From 10688585fa489bc57ac862efec5fc39bc816d6bd Mon Sep 17 00:00:00 2001 From: Leonid Plyushch <25881154+xeffyr@users.noreply.github.com> Date: Sun, 22 Apr 2018 22:22:48 +0300 Subject: [PATCH] dropbear: update to 2018.76 (#2356) * dropbear: update to 2018.76 * dropbear: fix hardcoded paths * dropbear: enable scp --- packages/dropbear/Makefile.in.patch | 12 +++ packages/dropbear/build.sh | 14 ++- packages/dropbear/cli-auth.c.patch | 42 ++++++++ packages/dropbear/common-session.c.patch | 12 +++ packages/dropbear/compat.c.patch | 21 ++++ ...ptions.h.patch => default_options.h.patch} | 93 +++++++++--------- packages/dropbear/dropbear.patch | 95 ------------------- packages/dropbear/gensignkey.c.patch | 10 +- packages/dropbear/sshpty.c.patch | 28 ++++++ packages/dropbear/svr-agentfwd.c.patch | 25 +++++ .../{svr-auth-c.patch => svr-auth.c.patch} | 22 +++-- packages/dropbear/svr-chansession.c.patch | 36 +++++++ packages/dropbear/sysoptions.h.patch | 12 +++ 13 files changed, 259 insertions(+), 163 deletions(-) create mode 100644 packages/dropbear/Makefile.in.patch create mode 100644 packages/dropbear/cli-auth.c.patch create mode 100644 packages/dropbear/common-session.c.patch create mode 100644 packages/dropbear/compat.c.patch rename packages/dropbear/{options.h.patch => default_options.h.patch} (53%) delete mode 100644 packages/dropbear/dropbear.patch create mode 100644 packages/dropbear/sshpty.c.patch create mode 100644 packages/dropbear/svr-agentfwd.c.patch rename packages/dropbear/{svr-auth-c.patch => svr-auth.c.patch} (62%) create mode 100644 packages/dropbear/svr-chansession.c.patch create mode 100644 packages/dropbear/sysoptions.h.patch diff --git a/packages/dropbear/Makefile.in.patch b/packages/dropbear/Makefile.in.patch new file mode 100644 index 000000000..49c76627a --- /dev/null +++ b/packages/dropbear/Makefile.in.patch @@ -0,0 +1,12 @@ +diff -uNr dropbear-2018.76/Makefile.in dropbear-2018.76.mod/Makefile.in +--- dropbear-2018.76/Makefile.in 2018-02-27 16:25:10.000000000 +0200 ++++ dropbear-2018.76.mod/Makefile.in 2018-04-21 14:05:03.923792282 +0300 +@@ -9,7 +9,7 @@ + # dbclient functionality, and includes the progress-bar functionality in scp. + + ifndef PROGRAMS +- PROGRAMS=dropbear dbclient dropbearkey dropbearconvert ++ PROGRAMS=dropbear dbclient dropbearkey dropbearconvert scp + endif + + STATIC_LTC=libtomcrypt/libtomcrypt.a diff --git a/packages/dropbear/build.sh b/packages/dropbear/build.sh index c9780b527..13ac8409f 100755 --- a/packages/dropbear/build.sh +++ b/packages/dropbear/build.sh @@ -1,15 +1,19 @@ TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html TERMUX_PKG_DESCRIPTION="Small SSH server and client" -TERMUX_PKG_DEPENDS="libutil" -TERMUX_PKG_VERSION=2017.75 -TERMUX_PKG_REVISION=2 +TERMUX_PKG_DEPENDS="libutil, readline" +TERMUX_PKG_CONFLICTS="openssh" +TERMUX_PKG_VERSION=2018.76 TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2 -TERMUX_PKG_SHA256=6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c +TERMUX_PKG_SHA256=f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65 TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-syslog --disable-utmp --disable-utmpx --disable-wtmp" +TERMUX_PKG_BUILD_IN_SRC="yes" +TERMUX_PKG_CLANG=no # Avoid linking to libcrypt for server password authentication: TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_lib_crypt_crypt=no" +# use own implementation of getpass +TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_func_getpass=yes LIBS=-lreadline" +# build a multi-call binary TERMUX_PKG_EXTRA_MAKE_ARGS="MULTI=1" -TERMUX_PKG_BUILD_IN_SRC="yes" termux_step_create_debscripts () { echo "#!$TERMUX_PREFIX/bin/sh" > postinst diff --git a/packages/dropbear/cli-auth.c.patch b/packages/dropbear/cli-auth.c.patch new file mode 100644 index 000000000..3dbd103b6 --- /dev/null +++ b/packages/dropbear/cli-auth.c.patch @@ -0,0 +1,42 @@ +diff -uNr dropbear-2018.76/cli-auth.c dropbear-2018.76.mod/cli-auth.c +--- dropbear-2018.76/cli-auth.c 2018-02-27 16:25:10.000000000 +0200 ++++ dropbear-2018.76.mod/cli-auth.c 2018-04-21 13:44:51.797063206 +0300 +@@ -32,6 +32,38 @@ + #include "packet.h" + #include "runopts.h" + ++ ++// getpass implementation ++#ifdef __ANDROID__ ++#include ++#include ++ ++static char* getpass(const char *prompt) { ++ struct termios term_old, term_new; ++ int nread; ++ ++ /* Turn echoing off and fail if we can't. */ ++ if (tcgetattr (0, &term_old) != 0) { ++ return NULL; ++ } ++ ++ term_new = term_old; ++ term_new.c_lflag &= ~ECHO; ++ ++ if (tcsetattr (0, TCSAFLUSH, &term_new) != 0) { ++ return NULL; ++ } ++ ++ /* Read the password. */ ++ char *password = readline(prompt); ++ ++ /* Restore terminal. */ ++ (void) tcsetattr (0, TCSAFLUSH, &term_old); ++ ++ return password; ++} ++#endif ++ + void cli_authinitialise() { + + memset(&ses.authstate, 0, sizeof(ses.authstate)); diff --git a/packages/dropbear/common-session.c.patch b/packages/dropbear/common-session.c.patch new file mode 100644 index 000000000..e318add71 --- /dev/null +++ b/packages/dropbear/common-session.c.patch @@ -0,0 +1,12 @@ +diff -uNr dropbear-2018.76/common-session.c dropbear-2018.76.mod/common-session.c +--- dropbear-2018.76/common-session.c 2018-02-27 16:25:10.000000000 +0200 ++++ dropbear-2018.76.mod/common-session.c 2018-04-21 13:49:06.633742995 +0300 +@@ -570,7 +570,7 @@ + const char* get_user_shell() { + /* an empty shell should be interpreted as "/bin/sh" */ + if (ses.authstate.pw_shell[0] == '\0') { +- return "/bin/sh"; ++ return "@TERMUX_PREFIX@/bin/sh"; + } else { + return ses.authstate.pw_shell; + } diff --git a/packages/dropbear/compat.c.patch b/packages/dropbear/compat.c.patch new file mode 100644 index 000000000..9b734cba5 --- /dev/null +++ b/packages/dropbear/compat.c.patch @@ -0,0 +1,21 @@ +diff -uNr dropbear-2018.76/compat.c dropbear-2018.76.mod/compat.c +--- dropbear-2018.76/compat.c 2018-02-27 16:25:10.000000000 +0200 ++++ dropbear-2018.76.mod/compat.c 2018-04-21 13:47:36.443738351 +0300 +@@ -232,7 +232,7 @@ + + static char **initshells() { + /* don't touch this list. */ +- static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL }; ++ static const char *okshells[] = { "@TERMUX_PREFIX@/bin/sh", "@TERMUX_PREFIX@/bin/csh", NULL }; + register char **sp, *cp; + register FILE *fp; + struct stat statb; +@@ -244,7 +244,7 @@ + if (strings != NULL) + free(strings); + strings = NULL; +- if ((fp = fopen("/etc/shells", "rc")) == NULL) ++ if ((fp = fopen("@TERMUX_PREFIX@/etc/shells", "rc")) == NULL) + return (char **) okshells; + if (fstat(fileno(fp), &statb) == -1) { + (void)fclose(fp); diff --git a/packages/dropbear/options.h.patch b/packages/dropbear/default_options.h.patch similarity index 53% rename from packages/dropbear/options.h.patch rename to packages/dropbear/default_options.h.patch index 82cd330c6..3169e4584 100644 --- a/packages/dropbear/options.h.patch +++ b/packages/dropbear/default_options.h.patch @@ -1,81 +1,77 @@ -diff -u -r ../dropbear-2017.75/options.h ./options.h ---- ../dropbear-2017.75/options.h 2017-05-18 16:47:02.000000000 +0200 -+++ ./options.h 2018-01-24 11:01:37.013064455 +0100 -@@ -11,7 +11,7 @@ - /* IMPORTANT: Many options will require "make clean" after changes */ +diff -uNr dropbear-2018.76/default_options.h dropbear-2018.76.mod/default_options.h +--- dropbear-2018.76/default_options.h 2018-02-27 16:25:10.000000000 +0200 ++++ dropbear-2018.76.mod/default_options.h 2018-04-21 13:44:59.120396918 +0300 +@@ -13,15 +13,15 @@ + + IMPORTANT: Some options will require "make clean" after changes */ - #ifndef DROPBEAR_DEFPORT -#define DROPBEAR_DEFPORT "22" +#define DROPBEAR_DEFPORT "8022" - #endif - #ifndef DROPBEAR_DEFADDRESS -@@ -21,13 +21,13 @@ + /* Listen on all interfaces */ + #define DROPBEAR_DEFADDRESS "" /* Default hostkey paths - these can be specified on the command line */ - #ifndef DSS_PRIV_FILENAME -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key" -+#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key" - #endif - #ifndef RSA_PRIV_FILENAME -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key" -+#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key" - #endif - #ifndef ECDSA_PRIV_FILENAME -#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key" ++#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key" ++#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key" +#define ECDSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_ecdsa_host_key" - #endif /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens -@@ -52,7 +52,7 @@ - several kB in binary size however will make the symmetrical ciphers and hashes - slower, perhaps by 50%. Recommended for small systems that aren't doing - much traffic. */ --#define DROPBEAR_SMALL_CODE + * on chosen ports and keeps accepting connections. This is the default. +@@ -44,7 +44,7 @@ + * several kB in binary size however will make the symmetrical ciphers and hashes + * slower, perhaps by 50%. Recommended for small systems that aren't doing + * much traffic. */ +-#define DROPBEAR_SMALL_CODE 1 +#undef DROPBEAR_SMALL_CODE /* Enable X11 Forwarding - server only */ - #define ENABLE_X11FWD -@@ -198,7 +198,7 @@ + #define DROPBEAR_X11FWD 1 +@@ -175,11 +175,11 @@ - /* The MOTD file path */ - #ifndef MOTD_FILENAME + /* Whether to print the message of the day (MOTD). */ + #define DO_MOTD 0 -#define MOTD_FILENAME "/etc/motd" +#define MOTD_FILENAME "@TERMUX_PREFIX@/etc/motd" - #endif /* Authentication Types - at least one required. -@@ -213,7 +213,7 @@ - - /* This requires crypt() */ - #ifdef HAVE_CRYPT --#define ENABLE_SVR_PASSWORD_AUTH -+#undef ENABLE_SVR_PASSWORD_AUTH - #endif - /* PAM requires ./configure --enable-pam */ - /*#define ENABLE_SVR_PAM_AUTH */ -@@ -287,25 +287,25 @@ + RFC Draft requires pubkey auth, and recommends password */ +-#define DROPBEAR_SVR_PASSWORD_AUTH 1 ++#undef DROPBEAR_SVR_PASSWORD_AUTH + + /* Note: PAM auth is quite simple and only works for PAM modules which just do + * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). +@@ -222,7 +222,7 @@ + + /* Set this to use PRNGD or EGD instead of /dev/urandom */ + #define DROPBEAR_USE_PRNGD 0 +-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng" ++#define DROPBEAR_PRNGD_SOCKET "@TERMUX_PREFIX@/var/run/dropbear-rng" + + /* Specify the number of clients we will allow to be connected but + * not yet authenticated. After this limit, connections are rejected */ +@@ -239,22 +239,22 @@ + /* The default file to store the daemon's process ID, for shutdown scripts etc. This can be overridden with the -P flag */ - #ifndef DROPBEAR_PIDFILE -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid" +#define DROPBEAR_PIDFILE "@TERMUX_PREFIX@/var/run/dropbear.pid" - #endif /* The command to invoke for xauth when using X11 forwarding. * "-q" for quiet */ - #ifndef XAUTH_COMMAND -#define XAUTH_COMMAND "/usr/bin/xauth -q" +#define XAUTH_COMMAND "@TERMUX_PREFIX@/bin/xauth -q" - #endif + /* if you want to enable running an sftp server (such as the one included with - * OpenSSH), set the path below. If the path isn't defined, sftp will not - * be enabled */ - #ifndef SFTPSERVER_PATH + * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. + * The sftp-server program is not provided by Dropbear itself */ + #define DROPBEAR_SFTPSERVER 1 -#define SFTPSERVER_PATH "/usr/libexec/sftp-server" +#define SFTPSERVER_PATH "@TERMUX_PREFIX@/libexec/sftp-server" - #endif /* This is used by the scp binary when used as a client binary. If you're * not using the Dropbear client, you'll need to change it */ @@ -84,12 +80,11 @@ diff -u -r ../dropbear-2017.75/options.h ./options.h /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a -@@ -347,7 +347,7 @@ +@@ -290,6 +290,6 @@ #define DEFAULT_IDLE_TIMEOUT 0 /* The default path. This will often get replaced by the shell */ -#define DEFAULT_PATH "/usr/bin:/bin" -+#define DEFAULT_PATH "@TERMUX_PREFIX@/bin" ++#define DEFAULT_PATH "@TERMUX_PREFIX@/bin:@TERMUX_PREFIX@/bin/applets" - /* Some other defines (that mostly should be left alone) are defined - * in sysoptions.h */ + #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */ diff --git a/packages/dropbear/dropbear.patch b/packages/dropbear/dropbear.patch deleted file mode 100644 index 10a0b8d8b..000000000 --- a/packages/dropbear/dropbear.patch +++ /dev/null @@ -1,95 +0,0 @@ -diff -u -r ../dropbear-2013.62/cli-auth.c ./cli-auth.c ---- ../dropbear-2013.62/cli-auth.c 2013-12-03 14:39:15.000000000 +0100 -+++ ./cli-auth.c 2014-01-05 21:21:37.926812382 +0100 -@@ -32,6 +32,10 @@ - #include "packet.h" - #include "runopts.h" - -+char * getpass (const char *prompt) { -+ return ""; -+} -+ - void cli_authinitialise() { - - memset(&ses.authstate, 0, sizeof(ses.authstate)); - #ifdef ENABLE_CLI_ANYTCPFWD -diff -u -r ../dropbear-2013.62/sshpty.c ./sshpty.c ---- ../dropbear-2013.62/sshpty.c 2013-12-03 14:39:15.000000000 +0100 -+++ ./sshpty.c 2014-01-05 21:21:37.930812382 +0100 -@@ -22,6 +22,10 @@ - #include "errno.h" - #include "sshpty.h" - -+#ifdef __ANDROID__ -+# define USE_DEV_PTMX 1 -+#endif -+ - /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ - #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) - #undef HAVE_DEV_PTMX -@@ -380,6 +384,7 @@ - tty_name, strerror(errno)); - } - -+ /* - if (st.st_uid != pw->pw_uid || st.st_gid != gid) { - if (chown(tty_name, pw->pw_uid, gid) < 0) { - if (errno == EROFS && -@@ -409,4 +414,5 @@ - } - } - } -+ */ - } -diff -u -r ../dropbear-2013.62/svr-agentfwd.c ./svr-agentfwd.c ---- ../dropbear-2013.62/svr-agentfwd.c 2013-12-03 14:39:15.000000000 +0100 -+++ ./svr-agentfwd.c 2014-01-05 21:21:37.930812382 +0100 -@@ -218,10 +218,12 @@ - /* drop to user privs to make the dir/file */ - uid = getuid(); - gid = getgid(); -+ /* - if ((setegid(ses.authstate.pw_gid)) < 0 || - (seteuid(ses.authstate.pw_uid)) < 0) { - dropbear_exit("Failed to set euid"); - } -+ */ - - memset((void*)&addr, 0x0, sizeof(addr)); - addr.sun_family = AF_UNIX; -diff -u -r ../dropbear-2013.62/svr-chansession.c ./svr-chansession.c ---- ../dropbear-2013.62/svr-chansession.c 2013-12-03 14:39:15.000000000 +0100 -+++ ./svr-chansession.c 2014-01-05 21:32:15.438797159 +0100 -@@ -874,6 +874,8 @@ - #endif - - /* clear environment */ -+ /* termux: do not clear environment on android */ -+#ifndef __ANDROID__ - /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD - * etc. This is hazardous, so should only be used for debugging. */ - #ifndef DEBUG_VALGRIND -@@ -886,6 +888,7 @@ - } - #endif /* HAVE_CLEARENV */ - #endif /* DEBUG_VALGRIND */ -+#endif /* __ANDROID__ */ - - /* We can only change uid/gid as root ... */ - if (getuid() == 0) { -@@ -911,12 +914,14 @@ - } - } - -+ /* termux: do not modify environment since we did not clean it */ -+#ifndef __ANDROID__ - /* set env vars */ - addnewvar("USER", ses.authstate.pw_name); - addnewvar("LOGNAME", ses.authstate.pw_name); - addnewvar("HOME", ses.authstate.pw_dir); - addnewvar("SHELL", get_user_shell()); -- addnewvar("PATH", DEFAULT_PATH); -+#endif /* __ANDROID__ */ - if (chansess->term != NULL) { - addnewvar("TERM", chansess->term); - } diff --git a/packages/dropbear/gensignkey.c.patch b/packages/dropbear/gensignkey.c.patch index 8e6252428..33316aab4 100644 --- a/packages/dropbear/gensignkey.c.patch +++ b/packages/dropbear/gensignkey.c.patch @@ -1,7 +1,7 @@ -diff -u -r ../dropbear-2017.75/gensignkey.c ./gensignkey.c ---- ../dropbear-2017.75/gensignkey.c 2017-05-18 16:47:01.000000000 +0200 -+++ ./gensignkey.c 2017-06-13 23:50:59.888597482 +0200 -@@ -137,6 +137,16 @@ +diff -uNr dropbear-2018.76/gensignkey.c dropbear-2018.76.mod/gensignkey.c +--- dropbear-2018.76/gensignkey.c 2018-02-27 16:25:10.000000000 +0200 ++++ dropbear-2018.76.mod/gensignkey.c 2018-04-21 13:45:22.973731479 +0300 +@@ -140,6 +140,16 @@ goto out; } @@ -18,7 +18,7 @@ diff -u -r ../dropbear-2017.75/gensignkey.c ./gensignkey.c if (link(fn_temp, filename) < 0) { /* If generating keys on connection (skipexist) it's OK to get EEXIST - we probably just lost a race with another connection to generate the key */ -@@ -148,6 +158,7 @@ +@@ -151,6 +161,7 @@ goto out; } } diff --git a/packages/dropbear/sshpty.c.patch b/packages/dropbear/sshpty.c.patch new file mode 100644 index 000000000..8398ef77a --- /dev/null +++ b/packages/dropbear/sshpty.c.patch @@ -0,0 +1,28 @@ +diff -uNr dropbear-2018.76/sshpty.c dropbear-2018.76.mod/sshpty.c +--- dropbear-2018.76/sshpty.c 2018-02-27 16:25:12.000000000 +0200 ++++ dropbear-2018.76.mod/sshpty.c 2018-04-21 13:45:06.703730641 +0300 +@@ -22,6 +22,10 @@ + #include "errno.h" + #include "sshpty.h" + ++#ifdef __ANDROID__ ++# define USE_DEV_PTMX 1 ++#endif ++ + /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */ + #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY) + #undef HAVE_DEV_PTMX +@@ -380,6 +384,7 @@ + tty_name, strerror(errno)); + } + ++ /* + if (st.st_uid != pw->pw_uid || st.st_gid != gid) { + if (chown(tty_name, pw->pw_uid, gid) < 0) { + if (errno == EROFS && +@@ -409,4 +414,5 @@ + } + } + } ++ */ + } diff --git a/packages/dropbear/svr-agentfwd.c.patch b/packages/dropbear/svr-agentfwd.c.patch new file mode 100644 index 000000000..59309f723 --- /dev/null +++ b/packages/dropbear/svr-agentfwd.c.patch @@ -0,0 +1,25 @@ +diff -uNr dropbear-2018.76/svr-agentfwd.c dropbear-2018.76.mod/svr-agentfwd.c +--- dropbear-2018.76/svr-agentfwd.c 2018-02-27 16:25:12.000000000 +0200 ++++ dropbear-2018.76.mod/svr-agentfwd.c 2018-04-21 13:46:57.660403020 +0300 +@@ -41,7 +41,7 @@ + #include "listener.h" + #include "auth.h" + +-#define AGENTDIRPREFIX "/tmp/dropbear-" ++#define AGENTDIRPREFIX "@TERMUX_PREFIX@/tmp/dropbear-" + + static int send_msg_channel_open_agent(int fd); + static int bindagent(int fd, struct ChanSess * chansess); +@@ -218,10 +218,12 @@ + /* drop to user privs to make the dir/file */ + uid = getuid(); + gid = getgid(); ++ /* + if ((setegid(ses.authstate.pw_gid)) < 0 || + (seteuid(ses.authstate.pw_uid)) < 0) { + dropbear_exit("Failed to set euid"); + } ++ */ + + memset((void*)&addr, 0x0, sizeof(addr)); + addr.sun_family = AF_UNIX; diff --git a/packages/dropbear/svr-auth-c.patch b/packages/dropbear/svr-auth.c.patch similarity index 62% rename from packages/dropbear/svr-auth-c.patch rename to packages/dropbear/svr-auth.c.patch index 8a941839f..e4e09d4c2 100644 --- a/packages/dropbear/svr-auth-c.patch +++ b/packages/dropbear/svr-auth.c.patch @@ -1,7 +1,7 @@ -diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c ---- ../dropbear-2014.63/svr-auth.c 2014-02-19 15:05:24.000000000 +0100 -+++ ./svr-auth.c 2014-03-22 17:52:07.000000000 +0100 -@@ -120,6 +120,9 @@ +diff -uNr dropbear-2018.76/svr-auth.c dropbear-2018.76.mod/svr-auth.c +--- dropbear-2018.76/svr-auth.c 2018-02-27 16:25:12.000000000 +0200 ++++ dropbear-2018.76.mod/svr-auth.c 2018-04-21 13:48:35.083741369 +0300 +@@ -93,6 +93,9 @@ } username = buf_getstring(ses.payload, &userlen); @@ -11,7 +11,7 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c servicename = buf_getstring(ses.payload, &servicelen); methodname = buf_getstring(ses.payload, &methodlen); -@@ -129,7 +132,6 @@ +@@ -102,7 +105,6 @@ SSH_SERVICE_CONNECTION_LEN) != 0)) { /* TODO - disconnect here */ @@ -19,7 +19,7 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c m_free(servicename); m_free(methodname); dropbear_exit("unknown service in auth"); -@@ -219,7 +221,6 @@ +@@ -192,7 +194,6 @@ out: @@ -27,15 +27,19 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c m_free(servicename); m_free(methodname); } -@@ -287,6 +288,7 @@ - usershell = "/bin/sh"; +@@ -320,9 +321,10 @@ + usershell = ses.authstate.pw_shell; + if (usershell[0] == '\0') { + /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */ +- usershell = "/bin/sh"; ++ usershell = "@TERMUX_PREFIX@/bin/sh"; } + goto goodshell; /* check the shell is valid. If /etc/shells doesn't exist, getusershell() * should return some standard shells like "/bin/sh" and "/bin/csh" (this * is platform-specific) */ -@@ -306,7 +308,7 @@ +@@ -343,7 +345,7 @@ return DROPBEAR_FAILURE; goodshell: diff --git a/packages/dropbear/svr-chansession.c.patch b/packages/dropbear/svr-chansession.c.patch new file mode 100644 index 000000000..01df39d58 --- /dev/null +++ b/packages/dropbear/svr-chansession.c.patch @@ -0,0 +1,36 @@ +diff -uNr dropbear-2018.76/svr-chansession.c dropbear-2018.76.mod/svr-chansession.c +--- dropbear-2018.76/svr-chansession.c 2018-02-27 16:25:12.000000000 +0200 ++++ dropbear-2018.76.mod/svr-chansession.c 2018-04-21 13:45:06.707063974 +0300 +@@ -919,6 +919,8 @@ + #endif + + /* clear environment */ ++ /* termux: do not clear environment on android */ ++#ifndef __ANDROID__ + /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD + * etc. This is hazardous, so should only be used for debugging. */ + #ifndef DEBUG_VALGRIND +@@ -931,6 +933,7 @@ + } + #endif /* HAVE_CLEARENV */ + #endif /* DEBUG_VALGRIND */ ++#endif /* __ANDROID__ */ + + /* We can only change uid/gid as root ... */ + if (getuid() == 0) { +@@ -956,12 +959,14 @@ + } + } + ++ /* termux: do not modify environment since we did not clean it */ ++#ifndef __ANDROID__ + /* set env vars */ + addnewvar("USER", ses.authstate.pw_name); + addnewvar("LOGNAME", ses.authstate.pw_name); + addnewvar("HOME", ses.authstate.pw_dir); + addnewvar("SHELL", get_user_shell()); +- addnewvar("PATH", DEFAULT_PATH); ++#endif /* __ANDROID__ */ + if (chansess->term != NULL) { + addnewvar("TERM", chansess->term); + } diff --git a/packages/dropbear/sysoptions.h.patch b/packages/dropbear/sysoptions.h.patch new file mode 100644 index 000000000..97b6109b1 --- /dev/null +++ b/packages/dropbear/sysoptions.h.patch @@ -0,0 +1,12 @@ +diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h +--- dropbear-2018.76/sysoptions.h 2018-02-27 16:25:12.000000000 +0200 ++++ dropbear-2018.76.mod/sysoptions.h 2018-04-21 13:48:41.227075019 +0300 +@@ -71,7 +71,7 @@ + + #define _PATH_TTY "/dev/tty" + +-#define _PATH_CP "/bin/cp" ++#define _PATH_CP "@TERMUX_PREFIX@/bin/cp" + + #define DROPBEAR_ESCAPE_CHAR '~' +