dropbear: CHANGES annotate

annotate CHANGES @ 1930:299f4f19ba19

Add /usr/sbin and /sbin to default root PATH When dropbear is used in a very restricted environment (such as in a initrd), the default user shell is often also very restricted and doesn't take care of setting the PATH so the user ends up with the PATH set by dropbear. Unfortunately, dropbear always sets "/usr/bin:/bin" as default PATH even for the root user which should have /usr/sbin and /sbin too. For a concrete instance of this problem, see the "Remote Unlocking" section in this tutorial: https://paxswill.com/blog/2013/11/04/encrypted-raspberry-pi/ It speaks of a bug in the initramfs script because it's written "blkid" instead of "/sbin/blkid"... this is just because the scripts from the initramfs do not expect to have a PATH without the sbin directories and because dropbear is not setting the PATH appropriately for the root user. I'm thus suggesting to use the attached patch to fix this misbehaviour (I did not test it, but it's easy enough). It might seem anecdotic but multiple Kali users have been bitten by this. From https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403

author	Raphael Hertzog <hertzog@debian.org>
date	Mon, 09 Jul 2018 16:27:53 +0200
parents	284c3837891c
children	b366dfaeae68

rev	line source
1921 284c3837891c Allow user space file locations (rootless support) Begley Brothers Inc <begleybrothers@gmail.com> parents: 1761 diff changeset	1 - The following config paths are now relative to a home directory if
284c3837891c Allow user space file locations (rootless support) Begley Brothers Inc <begleybrothers@gmail.com> parents: 1761 diff changeset	2 starting with "~". Thanks to Begley Brothers Inc
284c3837891c Allow user space file locations (rootless support) Begley Brothers Inc <begleybrothers@gmail.com> parents: 1761 diff changeset	3 *_PRIV_FILENAME
284c3837891c Allow user space file locations (rootless support) Begley Brothers Inc <begleybrothers@gmail.com> parents: 1761 diff changeset	4 DROPBEAR_PIDFILE
284c3837891c Allow user space file locations (rootless support) Begley Brothers Inc <begleybrothers@gmail.com> parents: 1761 diff changeset	5 SFTPSERVER_PATH
284c3837891c Allow user space file locations (rootless support) Begley Brothers Inc <begleybrothers@gmail.com> parents: 1761 diff changeset	6 MOTD_FILENAME
284c3837891c Allow user space file locations (rootless support) Begley Brothers Inc <begleybrothers@gmail.com> parents: 1761 diff changeset	7
1761 4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	8 2020.81 - 29 October 2020
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	9
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	10 - Fix regression in 2020.79 which prevented connecting with some SSH
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	11 implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	12 message if the limit is hit. This fixes interoperability with sshj
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	13 library (used by PyCharm), and GoAnywhere.
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	14 Reported by Pirmin Walthert and Piotr Jurkiewicz
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	15
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	16 - Fix building with non-GCC compilers, reported by Kazuo Kuroi
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	17
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	18 - Fix potential long delay in dbclient, found by OSS Fuzz
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	19
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	20 - Fix null pointer dereference crash, found by OSS Fuzz
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	21
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	22 - libtommath now uses the same random source as Dropbear (in 2020.79
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	23 and 2020.80 used getrandom() separately)
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	24
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	25 - Some fuzzing improvements, start of a dbclient fuzzer
4b984c42372d Changelog for 2020.81 Matt Johnston <matt@ucc.asn.au> parents: 1737 diff changeset	26
1731 cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	27 2020.80 - 26 June 2020
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	28
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	29 - Don't block authorized_keys logins with no-X11-forwarding or no-agent-forwarding
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	30 restrictions when X11 or agent forwarding are disabled at compile time.
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	31 This is more of a problem now X11 is disabled by default, reported by Guilhem Moulin
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	32
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	33 - Reduce binary size by 4kB (x64) when using bundled libtommath
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	34
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	35 - Define GNU_SOURCE for getrandom() on uclibc, reported by Laurent Bercot and
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	36 Fabrice Fontaine
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	37
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	38 - Improve checking libtomcrypt version compatibility
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	39
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	40 - Add some style notes to DEVELOPING.md
cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	41
1719 25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	42 2020.79 - 15 June 2020
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	43
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	44 - Support ed25519 hostkeys and authorized_keys, many thanks to Vladislav Grishenko.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	45 This also replaces curve25519 with a TweetNaCl implementation that reduces code size.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	46
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	47 - Add chacha20-poly1305 authenticated cipher. This will perform faster than AES
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	48 on many platforms. Thanks to Vladislav Grishenko
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	49
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	50 - Support using rsa-sha2 signatures. No changes are needed to hostkeys/authorized_keys
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	51 entries, existing RSA keys can be used with the new signature format (signatures
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	52 are ephemeral within a session). Old ssh-rsa signatures will no longer
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	53 be supported by OpenSSH in future so upgrading is recommended.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	54
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	55 - Use getrandom() call on Linux to ensure sufficient entropy has been gathered at startup.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	56 Dropbear now avoids reading from the random source at startup, instead waiting until
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	57 the first connection. It is possible that some platforms were running without enough
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	58 entropy previously, those could potentially block at first boot generating host keys.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	59 The dropbear "-R" option is one way to avoid that.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	60
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	61 - Upgrade libtomcrypt to 1.18.2 and libtommath to 1.2.0, many thanks to Steffen Jaeckel for
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	62 updating Dropbear to use the current API. Dropbear's configure script will check
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	63 for sufficient system library versions, otherwise using the bundled versions.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	64
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	65 - CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by default.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	66 They can be set in localoptions.h if required.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	67 Blowfish has been removed.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	68
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	69 - Support AES GCM, patch from Vladislav Grishenko. This is disabled by default,
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	70 Dropbear doesn't currently use hardware accelerated AES.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	71
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	72 - Added an API for specifying user public keys as an authorized_keys replacement.
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	73 See pubkeyapi.h for details, thanks to Fabrizio Bertocci
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	74
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	75 - Fix idle detection clashing with keepalives, thanks to jcmathews
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	76
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	77 - Include IP addresses in more early exit messages making it easier for fail2ban
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	78 processing. Patch from Kevin Darbyshire-Bryant
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	79
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	80 - scp fix for CVE-2018-20685 where a server could modify name of output files
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	81
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	82 - SSH_ORIGINAL_COMMAND is set for "dropbear -c" forced command too
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	83
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	84 - Fix writing key files on systems without hard links, from Matt Robinson
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	85
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	86 - Compatibility fixes for IRIX from Kazuo Kuroi
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	87
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	88 - Re-enable printing MOTD by default, was lost moving from options.h. Thanks to zciendor
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	89
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	90 - Call fsync() is called on parent directory when writing key files to ensure they are flushed
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	91
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	92 - Fix "make install" for manpages in out-of-tree builds, from Gabor Z. Papp
25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	93
1731 cddc90de1b6f update CHANGES for 2020.80 Matt Johnston <matt@ucc.asn.au> parents: 1719 diff changeset	94 - Some notes are added in DEVELOPING.md
1719 25b0ce1936c4 changelog for 2020.79 Matt Johnston <matt@ucc.asn.au> parents: 1650 diff changeset	95
1650 009d52ae26d3 Bump to 2019.78 Matt Johnston <matt@ucc.asn.au> parents: 1646 diff changeset	96 2019.78 - 27 March 2019
009d52ae26d3 Bump to 2019.78 Matt Johnston <matt@ucc.asn.au> parents: 1646 diff changeset	97
009d52ae26d3 Bump to 2019.78 Matt Johnston <matt@ucc.asn.au> parents: 1646 diff changeset	98 - Fix dbclient regression in 2019.77. After exiting the terminal would be left
009d52ae26d3 Bump to 2019.78 Matt Johnston <matt@ucc.asn.au> parents: 1646 diff changeset	99 in a bad state. Reported by Ryan Woodsmall
009d52ae26d3 Bump to 2019.78 Matt Johnston <matt@ucc.asn.au> parents: 1646 diff changeset	100
1646 6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	101 2019.77 - 23 March 2019
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	102
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	103 - Fix server -R option with ECDSA - only advertise one key size which will be accepted.
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	104 Reported by Peter Krefting, 2018.76 regression.
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	105
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	106 - Fix server regression in 2018.76 where multiple client -R forwards were all forwarded
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	107 to the first destination. Reported by Iddo Samet.
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	108
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	109 - Make failure delay more consistent to avoid revealing valid usernames, set server password
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	110 limit of 100 characters. Problem reported by usd responsible disclosure team
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	111
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	112 - Change handling of failed authentication to avoid disclosing valid usernames,
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	113 CVE-2018-15599.
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	114
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	115 - Fix dbclient to reliably return the exit code from the remote server.
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	116 Reported by W. Mike Petullo
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	117
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	118 - Fix export of 521-bit ECDSA keys, from Christian Hohnstädt
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	119
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	120 - Add -o Port=xxx option to work with sshfs, from xcko
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	121
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	122 - Merged fuzzing code, see FUZZER-NOTES.md
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	123
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	124 - Add a DROPBEAR_SVR_MULTIUSER=0 compile option to run on
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	125 single-user Linux kernels (CONFIG_MULTIUSER disabled). From Patrick Stewart
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	126
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	127 - Increase allowed username to 100 characters, reported by W. Mike Petullo
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	128
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	129 - Update config.sub and config.guess, should now work with RISC-V
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	130
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	131 - Cygwin compile fix from karel-m
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	132
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	133 - Don't require GNU sed (accidentally in 2018.76), reported by Samuel Hsu
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	134
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	135 - Fix for IRIX and writev(), reported by Kazuo Kuroi
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	136
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	137 - Other fixes and cleanups from François Perrad, Andre McCurdy, Konstantin Demin,
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	138 Michael Jones, Pawel Rapkiewicz
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	139
6d1bbe7d5fa5 2019.77 Matt Johnston <matt@ucc.asn.au> parents: 1565 diff changeset	140
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	141 2018.76 - 27 February 2018
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	142
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	143 > > > Configuration/compatibility changes
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	144 IMPORTANT
1565 2fd52c383163 mention localoptions.h being build directory, fix underscore in CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1552 diff changeset	145 Custom configuration is now specified in localoptions.h rather than options.h
1524 d35cf9a5e0b5 rename default_options.h.in in docs too Matt Johnston <matt@ucc.asn.au> parents: 1520 diff changeset	146 Available options and defaults can be seen in default_options.h
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	147
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	148 To migrate your configuration, compare your customised options.h against the
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	149 upstream options.h from your relevant version. Any customised options should
1565 2fd52c383163 mention localoptions.h being build directory, fix underscore in CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1552 diff changeset	150 be put in localoptions.h in the build directory.
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	151
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	152 - "configure --enable-static" should now be used instead of "make STATIC=1"
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	153 This will avoid 'hardened build' flags that conflict with static binaries
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	154
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	155 - Set 'hardened build' flags by default if supported by the compiler.
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	156 These can be disabled with configure --disable-harden if needed.
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	157 -Wl,-pie
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	158 -Wl,-z,now -Wl,-z,relro
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	159 -fstack-protector-strong
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	160 -D_FORTIFY_SOURCE=2
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	161 # spectre v2 mitigation
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	162 -mfunction-return=thunk
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	163 -mindirect-branch=thunk
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	164
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	165 Spectre patch from Loganaden Velvindron
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	166
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	167 - "dropbear -r" option for hostkeys no longer attempts to load the default
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	168 hostkey paths as well. If desired these can be specified manually.
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	169 Patch from CamVan Nguyen
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	170
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	171 - group1-sha1 key exchange is disabled in the server by default since
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	172 the fixed 1024-bit group may be susceptible to attacks
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	173
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	174 - twofish ciphers are now disabled in the default configuration
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	175
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	176 - Default generated ECDSA key size is now 256 (rather than 521)
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	177 for better interoperability
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	178
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	179 - Minimum RSA key length has been increased to 1024 bits
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	180
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	181 > > > Other features and fixes
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	182
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	183 - Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	184
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	185 - Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	186 See dbclient manpage for a socat example. Patch from Harald Becker
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	187
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	188 - Add "-c forced_command" option. Patch from Jeremy Kerr
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	189
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	190 - Restricted group -G option added with patch from stellarpower
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	191
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	192 - Support server-chosen TCP forwarding ports, patch from houseofkodai
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	193
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	194 - Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	195 Patch from houseofkodai
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	196
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	197 - Makefile will now rebuild object files when header files are modified
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	198
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	199 - Add group14-256 and group16 key exchange options
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	200
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	201 - curve25519-sha256 also supported without @libssh.org suffix
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	202
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	203 - Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	204 This fixes building with some recent versions of clang
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	205
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	206 - Set PAM_RHOST which is needed by modules such as pam_abl
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	207
1552 e46f7f1da56a CHANGES for 2018.76 Matt Johnston <matt@ucc.asn.au> parents: 1524 diff changeset	208 - Improvements to DSS and RSA public key validation, found by OSS-Fuzz.
1520 84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	209
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	210 - Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	211
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	212 - Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	213
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	214 - Numerous code cleanups and small issues fixed by Francois Perrad
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	215
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	216 - Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	217 platforms. Reported by Oliver Schneider and Andrew Bainbridge
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	218
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	219 - Fix some platform portability problems, from Ben Gardner
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	220
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	221 - Add EXEEXT filename suffix for building dropbearmulti, from William Foster
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	222
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	223 - Support --enable-<option> properly for configure, from Stefan Hauser
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	224
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	225 - configure have_openpty result can be cached, from Eric Bénard
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	226
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	227 - handle platforms that return close() < -1 on failure, from Marco Wenzel
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	228
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	229 - Build and configuration cleanups from Michael Witten
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	230
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	231 - Fix libtomcrypt/libtommath linking order, from Andre McCurdy
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	232
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	233 - Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	234
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	235 - Update curve25519-donna implementation to current version
84578193ef47 draft CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1433 diff changeset	236
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	237 2017.75 - 18 May 2017
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	238
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	239 - Security: Fix double-free in server TCP listener cleanup
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	240 A double-free in the server could be triggered by an authenticated user if
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	241 dropbear is running with -a (Allow connections to forwarded ports from any host)
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	242 This could potentially allow arbitrary code execution as root by an authenticated user.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	243 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	244 CVE-2017-9078 https://hg.ucc.asn.au/dropbear/rev/c8114a48837c
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	245
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	246 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	247 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	248 is to switch to user permissions when opening authorized_keys
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	249
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	250 A user could symlink their ~/.ssh/authorized_keys to a root-owned file they
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	251 couldn't normally read. If they managed to get that file to contain valid
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	252 authorized_keys with command= options it might be possible to read other
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	253 contents of that file.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	254 This information disclosure is to an already authenticated user.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	255 Thanks to Jann Horn of Google Project Zero for reporting this.
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	256 CVE-2017-9079 https://hg.ucc.asn.au/dropbear/rev/0d889b068123
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	257
1339 c31276613181 fix changelog for atomic dropbearkey Matt Johnston <matt@ucc.asn.au> parents: 1337 diff changeset	258 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	259 Thanks to Andrei Gherzan for a patch
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	260
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	261 - Fix out of tree builds with bundled libtom
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	262 Thanks to Henrik Nordström and Peter Krefting for patches.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	263
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	264 2016.74 - 21 July 2016
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	265
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	266 - Security: Message printout was vulnerable to format string injection.
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	267
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	268 If specific usernames including "%" symbols can be created on a system
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	269 (validated by getpwnam()) then an attacker could run arbitrary code as root
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	270 when connecting to Dropbear server.
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	271
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	272 A dbclient user who can control username or host arguments could potentially
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	273 run arbitrary code as the dbclient user. This could be a problem if scripts
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	274 or webpages pass untrusted input to the dbclient program.
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	275 CVE-2016-7406
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	276 https://hg.ucc.asn.au/dropbear/rev/b66a483f3dcb
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	277
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	278 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	279 the local dropbearconvert user when parsing malicious key files
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	280 CVE-2016-7407
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	281 https://hg.ucc.asn.au/dropbear/rev/34e6127ef02e
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	282
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	283 - Security: dbclient could run arbitrary code as the local dbclient user if
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	284 particular -m or -c arguments are provided. This could be an issue where
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	285 dbclient is used in scripts.
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	286 CVE-2016-7408
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	287 https://hg.ucc.asn.au/dropbear/rev/eed9376a4ad6
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	288
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	289 - Security: dbclient or dropbear server could expose process memory to the
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	290 running user if compiled with DEBUG_TRACE and running with -v
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	291 CVE-2016-7409
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	292 https://hg.ucc.asn.au/dropbear/rev/6a14b1f6dc04
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	293
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	294 The security issues were reported by an anonymous researcher working with
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	295 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	296
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	297 - Fix port forwarding failure when connecting to domains that have both
1313 0ed3d2bbf956 mention regression release Matt Johnston <matt@ucc.asn.au> parents: 1311 diff changeset	298 IPv4 and IPv6 addresses. The bug was introduced in 2015.68
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	299
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	300 - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	301 for the patch
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	302
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	303
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	304 2016.73 - 18 March 2016
1253 3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	305
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	306 - Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	307
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	308 - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	309
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	310 - Option to exit when a TCP forward fails, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	311
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	312 - New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	313 in the style of OpenSSH, though implementing all OpenSSH options is not planned.
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	314
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	315 - Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
1253 3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	316
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	317 - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	318
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	319 - Various cleanups for issues found by a lint tool, patch from Francois Perrad
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	320
1253 3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	321 - Fix tab indent consistency, patch from Francois Perrad
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	322
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	323 - Fix issues found by cppcheck, reported by Mike Tzou
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	324
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	325 - Use system memset_s() or explicit_bzero() if available to clear memory. Also make
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	326 libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	327
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	328 - Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	329
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	330 - Improved Travis CI test running, thanks to Mike Tzou
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	331
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	332 - Improve some code that was flagged by Coverity and Fortify Static Code Analyzer
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	333
1230 2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	334 2016.72 - 9 March 2016
2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	335
2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	336 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
1279 f107cef4be68 add CVE Matt Johnston <matt@ucc.asn.au> parents: 1253 diff changeset	337 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	338 https://hg.ucc.asn.au/dropbear/rev/a3e8389e01ff
1230 2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	339
1200 9a944a243f08 2015.71 Matt Johnston <matt@ucc.asn.au> parents: 1199 diff changeset	340 2015.71 - 3 December 2015
1198 388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	341
1199 1d41a7b8f31c wrong breakage version Matt Johnston <matt@ucc.asn.au> parents: 1198 diff changeset	342 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
1198 388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	343
1203 e49a204effe3 Thanks Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	344 - Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to
e49a204effe3 Thanks Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	345 Frank Stollenwerk for reporting and investigation
1198 388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	346
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	347 - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	348
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	349 - Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	350 broke in 2015.70
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	351
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	352 - Fix server race condition that could cause sessions to hang on exit,
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	353 https://github.com/robotframework/SSHLibrary/issues/128
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	354
1188 79a6ef02307d Wrong date Matt Johnston <matt@ucc.asn.au> parents: 1187 diff changeset	355 2015.70 - 26 November 2015
1187 88fd422cfa11 2015.70 Matt Johnston <matt@ucc.asn.au> parents: 1178 diff changeset	356
88fd422cfa11 2015.70 Matt Johnston <matt@ucc.asn.au> parents: 1178 diff changeset	357 - Fix server password authentication on Linux, broke in 2015.69
88fd422cfa11 2015.70 Matt Johnston <matt@ucc.asn.au> parents: 1178 diff changeset	358
1178 4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	359 2015.69 - 25 November 2015
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	360
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	361 - Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	362
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	363 - Avoid hang on session close when multiple sessions are started, affects Qt Creator
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	364 Patch from Andrzej Szombierski
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	365
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	366 - Reduce per-channel memory consumption in common case, increase default
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	367 channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	368 webpages
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	369
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	370 - Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	371
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	372 - Manpage improvements from Guilhem Moulin
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	373
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	374 - Build fixes for Android from Mike Frysinger
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	375
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	376 - Don't display the MOTD when an explicit command is run from Guilhem Moulin
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	377
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	378 - Check curve25519 shared secret isn't zero
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	379
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	380 2015.68 - Saturday 8 August 2015
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	381
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	382 - Reduce local data copying for improved efficiency. Measured 30%
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	383 increase in throughput for connections to localhost
1063 9a5677293671 changes (also testing hg bookmarks) Matt Johnston <matt@ucc.asn.au> parents: 1004 diff changeset	384
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	385 - Forwarded TCP ports connect asynchronously and try all available addresses
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	386 (IPv4, IPv6, round robin DNS)
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	387
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	388 - Fix all compile warnings, many patches from Gaël Portay
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	389 Note that configure with -Werror may not be successful on some platforms (OS X)
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	390 and some configuration options may still result in unused variable
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	391 warnings.
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	392
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	393 - Use TCP Fast Open on Linux if available. Saves a round trip at connection
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	394 to hosts that have previously been connected.
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	395 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	396 Client side is disabled by default pending further compatibility testing
7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	397 with networks and systems.
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	398
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	399 - Increase maximum command length to 9000 bytes
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	400
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	401 - Free memory before exiting, patch from Thorsten Horstmann. Useful for
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	402 Dropbear ports to embedded systems and for checking memory leaks
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	403 with valgrind. Only partially implemented for dbclient.
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	404 This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	405
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	406 - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	407 there is a leading slash (~ isn't treated specially)
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	408
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	409 - Fix small ECC memory leaks
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	410
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	411 - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
1141 63ac2261e1b0 couple more changelog items Matt Johnston <matt@ucc.asn.au> parents: 1125 diff changeset	412 Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	413
7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	414 - Twofish-ctr cipher is supported though disabled by default
7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	415
1141 63ac2261e1b0 couple more changelog items Matt Johnston <matt@ucc.asn.au> parents: 1125 diff changeset	416 - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
63ac2261e1b0 couple more changelog items Matt Johnston <matt@ucc.asn.au> parents: 1125 diff changeset	417 to CL Ouyang
63ac2261e1b0 couple more changelog items Matt Johnston <matt@ucc.asn.au> parents: 1125 diff changeset	418
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	419 - Fix null pointer crash with restrictions in authorized_keys without a command, patch from
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	420 Guilhem Moulin
1141 63ac2261e1b0 couple more changelog items Matt Johnston <matt@ucc.asn.au> parents: 1125 diff changeset	421
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	422 - Ensure authentication timeout is handled while reading the initial banner,
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	423 thanks to CL Ouyang for finding it.
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	424
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	425 - Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	426
1004 d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	427 2015.67 - Wednesday 28 January 2015
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	428
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	429 - Call fsync() after generating private keys to ensure they aren't lost if a
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	430 reboot occurs. Thanks to Peter Korsgaard
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	431
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	432 - Disable non-delayed zlib compression by default on the server. Can be
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	433 enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	434
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	435 - Default client key path ~/.ssh/id_dropbear
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	436
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	437 - Prefer stronger algorithms by default, from Fedor Brunner.
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	438 AES256 over 3DES
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	439 Diffie-hellman group14 over group1
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	440
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	441 - Add option to disable CBC ciphers.
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	442
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	443 - Disable twofish in default options.h
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	444
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	445 - Enable sha2 HMAC algorithms by default, the code was already required
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	446 for ECC key exchange. sha1 is the first preference still for performance.
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	447
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	448 - Fix installing dropbear.8 in a separate build directory, from Like Ma
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	449
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	450 - Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	451
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	452 - Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	453
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	454 - Minor bug fixes, a few issues found by Coverity scan
d63b569a7c86 changes for 2015.67 Matt Johnston <matt@ucc.asn.au> parents: 979 diff changeset	455
979 735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	456 2014.66 - Thursday 23 October 2014
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	457
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	458 - Use the same keepalive handling behaviour as OpenSSH. This will work better
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	459 with some SSH implementations that have different behaviour with unknown
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	460 message types.
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	461
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	462 - Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	463 keepalive message
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	464
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	465 - Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	466
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	467 - Fix wtmp which broke since 2013.62, patch from Whoopie
735511a4c761 changelog, version number bump Matt Johnston <matt@ucc.asn.au> parents: 965 diff changeset	468
965 e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	469 2014.65 - Friday 8 August 2014
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	470
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	471 - Fix 2014.64 regression, server session hang on exit with scp (and probably
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	472 others), thanks to NiLuJe for tracking it down
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	473
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	474 - Fix 2014.64 regression, clock_gettime() error handling which broke on older
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	475 Linux kernels, reported by NiLuJe
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	476
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	477 - Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	478 wasn't caught
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	479
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	480 - Avoid error message when trying to set QoS on proxycommand or multihop pipes
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	481
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	482 - Use /usr/bin/xauth, thanks to Mike Frysinger
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	483
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	484 - Don't exit the client if the local user entry can't be found, thanks to iquaba
e9579816f20e 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 947 diff changeset	485
947 e4453b367db7 Version 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 942 diff changeset	486 2014.64 - Sunday 27 July 2014
942 8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	487
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	488 - Fix compiling with ECDSA and DSS disabled
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	489
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	490 - Don't exit abruptly if too many outgoing packets are queued for writev(). Patch
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	491 thanks to Ronny Meeus
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	492
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	493 - The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval".
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	494 If no response is received after 3 keepalives then the session is terminated. This
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	495 will close connections faster than waiting for a TCP timeout.
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	496
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	497 - Rework TCP priority setting. New settings are
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	498 if (connecting \|\| ptys \|\| x11) tos = LOWDELAY
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	499 else if (tcp_forwards) tos = 0
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	500 else tos = BULK
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	501 Thanks to Catalin Patulea for the suggestion.
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	502
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	503 - Improve handling of many concurrent new TCP forwarded connections, should now
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	504 be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	505 and investigating it.
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	506
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	507 - Make sure that exit messages from the client are printed, regression in 2013.57
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	508
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	509 - Use monotonic clock where available, timeouts won't be affected by system time
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	510 changes
8664fea5072f changes for 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 905 diff changeset	511
947 e4453b367db7 Version 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 942 diff changeset	512 - Add -V for version
e4453b367db7 Version 2014.64 Matt Johnston <matt@ucc.asn.au> parents: 942 diff changeset	513
900 49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	514 2014.63 - Wednesday 19 February 2014
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	515
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	516 - Fix ~. to terminate a client interactive session after waking a laptop
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	517 from sleep.
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	518
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	519 - Changed port separator syntax again, now using host^port. This is because
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	520 IPv6 link-local addresses use %. Reported by Gui Iribarren
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	521
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	522 - Avoid constantly relinking dropbearmulti target, fix "make install"
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	523 for multi target, thanks to Mike Frysinger
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	524
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	525 - Avoid getting stuck in a loop writing huge key files, reported by Bruno
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	526 Thomsen
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	527
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	528 - Don't link dropbearkey or dropbearconvert to libz or libutil,
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	529 thanks to Nicolas Boos
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	530
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	531 - Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	532
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	533 - Avoid crash on exit due to cleaned up keys before last packets are sent,
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	534 debugged by Ronald Wahl
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	535
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	536 - Fix a race condition in rekeying where Dropbear would exit if it received a
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	537 still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	538 This is a longstanding bug but is triggered more easily since 2013.57
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	539
905 f98618496f82 Fix typo in Catalin's name Matt Johnston <matt@ucc.asn.au> parents: 900 diff changeset	540 - Fix README for ecdsa keys, from Catalin Patulea
900 49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	541
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	542 - Ensure that generated RSA keys are always exactly the length
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	543 requested. Previously Dropbear always generated N+16 or N+15 bit keys.
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	544 Thanks to Unit 193
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	545
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	546 - Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	547 first public key succeeds. Still not enabled by default, needs more
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	548 compatibility testing with other implementations.
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	549
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	550 - Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	551
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	552 - Fix for bad system linux/pkt-sched.h header file with older Linux
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	553 kernels, from Steve Dover
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	554
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	555 - Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	556 and Mark Wickham for independently spotting the same problem.
49ed526daedc CHANGES for 2014.63 Matt Johnston <matt@ucc.asn.au> parents: 878 diff changeset	557
878 3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	558 2013.62 - Tuesday 3 December 2013
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	559
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	560 - Disable "interactive" QoS connection options when a connection doesn't
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	561 have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	562
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	563 - Log when a hostkey is generated with -R, fix some bugs in handling server
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	564 hostkey commandline options
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	565
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	566 - Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	567
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	568 - Update config.guess and config.sub again
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	569
861 e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	570 2013.61test - Thursday 14 November 2013
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	571
1433 b19877938d6a document changed default RSA key size back in 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 1345 diff changeset	572 - Default generated RSA key size changed from 1024 to 2048 bits
b19877938d6a document changed default RSA key size back in 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 1345 diff changeset	573
861 e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	574 - ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	575 be generated) and ECDH for setting up encryption keys (no intervention
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	576 required). This is significantly faster.
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	577
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	578 - [email protected] support for setting up encryption keys. This is
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	579 another elliptic curve mode with less potential of NSA interference in
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	580 algorithm parameters. curve25519-donna code thanks to Adam Langley
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	581
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	582 - -R option to automatically generate hostkeys. This is recommended for
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	583 embedded platforms since it allows the system random number device
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	584 /dev/urandom a longer startup time to generate a secure seed before the
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	585 hostkey is required.
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	586
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	587 - Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
e894dbc015ba 2013.61test Matt Johnston <matt@ucc.asn.au> parents: 830 diff changeset	588
878 3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	589 - Make authorized_keys handling more robust, don't exit encountering
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	590 malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
3d1d7d151c0c 2013.62 Matt Johnston <matt@ucc.asn.au> parents: 861 diff changeset	591
830 b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	592 2013.60 - Wednesday 16 October 2013
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	593
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	594 - Fix "make install" so that it doesn't always install to /bin and /sbin
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	595
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	596 - Fix "make install MULTI=1", installing manpages failed
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	597
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	598 - Fix "make install" when scp is included since it has no manpage
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	599
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	600 - Make --disable-bundled-libtom work
b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	601
822 32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	602 2013.59 - Friday 4 October 2013
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	603
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	604 - Fix crash from -J command
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	605 Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	606
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	607 - Avoid reading too much from /proc/net/rt_cache since that causes
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	608 system slowness.
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	609
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	610 - Improve EOF handling for half-closed connections
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	611 Thanks to Catalin Patulea
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	612
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	613 - Send a banner message to report PAM error messages intended for the user
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	614 Patch from Martin Donnelly
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	615
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	616 - Limit the size of decompressed payloads, avoids memory exhaustion denial
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	617 of service
830 b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	618 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	619 https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f
822 32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	620
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	621 - Avoid disclosing existence of valid users through inconsistent delays
830 b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	622 Thanks to Logan Lamb for reporting. CVE-2013-4434
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	623 https://hg.ucc.asn.au/dropbear/rev/d7784616409a
822 32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	624
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	625 - Update config.guess and config.sub for newer architectures
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	626
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	627 - Avoid segfault in server for locked accounts
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	628
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	629 - "make install" now installs manpages
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	630 dropbearkey.8 has been renamed to dropbearkey.1
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	631 manpage added for dropbearconvert
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	632
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	633 - Get rid of one second delay when running non-interactive commands
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	634
32862e8283e7 Version 2013.59 Matt Johnston <matt@ucc.asn.au> parents: 789 diff changeset	635
786 e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	636 2013.58 - Thursday 18 April 2013
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	637
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	638 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	639
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	640 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	641
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	642 - Reject logins for other users when running as non-root, from Hans Harder
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	643
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	644 - Disable client immediate authentication request by default, it prevents
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	645 passwordless logins from working
e76614145aea 2013.58 Matt Johnston <matt@ucc.asn.au> parents: 776 diff changeset	646
776 f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	647 2013.57 - Monday 15 April 2013
775 2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	648
776 f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	649 - Decreased connection setup time particularly with high latency connections,
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	650 the number of round trips has been reduced for both client and server.
775 2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	651 CPU time hasn't been changed.
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	652
776 f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	653 - Client will send an initial key exchange guess to save a round trip.
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	654 Dropbear implements an extension [email protected] to allow the first
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	655 packet guess to succeed in wider circumstances than the standard behaviour.
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	656 When communicating with other implementations the standard behaviour is used.
775 2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	657
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	658 - Client side: when public key or password authentication with
776 f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	659 $DROPBEAR_PASSWORD is used an initial authentication request will
775 2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	660 be sent immediately rather than querying the list of available methods.
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	661 This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default),
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	662 please let the Dropbear author know if it causes any interoperability
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	663 problems.
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	664
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	665 - Implement client escape characters ~. (terminate session) and
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	666 ~^Z (background session)
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	667
776 f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	668 - Server will more reliably clean up utmp when connection is closed, reported by
789 ea04e3eb03e2 Save with utf8 encoding Matt Johnston <matt@ucc.asn.au> parents: 786 diff changeset	669 Mattias Walström
775 2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	670
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	671 - Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	672
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	673 - Add "-y -y" client option to skip host key checking, thanks to Hans Harder
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	674
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	675 - scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	676
776 f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	677 - Added IUTF8 terminal mode support (Linux and Mac OS). Not standardised yet
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	678 though probably will be soon
775 2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	679
2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	680 - Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2
776 f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	681 enviroment variable is set
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	682
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	683 - Fix using asymmetric MAC algorithms (broke in )
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	684
f7c8b786e595 changelog updates for 2013.57 Matt Johnston <matt@ucc.asn.au> parents: 775 diff changeset	685 - Renamed configure.in to configure.ac to quieten autoconf, from Mike Frysinger
775 2f1c199b6e4b requirenext fixup for firstkexfollows Matt Johnston <matt@ucc.asn.au> parents: 719 diff changeset	686
719 1b8b2b9d6e94 Forgot date in CHANGES Matt Johnston <matt@ucc.asn.au> parents: 718 diff changeset	687 2013.56 - Thursday 21 March 2013
718 9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	688
691 e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	689 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient
e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	690
718 9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	691 - Allow using 'none' cipher or MAC (off by default, use options.h). Encryption
9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	692 is used during authentication then disabled, similar to OpenSSH HPN mode
691 e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	693
e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	694 - Allow a user in immediately if the account has a blank password and blank
e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	695 passwords are enabled
e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	696
e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	697 - Include a few extra sources of entropy from /proc on Linux, hash private keys
718 9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	698 as well. Dropbear will also write gathered entropy back into /dev/urandom
691 e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	699
718 9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	700 - Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)
691 e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	701
718 9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	702 - Don't sent bad address "localhost" for -R forward connections,
9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	703 reported by Denis Bider
691 e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	704
e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	705 - Add "-B" runtime option to allow blank passwords
e698d1a9f428 Some changes since 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 662 diff changeset	706
708 b207d5183bb7 document a few more changes Matt Johnston <matt@ucc.asn.au> parents: 691 diff changeset	707 - Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks
b207d5183bb7 document a few more changes Matt Johnston <matt@ucc.asn.au> parents: 691 diff changeset	708
789 ea04e3eb03e2 Save with utf8 encoding Matt Johnston <matt@ucc.asn.au> parents: 786 diff changeset	709 - A few improvements for Android from Reimar Döffinger
708 b207d5183bb7 document a few more changes Matt Johnston <matt@ucc.asn.au> parents: 691 diff changeset	710
b207d5183bb7 document a few more changes Matt Johnston <matt@ucc.asn.au> parents: 691 diff changeset	711 - Fix memory leak for TCP forwarded connections to hosts that timed out,
789 ea04e3eb03e2 Save with utf8 encoding Matt Johnston <matt@ucc.asn.au> parents: 786 diff changeset	712 reported by Norbert Benczúr. Appears to be a very long-standing bug.
708 b207d5183bb7 document a few more changes Matt Johnston <matt@ucc.asn.au> parents: 691 diff changeset	713
718 9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	714 - Fix "make clean" for out of tree builds
9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	715
9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	716 - Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset
9644f50434f1 2013.56 changelog Matt Johnston <matt@ucc.asn.au> parents: 708 diff changeset	717
661 c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	718 2012.55 - Wednesday 22 February 2012
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	719
662 d354464b2aa6 - Improve CHANGES description Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	720 - Security: Fix use-after-free bug that could be triggered if command="..."
d354464b2aa6 - Improve CHANGES description Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	721 authorized_keys restrictions are used. Could allow arbitrary code execution
d354464b2aa6 - Improve CHANGES description Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	722 or bypass of the command="..." restriction to an authenticated user.
d354464b2aa6 - Improve CHANGES description Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	723 This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
d354464b2aa6 - Improve CHANGES description Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	724 Thanks to Danny Fullerton of Mantor Organization for reporting
d354464b2aa6 - Improve CHANGES description Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	725 the bug.
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	726 https://hg.ucc.asn.au/dropbear/rev/818108bf7749
661 c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	727
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	728 - Compile fix, only apply IPV6 socket options if they are available in headers
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	729 Thanks to Gustavo Zacarias for the patch
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	730
662 d354464b2aa6 - Improve CHANGES description Matt Johnston <matt@ucc.asn.au> parents: 661 diff changeset	731 - Overwrite session key memory on exit
661 c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	732
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	733 - Fix minor memory leak in unusual PAM authentication configurations.
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	734 Thanks to Stathis Voukelatos
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	735
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	736 - Other small code cleanups
c015af8a71cf 2012.55 Matt Johnston <matt@ucc.asn.au> parents: 636 diff changeset	737
636 3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	738 2011.54 - Tuesday 8 November 2011
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	739
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	740 - Building statically works again, broke in 0.53 and 0.53.1
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	741
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	742 - Fix crash when forwarding with -R
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	743
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	744 - Fixed various leaks found by Klocwork analysis software, thanks to them for
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	745 running it
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	746
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	747 - Set IPTOS_LOWDELAY for IPv6, thanks to Dave Taht
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	748
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	749 - Bind to sockets with IPV6_V6ONLY so that it works properly on systems
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	750 regardless of the system-wide setting
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	751
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	752 - Added ALLOW_BLANK_PASSWORD option. Dropbear also now allows public key logins
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	753 to accounts with a blank password. Thanks to Rob Landley
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	754
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	755 - Fixed case where "-K 1" keepalive for dbclient would cause a SSH_MSG_IGNORE
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	756 packet to be sent
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	757
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	758 - Avoid some memory allocations in big number maths routines, improves
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	759 performance slightly
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	760
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	761 - Fix symlink target for installdropbearmulti with DESTDIR set, thanks to
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	762 Scottie Shore
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	763
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	764 - When requesting server allocated remote ports (-R 0:host:port) print a
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	765 message informing what the port is, thanks to Ali Onur Uyar.
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	766
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	767 - New version numbering scheme.
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	768
3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	769 Source repository has now migrated to Mercurial at
1737 8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au Matt Johnston <matt@ucc.asn.au> parents: 1731 diff changeset	770 https://hg.ucc.asn.au/dropbear/graph/default
636 3f12086c2ef2 Changelog and version bump for 2011.54 Matt Johnston <matt@ucc.asn.au> parents: 607 diff changeset	771
607 aa2f51a6b81d Update changelog for 0.53.1 Matt Johnston <matt@ucc.asn.au> parents: 601 diff changeset	772 0.53.1 - Wednesday 2 March 2011
601 2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53 Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	773
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53 Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	774 - -lcrypt needs to be before object files for static linking
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53 Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	775
607 aa2f51a6b81d Update changelog for 0.53.1 Matt Johnston <matt@ucc.asn.au> parents: 601 diff changeset	776 - Compile fix when both client and agent forwarding are disabled
aa2f51a6b81d Update changelog for 0.53.1 Matt Johnston <matt@ucc.asn.au> parents: 601 diff changeset	777
aa2f51a6b81d Update changelog for 0.53.1 Matt Johnston <matt@ucc.asn.au> parents: 601 diff changeset	778 - Fix DROPBEAR_PRNGD_SOCKET mode
aa2f51a6b81d Update changelog for 0.53.1 Matt Johnston <matt@ucc.asn.au> parents: 601 diff changeset	779
aa2f51a6b81d Update changelog for 0.53.1 Matt Johnston <matt@ucc.asn.au> parents: 601 diff changeset	780 - Don't allow setting zlib memLevel since it seems buggy
aa2f51a6b81d Update changelog for 0.53.1 Matt Johnston <matt@ucc.asn.au> parents: 601 diff changeset	781
598 7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	782 0.53 - Thurs 24 February 2011
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	783
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	784 - Various performance/memory use improvements
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	785
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	786 - Client agent forwarding now works, using OpenSSH's ssh-agent
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	787
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	788 - Improve robustness of client multihop mode
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	789
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	790 - Fix a prime generation bug in bundled libtommath. This is unlikely to have
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	791 generated any bad keys in the wild.
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	792 See
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	793 https://bugzilla.redhat.com/show_bug.cgi?id=615088
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	794 http://bugs.gentoo.org/show_bug.cgi?id=328383
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	795 http://bugs.gentoo.org/show_bug.cgi?id=328409
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	796
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	797 - Attempt to build against system libtomcrypt/libtommath if available. This
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	798 can be disabled with ./configure --enable-bundled-libtom
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	799
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	800 - Make -K (keepalive) and -I (idle timeout) work together sensibly in the client.
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	801 The idle timeout is no longer reset by SSH_MSG_IGNORE packets.
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	802
601 2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53 Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	803 - Add diffie-hellman-group14-sha1 key exchange method
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53 Matt Johnston <matt@ucc.asn.au> parents: 598 diff changeset	804
598 7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	805 - Compile fix if ENABLE_CLI_PROXYCMD is disabled
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	806
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	807 - /usr/bin/X11/xauth is now the default path
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	808
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	809 - Client remote forward (-L/-R) arguments now accept a listen address
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	810
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	811 - In uClinux avoid trashing the parent process when a session exits
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	812
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	813 - Blowfish is now disabled by default since it has large memory usage
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	814
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	815 - Add option to change zlib windowbits/memlevel. Use less memory by default
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	816
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	817 - DROPBEAR_SMALL_CODE is now disabled by default
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	818
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	819 - SSH_ORIGINAL_COMMAND environment variable is set by the server when an
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	820 authorized_keys command is specified.
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	821
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	822 - Set SSH_TTY and SSH_CONNECTION environment variables in the server
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	823
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	824 - Client banner is now printed to standard error rather than standard output
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	825
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	826 - Capitalisation in many log messages has been made consistent. This may affect
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	827 scripts that parse logfiles.
7ec26a5b92e7 Changelog for 0.53, bump version Matt Johnston <matt@ucc.asn.au> parents: 518 diff changeset	828
518 ce104c8b0be1 - Add a date for the release Matt Johnston <matt@ucc.asn.au> parents: 515 diff changeset	829 0.52 - Wed 12 November 2008
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	830
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	831 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	832 standard input/output to a TCP port-forwarded remote host.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	833
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	834 - Add "proxy command" support to dbclient, to allow using a spawned process for
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	835 IO rather than a direct TCP connection. eg
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	836 dbclient remotehost
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	837 is equivalent to
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	838 dbclient -J 'nc remotehost 22' remotehost
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	839 (the hostname is still provided purely for looking up saved host keys)
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	840
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	841 - Combine netcat-alike and proxy support to allow "multihop" connections, with
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	842 comma-separated host syntax. Allows running
515 fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 513 diff changeset	843
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	844 dbclient user1@host1,user2@host2,user3@host3
515 fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 513 diff changeset	845
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	846 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	847 like onion-routing. All connections are established from the local machine.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	848 The comma-separated syntax can also be used for scp/rsync, eg
515 fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 513 diff changeset	849
513 a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server Matt Johnston <matt@ucc.asn.au> parents: 510 diff changeset	850 rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/
515 fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 513 diff changeset	851
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	852 to bounce through a few hosts.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	853
515 fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 513 diff changeset	854 - Add -I "idle timeout" option (contributed by Farrell Aultman)
fe30d2a2d626 - Document idle_timeout Matt Johnston <matt@ucc.asn.au> parents: 513 diff changeset	855
510 b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	856 - Allow restrictions on authorized_keys logins such as restricting commands
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	857 to be run etc. This is a subset of those allowed by OpenSSH, doesn't
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	858 yet allow restricting source host.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	859
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	860 - Use vfork() for scp on uClinux
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	861
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	862 - Default to PATH=/usr/bin:/bin for shells.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	863
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	864 - Report errors if -R forwarding fails
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	865
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	866 - Add counter mode cipher support, which avoids some security problems with the
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	867 standard CBC mode.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	868
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	869 - Support [email protected] delayed compression for client/server. It can be
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	870 required for the Dropbear server with the '-Z' option. This is useful for
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	871 security as it avoids exposing the server to attacks on zlib by
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	872 unauthenticated remote users, though requires client side support.
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	873
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	874 - options.h has been split into options.h (user-changable) and sysoptions.h
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	875 (less commonly changed)
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	876
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	877 - Support "dbclient -s sftp" to specify a subsystem
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	878
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	879 - Fix a bug in replies to channel requests that could be triggered by recent
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	880 versions of PuTTY
b85507ade010 - Update manuals, include section on authorized_keys Matt Johnston <matt@ucc.asn.au> parents: 471 diff changeset	881
471 ece7677359d6 0.51 Matt Johnston <matt@ucc.asn.au> parents: 468 diff changeset	882 0.51 - Thu 27 March 2008
468 706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	883
706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	884 - Make a copy of password fields rather erroneously relying on getwpnam()
706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	885 to be safe to call multiple times
706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	886
706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	887 - If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is
706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	888 as well) always use that program, ignoring isatty() and $DISPLAY
706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	889
706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	890 - Wait until a process exits before the server closes a connection, so
471 ece7677359d6 0.51 Matt Johnston <matt@ucc.asn.au> parents: 468 diff changeset	891 that an exit code can be sent. This fixes problems with exit codes not
ece7677359d6 0.51 Matt Johnston <matt@ucc.asn.au> parents: 468 diff changeset	892 being returned, which could cause scp to fail.
468 706e234212d0 Mention 0.51-test2 changes Matt Johnston <matt@ucc.asn.au> parents: 457 diff changeset	893
455 319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	894 0.50 - Wed 8 August 2007
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	895
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	896 - Add DROPBEAR_PASSWORD environment variable to specify a dbclient password
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	897
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	898 - Use /dev/urandom by default, since that's what everyone does anyway
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	899
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	900 - Correct vfork() use for uClinux in scp
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	901 (thanks to Alex Landau)
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	902
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	903 - Exit with an exit code of 1 if dropbear can't bind to any ports
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	904 (thanks to Nicolai Ehemann)
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	905
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	906 - Improve network performance and add a -W <receive_window> argument for
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	907 adjusting the tradeoff between network performance and memory consumption.
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	908
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	909 - Fix a problem where reply packets could be sent during key exchange,
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	910 in violation of the SSH spec. This could manifest itself with connections
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	911 being terminated after 8 hours with new TCP-forward connections being
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	912 established.
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	913
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	914 - Add -K <keepalive_time> argument, ensuring that data is transmitted
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	915 over the connection at least every N seconds.
319262c94d24 Prepare for 0.50 release Matt Johnston <matt@ucc.asn.au> parents: 437 diff changeset	916
457 e430a26064ee Make dropbearkey only generate 1024 bit keys Matt Johnston <matt@ucc.asn.au> parents: 455 diff changeset	917 - dropbearkey will no longer generate DSS keys of sizes other than 1024
e430a26064ee Make dropbearkey only generate 1024 bit keys Matt Johnston <matt@ucc.asn.au> parents: 455 diff changeset	918 bits, as required by the DSS specification. (Other sizes are still
e430a26064ee Make dropbearkey only generate 1024 bit keys Matt Johnston <matt@ucc.asn.au> parents: 455 diff changeset	919 accepted for use to provide backwards compatibility).
e430a26064ee Make dropbearkey only generate 1024 bit keys Matt Johnston <matt@ucc.asn.au> parents: 455 diff changeset	920
437 7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 430 diff changeset	921 0.49 - Fri 23 February 2007
7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 430 diff changeset	922
7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 430 diff changeset	923 - Security: dbclient previously would prompt to confirm a
7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 430 diff changeset	924 mismatching hostkey but wouldn't warn loudly. It will now
830 b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	925 exit upon a mismatch. CVE-2007-1099
337 bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	926
bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	927 - Compile fixes, make sure that all variable definitions are at the start
bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	928 of a scope.
bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	929
430 67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	930 - Added -P pidfile argument to the server (from Swen Schillig)
337 bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	931
bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	932 - Add -N dbclient option for "no command"
bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	933
bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	934 - Add -f dbclient option for "background after auth"
bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	935
437 7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 430 diff changeset	936 - Add ability to limit binding to particular addresses, use
7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 430 diff changeset	937 -p [address:]port, patch from Max-Gerd Retzlaff.
7319d229799a 0.49 probably done Matt Johnston <matt@ucc.asn.au> parents: 430 diff changeset	938
430 67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	939 - Try to finally fix ss_family compilation problems (for old
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	940 glibc systems)
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	941
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	942 - Fix finding relative-path server hostkeys when running daemonized
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	943
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	944 - Use $HOME in preference to that from /etc/passwd, so that
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	945 dbclient can still work on broken systems.
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	946
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	947 - Fix various issues found by Klocwork defect analysis, mostly memory leaks
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	948 and error-handling. Thanks to Klocwork for their service.
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	949
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	950 - Improve building in a separate directory
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	951
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	952 - Add compile-time LOG_COMMANDS option to log user commands
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	953
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	954 - Add '-y' flag to dbclient to unconditionally accept host keys,
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	955 patch from Luciano Miguel Ferreira Rocha
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	956
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	957 - Return immediately for "sleep 10 & echo foo", rather than waiting
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	958 for the sleep to return (pointed out by Rob Landley).
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	959
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	960 - Avoid hanging after exit in certain cases (such as scp)
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	961
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	962 - Various minor fixes, in particular various leaks reported by
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	963 Erik Hovland
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	964
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	965 - Disable core dumps on startup
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	966
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	967 - Don't erase over every single buffer, since it was a bottleneck.
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	968 On systems where it really matters, encrypted swap should be utilised.
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	969
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	970 - Read /dev/[u]random only once at startup to conserve kernel entropy
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	971
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	972 - Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	973
67689b7ceaf0 Changes for 0.49test1 Matt Johnston <matt@ucc.asn.au> parents: 337 diff changeset	974 - Upgrade config.status and config.guess
337 bfa09e369e0e 0.49 is close to done. Matt Johnston <matt@ucc.asn.au> parents: 295 diff changeset	975
295 03f65e461915 0.48.1 Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	976 0.48.1 - Sat 11 March 2006
03f65e461915 0.48.1 Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	977
03f65e461915 0.48.1 Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	978 - Compile fix for scp
03f65e461915 0.48.1 Matt Johnston <matt@ucc.asn.au> parents: 291 diff changeset	979
291 55a99934db87 0.48 bump Matt Johnston <matt@ucc.asn.au> parents: 290 diff changeset	980 0.48 - Thurs 9 March 2006
290 94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	981
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	982 - Check that the circular buffer is properly empty before
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	983 closing a channel, which could cause truncated transfers
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	984 (thanks to Tomas Vanek for helping track it down)
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	985
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	986 - Implement per-IP pre-authentication connection limits
830 b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	987 (after some poking from Pablo Fernandez) CVE-2006-1206
290 94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	988
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	989 - Exit gracefully if trying to connect to as SSH v1 server
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	990 (reported by Rushi Lala)
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	991
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	992 - Only read /dev/random once at startup when in non-inetd mode
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	993
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	994 - Allow ctrl-c to close a dbclient password prompt (may
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	995 still have to press enter on some platforms)
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	996
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	997 - Merged in uClinux patch for inetd mode
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	998
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	999 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	1000 where use of system() could cause users to execute arbitrary
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	1001 code through malformed filenames, ref CVE-2006-0225
94ee16f5b8a8 0.48 progress Matt Johnston <matt@ucc.asn.au> parents: 265 diff changeset	1002
265 9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1003 0.47 - Thurs Dec 8 2005
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1004
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1005 - SECURITY: fix for buffer allocation error in server code, could potentially
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1006 allow authenticated users to gain elevated privileges. All multi-user systems
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1007 running the server should upgrade (or apply the patch available on the
830 b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	1008 Dropbear webpage). CVE-2005-4178
265 9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1009
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1010 - Fix channel handling code so that redirecting to /dev/null doesn't use
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1011 100% CPU.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1012
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1013 - Turn on zlib compression for dbclient.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1014
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1015 - Set "low delay" TOS bit, can significantly improve interactivity
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1016 over some links.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1017
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1018 - Added client keyboard-interactive mode support, allows operation with
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1019 newer OpenSSH servers in default config.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1020
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1021 - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1022
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1023 - Improve logging of assertions
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1024
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1025 - Added aes-256 cipher and sha1-96 hmac.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1026
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1027 - Fix twofish so that it actually works.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1028
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1029 - Improve PAM prompt comparison.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1030
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1031 - Added -g (dbclient) and -a (dropbear server) options to allow
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1032 connections to listening forwarded ports from remote machines.
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1033
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1034 - Various other minor fixes
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1035
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1036 - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1037 (netinet/in_systm.h needs to be included).
9b9664204b97 * Update changelogs for 0.47 release Matt Johnston <matt@ucc.asn.au> parents: 224 diff changeset	1038
223 f3ef0d29ab65 * 0.46 CHANGES done Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	1039 0.46 - Sat July 9 2005
193 ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1040
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1041 - Fix long-standing bug which caused connections to be closed if an ssh-agent
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1042 socket was no longer available
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1043
220 9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1044 - Print a warning if we seem to be blocking on /dev/random
193 ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1045 (suggested by Paul Fox)
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1046
220 9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1047 - Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch)
193 ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1048
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1049 - dbclient -L no longer segfaults, allocate correct buffer size (thanks
220 9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1050 to David Cook for reporting it, and Christopher Faylor for independently
9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1051 sending in a patch)
193 ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1052
223 f3ef0d29ab65 * 0.46 CHANGES done Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	1053 - Added RSA blinding to signing code (suggested by Dan Kaminsky)
193 ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1054
220 9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1055 - Rearranged bignum reading/random generation code
193 ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1056
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1057 - Reset the non-blocking status on stderr and stdout as well as stdin,
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1058 fixes a problem where the shell running dbclient will exit (thanks to
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1059 Brent Roman for reporting it)
ca6a7c7a925c Preparing for 0.46 Matt Johnston <matt@ucc.asn.au> parents: 176 diff changeset	1060
223 f3ef0d29ab65 * 0.46 CHANGES done Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	1061 - Fix so that all file descriptors are closed so the child shell doesn't
220 9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1062 inherit descriptors (thanks to Linden May for the patch)
9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1063
223 f3ef0d29ab65 * 0.46 CHANGES done Matt Johnston <matt@ucc.asn.au> parents: 220 diff changeset	1064 - Change signkey.c to avoid gcc 4 generating incorrect code
220 9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1065
224 1dbd2473482f * ... and a bit more for the CHANGES Matt Johnston <matt@ucc.asn.au> parents: 223 diff changeset	1066 - After both sides of a file descriptor have been shutdown(), close()
1dbd2473482f * ... and a bit more for the CHANGES Matt Johnston <matt@ucc.asn.au> parents: 223 diff changeset	1067 it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch)
1dbd2473482f * ... and a bit more for the CHANGES Matt Johnston <matt@ucc.asn.au> parents: 223 diff changeset	1068
220 9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1069 - Update to LibTomCrypt 1.05 and LibTomMath 0.35
9089929fb2b7 * preparing for 0.46 release Matt Johnston <matt@ucc.asn.au> parents: 193 diff changeset	1070
176 bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1071 0.45 - Mon March 7 2005
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1072
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1073 - Makefile no longer appends 'static' to statically linked binaries
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1074
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1075 - Add optional SSH_ASKPASS support to the client
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1076
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1077 - Respect HOST_LOOKUP option
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1078
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1079 - Fix accidentally removed "return;" statement which was removed in 0.44
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1080 (causing clients which sent an empty terminal-modes string to fail to
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1081 connect - including pssh, ssh.com, danger hiptop). (patches
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1082 independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
bc69564ef57b changes for 0.45 Matt Johnston <matt@ucc.asn.au> parents: 170 diff changeset	1083
170 a62cb364f615 Read "y/n" response for fingerprints from /dev/tty directly so that dbclient Matt Johnston <matt@ucc.asn.au> parents: 161 diff changeset	1084 - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
a62cb364f615 Read "y/n" response for fingerprints from /dev/tty directly so that dbclient Matt Johnston <matt@ucc.asn.au> parents: 161 diff changeset	1085 will work with scp.
a62cb364f615 Read "y/n" response for fingerprints from /dev/tty directly so that dbclient Matt Johnston <matt@ucc.asn.au> parents: 161 diff changeset	1086
161 b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1087 0.44 - Mon Jan 3 2005
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1088
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1089 - SECURITY: Fix for PAM auth so that usernames are logged and conversation
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1090 function responses are allocated correctly - all 0.44test4 users with PAM
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1091 compiled in (not default) are advised to upgrade.
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1092
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1093 - Fix calls to getnameinfo() for compatibility with Solaris
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1094
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1095 - Pristine compilation works (run 'configure' from a fresh dir and make it
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1096 there)
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1097
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1098 - Fixes for compiling with most options disabled.
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1099
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1100 - Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1101
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1102 - Make sure that zeroing out of values in LTM and LTC won't get optimised away
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1103
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1104 - Removed unused functions from loginrec.c
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1105
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1106 - /dev/random is now the default entropy source rather than /dev/urandom
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1107
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1108 - Logging of IPs in auth success/failure messages for improved greppability
134 6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1109
6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1110 - Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile
6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1111 properly)
6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1112
6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1113 - Avoid a race in server shell-handling code which prevents the exit-code
161 b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1114 from being returned to the client in some circumstances.
134 6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1115
6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1116 - Makefile modified so that install target works correctly (doesn't try
6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1117 to install "all" binary) - patch from Juergen Daubert
6b306ad5f5b5 -i works with scp now. Matt Johnston <matt@ucc.asn.au> parents: 124 diff changeset	1118
161 b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1119 - Various minor fixes and compile warnings.
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1120
b9d3f725e00b 0.44 release changes Matt Johnston <matt@ucc.asn.au> parents: 134 diff changeset	1121 0.44test4 - Tue Sept 14 2004 21:15:54 +0800
124 8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1122
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1123 - Fix inetd mode so it actually loads the hostkeys (oops)
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1124
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1125 - Changed DROPBEAR_DEFPORT properly everywhere
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1126
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1127 - Fix a small memory leak in the auth code
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1128
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1129 - WCOREDUMP is only used on systems which support it (ie not cygwin or AIX)
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1130
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1131 - Check (and fail for) cases when we can't negotiate algorithms with the
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1132 remote side successfully (rather than bombing out ungracefully)
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1133
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1134 - Handle authorized_keys files without a terminating newline
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1135
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1136 - Fiddle the channel receive window size for possibly better performance
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1137
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1138 - Added in the PAM authentication code (finally! thanks to Martin Carlsson)
8c08fd2b7f5b 0.44test4 probably Matt Johnston <matt@ucc.asn.au> parents: 111 diff changeset	1139
111 88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1140 0.44test3 - Fri Aug 27 22:20:54 +0800
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1141
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1142 - Fixed a bunch of warnings.
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1143
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1144 - scp works correctly when passed a username (fix for the dbclient program
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1145 itself as well, "-lmatt" works as well as "-l matt").
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1146
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1147 - Remove unrequired debian files
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1148
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1149 - Exit with the remote process's return code for dbclient
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1150
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1151 - Display stderr messages from the server in the client
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1152
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1153 - Add circular buffering to the channel code. This should dramatically reduce
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1154 the amount of backtraffic sent in response to traffic incoming to the
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1155 Dropbear end - improves high-latency performance (ie dialup).
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1156
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1157 - Various other related channel-handling fixups.
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1158
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1159 - Allow leading lines in the banner when connecting to servers
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1160
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1161 - Fixed printing out errors onto the network socket with stderr (for inetd
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1162 mode when using xinetd)
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1163
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1164 - Remove obselete documentation
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1165
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1166 - Fix a null-pointer exception when trying to free non-existant listeners
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1167 at cleanup.
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1168
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1169 - DEBUG_TRACE now only works if you add "-v" to the program commandline
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1170
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1171 - Don't leave stdin non-blocking on exit - this caused the parent shell
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1172 of dbclient to close when dbclient exited, for some shells in BusyBox
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1173
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1174 - Server connections no longer timeout after 5 minutes
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1175
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1176 - Fixed stupid DSS hostkey typo (server couldn't load host keys)
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 90 diff changeset	1177
90 c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1178 0.44test2 - Tues Aug 17 2004 17:43:54 +0800
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1179
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1180 - Fix up dropbearmulti targets in the Makefile - symlinks are now created
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1181
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1182 - Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1183 allows them to work on platforms without a native getaddrinfo()
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1184
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1185 - Create ~/.ssh/known_hosts properly if it doesn't exist
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1186
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1187 - Fix basename() function prototype
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1188
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1189 - Backport some local changes (more #ifdefs for termcodes.c, a fix for missing
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1190 defines on AIX).
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1191
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1192 - Let dbclient be run as "ssh"
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1193
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1194 - Initialise mp_ints by default
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1195
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70 Matt Johnston <matt@ucc.asn.au> parents: 78 diff changeset	1196 0.44test1 - Sun Aug 16 2005 17:43:54 +0800
78 677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1197
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1198 - TESTING RELEASE - this is the first public release of the client codebase,
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1199 so there are sure to be bugs to be found. In addition, if you're just using
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1200 the server portion, the final binary size probably will increase - I'll
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1201 be trying to get it back down in future releases.
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1202
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1203 - Dropbear client added - lots of changes to the server code as well to
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1204 generalise things
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1205
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1206 - IPv6 support added for client, server, and forwarding
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1207
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1208 - New makefile with more generic support for multiple-program binaries
677843bfa734 Added changelog entry Matt Johnston <matt@ucc.asn.au> parents: 69 diff changeset	1209
69 59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1210 0.43 - Fri Jul 16 2004 17:44:54 +0800
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1211
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1212 - SECURITY: Don't try to free() uninitialised variables in DSS verification
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1213 code. Thanks to Arne Bernin for pointing out this bug. This is possibly
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1214 exploitable, all users with DSS and pubkey-auth compiled in are advised to
830 b9f0058860f1 - 2013.60, update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 822 diff changeset	1215 upgrade. CVE-2004-2486
69 59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1216
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1217 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1218
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1219 - Don't go into an infinite loop when portforwarding to servers which don't
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1220 send any initial data/banner. Patch from Nikola Vladov
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1221
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1222 - Fix for network vs. host byte order in logging remote TCP ports, also
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1223 from Gerrit Pape.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1224
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1225 - Initialise many pointers to NULL, for general safety. Also checked cleanup
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1226 code for mp_ints (related to security issues above).
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1227
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1228 0.42 - Wed Jun 16 2004 12:44:54 +0800
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1229
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1230 - Updated to Gerrit Pape's official Debian subdirectory
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1231
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1232 - Fixed bad check when opening /dev/urandom - thanks to Danny Sung.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1233
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1234 - Added -i inetd mode flag, and associated options in options.h . Dropbear
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1235 can be compiled with either normal mode, inetd, or both modes. Thanks
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1236 to Gerrit Pape for basic patch and motivation.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1237
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1238 - Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1239 Sommerfield.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1240
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1241 - Fixed a TCP forwarding (client-local, -L style) bug which caused the whole
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1242 session to close if the TCP connection failed. Thanks to Andrew Braund for
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1243 reporting it and helping track it down.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1244
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1245 - Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1246 suggestions, and BSD manpages for a clearer explanation of the behaviour.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1247
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1248 - Added manpages, thanks to Gerrit Pape.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1249
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1250 - Changed license text for LibTomCrypt and LibTomMath.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1251
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1252 - Added strip-static target
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1253
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1254 - Fixed a bug in agent-forwarding cleanup handler - would segfault
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1255 (dereferencing a null pointer) if agent forwarding had failed.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1256
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1257 - Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1258 work. Thanks to Dr. Markus Waldeck for the report.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1259
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1260 - Fixed local port forwarding code so that the "-j" option will make forwarding
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1261 attempts fail more gracefully.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1262
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1263 - Allow repeated requests in a single session if previous ones fail - this fixes PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1264 isn't available. Thanks to Stirling Westrup for the report.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1265
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1266 - Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1267 smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1268 options.h, leading to a significant reduction in the binary size.
59d16db56e9f Simple text changes Matt Johnston <matt@ucc.asn.au> parents: 4 diff changeset	1269
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1270 0.41 - Mon Jan 19 2004 22:40:19 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1271
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1272 - Fix in configure so that cross-compiling works, thanks to numerous people for
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1273 reporting and testing
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1274
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1275 - Terminal mode parsing now handles empty terminal mode strings (sent by
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1276 Windows ssh.com clients), thanks to Ricardo Derbes for the report
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1277
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1278 - Handling is improved for users with no shell specified in /etc/passwd,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1279 thanks again to Ricardo Derbes
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1280
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1281 - Fix for compiling with --disable-syslog, thanks to gordonfh
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1282
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1283 - Various minor fixes allow scp to work with irix, thanks to Paul Marinceu for
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1284 fixing it up
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1285
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1286 - Use <stropts.h> not <sys/stropts.h>, since the former seems more common
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1287
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1288 0.40 - Tue Jan 13 2004 21:05:19 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1289
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1290 - Remote TCP forwarding (-R) style implemented
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1291
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1292 - Local and remote TCP forwarding can each be disabled at runtime (-k and -j
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1293 switches)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1294
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1295 - Fix for problems detecting openpty() with uClibc - many thanks to various
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1296 people for reporting and testing fixes, including (in random order) Cristian
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1297 Ionescu-Idbohrn, James Ewing, Steve Dover, Thomas Lundquist and Frederic
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1298 Lavernhe
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1299
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1300 - Improved portability for IRIX, thanks to Paul Marinceu
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1301
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1302 - AIX and HPUX portability fixes, thanks to Darren Tucker for patches
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1303
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1304 - prngd should now work correctly, thanks to Darren Tucker for the patch
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1305
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1306 - scp compilation on systems without strlcpy() is fixed, thanks to Peter
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1307 Jannesen and David Muse for reporting it (independently and simultaneously :)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1308
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1309 - Merged in new LibTomCrypt 0.92 and LibTomMath 0.28
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1310
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1311 0.39 - Tue Dec 16 2003 15:19:19 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1312
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1313 - Better checking of key lengths and parameters for DSS and RSA auth
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1314
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1315 - Print fingerprint of keys used for pubkey auth
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1316
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1317 - More consistent logging of usernames and IPs
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1318
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1319 - Added option to disable password auth (or just for root) at runtime
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1320
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1321 - Avoid including bignum functions which don't give much speed benefit but
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1322 take up binary size
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1323
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1324 - Added a stripped down version of OpenSSH's scp binary
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1325
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1326 - Added additional supporting functions for Irix, thanks to Paul Marinceu
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1327
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1328 - Don't check for unused libraries in configure script
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1329
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1330 - Removed trailing comma in algorithm lists (thanks to Mihnea Stoenescu)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1331
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1332 - Fixed up channel close handling, always send close packet in response
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1333 (also thanks to Mihnea Stoenescu)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1334
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1335 - Various makefile improvements for cross-compiling, thanks to Friedrich
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1336 Lobenstock and Mihnea Stoenescu
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1337
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1338 - Use daemon() function if available (or our own copy) rather than separate
789 ea04e3eb03e2 Save with utf8 encoding Matt Johnston <matt@ucc.asn.au> parents: 786 diff changeset	1339 code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1340 Blackham for his suggestion on what to look at)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1341
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1342 - Fixed up support for first_kex_packet_follows, required to talk to ssh.com
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1343 clients. Thanks to Marian Stagarescu for the bug report.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1344
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1345 - Avoid using MAXPATHLEN, pointer from Ian Morris
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1346
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1347 - Improved input sanity checking
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1348
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1349 0.38 - Sat Oct 11 2003 16:28:13 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1350
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1351 - Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1352 rather than /etc/dropbear_{rsa,dss}_host_key
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1353
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1354 - Added SMALL and MULTI text files which have info on compiling for multiple
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1355 binaries or small binaries
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1356
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1357 - Allow for commandline definition of some options.h settings
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1358 (without warnings)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1359
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1360 - Be more careful handling EINTR
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1361
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1362 - More fixes for channel closing
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1363
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1364 - Added multi-binary support
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1365
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1366 - Improved logging of IPs, now get logged in all cases
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1367
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1368 - Don't chew cpu when waiting for version identification string, also
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1369 make sure that we kick off people if they don't auth within 5 minutes.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1370
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1371 - Various small fixes, warnings etc
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1372
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1373 - Display MOTD if requested - suggested by
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1374 Trent Lloyd <lathiat at sixlabs.org> and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1375 Zach White <zwhite at darkstar.frop.org>
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1376
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1377 - sftp support works (relies on OpenSSH sftp binary or similar)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1378
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1379 - Added --disable-shadow option (requested by the floppyfw guys)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1380
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1381 0.37 - Wed Sept 24 2003 19:42:12 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1382
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1383 - Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1384 AIX, BSDs
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1385
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1386 - Updated LibTomMath to 0.27 and LibTomCrypt to 0.90
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1387
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1388 - Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1389
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1390 - Added some small changes so it'll work with AIX (plus Linux Affinity).
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1391 Thanks to Shig for them.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1392
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1393 - Improved the closing messages, so a clean exit is "Exited normally"
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1394
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1395 - Added some more robust integer/size checking in buffer.c as a backstop for
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1396 integer overflows
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1397
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1398 - X11 forwarding fixed for OSX, path for xauth changed to /usr/X11R6/bin/xauth
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1399
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1400 - Channel code handles closing more nicely, doesn't sit waiting for an extra
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1401 keystroke on BSD/OSX platforms, and data is flushed fully before closing
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1402 child processes (thanks to
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1403 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> for
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1404 pointing that out).
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1405
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1406 - Changed "DISABLE_TCPFWD" to "ENABLE_TCPFWD" (and for x11/auth) so
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1407 "disable DISABLE_TCPWD" isn't so confusing.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1408
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1409 - Fix authorized_keys handling (don't crash on too-long keys, and
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1410 use fgetc not getc to avoid strange macro-related issues), thanks to
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1411 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1412 and Steve Rodgers <hwstar at cox.net> for reporting and testing.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1413
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1414 - Fixes to the README with regard to uClibc systems, thanks to
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1415 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1416 as well as general improvements to documentation (split README/INSTALL)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1417
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1418 - Fixed up some compilation problems with dropbearconvert/dropbearkey if
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1419 DSS or RSA were disabled, reported by Patrik Karlsson <patrik at cqure.net>
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1420
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1421 - Fix double-free bug for hostkeys, reported by
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1422 Vincent Sanders <vince at kyllikki.org>
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1423
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1424 - Fix up missing \ns from dropbearconvert help message,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1425 thanks to Mordy Ovits <movits at bloomberg.com> for the patch
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1426
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1427 0.36 - Tue August 19 2003 12:16:23 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1428
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1429 - Fix uninitialised temporary variable in DSS signing code
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1430 (thanks to Matthew Franz <mdfranz at io.com> for reporting, and the authors
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1431 of Valgrind for making it easy to track down)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1432 - Fix remote version-string parsing error
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1433 (thanks to Bernard Blackham <bernard at blackham.com.au> for noticing)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1434 - Improved host-algorithm-matching algorithm in algo.c
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1435 - Decreased MAX_STRING_LEN to a more realistic value
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1436 - Fix incorrect version (0.34) in this CHANGES file for the previous release.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1437
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1438 0.35 - Sun August 17 2003 05:37:47 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1439
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1440 - Fix for remotely exploitable format string buffer overflow.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1441 (thanks to Joel Eriksson <je at bitnux.com>)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1442
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1443 0.34 - Fri August 15 2003 15:10:00 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1444
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1445 - Made syslog optional, both at compile time and as a compile option
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1446 (suggested by Laurent Bercot <ska at skarnet.org>)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1447 - Fixup for bad base64 parsing in authorized_keys
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1448 (noticed by Davyd Madeley <davyd at zdlcomputing.com>)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1449 - Added initial tcp forwarding code, only -L (local) at this stage
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1450 - Improved "make install" with DESTDIR and changing ownership seperately,
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1451 don't check for setpgrp on Linux for crosscompiling.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1452 (from Erik Andersen <andersen at codepoet.org>)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1453 - More commenting, fix minor compile warnings, make return values more
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1454 consistent etc
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1455 - Various signedness fixes
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1456 - Can listen on multiple ports
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1457 - added option to disable openpty with configure script,
789 ea04e3eb03e2 Save with utf8 encoding Matt Johnston <matt@ucc.asn.au> parents: 786 diff changeset	1458 (from K.-P. Kirchdörfer <kapeka at epost.de>)
4 fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1459 - Various cleanups to bignum code
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1460 (thanks to Tom St Denis <tomstdenis at iahu.ca>)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1461 - Fix compile error when disabling RSA
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1462 (from Marc Kleine-Budde <kleine-budde at gmx.de>)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1463 - Other cleanups, splitting large functions for packet and kex handling etc
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1464
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1465 0.33 - Sun June 22 2003 22:24:12 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1466
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1467 - Fixed some invalid assertions in the channel code, fixing the server dying
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1468 when forwarding X11 connections.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1469 - Add dropbearconvert to convert to/from OpenSSH host keys and Dropbear keys
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1470 - RSA keys now keep p and q parameters for compatibility -- old Dropbear keys
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1471 still work, but can't be converted to OpenSSH etc.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1472 - Debian packaging directory added, thanks to
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1473 Grahame (grahame at angrygoats.net)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1474 - 'install' target added to the makefile
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1475 - general tidying, improve consistency of functions etc
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1476 - If RSA or DSS hostkeys don't exist, that algorithm won't be used.
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1477 - Improved RSA and DSS key generation, more efficient and fixed some minor bugs
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1478 (thanks to Tom St Denis for the advice)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1479 - Merged new versions of LibTomCrypt (0.86) and LibTomMath (0.21)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1480
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1481 0.32 - Sat May 24 2003 12:44:11 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1482
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1483 - Don't compile unused code from libtomcrypt (test vectors etc)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1484 - Updated to libtommath 0.17 and libtomcrypt 0.83. New libtommath results
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1485 in smaller binary size, due to not linking unrequired code
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1486 - X11 forwarding added
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1487 - Agent forwarding added (for OpenSSH.com ssh client/agent)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1488 - Fix incorrect buffer freeing when banners are used
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1489 - Hostname resolution works
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1490 - Various minor bugfixes/code size improvements etc
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1491
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1492 0.31 - Fri May 9 2003 17:57:16 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1493
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1494 - Improved syslog messages - IP logging etc
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1495 - Strip control characters from log messages (specified username currently)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1496 - Login recording (utmp/wtmp) support, so last/w/who work - taken from OpenSSH
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1497 - Shell is started as a proper login shell, so /etc/profile etc is sourced
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1498 - Ptys work on Solaris (2.8 x86 tested) now
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1499 - Fixed bug in specifying the rsa hostkey
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1500 - Fixed bug in compression code, could trigger if compression resulted in
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1501 larger output than input (uncommon but possible).
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1502
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1503 0.30 - Thu Apr 17 2003 18:46:15 +0800
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1504
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1505 - SECURITY: buffer.c had bad checking for buffer increment length - fixed
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1506 - channel code now closes properly on EOF - scp processes don't hang around
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1507 - syslog support added - improved auth/login/failure messages
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1508 - general code tidying, made return codes more consistent
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1509 - Makefile fixed for dependencies and makes libtomcrypt as well
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1510 - Implemented sending SSH_MSG_UNIMPLEMENTED :)
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1511
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1512 0.29 - Wed Apr 9 2003
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1513
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1514 - Fixed a stupid bug in 0.28 release, 'newstr = strdup(oldstr)',
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1515 not 'newstr=oldstr'
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1516
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1517 0.28 - Sun Apr 6 2003
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1518
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1519 - Initial public release
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1520
fe6bca95afa7 Makefile.in contains updated files required Matt Johnston <matt@ucc.asn.au> parents: diff changeset	1521 Development was started in October 2002

Mercurial > dropbear

annotate CHANGES @ 1930:299f4f19ba19