Add build static release inside container

Regressed when -Wundef was added

Fixes #210

.github/workflows/autoconf.yml

@@ -8,7 +8,7 @@ on:
       - master
 jobs:
   autoconf:
-    runs-on: 'ubuntu-20.04'
+    runs-on: 'ubuntu-22.04'
 
     steps:
       - name: deps

.github/workflows/build.yml

@@ -9,7 +9,7 @@ on:
       - master
 jobs:
   build:
-    runs-on: ${{ matrix.os || 'ubuntu-20.04' }}
+    runs-on: ${{ matrix.os || 'ubuntu-22.04' }}
     strategy:
       matrix:
         # XXX uncomment the line below to work with act, see https://github.com/nektos/act/issues/996
@@ -32,6 +32,14 @@ jobs:
             multi: 1
             multiwrapper: 1
 
+          - name: client only
+            runcheck: 'no'
+            make_target: PROGRAMS=dbclient
+
+          - name: server only
+            runcheck: 'no'
+            make_target: PROGRAMS=dropbear
+
           - name: bundled libtom, bionic , no writev()
             # test can use an older distro with bundled libtommath
             os: ubuntu-18.04
@@ -50,11 +58,12 @@ jobs:
           - name: c89
             extracflags: -std=c89 -Wdeclaration-after-statement
 
-          - name: macos 10.15
-            os: macos-10.15
+          - name: macos 12
+            os: macos-12
             cc: clang
-            # OS X says daemon() and utmp are deprecated
-            extracflags: -Wno-deprecated-declarations
+            # OS X says daemon() and utmp are deprecated.
+            # OS X tests for undefined TARGET_OS_EMBEDDED in libc headers
+            extracflags: -Wno-deprecated-declarations -Wno-undef
             runcheck: 'no'
             apt: 'no'
             # fails with:
@@ -64,7 +73,7 @@ jobs:
           - name: macos 11
             os: macos-11
             cc: clang
-            extracflags: -Wno-deprecated-declarations
+            extracflags: -Wno-deprecated-declarations -Wno-undef
             runcheck: 'no'
             apt: 'no'
             ranlib: ranlib -no_warning_for_no_symbols
@@ -74,6 +83,47 @@ jobs:
             localoptions: |
               #define DEBUG_TRACE 5
 
+          # Check off-by-default options don't bitrot
+          - name: nondefault options
+            nondefault: 1
+            configure_flags: --enable-pam
+
+          - name: most options disabled
+            configure_flags: --disable-harden --disable-zlib --disable-openpty --disable-lastlog
+            runcheck: 'no'
+            localoptions: |
+              #define DROPBEAR_RSA 0
+              #define INETD_MODE 0
+              #define DROPBEAR_REEXEC 0
+              #define DROPBEAR_SMALL_CODE 0
+              #define DROPBEAR_CLI_LOCALTCPFWD 0
+              #define DROPBEAR_CLI_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_LOCALTCPFWD 0
+              #define DROPBEAR_SVR_REMOTETCPFWD 0
+              #define DROPBEAR_SVR_AGENTFWD 0
+              #define DROPBEAR_CLI_AGENTFWD 0
+              #define DROPBEAR_CLI_PROXYCMD 0
+              #define DROPBEAR_USER_ALGO_LIST 0
+              #define DROPBEAR_AES128 0
+              #define DROPBEAR_AES256 0
+              #define DROPBEAR_ENABLE_CTR_MODE 0
+              #define DROPBEAR_SHA1_HMAC 0
+              #define DROPBEAR_SHA2_256_HMAC 0
+              #define DROPBEAR_RSA 0
+              #define DROPBEAR_ECDSA 0
+              #define DROPBEAR_SK_KEYS 0
+              #define DROPBEAR_DELAY_HOSTKEY 0
+              #define DROPBEAR_DH_GROUP14_SHA1 0
+              #define DROPBEAR_DH_GROUP14_SHA256 0
+              #define DROPBEAR_ECDH 0
+              #define DROPBEAR_DH_GROUP1_CLIENTONLY 0
+              #define DO_MOTD 0
+              #define DROPBEAR_SVR_PUBKEY_AUTH 0
+              #define DROPBEAR_CLI_PASSWORD_AUTH 0
+              #define DROPBEAR_CLI_PUBKEY_AUTH 0
+              #define DROPBEAR_USE_PASSWORD_ENV 0
+              #define DROPBEAR_SFTPSERVER 0
+
           # # Fuzzers run standalone. A bit superfluous with cifuzz, but
           # # good to run the whole corpus to keep it working.
           # - name: fuzzing with address sanitizer
@@ -101,6 +151,7 @@ jobs:
       LDFLAGS: ${{ matrix.ldflags }}
       EXTRACFLAGS: ${{ matrix.extracflags }}
       CONFIGURE_FLAGS: ${{ matrix.configure_flags || '--enable-werror' }}
+      MAKE_TARGET: ${{ matrix.make_target }}
       # for fuzzing
       CXX: clang++
       RANLIB: ${{ matrix.ranlib || 'ranlib' }}
@@ -115,7 +166,7 @@ jobs:
         if: ${{ matrix.apt != 'no' }}
         run: |
           sudo apt-get -y update
-          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv $CC
+          sudo apt-get -y install zlib1g-dev libtomcrypt-dev libtommath-dev mercurial python3-venv libpam0g-dev $CC
 
       - uses: actions/checkout@v2
 
@@ -129,10 +180,21 @@ jobs:
       - name: localoptions
         run: |
           echo "$LOCALOPTIONS" > localoptions.h
+          echo "#define DROPBEAR_DSS 1" >> localoptions.h
           cat localoptions.h
 
+      - name: nondefault
+        if: ${{ matrix.nondefault }}
+        run: |
+          # Turn on anything that's off by default. Rough but seems sufficient
+          grep ' 0$' default_options.h | sed 's/0$/1/' > localoptions.h
+          # PAM clashes with password
+          echo "#define DROPBEAR_SVR_PASSWORD_AUTH 0" >> localoptions.h
+          # 1 second timeout is too short
+          sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h
+
       - name: make
-        run: make -j3
+        run: make -j3 $MAKE_TARGET
 
       - name: multilink
         if: ${{ matrix.multilink }}
@@ -155,6 +217,7 @@ jobs:
         run: make install
 
       - name: keys
+        if: ${{ matrix.runcheck != 'no' }}
         run: |
           mkdir -p ~/.ssh
           # remove old files so we can rerun in-place with "act -r" during test development
@@ -182,16 +245,22 @@ jobs:
 
       # Sanity check that the binary runs
       - name: genrsa
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t rsa -f testrsa
       - name: gendss
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t dss -f testdss
       - name: genecdsa256
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256
       - name: genecdsa384
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ecdsa -f testec384 -s 384
       - name: genecdsa521
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ecdsa -f testec521 -s 521
       - name: gened25519
+        if: ${{ matrix.runcheck != 'no' }}
         run: ~/inst/bin/dropbearkey -t ed25519 -f tested25519
 
       - name: fuzz

.github/workflows/tarball.yml

@@ -5,7 +5,7 @@ on:
       - master
 jobs:
   tarball:
-    runs-on: 'ubuntu-20.04'
+    runs-on: 'ubuntu-22.04'
 
     steps:
       - uses: actions/checkout@v2

CHANGES

@@ -1,3 +1,108 @@
+2022.83 - 14 November 2022
+
+Features and Changes:
+  Note >> for compatibility/configuration changes
+
+- >> Disable DROPBEAR_DSS by default
+  It is only 1024 bit and uses sha1, most distros disable it by default already.
+
+- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures.
+  >> RSA with sha1 will be disabled in a future release (rsa keys will continue
+  to work OK, with sha256 signatures used instead).
+
+- Add option for requiring both password and pubkey (-t)
+  Patch from Jackkal
+
+- Add 'no-touch-required' and 'verify-required' options for sk keys
+  Patch from Egor Duda
+
+  - >> DROPBEAR_SK_KEYS config option now replaces separate DROPBEAR_SK_ECDSA
+  and DROPBEAR_SK_ED25519 options.
+
+- Add 'permitopen' option for authorized_keys to restrict forwarded ports
+  Patch from Tuomas Haikarainen
+
+- >> Added LTM_CFLAGS configure argument to set flags for building
+  bundled libtommath. This also restores the previous arguments used
+  in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA
+  key generation, which regressed in 2022.82.
+  There is a tradeoff with code size, so -Os can be used if required.
+  https://github.com/mkj/dropbear/issues/174
+  Reported by David Bernard
+
+- Add '-z' flag to disable setting QoS traffic class. This may be necessary
+  to work with broken networks or network drivers, exposed after changes to use
+  AF21 in 2022.82
+  https://github.com/mkj/dropbear/issues/193
+  Reported by yuhongwei380, patch from Petr Štetiar
+
+- Allow overriding user shells with COMPAT_USER_SHELLS
+  Based on a patch from Matt Robinson
+
+- Improve permission error message
+  Patch from k-kurematsu
+
+- >> Remove HMAC_MD5 entirely
+
+Regression fixes from 2022.82:
+
+- Fix X11 build
+
+- Fix build warning
+
+- Fix compilation when disabling pubkey authentication
+  Patch from MaxMougg
+
+- Fix MAX_UNAUTH_CLIENTS regression
+  Reported by ptpt52
+
+- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled
+  https://github.com/mkj/dropbear/issues/174
+  Suggested by Steffen Jaeckel
+
+- Fix Dropbear plugin support
+  https://github.com/mkj/dropbear/issues/194
+  Reported by Struan Bartlett
+
+Other fixes:
+
+- Fix long standing incorrect compression size check. Dropbear
+  (client or server) would erroneously exit with
+  "bad packet, oversized decompressed"
+  when receiving a compressed packet of exactly the maximum size.
+
+- Fix missing setsid() removed in 2020.79
+  https://github.com/mkj/dropbear/issues/180
+  Reported and debugged by m5jt and David Bernard
+
+- Try keyboard-interactive auth before password, in dbclient.
+  This was unintentionally changed back in 2013
+  https://github.com/mkj/dropbear/pull/190
+  Patch from Michele Giacomoli
+
+- Drain the terminal when reading the fingerprint confirmation response
+  https://github.com/mkj/dropbear/pull/191
+  Patch from Michele Giacomoli
+
+- Fix utx wtmp variable typo. This has been wrong for a long time but
+  only recently became a problem when wtmp was detected.
+  https://github.com/mkj/dropbear/pull/189
+  Patch from Michele Giacomoli
+
+- Improve configure test for hardening options.
+  Fixes building on AIX
+  https://github.com/mkj/dropbear/issues/158
+
+- Fix debian/dropbear.init newline
+  From wulei-student
+
+Infrastructure:
+
+- Test off-by-default compile options
+
+- Set -Wundef to catch typos in #if statements
+
+
 2022.82 - 1 April 2022
 
 Features and Changes:
@@ -54,10 +159,13 @@ Features and Changes:
   Patch from Raphaël Hertzog
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
 
-- Added client option "-o DisableTrivialAuth". This can be used to prevent
-  the server immediately accepting successful authentication (before any auth
-  request) which could cause UI confusion and security issues with agent
-  forwarding - it isn't clear which host is prompting to use a key.
+- Added client option "-o DisableTrivialAuth". It disallows a server immediately
+  giving successful authentication (without presenting any password/pubkey prompt).
+  This avoids a UI confusion issue where it may appear that the user is accepting
+  a SSH agent prompt from their local machine, but are actually accepting a prompt
+  sent immediately by the remote server. 
+  CVE-2021-36369 though the description there is a bit confused. It only applies
+  to Dropbear as a client.
   Thanks to Manfred Kaiser from Austrian MilCERT
 
 - Add -q client option to hide remote banner, from Hans Harder

Dockerfile

@@ -0,0 +1,15 @@
+FROM ubuntu:22.04
+
+ENV LC_ALL=C.UTF-8
+
+RUN apt-get update
+
+RUN apt-get install -y build-essential git autoconf
+
+RUN mkdir -p /root/dropbear/
+WORKDIR /root/dropbear/
+
+# ./configure --disable-zlib --disable-syslog --enable-static --disable-harden
+# make PROGRAMS="dropbear dropbearconvert"
+
+ENTRYPOINT ["bash"]

INSTALL

@@ -58,7 +58,7 @@ Compiling for uClibc should be the same as normal, just set CC to the magic
 uClibc toolchain compiler (ie export CC=i386-uclibc-gcc or whatever).
 You can use "make STATIC=1" to make statically linked binaries, and it is
 advisable to strip the binaries too. If you're looking to make a small binary,
-you should remove unneeded ciphers and MD5, by editing localoptions.h
+you should remove unneeded ciphers and algorithms, by editing localoptions.h
 
 It is possible to compile zlib in, by copying zlib.h and zconf.h into a
 subdirectory (ie zlibincludes), and 

Makefile.in

@@ -43,7 +43,7 @@ COMMONOBJS=dbutil.o buffer.o dbhelpers.o \
 SVROBJS=svr-kex.o svr-auth.o sshpty.o \
 		svr-authpasswd.o svr-authpubkey.o svr-authpubkeyoptions.o svr-session.o svr-service.o \
 		svr-chansession.o svr-runopts.o svr-agentfwd.o svr-main.o svr-x11fwd.o\
-		svr-tcpfwd.o svr-authpam.o @CRYPTLIB@
+		svr-tcpfwd.o svr-authpam.o
 
 CLIOBJS=cli-main.o cli-auth.o cli-authpasswd.o cli-kex.o \
 		cli-session.o cli-runopts.o cli-chansession.o \

README

@@ -8,6 +8,8 @@ which performs multiple tasks, to save disk space)
 
 SMALL has some tips on creating small binaries.
 
+A mirror of the Dropbear website and tarballs is available at https://dropbear.nl/mirror/
+
 Please contact me if you have any questions/bugs found/features/ideas/comments etc :)
 There is also a mailing list http://lists.ucc.gu.uwa.edu.au/mailman/listinfo/dropbear
 

SMALL

@@ -47,4 +47,10 @@ deciding.
 
 Of course using small C libraries such as uClibc and dietlibc can also help.
 
+---
+
+Libtommath has its own default CFLAGS to improve speed. You can use
+./configure LTM_CFLAGS=-Os
+to reduce size at the expense of speed.
+
 If you have any queries, mail me and I'll see if I can help.

auth.h

@@ -28,6 +28,7 @@
 #include "includes.h"
 #include "signkey.h"
 #include "chansession.h"
+#include "list.h"
 
 void svr_authinitialise(void);
 
@@ -45,6 +46,7 @@ int svr_pubkey_allows_agentfwd(void);
 int svr_pubkey_allows_tcpfwd(void);
 int svr_pubkey_allows_x11fwd(void);
 int svr_pubkey_allows_pty(void);
+int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port);
 void svr_pubkey_set_forced_command(struct ChanSess *chansess);
 void svr_pubkey_options_cleanup(void);
 int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filename);
@@ -54,6 +56,9 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena
 #define svr_pubkey_allows_tcpfwd() 1
 #define svr_pubkey_allows_x11fwd() 1
 #define svr_pubkey_allows_pty() 1
+static inline int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port)
+	{ (void)host; (void)port; return 1; }
+
 static inline void svr_pubkey_set_forced_command(struct ChanSess *chansess) { }
 static inline void svr_pubkey_options_cleanup(void) { }
 #define svr_add_pubkey_options(x,y,z) DROPBEAR_SUCCESS
@@ -93,6 +98,7 @@ void cli_auth_pubkey_cleanup(void);
 #define AUTH_METHOD_INTERACT "keyboard-interactive"
 #define AUTH_METHOD_INTERACT_LEN 20
 
+#define PUBKEY_OPTIONS_ANY_PORT UINT_MAX
 
 
 /* This structure is shared between server and client - it contains
@@ -139,6 +145,18 @@ struct PubKeyOptions {
 	int no_pty_flag;
 	/* "command=" option. */
 	char * forced_command;
+	/* "permitopen=" option */
+	m_list *permit_open_destinations;
+	
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+	int no_touch_required_flag;
+	int verify_required_flag;
+#endif
+};
+
+struct PermitTCPFwdEntry {
+	char *host;
+	unsigned int port;
 };
 #endif
 

bignum.c

@@ -93,7 +93,7 @@ void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len) {
 
 /* hash the ssh representation of the mp_int mp */
 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
-				hash_state *hs, mp_int *mp) {
+				hash_state *hs, const mp_int *mp) {
 	buffer * buf;
 
 	buf = buf_new(512 + 20); /* max buffer is a 4096 bit key, 

bignum.h

@@ -33,6 +33,6 @@ void m_mp_alloc_init_multi(mp_int **mp, ...) ATTRIB_SENTINEL;
 void m_mp_free_multi(mp_int **mp, ...)  ATTRIB_SENTINEL;
 void bytes_to_mp(mp_int *mp, const unsigned char* bytes, unsigned int len);
 void hash_process_mp(const struct ltc_hash_descriptor *hash_desc, 
-				hash_state *hs, mp_int *mp);
+				hash_state *hs, const mp_int *mp);
 
 #endif /* DROPBEAR_BIGNUM_H_ */

buffer.c

@@ -299,7 +299,7 @@ void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len) {
 
 /* for our purposes we only need positive (or 0) numbers, so will
  * fail if we get negative numbers */
-void buf_putmpint(buffer* buf, mp_int * mp) {
+void buf_putmpint(buffer* buf, const mp_int * mp) {
 	size_t written;
 	unsigned int len, pad = 0;
 	TRACE2(("enter buf_putmpint"))

buffer.h

@@ -65,7 +65,7 @@ void buf_putint(buffer* buf, unsigned int val);
 void buf_putstring(buffer* buf, const char* str, unsigned int len);
 void buf_putbufstring(buffer *buf, const buffer* buf_str);
 void buf_putbytes(buffer *buf, const unsigned char *bytes, unsigned int len);
-void buf_putmpint(buffer* buf, mp_int * mp);
+void buf_putmpint(buffer* buf, const mp_int * mp);
 int buf_getmpint(buffer* buf, mp_int* mp);
 unsigned int buf_getint(buffer* buf);
 

build.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+docker build -t dropbearbuild -f Dockerfile .
+
+docker run --rm -t -v $(pwd):/root/dropbear dropbearbuild -c "./configure --disable-zlib --disable-syslog --enable-static --disable-harden && make PROGRAMS=\"dropbear dropbearconvert\""
+
+docker image rm dropbearbuild

cli-auth.c

@@ -296,18 +296,6 @@ int cli_auth_try() {
 	}
 #endif
 
-#if DROPBEAR_CLI_PASSWORD_AUTH
-	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
-		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
-			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
-		} else {
-			cli_auth_password();
-			finished = 1;
-			cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
-		}
-	}
-#endif
-
 #if DROPBEAR_CLI_INTERACT_AUTH
 	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_INTERACT)) {
 		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
@@ -322,6 +310,18 @@ int cli_auth_try() {
 	}
 #endif
 
+#if DROPBEAR_CLI_PASSWORD_AUTH
+	if (!finished && (ses.authstate.authtypes & AUTH_TYPE_PASSWORD)) {
+		if (ses.keys->trans.algo_crypt->cipherdesc == NULL) {
+			fprintf(stderr, "Sorry, I won't let you use password auth unencrypted.\n");
+		} else {
+			cli_auth_password();
+			finished = 1;
+			cli_ses.lastauthtype = AUTH_TYPE_PASSWORD;
+		}
+	}
+#endif
+
 	TRACE(("cli_auth_try lastauthtype %d", cli_ses.lastauthtype))
 
 	if (finished) {

cli-kex.c

@@ -229,6 +229,8 @@ static void ask_to_confirm(const unsigned char* keyblob, unsigned int keybloblen
 		fclose(tty);
 	} else {
 		response = getc(stdin);
+		/* flush stdin buffer */
+		while ((getchar()) != '\n');
 	}
 
 	if (response == 'y') {

cli-runopts.c

@@ -83,6 +83,7 @@ static void printhelp() {
 					"-W <receive_window_buffer> (default %d, larger may be faster, max 10MB)\n"
 					"-K <keepalive>  (0 is never, default %d)\n"
 					"-I <idle_timeout>  (0 is never, default %d)\n"
+					"-z    disable QoS\n"
 #if DROPBEAR_CLI_NETCAT
 					"-B <endhost:endport> Netcat-alike forwarding\n"
 #endif				
@@ -325,6 +326,9 @@ void cli_getopts(int argc, char ** argv) {
 				case 'b':
 					next = &bind_arg;
 					break;
+				case 'z':
+					opts.disable_ip_tos = 1;
+					break;
 				default:
 					fprintf(stderr,
 						"WARNING: Ignoring unknown option -%c\n", c);

common-algo.c

@@ -114,10 +114,6 @@ static const struct dropbear_hash dropbear_sha2_256 =
 static const struct dropbear_hash dropbear_sha2_512 =
 	{&sha512_desc, 64, 64};
 #endif
-#if DROPBEAR_MD5_HMAC
-static const struct dropbear_hash dropbear_md5 = 
-	{&md5_desc, 16, 16};
-#endif
 
 const struct dropbear_hash dropbear_nohash =
 	{NULL, 16, 0}; /* used initially */
@@ -185,9 +181,6 @@ algo_type sshhashes[] = {
 #endif
 #if DROPBEAR_SHA2_512_HMAC
 	{"hmac-sha2-512", 0, &dropbear_sha2_512, 1, NULL},
-#endif
-#if DROPBEAR_MD5_HMAC
-	{"hmac-md5", 0, (void*)&dropbear_md5, 1, NULL},
 #endif
 	{NULL, 0, NULL, 0, NULL}
 };

common-session.c

@@ -519,15 +519,24 @@ static void send_msg_keepalive() {
 	ses.last_packet_time_idle = old_time_idle;
 }
 
+/* Returns the difference in seconds, clamped to LONG_MAX */
+static long elapsed(time_t now, time_t prev) {
+	time_t del = now - prev;
+	if (del > LONG_MAX) {
+		return LONG_MAX;
+	}
+	return (long)del;
+}
+
 /* Check all timeouts which are required. Currently these are the time for
  * user authentication, and the automatic rekeying. */
 static void checktimeouts() {
 
 	time_t now;
 	now = monotonic_now();
-	
+
 	if (IS_DROPBEAR_SERVER && ses.connect_time != 0
-		&& now - ses.connect_time >= AUTH_TIMEOUT) {
+		&& elapsed(now, ses.connect_time) >= AUTH_TIMEOUT) {
 			dropbear_close("Timeout before auth");
 	}
 
@@ -537,45 +546,47 @@ static void checktimeouts() {
 	}
 
 	if (!ses.kexstate.sentkexinit
-			&& (now - ses.kexstate.lastkextime >= KEX_REKEY_TIMEOUT
+			&& (elapsed(now, ses.kexstate.lastkextime) >= KEX_REKEY_TIMEOUT
 			|| ses.kexstate.datarecv+ses.kexstate.datatrans >= KEX_REKEY_DATA)) {
 		TRACE(("rekeying after timeout or max data reached"))
 		send_msg_kexinit();
 	}
-	
+
 	if (opts.keepalive_secs > 0 && ses.authstate.authdone) {
 		/* Avoid sending keepalives prior to auth - those are
 		not valid pre-auth packet types */
 
 		/* Send keepalives if we've been idle */
-		if (now - ses.last_packet_time_any_sent >= opts.keepalive_secs) {
+		if (elapsed(now, ses.last_packet_time_any_sent) >= opts.keepalive_secs) {
 			send_msg_keepalive();
 		}
 
 		/* Also send an explicit keepalive message to trigger a response
 		if the remote end hasn't sent us anything */
-		if (now - ses.last_packet_time_keepalive_recv >= opts.keepalive_secs
-			&& now - ses.last_packet_time_keepalive_sent >= opts.keepalive_secs) {
+		if (elapsed(now, ses.last_packet_time_keepalive_recv) >= opts.keepalive_secs
+			&& elapsed(now, ses.last_packet_time_keepalive_sent) >= opts.keepalive_secs) {
 			send_msg_keepalive();
 		}
 
-		if (now - ses.last_packet_time_keepalive_recv 
+		if (elapsed(now, ses.last_packet_time_keepalive_recv)
 			>= opts.keepalive_secs * DEFAULT_KEEPALIVE_LIMIT) {
 			dropbear_exit("Keepalive timeout");
 		}
 	}
 
-	if (opts.idle_timeout_secs > 0 
-			&& now - ses.last_packet_time_idle >= opts.idle_timeout_secs) {
+	if (opts.idle_timeout_secs > 0
+			&& elapsed(now, ses.last_packet_time_idle) >= opts.idle_timeout_secs) {
 		dropbear_close("Idle timeout");
 	}
 }
 
-static void update_timeout(long limit, long now, long last_event, long * timeout) {
-	TRACE2(("update_timeout limit %ld, now %ld, last %ld, timeout %ld",
-		limit, now, last_event, *timeout))
+static void update_timeout(long limit, time_t now, time_t last_event, long * timeout) {
+	TRACE2(("update_timeout limit %ld, now %llu, last %llu, timeout %ld",
+		limit,
+		(unsigned long long)now,
+		(unsigned long long)last_event, *timeout))
 	if (last_event > 0 && limit > 0) {
-		*timeout = MIN(*timeout, last_event+limit-now);
+		*timeout = MIN(*timeout, elapsed(now, last_event) + limit);
 		TRACE2(("new timeout %ld", *timeout))
 	}
 }
@@ -584,7 +595,7 @@ static long select_timeout() {
 	/* determine the minimum timeout that might be required, so
 	as to avoid waking when unneccessary */
 	long timeout = KEX_REKEY_TIMEOUT;
-	long now = monotonic_now();
+	time_t now = monotonic_now();
 
 	if (!ses.kexstate.sentkexinit) {
 		update_timeout(KEX_REKEY_TIMEOUT, now, ses.kexstate.lastkextime, &timeout);
@@ -596,7 +607,7 @@ static long select_timeout() {
 	}
 
 	if (ses.authstate.authdone) {
-		update_timeout(opts.keepalive_secs, now, 
+		update_timeout(opts.keepalive_secs, now,
 			MAX(ses.last_packet_time_keepalive_recv, ses.last_packet_time_keepalive_sent),
 			&timeout);
 	}

compat.c

@@ -231,8 +231,7 @@ void setusershell() {
 }
 
 static char **initshells() {
-	/* don't touch this list. */
-	static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
+	static const char *okshells[] = { COMPAT_USER_SHELLS, NULL };
 	register char **sp, *cp;
 	register FILE *fp;
 	struct stat statb;

config.guess

@@ -4,7 +4,7 @@
 
 # shellcheck disable=SC2006,SC2268 # see below for rationale
 
-timestamp='2022-01-09'
+timestamp='2022-09-17'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -966,6 +966,12 @@ EOF
 	GNU_REL=`echo "$UNAME_RELEASE" | sed -e 's/[-(].*//'`
 	GUESS=$UNAME_MACHINE-unknown-$GNU_SYS$GNU_REL-$LIBC
 	;;
+    x86_64:[Mm]anagarm:*:*|i?86:[Mm]anagarm:*:*)
+	GUESS="$UNAME_MACHINE-pc-managarm-mlibc"
+	;;
+    *:[Mm]anagarm:*:*)
+	GUESS="$UNAME_MACHINE-unknown-managarm-mlibc"
+	;;
     *:Minix:*:*)
 	GUESS=$UNAME_MACHINE-unknown-minix
 	;;
@@ -1036,7 +1042,7 @@ EOF
     k1om:Linux:*:*)
 	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
 	;;
-    loongarch32:Linux:*:* | loongarch64:Linux:*:* | loongarchx32:Linux:*:*)
+    loongarch32:Linux:*:* | loongarch64:Linux:*:*)
 	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
 	;;
     m32r*:Linux:*:*)
@@ -1151,16 +1157,27 @@ EOF
 	;;
     x86_64:Linux:*:*)
 	set_cc_for_build
+	CPU=$UNAME_MACHINE
 	LIBCABI=$LIBC
 	if test "$CC_FOR_BUILD" != no_compiler_found; then
-	    if (echo '#ifdef __ILP32__'; echo IS_X32; echo '#endif') | \
-		(CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \
-		grep IS_X32 >/dev/null
-	    then
-		LIBCABI=${LIBC}x32
-	    fi
+	    ABI=64
+	    sed 's/^	    //' << EOF > "$dummy.c"
+	    #ifdef __i386__
+	    ABI=x86
+	    #else
+	    #ifdef __ILP32__
+	    ABI=x32
+	    #endif
+	    #endif
+EOF
+	    cc_set_abi=`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^ABI' | sed 's, ,,g'`
+	    eval "$cc_set_abi"
+	    case $ABI in
+		x86) CPU=i686 ;;
+		x32) LIBCABI=${LIBC}x32 ;;
+	    esac
 	fi
-	GUESS=$UNAME_MACHINE-pc-linux-$LIBCABI
+	GUESS=$CPU-pc-linux-$LIBCABI
 	;;
     xtensa*:Linux:*:*)
 	GUESS=$UNAME_MACHINE-unknown-linux-$LIBC
@@ -1367,8 +1384,11 @@ EOF
     BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
 	GUESS=i586-pc-haiku
 	;;
-    x86_64:Haiku:*:*)
-	GUESS=x86_64-unknown-haiku
+    ppc:Haiku:*:*)	# Haiku running on Apple PowerPC
+	GUESS=powerpc-apple-haiku
+	;;
+    *:Haiku:*:*)	# Haiku modern gcc (not bound by BeOS compat)
+	GUESS=$UNAME_MACHINE-unknown-haiku
 	;;
     SX-4:SUPER-UX:*:*)
 	GUESS=sx4-nec-superux$UNAME_RELEASE

config.h.in

@@ -180,9 +180,6 @@
 /* Define to 1 if you have the <mach/mach_time.h> header file. */
 #undef HAVE_MACH_MACH_TIME_H
 
-/* Define to 1 if you have the <memory.h> header file. */
-#undef HAVE_MEMORY_H
-
 /* Define to 1 if you have the `memset_s' function. */
 #undef HAVE_MEMSET_S
 
@@ -237,6 +234,9 @@
 /* Define to 1 if you have the <stdint.h> header file. */
 #undef HAVE_STDINT_H
 
+/* Define to 1 if you have the <stdio.h> header file. */
+#undef HAVE_STDIO_H
+
 /* Define to 1 if you have the <stdlib.h> header file. */
 #undef HAVE_STDLIB_H
 
@@ -417,17 +417,14 @@
 /* Define to the type of arg 5 for `select'. */
 #undef SELECT_TYPE_ARG5
 
-/* Define to 1 if you have the ANSI C header files. */
+/* Define to 1 if all of the C90 standard headers exist (not just the ones
+   required in a freestanding environment). This macro is provided for
+   backward compatibility; new code need not use it. */
 #undef STDC_HEADERS
 
 /* Use /dev/ptmx */
 #undef USE_DEV_PTMX
 
-/* Enable large inode numbers on Mac OS X 10.5.  */
-#ifndef _DARWIN_USE_64_BIT_INODE
-# define _DARWIN_USE_64_BIT_INODE 1
-#endif
-
 /* Number of bits in a file offset, on hosts where this is settable. */
 #undef _FILE_OFFSET_BITS
 
@@ -446,7 +443,7 @@
 /* Define to `int' if <sys/types.h> does not define. */
 #undef mode_t
 
-/* Define to `int' if <sys/types.h> does not define. */
+/* Define as a signed integer type capable of holding a process identifier. */
 #undef pid_t
 
 /* Define to `unsigned int' if <sys/types.h> does not define. */

config.sub

@@ -4,7 +4,7 @@
 
 # shellcheck disable=SC2006,SC2268 # see below for rationale
 
-timestamp='2022-01-03'
+timestamp='2022-09-17'
 
 # This file is free software; you can redistribute it and/or modify it
 # under the terms of the GNU General Public License as published by
@@ -145,7 +145,7 @@ case $1 in
 			nto-qnx* | linux-* | uclinux-uclibc* \
 			| uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* \
 			| netbsd*-eabi* | kopensolaris*-gnu* | cloudabi*-eabi* \
-			| storm-chaos* | os2-emx* | rtmk-nova*)
+			| storm-chaos* | os2-emx* | rtmk-nova* | managarm-*)
 				basic_machine=$field1
 				basic_os=$maybe_os
 				;;
@@ -1207,7 +1207,7 @@ case $cpu-$vendor in
 			| k1om \
 			| le32 | le64 \
 			| lm32 \
-			| loongarch32 | loongarch64 | loongarchx32 \
+			| loongarch32 | loongarch64 \
 			| m32c | m32r | m32rle \
 			| m5200 | m68000 | m680[012346]0 | m68360 | m683?2 | m68k \
 			| m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x \
@@ -1341,6 +1341,10 @@ EOF
 		kernel=linux
 		os=`echo "$basic_os" | sed -e 's|linux|gnu|'`
 		;;
+	managarm*)
+		kernel=managarm
+		os=`echo "$basic_os" | sed -e 's|managarm|mlibc|'`
+		;;
 	*)
 		kernel=
 		os=$basic_os
@@ -1754,7 +1758,7 @@ case $os in
 	     | onefs* | tirtos* | phoenix* | fuchsia* | redox* | bme* \
 	     | midnightbsd* | amdhsa* | unleashed* | emscripten* | wasi* \
 	     | nsk* | powerunix* | genode* | zvmoe* | qnx* | emx* | zephyr* \
-	     | fiwix* )
+	     | fiwix* | mlibc* )
 		;;
 	# This one is extra strict with allowed versions
 	sco3.2v2 | sco3.2v[4-9]* | sco5v6*)
@@ -1762,6 +1766,9 @@ case $os in
 		;;
 	none)
 		;;
+	kernel* )
+		# Restricted further below
+		;;
 	*)
 		echo Invalid configuration \`"$1"\': OS \`"$os"\' not recognized 1>&2
 		exit 1
@@ -1772,16 +1779,26 @@ esac
 # (given a valid OS), if there is a kernel.
 case $kernel-$os in
 	linux-gnu* | linux-dietlibc* | linux-android* | linux-newlib* \
-		   | linux-musl* | linux-relibc* | linux-uclibc* )
+		   | linux-musl* | linux-relibc* | linux-uclibc* | linux-mlibc* )
 		;;
 	uclinux-uclibc* )
 		;;
-	-dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* )
+	managarm-mlibc* | managarm-kernel* )
+		;;
+	-dietlibc* | -newlib* | -musl* | -relibc* | -uclibc* | -mlibc* )
 		# These are just libc implementations, not actual OSes, and thus
 		# require a kernel.
 		echo "Invalid configuration \`$1': libc \`$os' needs explicit kernel." 1>&2
 		exit 1
 		;;
+	-kernel* )
+		echo "Invalid configuration \`$1': \`$os' needs explicit kernel." 1>&2
+		exit 1
+		;;
+	*-kernel* )
+		echo "Invalid configuration \`$1': \`$kernel' does not support \`$os'." 1>&2
+		exit 1
+		;;
 	kfreebsd*-gnu* | kopensolaris*-gnu*)
 		;;
 	vxworks-simlinux | vxworks-simwindows | vxworks-spe)

configure.ac

@@ -23,15 +23,15 @@ AC_PROG_CC
 if test -z "$LD" ; then
 	LD=$CC
 fi
-AC_SUBST(LD)	
+AC_SUBST(LD)
 
-AC_DEFUN(DB_TRYADDCFLAGS, 
+AC_DEFUN(DB_TRYADDCFLAGS,
 [{
 		OLDFLAGS="$CFLAGS"
 		TESTFLAGS="$1"
-		CFLAGS="$CFLAGS $TESTFLAGS"
-		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		CFLAGS="$TESTFLAGS $CFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDFLAGS" ]
 			)
 }])
@@ -42,12 +42,25 @@ if test -z "$ORIGCFLAGS" && test "$GCC" = "yes"; then
 	CFLAGS="-Os -W -Wall"
 fi
 
+# LTM_CFLAGS is given to ./configure by the user, 
+# DROPBEAR_LTM_CFLAGS is substituted in the LTM Makefile.in
+DROPBEAR_LTM_CFLAGS="$LTM_CFLAGS"
+if test -z "$DROPBEAR_LTM_CFLAGS"; then
+	DROPBEAR_LTM_CFLAGS="-O3 -funroll-loops -fomit-frame-pointer"
+fi
+AC_MSG_NOTICE(Setting LTM_CFLAGS to $DROPBEAR_LTM_CFLAGS)
+AC_ARG_VAR(LTM_CFLAGS, CFLAGS for bundled libtommath. Default -O3 -funroll-loops -fomit-frame-pointer)
+AC_SUBST(DROPBEAR_LTM_CFLAGS)
+
 AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wno-pointer-sign])
 DB_TRYADDCFLAGS([-Wno-pointer-sign])
 
 AC_MSG_NOTICE([Checking if compiler '$CC' supports -fno-strict-overflow])
 DB_TRYADDCFLAGS([-fno-strict-overflow])
 
+AC_MSG_NOTICE([Checking if compiler '$CC' supports -Wundef])
+DB_TRYADDCFLAGS([-Wundef])
+
 # needed for various extensions. define early before autoconf tests
 AC_DEFINE([_GNU_SOURCE], [], [Use GNU extensions if glibc])
 
@@ -81,15 +94,15 @@ if test "$hardenbuild" -eq 1; then
 
 		OLDLDFLAGS="$LDFLAGS"
 		TESTFLAGS="-Wl,-pie"
-		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[
 				LDFLAGS="$OLDLDFLAGS"
 				TESTFLAGS="-pie"
-				LDFLAGS="$LDFLAGS $TESTFLAGS"
-				AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-					[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+				LDFLAGS="$TESTFLAGS $LDFLAGS"
+				AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+					[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 					[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 					)
 			]
@@ -97,24 +110,24 @@ if test "$hardenbuild" -eq 1; then
 		# readonly elf relocation sections (relro)
 		OLDLDFLAGS="$LDFLAGS"
 		TESTFLAGS="-Wl,-z,now -Wl,-z,relro"
-		LDFLAGS="$LDFLAGS $TESTFLAGS"
-		AC_LINK_IFELSE([AC_LANG_PROGRAM([])], 
-			[AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+		LDFLAGS="$TESTFLAGS $LDFLAGS"
+		AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			[AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			[AC_MSG_NOTICE([Not setting $TESTFLAGS]); LDFLAGS="$OLDLDFLAGS" ]
 			)
 	fi # non-static
 	# stack protector. -strong is good but only in gcc 4.9 or later
 	OLDCFLAGS="$CFLAGS"
 	TESTFLAGS="-fstack-protector-strong"
-	CFLAGS="$CFLAGS $TESTFLAGS"
-	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-	    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+	CFLAGS="$TESTFLAGS $CFLAGS"
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+	    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 	    [
 			CFLAGS="$OLDCFLAGS"
 			TESTFLAGS="-fstack-protector --param=ssp-buffer-size=4"
-			CFLAGS="$CFLAGS $TESTFLAGS"
-			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 
-			    [AC_MSG_NOTICE([Setting $TESTFLAGS])], 
+			CFLAGS="$TESTFLAGS $CFLAGS"
+			AC_LINK_IFELSE([AC_LANG_PROGRAM([])],
+			    [AC_MSG_NOTICE([Setting $TESTFLAGS])],
 			    [AC_MSG_NOTICE([Not setting $TESTFLAGS]); CFLAGS="$OLDCFLAGS" ]
 			    )
 	    ]
@@ -174,7 +187,7 @@ case "$host" in
 	# OpenSSH thinks it's broken. If it isn't, let me know.
 	AC_DEFINE(BROKEN_GETADDRINFO,1,Broken getaddrinfo)
 	;;
-	
+
 *-*-hpux*)
 	LIBS="$LIBS -lsec"
 	# It's probably broken.
@@ -191,7 +204,7 @@ AC_CHECK_TOOL(STRIP, strip, :)
 AC_CHECK_TOOL(INSTALL, install, :)
 
 dnl Can't use login() or logout() with uclibc
-AC_CHECK_DECL(__UCLIBC__, 
+AC_CHECK_DECL(__UCLIBC__,
 	[
 	no_loginfunc_check=1
 	AC_MSG_NOTICE([Using uClibc - login() and logout() probably don't work, so we won't use them.])
@@ -199,14 +212,14 @@ AC_CHECK_DECL(__UCLIBC__,
 
 dnl We test for crypt() specially. On Linux (and others?) it resides in libcrypt
 dnl but we don't want link all binaries to -lcrypt, just dropbear server.
-dnl OS X doesn't need -lcrypt 
+dnl OS X doesn't need -lcrypt
 AC_CHECK_FUNC(crypt, found_crypt_func=here)
-AC_CHECK_LIB(crypt, crypt, 
+AC_CHECK_LIB(crypt, crypt,
 	[
 	CRYPTLIB="-lcrypt"
 	found_crypt_func=here
 	])
-AC_SUBST(CRYPTLIB)	
+AC_SUBST(CRYPTLIB)
 if test "t$found_crypt_func" = there; then
 AC_DEFINE(HAVE_CRYPT, 1, [crypt() function])
 fi
@@ -568,7 +581,7 @@ AC_ARG_ENABLE(bundled-libtom,
 )
 
 if test $BUNDLED_LIBTOM = 1 ; then
-	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom) 
+	AC_DEFINE(BUNDLED_LIBTOM,1,Use bundled libtom)
 fi
 
 AC_SUBST(LIBTOM_LIBS)
@@ -641,7 +654,7 @@ AC_ARG_ENABLE(pututxline,
 AC_ARG_WITH(lastlog,
   [  --with-lastlog=FILE|DIR specify lastlog location [common locations]],
 	[
-		if test "x$withval" = "xno" ; then	
+		if test "x$withval" = "xno" ; then
 			AC_DEFINE(DISABLE_LASTLOG)
 		else
 			conf_lastlog_location=$withval
@@ -716,7 +729,7 @@ fi
 
 if test -n "$conf_lastlog_location"; then
 	AC_DEFINE_UNQUOTED(CONF_LASTLOG_FILE, "$conf_lastlog_location", lastlog file location)
-fi	
+fi
 
 dnl utmp detection
 AC_MSG_CHECKING([if your system defines UTMP_FILE])
@@ -746,7 +759,7 @@ if test -z "$conf_utmp_location"; then
 fi
 if test -n "$conf_utmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_UTMP_FILE, "$conf_utmp_location", utmp file location)
-fi	
+fi
 
 dnl wtmp detection
 AC_MSG_CHECKING([if your system defines WTMP_FILE])
@@ -778,7 +791,7 @@ if test -z "$conf_wtmp_location"; then
 fi
 if test -n "$conf_wtmp_location"; then
 	AC_DEFINE_UNQUOTED(CONF_WTMP_FILE, "$conf_wtmp_location", wtmp file location)
-fi	
+fi
 
 
 dnl utmpx detection - I don't know any system so perverse as to require
@@ -806,7 +819,7 @@ if test -z "$conf_utmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location", utmpx file location)
-fi	
+fi
 
 dnl wtmpx detection
 AC_MSG_CHECKING([if your system defines WTMPX_FILE])
@@ -833,7 +846,7 @@ if test -z "$conf_wtmpx_location"; then
 	fi
 else
 	AC_DEFINE_UNQUOTED(CONF_WTMPX_FILE, "$conf_wtmpx_location", wtmpx file location)
-fi	
+fi
 
 # Checks for library functions.
 AC_PROG_GCC_TRADITIONAL
@@ -869,7 +882,7 @@ fi
 AC_EXEEXT
 
 if test $BUNDLED_LIBTOM = 1 ; then
-(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv 
+(cd $srcdir; find libtomcrypt -type d) | xargs mkdir -pv
 LIBTOM_FILES="libtomcrypt/Makefile libtommath/Makefile"
 fi
 

crypto_desc.c

@@ -34,9 +34,6 @@ void crypto_init() {
 #if DROPBEAR_SHA1_HMAC
 		&sha1_desc,
 #endif
-#if DROPBEAR_MD5_HMAC
-		&md5_desc,
-#endif
 #if DROPBEAR_SHA256
 		&sha256_desc,
 #endif

dbclient.1

@@ -94,7 +94,18 @@ is performed at all, this is usually undesirable.
 .B \-A
 Forward agent connections to the remote host. dbclient will use any
 OpenSSH-style agent program if available ($SSH_AUTH_SOCK will be set) for
-public key authentication.  Forwarding is only enabled if -A is specified.
+public key authentication.  Forwarding is only enabled if \fI-A\fR is specified.
+
+Beware that a forwarded agent connection will allow the remote server to have
+the same authentication credentials as you have used locally. A compromised
+remote server could use that to log in to other servers. 
+
+In many situations Dropbear's multi-hop mode is a better and more secure alternative
+to agent forwarding, avoiding having to trust the intermediate server.
+
+If the SSH agent program is set to prompt when a key is used, the 
+\fI-o DisableTrivialAuth\fR option can prevent UI confusion.
+
 .TP
 .B \-W \fIwindowsize
 Specify the per-channel receive window buffer size. Increasing this 
@@ -111,6 +122,9 @@ if 0 disables keepalives. If no response is received for 3 consecutive keepalive
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
+.B \-z
+By default Dropbear will send network traffic with the \fBAF21\fR setting for QoS, letting network devices give it higher priority. Some devices may have problems with that, \fI-z\fR can be used to disable it.
+.TP
 
 .\" TODO: how to avoid a line break between these two -J arguments?
 .B \-J \fIproxy_command
@@ -156,6 +170,13 @@ Send dbclient log messages to syslog in addition to stderr.
 .TP
 .B Port
 Specify a listening port, like the \fI-p\fR argument.
+.TP
+.B DisableTrivialAuth
+Disallow a server immediately
+giving successful authentication (without presenting any password/pubkey prompt).
+This avoids a UI confusion issue where it may appear that the user is accepting
+a SSH agent prompt from their local machine, but are actually accepting a prompt
+sent immediately by the remote server. 
 .RE
 .TP
 .B \-s 

dbrandom.c

@@ -347,7 +347,7 @@ void genrandom(unsigned char* buf, unsigned int len) {
  * rand must be an initialised *mp_int for the result.
  * the result rand satisfies:  0 < rand < max 
  * */
-void gen_random_mpint(mp_int *max, mp_int *rand) {
+void gen_random_mpint(const mp_int *max, mp_int *rand) {
 
 	unsigned char *randbuf = NULL;
 	unsigned int len = 0;

dbrandom.h

@@ -30,6 +30,6 @@
 void seedrandom(void);
 void genrandom(unsigned char* buf, unsigned int len);
 void addrandom(const unsigned char * buf, unsigned int len);
-void gen_random_mpint(mp_int *max, mp_int *rand);
+void gen_random_mpint(const mp_int *max, mp_int *rand);
 
 #endif /* DROPBEAR_RANDOM_H_ */

dbutil.c

@@ -442,7 +442,7 @@ void printhex(const char * label, const unsigned char * buf, int len) {
 	}
 }
 
-void printmpint(const char *label, mp_int *mp) {
+void printmpint(const char *label, const mp_int *mp) {
 	buffer *buf = buf_new(1000);
 	buf_putmpint(buf, mp);
 	fprintf(stderr, "%d bits ", mp_count_bits(mp));
@@ -724,7 +724,7 @@ void gettime_wrapper(struct timespec *now) {
 	/* Fallback for everything else - this will sometimes go backwards */
 	gettimeofday(&tv, NULL);
 	now->tv_sec = tv.tv_sec;
-	now->tv_nsec = 1000*tv.tv_usec;
+	now->tv_nsec = 1000*(long)tv.tv_usec;
 }
 
 /* second-resolution monotonic timestamp */

dbutil.h

@@ -53,7 +53,7 @@ void dropbear_trace3(const char* format, ...) ATTRIB_PRINTF(1,2);
 void dropbear_trace4(const char* format, ...) ATTRIB_PRINTF(1,2);
 void dropbear_trace5(const char* format, ...) ATTRIB_PRINTF(1,2);
 void printhex(const char * label, const unsigned char * buf, int len);
-void printmpint(const char *label, mp_int *mp);
+void printmpint(const char *label, const mp_int *mp);
 void debug_start_net(void);
 extern int debug_trace;
 #endif

debian/changelog

@@ -1,3 +1,9 @@
+dropbear (2022.83-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Mon, 14 Nov 2022 22:51:57 +0800
+
 dropbear (2022.82-0.1) unstable; urgency=low
 
   * New upstream release.
@@ -173,24 +179,6 @@ dropbear (0.53-0.1) unstable; urgency=low
 
  -- Matt Johnston <matt@ucc.asn.au>  Thu, 24 Feb 2011 22:54:00 +0900
 
-dropbear (0.52-2) unstable; urgency=low
-
-  * Make key utils part of dropbear-server package (since it's
-  required anyway, single binary saves space), rename -common to
-  -keyutils
-  * Don't make clean between builds, just rm *.o since only
-  top-level files change
-
- -- Matt Johnston <matt@ucc.asn.au>  Wed, 19 Nov 2008 21:54:00 +0900
-
-dropbear (0.52-1) unstable; urgency=low
-
-  * Maemo port, split into 5 packages
-  (dropbear, dropbear-server, dropbear-client, dropbear-common, dropbear-scp).
-  This avoids conflicts with openssh package.
-
- -- Matt Johnston <matt@ucc.asn.au>  Wed, 19 Nov 2008 20:54:00 +0900
-
 dropbear (0.52-0.1) unstable; urgency=low
 
   * New upstream release.

debian/control

@@ -1,7 +1,7 @@
 Source: dropbear
-Section: user/network
+Section: net
 Priority: optional
-Maintainer: Matt Johnston <matt@ucc.asn.au>
+Maintainer: Gerrit Pape <pape@smarden.org>
 Build-Depends: libz-dev
 Standards-Version: 3.7.3.0
 
@@ -9,9 +9,6 @@ Package: dropbear
 Architecture: any
 Depends: ${shlibs:Depends}
 Suggests: openssh-client, runit
-Section: user/network
-Conflicts: dropbear-server, dropbear-client, dropbear-keyutils, dropbear-scp
-XB-Maemo-Display-Name: Dropbear SSH Client and Server
 Description: lightweight SSH2 server and client
  dropbear is a SSH 2 server and client designed to be small enough to
  be used in small memory environments, while still being functional and
@@ -20,76 +17,4 @@ Description: lightweight SSH2 server and client
  It implements most required features of the SSH 2 protocol, and other
  features such as X11 and authentication agent forwarding.
  .
- This package provides Dropbear client and server as a single binary,
- as well as key utilities and SCP.
- .
  See http://matt.ucc.asn.au/dropbear/dropbear.html
-
-Package: dropbear-server
-Architecture: any
-Depends: ${shlibs:Depends}
-Section: user/network
-Conflicts: dropbear, dropbear-keyutils
-Provides: dropbear-keyutils
-Recommends: dropbear-scp
-XB-Maemo-Display-Name: Dropbear SSH Server
-Description: lightweight SSH2 server
- dropbear is a SSH 2 server and client designed to be small enough to
- be used in small memory environments, while still being functional and
- secure enough for general use.
- .
- It implements most required features of the SSH 2 protocol, and other
- features such as X11 and authentication agent forwarding.
- .
- This package provides only the Dropbear server.
- .
- See http://matt.ucc.asn.au/dropbear/dropbear.html
-
-Package: dropbear-client
-Architecture: any
-Conflicts: dropbear
-Section: user/network
-Depends: ${shlibs:Depends}
-Recommends: dropbear-scp
-Suggests: dropbear-keyutils
-XB-Maemo-Display-Name: Dropbear SSH Client
-Description: lightweight SSH2 client
- dropbear is a SSH 2 server and client designed to be small enough to
- be used in small memory environments, while still being functional and
- secure enough for general use.
- .
- It implements most required features of the SSH 2 protocol, and other
- features such as X11 and authentication agent forwarding.
- .
- This package provides only the Dropbear client.
- .
- See http://matt.ucc.asn.au/dropbear/dropbear.html
-
-Package: dropbear-keyutils
-Architecture: any
-Conflicts: dropbear, dropbear-server
-Section: user/network
-XB-Maemo-Display-Name: Dropbear SSH Key Utils
-Depends: ${shlibs:Depends}
-Description: lightweight SSH2, key management utilities
- dropbear is a SSH 2 server and client designed to be small enough to
- be used in small memory environments, while still being functional and
- secure enough for general use.
- .
- This package provides dropbearkey and dropbearconvert programs,
- for generating keys and converting to/from OpenSSH keys.
- .
- See http://matt.ucc.asn.au/dropbear/dropbear.html
-
-Package: dropbear-scp
-Architecture: any
-Section: user/network
-Conflicts: dropbear
-XB-Maemo-Display-Name: Dropbear SCP
-Depends: ${shlibs:Depends}
-Description: lightweight SSH2 scp
- dropbear is a SSH 2 server and client designed to be small enough to
- be used in small memory environments, while still being functional and
- secure enough for general use.
- .
- This dropbear-scp package provides /usr/bin/scp.

debian/dropbear-server.conffiles

@@ -1,3 +0,0 @@
-/etc/init.d/dropbear
-/etc/dropbear/run
-/etc/dropbear/log/run

debian/dropbear-server.postinst

@@ -1,79 +0,0 @@
-#!/bin/sh
-set -e
-
-test "$1" = 'configure' || exit 0
-
-if test ! -e /etc/dropbear/dropbear_rsa_host_key; then
-  if test -f /etc/ssh/ssh_host_rsa_key; then
-    echo "Converting existing OpenSSH RSA host key to Dropbear format."
-    /usr/lib/dropbear/dropbearconvert openssh dropbear \
-      /etc/ssh/ssh_host_rsa_key /etc/dropbear/dropbear_rsa_host_key
-  else
-    echo "Generating Dropbear RSA key. Please wait."
-    dropbearkey -t rsa -f /etc/dropbear/dropbear_rsa_host_key
-  fi
-fi
-if test ! -e /etc/dropbear/dropbear_dss_host_key; then
-  if test -f /etc/ssh/ssh_host_dsa_key; then
-    echo "Converting existing OpenSSH RSA host key to Dropbear format."
-    /usr/lib/dropbear/dropbearconvert openssh dropbear \
-      /etc/ssh/ssh_host_dsa_key /etc/dropbear/dropbear_dss_host_key
-  else
-    echo "Generating Dropbear DSS key. Please wait."
-    dropbearkey -t dss -f /etc/dropbear/dropbear_dss_host_key
-  fi
-fi
-if test ! -s /etc/default/dropbear; then 
-  # check whether OpenSSH seems to be installed.
-  if test -x /usr/sbin/sshd; then
-    cat <<EOT
-OpenSSH appears to be installed.  Setting /etc/default/dropbear so that
-Dropbear will not start by default.  Edit this file to change this behaviour.
-
-EOT
-    cat >>/etc/default/dropbear <<EOT
-# disabled because OpenSSH is installed
-# change to NO_START=0 to enable Dropbear
-NO_START=1
-
-EOT
-  fi
-  cat >>/etc/default/dropbear <<EOT
-# the TCP port that Dropbear listens on
-DROPBEAR_PORT=22
-
-# any additional arguments for Dropbear
-DROPBEAR_EXTRA_ARGS=
-
-# specify an optional banner file containing a message to be
-# sent to clients before they connect, such as "/etc/issue.net"
-DROPBEAR_BANNER=""
-
-# RSA hostkey file (default: /etc/dropbear/dropbear_rsa_host_key)
-#DROPBEAR_RSAKEY="/etc/dropbear/dropbear_rsa_host_key"
-
-# DSS hostkey file (default: /etc/dropbear/dropbear_dss_host_key)
-#DROPBEAR_DSSKEY="/etc/dropbear/dropbear_dss_host_key"
-
-# Receive window size - this is a tradeoff between memory and
-# network performance
-DROPBEAR_RECEIVE_WINDOW=65536
-EOT
-fi
-
-if test -x /etc/init.d/dropbear; then
-  update-rc.d dropbear defaults >/dev/null
-  if test -x /usr/sbin/invoke-rc.d; then
-    invoke-rc.d dropbear restart
-  else
-    /etc/init.d/dropbear restart
-  fi
-fi
-
-if test -n "$2" && dpkg --compare-versions "$2" lt '0.50-4' &&
-update-service --check dropbear 2>/dev/null; then
-  update-service --remove /etc/dropbear 2>/dev/null || :
-  sleep 6
-  rm -rf /var/run/dropbear /var/run/dropbear.log
-  update-service --add /etc/dropbear || :
-fi

debian/dropbear-server.postrm

@@ -1,12 +0,0 @@
-#! /bin/sh
-set -e
-
-test "$1" = 'purge' || exit 0
-if test -e /etc/dropbear; then
-  rm -f /etc/dropbear/dropbear_rsa_host_key
-  rm -f /etc/dropbear/dropbear_dss_host_key
-  rmdir --ignore-fail-on-non-empty /etc/dropbear
-fi
-update-rc.d dropbear remove >/dev/null
-rm -f /etc/default/dropbear
-rm -rf /etc/dropbear/supervise /etc/dropbear/log/supervise

debian/dropbear-server.prerm

@@ -1,11 +0,0 @@
-#!/bin/sh
-set -e
-
-test "$1" = 'remove' || test "$1" = 'deconfigure' || exit 0
-if test -x /etc/init.d/dropbear; then
-  if test -x /usr/sbin/invoke-rc.d; then
-    invoke-rc.d dropbear stop
-  else
-    /etc/init.d/dropbear stop
-  fi
-fi

debian/dropbear.init

@@ -25,7 +25,7 @@ set -e
 cancel() { echo "$1" >&2; exit 0; };
 test ! -r /etc/default/dropbear || . /etc/default/dropbear
 test -x "$DAEMON" || cancel "$DAEMON does not exist or is not executable."
-test ! -x /usr/sbin/update-service || ! update-service --check dropbear ||
+test ! -x /usr/sbin/update-service || ! update-service --check dropbear || \
   cancel 'The dropbear service is controlled through runit, use the sv(8) program'
 
 test -z "$DROPBEAR_BANNER" || \
@@ -39,7 +39,7 @@ test -n "$DROPBEAR_RECEIVE_WINDOW" || \
 
 case "$1" in
   start)
-	test "$NO_START" = "0" || cancel '/etc/default/dropbear NO_START is set, Dropbear will not run.'
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
 	echo -n "Starting $DESC: "
 	start-stop-daemon --start --quiet --pidfile /var/run/"$NAME".pid \
 	  --exec "$DAEMON" -- -d "$DROPBEAR_DSSKEY" -r "$DROPBEAR_RSAKEY" \
@@ -52,7 +52,7 @@ case "$1" in
 	echo "$NAME."
 	;;
   restart|force-reload)
-	test "$NO_START" = "0" || cancel '/etc/default/dropbear NO_START is set, Dropbear will not run.'
+	test "$NO_START" = "0" || cancel 'NO_START is not set to zero.'
 	echo -n "Restarting $DESC: "
 	start-stop-daemon --stop --quiet --oknodo --pidfile /var/run/"$NAME".pid
 	sleep 1

debian/rules

@@ -20,6 +20,8 @@ ifneq (,$(findstring diet,$(DEB_BUILD_OPTIONS)))
   CC =diet -v -Os gcc -nostdinc
 endif
 
+DIR =$(shell pwd)/debian/dropbear
+
 patch: deb-checkdir patch-stamp
 patch-stamp:
 	for i in `ls -1 debian/diff/*.diff || :`; do \
@@ -34,15 +36,13 @@ config.status: patch-stamp configure
 	    --build='$(DEB_BUILD_GNU_TYPE)' --prefix=/usr \
 	    --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info \
 	    $(CONFFLAGS)
-	$(MAKE) clean
 
 build: deb-checkdir build-stamp
 build-stamp: config.status
 	$(MAKE) CC='$(CC)' LD='$(CC)'
 	touch build-stamp
 
-clean: DIR=$(shell pwd)/debian/dropbear
-clean: deb-checkdir deb-checkuid 
+clean: deb-checkdir deb-checkuid
 	test ! -r Makefile || $(MAKE) distclean
 	rm -f libtomcrypt/Makefile libtommath/Makefile
 	test ! -e patch-stamp || \
@@ -51,117 +51,22 @@ clean: deb-checkdir deb-checkuid
 	  done
 	rm -f patch-stamp build-stamp config.log config.status
 	rm -rf '$(DIR)'
-	rm -rf '$(DIR)'-client
-	rm -rf '$(DIR)'-server
-	rm -rf '$(DIR)'-keyutils
-	rm -rf '$(DIR)'-scp
 	rm -f debian/files debian/substvars debian/copyright changelog
 
-install-server: DIR=$(shell pwd)/debian/dropbear-server
-install-server: deb-checkdir deb-checkuid config.status 
-	rm -f '$(DIR)'
-	rm *.o
-	$(MAKE) CC='$(CC)' LD='$(LD)' PROGRAMS="dropbear dropbearkey dropbearconvert" MULTI=1
+install: deb-checkdir deb-checkuid build-stamp
+	rm -rf '$(DIR)'
 	install -d -m0755 '$(DIR)'/etc/dropbear
 	# programs
-	install -d -m0755 '$(DIR)'/usr/bin
 	install -d -m0755 '$(DIR)'/usr/sbin
-	install -d -m0755 '$(DIR)'/usr/lib/dropbear
-	install -m0755 dropbearmulti \
-	  '$(DIR)'/usr/lib/dropbear/dropbearmulti
-	ln -s ../lib/dropbear/dropbearmulti '$(DIR)'/usr/bin/dropbearkey
-	ln -s ../lib/dropbear/dropbearmulti '$(DIR)'/usr/sbin/dropbear
-	ln -s dropbearmulti '$(DIR)'/usr/lib/dropbear/dropbearconvert
-	# init and run scripts
-	install -d -m0755 '$(DIR)'/etc/init.d
-	install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear
-	install -m0755 debian/service/run '$(DIR)'/etc/dropbear/run
-	install -d -m0755 '$(DIR)'/etc/dropbear/log
-	install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run
-	ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
-	install -d -m0755 '$(DIR)'/usr/share/man/man8
-	for i in dropbear.8 ; do \
-	  install -m644 $$i '$(DIR)'/usr/share/man/man8/ || exit 1; \
-	done
-	gzip -9 '$(DIR)'/usr/share/man/man8/*.8
-	# copyright, changelog
-	cat debian/copyright.in LICENSE > debian/copyright
-	test -r changelog || ln -s CHANGES changelog
-	$(STRIP) -R .comment -R .note '$(DIR)'/usr/lib/dropbear/*
-
-	install -d -m0755 '$(DIR)'/DEBIAN
-	test '$(CC)' != 'gcc' || \
-	  dpkg-shlibdeps '$(DIR)'/usr/lib/dropbear/*
-
-install-client: DIR=$(shell pwd)/debian/dropbear-client
-install-client: deb-checkdir deb-checkuid config.status 
-	rm -f '$(DIR)'
-	rm *.o
-	$(MAKE) CC='$(CC)' LD='$(LD)' PROGRAMS=dbclient dbclient
+	install -m0755 dropbear '$(DIR)'/usr/sbin/dropbear
 	install -d -m0755 '$(DIR)'/usr/bin
 	install -m0755 dbclient '$(DIR)'/usr/bin/dbclient
-	install -d -m0755 '$(DIR)'/usr/share/man/man1
-	install -m644 dbclient.1 '$(DIR)'/usr/share/man/man1/
-	gzip -9 '$(DIR)'/usr/share/man/man1/*.1
-	$(STRIP) -R .comment -R .note '$(DIR)'/usr/bin/* 
-
-	install -d -m0755 '$(DIR)'/DEBIAN
-	test '$(CC)' != 'gcc' || \
-	  dpkg-shlibdeps  '$(DIR)'/usr/bin/*
-
-install-keyutils: DIR=$(shell pwd)/debian/dropbear-keyutils
-install-keyutils: deb-checkdir deb-checkuid config.status 
-	rm -f '$(DIR)'
-	rm *.o
-	$(MAKE) CC='$(CC)' LD='$(LD)' PROGRAMS="dropbearkey dropbearconvert" MULTI=1
-	install -d -m0755 '$(DIR)'/usr/bin
+	install -m0755 dropbearkey '$(DIR)'/usr/bin/dropbearkey
 	install -d -m0755 '$(DIR)'/usr/lib/dropbear
-	install -m0755 dropbearmulti \
-	  '$(DIR)'/usr/lib/dropbear/dropbearmulti
-	ln -s ../lib/dropbear/dropbearmulti '$(DIR)'/usr/bin/dropbearkey
-	ln -s dropbearmulti '$(DIR)'/usr/lib/dropbear/dropbearconvert
-	install -d -m0755 '$(DIR)'/usr/share/man/man8
-	for i in dropbearkey.8; do \
-	  install -m644 $$i '$(DIR)'/usr/share/man/man8/ || exit 1; \
-	done
-	gzip -9 '$(DIR)'/usr/share/man/man8/*.8
-	$(STRIP) -R .comment -R .note \
-	   '$(DIR)'/usr/lib/dropbear/*
-
-	install -d -m0755 '$(DIR)'/DEBIAN
-	test '$(CC)' != 'gcc' || \
-	  dpkg-shlibdeps '$(DIR)'/usr/lib/dropbear/*
-
-install-scp: DIR=$(shell pwd)/debian/dropbear-scp
-install-scp: deb-checkdir deb-checkuid config.status 
-	rm -f '$(DIR)'
-	rm *.o
-	$(MAKE) CC='$(CC)' LD='$(LD)' PROGRAMS="scp" scp 
-	install -d -m0755 '$(DIR)'/usr/bin
-	install -m0755 scp '$(DIR)'/usr/bin/scp
-	$(STRIP) -R .comment -R .note '$(DIR)'/usr/bin/*
-
-	install -d -m0755 '$(DIR)'/DEBIAN
-	test '$(CC)' != 'gcc' || \
-	  dpkg-shlibdeps '$(DIR)'/usr/bin/* 
-
-install-multi: DIR=$(shell pwd)/debian/dropbear
-install-multi: deb-checkdir deb-checkuid config.status 
-	rm -f '$(DIR)'
-	rm *.o
-	$(MAKE) CC='$(CC)' LD='$(LD)' PROGRAMS="dropbearkey dropbearconvert scp dropbear dbclient" MULTI=1
-	install -d -m0755 '$(DIR)'/etc/dropbear
-	# programs
-	install -d -m0755 '$(DIR)'/usr/bin
-	install -d -m0755 '$(DIR)'/usr/sbin
-	install -d -m0755 '$(DIR)'/usr/lib/dropbear
-	install -m0755 dropbearmulti \
-	  '$(DIR)'/usr/lib/dropbear/dropbearmulti
-	ln -s ../lib/dropbear/dropbearmulti '$(DIR)'/usr/bin/dropbearkey
-	ln -s ../lib/dropbear/dropbearmulti '$(DIR)'/usr/bin/dbclient
-	ln -s ../lib/dropbear/dropbearmulti '$(DIR)'/usr/bin/scp
-	ln -s ../lib/dropbear/dropbearmulti '$(DIR)'/usr/sbin/dropbear
-	ln -s dropbearmulti '$(DIR)'/usr/lib/dropbear/dropbearconvert
+	install -m0755 dropbearconvert \
+	  '$(DIR)'/usr/lib/dropbear/dropbearconvert
+	$(STRIP) -R .comment -R .note '$(DIR)'/usr/sbin/* \
+	  '$(DIR)'/usr/bin/* '$(DIR)'/usr/lib/dropbear/*
 	# init and run scripts
 	install -d -m0755 '$(DIR)'/etc/init.d
 	install -m0755 debian/dropbear.init '$(DIR)'/etc/init.d/dropbear
@@ -169,6 +74,7 @@ install-multi: deb-checkdir deb-checkuid config.status
 	install -d -m0755 '$(DIR)'/etc/dropbear/log
 	install -m0755 debian/service/log '$(DIR)'/etc/dropbear/log/run
 	ln -s /var/log/dropbear '$(DIR)'/etc/dropbear/log/main
+	# man pages
 	install -d -m0755 '$(DIR)'/usr/share/man/man8
 	install -d -m0755 '$(DIR)'/usr/share/man/man1
 	install -m644 dropbear.8 '$(DIR)'/usr/share/man/man8/
@@ -177,26 +83,18 @@ install-multi: deb-checkdir deb-checkuid config.status
 	done
 	gzip -9 '$(DIR)'/usr/share/man/man8/*.8
 	gzip -9 '$(DIR)'/usr/share/man/man1/*.1
-	$(STRIP) -R .comment -R .note '$(DIR)'/usr/lib/dropbear/*
+	# copyright, changelog
+	cat debian/copyright.in LICENSE >debian/copyright
+	test -r changelog || ln -s CHANGES changelog
 
-	install -d -m0755 '$(DIR)'/DEBIAN
-	test '$(CC)' != 'gcc' || \
-	  dpkg-shlibdeps '$(DIR)'/usr/lib/dropbear/*
-
-install: install-client install-server install-keyutils install-multi install-scp
 binary-indep:
 
-binary-arch: install dropbear.deb dropbear-server.deb dropbear-keyutils.deb dropbear-scp.deb dropbear-client.deb
-	dpkg-gencontrol -isp -pdropbear -P'$(shell pwd)/debian'/dropbear
-	dpkg-gencontrol -isp -pdropbear-server -P'$(shell pwd)/debian'/dropbear-server
-	dpkg-gencontrol -isp -pdropbear-client -P'$(shell pwd)/debian'/dropbear-client
-	dpkg-gencontrol -isp -pdropbear-keyutils -P'$(shell pwd)/debian'/dropbear-keyutils
-	dpkg-gencontrol -isp -pdropbear-scp -P'$(shell pwd)/debian'/dropbear-scp
-	dpkg -b '$(shell pwd)/debian'/dropbear ..
-	dpkg -b '$(shell pwd)/debian'/dropbear-server ..
-	dpkg -b '$(shell pwd)/debian'/dropbear-keyutils ..
-	dpkg -b '$(shell pwd)/debian'/dropbear-scp ..
-	dpkg -b '$(shell pwd)/debian'/dropbear-client ..
+binary-arch: install dropbear.deb
+	test '$(CC)' != 'gcc' || \
+	  dpkg-shlibdeps '$(DIR)'/usr/sbin/* '$(DIR)'/usr/bin/* \
+	    '$(DIR)'/usr/lib/dropbear/*
+	dpkg-gencontrol -isp -pdropbear -P'$(DIR)'
+	dpkg -b '$(DIR)' ..
 
 binary: binary-arch binary-indep
 

default_options.h

@@ -122,30 +122,43 @@ IMPORTANT: Some options will require "make clean" after changes */
    sha1 for compatibility */
 #define DROPBEAR_SHA1_HMAC 1
 #define DROPBEAR_SHA2_256_HMAC 1
+#define DROPBEAR_SHA2_512_HMAC 0
 #define DROPBEAR_SHA1_96_HMAC 0
 
 /* Hostkey/public key algorithms - at least one required, these are used
  * for hostkey as well as for verifying signatures with pubkey auth.
- * Removing either of these won't save very much space.
  * RSA is recommended.
- * DSS may be necessary to connect to some systems though
- * is not recommended for new keys.
+ *
  * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */
 #define DROPBEAR_RSA 1
-#define DROPBEAR_DSS 1
+/* Newer SSH implementations use SHA256 for RSA signatures. SHA1
+ * support is required to communicate with some older implementations.
+ * It will be removed in future due to SHA1 insecurity, it can be
+ * disabled with DROPBEAR_RSA_SHA1 set to 0 */
+#define DROPBEAR_RSA_SHA1 1
+
+/* DSS may be necessary to connect to some systems but is not
+ * recommended for new keys (1024 bits is small, and it uses SHA1).
+ * RSA key generation will be faster with bundled libtommath
+ * if DROPBEAR_DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858 */
+#define DROPBEAR_DSS 0
 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC
  * code (either ECDSA or ECDH) increases binary size - around 30kB
  * on x86-64.
  * See: ECDSA_PRIV_FILENAME  */
 #define DROPBEAR_ECDSA 1
+
 /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases
  * binary size - around 7,5kB on x86-64.
  * See: ED25519_PRIV_FILENAME  */
 #define DROPBEAR_ED25519 1
-/* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth.
+
+/* Allow U2F security keys for public key auth, with
+ * sk-ecdsa-sha2-nistp256@openssh.com or sk-ssh-ed25519@openssh.com keys.
+ * The corresponding DROPBEAR_ECDSA or DROPBEAR_ED25519 also needs to be set.
  * This is currently server-only. */
-#define DROPBEAR_SK_ECDSA 1
-#define DROPBEAR_SK_ED25519 1
+#define DROPBEAR_SK_KEYS 1
 
 /* RSA must be >=1024 */
 #define DROPBEAR_DEFAULT_RSA_SIZE 2048

dropbear.8

@@ -53,6 +53,10 @@ Disable password logins.
 .B \-g
 Disable password logins for root.
 .TP
+.B \-t
+Enable two-factor authentication. Both password login and public key authentication are
+required. Should not be used with the '-s' option.
+.TP
 .B \-j
 Disable local port forwarding.
 .TP
@@ -97,6 +101,9 @@ of 0 disables keepalives. If no response is received for 3 consecutive keepalive
 .B \-I \fIidle_timeout
 Disconnect the session if no traffic is transmitted or received for \fIidle_timeout\fR seconds.
 .TP
+.B \-z
+By default Dropbear will send network traffic with the \fBAF21\fR setting for QoS, letting network devices give it higher priority. Some devices may have problems with that, \fI-z\fR can be used to disable it.
+.TP
 .B \-T \fImax_authentication_attempts
 Set the number of authentication attempts allowed per connection. If unspecified the default is 10 (MAX_AUTH_TRIES)
 .TP
@@ -144,6 +151,14 @@ same functionality with other means even if no-pty is set.
 .B restrict
 Applies all the no- restrictions listed above.
 
+.TP
+.B permitopen=\fR"\fIhost:port\fR"
+Restrict local port forwarding so that connection is allowed only to the
+specified host and port. Multiple permitopen options separated by commas
+can be set in authorized_keys. Wildcard character ('*') may be used in
+port specification for matching any port. Hosts must be literal domain names or
+IP addresses.
+
 .TP
 .B command=\fR"\fIforced_command\fR"
 Disregard the command provided by the user and always run \fIforced_command\fR.

dropbear_lint.sh

@@ -3,6 +3,6 @@
 EXITCODE=0
 
 # #ifdef instead of #if
-grep '#ifdef DROPBEAR' -I *.c *.h && EXITCODE=1
+grep '#ifdef DROPBEAR' -I -- *.c *.h && EXITCODE=1
 
 exit $EXITCODE

dropbearkey.c

@@ -127,18 +127,19 @@ static void check_signkey_bits(enum signkey_type type, int bits)
 #endif
 #if DROPBEAR_RSA
 		case DROPBEAR_SIGNKEY_RSA:
-			if (bits < 512 || bits > 4096 || (bits % 8 != 0)) {
-				dropbear_exit("Bits must satisfy 512 <= bits <= 4096, and be a"
+			if (bits < 1024 || bits > 4096 || (bits % 8 != 0)) {
+				dropbear_exit("Bits must satisfy 1024 <= bits <= 4096, and be a"
 				              " multiple of 8\n");
 			}
 			break;
 #endif
-#if DROPEAR_DSS
+#if DROPBEAR_DSS
 		case DROPBEAR_SIGNKEY_DSS:
 			if (bits != 1024) {
 				dropbear_exit("DSS keys have a fixed size of 1024 bits\n");
 				exit(EXIT_FAILURE);
 			}
+			break;
 #endif
 		default:
 			(void)0; /* quiet, compiler. ecdsa handles checks itself */

fuzz/fuzzer-verify.c

@@ -3,6 +3,7 @@
 #include "fuzz-wrapfd.h"
 #include "debug.h"
 #include "dss.h"
+#include "ed25519.h"
 
 static void setup_fuzzer(void) {
 	fuzz_common_setup();
@@ -59,6 +60,21 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
 					/* Could also check g**q mod p == 1 */
 				}
 
+				if (keytype == DROPBEAR_SIGNKEY_SK_ED25519 || keytype == DROPBEAR_SIGNKEY_ED25519) {
+					dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
+					if (eck && *eck) {
+						int i;
+						/* we've seen all-zero keys validate */
+						boguskey = 1;
+						for (i = 0; i < CURVE25519_LEN; i++) {
+							if ((*eck)->priv[i] != 0x00 || (*eck)->pub[i] != 0x00) {
+								boguskey = 0;
+							}
+						}
+
+					}
+				}
+
 				if (!boguskey) {
 					printf("Random key/signature managed to verify!\n");
 					abort();

genrsa.c

@@ -34,7 +34,7 @@
 #if DROPBEAR_RSA
 
 static void getrsaprime(mp_int* prime, mp_int *primeminus, 
-		mp_int* rsa_e, unsigned int size_bytes);
+		const mp_int* rsa_e, unsigned int size_bytes);
 
 /* mostly taken from libtomcrypt's rsa key generation routine */
 dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
@@ -89,7 +89,7 @@ dropbear_rsa_key * gen_rsa_priv_key(unsigned int size) {
 
 /* return a prime suitable for p or q */
 static void getrsaprime(mp_int* prime, mp_int *primeminus, 
-		mp_int* rsa_e, unsigned int size_bytes) {
+		const mp_int* rsa_e, unsigned int size_bytes) {
 
 	unsigned char *buf;
 	int trials;

keyimport.c

@@ -302,6 +302,7 @@ static int ber_read_id_len(void *source, int sourcelen,
  * Will avoid writing anything if dest is NULL, but still return
  * amount of space required.
  */
+#if DROPBEAR_DSS
 static int ber_write_id_len(void *dest, int id, int length, int flags)
 {
 	unsigned char *d = (unsigned char *)dest;
@@ -356,6 +357,7 @@ static int ber_write_id_len(void *dest, int id, int length, int flags)
 
 	return len;
 }
+#endif /* DROPBEAR_DSS */
 
 
 /* Simple structure to point to an mp-int within a blob. */
@@ -899,15 +901,16 @@ static int openssh_write(const char *filename, sign_key *key,
 	buffer * extrablob = NULL; /* used for calculated values to write */
 	unsigned char *outblob = NULL;
 	int outlen = -9999;
-	struct mpint_pos numbers[9];
-	int nnumbers = -1, pos = 0, len = 0, seqlen, i;
+	int pos = 0, len = 0, i;
 	char *header = NULL, *footer = NULL;
-	char zero[1];
 	int ret = 0;
 	FILE *fp;
 
 #if DROPBEAR_DSS
 	if (key->type == DROPBEAR_SIGNKEY_DSS) {
+		char zero[1];
+		struct mpint_pos numbers[9];
+		int nnumbers = -1, seqlen;
 		/*
 		 * Fetch the key blobs.
 		 */
@@ -924,7 +927,6 @@ static int openssh_write(const char *filename, sign_key *key,
 		 */
 		numbers[0].start = zero; numbers[0].bytes = 1; zero[0] = '\0';
 
-	#if DROPBEAR_DSS
 		if (key->type == DROPBEAR_SIGNKEY_DSS) {
 
 			/* p */
@@ -956,7 +958,6 @@ static int openssh_write(const char *filename, sign_key *key,
 			header = "-----BEGIN DSA PRIVATE KEY-----\n";
 			footer = "-----END DSA PRIVATE KEY-----\n";
 		}
-	#endif /* DROPBEAR_DSS */
 
 		/*
 		 * Now count up the total size of the ASN.1 encoded integers,

libtomcrypt/src/headers/tomcrypt_dropbear.h

@@ -54,10 +54,6 @@
 #define LTC_SHA1
 #endif
 
-#if DROPBEAR_MD5
-#define LTC_MD5
-#endif
-
 /* ECC */
 #if DROPBEAR_ECC
 #define LTC_MECC

libtommath/Makefile.in

@@ -25,8 +25,14 @@ endif
 
 coverage: LIBNAME:=-Wl,--whole-archive $(LIBNAME)  -Wl,--no-whole-archive
 
+# Dropbear sets its own flags below
+IGNORE_SPEED=1
+
 include $(srcdir)/makefile_include.mk
 
+# override makefile_include.mk flags
+LTM_CFLAGS += @DROPBEAR_LTM_CFLAGS@
+
 %.o: %.c $(HEADERS)
 ifneq ($V,1)
 	@echo "   * ${CC} $@"

libtommath/makefile_include.mk

@@ -104,7 +104,7 @@ LIBTOOLFLAGS += -no-undefined
 endif
 
 # add in the standard FLAGS
-LTM_CFLAGS += $(CFLAGS)
+LTM_CFLAGS := $(CFLAGS) $(LTM_CFLAGS)
 LTM_LFLAGS += $(LFLAGS)
 LTM_LDFLAGS += $(LDFLAGS)
 LTM_LIBTOOLFLAGS += $(LIBTOOLFLAGS)

loginrec.c

@@ -459,6 +459,7 @@ line_abbrevname(char *dst, const char *src, size_t dstsize)
 void
 set_utmp_time(struct logininfo *li, struct utmp *ut)
 {
+	/* struct utmp in glibc isn't y2038 safe yet */
 # ifdef HAVE_STRUCT_UTMP_UT_TV
 	ut->ut_tv.tv_sec = li->tv_sec;
 	ut->ut_tv.tv_usec = li->tv_usec;
@@ -829,7 +830,7 @@ utmpx_perform_login(struct logininfo *li)
 		return 0;
 	}
 # else
-	if (!utmpx_write_direct(li, &ut)) {
+	if (!utmpx_write_direct(li, &utx)) {
 		dropbear_log(LOG_WARNING, "utmpx_perform_login: utmp_write_direct() failed");
 		return 0;
 	}
@@ -1272,6 +1273,7 @@ lastlog_construct(struct logininfo *li, struct lastlog *last)
 	(void)line_stripname(last->ll_line, li->line, sizeof(last->ll_line));
 	strlcpy(last->ll_host, li->hostname,
 		MIN_SIZEOF(last->ll_host, li->hostname));
+	/* struct lastlog in glibc isn't y2038 safe yet */
 	last->ll_time = li->tv_sec;
 }
 

loginrec.h

@@ -139,8 +139,8 @@ struct logininfo {
 	/* struct timeval (sys/time.h) isn't always available, if it isn't we'll
 	 * use time_t's value as tv_sec and set tv_usec to 0
 	 */
-	unsigned int tv_sec;
-	unsigned int tv_usec;
+	time_t tv_sec;
+	suseconds_t tv_usec;
 	union login_netinfo hostaddr;       /* caller's host address(es) */
 }; /* struct logininfo */
 

netio.c

@@ -3,6 +3,7 @@
 #include "dbutil.h"
 #include "session.h"
 #include "debug.h"
+#include "runopts.h"
 
 struct dropbear_progress_connection {
 	struct addrinfo *res;
@@ -377,6 +378,7 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
 	/* Don't log ENOTSOCK errors so that this can harmlessly be called
 	 * on a client '-J' proxy pipe */
 
+	if (opts.disable_ip_tos == 0) {
 #ifdef IP_TOS
 	/* Set the DSCP field for outbound IP packet priority.
 	rfc4594 has some guidance to meanings.
@@ -409,6 +411,7 @@ void set_sock_priority(int sock, enum dropbear_prio prio) {
 		TRACE(("Couldn't set IP_TOS (%s)", strerror(errno)));
 	}
 #endif /* IP_TOS */
+	}
 
 #ifdef HAVE_LINUX_PKT_SCHED_H
 	/* Set scheduling priority within the local Linux network stack */

packet.c

@@ -430,44 +430,32 @@ static buffer* buf_decompress(const buffer* buf, unsigned int len) {
 	z_streamp zstream;
 
 	zstream = ses.keys->recv.zstream;
-	ret = buf_new(len);
+	/* We use RECV_MAX_PAYLOAD_LEN+1 here to ensure that
+	   we can detect an oversized payload after inflate() */
+	ret = buf_new(RECV_MAX_PAYLOAD_LEN+1);
 
 	zstream->avail_in = len;
 	zstream->next_in = buf_getptr(buf, len);
+	zstream->avail_out = ret->size;
+	zstream->next_out = ret->data;
 
-	/* decompress the payload, incrementally resizing the output buffer */
-	while (1) {
-
-		zstream->avail_out = ret->size - ret->pos;
-		zstream->next_out = buf_getwriteptr(ret, zstream->avail_out);
-
-		result = inflate(zstream, Z_SYNC_FLUSH);
-
-		buf_setlen(ret, ret->size - zstream->avail_out);
-		buf_setpos(ret, ret->len);
-
-		if (result != Z_BUF_ERROR && result != Z_OK) {
-			dropbear_exit("zlib error");
-		}
-
-		if (zstream->avail_in == 0 &&
-		   		(zstream->avail_out != 0 || result == Z_BUF_ERROR)) {
-			/* we can only exit if avail_out hasn't all been used,
-			 * and there's no remaining input */
-			return ret;
-		}
-
-		if (zstream->avail_out == 0) {
-			int new_size = 0;
-			if (ret->size >= RECV_MAX_PAYLOAD_LEN) {
-				/* Already been increased as large as it can go,
-				 * yet didn't finish up the decompression */
-				dropbear_exit("bad packet, oversized decompressed");
-			}
-			new_size = MIN(RECV_MAX_PAYLOAD_LEN, ret->size + ZLIB_DECOMPRESS_INCR);
-			ret = buf_resize(ret, new_size);
-		}
+	result = inflate(zstream, Z_SYNC_FLUSH);
+	if (result != Z_OK) {
+		dropbear_exit("zlib error");
 	}
+
+	buf_setlen(ret, ret->size - zstream->avail_out);
+
+	if (zstream->avail_in > 0 || ret->len > RECV_MAX_PAYLOAD_LEN) {
+		/* The remote side sent larger than a payload size
+		 * of uncompressed data.
+		 */
+		dropbear_exit("bad packet, oversized decompressed");
+	}
+
+	/* Success. All input was consumed and avail_out > 0 */
+	return ret;
+
 }
 #endif
 

runopts.h

@@ -33,13 +33,14 @@
 
 typedef struct runopts {
 
+	int disable_ip_tos;
 #if DROPBEAR_SVR_REMOTETCPFWD || DROPBEAR_CLI_LOCALTCPFWD \
     || DROPBEAR_CLI_REMOTETCPFWD
 	int listen_fwd_all;
 #endif
 	unsigned int recv_window;
-	time_t keepalive_secs; /* Time between sending keepalives. 0 is off */
-	time_t idle_timeout_secs; /* Exit if no traffic is sent/received in this time */
+	long keepalive_secs; /* Time between sending keepalives. 0 is off */
+	long idle_timeout_secs; /* Exit if no traffic is sent/received in this time */
 	int usingsyslog;
 
 #ifndef DISABLE_ZLIB
@@ -79,8 +80,9 @@ typedef struct svr_runopts {
 	char *addresses[DROPBEAR_MAX_PORTS];
 
 	int inetdmode;
-	/* Hidden "-2" flag indicates it's re-executing itself */
-	int reexec_child;
+	/* Hidden "-2 childpipe_fd" flag indicates it's re-executing itself,
+	   stores the childpipe preauth file descriptor. Set to -1 otherwise. */
+	int reexec_childpipe;
 
 	/* Flags indicating whether to use ipv4 and ipv6 */
 	/* not used yet
@@ -105,6 +107,7 @@ typedef struct svr_runopts {
 	int noauthpass;
 	int norootpass;
 	int allowblankpass;
+	int multiauthmethod;
 	unsigned int maxauthtries;
 
 #if DROPBEAR_SVR_REMOTETCPFWD
@@ -127,8 +130,10 @@ typedef struct svr_runopts {
 	char * forced_command;
 
 #if DROPBEAR_PLUGIN 
-        char *pubkey_plugin;
-        char *pubkey_plugin_options;
+	/* malloced */
+	char *pubkey_plugin;
+	/* points into pubkey_plugin */
+	char *pubkey_plugin_options;
 #endif
 
 	int pass_on_env;

signkey.c

@@ -120,6 +120,7 @@ enum signkey_type signkey_type_from_name(const char* name, unsigned int namelen)
 /* Special case for rsa-sha2-256. This could be generalised if more 
    signature names are added that aren't 1-1 with public key names */
 const char* signature_name_from_type(enum signature_type type, unsigned int *namelen) {
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
 	if (type == DROPBEAR_SIGNATURE_RSA_SHA256) {
 		if (namelen) {
@@ -136,11 +137,13 @@ const char* signature_name_from_type(enum signature_type type, unsigned int *nam
 		return SSH_SIGNKEY_RSA;
 	}
 #endif
+#endif /* DROPBEAR_RSA */
 	return signkey_name_from_type((enum signkey_type)type, namelen);
 }
 
 /* Returns DROPBEAR_SIGNATURE_NONE if none match */
 enum signature_type signature_type_from_name(const char* name, unsigned int namelen) {
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
 	if (namelen == strlen(SSH_SIGNATURE_RSA_SHA256) 
 		&& memcmp(name, SSH_SIGNATURE_RSA_SHA256, namelen) == 0) {
@@ -153,10 +156,11 @@ enum signature_type signature_type_from_name(const char* name, unsigned int name
 		return DROPBEAR_SIGNATURE_RSA_SHA1;
 	}
 #endif
+#endif /* DROPBEAR_RSA */
 	return (enum signature_type)signkey_type_from_name(name, namelen);
 }
 
-/* Returns the signature type from a key type. Must not be called 
+/* Returns the signature type from a key type. Must not be called
    with RSA keytype */
 enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
 #if DROPBEAR_RSA
@@ -167,6 +171,7 @@ enum signature_type signature_type_from_signkey(enum signkey_type keytype) {
 }
 
 enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA256
 	if (sigtype == DROPBEAR_SIGNATURE_RSA_SHA256) {
 		return DROPBEAR_SIGNKEY_RSA;
@@ -177,6 +182,7 @@ enum signkey_type signkey_type_from_signature(enum signature_type sigtype) {
 		return DROPBEAR_SIGNKEY_RSA;
 	}
 #endif
+#endif /* DROPBEAR_RSA */
 	assert((int)sigtype < (int)DROPBEAR_SIGNKEY_NUM_NAMED);
 	return (enum signkey_type)sigtype;
 }
@@ -587,7 +593,7 @@ void buf_put_sign(buffer* buf, sign_key *key, enum signature_type sigtype,
 	buffer *sigblob = buf_new(MAX_PUBKEY_SIZE);
 	enum signkey_type keytype = signkey_type_from_signature(sigtype);
 
-#if DEBUG_TRACE
+#if DEBUG_TRACE > DROPBEAR_VERBOSE_LEVEL
 	{
 		const char* signame = signature_name_from_type(sigtype, NULL);
 		TRACE(("buf_put_sign type %d %s", sigtype, signame));
@@ -688,7 +694,7 @@ int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype,
 	if (keytype == DROPBEAR_SIGNKEY_SK_ECDSA_NISTP256) {
 		ecc_key **eck = (ecc_key**)signkey_key_ptr(key, keytype);
 		if (eck && *eck) {
-			return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
+			return buf_sk_ecdsa_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask);
 		}
 	}
 #endif
@@ -696,7 +702,7 @@ int buf_verify(buffer * buf, sign_key *key, enum signature_type expect_sigtype,
 	if (keytype == DROPBEAR_SIGNKEY_SK_ED25519) {
 		dropbear_ed25519_key **eck = (dropbear_ed25519_key**)signkey_key_ptr(key, keytype);
 		if (eck && *eck) {
-			return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen);
+			return buf_sk_ed25519_verify(buf, *eck, data_buf, key->sk_app, key->sk_applen, key->sk_flags_mask);
 		}
 	}
 #endif

signkey.h

@@ -79,12 +79,14 @@ enum signature_type {
 	DROPBEAR_SIGNATURE_SK_ED25519 = DROPBEAR_SIGNKEY_SK_ED25519,
 #endif
 #endif
+#if DROPBEAR_RSA
 #if DROPBEAR_RSA_SHA1
 	DROPBEAR_SIGNATURE_RSA_SHA1 = 100, /* ssh-rsa signature (sha1) */
 #endif
 #if DROPBEAR_RSA_SHA256
 	DROPBEAR_SIGNATURE_RSA_SHA256 = 101, /* rsa-sha2-256 signature. has a ssh-rsa key */
 #endif
+#endif /* DROPBEAR_RSA */
 	DROPBEAR_SIGNATURE_NONE = DROPBEAR_SIGNKEY_NONE,
 };
 
@@ -127,6 +129,7 @@ struct SIGN_key {
 	/* application ID for U2F/FIDO key types, a malloced string */
 	char * sk_app;
 	unsigned int sk_applen;
+	unsigned char sk_flags_mask;
 #endif
 };
 

sk-ecdsa.c

@@ -8,7 +8,9 @@
 #include "sk-ecdsa.h"
 #include "ssh.h"
 
-int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf, const char* app, unsigned int applen) {
+int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask) {
 	hash_state hs;
 	unsigned char subhash[SHA256_HASH_SIZE];
 	buffer *sk_buffer = NULL, *sig_buffer = NULL;
@@ -41,13 +43,18 @@ int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf,
 	buf_free(sk_buffer);
 	buf_free(sig_buffer);
 
-	/* TODO: allow "no-touch-required" or "verify-required" authorized_keys options */
-	if (!(flags & SSH_SK_USER_PRESENCE_REQD)) {
+	if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
 		if (ret == DROPBEAR_SUCCESS) {
 			dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
 		}
 		ret = DROPBEAR_FAILURE;
 	}
+	if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
+		if (ret == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
+		}
+		ret = DROPBEAR_FAILURE;
+	}
 
 	TRACE(("leave buf_sk_ecdsa_verify, ret=%d", ret))
 	return ret;

sk-ecdsa.h

@@ -8,7 +8,9 @@
 #include "buffer.h"
 #include "signkey.h"
 
-int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf, const char* app, unsigned int applen);
+int buf_sk_ecdsa_verify(buffer *buf, const ecc_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask);
 
 #endif
 

sk-ed25519.c

@@ -8,7 +8,9 @@
 #include "ed25519.h"
 #include "ssh.h"
 
-int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf, const char* app, unsigned int applen) {
+int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask) {
 
 	int ret = DROPBEAR_FAILURE;
 	unsigned char *s;
@@ -52,13 +54,18 @@ int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const bu
 		ret = DROPBEAR_SUCCESS;
 	}
 
-	/* TODO: allow "no-touch-required" or "verify-required" authorized_keys options */
-	if (!(flags & SSH_SK_USER_PRESENCE_REQD)) {
+	if (~flags & sk_flags_mask & SSH_SK_USER_PRESENCE_REQD) {
 		if (ret == DROPBEAR_SUCCESS) {
 			dropbear_log(LOG_WARNING, "Rejecting, user-presence not set");
 		}
 		ret = DROPBEAR_FAILURE;
 	}
+	if (~flags & sk_flags_mask & SSH_SK_USER_VERIFICATION_REQD) {
+		if (ret == DROPBEAR_SUCCESS) {
+			dropbear_log(LOG_WARNING, "Rejecting, user-verification not set");
+		}
+		ret = DROPBEAR_FAILURE;
+	}
 out:
 	buf_free(sk_buffer);
 	TRACE(("leave buf_sk_ed25519_verify: ret %d", ret))

sk-ed25519.h

@@ -8,7 +8,9 @@
 #include "buffer.h"
 #include "ed25519.h"
 
-int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf, const char* app, unsigned int applen);
+int buf_sk_ed25519_verify(buffer *buf, const dropbear_ed25519_key *key, const buffer *data_buf,
+			const char* app, unsigned int applen,
+			unsigned char sk_flags_mask);
 
 #endif
 

sshpty.c

@@ -380,7 +380,9 @@ pty_setowner(struct passwd *pw, const char *tty_name)
 				tty_name, strerror(errno));
 	}
 
-	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+	/* Allow either "tty" gid or user's own gid. On Linux with openpty()
+	 * this varies depending on the devpts mount options */
+	if (st.st_uid != pw->pw_uid || !(st.st_gid == gid || st.st_gid == pw->pw_gid)) {
 		if (chown(tty_name, pw->pw_uid, gid) < 0) {
 			if (errno == EROFS &&
 			    (st.st_uid == pw->pw_uid || st.st_uid == 0)) {

svr-auth.c

@@ -389,7 +389,7 @@ void send_msg_userauth_failure(int partial, int incrfail) {
 		Beware of integer overflow if increasing these values */
 		const unsigned int mindelay = 250000000;
 		const unsigned int vardelay = 100000000;
-		unsigned int rand_delay;
+		suseconds_t rand_delay;
 		struct timespec delay;
 
 		gettime_wrapper(&delay);

svr-authpam.c

@@ -30,6 +30,7 @@
 #include "buffer.h"
 #include "dbutil.h"
 #include "auth.h"
+#include "runopts.h"
 
 #if DROPBEAR_SVR_PAM_AUTH
 
@@ -278,12 +279,22 @@ void svr_auth_pam(int valid_user) {
 		goto cleanup;
 	}
 
-	/* successful authentication */
-	dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
-			ses.authstate.pw_name,
-			svr_ses.addrstring);
-	send_msg_userauth_success();
-
+	if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PASSWORD)) {
+			/* successful PAM password authentication, but extra auth required */
+			dropbear_log(LOG_NOTICE,
+					"PAM password auth succeeded for '%s' from %s, extra auth required",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			ses.authstate.authtypes &= ~AUTH_TYPE_PASSWORD; /* PAM password auth ok, delete the method flag */
+			send_msg_userauth_failure(1, 0);  /* Send partial success */
+		} else {
+			/* successful authentication */
+			dropbear_log(LOG_NOTICE, "PAM password auth succeeded for '%s' from %s",
+				ses.authstate.pw_name,
+				svr_ses.addrstring);
+			send_msg_userauth_success();
+		}
+		
 cleanup:
 	if (password != NULL) {
 		m_burn(password, passwordlen);

svr-authpasswd.c

@@ -106,12 +106,22 @@ void svr_auth_password(int valid_user) {
 	}
 
 	if (constant_time_strcmp(testcrypt, passwdcrypt) == 0) {
-		/* successful authentication */
-		dropbear_log(LOG_NOTICE, 
-				"Password auth succeeded for '%s' from %s",
-				ses.authstate.pw_name,
-				svr_ses.addrstring);
-		send_msg_userauth_success();
+		if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PASSWORD)) {
+			/* successful password authentication, but extra auth required */
+			dropbear_log(LOG_NOTICE,
+					"Password auth succeeded for '%s' from %s, extra auth required",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			ses.authstate.authtypes &= ~AUTH_TYPE_PASSWORD; /* password auth ok, delete the method flag */
+			send_msg_userauth_failure(1, 0);  /* Send partial success */
+		} else {
+			/* successful authentication */
+			dropbear_log(LOG_NOTICE, 
+					"Password auth succeeded for '%s' from %s",
+					ses.authstate.pw_name,
+					svr_ses.addrstring);
+			send_msg_userauth_success();
+		}
 	} else {
 		dropbear_log(LOG_WARNING,
 				"Bad password attempt for '%s' from %s",

svr-authpubkey.c

@@ -64,6 +64,7 @@
 #include "ssh.h"
 #include "packet.h"
 #include "algo.h"
+#include "runopts.h"
 
 #if DROPBEAR_SVR_PUBKEY_AUTH
 
@@ -182,6 +183,16 @@ void svr_auth_pubkey(int valid_user) {
 		goto out;
 	}
 
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+	key->sk_flags_mask = SSH_SK_USER_PRESENCE_REQD;
+	if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->no_touch_required_flag) {
+		key->sk_flags_mask &= ~SSH_SK_USER_PRESENCE_REQD;
+	}
+	if (ses.authstate.pubkey_options && ses.authstate.pubkey_options->verify_required_flag) {
+		key->sk_flags_mask |= SSH_SK_USER_VERIFICATION_REQD;
+	}
+#endif
+
 	/* create the data which has been signed - this a string containing
 	 * session_id, concatenated with the payload packet up to the signature */
 	assert(ses.payload_beginning <= ses.payload->pos);
@@ -201,12 +212,24 @@ void svr_auth_pubkey(int valid_user) {
 	/* ... and finally verify the signature */
 	fp = sign_key_fingerprint(keyblob, keybloblen);
 	if (buf_verify(ses.payload, key, sigtype, signbuf) == DROPBEAR_SUCCESS) {
-		dropbear_log(LOG_NOTICE,
-				"Pubkey auth succeeded for '%s' with %s key %s from %s",
-				ses.authstate.pw_name,
-				signkey_name_from_type(keytype, NULL), fp,
-				svr_ses.addrstring);
-		send_msg_userauth_success();
+		if (svr_opts.multiauthmethod && (ses.authstate.authtypes & ~AUTH_TYPE_PUBKEY)) {
+			/* successful pubkey authentication, but extra auth required */
+			dropbear_log(LOG_NOTICE,
+					"Pubkey auth succeeded for '%s' with %s key %s from %s, extra auth required",
+					ses.authstate.pw_name,
+					signkey_name_from_type(keytype, NULL), fp,
+					svr_ses.addrstring);
+			ses.authstate.authtypes &= ~AUTH_TYPE_PUBKEY; /* pubkey auth ok, delete the method flag */
+			send_msg_userauth_failure(1, 0); /* Send partial success */
+		} else {
+			/* successful authentication */
+			dropbear_log(LOG_NOTICE,
+					"Pubkey auth succeeded for '%s' with %s key %s from %s",
+					ses.authstate.pw_name,
+					signkey_name_from_type(keytype, NULL), fp,
+					svr_ses.addrstring);
+			send_msg_userauth_success();
+		}
 #if DROPBEAR_PLUGIN
                 if ((ses.plugin_session != NULL) && (svr_ses.plugin_instance->auth_success != NULL)) {
                     /* Was authenticated through the external plugin. tell plugin that signature verification was ok */
@@ -580,7 +603,7 @@ static int checkfileperm(char * filename) {
 	if (badperm) {
 		if (!ses.authstate.perm_warn) {
 			ses.authstate.perm_warn = 1;
-			dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by others", filename);
+			dropbear_log(LOG_INFO, "%s must be owned by user or root, and not writable by group or others", filename);
 		}
 		TRACE(("leave checkfileperm: failure perms/owner"))
 		return DROPBEAR_FAILURE;

svr-authpubkeyoptions.c

@@ -46,6 +46,7 @@
 #include "dbutil.h"
 #include "signkey.h"
 #include "auth.h"
+#include "runopts.h"
 
 #if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
 
@@ -88,6 +89,29 @@ int svr_pubkey_allows_pty() {
 	return 1;
 }
 
+/* Returns 1 if pubkey allows local tcp fowarding to the provided destination,
+ * 0 otherwise */
+int svr_pubkey_allows_local_tcpfwd(const char *host, unsigned int port) {
+	if (ses.authstate.pubkey_options
+		&& ses.authstate.pubkey_options->permit_open_destinations) {
+		m_list_elem *iter = ses.authstate.pubkey_options->permit_open_destinations->first;
+		while (iter) {
+			struct PermitTCPFwdEntry *entry = (struct PermitTCPFwdEntry*)iter->item;
+			if (strcmp(entry->host, host) == 0) {
+				if ((entry->port == PUBKEY_OPTIONS_ANY_PORT) || (entry->port == port)) {
+					return 1;
+				}
+			}
+
+			iter = iter->next;
+		}
+
+		return 0;
+	}
+
+	return 1;
+}
+
 /* Set chansession command to the one forced 
  * by any 'command' public key option. */
 void svr_pubkey_set_forced_command(struct ChanSess *chansess) {
@@ -113,6 +137,16 @@ void svr_pubkey_options_cleanup() {
 		if (ses.authstate.pubkey_options->forced_command) {
 			m_free(ses.authstate.pubkey_options->forced_command);
 		}
+		if (ses.authstate.pubkey_options->permit_open_destinations) {
+			m_list_elem *iter = ses.authstate.pubkey_options->permit_open_destinations->first;
+			while (iter) {
+				struct PermitTCPFwdEntry *entry = (struct PermitTCPFwdEntry*)list_remove(iter);
+				m_free(entry->host);
+				m_free(entry);
+				iter = ses.authstate.pubkey_options->permit_open_destinations->first;
+			}
+			m_free(ses.authstate.pubkey_options->permit_open_destinations);
+		}
 		m_free(ses.authstate.pubkey_options);
 	}
 	if (ses.authstate.pubkey_info) {
@@ -206,6 +240,69 @@ int svr_add_pubkey_options(buffer *options_buf, int line_num, const char* filena
 			goto bad_option;
 		}
 
+		if (match_option(options_buf, "permitopen=\"") == DROPBEAR_SUCCESS) {
+			int valid_option = 0;
+			const unsigned char* permitopen_start = buf_getptr(options_buf, 0);
+
+			if (!ses.authstate.pubkey_options->permit_open_destinations) {
+				ses.authstate.pubkey_options->permit_open_destinations = list_new();
+			}
+
+			while (options_buf->pos < options_buf->len) {
+				const char c = buf_getbyte(options_buf);
+				if (c == '"') {
+					char *spec = NULL;
+					char *portstring = NULL;
+					const int permitopen_len = buf_getptr(options_buf, 0) - permitopen_start;
+					struct PermitTCPFwdEntry *entry =
+							(struct PermitTCPFwdEntry*)m_malloc(sizeof(struct PermitTCPFwdEntry));
+
+					list_append(ses.authstate.pubkey_options->permit_open_destinations, entry);
+					spec = m_malloc(permitopen_len);
+					memcpy(spec, permitopen_start, permitopen_len - 1);
+					spec[permitopen_len - 1] = '\0';
+					if ((split_address_port(spec, &entry->host, &portstring) == DROPBEAR_SUCCESS)
+						&& entry->host && portstring) {
+						if (strcmp(portstring, "*") == 0) {
+							valid_option = 1;
+							entry->port = PUBKEY_OPTIONS_ANY_PORT;
+							TRACE(("local port forwarding allowed to host '%s'", entry->host));
+						} else if (m_str_to_uint(portstring, &entry->port) == DROPBEAR_SUCCESS) {
+							valid_option = 1;
+							TRACE(("local port forwarding allowed to host '%s' and port '%u'",
+									entry->host, entry->port));
+						}
+					}
+
+					m_free(spec);
+					m_free(portstring);
+					break;
+				}
+			}
+
+			if (valid_option) {
+				goto next_option;
+			} else {
+				dropbear_log(LOG_WARNING, "Badly formatted permitopen= authorized_keys option");
+				goto bad_option;
+			}
+		}
+
+		if (match_option(options_buf, "no-touch-required") == DROPBEAR_SUCCESS) {
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+			dropbear_log(LOG_WARNING, "No user presence check required for U2F/FIDO key.");
+			ses.authstate.pubkey_options->no_touch_required_flag = 1;
+#endif
+			goto next_option;
+		}
+		if (match_option(options_buf, "verify-required") == DROPBEAR_SUCCESS) {
+#if DROPBEAR_SK_ECDSA || DROPBEAR_SK_ED25519
+			dropbear_log(LOG_WARNING, "User verification required for U2F/FIDO key.");
+			ses.authstate.pubkey_options->verify_required_flag = 1;
+#endif
+			goto next_option;
+		}
+
 next_option:
 		/*
 		 * Skip the comma, and move to the next option

svr-chansession.c

@@ -1040,9 +1040,11 @@ static void execchild(const void *user_data) {
 	if (chansess->original_command) {
 		addnewvar("SSH_ORIGINAL_COMMAND", chansess->original_command);
 	}
-        if (ses.authstate.pubkey_info != NULL) {
-                addnewvar("SSH_PUBKEYINFO", ses.authstate.pubkey_info);
-        }
+#if DROPBEAR_SVR_PUBKEY_OPTIONS_BUILT
+	if (ses.authstate.pubkey_info != NULL) {
+		addnewvar("SSH_PUBKEYINFO", ses.authstate.pubkey_info);
+	}
+#endif
 
 	/* change directory */
 	if (chdir(ses.authstate.pw_dir) < 0) {

svr-main.c

@@ -71,7 +71,7 @@ int main(int argc, char ** argv)
 #endif
 
 #if DROPBEAR_DO_REEXEC
-	if (svr_opts.reexec_child) {
+	if (svr_opts.reexec_childpipe >= 0) {
 #ifdef PR_SET_NAME
 		/* Fix the "Name:" in /proc/pid/status, otherwise it's
 		a FD number from fexecve.
@@ -102,7 +102,7 @@ static void main_inetd() {
 
 	seedrandom();
 
-	if (!svr_opts.reexec_child) {
+	if (svr_opts.reexec_childpipe < 0) {
 		/* In case our inetd was lax in logging source addresses */
 		get_socket_address(0, NULL, NULL, &host, &port, 0);
 			dropbear_log(LOG_INFO, "Child connection from %s:%s", host, port);
@@ -115,10 +115,8 @@ static void main_inetd() {
 		setsid();
 	}
 
-	/* Start service program 
-	 * -1 is a dummy childpipe, just something we can close() without 
-	 * mattering. */
-	svr_session(0, -1);
+	/* -1 for childpipe in the inetd case is discarded */
+	svr_session(0, svr_opts.reexec_childpipe);
 
 	/* notreached */
 }
@@ -332,7 +330,7 @@ static void main_noinetd(int argc, char ** argv, const char* multipath) {
 				m_free(remote_host);
 				m_free(remote_port);
 
-#ifndef DEBUG_NOFORK
+#if !DEBUG_NOFORK
 				if (setsid() < 0) {
 					dropbear_exit("setsid: %s", strerror(errno));
 				}
@@ -347,9 +345,10 @@ static void main_noinetd(int argc, char ** argv, const char* multipath) {
 
 				if (execfd >= 0) {
 #if DROPBEAR_DO_REEXEC
-					/* Add "-2" to the args and re-execute ourself. */
-					char **new_argv = m_malloc(sizeof(char*) * (argc+3));
-					int pos0 = 0, new_argc = argc+1;
+					/* Add "-2 childpipe[1]" to the args and re-execute ourself. */
+					char **new_argv = m_malloc(sizeof(char*) * (argc+4));
+					char buf[10];
+					int pos0 = 0, new_argc = argc+2;
 
 					/* We need to specially handle "dropbearmulti dropbear". */
 					if (multipath) {
@@ -359,7 +358,9 @@ static void main_noinetd(int argc, char ** argv, const char* multipath) {
 					}
 
 					memcpy(&new_argv[pos0], argv, sizeof(char*) * argc);
-					new_argv[new_argc-1] = "-2";
+					new_argv[new_argc-2] = "-2";
+					snprintf(buf, sizeof(buf), "%d", childpipe[1]);
+					new_argv[new_argc-1] = buf;
 					new_argv[new_argc] = NULL;
 
 					if ((dup2(childsock, STDIN_FILENO) < 0)) {

svr-runopts.c

@@ -81,6 +81,7 @@ static void printhelp(const char * progname) {
 					"-s		Disable password logins\n"
 					"-g		Disable password logins for root\n"
 					"-B		Allow blank password logins\n"
+					"-t		Enable two-factor authentication (both password and public key required)\n"
 #endif
 					"-T		Maximum authentication tries (default %d)\n"
 #if DROPBEAR_SVR_LOCALTCPFWD
@@ -103,6 +104,7 @@ static void printhelp(const char * progname) {
 					"-W <receive_window_buffer> (default %d, larger may be faster, max 10MB)\n"
 					"-K <keepalive>  (0 is never, default %d, in seconds)\n"
 					"-I <idle_timeout>  (0 is never, default %d, in seconds)\n"
+					"-z    disable QoS\n"
 #if DROPBEAR_PLUGIN
                                         "-A <authplugin>[,<options>]\n"
                                         "               Enable external public key auth through <authplugin>\n"
@@ -138,6 +140,7 @@ void svr_getopts(int argc, char ** argv) {
 	char* keepalive_arg = NULL;
 	char* idle_timeout_arg = NULL;
 	char* maxauthtries_arg = NULL;
+	char* reexec_fd_arg = NULL;
 	char* keyfile = NULL;
 	char c;
 #if DROPBEAR_PLUGIN
@@ -158,6 +161,7 @@ void svr_getopts(int argc, char ** argv) {
 	svr_opts.noauthpass = 0;
 	svr_opts.norootpass = 0;
 	svr_opts.allowblankpass = 0;
+	svr_opts.multiauthmethod = 0;
 	svr_opts.maxauthtries = MAX_AUTH_TRIES;
 	svr_opts.inetdmode = 0;
 	svr_opts.portcount = 0;
@@ -175,6 +179,7 @@ void svr_getopts(int argc, char ** argv) {
         svr_opts.pubkey_plugin_options = NULL;
 #endif
 	svr_opts.pass_on_env = 0;
+	svr_opts.reexec_childpipe = -1;
 
 #ifndef DISABLE_ZLIB
 	opts.compress_mode = DROPBEAR_COMPRESS_DELAYED;
@@ -197,6 +202,7 @@ void svr_getopts(int argc, char ** argv) {
 #if DROPBEAR_SVR_REMOTETCPFWD
 	opts.listen_fwd_all = 0;
 #endif
+	opts.disable_ip_tos = 0;
 
 	for (i = 1; i < (unsigned int)argc; i++) {
 		if (argv[i][0] != '-' || argv[i][1] == '\0')
@@ -250,12 +256,12 @@ void svr_getopts(int argc, char ** argv) {
 #if DROPBEAR_DO_REEXEC && NON_INETD_MODE
 				/* For internal use by re-exec */
 				case '2':
-					svr_opts.reexec_child = 1;
+					next = &reexec_fd_arg;
 					break;
 #endif
 				case 'p':
-				  nextisport = 1;
-				  break;
+					nextisport = 1;
+					break;
 				case 'P':
 					next = &svr_opts.pidfile;
 					break;
@@ -295,6 +301,9 @@ void svr_getopts(int argc, char ** argv) {
 				case 'B':
 					svr_opts.allowblankpass = 1;
 					break;
+				case 't':
+					svr_opts.multiauthmethod = 1;
+					break;
 #endif
 				case 'h':
 					printhelp(argv[0]);
@@ -317,6 +326,9 @@ void svr_getopts(int argc, char ** argv) {
 					print_version();
 					exit(EXIT_SUCCESS);
 					break;
+				case 'z':
+					opts.disable_ip_tos = 1;
+					break;
 				default:
 					fprintf(stderr, "Invalid option -%c\n", c);
 					printhelp(argv[0]);
@@ -426,6 +438,13 @@ void svr_getopts(int argc, char ** argv) {
 		dropbear_log(LOG_INFO, "Forced command set to '%s'", svr_opts.forced_command);
 	}
 
+	if (reexec_fd_arg) {
+		if (m_str_to_uint(reexec_fd_arg, &svr_opts.reexec_childpipe) == DROPBEAR_FAILURE
+			|| svr_opts.reexec_childpipe < 0) {
+			dropbear_exit("Bad -2");
+		}
+	}
+
 #if INETD_MODE
 	if (svr_opts.inetdmode && (
 		opts.usingsyslog == 0
@@ -438,16 +457,20 @@ void svr_getopts(int argc, char ** argv) {
 	}
 #endif
 
+	if (svr_opts.multiauthmethod && svr_opts.noauthpass) {
+		dropbear_exit("-t and -s are incompatible");
+	}
+
 #if DROPBEAR_PLUGIN
-        if (pubkey_plugin) {
-            char *args = strchr(pubkey_plugin, ',');
-            if (args) {
-                *args='\0';
-                ++args;
-            }
-            svr_opts.pubkey_plugin = pubkey_plugin;
-            svr_opts.pubkey_plugin_options = args;
-        }
+	if (pubkey_plugin) {
+		svr_opts.pubkey_plugin = m_strdup(pubkey_plugin);
+		char *args = strchr(svr_opts.pubkey_plugin, ',');
+		if (args) {
+			*args='\0';
+			++args;
+		}
+		svr_opts.pubkey_plugin_options = args;
+	}
 #endif
 }
 

svr-session.c

@@ -208,7 +208,7 @@ void svr_session(int sock, int childpipe) {
 
 }
 
-/* failure exit - format must be <= 100 chars */
+/* cleanup and exit - format must be <= 100 chars */
 void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 	char exitmsg[150];
 	char fullmsg[300];
@@ -217,10 +217,12 @@ void svr_dropbear_exit(int exitcode, const char* format, va_list param) {
 	int add_delay = 0;
 
 #if DROPBEAR_PLUGIN
-        if ((ses.plugin_session != NULL)) {
-            svr_ses.plugin_instance->delete_session(ses.plugin_session);
-        }
-        ses.plugin_session = NULL;
+	if ((ses.plugin_session != NULL)) {
+		svr_ses.plugin_instance->delete_session(ses.plugin_session);
+	}
+	ses.plugin_session = NULL;
+	svr_opts.pubkey_plugin_options = NULL;
+	m_free(svr_opts.pubkey_plugin);
 #endif
 
 	/* Render the formatted exit message */

svr-tcpfwd.c

@@ -289,6 +289,11 @@ static int newtcpdirect(struct Channel * channel) {
 		goto out;
 	}
 
+	if (!svr_pubkey_allows_local_tcpfwd(desthost, destport)) {
+		TRACE(("leave newtcpdirect: local tcp forwarding not permitted to requested destination"));
+		goto out;
+	}
+
 	snprintf(portstring, sizeof(portstring), "%u", destport);
 	channel->conn_pending = connect_remote(desthost, portstring, channel_connect_done,
 		channel, NULL, NULL, DROPBEAR_PRIO_NORMAL);

svr-x11fwd.c

@@ -206,7 +206,7 @@ void x11cleanup(struct ChanSess *chansess) {
 }
 
 static int x11_inithandler(struct Channel *channel) {
-	channel->prio = DROPBEAR_CHANNEL_PRIO_INTERACTIVE;
+	channel->prio = DROPBEAR_PRIO_LOWDELAY;
 	return 0;
 }
 

sysoptions.h

@@ -1,15 +1,23 @@
 /*******************************************************************
- * You shouldn't edit this file unless you know you need to. 
+ * You shouldn't edit this file unless you know you need to.
  * This file is only included from options.h
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2022.82"
+#define DROPBEAR_VERSION "2022.83"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
 #define PROGNAME "dropbear"
 
+#ifndef DROPBEAR_CLIENT
+#define DROPBEAR_CLIENT 0
+#endif
+
+#ifndef DROPBEAR_SERVER
+#define DROPBEAR_SERVER 0
+#endif
+
 /* Spec recommends after one hour or 1 gigabyte of data. One hour
  * is a bit too verbose, so we try 8 hours */
 #ifndef KEX_REKEY_TIMEOUT
@@ -68,7 +76,6 @@
 #define MAX_TERM_LEN 200 /* max length of TERM name */
 
 #define MAX_HOST_LEN 254 /* max hostname len for tcp fwding */
-#define MAX_IP_LEN 15 /* strlen("255.255.255.255") == 15 */
 
 #define DROPBEAR_MAX_PORTS 10 /* max number of ports which can be specified,
 								 ipv4 and ipv6 don't count twice */
@@ -80,12 +87,21 @@
 
 #define _PATH_CP "/bin/cp"
 
+/* Default contents of /etc/shells if system getusershell() doesn't exist.
+ * Paths taken from getusershell(3) manpage. These can be customised
+ * on other platforms. One the commandline for CFLAGS it would look like eg
+  -DCOMPAT_USER_SHELLS='"/bin/sh","/apps/bin/sh","/data/bin/zsh"'
+ */
+#ifndef COMPAT_USER_SHELLS
+#define COMPAT_USER_SHELLS "/bin/sh","/bin/csh"
+#endif
+
 #define DROPBEAR_ESCAPE_CHAR '~'
 
 /* success/failure defines */
 #define DROPBEAR_SUCCESS 0
 #define DROPBEAR_FAILURE -1
- 
+
 #define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"
 
 #define DROPBEAR_NGROUP_MAX 1024
@@ -103,7 +119,6 @@
 
 #define SHA1_HASH_SIZE 20
 #define SHA256_HASH_SIZE 32
-#define MD5_HASH_SIZE 16
 #define MAX_HASH_SIZE 64 /* sha512 */
 
 #if DROPBEAR_CHACHA20POLY1305
@@ -126,16 +141,11 @@
 #define DROPBEAR_SHA2_512_HMAC 0
 #endif
 
-/* might be needed for compatibility with very old implementations */
-#ifndef DROPBEAR_MD5_HMAC
-#define DROPBEAR_MD5_HMAC 0
-#endif
-
 #define DROPBEAR_ECC ((DROPBEAR_ECDH) || (DROPBEAR_ECDSA))
 
 /* Debian doesn't define this in system headers */
 #if !defined(LTM_DESC) && (DROPBEAR_ECC)
-#define LTM_DESC 
+#define LTM_DESC
 #endif
 
 #define DROPBEAR_ECC_256 (DROPBEAR_ECC)
@@ -149,13 +159,19 @@
  * signing operations slightly slower. */
 #define DROPBEAR_RSA_BLINDING 1
 
-#ifndef DROPBEAR_RSA_SHA1
-#define DROPBEAR_RSA_SHA1 DROPBEAR_RSA
-#endif
 #ifndef DROPBEAR_RSA_SHA256
 #define DROPBEAR_RSA_SHA256 DROPBEAR_RSA
 #endif
 
+/* Miller-Rabin primality testing is sufficient for RSA but not DSS.
+ * It's a compile-time setting for libtommath, we can get a speedup
+ * for key generation if DSS is disabled.
+ * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858
+ */
+#if !DROPBEAR_DSS
+#define LTM_USE_ONLY_MR 1
+#endif
+
 /* hashes which will be linked and registered */
 #define DROPBEAR_SHA1 (DROPBEAR_RSA_SHA1 || DROPBEAR_DSS \
 				|| DROPBEAR_SHA1_HMAC || DROPBEAR_SHA1_96_HMAC \
@@ -167,12 +183,18 @@
 #define DROPBEAR_SHA512 ((DROPBEAR_SHA2_512_HMAC) || (DROPBEAR_ECC_521) \
 			|| (DROPBEAR_SHA384) || (DROPBEAR_DH_GROUP16) \
 			|| (DROPBEAR_ED25519))
-#define DROPBEAR_MD5 (DROPBEAR_MD5_HMAC)
 
 #define DROPBEAR_DH_GROUP14 ((DROPBEAR_DH_GROUP14_SHA256) || (DROPBEAR_DH_GROUP14_SHA1))
 
 #define DROPBEAR_NORMAL_DH ((DROPBEAR_DH_GROUP1) || (DROPBEAR_DH_GROUP14) || (DROPBEAR_DH_GROUP16))
 
+#ifndef DROPBEAR_SK_ECDSA
+#define DROPBEAR_SK_ECDSA DROPBEAR_SK_KEYS
+#endif
+#ifndef DROPBEAR_SK_ED25519
+#define DROPBEAR_SK_ED25519 DROPBEAR_SK_KEYS
+#endif
+
 /* Dropbear only uses server-sig-algs, only needed if we have rsa-sha256 pubkey auth */
 #define DROPBEAR_EXT_INFO ((DROPBEAR_RSA_SHA256) \
 		&& ((DROPBEAR_CLI_PUBKEY_AUTH) || (DROPBEAR_SVR_PUBKEY_AUTH)))
@@ -357,5 +379,20 @@
 #define DROPBEAR_MSAN 0
 #endif
 
+#ifndef DEBUG_DSS_VERIFY
+#define DEBUG_DSS_VERIFY 0
+#endif
+
+#ifndef DROPBEAR_MULTI
+#define DROPBEAR_MULTI 0
+#endif
+
+/* Fuzzing expects all key types to be enabled */
+#if DROPBEAR_FUZZ
+#if defined(DROPBEAR_DSS)
+#undef DROPBEAR_DSS
+#endif
+#define DROPBEAR_DSS 1
+#endif
 
 /* no include guard for this file */