Frysinger + * Don't exit the client if the local user entry can't be found, thanks to iquaba + +------------------------------------------------------------------- Old: ---- dropbear-2014.64.tar.bz2 New: ---- dropbear-2014.65.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dropbear.spec ++++++ --- /var/tmp/diff_new_pack.ja2NTA/_old 2014-08-20 10:51:06.000000000 +0200 +++ /var/tmp/diff_new_pack.ja2NTA/_new 2014-08-20 10:51:06.000000000 +0200 @@ -21,7 +21,7 @@ %endif Name: dropbear -Version: 2014.64 +Version: 2014.65 Release: 0 Summary: A relatively small SSH 2 server and client License: MIT ++++++ SHA1SUM.asc ++++++ --- /var/tmp/diff_new_pack.ja2NTA/_old 2014-08-20 10:51:06.000000000 +0200 +++ /var/tmp/diff_new_pack.ja2NTA/_new 2014-08-20 10:51:06.000000000 +0200 @@ -1,13 +1,13 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -f88f705e143224974a4c2f1e7faee56a11114918 CHANGES -63bbb967feb1df8bc1a7cb7d96925ed653960078 dropbear-2014.63.tar.bz2 +17758da1c3361557c5f0e78a100c8f2b81937fdc CHANGES 54e3738a4335a8dbb1e4acb29316b07f3a1fa354 dropbear-2014.64.tar.bz2 +a7b04ff3c27059477ecdd8dccef7d43f644abe46 dropbear-2014.65.tar.bz2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) -iEYEARECAAYFAlPVFogACgkQjPn4sExkf7zPzQCfSNrgesfXcO8EkY1OpBM9XcyI -2YgAn0xEhRS0xkFtNHWvc8vTNWuQr+MO -=/Tcr +iEYEARECAAYFAlPk1kUACgkQjPn4sExkf7zCtgCfccmwAJ28VDggN/lPzfXix48/ +Qp0AnjRb6dLYj4SUhjbvt6ZiIe11HUzu +=L8D3 -----END PGP SIGNATURE----- ++++++ dropbear-2014.64.tar.bz2 -> dropbear-2014.65.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/.hg_archival.txt new/dropbear-2014.65/.hg_archival.txt --- old/dropbear-2014.64/.hg_archival.txt 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/.hg_archival.txt 2014-08-08 15:40:46.000000000 +0200 @@ -1,5 +1,5 @@ repo: d7da3b1e15401eb234ec866d5eac992fc4cd5878 -node: 0d2d39957c029adb7f4327d37fe6b4900f0736d9 +node: e9579816f20ea85affc6135e87f8477992808948 branch: default -latesttag: DROPBEAR_2014.63 -latesttagdistance: 34 +latesttag: DROPBEAR_2014.64 +latesttagdistance: 12 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/.hgsigs new/dropbear-2014.65/.hgsigs --- old/dropbear-2014.64/.hgsigs 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/.hgsigs 2014-08-08 15:40:46.000000000 +0200 @@ -10,3 +10,4 @@ 9ec083a21adfcb099f21eb03704b66d14a4ba800 0 iEYEABECAAYFAlKE4JoACgkQjPn4sExkf7wLDgCghkVGwMjI138bEv+ORVzN7zIH7cEAoLckaxZc1k1aXlmlSCRlP8cuKH3o 3d1d7d151c0ce3a79da62e86463f5632fa2b144a 0 iEYEABECAAYFAlKd5AEACgkQjPn4sExkf7wzWgCfdvPEEIdlMPqcbOQMJ7b+eAyy164An2ip1lPh1eS5g26/gSfruvWBVym4 277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn +96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/.hgtags new/dropbear-2014.65/.hgtags --- old/dropbear-2014.64/.hgtags 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/.hgtags 2014-08-08 15:40:46.000000000 +0200 @@ -43,3 +43,4 @@ e894dbc015ba7ff4c3bf897ee20e28ca90c55a16 DROPBEAR_2013.61test 3d1d7d151c0ce3a79da62e86463f5632fa2b144a DROPBEAR_2013.62 2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63 +0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/CHANGES new/dropbear-2014.65/CHANGES --- old/dropbear-2014.64/CHANGES 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/CHANGES 2014-08-08 15:40:46.000000000 +0200 @@ -1,3 +1,20 @@ +2014.65 - Friday 8 August 2014 + +- Fix 2014.64 regression, server session hang on exit with scp (and probably + others), thanks to NiLuJe for tracking it down + +- Fix 2014.64 regression, clock_gettime() error handling which broke on older + Linux kernels, reported by NiLuJe + +- Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which + wasn't caught + +- Avoid error message when trying to set QoS on proxycommand or multihop pipes + +- Use /usr/bin/xauth, thanks to Mike Frysinger + +- Don't exit the client if the local user entry can't be found, thanks to iquaba + 2014.64 - Sunday 27 July 2014 - Fix compiling with ECDSA and DSS disabled diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/cli-runopts.c new/dropbear-2014.65/cli-runopts.c --- old/dropbear-2014.64/cli-runopts.c 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/cli-runopts.c 2014-08-08 15:40:46.000000000 +0200 @@ -683,11 +683,13 @@ uid = getuid(); pw = getpwuid(uid); - if (pw == NULL || pw->pw_name == NULL) { - dropbear_exit("Unknown own user"); + if (pw && pw->pw_name != NULL) { + cli_opts.own_user = m_strdup(pw->pw_name); + } else { + dropbear_log(LOG_INFO, "Warning: failed to identify current user. Trying anyway."); + cli_opts.own_user = m_strdup("unknown"); } - cli_opts.own_user = m_strdup(pw->pw_name); } #ifdef ENABLE_CLI_ANYTCPFWD diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/common-channel.c new/dropbear-2014.65/common-channel.c --- old/dropbear-2014.64/common-channel.c 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/common-channel.c 2014-08-08 15:40:46.000000000 +0200 @@ -258,6 +258,12 @@ writechannel(channel, channel->errfd, channel->extrabuf); do_check_close = 1; } + + if (ses.channel_signal_pending) { + /* SIGCHLD can change channel state for server sessions */ + do_check_close = 1; + ses.channel_signal_pending = 0; + } /* handle any channel closing etc */ if (do_check_close) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/dbutil.c new/dropbear-2014.65/dbutil.c --- old/dropbear-2014.64/dbutil.c 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/dbutil.c 2014-08-08 15:40:46.000000000 +0200 @@ -161,7 +161,7 @@ gettimeofday(&tv, NULL); va_start(param, format); - fprintf(stderr, "TRACE (%d) %d.%d: ", getpid(), tv.tv_sec, tv.tv_usec); + fprintf(stderr, "TRACE (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -183,7 +183,7 @@ gettimeofday(&tv, NULL); va_start(param, format); - fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), tv.tv_sec, tv.tv_usec); + fprintf(stderr, "TRACE2 (%d) %d.%d: ", getpid(), (int)tv.tv_sec, (int)tv.tv_usec); vfprintf(stderr, format, param); fprintf(stderr, "\n"); va_end(param); @@ -202,6 +202,9 @@ int iptos_val = 0, so_prio_val = 0, rc; + /* Don't log ENOTSOCK errors so that this can harmlessly be called + * on a client '-J' proxy pipe */ + /* set the TOS bit for either ipv4 or ipv6 */ #ifdef IPTOS_LOWDELAY if (prio == DROPBEAR_PRIO_LOWDELAY) { @@ -211,12 +214,12 @@ } #if defined(IPPROTO_IPV6) && defined(IPV6_TCLASS) rc = setsockopt(sock, IPPROTO_IPV6, IPV6_TCLASS, (void*)&iptos_val, sizeof(iptos_val)); - if (rc < 0) { + if (rc < 0 && errno != ENOTSOCK) { TRACE(("Couldn't set IPV6_TCLASS (%s)", strerror(errno))); } #endif rc = setsockopt(sock, IPPROTO_IP, IP_TOS, (void*)&iptos_val, sizeof(iptos_val)); - if (rc < 0) { + if (rc < 0 && errno != ENOTSOCK) { TRACE(("Couldn't set IP_TOS (%s)", strerror(errno))); } #endif @@ -229,7 +232,7 @@ } /* linux specific, sets QoS class. see tc-prio(8) */ rc = setsockopt(sock, SOL_SOCKET, SO_PRIORITY, (void*) &so_prio_val, sizeof(so_prio_val)); - if (rc < 0) + if (rc < 0 && errno != ENOTSOCK) dropbear_log(LOG_WARNING, "Couldn't set SO_PRIORITY (%s)", strerror(errno)); #endif @@ -945,22 +948,46 @@ return c; } -time_t monotonic_now() { - #if defined(__linux__) && defined(SYS_clock_gettime) - /* CLOCK_MONOTONIC_COARSE was added in Linux 2.6.32. Probably cheaper. */ +/* CLOCK_MONOTONIC_COARSE was added in Linux 2.6.32 but took a while to +reach userspace include headers */ #ifndef CLOCK_MONOTONIC_COARSE #define CLOCK_MONOTONIC_COARSE 6 #endif - static clockid_t clock_source = CLOCK_MONOTONIC_COARSE; +static clockid_t get_linux_clock_source() { struct timespec ts; + if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC_COARSE, &ts) == 0) { + return CLOCK_MONOTONIC_COARSE; + } - if (syscall(SYS_clock_gettime, clock_source, &ts) == EINVAL) { - clock_source = CLOCK_MONOTONIC; - syscall(SYS_clock_gettime, CLOCK_MONOTONIC, &ts); + if (syscall(SYS_clock_gettime, CLOCK_MONOTONIC, &ts) == 0) { + return CLOCK_MONOTONIC; } - return ts.tv_sec; -#elif defined(HAVE_MACH_ABSOLUTE_TIME) + return -1; +} +#endif + +time_t monotonic_now() { +#if defined(__linux__) && defined(SYS_clock_gettime) + static clockid_t clock_source = -2; + + if (clock_source == -2) { + /* First run, find out which one works. + -1 will fall back to time() */ + clock_source = get_linux_clock_source(); + } + + if (clock_source >= 0) { + struct timespec ts; + if (syscall(SYS_clock_gettime, clock_source, &ts) != 0) { + /* Intermittent clock failures should not happen */ + dropbear_exit("Clock broke"); + } + return ts.tv_sec; + } +#endif /* linux clock_gettime */ + +#if defined(HAVE_MACH_ABSOLUTE_TIME) /* OS X, see https://developer.apple.com/library/mac/qa/qa1398/_index.html */ static mach_timebase_info_data_t timebase_info; if (timebase_info.denom == 0) { @@ -968,10 +995,9 @@ } return mach_absolute_time() * timebase_info.numer / timebase_info.denom / 1e9; -#else +#endif /* osx mach_absolute_time */ + /* Fallback for everything else - this will sometimes go backwards */ return time(NULL); -#endif - } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/debian/changelog new/dropbear-2014.65/debian/changelog --- old/dropbear-2014.64/debian/changelog 2014-07-27 16:56:59.000000000 +0200 +++ new/dropbear-2014.65/debian/changelog 2014-08-08 15:40:46.000000000 +0200 @@ -1,3 +1,9 @@ +dropbear (2014.65-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston <[email protected]> Fri, 8 Aug 2014 22:54:00 +0800 + dropbear (2014.64-0.1) unstable; urgency=low * New upstream release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/options.h new/dropbear-2014.65/options.h --- old/dropbear-2014.64/options.h 2014-07-27 16:57:00.000000000 +0200 +++ new/dropbear-2014.65/options.h 2014-08-08 15:40:47.000000000 +0200 @@ -264,7 +264,7 @@ /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ #ifndef XAUTH_COMMAND -#define XAUTH_COMMAND "/usr/bin/X11/xauth -q" +#define XAUTH_COMMAND "/usr/bin/xauth -q" #endif /* if you want to enable running an sftp server (such as the one included with diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/packet.c new/dropbear-2014.65/packet.c --- old/dropbear-2014.64/packet.c 2014-07-27 16:57:00.000000000 +0200 +++ new/dropbear-2014.65/packet.c 2014-08-08 15:40:47.000000000 +0200 @@ -93,9 +93,12 @@ iov[i].iov_base = buf_getptr(writebuf, len); iov[i].iov_len = len; } + /* This may return EAGAIN. The main loop sometimes + calls write_packet() without bothering to test with select() since + it's likely to be necessary */ written = writev(ses.sock_out, iov, iov_max_count); if (written < 0) { - if (errno == EINTR) { + if (errno == EINTR || errno == EAGAIN) { m_free(iov); TRACE2(("leave write_packet: EINTR")) return; @@ -136,7 +139,7 @@ written = write(ses.sock_out, buf_getptr(writebuf, len), len); if (written < 0) { - if (errno == EINTR) { + if (errno == EINTR || errno == EAGAIN) { TRACE2(("leave writepacket: EINTR")) return; } else { @@ -255,7 +258,7 @@ ses.remoteclosed(); } if (slen < 0) { - if (errno == EINTR) { + if (errno == EINTR || errno == EAGAIN) { TRACE2(("leave read_packet_init: EINTR")) return DROPBEAR_FAILURE; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/session.h new/dropbear-2014.65/session.h --- old/dropbear-2014.64/session.h 2014-07-27 16:57:00.000000000 +0200 +++ new/dropbear-2014.65/session.h 2014-08-08 15:40:47.000000000 +0200 @@ -187,6 +187,7 @@ unsigned int chansize; /* the number of Channel*s allocated for channels */ unsigned int chancount; /* the number of Channel*s in use */ const struct ChanType **chantypes; /* The valid channel types */ + int channel_signal_pending; /* Flag set by sigchld handler */ /* TCP priority level for the main "port 22" tcp socket */ enum dropbear_prio socket_prio; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/svr-chansession.c new/dropbear-2014.65/svr-chansession.c --- old/dropbear-2014.64/svr-chansession.c 2014-07-27 16:57:00.000000000 +0200 +++ new/dropbear-2014.65/svr-chansession.c 2014-08-08 15:40:47.000000000 +0200 @@ -89,6 +89,9 @@ const int saved_errno = errno; + /* Make channel handling code look for closed channels */ + ses.channel_signal_pending = 1; + TRACE(("enter sigchld handler")) while ((pid = waitpid(-1, &status, WNOHANG)) > 0) { TRACE(("sigchld handler: pid %d", pid)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.64/sysoptions.h new/dropbear-2014.65/sysoptions.h --- old/dropbear-2014.64/sysoptions.h 2014-07-27 16:57:00.000000000 +0200 +++ new/dropbear-2014.65/sysoptions.h 2014-08-08 15:40:47.000000000 +0200 @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2014.64" +#define DROPBEAR_VERSION "2014.65" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
