dropbear: update to 2018.76 (#2356)

* dropbear: update to 2018.76 * dropbear: fix hardcoded paths * dropbear: enable scp
7 years ago · 10688585fa
13 changed files with 259 additions and 163 deletions
--- a/packages/dropbear/Makefile.in.patch
+++ b/packages/dropbear/Makefile.in.patch
@ -0,0 +1,12 @@
 diff -uNr dropbear-2018.76/Makefile.in dropbear-2018.76.mod/Makefile.in
 --- dropbear-2018.76/Makefile.in	2018-02-27 16:25:10.000000000 +0200
 +++ dropbear-2018.76.mod/Makefile.in	2018-04-21 14:05:03.923792282 +0300
@@ -9,7 +9,7 @@
 # dbclient functionality, and includes the progress-bar functionality in scp.
 ifndef PROGRAMS
 -	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
 +	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert scp
 endif
 STATIC_LTC=libtomcrypt/libtomcrypt.a
--- a/packages/dropbear/build.sh
+++ b/packages/dropbear/build.sh
@ -1,15 +1,19 @@
 TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html
 TERMUX_PKG_DESCRIPTION="Small SSH server and client"
-TERMUX_PKG_DEPENDS="libutil"
+TERMUX_PKG_DEPENDS="libutil, readline"
-TERMUX_PKG_VERSION=2017.75
+TERMUX_PKG_CONFLICTS="openssh"
-TERMUX_PKG_REVISION=2
+TERMUX_PKG_VERSION=2018.76
 TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2
-TERMUX_PKG_SHA256=6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c
+TERMUX_PKG_SHA256=f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-syslog --disable-utmp --disable-utmpx --disable-wtmp"
 TERMUX_PKG_BUILD_IN_SRC="yes"
 TERMUX_PKG_CLANG=no
 # Avoid linking to libcrypt for server password authentication:
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_lib_crypt_crypt=no"
 # use own implementation of getpass
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_func_getpass=yes LIBS=-lreadline"
 # build a multi-call binary
 TERMUX_PKG_EXTRA_MAKE_ARGS="MULTI=1"
 TERMUX_PKG_BUILD_IN_SRC="yes"
 termux_step_create_debscripts () {
        echo "#!$TERMUX_PREFIX/bin/sh" > postinst
--- a/packages/dropbear/cli-auth.c.patch
+++ b/packages/dropbear/cli-auth.c.patch
@ -0,0 +1,42 @@
 diff -uNr dropbear-2018.76/cli-auth.c dropbear-2018.76.mod/cli-auth.c
 --- dropbear-2018.76/cli-auth.c	2018-02-27 16:25:10.000000000 +0200
 +++ dropbear-2018.76.mod/cli-auth.c	2018-04-21 13:44:51.797063206 +0300
@@ -32,6 +32,38 @@
 #include "packet.h"
 #include "runopts.h"
 +
 +// getpass implementation
 +#ifdef __ANDROID__
 +#include <termios.h>
 +#include <readline/readline.h>
 +
 +static char* getpass(const char *prompt) {
 +    struct termios term_old, term_new;
 +    int nread;
 +
 +    /* Turn echoing off and fail if we can't. */
 +    if (tcgetattr (0, &term_old) != 0) {
 +        return NULL;
 +    }
 +
 +    term_new = term_old;
 +    term_new.c_lflag &= ~ECHO;
 +
 +    if (tcsetattr (0, TCSAFLUSH, &term_new) != 0) {
 +        return NULL;
 +    }
 +
 +    /* Read the password. */
 +    char *password = readline(prompt);
 +
 +    /* Restore terminal. */
 +    (void) tcsetattr (0, TCSAFLUSH, &term_old);
 +
 +    return password;
 +}
 +#endif
 +
 void cli_authinitialise() {
 	memset(&ses.authstate, 0, sizeof(ses.authstate));
--- a/packages/dropbear/common-session.c.patch
+++ b/packages/dropbear/common-session.c.patch
@ -0,0 +1,12 @@
 diff -uNr dropbear-2018.76/common-session.c dropbear-2018.76.mod/common-session.c
 --- dropbear-2018.76/common-session.c	2018-02-27 16:25:10.000000000 +0200
 +++ dropbear-2018.76.mod/common-session.c	2018-04-21 13:49:06.633742995 +0300
@@ -570,7 +570,7 @@
 const char* get_user_shell() {
 	/* an empty shell should be interpreted as "/bin/sh" */
 	if (ses.authstate.pw_shell[0] == '\0') {
 -		return "/bin/sh";
 +		return "@TERMUX_PREFIX@/bin/sh";
 	} else {
 		return ses.authstate.pw_shell;
 	}
--- a/packages/dropbear/compat.c.patch
+++ b/packages/dropbear/compat.c.patch
@ -0,0 +1,21 @@
 diff -uNr dropbear-2018.76/compat.c dropbear-2018.76.mod/compat.c
 --- dropbear-2018.76/compat.c	2018-02-27 16:25:10.000000000 +0200
 +++ dropbear-2018.76.mod/compat.c	2018-04-21 13:47:36.443738351 +0300
@@ -232,7 +232,7 @@
 static char **initshells() {
 	/* don't touch this list. */
 -	static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
 +	static const char *okshells[] = { "@TERMUX_PREFIX@/bin/sh", "@TERMUX_PREFIX@/bin/csh", NULL };
 	register char **sp, *cp;
 	register FILE *fp;
 	struct stat statb;
@@ -244,7 +244,7 @@
 	if (strings != NULL)
 		free(strings);
 	strings = NULL;
 -	if ((fp = fopen("/etc/shells", "rc")) == NULL)
 +	if ((fp = fopen("@TERMUX_PREFIX@/etc/shells", "rc")) == NULL)
 		return (char **) okshells;
 	if (fstat(fileno(fp), &statb) == -1) {
 		(void)fclose(fp);
--- a/packages/dropbear/default_options.h.patch
+++ b/packages/dropbear/default_options.h.patch
@ -1,81 +1,77 @@
-diff -u -r ../dropbear-2017.75/options.h ./options.h
+diff -uNr dropbear-2018.76/default_options.h dropbear-2018.76.mod/default_options.h
--- ../dropbear-2017.75/options.h	2017-05-18 16:47:02.000000000 +0200
+--- dropbear-2018.76/default_options.h	2018-02-27 16:25:10.000000000 +0200
-+++ ./options.h	2018-01-24 11:01:37.013064455 +0100
+++ dropbear-2018.76.mod/default_options.h	2018-04-21 13:44:59.120396918 +0300
-@@ -11,7 +11,7 @@
+@@ -13,15 +13,15 @@
- /* IMPORTANT: Many options will require "make clean" after changes */
+ 
 IMPORTANT: Some options will require "make clean" after changes */
 #ifndef DROPBEAR_DEFPORT
 -#define DROPBEAR_DEFPORT "22"
 +#define DROPBEAR_DEFPORT "8022"
 #endif
- #ifndef DROPBEAR_DEFADDRESS
+ /* Listen on all interfaces */
-@@ -21,13 +21,13 @@
+ #define DROPBEAR_DEFADDRESS ""
 /* Default hostkey paths - these can be specified on the command line */
 #ifndef DSS_PRIV_FILENAME
 -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
 +#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key"
 #endif
 #ifndef RSA_PRIV_FILENAME
 -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
 +#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key"
 #endif
 #ifndef ECDSA_PRIV_FILENAME
 -#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
 +#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key"
 +#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key"
 +#define ECDSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_ecdsa_host_key"
 #endif
 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
-@@ -52,7 +52,7 @@
+  * on chosen ports and keeps accepting connections. This is the default.
- several kB in binary size however will make the symmetrical ciphers and hashes
+@@ -44,7 +44,7 @@
- slower, perhaps by 50%. Recommended for small systems that aren't doing
+  * several kB in binary size however will make the symmetrical ciphers and hashes
- much traffic. */
+  * slower, perhaps by 50%. Recommended for small systems that aren't doing
-#define DROPBEAR_SMALL_CODE
+  * much traffic. */
 -#define DROPBEAR_SMALL_CODE 1
 +#undef DROPBEAR_SMALL_CODE
 /* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
+ #define DROPBEAR_X11FWD 1
-@@ -198,7 +198,7 @@
+@@ -175,11 +175,11 @@
- /* The MOTD file path */
+ /* Whether to print the message of the day (MOTD). */
- #ifndef MOTD_FILENAME
+ #define DO_MOTD 0
 -#define MOTD_FILENAME "/etc/motd"
 +#define MOTD_FILENAME "@TERMUX_PREFIX@/etc/motd"
 #endif
 /* Authentication Types - at least one required.
-@@ -213,7 +213,7 @@
+    RFC Draft requires pubkey auth, and recommends password */
- 
+-#define DROPBEAR_SVR_PASSWORD_AUTH 1
- /* This requires crypt() */
+#undef DROPBEAR_SVR_PASSWORD_AUTH
- #ifdef HAVE_CRYPT
+ 
-#define ENABLE_SVR_PASSWORD_AUTH
+ /* Note: PAM auth is quite simple and only works for PAM modules which just do
-+#undef ENABLE_SVR_PASSWORD_AUTH
+  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
- #endif
+@@ -222,7 +222,7 @@
- /* PAM requires ./configure --enable-pam */
+ 
- /*#define ENABLE_SVR_PAM_AUTH */
+ /* Set this to use PRNGD or EGD instead of /dev/urandom */
-@@ -287,25 +287,25 @@
+ #define DROPBEAR_USE_PRNGD 0
 -#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
 +#define DROPBEAR_PRNGD_SOCKET "@TERMUX_PREFIX@/var/run/dropbear-rng"
 /* Specify the number of clients we will allow to be connected but
  * not yet authenticated. After this limit, connections are rejected */
@@ -239,22 +239,22 @@
 /* The default file to store the daemon's process ID, for shutdown
    scripts etc. This can be overridden with the -P flag */
 #ifndef DROPBEAR_PIDFILE
 -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
 +#define DROPBEAR_PIDFILE "@TERMUX_PREFIX@/var/run/dropbear.pid"
 #endif
 /* The command to invoke for xauth when using X11 forwarding.
  * "-q" for quiet */
 #ifndef XAUTH_COMMAND
 -#define XAUTH_COMMAND "/usr/bin/xauth -q"
 +#define XAUTH_COMMAND "@TERMUX_PREFIX@/bin/xauth -q"
- #endif
+ 
 /* if you want to enable running an sftp server (such as the one included with
-  * OpenSSH), set the path below. If the path isn't defined, sftp will not
+  * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
-  * be enabled */
+  * The sftp-server program is not provided by Dropbear itself */
- #ifndef SFTPSERVER_PATH
+ #define DROPBEAR_SFTPSERVER 1
 -#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 +#define SFTPSERVER_PATH "@TERMUX_PREFIX@/libexec/sftp-server"
 #endif
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
@ -84,12 +80,11 @@ diff -u -r ../dropbear-2017.75/options.h ./options.h
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 
-@@ -347,7 +347,7 @@
+@@ -290,6 +290,6 @@
 #define DEFAULT_IDLE_TIMEOUT 0
 /* The default path. This will often get replaced by the shell */
 -#define DEFAULT_PATH "/usr/bin:/bin"
-+#define DEFAULT_PATH "@TERMUX_PREFIX@/bin"
+#define DEFAULT_PATH "@TERMUX_PREFIX@/bin:@TERMUX_PREFIX@/bin/applets"
- /* Some other defines (that mostly should be left alone) are defined
+ #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
  * in sysoptions.h */
--- a/packages/dropbear/dropbear.patch
+++ b/packages/dropbear/dropbear.patch
@ -1,95 +0,0 @@
 diff -u -r ../dropbear-2013.62/cli-auth.c ./cli-auth.c
 --- ../dropbear-2013.62/cli-auth.c	2013-12-03 14:39:15.000000000 +0100
 +++ ./cli-auth.c	2014-01-05 21:21:37.926812382 +0100
@@ -32,6 +32,10 @@
 #include "packet.h"
 #include "runopts.h"
 +char * getpass (const char *prompt) {
 +	return "";
 +}
 +
 void cli_authinitialise() {
 	memset(&ses.authstate, 0, sizeof(ses.authstate));
 #ifdef ENABLE_CLI_ANYTCPFWD
 diff -u -r ../dropbear-2013.62/sshpty.c ./sshpty.c
 --- ../dropbear-2013.62/sshpty.c	2013-12-03 14:39:15.000000000 +0100
 +++ ./sshpty.c	2014-01-05 21:21:37.930812382 +0100
@@ -22,6 +22,10 @@
 #include "errno.h"
 #include "sshpty.h"
 +#ifdef __ANDROID__
 +# define USE_DEV_PTMX 1
 +#endif
 +
 /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
 #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
 #undef HAVE_DEV_PTMX
@@ -380,6 +384,7 @@
 				tty_name, strerror(errno));
 	}
 +	/*
 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
 		if (chown(tty_name, pw->pw_uid, gid) < 0) {
 			if (errno == EROFS &&
@@ -409,4 +414,5 @@
 			}
 		}
 	}
 +	*/
 }
 diff -u -r ../dropbear-2013.62/svr-agentfwd.c ./svr-agentfwd.c
 --- ../dropbear-2013.62/svr-agentfwd.c	2013-12-03 14:39:15.000000000 +0100
 +++ ./svr-agentfwd.c	2014-01-05 21:21:37.930812382 +0100
@@ -218,10 +218,12 @@
 	/* drop to user privs to make the dir/file */
 	uid = getuid();
 	gid = getgid();
 +	/*
 	if ((setegid(ses.authstate.pw_gid)) < 0 ||
 		(seteuid(ses.authstate.pw_uid)) < 0) {
 		dropbear_exit("Failed to set euid");
 	}
 +	*/
 	memset((void*)&addr, 0x0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
 diff -u -r ../dropbear-2013.62/svr-chansession.c ./svr-chansession.c
 --- ../dropbear-2013.62/svr-chansession.c	2013-12-03 14:39:15.000000000 +0100
 +++ ./svr-chansession.c	2014-01-05 21:32:15.438797159 +0100
@@ -874,6 +874,8 @@
 #endif
 	/* clear environment */
 +	/* termux: do not clear environment on android */
 +#ifndef __ANDROID__
 	/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
 	 * etc. This is hazardous, so should only be used for debugging. */
 #ifndef DEBUG_VALGRIND
@@ -886,6 +888,7 @@
 	}
 #endif /* HAVE_CLEARENV */
 #endif /* DEBUG_VALGRIND */
 +#endif /* __ANDROID__ */
 	/* We can only change uid/gid as root ... */
 	if (getuid() == 0) {
@@ -911,12 +914,14 @@
 		}
 	}
 +	/* termux: do not modify environment since we did not clean it */
 +#ifndef __ANDROID__
 	/* set env vars */
 	addnewvar("USER", ses.authstate.pw_name);
 	addnewvar("LOGNAME", ses.authstate.pw_name);
 	addnewvar("HOME", ses.authstate.pw_dir);
 	addnewvar("SHELL", get_user_shell());
 -	addnewvar("PATH", DEFAULT_PATH);
 +#endif /* __ANDROID__ */
 	if (chansess->term != NULL) {
 		addnewvar("TERM", chansess->term);
 	}
--- a/packages/dropbear/gensignkey.c.patch
+++ b/packages/dropbear/gensignkey.c.patch
@ -1,7 +1,7 @@
-diff -u -r ../dropbear-2017.75/gensignkey.c ./gensignkey.c
+diff -uNr dropbear-2018.76/gensignkey.c dropbear-2018.76.mod/gensignkey.c
--- ../dropbear-2017.75/gensignkey.c	2017-05-18 16:47:01.000000000 +0200
+--- dropbear-2018.76/gensignkey.c	2018-02-27 16:25:10.000000000 +0200
-+++ ./gensignkey.c	2017-06-13 23:50:59.888597482 +0200
+++ dropbear-2018.76.mod/gensignkey.c	2018-04-21 13:45:22.973731479 +0300
-@@ -137,6 +137,16 @@
+@@ -140,6 +140,16 @@
 		goto out;
 	}
@ -18,7 +18,7 @@ diff -u -r ../dropbear-2017.75/gensignkey.c ./gensignkey.c
 	if (link(fn_temp, filename) < 0) {
 		/* If generating keys on connection (skipexist) it's OK to get EEXIST 
 		- we probably just lost a race with another connection to generate the key */
-@@ -148,6 +158,7 @@
+@@ -151,6 +161,7 @@
 			goto out;
 		}
 	}
--- a/packages/dropbear/sshpty.c.patch
+++ b/packages/dropbear/sshpty.c.patch
@ -0,0 +1,28 @@
 diff -uNr dropbear-2018.76/sshpty.c dropbear-2018.76.mod/sshpty.c
 --- dropbear-2018.76/sshpty.c	2018-02-27 16:25:12.000000000 +0200
 +++ dropbear-2018.76.mod/sshpty.c	2018-04-21 13:45:06.703730641 +0300
@@ -22,6 +22,10 @@
 #include "errno.h"
 #include "sshpty.h"
 +#ifdef __ANDROID__
 +# define USE_DEV_PTMX 1
 +#endif
 +
 /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
 #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
 #undef HAVE_DEV_PTMX
@@ -380,6 +384,7 @@
 				tty_name, strerror(errno));
 	}
 +	/*
 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
 		if (chown(tty_name, pw->pw_uid, gid) < 0) {
 			if (errno == EROFS &&
@@ -409,4 +414,5 @@
 			}
 		}
 	}
 +	*/
 }
--- a/packages/dropbear/svr-agentfwd.c.patch
+++ b/packages/dropbear/svr-agentfwd.c.patch
@ -0,0 +1,25 @@
 diff -uNr dropbear-2018.76/svr-agentfwd.c dropbear-2018.76.mod/svr-agentfwd.c
 --- dropbear-2018.76/svr-agentfwd.c	2018-02-27 16:25:12.000000000 +0200
 +++ dropbear-2018.76.mod/svr-agentfwd.c	2018-04-21 13:46:57.660403020 +0300
@@ -41,7 +41,7 @@
 #include "listener.h"
 #include "auth.h"
 -#define AGENTDIRPREFIX "/tmp/dropbear-"
 +#define AGENTDIRPREFIX "@TERMUX_PREFIX@/tmp/dropbear-"
 static int send_msg_channel_open_agent(int fd);
 static int bindagent(int fd, struct ChanSess * chansess);
@@ -218,10 +218,12 @@
 	/* drop to user privs to make the dir/file */
 	uid = getuid();
 	gid = getgid();
 +	/*
 	if ((setegid(ses.authstate.pw_gid)) < 0 ||
 		(seteuid(ses.authstate.pw_uid)) < 0) {
 		dropbear_exit("Failed to set euid");
 	}
 +	*/
 	memset((void*)&addr, 0x0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
--- a/packages/dropbear/svr-auth.c.patch
+++ b/packages/dropbear/svr-auth.c.patch
@ -1,7 +1,7 @@
-diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
+diff -uNr dropbear-2018.76/svr-auth.c dropbear-2018.76.mod/svr-auth.c
--- ../dropbear-2014.63/svr-auth.c	2014-02-19 15:05:24.000000000 +0100
+--- dropbear-2018.76/svr-auth.c	2018-02-27 16:25:12.000000000 +0200
-+++ ./svr-auth.c	2014-03-22 17:52:07.000000000 +0100
+++ dropbear-2018.76.mod/svr-auth.c	2018-04-21 13:48:35.083741369 +0300
-@@ -120,6 +120,9 @@
+@@ -93,6 +93,9 @@
 	}
 	username = buf_getstring(ses.payload, &userlen);
@ -11,7 +11,7 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
 	servicename = buf_getstring(ses.payload, &servicelen);
 	methodname = buf_getstring(ses.payload, &methodlen);
-@@ -129,7 +132,6 @@
+@@ -102,7 +105,6 @@
 					SSH_SERVICE_CONNECTION_LEN) != 0)) {
 		/* TODO - disconnect here */
@ -19,7 +19,7 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
 		m_free(servicename);
 		m_free(methodname);
 		dropbear_exit("unknown service in auth");
-@@ -219,7 +221,6 @@
+@@ -192,7 +194,6 @@
 out:
@ -27,15 +27,19 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
 	m_free(servicename);
 	m_free(methodname);
 }
-@@ -287,6 +288,7 @@
+@@ -320,9 +321,10 @@
- 		usershell = "/bin/sh";
+ 	usershell = ses.authstate.pw_shell;
 	if (usershell[0] == '\0') {
 		/* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
 -		usershell = "/bin/sh";
 +		usershell = "@TERMUX_PREFIX@/bin/sh";
 	}
 +   goto goodshell;
 	/* check the shell is valid. If /etc/shells doesn't exist, getusershell()
 	 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
 	 * is platform-specific) */
-@@ -306,7 +308,7 @@
+@@ -343,7 +345,7 @@
 	return DROPBEAR_FAILURE;
 goodshell:
--- a/packages/dropbear/svr-chansession.c.patch
+++ b/packages/dropbear/svr-chansession.c.patch
@ -0,0 +1,36 @@
 diff -uNr dropbear-2018.76/svr-chansession.c dropbear-2018.76.mod/svr-chansession.c
 --- dropbear-2018.76/svr-chansession.c	2018-02-27 16:25:12.000000000 +0200
 +++ dropbear-2018.76.mod/svr-chansession.c	2018-04-21 13:45:06.707063974 +0300
@@ -919,6 +919,8 @@
 #endif
 	/* clear environment */
 +	/* termux: do not clear environment on android */
 +#ifndef __ANDROID__
 	/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
 	 * etc. This is hazardous, so should only be used for debugging. */
 #ifndef DEBUG_VALGRIND
@@ -931,6 +933,7 @@
 	}
 #endif /* HAVE_CLEARENV */
 #endif /* DEBUG_VALGRIND */
 +#endif /* __ANDROID__ */
 	/* We can only change uid/gid as root ... */
 	if (getuid() == 0) {
@@ -956,12 +959,14 @@
 		}
 	}
 +	/* termux: do not modify environment since we did not clean it */
 +#ifndef __ANDROID__
 	/* set env vars */
 	addnewvar("USER", ses.authstate.pw_name);
 	addnewvar("LOGNAME", ses.authstate.pw_name);
 	addnewvar("HOME", ses.authstate.pw_dir);
 	addnewvar("SHELL", get_user_shell());
 -	addnewvar("PATH", DEFAULT_PATH);
 +#endif /* __ANDROID__ */
 	if (chansess->term != NULL) {
 		addnewvar("TERM", chansess->term);
 	}
--- a/packages/dropbear/sysoptions.h.patch
+++ b/packages/dropbear/sysoptions.h.patch
@ -0,0 +1,12 @@
 diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h
 --- dropbear-2018.76/sysoptions.h	2018-02-27 16:25:12.000000000 +0200
 +++ dropbear-2018.76.mod/sysoptions.h	2018-04-21 13:48:41.227075019 +0300
@@ -71,7 +71,7 @@
 #define _PATH_TTY "/dev/tty"
 -#define _PATH_CP "/bin/cp"
 +#define _PATH_CP "@TERMUX_PREFIX@/bin/cp"
 #define DROPBEAR_ESCAPE_CHAR '~'