dropbear: update to 2018.76 (#2356)

* dropbear: update to 2018.76 * dropbear: fix hardcoded paths * dropbear: enable scp
2018-04-22 22:22:48 +03:00 · 2018-04-22 22:22:48 +03:00 · c4061e081f
commit c4061e081f
parent a6aa402848
13 changed files with 258 additions and 162 deletions
--- a/packages/dropbear/Makefile.in.patch
+++ b/packages/dropbear/Makefile.in.patch
@ -0,0 +1,12 @@
+diff -uNr dropbear-2018.76/Makefile.in dropbear-2018.76.mod/Makefile.in
+--- dropbear-2018.76/Makefile.in	2018-02-27 16:25:10.000000000 +0200
+++ dropbear-2018.76.mod/Makefile.in	2018-04-21 14:05:03.923792282 +0300
+@@ -9,7 +9,7 @@
+ # dbclient functionality, and includes the progress-bar functionality in scp.
+ 
+ ifndef PROGRAMS
+-	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert
+	PROGRAMS=dropbear dbclient dropbearkey dropbearconvert scp
+ endif
+ 
+ STATIC_LTC=libtomcrypt/libtomcrypt.a
--- a/packages/dropbear/build.sh
+++ b/packages/dropbear/build.sh
@ -1,15 +1,19 @@
 TERMUX_PKG_HOMEPAGE=https://matt.ucc.asn.au/dropbear/dropbear.html
 TERMUX_PKG_DESCRIPTION="Small SSH server and client"
-TERMUX_PKG_DEPENDS="libutil"
-TERMUX_PKG_VERSION=2017.75
-TERMUX_PKG_REVISION=2
+TERMUX_PKG_DEPENDS="libutil, readline"
+TERMUX_PKG_CONFLICTS="openssh"
+TERMUX_PKG_VERSION=2018.76
 TERMUX_PKG_SRCURL=https://matt.ucc.asn.au/dropbear/releases/dropbear-${TERMUX_PKG_VERSION}.tar.bz2
-TERMUX_PKG_SHA256=6cbc1dcb1c9709d226dff669e5604172a18cf5dbf9a201474d5618ae4465098c
+TERMUX_PKG_SHA256=f2fb9167eca8cf93456a5fc1d4faf709902a3ab70dd44e352f3acbc3ffdaea65
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS="--disable-syslog --disable-utmp --disable-utmpx --disable-wtmp"
+TERMUX_PKG_BUILD_IN_SRC="yes"
+TERMUX_PKG_CLANG=no
 # Avoid linking to libcrypt for server password authentication:
 TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_lib_crypt_crypt=no"
+# use own implementation of getpass
+TERMUX_PKG_EXTRA_CONFIGURE_ARGS+=" ac_cv_func_getpass=yes LIBS=-lreadline"
+# build a multi-call binary
 TERMUX_PKG_EXTRA_MAKE_ARGS="MULTI=1"
-TERMUX_PKG_BUILD_IN_SRC="yes"

 termux_step_create_debscripts () {
        echo "#!$TERMUX_PREFIX/bin/sh" > postinst
--- a/packages/dropbear/cli-auth.c.patch
+++ b/packages/dropbear/cli-auth.c.patch
@ -0,0 +1,42 @@
+diff -uNr dropbear-2018.76/cli-auth.c dropbear-2018.76.mod/cli-auth.c
+--- dropbear-2018.76/cli-auth.c	2018-02-27 16:25:10.000000000 +0200
+++ dropbear-2018.76.mod/cli-auth.c	2018-04-21 13:44:51.797063206 +0300
+@@ -32,6 +32,38 @@
+ #include "packet.h"
+ #include "runopts.h"
+ 
+
+// getpass implementation
+#ifdef __ANDROID__
+#include <termios.h>
+#include <readline/readline.h>
+
+static char* getpass(const char *prompt) {
+    struct termios term_old, term_new;
+    int nread;
+
+    /* Turn echoing off and fail if we can't. */
+    if (tcgetattr (0, &term_old) != 0) {
+        return NULL;
+    }
+
+    term_new = term_old;
+    term_new.c_lflag &= ~ECHO;
+
+    if (tcsetattr (0, TCSAFLUSH, &term_new) != 0) {
+        return NULL;
+    }
+
+    /* Read the password. */
+    char *password = readline(prompt);
+
+    /* Restore terminal. */
+    (void) tcsetattr (0, TCSAFLUSH, &term_old);
+
+    return password;
+}
+#endif
+
+ void cli_authinitialise() {
+ 
+ 	memset(&ses.authstate, 0, sizeof(ses.authstate));
--- a/packages/dropbear/common-session.c.patch
+++ b/packages/dropbear/common-session.c.patch
@ -0,0 +1,12 @@
+diff -uNr dropbear-2018.76/common-session.c dropbear-2018.76.mod/common-session.c
+--- dropbear-2018.76/common-session.c	2018-02-27 16:25:10.000000000 +0200
+++ dropbear-2018.76.mod/common-session.c	2018-04-21 13:49:06.633742995 +0300
+@@ -570,7 +570,7 @@
+ const char* get_user_shell() {
+ 	/* an empty shell should be interpreted as "/bin/sh" */
+ 	if (ses.authstate.pw_shell[0] == '\0') {
+-		return "/bin/sh";
+		return "@TERMUX_PREFIX@/bin/sh";
+ 	} else {
+ 		return ses.authstate.pw_shell;
+ 	}
--- a/packages/dropbear/compat.c.patch
+++ b/packages/dropbear/compat.c.patch
@ -0,0 +1,21 @@
+diff -uNr dropbear-2018.76/compat.c dropbear-2018.76.mod/compat.c
+--- dropbear-2018.76/compat.c	2018-02-27 16:25:10.000000000 +0200
+++ dropbear-2018.76.mod/compat.c	2018-04-21 13:47:36.443738351 +0300
+@@ -232,7 +232,7 @@
+ 
+ static char **initshells() {
+ 	/* don't touch this list. */
+-	static const char *okshells[] = { "/bin/sh", "/bin/csh", NULL };
+	static const char *okshells[] = { "@TERMUX_PREFIX@/bin/sh", "@TERMUX_PREFIX@/bin/csh", NULL };
+ 	register char **sp, *cp;
+ 	register FILE *fp;
+ 	struct stat statb;
+@@ -244,7 +244,7 @@
+ 	if (strings != NULL)
+ 		free(strings);
+ 	strings = NULL;
+-	if ((fp = fopen("/etc/shells", "rc")) == NULL)
+	if ((fp = fopen("@TERMUX_PREFIX@/etc/shells", "rc")) == NULL)
+ 		return (char **) okshells;
+ 	if (fstat(fileno(fp), &statb) == -1) {
+ 		(void)fclose(fp);
--- a/packages/dropbear/default_options.h.patch
+++ b/packages/dropbear/default_options.h.patch
@ -1,81 +1,77 @@
-diff -u -r ../dropbear-2017.75/options.h ./options.h
--- ../dropbear-2017.75/options.h	2017-05-18 16:47:02.000000000 +0200
-+++ ./options.h	2018-01-24 11:01:37.013064455 +0100
-@@ -11,7 +11,7 @@
- /* IMPORTANT: Many options will require "make clean" after changes */
+diff -uNr dropbear-2018.76/default_options.h dropbear-2018.76.mod/default_options.h
+--- dropbear-2018.76/default_options.h	2018-02-27 16:25:10.000000000 +0200
+++ dropbear-2018.76.mod/default_options.h	2018-04-21 13:44:59.120396918 +0300
+@@ -13,15 +13,15 @@
+ 
+ IMPORTANT: Some options will require "make clean" after changes */
 
- #ifndef DROPBEAR_DEFPORT
 -#define DROPBEAR_DEFPORT "22"
 +#define DROPBEAR_DEFPORT "8022"
- #endif
 
- #ifndef DROPBEAR_DEFADDRESS
-@@ -21,13 +21,13 @@
+ /* Listen on all interfaces */
+ #define DROPBEAR_DEFADDRESS ""
 
 /* Default hostkey paths - these can be specified on the command line */
- #ifndef DSS_PRIV_FILENAME
 -#define DSS_PRIV_FILENAME "/etc/dropbear/dropbear_dss_host_key"
-+#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key"
- #endif
- #ifndef RSA_PRIV_FILENAME
 -#define RSA_PRIV_FILENAME "/etc/dropbear/dropbear_rsa_host_key"
-+#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key"
- #endif
- #ifndef ECDSA_PRIV_FILENAME
 -#define ECDSA_PRIV_FILENAME "/etc/dropbear/dropbear_ecdsa_host_key"
+#define DSS_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_dss_host_key"
+#define RSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_rsa_host_key"
 +#define ECDSA_PRIV_FILENAME "@TERMUX_PREFIX@/etc/dropbear/dropbear_ecdsa_host_key"
- #endif
 
 /* Set NON_INETD_MODE if you require daemon functionality (ie Dropbear listens
-@@ -52,7 +52,7 @@
- several kB in binary size however will make the symmetrical ciphers and hashes
- slower, perhaps by 50%. Recommended for small systems that aren't doing
- much traffic. */
-#define DROPBEAR_SMALL_CODE
+  * on chosen ports and keeps accepting connections. This is the default.
+@@ -44,7 +44,7 @@
+  * several kB in binary size however will make the symmetrical ciphers and hashes
+  * slower, perhaps by 50%. Recommended for small systems that aren't doing
+  * much traffic. */
+-#define DROPBEAR_SMALL_CODE 1
 +#undef DROPBEAR_SMALL_CODE
 
 /* Enable X11 Forwarding - server only */
- #define ENABLE_X11FWD
-@@ -198,7 +198,7 @@
+ #define DROPBEAR_X11FWD 1
+@@ -175,11 +175,11 @@
 
- /* The MOTD file path */
- #ifndef MOTD_FILENAME
+ /* Whether to print the message of the day (MOTD). */
+ #define DO_MOTD 0
 -#define MOTD_FILENAME "/etc/motd"
 +#define MOTD_FILENAME "@TERMUX_PREFIX@/etc/motd"
- #endif
 
 /* Authentication Types - at least one required.
-@@ -213,7 +213,7 @@
+    RFC Draft requires pubkey auth, and recommends password */
+-#define DROPBEAR_SVR_PASSWORD_AUTH 1
+#undef DROPBEAR_SVR_PASSWORD_AUTH
+ 
+ /* Note: PAM auth is quite simple and only works for PAM modules which just do
+  * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c).
+@@ -222,7 +222,7 @@
+ 
+ /* Set this to use PRNGD or EGD instead of /dev/urandom */
+ #define DROPBEAR_USE_PRNGD 0
+-#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"
+#define DROPBEAR_PRNGD_SOCKET "@TERMUX_PREFIX@/var/run/dropbear-rng"
+ 
+ /* Specify the number of clients we will allow to be connected but
+  * not yet authenticated. After this limit, connections are rejected */
+@@ -239,22 +239,22 @@
 
- /* This requires crypt() */
- #ifdef HAVE_CRYPT
-#define ENABLE_SVR_PASSWORD_AUTH
-+#undef ENABLE_SVR_PASSWORD_AUTH
- #endif
- /* PAM requires ./configure --enable-pam */
- /*#define ENABLE_SVR_PAM_AUTH */
-@@ -287,25 +287,25 @@
 /* The default file to store the daemon's process ID, for shutdown
    scripts etc. This can be overridden with the -P flag */
- #ifndef DROPBEAR_PIDFILE
 -#define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
 +#define DROPBEAR_PIDFILE "@TERMUX_PREFIX@/var/run/dropbear.pid"
- #endif
 
 /* The command to invoke for xauth when using X11 forwarding.
  * "-q" for quiet */
- #ifndef XAUTH_COMMAND
 -#define XAUTH_COMMAND "/usr/bin/xauth -q"
 +#define XAUTH_COMMAND "@TERMUX_PREFIX@/bin/xauth -q"
- #endif
+ 
 
 /* if you want to enable running an sftp server (such as the one included with
-  * OpenSSH), set the path below. If the path isn't defined, sftp will not
-  * be enabled */
- #ifndef SFTPSERVER_PATH
+  * OpenSSH), set the path below and set DROPBEAR_SFTPSERVER. 
+  * The sftp-server program is not provided by Dropbear itself */
+ #define DROPBEAR_SFTPSERVER 1
 -#define SFTPSERVER_PATH "/usr/libexec/sftp-server"
 +#define SFTPSERVER_PATH "@TERMUX_PREFIX@/libexec/sftp-server"
- #endif
 
 /* This is used by the scp binary when used as a client binary. If you're
  * not using the Dropbear client, you'll need to change it */
@ -84,12 +80,11 @@ diff -u -r ../dropbear-2017.75/options.h ./options.h
 
 /* Whether to log commands executed by a client. This only logs the 
  * (single) command sent to the server, not what a user did in a 
-@@ -347,7 +347,7 @@
+@@ -290,6 +290,6 @@
 #define DEFAULT_IDLE_TIMEOUT 0
 
 /* The default path. This will often get replaced by the shell */
 -#define DEFAULT_PATH "/usr/bin:/bin"
-+#define DEFAULT_PATH "@TERMUX_PREFIX@/bin"
+#define DEFAULT_PATH "@TERMUX_PREFIX@/bin:@TERMUX_PREFIX@/bin/applets"
 
- /* Some other defines (that mostly should be left alone) are defined
-  * in sysoptions.h */
+ #endif /* DROPBEAR_DEFAULT_OPTIONS_H_ */
--- a/packages/dropbear/dropbear.patch
+++ b/packages/dropbear/dropbear.patch
@ -1,95 +0,0 @@
-diff -u -r ../dropbear-2013.62/cli-auth.c ./cli-auth.c
--- ../dropbear-2013.62/cli-auth.c	2013-12-03 14:39:15.000000000 +0100
-+++ ./cli-auth.c	2014-01-05 21:21:37.926812382 +0100
-@@ -32,6 +32,10 @@
- #include "packet.h"
- #include "runopts.h"
- 
-+char * getpass (const char *prompt) {
-+	return "";
-+}
-+
- void cli_authinitialise() {
- 
- 	memset(&ses.authstate, 0, sizeof(ses.authstate));
- #ifdef ENABLE_CLI_ANYTCPFWD
-diff -u -r ../dropbear-2013.62/sshpty.c ./sshpty.c
--- ../dropbear-2013.62/sshpty.c	2013-12-03 14:39:15.000000000 +0100
-+++ ./sshpty.c	2014-01-05 21:21:37.930812382 +0100
-@@ -22,6 +22,10 @@
- #include "errno.h"
- #include "sshpty.h"
- 
-+#ifdef __ANDROID__
-+# define USE_DEV_PTMX 1
-+#endif
-+
- /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
- #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
- #undef HAVE_DEV_PTMX
-@@ -380,6 +384,7 @@
- 				tty_name, strerror(errno));
- 	}
- 
-+	/*
- 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
- 		if (chown(tty_name, pw->pw_uid, gid) < 0) {
- 			if (errno == EROFS &&
-@@ -409,4 +414,5 @@
- 			}
- 		}
- 	}
-+	*/
- }
-diff -u -r ../dropbear-2013.62/svr-agentfwd.c ./svr-agentfwd.c
--- ../dropbear-2013.62/svr-agentfwd.c	2013-12-03 14:39:15.000000000 +0100
-+++ ./svr-agentfwd.c	2014-01-05 21:21:37.930812382 +0100
-@@ -218,10 +218,12 @@
- 	/* drop to user privs to make the dir/file */
- 	uid = getuid();
- 	gid = getgid();
-+	/*
- 	if ((setegid(ses.authstate.pw_gid)) < 0 ||
- 		(seteuid(ses.authstate.pw_uid)) < 0) {
- 		dropbear_exit("Failed to set euid");
- 	}
-+	*/
- 
- 	memset((void*)&addr, 0x0, sizeof(addr));
- 	addr.sun_family = AF_UNIX;
-diff -u -r ../dropbear-2013.62/svr-chansession.c ./svr-chansession.c
--- ../dropbear-2013.62/svr-chansession.c	2013-12-03 14:39:15.000000000 +0100
-+++ ./svr-chansession.c	2014-01-05 21:32:15.438797159 +0100
-@@ -874,6 +874,8 @@
- #endif
- 
- 	/* clear environment */
-+	/* termux: do not clear environment on android */
-+#ifndef __ANDROID__
- 	/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
- 	 * etc. This is hazardous, so should only be used for debugging. */
- #ifndef DEBUG_VALGRIND
-@@ -886,6 +888,7 @@
- 	}
- #endif /* HAVE_CLEARENV */
- #endif /* DEBUG_VALGRIND */
-+#endif /* __ANDROID__ */
- 
- 	/* We can only change uid/gid as root ... */
- 	if (getuid() == 0) {
-@@ -911,12 +914,14 @@
- 		}
- 	}
- 
-+	/* termux: do not modify environment since we did not clean it */
-+#ifndef __ANDROID__
- 	/* set env vars */
- 	addnewvar("USER", ses.authstate.pw_name);
- 	addnewvar("LOGNAME", ses.authstate.pw_name);
- 	addnewvar("HOME", ses.authstate.pw_dir);
- 	addnewvar("SHELL", get_user_shell());
-	addnewvar("PATH", DEFAULT_PATH);
-+#endif /* __ANDROID__ */
- 	if (chansess->term != NULL) {
- 		addnewvar("TERM", chansess->term);
- 	}
--- a/packages/dropbear/gensignkey.c.patch
+++ b/packages/dropbear/gensignkey.c.patch
@ -1,7 +1,7 @@
-diff -u -r ../dropbear-2017.75/gensignkey.c ./gensignkey.c
--- ../dropbear-2017.75/gensignkey.c	2017-05-18 16:47:01.000000000 +0200
-+++ ./gensignkey.c	2017-06-13 23:50:59.888597482 +0200
-@@ -137,6 +137,16 @@
+diff -uNr dropbear-2018.76/gensignkey.c dropbear-2018.76.mod/gensignkey.c
+--- dropbear-2018.76/gensignkey.c	2018-02-27 16:25:10.000000000 +0200
+++ dropbear-2018.76.mod/gensignkey.c	2018-04-21 13:45:22.973731479 +0300
+@@ -140,6 +140,16 @@
 		goto out;
 	}
 
@ -18,7 +18,7 @@ diff -u -r ../dropbear-2017.75/gensignkey.c ./gensignkey.c
 	if (link(fn_temp, filename) < 0) {
 		/* If generating keys on connection (skipexist) it's OK to get EEXIST 
 		- we probably just lost a race with another connection to generate the key */
-@@ -148,6 +158,7 @@
+@@ -151,6 +161,7 @@
 			goto out;
 		}
 	}
--- a/packages/dropbear/sshpty.c.patch
+++ b/packages/dropbear/sshpty.c.patch
@ -0,0 +1,28 @@
+diff -uNr dropbear-2018.76/sshpty.c dropbear-2018.76.mod/sshpty.c
+--- dropbear-2018.76/sshpty.c	2018-02-27 16:25:12.000000000 +0200
+++ dropbear-2018.76.mod/sshpty.c	2018-04-21 13:45:06.703730641 +0300
+@@ -22,6 +22,10 @@
+ #include "errno.h"
+ #include "sshpty.h"
+ 
+#ifdef __ANDROID__
+# define USE_DEV_PTMX 1
+#endif
+
+ /* Pty allocated with _getpty gets broken if we do I_PUSH:es to it. */
+ #if defined(HAVE__GETPTY) || defined(HAVE_OPENPTY)
+ #undef HAVE_DEV_PTMX
+@@ -380,6 +384,7 @@
+ 				tty_name, strerror(errno));
+ 	}
+ 
+	/*
+ 	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+ 		if (chown(tty_name, pw->pw_uid, gid) < 0) {
+ 			if (errno == EROFS &&
+@@ -409,4 +414,5 @@
+ 			}
+ 		}
+ 	}
+	*/
+ }
--- a/packages/dropbear/svr-agentfwd.c.patch
+++ b/packages/dropbear/svr-agentfwd.c.patch
@ -0,0 +1,25 @@
+diff -uNr dropbear-2018.76/svr-agentfwd.c dropbear-2018.76.mod/svr-agentfwd.c
+--- dropbear-2018.76/svr-agentfwd.c	2018-02-27 16:25:12.000000000 +0200
+++ dropbear-2018.76.mod/svr-agentfwd.c	2018-04-21 13:46:57.660403020 +0300
+@@ -41,7 +41,7 @@
+ #include "listener.h"
+ #include "auth.h"
+ 
+-#define AGENTDIRPREFIX "/tmp/dropbear-"
+#define AGENTDIRPREFIX "@TERMUX_PREFIX@/tmp/dropbear-"
+ 
+ static int send_msg_channel_open_agent(int fd);
+ static int bindagent(int fd, struct ChanSess * chansess);
+@@ -218,10 +218,12 @@
+ 	/* drop to user privs to make the dir/file */
+ 	uid = getuid();
+ 	gid = getgid();
+	/*
+ 	if ((setegid(ses.authstate.pw_gid)) < 0 ||
+ 		(seteuid(ses.authstate.pw_uid)) < 0) {
+ 		dropbear_exit("Failed to set euid");
+ 	}
+	*/
+ 
+ 	memset((void*)&addr, 0x0, sizeof(addr));
+ 	addr.sun_family = AF_UNIX;
--- a/packages/dropbear/svr-auth.c.patch
+++ b/packages/dropbear/svr-auth.c.patch
@ -1,7 +1,7 @@
-diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
--- ../dropbear-2014.63/svr-auth.c	2014-02-19 15:05:24.000000000 +0100
-+++ ./svr-auth.c	2014-03-22 17:52:07.000000000 +0100
-@@ -120,6 +120,9 @@
+diff -uNr dropbear-2018.76/svr-auth.c dropbear-2018.76.mod/svr-auth.c
+--- dropbear-2018.76/svr-auth.c	2018-02-27 16:25:12.000000000 +0200
+++ dropbear-2018.76.mod/svr-auth.c	2018-04-21 13:48:35.083741369 +0300
+@@ -93,6 +93,9 @@
 	}
 
 	username = buf_getstring(ses.payload, &userlen);
@ -11,7 +11,7 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
 	servicename = buf_getstring(ses.payload, &servicelen);
 	methodname = buf_getstring(ses.payload, &methodlen);
 
-@@ -129,7 +132,6 @@
+@@ -102,7 +105,6 @@
 					SSH_SERVICE_CONNECTION_LEN) != 0)) {
 		
 		/* TODO - disconnect here */
@ -19,7 +19,7 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
 		m_free(servicename);
 		m_free(methodname);
 		dropbear_exit("unknown service in auth");
-@@ -219,7 +221,6 @@
+@@ -192,7 +194,6 @@
 
 out:
 
@ -27,15 +27,19 @@ diff -u -r ../dropbear-2014.63/svr-auth.c ./svr-auth.c
 	m_free(servicename);
 	m_free(methodname);
 }
-@@ -287,6 +288,7 @@
- 		usershell = "/bin/sh";
+@@ -320,9 +321,10 @@
+ 	usershell = ses.authstate.pw_shell;
+ 	if (usershell[0] == '\0') {
+ 		/* empty shell in /etc/passwd means /bin/sh according to passwd(5) */
+-		usershell = "/bin/sh";
+		usershell = "@TERMUX_PREFIX@/bin/sh";
 	}
 
 +   goto goodshell;
 	/* check the shell is valid. If /etc/shells doesn't exist, getusershell()
 	 * should return some standard shells like "/bin/sh" and "/bin/csh" (this
 	 * is platform-specific) */
-@@ -306,7 +308,7 @@
+@@ -343,7 +345,7 @@
 	return DROPBEAR_FAILURE;
 	
 goodshell:
--- a/packages/dropbear/svr-chansession.c.patch
+++ b/packages/dropbear/svr-chansession.c.patch
@ -0,0 +1,36 @@
+diff -uNr dropbear-2018.76/svr-chansession.c dropbear-2018.76.mod/svr-chansession.c
+--- dropbear-2018.76/svr-chansession.c	2018-02-27 16:25:12.000000000 +0200
+++ dropbear-2018.76.mod/svr-chansession.c	2018-04-21 13:45:06.707063974 +0300
+@@ -919,6 +919,8 @@
+ #endif
+ 
+ 	/* clear environment */
+	/* termux: do not clear environment on android */
+#ifndef __ANDROID__
+ 	/* if we're debugging using valgrind etc, we need to keep the LD_PRELOAD
+ 	 * etc. This is hazardous, so should only be used for debugging. */
+ #ifndef DEBUG_VALGRIND
+@@ -931,6 +933,7 @@
+ 	}
+ #endif /* HAVE_CLEARENV */
+ #endif /* DEBUG_VALGRIND */
+#endif /* __ANDROID__ */
+ 
+ 	/* We can only change uid/gid as root ... */
+ 	if (getuid() == 0) {
+@@ -956,12 +959,14 @@
+ 		}
+ 	}
+ 
+	/* termux: do not modify environment since we did not clean it */
+#ifndef __ANDROID__
+ 	/* set env vars */
+ 	addnewvar("USER", ses.authstate.pw_name);
+ 	addnewvar("LOGNAME", ses.authstate.pw_name);
+ 	addnewvar("HOME", ses.authstate.pw_dir);
+ 	addnewvar("SHELL", get_user_shell());
+-	addnewvar("PATH", DEFAULT_PATH);
+#endif /* __ANDROID__ */
+ 	if (chansess->term != NULL) {
+ 		addnewvar("TERM", chansess->term);
+ 	}
--- a/packages/dropbear/sysoptions.h.patch
+++ b/packages/dropbear/sysoptions.h.patch
@ -0,0 +1,12 @@
+diff -uNr dropbear-2018.76/sysoptions.h dropbear-2018.76.mod/sysoptions.h
+--- dropbear-2018.76/sysoptions.h	2018-02-27 16:25:12.000000000 +0200
+++ dropbear-2018.76.mod/sysoptions.h	2018-04-21 13:48:41.227075019 +0300
+@@ -71,7 +71,7 @@
+ 
+ #define _PATH_TTY "/dev/tty"
+ 
+-#define _PATH_CP "/bin/cp"
+#define _PATH_CP "@TERMUX_PREFIX@/bin/cp"
+ 
+ #define DROPBEAR_ESCAPE_CHAR '~'
+