X-Original-To: alpine-aports@mail.alpinelinux.org
Delivered-To: alpine-aports@mail.alpinelinux.org
Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1])
	by mail.alpinelinux.org (Postfix) with ESMTP id 5902EDC0096
	for <alpine-aports@mail.alpinelinux.org>; Sun, 19 Jul 2015 14:17:40 +0000 (UTC)
Received: from apollo.thewebhostserver.com (apollomail.thewebhostserver.com [46.23.65.248])
	(using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.alpinelinux.org (Postfix) with ESMTPS id 1B15DDC0066
	for <alpine-aports@lists.alpinelinux.org>; Sun, 19 Jul 2015 14:17:38 +0000 (UTC)
Received: from [81.4.121.188] (port=56859 helo=localhost.localdomain)
	by apollo.thewebhostserver.com with esmtpsa (TLSv1.2:AES128-SHA256:128)
	(Exim 4.85)
	(envelope-from <developer@it-offshore.co.uk>)
	id 1ZGpPL-001htk-PP; Sun, 19 Jul 2015 15:17:35 +0100
From: Stuart Cardall <developer@it-offshore.co.uk>
To: alpine-aports@lists.alpinelinux.org
Cc: Stuart Cardall <developer@it-offshore.co.uk>
Subject: [alpine-aports] [PATCH v3] testing/tinyssh: fix keepalive not implemented
Date: Sun, 19 Jul 2015 14:17:31 +0000
Message-Id: <1437315451-109154-1-git-send-email-developer@it-offshore.co.uk>
X-Mailer: git-send-email 2.4.6
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - apollo.thewebhostserver.com
X-AntiAbuse: Original Domain - lists.alpinelinux.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - it-offshore.co.uk
X-Get-Message-Sender-Via: apollo.thewebhostserver.com: authenticated_id: developer@it-offshore.co.uk
X-Source: 
X-Source-Args: 
X-Source-Dir: 
X-Virus-Scanned: ClamAV using ClamSMTP
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

this fixes sessions being reset when a keepalive is sent
---
changes v1 --> v3:

includes patch instead of doc note
includes $pkgrel bump
---
 testing/tinyssh/APKBUILD                        | 14 +++--
 testing/tinyssh/keepalive-not-implemented.patch | 84 +++++++++++++++++++++++++
 2 files changed, 94 insertions(+), 4 deletions(-)
 create mode 100644 testing/tinyssh/keepalive-not-implemented.patch

diff --git a/testing/tinyssh/APKBUILD b/testing/tinyssh/APKBUILD
index f994e49..f7555c4 100644
--- a/testing/tinyssh/APKBUILD
+++ b/testing/tinyssh/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Stuart Cardall <developer@it-offshore.co.uk>
 pkgname=tinyssh
 pkgver=20150501
-pkgrel=0
+pkgrel=1
 pkgdesc="Small SSH server using NaCl / TweetNaCl (no dependency on OpenSSL)"
 url="http://tinyssh.org/"
 arch="all"
@@ -13,6 +13,7 @@ subpackages="$pkgname-doc"
 source="$pkgname-$pkgver.tar.bz2::http://mojzis.com/software/$pkgname/$pkgname-$pkgver.tar.bz2
 	$pkgname.initd
 	$pkgname.confd
+	keepalive-not-implemented.patch
 	"
 
 _builddir="$srcdir"/$pkgname-$pkgver
@@ -55,15 +56,20 @@ echo '22 stream tcp nowait root /usr/sbin/tinysshd tinysshd -l -v /etc/tinyssh/s
 rc-service inetd start
 
 (3) Using runit with either (1) or (2)
+
+Stealth SSH with FWKNOP: https://it-offshore.co.uk/security/53-stealth-your-ssh-port-ssh-into-lxc-containers
 EOF
 }
 
 md5sums="0e8b4add3fa6c4481e7b8159aca75b2f  tinyssh-20150501.tar.bz2
 78ec724804035bae29e1c47abec737d8  tinyssh.initd
-83e705f0f71db5ae0d8530edafa63497  tinyssh.confd"
+83e705f0f71db5ae0d8530edafa63497  tinyssh.confd
+42cf023926c2b9472fa3d98a6f626db8  keepalive-not-implemented.patch"
 sha256sums="ccaee75ee04252c7e7db1e06e74e4c55b53911c310a0dc5e1288c0feb73a1470  tinyssh-20150501.tar.bz2
 b3584c463f6ba0de6a5fe2e28fb98cd8ef65a55f17a0f4c877f61f54019ef34c  tinyssh.initd
-c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774  tinyssh.confd"
+c6c67395e7230d75077734f0b08d5f8c76f11aaef27878b013b7bd68dd7ba774  tinyssh.confd
+96ce731b29f76cba82047512a0c751370987fd51ff08d5bf124f10342f213251  keepalive-not-implemented.patch"
 sha512sums="780e4aa87fc5afbd0818f1c815c0e95a9ec5b096efedbc49d54492195725bbdf3fe860cc4b84a5e9b15b9b568fd0398e48601da3af22b3dfd64e4214d4797fbe  tinyssh-20150501.tar.bz2
 d10f995c6687e706453e51d06b3466427d476036efdbd86db2f9330281e46049bf2e3698208524b3f70cdbd30373f5bf46c7164dd626d22b3fa9a75ca5d8d478  tinyssh.initd
-4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9  tinyssh.confd"
+4513bd0d43ef0825fbd77365a8a7adefcd99211102df76003becf7e3a09a47ad9bbd16a68c3fadfb7868e0562f8d42a26106b7582cb70490a7e52a7d1e6110e9  tinyssh.confd
+9511d09d8a62e673e3e6b2ae9fc55e5b6ca7c33485c1834b4f53a1f06d84d34619a7f620c9862fb059d8a0d24a79d4172bd355185ceff5ac8acb381350e41d2e  keepalive-not-implemented.patch"
diff --git a/testing/tinyssh/keepalive-not-implemented.patch b/testing/tinyssh/keepalive-not-implemented.patch
new file mode 100644
index 0000000..19c21c1
--- /dev/null
+++ b/testing/tinyssh/keepalive-not-implemented.patch
@@ -0,0 +1,84 @@
+diff --git a/tinyssh-tests/packet_uinmplementedtest.c b/tinyssh-tests/packet_uinmplementedtest.c
+new file mode 120000
+index 0000000..c1c5f9b
+--- /dev/null
++++ b/tinyssh-tests/packet_uinmplementedtest.c
+@@ -0,0 +1 @@
++emptytest.c
+\ No newline at end of file
+diff --git a/tinyssh/LIBS b/tinyssh/LIBS
+index 7f1bcf5..9c1f27a 100644
+--- a/tinyssh/LIBS
++++ b/tinyssh/LIBS
+@@ -36,6 +36,7 @@ packetparser.o
+ packet_put.o
+ packet_recv.o
+ packet_send.o
++packet_uinmplemented.o
+ porttostr.o
+ randommod.o
+ readall.o
+diff --git a/tinyssh/SOURCES b/tinyssh/SOURCES
+index be77a5f..613535d 100644
+--- a/tinyssh/SOURCES
++++ b/tinyssh/SOURCES
+@@ -36,6 +36,7 @@ packetparser
+ packet_put
+ packet_recv
+ packet_send
++packet_uinmplemented
+ porttostr
+ randommod
+ readall
+diff --git a/tinyssh/packet.h b/tinyssh/packet.h
+index 891ede8..b2cba92 100644
+--- a/tinyssh/packet.h
++++ b/tinyssh/packet.h
+@@ -127,4 +127,7 @@ extern int packet_channel_send_windowadjust(struct buf *);
+ extern void packet_channel_send_eof(struct buf *);
+ extern int packet_channel_send_close(struct buf *, int, int);
+ 
++/* packet_uinmplemented.c */
++extern int packet_uinmplemented(struct buf *);
++
+ #endif
+diff --git a/tinyssh/packet_uinmplemented.c b/tinyssh/packet_uinmplemented.c
+new file mode 100644
+index 0000000..1ca82d6
+--- /dev/null
++++ b/tinyssh/packet_uinmplemented.c
+@@ -0,0 +1,18 @@
++/*
++20150719
++Jan Mojzis
++Public domain.
++*/
++
++#include "buf.h"
++#include "ssh.h"
++#include "packet.h"
++
++int packet_uinmplemented(struct buf *b) {
++
++    buf_purge(b);
++    buf_putnum8(b, SSH_MSG_UNIMPLEMENTED);       /* SSH_MSG_UNIMPLEMENTED */
++    buf_putnum32(b, packet.receivepacketid);     /* packeid */
++    packet_put(b);
++    return packet_sendall();
++}
+diff --git a/tinyssh/tinysshd.c b/tinyssh/tinysshd.c
+index ba44584..78677f5 100644
+--- a/tinyssh/tinysshd.c
++++ b/tinyssh/tinysshd.c
+@@ -300,8 +300,8 @@ int main(int argc, char **argv) {
+                 case SSH_MSG_KEXINIT:
+                     goto rekeying;
+                 default:
+-                    die_fatal("unknown message type", 0, 0);
+-                    /* XXX TODO - send SSH_MSG_UNIMPLEMENTED */
++                    log_d1("unknown packet - sending SSH_MSG_UNIMPLEMENTED message");
++                    if (!packet_uinmplemented(&b1)) die_fatal("unable to send SSH_MSG_UNIMPLEMENTED message", 0, 0);
+             }
+         }
+     }
+
-- 
2.4.6



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---