TERMUX_PKG_HOMEPAGE=https://www.openssh.com/
TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine"
-TERMUX_PKG_VERSION=7.6p1
+TERMUX_PKG_VERSION=7.7p1
+TERMUX_PKG_SHA256=d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
TERMUX_PKG_SRCURL=https://fastly.cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${TERMUX_PKG_VERSION}.tar.gz
-TERMUX_PKG_SHA256=a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723
TERMUX_PKG_DEPENDS="libandroid-support, ldns, openssl, libedit, libutil"
# --disable-strip to prevent host "install" command to use "-s", which won't work for target binaries:
TERMUX_PKG_EXTRA_CONFIGURE_ARGS="
ac_cv_func_strnvis=no
ac_cv_header_sys_un_h=yes
ac_cv_search_getrrsetbyname=no
+ac_cv_func_bzero=yes
"
TERMUX_PKG_MAKE_INSTALL_TARGET="install-nokeys"
TERMUX_PKG_RM_AFTER_INSTALL="bin/slogin share/man/man1/slogin.1"
-diff -u -r ../openssh-7.5p1/session.c ./session.c
---- ../openssh-7.5p1/session.c 2017-03-20 03:39:27.000000000 +0100
-+++ ./session.c 2017-06-30 22:51:57.404787949 +0200
-@@ -194,7 +194,7 @@
+diff -u -r ../openssh-7.7p1/session.c ./session.c
+--- ../openssh-7.7p1/session.c 2018-04-02 07:38:28.000000000 +0200
++++ ./session.c 2018-04-03 23:46:30.670337636 +0200
+@@ -199,7 +199,7 @@
temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
/* Create private directory for socket */
if (mkdtemp(auth_sock_dir) == NULL) {
-@@ -756,7 +756,7 @@
+@@ -802,7 +802,7 @@
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
"/etc/motd"), "r");
#else
#endif
if (f) {
while (fgets(buf, sizeof(buf), f))
-@@ -1047,8 +1047,10 @@
+@@ -1044,8 +1044,10 @@
# endif /* HAVE_CYGWIN */
#endif /* HAVE_LOGIN_CAP */
/* Normal systems set SHELL by default. */
child_set_env(&env, &envsize, "SHELL", shell);
-@@ -1056,6 +1058,15 @@
+@@ -1053,6 +1055,15 @@
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ }
+#endif
+
- /* Set custom environment options from RSA authentication. */
- while (custom_environment) {
- struct envstring *ce = custom_environment;
+ /* Set custom environment options from pubkey authentication. */
+ if (options.permit_user_env) {
+ for (n = 0 ; n < auth_opts->nenv; n++) {
-Avoid calling setgroups(2).
-
-Hardcode and do not require absolute path.
-
-diff -u -r ../openssh-7.2p1/sshd.c ./sshd.c
---- ../openssh-7.2p1/sshd.c 2016-02-25 22:40:04.000000000 -0500
-+++ ./sshd.c 2016-02-29 02:36:00.863344328 -0500
-@@ -644,8 +644,10 @@
+diff -u -r ../openssh-7.7p1/sshd.c ./sshd.c
+--- ../openssh-7.7p1/sshd.c 2018-04-02 07:38:28.000000000 +0200
++++ ./sshd.c 2018-04-03 23:48:49.605335389 +0200
+@@ -553,8 +553,10 @@
debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
(u_int)privsep_pw->pw_gid);
gidset[0] = privsep_pw->pw_gid;
permanently_set_uid(privsep_pw);
}
}
-@@ -1487,7 +1489,8 @@
+@@ -1447,7 +1449,8 @@
saved_argc = ac;
rexec_argc = ac;
saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
-- for (i = 0; i < ac; i++)
-+ saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
-+ for (i = 1; i < ac; i++)
+- for (i = 0; (int)i < ac; i++)
++ saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
++ for (i = 1; (int)i < ac; i++)
saved_argv[i] = xstrdup(av[i]);
saved_argv[i] = NULL;
-@@ -1497,8 +1500,10 @@
+@@ -1457,8 +1460,10 @@
av = saved_argv;
#endif
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
-@@ -1628,8 +1633,6 @@
+@@ -1577,8 +1582,6 @@
}
if (rexeced_flag || inetd_flag)
rexec_flag = 0;
if (rexeced_flag)
closefrom(REEXEC_MIN_FREE_FD);
else
-@@ -1764,7 +1767,9 @@
- free(privsep_pw->pw_passwd);
+@@ -1692,7 +1695,9 @@
+ freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd));
privsep_pw->pw_passwd = xstrdup("*");
}
+#ifndef __ANDROID__
/* load host keys */
sensitive_data.host_keys = xcalloc(options.num_host_key_files,
-@@ -1948,8 +1953,10 @@
+@@ -1842,8 +1847,10 @@
* to create a file, and we can't control the code in every
* module which might be used).
*/
+#endif
if (rexec_flag) {
- rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
+ if (rexec_argc < 0)