From 8a80fabd9e35d16508ff4b8057b2aa940cdc660d Mon Sep 17 00:00:00 2001 From: termux-pacman-bot Date: Wed, 15 Oct 2025 21:35:14 +0000 Subject: [PATCH] bump(main/dropbear): 2025.88 It contain some bug fixes and 1 CVE fix. dropbear: Update sysoptions.h.patch dropbear: Update svr-chansession.c.patch dropbear: Update svr-auth.c.patch Update common-session.c.patch dropbear: try to fix path by updating patch dropbear: forgot to remove revision. --- packages/dropbear/build.sh | 5 ++--- packages/dropbear/common-session.c.patch | 4 ++-- packages/dropbear/default_options.h.patch | 13 ++++++------- packages/dropbear/svr-auth.c.patch | 5 +++-- packages/dropbear/svr-chansession.c.patch | 10 +++++----- packages/dropbear/sysoptions.h.patch | 12 ++++++------ 6 files changed, 24 insertions(+), 25 deletions(-) diff --git a/packages/dropbear/build.sh b/packages/dropbear/build.sh index cc448a912e..e9107c056a 100644 --- a/packages/dropbear/build.sh +++ b/packages/dropbear/build.sh @@ -2,10 +2,9 @@ TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html TERMUX_PKG_DESCRIPTION="Small SSH server and client" TERMUX_PKG_LICENSE="MIT" TERMUX_PKG_MAINTAINER="@termux" -TERMUX_PKG_VERSION="2025.87" -TERMUX_PKG_REVISION=3 +TERMUX_PKG_VERSION="2025.88" TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2 -TERMUX_PKG_SHA256=738b7f358547f0c64c3e1a56bbc5ef98d34d9ec6adf9ccdf01dc0bf2caa2bc8d +TERMUX_PKG_SHA256=783f50ea27b17c16da89578fafdb6decfa44bb8f6590e5698a4e4d3672dc53d4 TERMUX_PKG_AUTO_UPDATE=false TERMUX_PKG_DEPENDS="termux-auth, zlib" TERMUX_PKG_SUGGESTS="openssh-sftp-server" diff --git a/packages/dropbear/common-session.c.patch b/packages/dropbear/common-session.c.patch index d766db2353..d34fbf4f12 100644 --- a/packages/dropbear/common-session.c.patch +++ b/packages/dropbear/common-session.c.patch @@ -8,7 +8,7 @@ /* A sanity check to prevent an accidental configuration option leaving multiuser systems exposed */ { -@@ -625,7 +625,7 @@ +@@ -639,7 +639,7 @@ const char* get_user_shell() { /* an empty shell should be interpreted as "/bin/sh" */ if (ses.authstate.pw_shell[0] == '\0') { @@ -17,7 +17,7 @@ } else { return ses.authstate.pw_shell; } -@@ -641,7 +641,7 @@ +@@ -655,7 +655,7 @@ if (ses.authstate.pw_passwd) m_free(ses.authstate.pw_passwd); diff --git a/packages/dropbear/default_options.h.patch b/packages/dropbear/default_options.h.patch index 51ab3e8146..656f4e5c69 100644 --- a/packages/dropbear/default_options.h.patch +++ b/packages/dropbear/default_options.h.patch @@ -32,7 +32,7 @@ /* Enable X11 Forwarding - server only */ #define DROPBEAR_X11FWD 0 -@@ -222,8 +222,8 @@ +@@ -228,8 +228,8 @@ #define DO_HOST_LOOKUP 0 /* Whether to print the message of the day (MOTD). */ @@ -43,7 +43,7 @@ #define MOTD_MAXSIZE 2000 /* Authentication Types - at least one required. -@@ -249,7 +249,7 @@ +@@ -255,7 +255,7 @@ /* Set this to 0 if your system does not have multiple user support. (Linux kernel CONFIG_MULTIUSER option) The resulting binary will not run on a normal system. */ @@ -61,8 +61,7 @@ /* Allow specifying the password for dbclient via the DROPBEAR_PASSWORD * environment variable. */ - -@@ -282,7 +282,7 @@ +@@ -288,7 +288,7 @@ /* Set this to use PRNGD or EGD instead of /dev/urandom */ #define DROPBEAR_USE_PRNGD 0 @@ -71,7 +70,7 @@ /* Specify the number of clients we will allow to be connected but * not yet authenticated. After this limit, connections are rejected */ -@@ -307,11 +307,11 @@ +@@ -313,11 +313,11 @@ * scripts etc. This can be overridden with the -P flag. * Homedir is prepended if path begins with ~/ */ @@ -85,7 +84,7 @@ /* If you want to enable running an sftp server (such as the one included with -@@ -320,11 +320,11 @@ +@@ -326,11 +326,11 @@ * Homedir is prepended if path begins with ~/ */ #define DROPBEAR_SFTPSERVER 1 @@ -99,7 +98,7 @@ /* Whether to log commands executed by a client. This only logs the * (single) command sent to the server, not what a user did in a -@@ -360,7 +360,7 @@ +@@ -366,7 +366,7 @@ #define DEFAULT_IDLE_TIMEOUT 0 /* The default path. This will often get replaced by the shell */ diff --git a/packages/dropbear/svr-auth.c.patch b/packages/dropbear/svr-auth.c.patch index 4721531aab..6848101386 100644 --- a/packages/dropbear/svr-auth.c.patch +++ b/packages/dropbear/svr-auth.c.patch @@ -21,7 +21,7 @@ } /* avoids cluttering logs with repeated failure messages from -@@ -309,8 +307,9 @@ +@@ -311,9 +309,10 @@ usershell = ses.authstate.pw_shell; if (usershell[0] == '\0') { /* empty shell in /etc/passwd means /bin/sh according to passwd(5) */ @@ -32,7 +32,8 @@ + goto goodshell; /* check the shell is valid. If /etc/shells doesn't exist, getusershell() * should return some standard shells like "/bin/sh" and "/bin/csh" (this -@@ -324,7 +323,6 @@ + * is platform-specific) */ +@@ -326,7 +325,6 @@ } } /* no matching shell */ diff --git a/packages/dropbear/svr-chansession.c.patch b/packages/dropbear/svr-chansession.c.patch index 4fad2eb863..659d2e2614 100644 --- a/packages/dropbear/svr-chansession.c.patch +++ b/packages/dropbear/svr-chansession.c.patch @@ -1,5 +1,5 @@ +++ ./src/svr-chansession.c -@@ -611,7 +611,7 @@ +@@ -608,7 +608,7 @@ dropbear_exit("Out of memory"); /* TODO disconnect */ } @@ -8,7 +8,7 @@ if (!pw) dropbear_exit("getpwnam failed after succeeding previously"); pty_setowner(pw, chansess->tty); -@@ -968,6 +968,8 @@ +@@ -965,6 +965,8 @@ #endif /* clear environment if -e was not set */ @@ -17,7 +17,7 @@ /* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD * etc. This is hazardous, so should only be used for debugging. */ if ( !svr_opts.pass_on_env) { -@@ -982,6 +984,7 @@ +@@ -979,6 +981,7 @@ #endif /* HAVE_CLEARENV */ #endif /* DEBUG_VALGRIND */ } @@ -25,7 +25,7 @@ #if DROPBEAR_SVR_MULTIUSER /* We can only change uid/gid as root ... */ -@@ -1009,6 +1012,8 @@ +@@ -1006,6 +1009,8 @@ } #endif @@ -34,7 +34,7 @@ /* set env vars */ addnewvar("USER", ses.authstate.pw_name); addnewvar("LOGNAME", ses.authstate.pw_name); -@@ -1019,6 +1024,7 @@ +@@ -1016,6 +1021,7 @@ } else { addnewvar("PATH", DEFAULT_PATH); } diff --git a/packages/dropbear/sysoptions.h.patch b/packages/dropbear/sysoptions.h.patch index 00f39e4adb..ce3f0ca656 100644 --- a/packages/dropbear/sysoptions.h.patch +++ b/packages/dropbear/sysoptions.h.patch @@ -1,5 +1,5 @@ +++ ./src/sysoptions.h -@@ -90,7 +90,7 @@ +@@ -94,7 +94,7 @@ #define _PATH_TTY "/dev/tty" @@ -8,7 +8,7 @@ /* Default contents of /etc/shells if system getusershell() doesn't exist. * Paths taken from getusershell(3) manpage. These can be customised -@@ -98,7 +98,7 @@ +@@ -102,7 +102,7 @@ -DCOMPAT_USER_SHELLS='"/bin/sh","/apps/bin/sh","/data/bin/zsh"' */ #ifndef COMPAT_USER_SHELLS @@ -17,7 +17,7 @@ #endif #define DROPBEAR_ESCAPE_CHAR '~' -@@ -294,9 +294,6 @@ +@@ -338,9 +338,6 @@ #error "DROPBEAR_SVR_PATM_AUTH requires PAM headers. Perhaps ./configure --enable-pam ?" #endif @@ -27,11 +27,11 @@ #if !(DROPBEAR_SVR_PASSWORD_AUTH || DROPBEAR_SVR_PAM_AUTH || DROPBEAR_SVR_PUBKEY_AUTH) #error "At least one server authentication type must be enabled. DROPBEAR_SVR_PUBKEY_AUTH and DROPBEAR_SVR_PASSWORD_AUTH are recommended." -@@ -404,7 +401,6 @@ +@@ -448,7 +445,6 @@ #if defined(DROPBEAR_DSS) #undef DROPBEAR_DSS #endif -#define DROPBEAR_DSS 1 - #if defined(DROPBEAR_USE_SSH_CONFIG) - #undef DROPBEAR_USE_SSH_CONFIG + #if defined(DROPBEAR_RSA_SHA1) + #undef DROPBEAR_RSA_SHA1