# HG changeset patch # User Matt Johnston # Date 1420381992 -28800 # Node ID 8d0c33e8ddab763131064783636e1b1123810067 # Parent bfc8e66ceacf7774257c03d2860f1384a1115d0c# Parent 9bf46570868ff160fc4ce939cb35e0ccd9c053d1 merge diff -r bfc8e66ceacf -r 8d0c33e8ddab .hgsigs --- a/.hgsigs Tue Oct 21 22:34:20 2014 +0800 +++ b/.hgsigs Sun Jan 04 22:33:12 2015 +0800 @@ -12,3 +12,4 @@ 277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn 96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq +2d421bc0545d1be6d59a4ebfe61606d94b124b0c 0 iEYEABECAAYFAlRJDCQACgkQjPn4sExkf7xUYACcCwVJkYWXJn5x/D5A+qMupy778lEAn0rg1oNiq96YU/4jOPsS5IMItihu diff -r bfc8e66ceacf -r 8d0c33e8ddab .hgtags --- a/.hgtags Tue Oct 21 22:34:20 2014 +0800 +++ b/.hgtags Sun Jan 04 22:33:12 2015 +0800 @@ -45,3 +45,4 @@ 2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63 0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64 e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65 +735511a4c761141416ad0e6728989d2dafa55bc2 DROPBEAR_2014.66 diff -r bfc8e66ceacf -r 8d0c33e8ddab CHANGES --- a/CHANGES Tue Oct 21 22:34:20 2014 +0800 +++ b/CHANGES Sun Jan 04 22:33:12 2015 +0800 @@ -1,3 +1,16 @@ +2014.66 - Thursday 23 October 2014 + +- Use the same keepalive handling behaviour as OpenSSH. This will work better + with some SSH implementations that have different behaviour with unknown + message types. + +- Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own + keepalive message + +- Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere + +- Fix wtmp which broke since 2013.62, patch from Whoopie + 2014.65 - Friday 8 August 2014 - Fix 2014.64 regression, server session hang on exit with scp (and probably diff -r bfc8e66ceacf -r 8d0c33e8ddab cli-agentfwd.c --- a/cli-agentfwd.c Tue Oct 21 22:34:20 2014 +0800 +++ b/cli-agentfwd.c Sun Jan 04 22:33:12 2015 +0800 @@ -210,13 +210,14 @@ ret = buf_get_pub_key(key_buf, pubkey, &key_type); buf_free(key_buf); if (ret != DROPBEAR_SUCCESS) { - /* This is slack, properly would cleanup vars etc */ - dropbear_exit("Bad pubkey received from agent"); + TRACE(("Skipping bad/unknown type pubkey from agent")); + sign_key_free(pubkey); + } else { + pubkey->type = key_type; + pubkey->source = SIGNKEY_SOURCE_AGENT; + + list_append(ret_list, pubkey); } - pubkey->type = key_type; - pubkey->source = SIGNKEY_SOURCE_AGENT; - - list_append(ret_list, pubkey); /* We'll ignore the comment for now. might want it later.*/ buf_eatstring(inbuf); diff -r bfc8e66ceacf -r 8d0c33e8ddab debian/changelog --- a/debian/changelog Tue Oct 21 22:34:20 2014 +0800 +++ b/debian/changelog Sun Jan 04 22:33:12 2015 +0800 @@ -1,3 +1,9 @@ +dropbear (2014.66-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston Thu, 23 Oct 2014 22:54:00 +0800 + dropbear (2014.65-0.1) unstable; urgency=low * New upstream release. diff -r bfc8e66ceacf -r 8d0c33e8ddab gensignkey.c --- a/gensignkey.c Tue Oct 21 22:34:20 2014 +0800 +++ b/gensignkey.c Sun Jan 04 22:33:12 2015 +0800 @@ -41,6 +41,9 @@ out: if (fd >= 0) { + if (fsync(fd) != 0) { + dropbear_log(LOG_ERR, "fsync of %s failed: %s", filename, strerror(errno)); + } m_close(fd); } return ret; diff -r bfc8e66ceacf -r 8d0c33e8ddab scp.c --- a/scp.c Tue Oct 21 22:34:20 2014 +0800 +++ b/scp.c Sun Jan 04 22:33:12 2015 +0800 @@ -1146,7 +1146,7 @@ { (void) fprintf(stderr, "usage: scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n" - " [-l limit] [-o ssh_option] [-P port] [-S program]\n" + " [-l limit] [-P port] [-S program]\n" " [[user@]host1:]file1 [...] [[user@]host2:]file2\n"); exit(1); } diff -r bfc8e66ceacf -r 8d0c33e8ddab svr-kex.c --- a/svr-kex.c Tue Oct 21 22:34:20 2014 +0800 +++ b/svr-kex.c Sun Jan 04 22:33:12 2015 +0800 @@ -84,7 +84,28 @@ TRACE(("leave recv_msg_kexdh_init")) } + #ifdef DROPBEAR_DELAY_HOSTKEY + +static void fsync_parent_dir(const char* fn) { +#ifdef HAVE_LIBGEN_H + char *fn_dir = m_strdup(fn); + char *dir = dirname(fn_dir); + int dirfd = open(dir, O_RDONLY); + + if (dirfd != -1) { + if (fsync(dirfd) != 0) { + TRACE(("fsync of directory %s failed: %s", dir, strerror(errno))) + } + m_close(dirfd); + } else { + TRACE(("error opening directory %s for fsync: %s", dir, strerror(errno))) + } + + free(fn_dir); +#endif +} + static void svr_ensure_hostkey() { const char* fn = NULL; @@ -142,6 +163,10 @@ } } + /* ensure directory update is flushed to disk, otherwise we can end up + with zero-byte hostkey files if the power goes off */ + fsync_parent_dir(fn); + ret = readhostkey(fn, svr_opts.hostkey, &type); if (ret == DROPBEAR_SUCCESS) { diff -r bfc8e66ceacf -r 8d0c33e8ddab svr-runopts.c --- a/svr-runopts.c Tue Oct 21 22:34:20 2014 +0800 +++ b/svr-runopts.c Sun Jan 04 22:33:12 2015 +0800 @@ -410,7 +410,9 @@ sign_key * read_key = new_sign_key(); enum signkey_type type = DROPBEAR_SIGNKEY_ANY; if (readhostkey(keyfile, read_key, &type) == DROPBEAR_FAILURE) { - dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); + if (!svr_opts.delay_hostkey) { + dropbear_log(LOG_WARNING, "Failed loading %s", keyfile); + } } #ifdef DROPBEAR_RSA diff -r bfc8e66ceacf -r 8d0c33e8ddab sysoptions.h --- a/sysoptions.h Tue Oct 21 22:34:20 2014 +0800 +++ b/sysoptions.h Sun Jan 04 22:33:12 2015 +0800 @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2014.65" +#define DROPBEAR_VERSION "2014.66" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION @@ -153,8 +153,7 @@ #define MAX_CHANNELS 100 /* simple mem restriction, includes each tcp/x11 connection, so can't be _too_ small */ -#define MAX_STRING_LEN 1400 /* ~= MAX_PROPOSED_ALGO * MAX_NAME_LEN, also - is the max length for a password etc */ +#define MAX_STRING_LEN 2400 /* Sun SSH needs this long for algos */ /* For a 4096 bit DSS key, empirically determined */ #define MAX_PUBKEY_SIZE 1700