From bfb40653abfe524eba5f449f7c1bd43b85b5ec35 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 16 Dec 2025 22:12:07 +0800 Subject: [PATCH 1/2] Fix CI builds, disable unix socket forwarding macos doesn't currently support DROPBEAR_SVR_DROP_PRIVS so can't use unix socket forwarding either. Also disable it for nondefault builds. --- .github/workflows/build.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4fe41bd4..0458fec6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -81,6 +81,7 @@ jobs: # macos doesn't have setresgid localoptions: | #define DROPBEAR_SVR_DROP_PRIVS 0 + #define DROPBEAR_SVR_LOCALSTREAMFWD 0 - name: macos 15 os: macos-15 @@ -96,6 +97,7 @@ jobs: # macos doesn't have setresgid localoptions: | #define DROPBEAR_SVR_DROP_PRIVS 0 + #define DROPBEAR_SVR_LOCALSTREAMFWD 0 # Check that debug code doesn't bitrot - name: DEBUG_TRACE @@ -235,6 +237,7 @@ jobs: sed -i "s/DEFAULT_IDLE_TIMEOUT 1/DEFAULT_IDLE_TIMEOUT 99/" localoptions.h # DROPBEAR_SVR_DROP_PRIVS is on by default, turn it off echo "#define DROPBEAR_SVR_DROP_PRIVS 0" >> localoptions.h + echo "#define DROPBEAR_SVR_LOCALSTREAMFWD 0" >> localoptions.h - name: make run: | From 8263b6629c087fb578dedb886ec110b91249eccc Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Tue, 16 Dec 2025 22:21:11 +0800 Subject: [PATCH 2/2] Avoid unused declaration with unix socket disabled --- src/svr-tcpfwd.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/svr-tcpfwd.c b/src/svr-tcpfwd.c index a57637e5..2873fafc 100644 --- a/src/svr-tcpfwd.c +++ b/src/svr-tcpfwd.c @@ -56,7 +56,9 @@ void recv_msg_global_request_remotetcp() { static int svr_cancelremotetcp(void); static int svr_remotetcpreq(int *allocated_listen_port); static int newtcpdirect(struct Channel * channel); +#if DROPBEAR_SVR_LOCALSTREAMFWD static int newstreamlocal(struct Channel * channel); +#endif #if DROPBEAR_SVR_REMOTETCPFWD static const struct ChanType svr_chan_tcpremote = {