Hello community,
here is the log from the commit of package dropbear for openSUSE:Factory checked in at 2014-11-02 16:46:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dropbear (Old)
and /work/SRC/openSUSE:Factory/.dropbear.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dropbear"
Changes:
--------
--- /work/SRC/openSUSE:Factory/dropbear/dropbear.changes 2014-08-20 10:51:05.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.dropbear.new/dropbear.changes 2014-11-02 16:46:41.000000000 +0100
@@ -1,0 +2,12 @@
+Fri Oct 24 08:30:31 UTC 2014 - thardeck@suse.com
+
+- updated to upstream version 2014.66
+ * Use the same keepalive handling behaviour as OpenSSH. This will work better
+ with some SSH implementations that have different behaviour with unknown
+ message types.
+ * Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
+ keepalive message
+ * Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
+ * Fix wtmp which broke since 2013.62, patch from Whoopie
+
+-------------------------------------------------------------------
Old:
----
dropbear-2014.65.tar.bz2
New:
----
dropbear-2014.66.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dropbear.spec ++++++
--- /var/tmp/diff_new_pack.pESFd8/_old 2014-11-02 16:46:42.000000000 +0100
+++ /var/tmp/diff_new_pack.pESFd8/_new 2014-11-02 16:46:42.000000000 +0100
@@ -21,7 +21,7 @@
%endif
Name: dropbear
-Version: 2014.65
+Version: 2014.66
Release: 0
Summary: A relatively small SSH 2 server and client
License: MIT
++++++ SHA1SUM.asc ++++++
--- /var/tmp/diff_new_pack.pESFd8/_old 2014-11-02 16:46:42.000000000 +0100
+++ /var/tmp/diff_new_pack.pESFd8/_new 2014-11-02 16:46:42.000000000 +0100
@@ -1,13 +1,13 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-17758da1c3361557c5f0e78a100c8f2b81937fdc CHANGES
-54e3738a4335a8dbb1e4acb29316b07f3a1fa354 dropbear-2014.64.tar.bz2
+07a147b70a5402f38b2965e386cbe63dee1afd69 CHANGES
a7b04ff3c27059477ecdd8dccef7d43f644abe46 dropbear-2014.65.tar.bz2
+793f5f1bb465b3c55e795d607932e8b21c130e95 dropbear-2014.66.tar.bz2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)
-iEYEARECAAYFAlPk1kUACgkQjPn4sExkf7zCtgCfccmwAJ28VDggN/lPzfXix48/
-Qp0AnjRb6dLYj4SUhjbvt6ZiIe11HUzu
-=L8D3
+iEYEARECAAYFAlRJDGYACgkQjPn4sExkf7wHRgCdH3TEUSKebFmT74e6NIuAAkpB
+m78AoNIly2cnFzoimxixnNa7LDDRi64y
+=MfF3
-----END PGP SIGNATURE-----
++++++ dropbear-2014.65.tar.bz2 -> dropbear-2014.66.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/.hg_archival.txt new/dropbear-2014.66/.hg_archival.txt
--- old/dropbear-2014.65/.hg_archival.txt 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/.hg_archival.txt 2014-10-23 15:43:38.000000000 +0200
@@ -1,5 +1,5 @@
repo: d7da3b1e15401eb234ec866d5eac992fc4cd5878
-node: e9579816f20ea85affc6135e87f8477992808948
+node: 735511a4c761141416ad0e6728989d2dafa55bc2
branch: default
-latesttag: DROPBEAR_2014.64
+latesttag: DROPBEAR_2014.65
latesttagdistance: 12
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/.hgsigs new/dropbear-2014.66/.hgsigs
--- old/dropbear-2014.65/.hgsigs 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/.hgsigs 2014-10-23 15:43:38.000000000 +0200
@@ -11,3 +11,4 @@
3d1d7d151c0ce3a79da62e86463f5632fa2b144a 0 iEYEABECAAYFAlKd5AEACgkQjPn4sExkf7wzWgCfdvPEEIdlMPqcbOQMJ7b+eAyy164An2ip1lPh1eS5g26/gSfruvWBVym4
277429102f1337bd10c89107d3e01de509cc1a7e 0 iEYEABECAAYFAlMEvF4ACgkQjPn4sExkf7xeVQCgtbxJ4G3hsFwUOM0K1WGr1J2vsbEAoMM8dEyr1mdrbgO1tzNLfD1nxbyn
96584b934d04ebab443f603e78d38fe692d36313 0 iEYEABECAAYFAlPVFrQACgkQjPn4sExkf7xr6ACglRiLE21vRrS1rJ809o2yMADIKtwAn1f5SyZUngSde8eE55JxCMwtMC5m
+caac692b366c153cea0e9cd59aa2d79a7d843d4e 0 iEYEABECAAYFAlPk1mcACgkQjPn4sExkf7wLpgCeOqMYqpkf4lYUuyrn9VYThNpc7PkAn3JOSNgIqkKUcmSy6FstrI8jwJzq
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/.hgtags new/dropbear-2014.66/.hgtags
--- old/dropbear-2014.65/.hgtags 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/.hgtags 2014-10-23 15:43:38.000000000 +0200
@@ -44,3 +44,4 @@
3d1d7d151c0ce3a79da62e86463f5632fa2b144a DROPBEAR_2013.62
2351b2da8e0d08dcc6e64fcc328b53b9630bda68 DROPBEAR_2014.63
0d2d39957c029adb7f4327d37fe6b4900f0736d9 DROPBEAR_2014.64
+e9579816f20ea85affc6135e87f8477992808948 DROPBEAR_2014.65
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/CHANGES new/dropbear-2014.66/CHANGES
--- old/dropbear-2014.65/CHANGES 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/CHANGES 2014-10-23 15:43:38.000000000 +0200
@@ -1,3 +1,16 @@
+2014.66 - Thursday 23 October 2014
+
+- Use the same keepalive handling behaviour as OpenSSH. This will work better
+ with some SSH implementations that have different behaviour with unknown
+ message types.
+
+- Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
+ keepalive message
+
+- Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
+
+- Fix wtmp which broke since 2013.62, patch from Whoopie
+
2014.65 - Friday 8 August 2014
- Fix 2014.64 regression, server session hang on exit with scp (and probably
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/LICENSE new/dropbear-2014.66/LICENSE
--- old/dropbear-2014.65/LICENSE 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/LICENSE 2014-10-23 15:43:38.000000000 +0200
@@ -8,7 +8,7 @@
Portions of the client-mode work are (c) 2004 Mihnea Stoenescu, under the
same license:
-Copyright (c) 2002-2013 Matt Johnston
+Copyright (c) 2002-2014 Matt Johnston
Portions copyright (c) 2004 Mihnea Stoenescu
All rights reserved.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/auth.h new/dropbear-2014.66/auth.h
--- old/dropbear-2014.65/auth.h 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/auth.h 2014-10-23 15:43:38.000000000 +0200
@@ -106,7 +106,7 @@
valid */
unsigned int failcount; /* Number of (failed) authentication attempts.*/
unsigned authdone : 1; /* 0 if we haven't authed, 1 if we have. Applies for
- client and server (though has differing [obvious]
+ client and server (though has differing
meanings). */
unsigned perm_warn : 1; /* Server only, set if bad permissions on
~/.ssh/authorized_keys have already been
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/channel.h new/dropbear-2014.66/channel.h
--- old/dropbear-2014.65/channel.h 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/channel.h 2014-10-23 15:43:38.000000000 +0200
@@ -105,6 +105,9 @@
void setchannelfds(fd_set *readfd, fd_set *writefd);
void channelio(fd_set *readfd, fd_set *writefd);
struct Channel* getchannel();
+/* Returns an arbitrary channel that is in a ready state - not
+being initialised and no EOF in either direction. NULL if none. */
+struct Channel* get_any_ready_channel();
void recv_msg_channel_open();
void recv_msg_channel_request();
@@ -128,8 +131,10 @@
void recv_msg_channel_open_confirmation();
void recv_msg_channel_open_failure();
#endif
+void start_send_channel_request(struct Channel *channel, unsigned char *type);
void send_msg_request_success();
void send_msg_request_failure();
+
#endif /* _CHANNEL_H_ */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/chansession.h new/dropbear-2014.66/chansession.h
--- old/dropbear-2014.65/chansession.h 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/chansession.h 2014-10-23 15:43:38.000000000 +0200
@@ -51,9 +51,12 @@
/* exit details */
struct exitinfo exit;
- /* Used to set $SSH_CONNECTION in the child session.
- Is only set temporarily before forking */
+
+ /* These are only set temporarily before forking */
+ /* Used to set $SSH_CONNECTION in the child session. */
char *connection_string;
+ /* Used to set $SSH_CLIENT in the child session. */
+ char *client_string;
#ifndef DISABLE_X11FWD
struct Listener * x11listener;
@@ -89,7 +92,6 @@
#ifdef ENABLE_CLI_NETCAT
void cli_send_netcat_request();
#endif
-void cli_start_send_channel_request(struct Channel *channel, unsigned char *type);
void svr_chansessinitialise();
extern const struct ChanType svrchansess;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/cli-agentfwd.c new/dropbear-2014.66/cli-agentfwd.c
--- old/dropbear-2014.65/cli-agentfwd.c 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/cli-agentfwd.c 2014-10-23 15:43:38.000000000 +0200
@@ -234,7 +234,7 @@
return;
}
- cli_start_send_channel_request(channel, "auth-agent-req@openssh.com");
+ start_send_channel_request(channel, "auth-agent-req@openssh.com");
/* Don't want replies */
buf_putbyte(ses.writepayload, 0);
encrypt_packet();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/cli-chansession.c new/dropbear-2014.66/cli-chansession.c
--- old/dropbear-2014.65/cli-chansession.c 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/cli-chansession.c 2014-10-23 15:43:38.000000000 +0200
@@ -92,17 +92,6 @@
}
}
-void cli_start_send_channel_request(struct Channel *channel,
- unsigned char *type) {
-
- CHECKCLEARTOWRITE();
- buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
- buf_putint(ses.writepayload, channel->remotechan);
-
- buf_putstring(ses.writepayload, type, strlen(type));
-
-}
-
/* Taken from OpenSSH's sshtty.c:
* RCSID("OpenBSD: sshtty.c,v 1.5 2003/09/19 17:43:35 markus Exp "); */
static void cli_tty_setup() {
@@ -287,7 +276,7 @@
TRACE(("enter send_chansess_pty_req"))
- cli_start_send_channel_request(channel, "pty-req");
+ start_send_channel_request(channel, "pty-req");
/* Don't want replies */
buf_putbyte(ses.writepayload, 0);
@@ -330,7 +319,7 @@
reqtype = "shell";
}
- cli_start_send_channel_request(channel, reqtype);
+ start_send_channel_request(channel, reqtype);
/* XXX TODO */
buf_putbyte(ses.writepayload, 0); /* Don't want replies */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/cli-session.c new/dropbear-2014.66/cli-session.c
--- old/dropbear-2014.65/cli-session.c 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/cli-session.c 2014-10-23 15:43:38.000000000 +0200
@@ -70,9 +70,15 @@
{SSH_MSG_USERAUTH_BANNER, recv_msg_userauth_banner}, /* client */
{SSH_MSG_USERAUTH_SPECIFIC_60, recv_msg_userauth_specific_60}, /* client */
{SSH_MSG_GLOBAL_REQUEST, recv_msg_global_request_cli},
+ {SSH_MSG_CHANNEL_SUCCESS, ignore_recv_response},
+ {SSH_MSG_CHANNEL_FAILURE, ignore_recv_response},
#ifdef ENABLE_CLI_REMOTETCPFWD
{SSH_MSG_REQUEST_SUCCESS, cli_recv_msg_request_success}, /* client */
{SSH_MSG_REQUEST_FAILURE, cli_recv_msg_request_failure}, /* client */
+#else
+ /* For keepalive */
+ {SSH_MSG_REQUEST_SUCCESS, ignore_recv_response},
+ {SSH_MSG_REQUEST_FAILURE, ignore_recv_response},
#endif
{0, 0} /* End */
};
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/common-channel.c new/dropbear-2014.66/common-channel.c
--- old/dropbear-2014.65/common-channel.c 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/common-channel.c 2014-10-23 15:43:38.000000000 +0200
@@ -627,7 +627,12 @@
&& !channel->close_handler_done) {
channel->type->reqhandler(channel);
} else {
- send_msg_channel_failure(channel);
+ int wantreply;
+ buf_eatstring(ses.payload);
+ wantreply = buf_getbool(ses.payload);
+ if (wantreply) {
+ send_msg_channel_failure(channel);
+ }
}
TRACE(("leave recv_msg_channel_request"))
@@ -1134,3 +1139,30 @@
buf_putbyte(ses.writepayload, SSH_MSG_REQUEST_FAILURE);
encrypt_packet();
}
+
+struct Channel* get_any_ready_channel() {
+ if (ses.chancount == 0) {
+ return NULL;
+ }
+ size_t i;
+ for (i = 0; i < ses.chansize; i++) {
+ struct Channel *chan = ses.channels[i];
+ if (chan
+ && !(chan->sent_eof || chan->recv_eof)
+ && !(chan->await_open || chan->initconn)) {
+ return chan;
+ }
+ }
+ return NULL;
+}
+
+void start_send_channel_request(struct Channel *channel,
+ unsigned char *type) {
+
+ CHECKCLEARTOWRITE();
+ buf_putbyte(ses.writepayload, SSH_MSG_CHANNEL_REQUEST);
+ buf_putint(ses.writepayload, channel->remotechan);
+
+ buf_putstring(ses.writepayload, type, strlen(type));
+
+}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/common-session.c new/dropbear-2014.66/common-session.c
--- old/dropbear-2014.65/common-session.c 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/common-session.c 2014-10-23 15:43:38.000000000 +0200
@@ -394,14 +394,30 @@
return pos+1;
}
+void ignore_recv_response() {
+ // Do nothing
+ TRACE(("Ignored msg_request_response"))
+}
+
static void send_msg_keepalive() {
CHECKCLEARTOWRITE();
time_t old_time_idle = ses.last_packet_time_idle;
- /* Try to force a response from the other end. Some peers will
- reply with SSH_MSG_REQUEST_FAILURE, some will reply with SSH_MSG_UNIMPLEMENTED */
- buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
- /* A short string */
- buf_putstring(ses.writepayload, "k@dropbear.nl", 0);
+
+ struct Channel *chan = get_any_ready_channel();
+
+ if (chan) {
+ /* Channel requests are preferable, more implementations
+ handle them than SSH_MSG_GLOBAL_REQUEST */
+ TRACE(("keepalive channel request %d", chan->index))
+ start_send_channel_request(chan, DROPBEAR_KEEPALIVE_STRING);
+ } else {
+ TRACE(("keepalive global request"))
+ /* Some peers will reply with SSH_MSG_REQUEST_FAILURE,
+ some will reply with SSH_MSG_UNIMPLEMENTED, some will exit. */
+ buf_putbyte(ses.writepayload, SSH_MSG_GLOBAL_REQUEST);
+ buf_putstring(ses.writepayload, DROPBEAR_KEEPALIVE_STRING,
+ strlen(DROPBEAR_KEEPALIVE_STRING));
+ }
buf_putbyte(ses.writepayload, 1); /* want_reply */
encrypt_packet();
@@ -430,7 +446,10 @@
send_msg_kexinit();
}
- if (opts.keepalive_secs > 0) {
+ if (opts.keepalive_secs > 0 && ses.authstate.authdone) {
+ /* Avoid sending keepalives prior to auth - those are
+ not valid pre-auth packet types */
+
/* Send keepalives if we've been idle */
if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) {
send_msg_keepalive();
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/dropbear-2014.65/debian/changelog new/dropbear-2014.66/debian/changelog
--- old/dropbear-2014.65/debian/changelog 2014-08-08 15:40:46.000000000 +0200
+++ new/dropbear-2014.66/debian/changelog 2014-10-23 15:43:38.000000000 +0200
@@ -1,3 +1,9 @@
+dropbear (2014.66-0.1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Matt Johnston