Mercurial > dropbear
annotate release.sh @ 1790:42745af83b7d
Introduce extra delay before closing unauthenticated sessions
To make it harder for attackers, introduce a delay to keep an
unauthenticated session open a bit longer, thus blocking a connection
slot until after the delay.
Without this, while there is a limit on the amount of attempts an attacker
can make at the same time (MAX_UNAUTH_PER_IP), the time taken by dropbear to
handle one attempt is still short and thus for each of the allowed parallel
attempts many attempts can be chained one after the other. The attempt rate
is then:
"MAX_UNAUTH_PER_IP / <process time of one attempt>".
With the delay, this rate becomes:
"MAX_UNAUTH_PER_IP / UNAUTH_CLOSE_DELAY".
| author | Thomas De Schampheleire <thomas.de_schampheleire@nokia.com> |
|---|---|
| date | Wed, 15 Feb 2017 13:53:04 +0100 |
| parents | e2e4929d057b |
| children | 552bb9b4f16a |
| rev | line source |
|---|---|
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1 #!/bin/sh |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
2 VERSION=$(echo '#include "sysoptions.h"\necho DROPBEAR_VERSION' | cpp - | sh) |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
3 echo Releasing version "$VERSION" ... |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
4 if ! head -n1 CHANGES | grep -q $VERSION ; then |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
5 echo "CHANGES needs updating" |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
6 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
7 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
8 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
9 if ! head -n1 debian/changelog | grep -q $VERSION ; then |
| 1007 | 10 echo "debian/changelog needs updating" |
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
11 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
12 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
13 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
14 head -n1 CHANGES |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
15 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
16 #sleep 3 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
17 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
18 RELDIR=$PWD/../dropbear-$VERSION |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
19 ARCHIVE=${RELDIR}.tar.bz2 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
20 if test -e $RELDIR; then |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
21 echo "$RELDIR exists" |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
22 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
23 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
24 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
25 if test -e $ARCHIVE; then |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
26 echo "$ARCHIVE exists" |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
27 exit 1 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
28 fi |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
29 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
30 hg archive "$RELDIR" || exit 2 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
31 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
32 (cd "$RELDIR" && autoconf && autoheader) || exit 2 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
33 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
34 rm -r "$RELDIR/autom4te.cache" || exit 2 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
35 |
|
1137
40434003bd96
remove .hgtags from release
Matt Johnston <matt@ucc.asn.au>
parents:
1010
diff
changeset
|
36 rm "$RELDIR/.hgtags" |
|
40434003bd96
remove .hgtags from release
Matt Johnston <matt@ucc.asn.au>
parents:
1010
diff
changeset
|
37 |
|
40434003bd96
remove .hgtags from release
Matt Johnston <matt@ucc.asn.au>
parents:
1010
diff
changeset
|
38 (cd "$RELDIR/.." && tar cjf $ARCHIVE `basename "$RELDIR"`) || exit 2 |
|
948
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
39 |
|
f92eb625c48d
- Don't use multichar constants since recent gcc complains
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
40 ls -l $ARCHIVE |
| 1645 | 41 openssl sha256 $ARCHIVE |
|
1183
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
42 echo Done to |
|
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
43 echo "$ARCHIVE" |
|
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
44 echo Sign it with |
|
d10468395a49
release.sh reminds how to sign
Matt Johnston <matt@ucc.asn.au>
parents:
1137
diff
changeset
|
45 echo gpg2 --detach-sign -a -u F29C6773 "$ARCHIVE" |