3 files changed, 27 insertions, 4 deletions

diff --git a/ChangeLog b/ChangeLog
index 8ad8b1a4..1a5e6c2e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,10 @@
  - (djm) [commit configure.ac defines.h sshpty.c] don't attempt to use
    vhangup on Linux. It doens't work for non-root users, and for them
    it just messes up the tty settings.
+ - (djm) [misc.c] Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC
+   when it is available. It takes into account time spent suspended,
+   thereby ensuring timeouts (e.g. for expiring agent keys) fire
+   correctly. bz#2228 reported by John Haxby
 
 20140519
  - (djm) [rijndael.c rijndael.h] Sync with newly-ressurected versions ine
diff --git a/channels.c b/channels.c
index 1020071f..ea79dd3c 100644
--- a/channels.c
+++ b/channels.c
@@ -2700,6 +2700,7 @@ channel_set_af(int af)
  * "0.0.0.0"               -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR
  * "" (empty string), "*"  -> wildcard v4/v6
  * "localhost"             -> loopback v4/v6
+ * "127.0.0.1" / "::1"     -> accepted even if gateway_ports isn't set
  */
 static const char *
 channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
@@ -2729,9 +2730,20 @@ channel_fwd_bind_addr(const char *listen_addr, int *wildcardp,
 				    "\"%s\" overridden by server "
 				    "GatewayPorts", listen_addr);
 			}
-		}
-		else if (strcmp(listen_addr, "localhost") != 0)
+		} else if (strcmp(listen_addr, "localhost") != 0 ||
+		    strcmp(listen_addr, "127.0.0.1") == 0 ||
+		    strcmp(listen_addr, "::1") == 0) {
+			/* Accept localhost address when GatewayPorts=yes */
 			addr = listen_addr;
+		}
+	} else if (strcmp(listen_addr, "127.0.0.1") == 0 ||
+	    strcmp(listen_addr, "::1") == 0) {
+		/*
+		 * If a specific IPv4/IPv6 localhost address has been
+		 * requested then accept it even if gateway_ports is in
+		 * effect. This allows the client to prefer IPv4 or IPv6.
+		 */
+		addr = listen_addr;
 	}
 	if (wildcardp != NULL)
 		*wildcardp = wildcard;
diff --git a/misc.c b/misc.c
index deb8768f..099c4ef8 100644
--- a/misc.c
+++ b/misc.c
@@ -882,17 +882,24 @@ ms_to_timeval(struct timeval *tv, int ms)
 time_t
 monotime(void)
 {
-#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
+#if defined(HAVE_CLOCK_GETTIME) && \
+    (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME))
 	struct timespec ts;
 	static int gettime_failed = 0;
 
 	if (!gettime_failed) {
+#if defined(CLOCK_BOOTTIME)
+		if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0)
+			return (ts.tv_sec);
+#endif
+#if defined(CLOCK_MONOTONIC)
 		if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
 			return (ts.tv_sec);
+#endif
 		debug3("clock_gettime: %s", strerror(errno));
 		gettime_failed = 1;
 	}
-#endif
+#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */
 
 	return time(NULL);
 }