Hello community, here is the log from the commit of package dropbear for openSUSE:Factory checked in at 2014-11-02 16:46:20 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/dropbear (Old) and /work/SRC/openSUSE:Factory/.dropbear.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dropbear" Changes: -------- --- /work/SRC/openSUSE:Factory/dropbear/dropbear.changes 2014-08-20 10:51:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.dropbear.new/dropbear.changes 2014-11-02 16:46:41.000000000 +0100 @@ -1,0 +2,12 @@ +Fri Oct 24 08:30:31 UTC 2014 - [email protected] + +- updated to upstream version 2014.66 + * Use the same keepalive handling behaviour as OpenSSH. This will work better + with some SSH implementations that have different behaviour with unknown + message types. + * Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own + keepalive message + * Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere + * Fix wtmp which broke since 2013.62, patch from Whoopie + +------------------------------------------------------------------- Old: ---- dropbear-2014.65.tar.bz2 New: ---- dropbear-2014.66.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dropbear.spec ++++++ --- /var/tmp/diff_new_pack.pESFd8/_old 2014-11-02 16:46:42.000000000 +0100 +++ /var/tmp/diff_new_pack.pESFd8/_new 2014-11-02 16:46:42.000000000 +0100 @@ -21,7 +21,7 @@ %endif Name: dropbear -Version: 2014.65 +Version: 2014.66 Release: 0 Summary: A relatively small SSH 2 server and client License: MIT ++++++ SHA1SUM.asc ++++++ --- /var/tmp/diff_new_pack.pESFd8/_old 2014-11-02 16:46:42.000000000 +0100 +++ /var/tmp/diff_new_pack.pESFd8/_new 2014-11-02 16:46:42.000000000 +0100 @@ -1,13 +1,13 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -17758da1c3361557c5f0e78a100c8f2b81937fdc CHANGES -54e3738a4335a8dbb1e4acb29316b07f3a1fa354 dropbear-2014.64.tar.bz2 +07a147b70a5402f38b2965e386cbe63dee1afd69 CHANGES a7b04ff3c27059477ecdd8dccef7d43f644abe46 dropbear-2014.65.tar.bz2 +793f5f1bb465b3c55e795d607932e8b21c130e95 dropbear-2014.66.tar.bz2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (Darwin) -iEYEARECAAYFAlPk1kUACgkQjPn4sExkf7zCtgCfccmwAJ28VDggN/lPzfXix48/ -Qp0AnjRb6dLYj4SUhjbvt6ZiIe11HUzu -=L8D3 +iEYEARECAAYFAlRJDGYACgkQjPn4sExkf7wHRgCdH3TEUSKebFmT74e6NIuAAkpB +m78AoNIly2cnFzoimxixnNa7LDDRi64y +=MfF3 -----END PGP SIGNATURE----- ++++++ dropbear-2014.65.tar.bz2 -> dropbear-2014.66.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/.hg_archival.txt new/dropbear-2014.66/.hg_archival.txt --- old/dropbear-2014.65/.hg_archival.txt 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/.hg_archival.txt 2014-10-23 15:43:38.000000000 +0200 @@ -1,5 +1,5 @@ repo: d7da3b1e15401eb234ec866d5eac992fc4cd5878 -node: e9579816f20ea85affc6135e87f8477992808948 +node: 735511a4c761141416ad0e6728989d2dafa55bc2 branch: default -latesttag: DROPBEAR_2014.64 +latesttag: DROPBEAR_2014.65 latesttagdistance: 12 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/.hgsigs new/dropbear-2014.66/.hgsigs --- old/dropbear-2014.65/.hgsigs 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/.hgsigs 2014-10-23 15:43:38.000000000 +0200 @@ -11,3 +11,4 @@ 3d1d7d151c0ce3a79da62e86463f5632fa2b144a 0 iEYEABECAAYFAlKd5AEACgkQjPn4sExkf7wzWgCfdvPEEIdlMPqcbOQMJ7b+eAyy164An2ip1lPh1eS5g26/gSfruvWBVym4 277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn 96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m +caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/.hgtags new/dropbear-2014.66/.hgtags --- old/dropbear-2014.65/.hgtags 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/.hgtags 2014-10-23 15:43:38.000000000 +0200 @@ -44,3 +44,4 @@ 3d1d7d151c0ce3a79da62e86463f5632fa2b144a DROPBEAR_2013.62 2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63 0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64 +e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/CHANGES new/dropbear-2014.66/CHANGES --- old/dropbear-2014.65/CHANGES 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/CHANGES 2014-10-23 15:43:38.000000000 +0200 @@ -1,3 +1,16 @@ +2014.66 - Thursday 23 October 2014 + +- Use the same keepalive handling behaviour as OpenSSH. This will work better + with some SSH implementations that have different behaviour with unknown + message types. + +- Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own + keepalive message + +- Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere + +- Fix wtmp which broke since 2013.62, patch from Whoopie + 2014.65 - Friday 8 August 2014 - Fix 2014.64 regression, server session hang on exit with scp (and probably diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/LICENSE new/dropbear-2014.66/LICENSE --- old/dropbear-2014.65/LICENSE 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/LICENSE 2014-10-23 15:43:38.000000000 +0200 @@ -8,7 +8,7 @@ Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the same license: -Copyright (c) 2002-2013 Matt Johnston +Copyright (c) 2002-2014 Matt Johnston Portions copyright (c) 2004 Mihnea Stoenescu All rights reserved. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/auth.h new/dropbear-2014.66/auth.h --- old/dropbear-2014.65/auth.h 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/auth.h 2014-10-23 15:43:38.000000000 +0200 @@ -106,7 +106,7 @@ valid */ unsigned int failcount; /* Number of (failed) authentication attempts.*/ unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for - client and server (though has differing [obvious] + client and server (though has differing meanings). */ unsigned perm_warn : 1; /* Server only, set if bad permissions on ~/.ssh/authorized_keys have already been diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/channel.h new/dropbear-2014.66/channel.h --- old/dropbear-2014.65/channel.h 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/channel.h 2014-10-23 15:43:38.000000000 +0200 @@ -105,6 +105,9 @@ void setchannelfds(fd_set *readfd, fd_set *writefd); void channelio(fd_set *readfd, fd_set *writefd); struct Channel* getchannel(); +/* Returns an arbitrary channel that is in a ready state - not +being initialised and no EOF in either direction. NULL if none. */ +struct Channel* get_any_ready_channel(); void recv_msg_channel_open(); void recv_msg_channel_request(); @@ -128,8 +131,10 @@ void recv_msg_channel_open_confirmation(); void recv_msg_channel_open_failure(); #endif +void start_send_channel_request(struct Channel *channel, unsigned char *type); void send_msg_request_success(); void send_msg_request_failure(); + #endif /* _CHANNEL_H_ */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/chansession.h new/dropbear-2014.66/chansession.h --- old/dropbear-2014.65/chansession.h 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/chansession.h 2014-10-23 15:43:38.000000000 +0200 @@ -51,9 +51,12 @@ /* exit details */ struct exitinfo exit; - /* Used to set $SSH_CONNECTION in the child session. - Is only set temporarily before forking */ + + /* These are only set temporarily before forking */ + /* Used to set $SSH_CONNECTION in the child session. */ char *connection_string; + /* Used to set $SSH_CLIENT in the child session. */ + char *client_string; #ifndef DISABLE_X11FWD struct Listener * x11listener; @@ -89,7 +92,6 @@ #ifdef ENABLE_CLI_NETCAT void cli_send_netcat_request(); #endif -void cli_start_send_channel_request(struct Channel *channel, unsigned char *type); void svr_chansessinitialise(); extern const struct ChanType svrchansess; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/cli-agentfwd.c new/dropbear-2014.66/cli-agentfwd.c --- old/dropbear-2014.65/cli-agentfwd.c 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/cli-agentfwd.c 2014-10-23 15:43:38.000000000 +0200 @@ -234,7 +234,7 @@ return; } - cli_start_send_channel_request(channel, "[email protected]"); + start_send_channel_request(channel, "[email protected]"); /* Don't want replies */ buf_putbyte(ses.writepayload, 0); encrypt_packet(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/cli-chansession.c new/dropbear-2014.66/cli-chansession.c --- old/dropbear-2014.65/cli-chansession.c 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/cli-chansession.c 2014-10-23 15:43:38.000000000 +0200 @@ -92,17 +92,6 @@ } } -void cli_start_send_channel_request(struct Channel *channel, - unsigned char *type) { - - CHECKCLEARTOWRITE(); - buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); - buf_putint(ses.writepayload, channel->remotechan); - - buf_putstring(ses.writepayload, type, strlen(type)); - -} - /* Taken from OpenSSH's sshtty.c: * RCSID("OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp "); */ static void cli_tty_setup() { @@ -287,7 +276,7 @@ TRACE(("enter send_chansess_pty_req")) - cli_start_send_channel_request(channel, "pty-req"); + start_send_channel_request(channel, "pty-req"); /* Don't want replies */ buf_putbyte(ses.writepayload, 0); @@ -330,7 +319,7 @@ reqtype = "shell"; } - cli_start_send_channel_request(channel, reqtype); + start_send_channel_request(channel, reqtype); /* XXX TODO */ buf_putbyte(ses.writepayload, 0); /* Don't want replies */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/cli-session.c new/dropbear-2014.66/cli-session.c --- old/dropbear-2014.65/cli-session.c 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/cli-session.c 2014-10-23 15:43:38.000000000 +0200 @@ -70,9 +70,15 @@ {SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */ {SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */ {SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_cli}, + {SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response}, + {SSH_MSG_CHANNEL_FAILURE, ignore_recv_response}, #ifdef ENABLE_CLI_REMOTETCPFWD {SSH_MSG_REQUEST_SUCCESS, cli_recv_msg_request_success}, /* client */ {SSH_MSG_REQUEST_FAILURE, cli_recv_msg_request_failure}, /* client */ +#else + /* For keepalive */ + {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, + {SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, #endif {0, 0} /* End */ }; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/common-channel.c new/dropbear-2014.66/common-channel.c --- old/dropbear-2014.65/common-channel.c 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/common-channel.c 2014-10-23 15:43:38.000000000 +0200 @@ -627,7 +627,12 @@ && !channel->close_handler_done) { channel->type->reqhandler(channel); } else { - send_msg_channel_failure(channel); + int wantreply; + buf_eatstring(ses.payload); + wantreply = buf_getbool(ses.payload); + if (wantreply) { + send_msg_channel_failure(channel); + } } TRACE(("leave recv_msg_channel_request")) @@ -1134,3 +1139,30 @@ buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_FAILURE); encrypt_packet(); } + +struct Channel* get_any_ready_channel() { + if (ses.chancount == 0) { + return NULL; + } + size_t i; + for (i = 0; i < ses.chansize; i++) { + struct Channel *chan = ses.channels[i]; + if (chan + && !(chan->sent_eof || chan->recv_eof) + && !(chan->await_open || chan->initconn)) { + return chan; + } + } + return NULL; +} + +void start_send_channel_request(struct Channel *channel, + unsigned char *type) { + + CHECKCLEARTOWRITE(); + buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST); + buf_putint(ses.writepayload, channel->remotechan); + + buf_putstring(ses.writepayload, type, strlen(type)); + +} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/common-session.c new/dropbear-2014.66/common-session.c --- old/dropbear-2014.65/common-session.c 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/common-session.c 2014-10-23 15:43:38.000000000 +0200 @@ -394,14 +394,30 @@ return pos+1; } +void ignore_recv_response() { + // Do nothing + TRACE(("Ignored msg_request_response")) +} + static void send_msg_keepalive() { CHECKCLEARTOWRITE(); time_t old_time_idle = ses.last_packet_time_idle; - /* Try to force a response from the other end. Some peers will - reply with SSH_MSG_REQUEST_FAILURE, some will reply with SSH_MSG_UNIMPLEMENTED */ - buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); - /* A short string */ - buf_putstring(ses.writepayload, "[email protected]", 0); + + struct Channel *chan = get_any_ready_channel(); + + if (chan) { + /* Channel requests are preferable, more implementations + handle them than SSH_MSG_GLOBAL_REQUEST */ + TRACE(("keepalive channel request %d", chan->index)) + start_send_channel_request(chan, DROPBEAR_KEEPALIVE_STRING); + } else { + TRACE(("keepalive global request")) + /* Some peers will reply with SSH_MSG_REQUEST_FAILURE, + some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */ + buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST); + buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING, + strlen(DROPBEAR_KEEPALIVE_STRING)); + } buf_putbyte(ses.writepayload, 1); /* want_reply */ encrypt_packet(); @@ -430,7 +446,10 @@ send_msg_kexinit(); } - if (opts.keepalive_secs > 0) { + if (opts.keepalive_secs > 0 && ses.authstate.authdone) { + /* Avoid sending keepalives prior to auth - those are + not valid pre-auth packet types */ + /* Send keepalives if we've been idle */ if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) { send_msg_keepalive(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/debian/changelog new/dropbear-2014.66/debian/changelog --- old/dropbear-2014.65/debian/changelog 2014-08-08 15:40:46.000000000 +0200 +++ new/dropbear-2014.66/debian/changelog 2014-10-23 15:43:38.000000000 +0200 @@ -1,3 +1,9 @@ +dropbear (2014.66-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston <[email protected]> Thu, 23 Oct 2014 22:54:00 +0800 + dropbear (2014.65-0.1) unstable; urgency=low * New upstream release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/loginrec.h new/dropbear-2014.66/loginrec.h --- old/dropbear-2014.65/loginrec.h 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/loginrec.h 2014-10-23 15:43:38.000000000 +0200 @@ -79,10 +79,10 @@ # if defined(HAVE_UTMP_H) && defined(UTMP_FILE) && !defined(DISABLE_UTMP) # define USE_UTMP # endif -# if defined(HAVE_WTMPX_H) && defined(WTMPX_FILE) && !defined(DISABLE_WTMPX) +# if defined(WTMPX_FILE) && !defined(DISABLE_WTMPX) # define USE_WTMPX # endif -# if defined(HAVE_WTMP_H) && defined(WTMP_FILE) && !defined(DISABLE_WTMP) +# if defined(WTMP_FILE) && !defined(DISABLE_WTMP) # define USE_WTMP # endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/scp.c new/dropbear-2014.66/scp.c --- old/dropbear-2014.65/scp.c 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/scp.c 2014-10-23 15:43:38.000000000 +0200 @@ -1146,7 +1146,7 @@ { (void) fprintf(stderr, "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" - " [-l limit] [-o ssh_option] [-P port] [-S program]\n" + " [-l limit] [-P port] [-S program]\n" " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); exit(1); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/session.h new/dropbear-2014.66/session.h --- old/dropbear-2014.65/session.h 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/session.h 2014-10-23 15:43:38.000000000 +0200 @@ -47,6 +47,7 @@ void session_cleanup(); void send_session_identification(); void send_msg_ignore(); +void ignore_recv_response(); void update_channel_prio(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/svr-chansession.c new/dropbear-2014.66/svr-chansession.c --- old/dropbear-2014.65/svr-chansession.c 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/svr-chansession.c 2014-10-23 15:43:38.000000000 +0200 @@ -53,6 +53,7 @@ static void closechansess(struct Channel *channel); static int newchansess(struct Channel *channel); static void chansessionrequest(struct Channel *channel); +static int sesscheckclose(struct Channel *channel); static void send_exitsignalstatus(struct Channel *channel); static void send_msg_chansess_exitstatus(struct Channel * channel, @@ -61,6 +62,14 @@ struct ChanSess * chansess); static void get_termmodes(struct ChanSess *chansess); +const struct ChanType svrchansess = { + 0, /* sepfds */ + "session", /* name */ + newchansess, /* inithandler */ + sesscheckclose, /* checkclosehandler */ + chansessionrequest, /* reqhandler */ + closechansess, /* closehandler */ +}; /* required to clear environment */ extern char** environ; @@ -232,6 +241,7 @@ chansess = (struct ChanSess*)m_malloc(sizeof(struct ChanSess)); chansess->cmd = NULL; chansess->connection_string = NULL; + chansess->client_string = NULL; chansess->pid = 0; /* pty details */ @@ -593,19 +603,26 @@ return DROPBEAR_SUCCESS; } -static char* make_connection_string() { +static void make_connection_string(struct ChanSess *chansess) { char *local_ip, *local_port, *remote_ip, *remote_port; size_t len; - char *ret; get_socket_address(ses.sock_in, &local_ip, &local_port, &remote_ip, &remote_port, 0); - len = strlen(local_ip) + strlen(local_port) + strlen(remote_ip) + strlen(remote_port) + 4; - ret = m_malloc(len); - snprintf(ret, len, "%s %s %s %s", remote_ip, remote_port, local_ip, local_port); + + /* "remoteip remoteport localip localport" */ + len = strlen(local_ip) + strlen(remote_ip) + 20; + chansess->connection_string = m_malloc(len); + snprintf(chansess->connection_string, len, "%s %s %s %s", remote_ip, remote_port, local_ip, local_port); + + /* deprecated but bash only loads .bashrc if SSH_CLIENT is set */ + /* "remoteip remoteport localport" */ + len = strlen(remote_ip) + 20; + chansess->client_string = m_malloc(len); + snprintf(chansess->client_string, len, "%s %s %s", remote_ip, remote_port, local_port); + m_free(local_ip); m_free(local_port); m_free(remote_ip); m_free(remote_port); - return ret; } /* Handle a command request from the client. This is used for both shell @@ -668,7 +685,7 @@ /* uClinux will vfork(), so there'll be a race as connection_string is freed below. */ #ifndef USE_VFORK - chansess->connection_string = make_connection_string(); + make_connection_string(chansess); #endif if (chansess->term == NULL) { @@ -685,6 +702,7 @@ #ifndef USE_VFORK m_free(chansess->connection_string); + m_free(chansess->client_string); #endif if (ret == DROPBEAR_FAILURE) { @@ -940,6 +958,10 @@ if (chansess->connection_string) { addnewvar("SSH_CONNECTION", chansess->connection_string); } + + if (chansess->client_string) { + addnewvar("SSH_CLIENT", chansess->client_string); + } #ifdef ENABLE_SVR_PUBKEY_OPTIONS if (chansess->original_command) { @@ -968,16 +990,6 @@ dropbear_exit("Child failed"); } -const struct ChanType svrchansess = { - 0, /* sepfds */ - "session", /* name */ - newchansess, /* inithandler */ - sesscheckclose, /* checkclosehandler */ - chansessionrequest, /* reqhandler */ - closechansess, /* closehandler */ -}; - - /* Set up the general chansession environment, in particular child-exit * handling */ void svr_chansessinitialise() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/svr-main.c new/dropbear-2014.66/svr-main.c --- old/dropbear-2014.65/svr-main.c 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/svr-main.c 2014-10-23 15:43:39.000000000 +0200 @@ -409,7 +409,7 @@ size_t sockpos = 0; int nsock; - TRACE(("listensockets: %d to try\n", svr_opts.portcount)) + TRACE(("listensockets: %d to try", svr_opts.portcount)) for (i = 0; i < svr_opts.portcount; i++) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/svr-runopts.c new/dropbear-2014.66/svr-runopts.c --- old/dropbear-2014.65/svr-runopts.c 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/svr-runopts.c 2014-10-23 15:43:39.000000000 +0200 @@ -410,7 +410,9 @@ sign_key * read_key = new_sign_key(); enum signkey_type type = DROPBEAR_SIGNKEY_ANY; if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { - dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); + if (!svr_opts.delay_hostkey) { + dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); + } } #ifdef DROPBEAR_RSA diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/svr-session.c new/dropbear-2014.66/svr-session.c --- old/dropbear-2014.65/svr-session.c 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/svr-session.c 2014-10-23 15:43:39.000000000 +0200 @@ -58,6 +58,10 @@ {SSH_MSG_CHANNEL_OPEN, recv_msg_channel_open}, {SSH_MSG_CHANNEL_EOF, recv_msg_channel_eof}, {SSH_MSG_CHANNEL_CLOSE, recv_msg_channel_close}, + {SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response}, + {SSH_MSG_CHANNEL_FAILURE, ignore_recv_response}, + {SSH_MSG_REQUEST_FAILURE, ignore_recv_response}, /* for keepalive */ + {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response}, /* client */ #ifdef USING_LISTENERS {SSH_MSG_CHANNEL_OPEN_CONFIRMATION, recv_msg_channel_open_confirmation}, {SSH_MSG_CHANNEL_OPEN_FAILURE, recv_msg_channel_open_failure}, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/sysoptions.h new/dropbear-2014.66/sysoptions.h --- old/dropbear-2014.65/sysoptions.h 2014-08-08 15:40:47.000000000 +0200 +++ new/dropbear-2014.66/sysoptions.h 2014-10-23 15:43:39.000000000 +0200 @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2014.65" +#define DROPBEAR_VERSION "2014.66" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION @@ -153,8 +153,7 @@ #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11 connection, so can't be _too_ small */ -#define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also - is the max length for a password etc */ +#define MAX_STRING_LEN 2400 /* Sun SSH needs this long for algos */ /* For a 4096 bit DSS key, empirically determined */ #define MAX_PUBKEY_SIZE 1700 @@ -257,4 +256,7 @@ #define DROPBEAR_LISTEN_BACKLOG MAX_CHANNELS #endif +/* Use this string since some implementations might special-case it */ +#define DROPBEAR_KEEPALIVE_STRING "[email protected]" + /* no include guard for this file */ -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
