--- /dev/null
+diff -uNr dropbear-2018.76/Makefile.in dropbear-2018.76.mod/Makefile.in
+--- dropbear-2018.76/Makefile.in 2018-02-27 16:25:10.000000000 +0200
++++ dropbear-2018.76.mod/Makefile.in 2018-04-21 14:05:03.923792282 +0300
+@@ -9,7 +9,7 @@
+ # dbclient functionality, and includes the progress-bar functionality in scp.
+
+ ifndef PROGRAMS
+- PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
++ PROGRAMS=dropbear dbclient dropbearkey dropbearconvert scp
+ endif
+
+ STATIC_LTC=libtomcrypt/libtomcrypt.a
TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html
TERMUX_PKG_DESCRIPTION="Small SSH server and client"
-TERMUX_PKG_DEPENDS="libutil"
-TERMUX_PKG_VERSION=2017.75
-TERMUX_PKG_REVISION=2
+TERMUX_PKG_DEPENDS="libutil, readline"
+TERMUX_PKG_CONFLICTS="openssh"
+TERMUX_PKG_VERSION=2018.76
TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2
-TERMUX_PKG_SHA256=6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c
+TERMUX_PKG_SHA256=f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65
TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-syslog --disable-utmp --disable-utmpx --disable-wtmp"
+TERMUX_PKG_BUILD_IN_SRC="yes"
+TERMUX_PKG_CLANG=no
# Avoid linking to libcrypt for server password authentication:
TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_lib_crypt_crypt=no"
+# use own implementation of getpass
+TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_func_getpass=yes LIBS=-lreadline"
+# build a multi-call binary
TERMUX_PKG_EXTRA_MAKE_ARGS="MULTI=1"
-TERMUX_PKG_BUILD_IN_SRC="yes"
termux_step_create_debscripts () {
echo "#!$TERMUX_PREFIX/bin/sh" > postinst
--- /dev/null
+diff -uNr dropbear-2018.76/cli-auth.c dropbear-2018.76.mod/cli-auth.c
+--- dropbear-2018.76/cli-auth.c 2018-02-27 16:25:10.000000000 +0200
++++ dropbear-2018.76.mod/cli-auth.c 2018-04-21 13:44:51.797063206 +0300
+@@ -32,6 +32,38 @@
+ #include "packet.h"
+ #include "runopts.h"
+
++
++// getpass implementation
++#ifdef __ANDROID__
++#include <termios.h>
++#include <readline/readline.h>
++
++static char* getpass(const char *prompt) {
++ struct termios term_old, term_new;
++ int nread;
++
++ /* Turn echoing off and fail if we can't. */
++ if (tcgetattr (0, &term_old) != 0) {
++ return NULL;
++ }
++
++ term_new = term_old;
++ term_new.c_lflag &= ~ECHO;
++
++ if (tcsetattr (0, TCSAFLUSH, &term_new) != 0) {
++ return NULL;
++ }
++
++ /* Read the password. */
++ char *password = readline(prompt);
++
++ /* Restore terminal. */
++ (void) tcsetattr (0, TCSAFLUSH, &term_old);
++
++ return password;
++}
++#endif
++
+ void cli_authinitialise() {
+
+ memset(&ses.authstate, 0, sizeof(ses.authstate));
--- /dev/null
+diff -uNr dropbear-2018.76/common-session.c dropbear-2018.76.mod/common-session.c
+--- dropbear-2018.76/common-session.c 2018-02-27 16:25:10.000000000 +0200
++++ dropbear-2018.76.mod/common-session.c 2018-04-21 13:49:06.633742995 +0300
+@@ -570,7 +570,7 @@
+ const char* get_user_shell() {
+ /* an empty shell should be interpreted as "/bin/sh" */
+ if (ses.authstate.pw_shell[0] == '\0') {
+- return "/bin/sh";
++ return "@TERMUX_PREFIX@/bin/sh";
+ } else {
+ return ses.authstate.pw_shell;
+ }
--- /dev/null
+diff -uNr dropbear-2018.76/compat.c dropbear-2018.76.mod/compat.c
+--- dropbear-2018.76/compat.c 2018-02-27 16:25:10.000000000 +0200
++++ dropbear-2018.76.mod/compat.c 2018-04-21 13:47:36.443738351 +0300
+@@ -232,7 +232,7 @@
+
+ static char **initshells() {
+ /* don't touch this list. */
+- static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
++ static const char *okshells[] = { "@TERMUX_PREFIX@/bin/sh", "@TERMUX_PREFIX@/bin/csh", NULL };
+ register char **sp, *cp;
+ register FILE *fp;
+ struct stat statb;
+@@ -244,7 +244,7 @@
+ if (strings != NULL)
+ free(strings);
+ strings = NULL;
+- if ((fp = fopen("/etc/shells", "rc")) == NULL)
++ if ((fp = fopen("@TERMUX_PREFIX@/etc/shells", "rc")) == NULL)
+ return (char **) okshells;
+ if (fstat(fileno(fp), &statb) == -1) {
+ (void)fclose(fp);
-diff -u -r ../dropbear-2017.75/options.h ./options.h
---- ../dropbear-2017.75/options.h 2017-05-18 16:47:02.000000000 +0200
-+++ ./options.h 2018-01-24 11:01:37.013064455 +0100
-@@ -11,7 +11,7 @@
- /* IMPORTANT: Many options will require "make clean" after changes */
+diff -uNr dropbear-2018.76/default_options.h dropbear-2018.76.mod/default_options.h
+--- dropbear-2018.76/default_options.h 2018-02-27 16:25:10.000000000 +0200
++++ dropbear-2018.76.mod/default_options.h 2018-04-21 13:44:59.120396918 +0300
+@@ -13,15 +13,15 @@
+
+ IMPORTANT: Some options will require "make clean" after changes */
- #ifndef DROPBEAR_DEFPORT
-#define DROPBEAR_DEFPORT "22"
+#define DROPBEAR_DEFPORT "8022"
- #endif
- #ifndef DROPBEAR_DEFADDRESS
-@@ -21,13 +21,13 @@
+ /* Listen on all interfaces */
+ #define DROPBEAR_DEFADDRESS ""
/* Default hostkey paths - these can be specified on the command line */
- #ifndef DSS_PRIV_FILENAME
-#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
-+#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key"
- #endif
- #ifndef RSA_PRIV_FILENAME
-#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
-+#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key"
- #endif
- #ifndef ECDSA_PRIV_FILENAME
-#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
++#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key"
++#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key"
+#define ECDSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_ecdsa_host_key"
- #endif
/* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
-@@ -52,7 +52,7 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
--#define DROPBEAR_SMALL_CODE
+ * on chosen ports and keeps accepting connections. This is the default.
+@@ -44,7 +44,7 @@
+ * several kB in binary size however will make the symmetrical ciphers and hashes
+ * slower, perhaps by 50%. Recommended for small systems that aren't doing
+ * much traffic. */
+-#define DROPBEAR_SMALL_CODE 1
+#undef DROPBEAR_SMALL_CODE
/* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
-@@ -198,7 +198,7 @@
+ #define DROPBEAR_X11FWD 1
+@@ -175,11 +175,11 @@
- /* The MOTD file path */
- #ifndef MOTD_FILENAME
+ /* Whether to print the message of the day (MOTD). */
+ #define DO_MOTD 0
-#define MOTD_FILENAME "/etc/motd"
+#define MOTD_FILENAME "@TERMUX_PREFIX@/etc/motd"
- #endif
/* Authentication Types - at least one required.
-@@ -213,7 +213,7 @@
-
- /* This requires crypt() */
- #ifdef HAVE_CRYPT
--#define ENABLE_SVR_PASSWORD_AUTH
-+#undef ENABLE_SVR_PASSWORD_AUTH
- #endif
- /* PAM requires ./configure --enable-pam */
- /*#define ENABLE_SVR_PAM_AUTH */
-@@ -287,25 +287,25 @@
+ RFC Draft requires pubkey auth, and recommends password */
+-#define DROPBEAR_SVR_PASSWORD_AUTH 1
++#undef DROPBEAR_SVR_PASSWORD_AUTH
+
+ /* Note: PAM auth is quite simple and only works for PAM modules which just do
+ * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
+@@ -222,7 +222,7 @@
+
+ /* Set this to use PRNGD or EGD instead of /dev/urandom */
+ #define DROPBEAR_USE_PRNGD 0
+-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
++#define DROPBEAR_PRNGD_SOCKET "@TERMUX_PREFIX@/var/run/dropbear-rng"
+
+ /* Specify the number of clients we will allow to be connected but
+ * not yet authenticated. After this limit, connections are rejected */
+@@ -239,22 +239,22 @@
+
/* The default file to store the daemon's process ID, for shutdown
scripts etc. This can be overridden with the -P flag */
- #ifndef DROPBEAR_PIDFILE
-#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
+#define DROPBEAR_PIDFILE "@TERMUX_PREFIX@/var/run/dropbear.pid"
- #endif
/* The command to invoke for xauth when using X11 forwarding.
* "-q" for quiet */
- #ifndef XAUTH_COMMAND
-#define XAUTH_COMMAND "/usr/bin/xauth -q"
+#define XAUTH_COMMAND "@TERMUX_PREFIX@/bin/xauth -q"
- #endif
+
/* if you want to enable running an sftp server (such as the one included with
- * OpenSSH), set the path below. If the path isn't defined, sftp will not
- * be enabled */
- #ifndef SFTPSERVER_PATH
+ * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER.
+ * The sftp-server program is not provided by Dropbear itself */
+ #define DROPBEAR_SFTPSERVER 1
-#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
+#define SFTPSERVER_PATH "@TERMUX_PREFIX@/libexec/sftp-server"
- #endif
/* This is used by the scp binary when used as a client binary. If you're
* not using the Dropbear client, you'll need to change it */
/* Whether to log commands executed by a client. This only logs the
* (single) command sent to the server, not what a user did in a
-@@ -347,7 +347,7 @@
+@@ -290,6 +290,6 @@
#define DEFAULT_IDLE_TIMEOUT 0
/* The default path. This will often get replaced by the shell */
-#define DEFAULT_PATH "/usr/bin:/bin"
-+#define DEFAULT_PATH "@TERMUX_PREFIX@/bin"
++#define DEFAULT_PATH "@TERMUX_PREFIX@/bin:@TERMUX_PREFIX@/bin/applets"
- /* Some other defines (that mostly should be left alone) are defined
- * in sysoptions.h */
+ #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
+++ /dev/null
-diff -u -r ../dropbear-2013.62/cli-auth.c ./cli-auth.c
---- ../dropbear-2013.62/cli-auth.c 2013-12-03 14:39:15.000000000 +0100
-+++ ./cli-auth.c 2014-01-05 21:21:37.926812382 +0100
-@@ -32,6 +32,10 @@
- #include "packet.h"
- #include "runopts.h"
-
-+char * getpass (const char *prompt) {
-+ return "";
-+}
-+
- void cli_authinitialise() {
-
- memset(&ses.authstate, 0, sizeof(ses.authstate));
- #ifdef ENABLE_CLI_ANYTCPFWD
-diff -u -r ../dropbear-2013.62/sshpty.c ./sshpty.c
---- ../dropbear-2013.62/sshpty.c 2013-12-03 14:39:15.000000000 +0100
-+++ ./sshpty.c 2014-01-05 21:21:37.930812382 +0100
-@@ -22,6 +22,10 @@
- #include "errno.h"
- #include "sshpty.h"
-
-+#ifdef __ANDROID__
-+# define USE_DEV_PTMX 1
-+#endif
-+
- /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
- #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
- #undef HAVE_DEV_PTMX
-@@ -380,6 +384,7 @@
- tty_name, strerror(errno));
- }
-
-+ /*
- if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
- if (chown(tty_name, pw->pw_uid, gid) < 0) {
- if (errno == EROFS &&
-@@ -409,4 +414,5 @@
- }
- }
- }
-+ */
- }
-diff -u -r ../dropbear-2013.62/svr-agentfwd.c ./svr-agentfwd.c
---- ../dropbear-2013.62/svr-agentfwd.c 2013-12-03 14:39:15.000000000 +0100
-+++ ./svr-agentfwd.c 2014-01-05 21:21:37.930812382 +0100
-@@ -218,10 +218,12 @@
- /* drop to user privs to make the dir/file */
- uid = getuid();
- gid = getgid();
-+ /*
- if ((setegid(ses.authstate.pw_gid)) < 0 ||
- (seteuid(ses.authstate.pw_uid)) < 0) {
- dropbear_exit("Failed to set euid");
- }
-+ */
-
- memset((void*)&addr, 0x0, sizeof(addr));
- addr.sun_family = AF_UNIX;
-diff -u -r ../dropbear-2013.62/svr-chansession.c ./svr-chansession.c
---- ../dropbear-2013.62/svr-chansession.c 2013-12-03 14:39:15.000000000 +0100
-+++ ./svr-chansession.c 2014-01-05 21:32:15.438797159 +0100
-@@ -874,6 +874,8 @@
- #endif
-
- /* clear environment */
-+ /* termux: do not clear environment on android */
-+#ifndef __ANDROID__
- /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
- * etc. This is hazardous, so should only be used for debugging. */
- #ifndef DEBUG_VALGRIND
-@@ -886,6 +888,7 @@
- }
- #endif /* HAVE_CLEARENV */
- #endif /* DEBUG_VALGRIND */
-+#endif /* __ANDROID__ */
-
- /* We can only change uid/gid as root ... */
- if (getuid() == 0) {
-@@ -911,12 +914,14 @@
- }
- }
-
-+ /* termux: do not modify environment since we did not clean it */
-+#ifndef __ANDROID__
- /* set env vars */
- addnewvar("USER", ses.authstate.pw_name);
- addnewvar("LOGNAME", ses.authstate.pw_name);
- addnewvar("HOME", ses.authstate.pw_dir);
- addnewvar("SHELL", get_user_shell());
-- addnewvar("PATH", DEFAULT_PATH);
-+#endif /* __ANDROID__ */
- if (chansess->term != NULL) {
- addnewvar("TERM", chansess->term);
- }
-diff -u -r ../dropbear-2017.75/gensignkey.c ./gensignkey.c
---- ../dropbear-2017.75/gensignkey.c 2017-05-18 16:47:01.000000000 +0200
-+++ ./gensignkey.c 2017-06-13 23:50:59.888597482 +0200
-@@ -137,6 +137,16 @@
+diff -uNr dropbear-2018.76/gensignkey.c dropbear-2018.76.mod/gensignkey.c
+--- dropbear-2018.76/gensignkey.c 2018-02-27 16:25:10.000000000 +0200
++++ dropbear-2018.76.mod/gensignkey.c 2018-04-21 13:45:22.973731479 +0300
+@@ -140,6 +140,16 @@
goto out;
}
if (link(fn_temp, filename) < 0) {
/* If generating keys on connection (skipexist) it's OK to get EEXIST
- we probably just lost a race with another connection to generate the key */
-@@ -148,6 +158,7 @@
+@@ -151,6 +161,7 @@
goto out;
}
}
--- /dev/null
+diff -uNr dropbear-2018.76/sshpty.c dropbear-2018.76.mod/sshpty.c
+--- dropbear-2018.76/sshpty.c 2018-02-27 16:25:12.000000000 +0200
++++ dropbear-2018.76.mod/sshpty.c 2018-04-21 13:45:06.703730641 +0300
+@@ -22,6 +22,10 @@
+ #include "errno.h"
+ #include "sshpty.h"
+
++#ifdef __ANDROID__
++# define USE_DEV_PTMX 1
++#endif
++
+ /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
+ #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
+ #undef HAVE_DEV_PTMX
+@@ -380,6 +384,7 @@
+ tty_name, strerror(errno));
+ }
+
++ /*
+ if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+ if (chown(tty_name, pw->pw_uid, gid) < 0) {
+ if (errno == EROFS &&
+@@ -409,4 +414,5 @@
+ }
+ }
+ }
++ */
+ }
--- /dev/null
+diff -uNr dropbear-2018.76/svr-agentfwd.c dropbear-2018.76.mod/svr-agentfwd.c
+--- dropbear-2018.76/svr-agentfwd.c 2018-02-27 16:25:12.000000000 +0200
++++ dropbear-2018.76.mod/svr-agentfwd.c 2018-04-21 13:46:57.660403020 +0300
+@@ -41,7 +41,7 @@
+ #include "listener.h"
+ #include "auth.h"
+
+-#define AGENTDIRPREFIX "/tmp/dropbear-"
++#define AGENTDIRPREFIX "@TERMUX_PREFIX@/tmp/dropbear-"
+
+ static int send_msg_channel_open_agent(int fd);
+ static int bindagent(int fd, struct ChanSess * chansess);
+@@ -218,10 +218,12 @@
+ /* drop to user privs to make the dir/file */
+ uid = getuid();
+ gid = getgid();
++ /*
+ if ((setegid(ses.authstate.pw_gid)) < 0 ||
+ (seteuid(ses.authstate.pw_uid)) < 0) {
+ dropbear_exit("Failed to set euid");
+ }
++ */
+
+ memset((void*)&addr, 0x0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
-diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
---- ../dropbear-2014.63/svr-auth.c 2014-02-19 15:05:24.000000000 +0100
-+++ ./svr-auth.c 2014-03-22 17:52:07.000000000 +0100
-@@ -120,6 +120,9 @@
+diff -uNr dropbear-2018.76/svr-auth.c dropbear-2018.76.mod/svr-auth.c
+--- dropbear-2018.76/svr-auth.c 2018-02-27 16:25:12.000000000 +0200
++++ dropbear-2018.76.mod/svr-auth.c 2018-04-21 13:48:35.083741369 +0300
+@@ -93,6 +93,9 @@
}
username = buf_getstring(ses.payload, &userlen);
servicename = buf_getstring(ses.payload, &servicelen);
methodname = buf_getstring(ses.payload, &methodlen);
-@@ -129,7 +132,6 @@
+@@ -102,7 +105,6 @@
SSH_SERVICE_CONNECTION_LEN) != 0)) {
/* TODO - disconnect here */
m_free(servicename);
m_free(methodname);
dropbear_exit("unknown service in auth");
-@@ -219,7 +221,6 @@
+@@ -192,7 +194,6 @@
out:
m_free(servicename);
m_free(methodname);
}
-@@ -287,6 +288,7 @@
- usershell = "/bin/sh";
+@@ -320,9 +321,10 @@
+ usershell = ses.authstate.pw_shell;
+ if (usershell[0] == '\0') {
+ /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
+- usershell = "/bin/sh";
++ usershell = "@TERMUX_PREFIX@/bin/sh";
}
+ goto goodshell;
/* check the shell is valid. If /etc/shells doesn't exist, getusershell()
* should return some standard shells like "/bin/sh" and "/bin/csh" (this
* is platform-specific) */
-@@ -306,7 +308,7 @@
+@@ -343,7 +345,7 @@
return DROPBEAR_FAILURE;
goodshell:
--- /dev/null
+diff -uNr dropbear-2018.76/svr-chansession.c dropbear-2018.76.mod/svr-chansession.c
+--- dropbear-2018.76/svr-chansession.c 2018-02-27 16:25:12.000000000 +0200
++++ dropbear-2018.76.mod/svr-chansession.c 2018-04-21 13:45:06.707063974 +0300
+@@ -919,6 +919,8 @@
+ #endif
+
+ /* clear environment */
++ /* termux: do not clear environment on android */
++#ifndef __ANDROID__
+ /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
+ * etc. This is hazardous, so should only be used for debugging. */
+ #ifndef DEBUG_VALGRIND
+@@ -931,6 +933,7 @@
+ }
+ #endif /* HAVE_CLEARENV */
+ #endif /* DEBUG_VALGRIND */
++#endif /* __ANDROID__ */
+
+ /* We can only change uid/gid as root ... */
+ if (getuid() == 0) {
+@@ -956,12 +959,14 @@
+ }
+ }
+
++ /* termux: do not modify environment since we did not clean it */
++#ifndef __ANDROID__
+ /* set env vars */
+ addnewvar("USER", ses.authstate.pw_name);
+ addnewvar("LOGNAME", ses.authstate.pw_name);
+ addnewvar("HOME", ses.authstate.pw_dir);
+ addnewvar("SHELL", get_user_shell());
+- addnewvar("PATH", DEFAULT_PATH);
++#endif /* __ANDROID__ */
+ if (chansess->term != NULL) {
+ addnewvar("TERM", chansess->term);
+ }
--- /dev/null
+diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h
+--- dropbear-2018.76/sysoptions.h 2018-02-27 16:25:12.000000000 +0200
++++ dropbear-2018.76.mod/sysoptions.h 2018-04-21 13:48:41.227075019 +0300
+@@ -71,7 +71,7 @@
+
+ #define _PATH_TTY "/dev/tty"
+
+-#define _PATH_CP "/bin/cp"
++#define _PATH_CP "@TERMUX_PREFIX@/bin/cp"
+
+ #define DROPBEAR_ESCAPE_CHAR '~'
+