Mercurial > dropbear
annotate CHANGES @ 1902:4a6725ac957c
Revert "Don't include sk keys at all in KEX list"
This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72.
The sk algorithms need to remain in the sigalgs list so that they
are included in the server-sig-algs ext-info message sent by
the server. RFC8308 for server-sig-algs requires that all algorithms are
listed (though OpenSSH client 8.4p1 tested doesn't require that)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Thu, 24 Mar 2022 13:42:08 +0800 |
parents | 4b984c42372d |
children | 284c3837891c |
rev | line source |
---|---|
1761 | 1 2020.81 - 29 October 2020 |
2 | |
3 - Fix regression in 2020.79 which prevented connecting with some SSH | |
4 implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log | |
5 message if the limit is hit. This fixes interoperability with sshj | |
6 library (used by PyCharm), and GoAnywhere. | |
7 Reported by Pirmin Walthert and Piotr Jurkiewicz | |
8 | |
9 - Fix building with non-GCC compilers, reported by Kazuo Kuroi | |
10 | |
11 - Fix potential long delay in dbclient, found by OSS Fuzz | |
12 | |
13 - Fix null pointer dereference crash, found by OSS Fuzz | |
14 | |
15 - libtommath now uses the same random source as Dropbear (in 2020.79 | |
16 and 2020.80 used getrandom() separately) | |
17 | |
18 - Some fuzzing improvements, start of a dbclient fuzzer | |
19 | |
1731
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
20 2020.80 - 26 June 2020 |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
21 |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
22 - Don't block authorized_keys logins with no-X11-forwarding or no-agent-forwarding |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
23 restrictions when X11 or agent forwarding are disabled at compile time. |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
24 This is more of a problem now X11 is disabled by default, reported by Guilhem Moulin |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
25 |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
26 - Reduce binary size by 4kB (x64) when using bundled libtommath |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
27 |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
28 - Define GNU_SOURCE for getrandom() on uclibc, reported by Laurent Bercot and |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
29 Fabrice Fontaine |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
30 |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
31 - Improve checking libtomcrypt version compatibility |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
32 |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
33 - Add some style notes to DEVELOPING.md |
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
34 |
1719 | 35 2020.79 - 15 June 2020 |
36 | |
37 - Support ed25519 hostkeys and authorized_keys, many thanks to Vladislav Grishenko. | |
38 This also replaces curve25519 with a TweetNaCl implementation that reduces code size. | |
39 | |
40 - Add chacha20-poly1305 authenticated cipher. This will perform faster than AES | |
41 on many platforms. Thanks to Vladislav Grishenko | |
42 | |
43 - Support using rsa-sha2 signatures. No changes are needed to hostkeys/authorized_keys | |
44 entries, existing RSA keys can be used with the new signature format (signatures | |
45 are ephemeral within a session). Old ssh-rsa signatures will no longer | |
46 be supported by OpenSSH in future so upgrading is recommended. | |
47 | |
48 - Use getrandom() call on Linux to ensure sufficient entropy has been gathered at startup. | |
49 Dropbear now avoids reading from the random source at startup, instead waiting until | |
50 the first connection. It is possible that some platforms were running without enough | |
51 entropy previously, those could potentially block at first boot generating host keys. | |
52 The dropbear "-R" option is one way to avoid that. | |
53 | |
54 - Upgrade libtomcrypt to 1.18.2 and libtommath to 1.2.0, many thanks to Steffen Jaeckel for | |
55 updating Dropbear to use the current API. Dropbear's configure script will check | |
56 for sufficient system library versions, otherwise using the bundled versions. | |
57 | |
58 - CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by default. | |
59 They can be set in localoptions.h if required. | |
60 Blowfish has been removed. | |
61 | |
62 - Support AES GCM, patch from Vladislav Grishenko. This is disabled by default, | |
63 Dropbear doesn't currently use hardware accelerated AES. | |
64 | |
65 - Added an API for specifying user public keys as an authorized_keys replacement. | |
66 See pubkeyapi.h for details, thanks to Fabrizio Bertocci | |
67 | |
68 - Fix idle detection clashing with keepalives, thanks to jcmathews | |
69 | |
70 - Include IP addresses in more early exit messages making it easier for fail2ban | |
71 processing. Patch from Kevin Darbyshire-Bryant | |
72 | |
73 - scp fix for CVE-2018-20685 where a server could modify name of output files | |
74 | |
75 - SSH_ORIGINAL_COMMAND is set for "dropbear -c" forced command too | |
76 | |
77 - Fix writing key files on systems without hard links, from Matt Robinson | |
78 | |
79 - Compatibility fixes for IRIX from Kazuo Kuroi | |
80 | |
81 - Re-enable printing MOTD by default, was lost moving from options.h. Thanks to zciendor | |
82 | |
83 - Call fsync() is called on parent directory when writing key files to ensure they are flushed | |
84 | |
85 - Fix "make install" for manpages in out-of-tree builds, from Gabor Z. Papp | |
86 | |
1731
cddc90de1b6f
update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents:
1719
diff
changeset
|
87 - Some notes are added in DEVELOPING.md |
1719 | 88 |
1650 | 89 2019.78 - 27 March 2019 |
90 | |
91 - Fix dbclient regression in 2019.77. After exiting the terminal would be left | |
92 in a bad state. Reported by Ryan Woodsmall | |
93 | |
1646 | 94 2019.77 - 23 March 2019 |
95 | |
96 - Fix server -R option with ECDSA - only advertise one key size which will be accepted. | |
97 Reported by Peter Krefting, 2018.76 regression. | |
98 | |
99 - Fix server regression in 2018.76 where multiple client -R forwards were all forwarded | |
100 to the first destination. Reported by Iddo Samet. | |
101 | |
102 - Make failure delay more consistent to avoid revealing valid usernames, set server password | |
103 limit of 100 characters. Problem reported by usd responsible disclosure team | |
104 | |
105 - Change handling of failed authentication to avoid disclosing valid usernames, | |
106 CVE-2018-15599. | |
107 | |
108 - Fix dbclient to reliably return the exit code from the remote server. | |
109 Reported by W. Mike Petullo | |
110 | |
111 - Fix export of 521-bit ECDSA keys, from Christian Hohnstädt | |
112 | |
113 - Add -o Port=xxx option to work with sshfs, from xcko | |
114 | |
115 - Merged fuzzing code, see FUZZER-NOTES.md | |
116 | |
117 - Add a DROPBEAR_SVR_MULTIUSER=0 compile option to run on | |
118 single-user Linux kernels (CONFIG_MULTIUSER disabled). From Patrick Stewart | |
119 | |
120 - Increase allowed username to 100 characters, reported by W. Mike Petullo | |
121 | |
122 - Update config.sub and config.guess, should now work with RISC-V | |
123 | |
124 - Cygwin compile fix from karel-m | |
125 | |
126 - Don't require GNU sed (accidentally in 2018.76), reported by Samuel Hsu | |
127 | |
128 - Fix for IRIX and writev(), reported by Kazuo Kuroi | |
129 | |
130 - Other fixes and cleanups from François Perrad, Andre McCurdy, Konstantin Demin, | |
131 Michael Jones, Pawel Rapkiewicz | |
132 | |
133 | |
1552 | 134 2018.76 - 27 February 2018 |
1520 | 135 |
1552 | 136 > > > Configuration/compatibility changes |
137 IMPORTANT | |
1565
2fd52c383163
mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1552
diff
changeset
|
138 Custom configuration is now specified in localoptions.h rather than options.h |
1524
d35cf9a5e0b5
rename default_options.h.in in docs too
Matt Johnston <matt@ucc.asn.au>
parents:
1520
diff
changeset
|
139 Available options and defaults can be seen in default_options.h |
1520 | 140 |
141 To migrate your configuration, compare your customised options.h against the | |
142 upstream options.h from your relevant version. Any customised options should | |
1565
2fd52c383163
mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1552
diff
changeset
|
143 be put in localoptions.h in the build directory. |
1520 | 144 |
145 - "configure --enable-static" should now be used instead of "make STATIC=1" | |
1552 | 146 This will avoid 'hardened build' flags that conflict with static binaries |
1520 | 147 |
1552 | 148 - Set 'hardened build' flags by default if supported by the compiler. |
149 These can be disabled with configure --disable-harden if needed. | |
1520 | 150 -Wl,-pie |
151 -Wl,-z,now -Wl,-z,relro | |
152 -fstack-protector-strong | |
153 -D_FORTIFY_SOURCE=2 | |
154 # spectre v2 mitigation | |
155 -mfunction-return=thunk | |
156 -mindirect-branch=thunk | |
157 | |
158 Spectre patch from Loganaden Velvindron | |
159 | |
1552 | 160 - "dropbear -r" option for hostkeys no longer attempts to load the default |
161 hostkey paths as well. If desired these can be specified manually. | |
162 Patch from CamVan Nguyen | |
163 | |
164 - group1-sha1 key exchange is disabled in the server by default since | |
165 the fixed 1024-bit group may be susceptible to attacks | |
166 | |
167 - twofish ciphers are now disabled in the default configuration | |
168 | |
169 - Default generated ECDSA key size is now 256 (rather than 521) | |
170 for better interoperability | |
171 | |
172 - Minimum RSA key length has been increased to 1024 bits | |
173 | |
174 > > > Other features and fixes | |
175 | |
1520 | 176 - Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant |
177 | |
178 - Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket. | |
179 See dbclient manpage for a socat example. Patch from Harald Becker | |
180 | |
181 - Add "-c forced_command" option. Patch from Jeremy Kerr | |
182 | |
1552 | 183 - Restricted group -G option added with patch from stellarpower |
184 | |
1520 | 185 - Support server-chosen TCP forwarding ports, patch from houseofkodai |
186 | |
187 - Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port] | |
188 Patch from houseofkodai | |
189 | |
1552 | 190 - Makefile will now rebuild object files when header files are modified |
191 | |
192 - Add group14-256 and group16 key exchange options | |
1520 | 193 |
1552 | 194 - curve25519-sha256 also supported without @libssh.org suffix |
195 | |
196 - Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1 | |
197 This fixes building with some recent versions of clang | |
1520 | 198 |
199 - Set PAM_RHOST which is needed by modules such as pam_abl | |
200 | |
1552 | 201 - Improvements to DSS and RSA public key validation, found by OSS-Fuzz. |
1520 | 202 |
203 - Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz | |
204 | |
205 - Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz | |
206 | |
207 - Numerous code cleanups and small issues fixed by Francois Perrad | |
208 | |
209 - Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl | |
210 platforms. Reported by Oliver Schneider and Andrew Bainbridge | |
211 | |
212 - Fix some platform portability problems, from Ben Gardner | |
213 | |
214 - Add EXEEXT filename suffix for building dropbearmulti, from William Foster | |
215 | |
216 - Support --enable-<option> properly for configure, from Stefan Hauser | |
217 | |
218 - configure have_openpty result can be cached, from Eric Bénard | |
219 | |
220 - handle platforms that return close() < -1 on failure, from Marco Wenzel | |
221 | |
222 - Build and configuration cleanups from Michael Witten | |
223 | |
224 - Fix libtomcrypt/libtommath linking order, from Andre McCurdy | |
225 | |
226 - Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC | |
227 | |
228 - Update curve25519-donna implementation to current version | |
229 | |
1337 | 230 2017.75 - 18 May 2017 |
231 | |
232 - Security: Fix double-free in server TCP listener cleanup | |
233 A double-free in the server could be triggered by an authenticated user if | |
234 dropbear is running with -a (Allow connections to forwarded ports from any host) | |
235 This could potentially allow arbitrary code execution as root by an authenticated user. | |
236 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. | |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
237 CVE-2017-9078 https://hg.ucc.asn.au/dropbear/rev/c8114a48837c |
1337 | 238 |
239 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. | |
240 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix | |
241 is to switch to user permissions when opening authorized_keys | |
242 | |
243 A user could symlink their ~/.ssh/authorized_keys to a root-owned file they | |
244 couldn't normally read. If they managed to get that file to contain valid | |
245 authorized_keys with command= options it might be possible to read other | |
246 contents of that file. | |
247 This information disclosure is to an already authenticated user. | |
248 Thanks to Jann Horn of Google Project Zero for reporting this. | |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
249 CVE-2017-9079 https://hg.ucc.asn.au/dropbear/rev/0d889b068123 |
1337 | 250 |
1339
c31276613181
fix changelog for atomic dropbearkey
Matt Johnston <matt@ucc.asn.au>
parents:
1337
diff
changeset
|
251 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync |
1337 | 252 Thanks to Andrei Gherzan for a patch |
253 | |
254 - Fix out of tree builds with bundled libtom | |
255 Thanks to Henrik Nordström and Peter Krefting for patches. | |
256 | |
1311 | 257 2016.74 - 21 July 2016 |
258 | |
259 - Security: Message printout was vulnerable to format string injection. | |
260 | |
261 If specific usernames including "%" symbols can be created on a system | |
262 (validated by getpwnam()) then an attacker could run arbitrary code as root | |
263 when connecting to Dropbear server. | |
264 | |
265 A dbclient user who can control username or host arguments could potentially | |
266 run arbitrary code as the dbclient user. This could be a problem if scripts | |
267 or webpages pass untrusted input to the dbclient program. | |
1321 | 268 CVE-2016-7406 |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
269 https://hg.ucc.asn.au/dropbear/rev/b66a483f3dcb |
1311 | 270 |
271 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as | |
272 the local dropbearconvert user when parsing malicious key files | |
1321 | 273 CVE-2016-7407 |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
274 https://hg.ucc.asn.au/dropbear/rev/34e6127ef02e |
1311 | 275 |
276 - Security: dbclient could run arbitrary code as the local dbclient user if | |
277 particular -m or -c arguments are provided. This could be an issue where | |
278 dbclient is used in scripts. | |
1321 | 279 CVE-2016-7408 |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
280 https://hg.ucc.asn.au/dropbear/rev/eed9376a4ad6 |
1311 | 281 |
282 - Security: dbclient or dropbear server could expose process memory to the | |
283 running user if compiled with DEBUG_TRACE and running with -v | |
1321 | 284 CVE-2016-7409 |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
285 https://hg.ucc.asn.au/dropbear/rev/6a14b1f6dc04 |
1311 | 286 |
287 The security issues were reported by an anonymous researcher working with | |
288 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html | |
289 | |
290 - Fix port forwarding failure when connecting to domains that have both | |
1313
0ed3d2bbf956
mention regression release
Matt Johnston <matt@ucc.asn.au>
parents:
1311
diff
changeset
|
291 IPv4 and IPv6 addresses. The bug was introduced in 2015.68 |
1311 | 292 |
293 - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P | |
294 for the patch | |
295 | |
296 | |
1285 | 297 2016.73 - 18 March 2016 |
1253 | 298 |
299 - Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev | |
300 | |
301 - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev | |
302 | |
303 - Option to exit when a TCP forward fails, patch from Konstantin Tokarev | |
304 | |
305 - New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options | |
306 in the style of OpenSSH, though implementing all OpenSSH options is not planned. | |
307 | |
1285 | 308 - Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou |
1253 | 309 |
310 - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks | |
311 | |
1285 | 312 - Various cleanups for issues found by a lint tool, patch from Francois Perrad |
313 | |
1253 | 314 - Fix tab indent consistency, patch from Francois Perrad |
315 | |
316 - Fix issues found by cppcheck, reported by Mike Tzou | |
317 | |
1285 | 318 - Use system memset_s() or explicit_bzero() if available to clear memory. Also make |
319 libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()). | |
320 | |
321 - Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten. | |
322 | |
323 - Improved Travis CI test running, thanks to Mike Tzou | |
324 | |
325 - Improve some code that was flagged by Coverity and Fortify Static Code Analyzer | |
326 | |
1230 | 327 2016.72 - 9 March 2016 |
328 | |
329 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, | |
1279 | 330 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
331 https://hg.ucc.asn.au/dropbear/rev/a3e8389e01ff |
1230 | 332 |
1200 | 333 2015.71 - 3 December 2015 |
1198
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
334 |
1199 | 335 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 |
1198
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
336 |
1203 | 337 - Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to |
338 Frank Stollenwerk for reporting and investigation | |
1198
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
339 |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
340 - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
341 |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
342 - Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert, |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
343 broke in 2015.70 |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
344 |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
345 - Fix server race condition that could cause sessions to hang on exit, |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
346 https://github.com/robotframework/SSHLibrary/issues/128 |
388e5c3e380e
preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
1188
diff
changeset
|
347 |
1188 | 348 2015.70 - 26 November 2015 |
1187 | 349 |
350 - Fix server password authentication on Linux, broke in 2015.69 | |
351 | |
1178 | 352 2015.69 - 25 November 2015 |
353 | |
354 - Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68) | |
355 | |
356 - Avoid hang on session close when multiple sessions are started, affects Qt Creator | |
357 Patch from Andrzej Szombierski | |
358 | |
359 - Reduce per-channel memory consumption in common case, increase default | |
360 channel limit from 100 to 1000 which should improve SOCKS forwarding for modern | |
361 webpages | |
362 | |
363 - Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin | |
364 | |
365 - Manpage improvements from Guilhem Moulin | |
366 | |
367 - Build fixes for Android from Mike Frysinger | |
368 | |
369 - Don't display the MOTD when an explicit command is run from Guilhem Moulin | |
370 | |
371 - Check curve25519 shared secret isn't zero | |
372 | |
1147
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
373 2015.68 - Saturday 8 August 2015 |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
374 |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
375 - Reduce local data copying for improved efficiency. Measured 30% |
1125 | 376 increase in throughput for connections to localhost |
1063
9a5677293671
changes (also testing hg bookmarks)
Matt Johnston <matt@ucc.asn.au>
parents:
1004
diff
changeset
|
377 |
1147
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
378 - Forwarded TCP ports connect asynchronously and try all available addresses |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
379 (IPv4, IPv6, round robin DNS) |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
380 |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
381 - Fix all compile warnings, many patches from Gaël Portay |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
382 Note that configure with -Werror may not be successful on some platforms (OS X) |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
383 and some configuration options may still result in unused variable |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
384 warnings. |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
385 |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
386 - Use TCP Fast Open on Linux if available. Saves a round trip at connection |
1064 | 387 to hosts that have previously been connected. |
388 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3" | |
1125 | 389 Client side is disabled by default pending further compatibility testing |
390 with networks and systems. | |
1064 | 391 |
1147
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
392 - Increase maximum command length to 9000 bytes |
1064 | 393 |
394 - Free memory before exiting, patch from Thorsten Horstmann. Useful for | |
395 Dropbear ports to embedded systems and for checking memory leaks | |
1147
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
396 with valgrind. Only partially implemented for dbclient. |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
397 This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h |
1064 | 398 |
1147
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
399 - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
400 there is a leading slash (~ isn't treated specially) |
1125 | 401 |
1064 | 402 - Fix small ECC memory leaks |
403 | |
1125 | 404 - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of |
1141
63ac2261e1b0
couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents:
1125
diff
changeset
|
405 Matta Consulting. Odds of bad values are around 2**-512 -- improbable. |
1125 | 406 |
407 - Twofish-ctr cipher is supported though disabled by default | |
408 | |
1141
63ac2261e1b0
couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents:
1125
diff
changeset
|
409 - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks |
63ac2261e1b0
couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents:
1125
diff
changeset
|
410 to CL Ouyang |
63ac2261e1b0
couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents:
1125
diff
changeset
|
411 |
1147
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
412 - Fix null pointer crash with restrictions in authorized_keys without a command, patch from |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
413 Guilhem Moulin |
1141
63ac2261e1b0
couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents:
1125
diff
changeset
|
414 |
1147
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
415 - Ensure authentication timeout is handled while reading the initial banner, |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
416 thanks to CL Ouyang for finding it. |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
417 |
809feaa9408f
changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents:
1141
diff
changeset
|
418 - Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz |
1125 | 419 |
1004 | 420 2015.67 - Wednesday 28 January 2015 |
421 | |
422 - Call fsync() after generating private keys to ensure they aren't lost if a | |
423 reboot occurs. Thanks to Peter Korsgaard | |
424 | |
425 - Disable non-delayed zlib compression by default on the server. Can be | |
426 enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB | |
427 | |
428 - Default client key path ~/.ssh/id_dropbear | |
429 | |
430 - Prefer stronger algorithms by default, from Fedor Brunner. | |
431 AES256 over 3DES | |
432 Diffie-hellman group14 over group1 | |
433 | |
434 - Add option to disable CBC ciphers. | |
435 | |
436 - Disable twofish in default options.h | |
437 | |
438 - Enable sha2 HMAC algorithms by default, the code was already required | |
439 for ECC key exchange. sha1 is the first preference still for performance. | |
440 | |
441 - Fix installing dropbear.8 in a separate build directory, from Like Ma | |
442 | |
443 - Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe | |
444 | |
445 - Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea | |
446 | |
447 - Minor bug fixes, a few issues found by Coverity scan | |
448 | |
979
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
449 2014.66 - Thursday 23 October 2014 |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
450 |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
451 - Use the same keepalive handling behaviour as OpenSSH. This will work better |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
452 with some SSH implementations that have different behaviour with unknown |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
453 message types. |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
454 |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
455 - Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
456 keepalive message |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
457 |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
458 - Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
459 |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
460 - Fix wtmp which broke since 2013.62, patch from Whoopie |
735511a4c761
changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents:
965
diff
changeset
|
461 |
965 | 462 2014.65 - Friday 8 August 2014 |
463 | |
464 - Fix 2014.64 regression, server session hang on exit with scp (and probably | |
465 others), thanks to NiLuJe for tracking it down | |
466 | |
467 - Fix 2014.64 regression, clock_gettime() error handling which broke on older | |
468 Linux kernels, reported by NiLuJe | |
469 | |
470 - Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which | |
471 wasn't caught | |
472 | |
473 - Avoid error message when trying to set QoS on proxycommand or multihop pipes | |
474 | |
475 - Use /usr/bin/xauth, thanks to Mike Frysinger | |
476 | |
477 - Don't exit the client if the local user entry can't be found, thanks to iquaba | |
478 | |
947 | 479 2014.64 - Sunday 27 July 2014 |
942 | 480 |
481 - Fix compiling with ECDSA and DSS disabled | |
482 | |
483 - Don't exit abruptly if too many outgoing packets are queued for writev(). Patch | |
484 thanks to Ronny Meeus | |
485 | |
486 - The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval". | |
487 If no response is received after 3 keepalives then the session is terminated. This | |
488 will close connections faster than waiting for a TCP timeout. | |
489 | |
490 - Rework TCP priority setting. New settings are | |
491 if (connecting || ptys || x11) tos = LOWDELAY | |
492 else if (tcp_forwards) tos = 0 | |
493 else tos = BULK | |
494 Thanks to Catalin Patulea for the suggestion. | |
495 | |
496 - Improve handling of many concurrent new TCP forwarded connections, should now | |
497 be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting | |
498 and investigating it. | |
499 | |
500 - Make sure that exit messages from the client are printed, regression in 2013.57 | |
501 | |
502 - Use monotonic clock where available, timeouts won't be affected by system time | |
503 changes | |
504 | |
947 | 505 - Add -V for version |
506 | |
900 | 507 2014.63 - Wednesday 19 February 2014 |
508 | |
509 - Fix ~. to terminate a client interactive session after waking a laptop | |
510 from sleep. | |
511 | |
512 - Changed port separator syntax again, now using host^port. This is because | |
513 IPv6 link-local addresses use %. Reported by Gui Iribarren | |
514 | |
515 - Avoid constantly relinking dropbearmulti target, fix "make install" | |
516 for multi target, thanks to Mike Frysinger | |
517 | |
518 - Avoid getting stuck in a loop writing huge key files, reported by Bruno | |
519 Thomsen | |
520 | |
521 - Don't link dropbearkey or dropbearconvert to libz or libutil, | |
522 thanks to Nicolas Boos | |
523 | |
524 - Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos | |
525 | |
526 - Avoid crash on exit due to cleaned up keys before last packets are sent, | |
527 debugged by Ronald Wahl | |
528 | |
529 - Fix a race condition in rekeying where Dropbear would exit if it received a | |
530 still-in-flight packet after initiating rekeying. Reported by Oliver Metz. | |
531 This is a longstanding bug but is triggered more easily since 2013.57 | |
532 | |
905 | 533 - Fix README for ecdsa keys, from Catalin Patulea |
900 | 534 |
535 - Ensure that generated RSA keys are always exactly the length | |
536 requested. Previously Dropbear always generated N+16 or N+15 bit keys. | |
537 Thanks to Unit 193 | |
538 | |
539 - Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the | |
540 first public key succeeds. Still not enabled by default, needs more | |
541 compatibility testing with other implementations. | |
542 | |
543 - Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to | |
544 | |
545 - Fix for bad system linux/pkt-sched.h header file with older Linux | |
546 kernels, from Steve Dover | |
547 | |
548 - Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch | |
549 and Mark Wickham for independently spotting the same problem. | |
550 | |
878 | 551 2013.62 - Tuesday 3 December 2013 |
552 | |
553 - Disable "interactive" QoS connection options when a connection doesn't | |
554 have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch. | |
555 | |
556 - Log when a hostkey is generated with -R, fix some bugs in handling server | |
557 hostkey commandline options | |
558 | |
559 - Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe | |
560 | |
561 - Update config.guess and config.sub again | |
562 | |
861 | 563 2013.61test - Thursday 14 November 2013 |
564 | |
1433
b19877938d6a
document changed default RSA key size back in 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents:
1345
diff
changeset
|
565 - Default generated RSA key size changed from 1024 to 2048 bits |
b19877938d6a
document changed default RSA key size back in 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents:
1345
diff
changeset
|
566 |
861 | 567 - ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to |
568 be generated) and ECDH for setting up encryption keys (no intervention | |
569 required). This is significantly faster. | |
570 | |
571 - [email protected] support for setting up encryption keys. This is | |
572 another elliptic curve mode with less potential of NSA interference in | |
573 algorithm parameters. curve25519-donna code thanks to Adam Langley | |
574 | |
575 - -R option to automatically generate hostkeys. This is recommended for | |
576 embedded platforms since it allows the system random number device | |
577 /dev/urandom a longer startup time to generate a secure seed before the | |
578 hostkey is required. | |
579 | |
580 - Compile fixes for old vendor compilers like Tru64 from Daniel Richard G. | |
581 | |
878 | 582 - Make authorized_keys handling more robust, don't exit encountering |
583 malformed lines. Thanks to Lorin Hochstein and Mark Stillwell | |
584 | |
830 | 585 2013.60 - Wednesday 16 October 2013 |
586 | |
587 - Fix "make install" so that it doesn't always install to /bin and /sbin | |
588 | |
589 - Fix "make install MULTI=1", installing manpages failed | |
590 | |
591 - Fix "make install" when scp is included since it has no manpage | |
592 | |
593 - Make --disable-bundled-libtom work | |
594 | |
822 | 595 2013.59 - Friday 4 October 2013 |
596 | |
597 - Fix crash from -J command | |
598 Thanks to LluÃs Batlle i Rossell and Arnaud Mouiche for patches | |
599 | |
600 - Avoid reading too much from /proc/net/rt_cache since that causes | |
601 system slowness. | |
602 | |
603 - Improve EOF handling for half-closed connections | |
604 Thanks to Catalin Patulea | |
605 | |
606 - Send a banner message to report PAM error messages intended for the user | |
607 Patch from Martin Donnelly | |
608 | |
609 - Limit the size of decompressed payloads, avoids memory exhaustion denial | |
610 of service | |
830 | 611 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
612 https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f |
822 | 613 |
614 - Avoid disclosing existence of valid users through inconsistent delays | |
830 | 615 Thanks to Logan Lamb for reporting. CVE-2013-4434 |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
616 https://hg.ucc.asn.au/dropbear/rev/d7784616409a |
822 | 617 |
618 - Update config.guess and config.sub for newer architectures | |
619 | |
620 - Avoid segfault in server for locked accounts | |
621 | |
622 - "make install" now installs manpages | |
623 dropbearkey.8 has been renamed to dropbearkey.1 | |
624 manpage added for dropbearconvert | |
625 | |
626 - Get rid of one second delay when running non-interactive commands | |
627 | |
628 | |
786 | 629 2013.58 - Thursday 18 April 2013 |
630 | |
631 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz | |
632 | |
633 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder | |
634 | |
635 - Reject logins for other users when running as non-root, from Hans Harder | |
636 | |
637 - Disable client immediate authentication request by default, it prevents | |
638 passwordless logins from working | |
639 | |
776
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
640 2013.57 - Monday 15 April 2013 |
775
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
641 |
776
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
642 - Decreased connection setup time particularly with high latency connections, |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
643 the number of round trips has been reduced for both client and server. |
775
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
644 CPU time hasn't been changed. |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
645 |
776
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
646 - Client will send an initial key exchange guess to save a round trip. |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
647 Dropbear implements an extension [email protected] to allow the first |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
648 packet guess to succeed in wider circumstances than the standard behaviour. |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
649 When communicating with other implementations the standard behaviour is used. |
775
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
650 |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
651 - Client side: when public key or password authentication with |
776
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
652 $DROPBEAR_PASSWORD is used an initial authentication request will |
775
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
653 be sent immediately rather than querying the list of available methods. |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
654 This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default), |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
655 please let the Dropbear author know if it causes any interoperability |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
656 problems. |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
657 |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
658 - Implement client escape characters ~. (terminate session) and |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
659 ~^Z (background session) |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
660 |
776
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
661 - Server will more reliably clean up utmp when connection is closed, reported by |
789 | 662 Mattias Walström |
775
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
663 |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
664 - Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
665 |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
666 - Add "-y -y" client option to skip host key checking, thanks to Hans Harder |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
667 |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
668 - scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
669 |
776
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
670 - Added IUTF8 terminal mode support (Linux and Mac OS). Not standardised yet |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
671 though probably will be soon |
775
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
672 |
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
673 - Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2 |
776
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
674 enviroment variable is set |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
675 |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
676 - Fix using asymmetric MAC algorithms (broke in ) |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
677 |
f7c8b786e595
changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents:
775
diff
changeset
|
678 - Renamed configure.in to configure.ac to quieten autoconf, from Mike Frysinger |
775
2f1c199b6e4b
requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents:
719
diff
changeset
|
679 |
719 | 680 2013.56 - Thursday 21 March 2013 |
718 | 681 |
691 | 682 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient |
683 | |
718 | 684 - Allow using 'none' cipher or MAC (off by default, use options.h). Encryption |
685 is used during authentication then disabled, similar to OpenSSH HPN mode | |
691 | 686 |
687 - Allow a user in immediately if the account has a blank password and blank | |
688 passwords are enabled | |
689 | |
690 - Include a few extra sources of entropy from /proc on Linux, hash private keys | |
718 | 691 as well. Dropbear will also write gathered entropy back into /dev/urandom |
691 | 692 |
718 | 693 - Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h) |
691 | 694 |
718 | 695 - Don't sent bad address "localhost" for -R forward connections, |
696 reported by Denis Bider | |
691 | 697 |
698 - Add "-B" runtime option to allow blank passwords | |
699 | |
708
b207d5183bb7
document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents:
691
diff
changeset
|
700 - Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks |
b207d5183bb7
document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents:
691
diff
changeset
|
701 |
789 | 702 - A few improvements for Android from Reimar Döffinger |
708
b207d5183bb7
document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents:
691
diff
changeset
|
703 |
b207d5183bb7
document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents:
691
diff
changeset
|
704 - Fix memory leak for TCP forwarded connections to hosts that timed out, |
789 | 705 reported by Norbert Benczúr. Appears to be a very long-standing bug. |
708
b207d5183bb7
document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents:
691
diff
changeset
|
706 |
718 | 707 - Fix "make clean" for out of tree builds |
708 | |
709 - Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset | |
710 | |
661 | 711 2012.55 - Wednesday 22 February 2012 |
712 | |
662
d354464b2aa6
- Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
713 - Security: Fix use-after-free bug that could be triggered if command="..." |
d354464b2aa6
- Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
714 authorized_keys restrictions are used. Could allow arbitrary code execution |
d354464b2aa6
- Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
715 or bypass of the command="..." restriction to an authenticated user. |
d354464b2aa6
- Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
716 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. |
d354464b2aa6
- Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
717 Thanks to Danny Fullerton of Mantor Organization for reporting |
d354464b2aa6
- Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
718 the bug. |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
719 https://hg.ucc.asn.au/dropbear/rev/818108bf7749 |
661 | 720 |
721 - Compile fix, only apply IPV6 socket options if they are available in headers | |
722 Thanks to Gustavo Zacarias for the patch | |
723 | |
662
d354464b2aa6
- Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents:
661
diff
changeset
|
724 - Overwrite session key memory on exit |
661 | 725 |
726 - Fix minor memory leak in unusual PAM authentication configurations. | |
727 Thanks to Stathis Voukelatos | |
728 | |
729 - Other small code cleanups | |
730 | |
636
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
731 2011.54 - Tuesday 8 November 2011 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
732 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
733 - Building statically works again, broke in 0.53 and 0.53.1 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
734 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
735 - Fix crash when forwarding with -R |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
736 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
737 - Fixed various leaks found by Klocwork analysis software, thanks to them for |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
738 running it |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
739 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
740 - Set IPTOS_LOWDELAY for IPv6, thanks to Dave Taht |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
741 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
742 - Bind to sockets with IPV6_V6ONLY so that it works properly on systems |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
743 regardless of the system-wide setting |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
744 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
745 - Added ALLOW_BLANK_PASSWORD option. Dropbear also now allows public key logins |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
746 to accounts with a blank password. Thanks to Rob Landley |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
747 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
748 - Fixed case where "-K 1" keepalive for dbclient would cause a SSH_MSG_IGNORE |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
749 packet to be sent |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
750 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
751 - Avoid some memory allocations in big number maths routines, improves |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
752 performance slightly |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
753 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
754 - Fix symlink target for installdropbearmulti with DESTDIR set, thanks to |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
755 Scottie Shore |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
756 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
757 - When requesting server allocated remote ports (-R 0:host:port) print a |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
758 message informing what the port is, thanks to Ali Onur Uyar. |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
759 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
760 - New version numbering scheme. |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
761 |
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
762 Source repository has now migrated to Mercurial at |
1737
8b27de2c92ee
Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents:
1731
diff
changeset
|
763 https://hg.ucc.asn.au/dropbear/graph/default |
636
3f12086c2ef2
Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents:
607
diff
changeset
|
764 |
607
aa2f51a6b81d
Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents:
601
diff
changeset
|
765 0.53.1 - Wednesday 2 March 2011 |
601
2cd89d627adb
Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
766 |
2cd89d627adb
Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
767 - -lcrypt needs to be before object files for static linking |
2cd89d627adb
Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
768 |
607
aa2f51a6b81d
Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents:
601
diff
changeset
|
769 - Compile fix when both client and agent forwarding are disabled |
aa2f51a6b81d
Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents:
601
diff
changeset
|
770 |
aa2f51a6b81d
Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents:
601
diff
changeset
|
771 - Fix DROPBEAR_PRNGD_SOCKET mode |
aa2f51a6b81d
Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents:
601
diff
changeset
|
772 |
aa2f51a6b81d
Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents:
601
diff
changeset
|
773 - Don't allow setting zlib memLevel since it seems buggy |
aa2f51a6b81d
Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents:
601
diff
changeset
|
774 |
598
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
775 0.53 - Thurs 24 February 2011 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
776 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
777 - Various performance/memory use improvements |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
778 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
779 - Client agent forwarding now works, using OpenSSH's ssh-agent |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
780 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
781 - Improve robustness of client multihop mode |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
782 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
783 - Fix a prime generation bug in bundled libtommath. This is unlikely to have |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
784 generated any bad keys in the wild. |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
785 See |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
786 https://bugzilla.redhat.com/show_bug.cgi?id=615088 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
787 http://bugs.gentoo.org/show_bug.cgi?id=328383 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
788 http://bugs.gentoo.org/show_bug.cgi?id=328409 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
789 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
790 - Attempt to build against system libtomcrypt/libtommath if available. This |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
791 can be disabled with ./configure --enable-bundled-libtom |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
792 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
793 - Make -K (keepalive) and -I (idle timeout) work together sensibly in the client. |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
794 The idle timeout is no longer reset by SSH_MSG_IGNORE packets. |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
795 |
601
2cd89d627adb
Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
796 - Add diffie-hellman-group14-sha1 key exchange method |
2cd89d627adb
Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents:
598
diff
changeset
|
797 |
598
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
798 - Compile fix if ENABLE_CLI_PROXYCMD is disabled |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
799 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
800 - /usr/bin/X11/xauth is now the default path |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
801 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
802 - Client remote forward (-L/-R) arguments now accept a listen address |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
803 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
804 - In uClinux avoid trashing the parent process when a session exits |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
805 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
806 - Blowfish is now disabled by default since it has large memory usage |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
807 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
808 - Add option to change zlib windowbits/memlevel. Use less memory by default |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
809 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
810 - DROPBEAR_SMALL_CODE is now disabled by default |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
811 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
812 - SSH_ORIGINAL_COMMAND environment variable is set by the server when an |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
813 authorized_keys command is specified. |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
814 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
815 - Set SSH_TTY and SSH_CONNECTION environment variables in the server |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
816 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
817 - Client banner is now printed to standard error rather than standard output |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
818 |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
819 - Capitalisation in many log messages has been made consistent. This may affect |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
820 scripts that parse logfiles. |
7ec26a5b92e7
Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents:
518
diff
changeset
|
821 |
518
ce104c8b0be1
- Add a date for the release
Matt Johnston <matt@ucc.asn.au>
parents:
515
diff
changeset
|
822 0.52 - Wed 12 November 2008 |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
823 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
824 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
825 standard input/output to a TCP port-forwarded remote host. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
826 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
827 - Add "proxy command" support to dbclient, to allow using a spawned process for |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
828 IO rather than a direct TCP connection. eg |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
829 dbclient remotehost |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
830 is equivalent to |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
831 dbclient -J 'nc remotehost 22' remotehost |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
832 (the hostname is still provided purely for looking up saved host keys) |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
833 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
834 - Combine netcat-alike and proxy support to allow "multihop" connections, with |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
835 comma-separated host syntax. Allows running |
515 | 836 |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
837 dbclient user1@host1,user2@host2,user3@host3 |
515 | 838 |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
839 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
840 like onion-routing. All connections are established from the local machine. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
841 The comma-separated syntax can also be used for scp/rsync, eg |
515 | 842 |
513
a3748e54273c
Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents:
510
diff
changeset
|
843 rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/ |
515 | 844 |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
845 to bounce through a few hosts. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
846 |
515 | 847 - Add -I "idle timeout" option (contributed by Farrell Aultman) |
848 | |
510
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
849 - Allow restrictions on authorized_keys logins such as restricting commands |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
850 to be run etc. This is a subset of those allowed by OpenSSH, doesn't |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
851 yet allow restricting source host. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
852 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
853 - Use vfork() for scp on uClinux |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
854 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
855 - Default to PATH=/usr/bin:/bin for shells. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
856 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
857 - Report errors if -R forwarding fails |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
858 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
859 - Add counter mode cipher support, which avoids some security problems with the |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
860 standard CBC mode. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
861 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
862 - Support [email protected] delayed compression for client/server. It can be |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
863 required for the Dropbear server with the '-Z' option. This is useful for |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
864 security as it avoids exposing the server to attacks on zlib by |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
865 unauthenticated remote users, though requires client side support. |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
866 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
867 - options.h has been split into options.h (user-changable) and sysoptions.h |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
868 (less commonly changed) |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
869 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
870 - Support "dbclient -s sftp" to specify a subsystem |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
871 |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
872 - Fix a bug in replies to channel requests that could be triggered by recent |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
873 versions of PuTTY |
b85507ade010
- Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents:
471
diff
changeset
|
874 |
471 | 875 0.51 - Thu 27 March 2008 |
468 | 876 |
877 - Make a copy of password fields rather erroneously relying on getwpnam() | |
878 to be safe to call multiple times | |
879 | |
880 - If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is | |
881 as well) always use that program, ignoring isatty() and $DISPLAY | |
882 | |
883 - Wait until a process exits before the server closes a connection, so | |
471 | 884 that an exit code can be sent. This fixes problems with exit codes not |
885 being returned, which could cause scp to fail. | |
468 | 886 |
455 | 887 0.50 - Wed 8 August 2007 |
888 | |
889 - Add DROPBEAR_PASSWORD environment variable to specify a dbclient password | |
890 | |
891 - Use /dev/urandom by default, since that's what everyone does anyway | |
892 | |
893 - Correct vfork() use for uClinux in scp | |
894 (thanks to Alex Landau) | |
895 | |
896 - Exit with an exit code of 1 if dropbear can't bind to any ports | |
897 (thanks to Nicolai Ehemann) | |
898 | |
899 - Improve network performance and add a -W <receive_window> argument for | |
900 adjusting the tradeoff between network performance and memory consumption. | |
901 | |
902 - Fix a problem where reply packets could be sent during key exchange, | |
903 in violation of the SSH spec. This could manifest itself with connections | |
904 being terminated after 8 hours with new TCP-forward connections being | |
905 established. | |
906 | |
907 - Add -K <keepalive_time> argument, ensuring that data is transmitted | |
908 over the connection at least every N seconds. | |
909 | |
457
e430a26064ee
Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents:
455
diff
changeset
|
910 - dropbearkey will no longer generate DSS keys of sizes other than 1024 |
e430a26064ee
Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents:
455
diff
changeset
|
911 bits, as required by the DSS specification. (Other sizes are still |
e430a26064ee
Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents:
455
diff
changeset
|
912 accepted for use to provide backwards compatibility). |
e430a26064ee
Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents:
455
diff
changeset
|
913 |
437 | 914 0.49 - Fri 23 February 2007 |
915 | |
916 - Security: dbclient previously would prompt to confirm a | |
917 mismatching hostkey but wouldn't warn loudly. It will now | |
830 | 918 exit upon a mismatch. CVE-2007-1099 |
337 | 919 |
920 - Compile fixes, make sure that all variable definitions are at the start | |
921 of a scope. | |
922 | |
430 | 923 - Added -P pidfile argument to the server (from Swen Schillig) |
337 | 924 |
925 - Add -N dbclient option for "no command" | |
926 | |
927 - Add -f dbclient option for "background after auth" | |
928 | |
437 | 929 - Add ability to limit binding to particular addresses, use |
930 -p [address:]port, patch from Max-Gerd Retzlaff. | |
931 | |
430 | 932 - Try to finally fix ss_family compilation problems (for old |
933 glibc systems) | |
934 | |
935 - Fix finding relative-path server hostkeys when running daemonized | |
936 | |
937 - Use $HOME in preference to that from /etc/passwd, so that | |
938 dbclient can still work on broken systems. | |
939 | |
940 - Fix various issues found by Klocwork defect analysis, mostly memory leaks | |
941 and error-handling. Thanks to Klocwork for their service. | |
942 | |
943 - Improve building in a separate directory | |
944 | |
945 - Add compile-time LOG_COMMANDS option to log user commands | |
946 | |
947 - Add '-y' flag to dbclient to unconditionally accept host keys, | |
948 patch from Luciano Miguel Ferreira Rocha | |
949 | |
950 - Return immediately for "sleep 10 & echo foo", rather than waiting | |
951 for the sleep to return (pointed out by Rob Landley). | |
952 | |
953 - Avoid hanging after exit in certain cases (such as scp) | |
954 | |
955 - Various minor fixes, in particular various leaks reported by | |
956 Erik Hovland | |
957 | |
958 - Disable core dumps on startup | |
959 | |
960 - Don't erase over every single buffer, since it was a bottleneck. | |
961 On systems where it really matters, encrypted swap should be utilised. | |
962 | |
963 - Read /dev/[u]random only once at startup to conserve kernel entropy | |
964 | |
965 - Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40 | |
966 | |
967 - Upgrade config.status and config.guess | |
337 | 968 |
295 | 969 0.48.1 - Sat 11 March 2006 |
970 | |
971 - Compile fix for scp | |
972 | |
291 | 973 0.48 - Thurs 9 March 2006 |
290 | 974 |
975 - Check that the circular buffer is properly empty before | |
976 closing a channel, which could cause truncated transfers | |
977 (thanks to Tomas Vanek for helping track it down) | |
978 | |
979 - Implement per-IP pre-authentication connection limits | |
830 | 980 (after some poking from Pablo Fernandez) CVE-2006-1206 |
290 | 981 |
982 - Exit gracefully if trying to connect to as SSH v1 server | |
983 (reported by Rushi Lala) | |
984 | |
985 - Only read /dev/random once at startup when in non-inetd mode | |
986 | |
987 - Allow ctrl-c to close a dbclient password prompt (may | |
988 still have to press enter on some platforms) | |
989 | |
990 - Merged in uClinux patch for inetd mode | |
991 | |
992 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue | |
993 where use of system() could cause users to execute arbitrary | |
994 code through malformed filenames, ref CVE-2006-0225 | |
995 | |
265
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
996 0.47 - Thurs Dec 8 2005 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
997 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
998 - SECURITY: fix for buffer allocation error in server code, could potentially |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
999 allow authenticated users to gain elevated privileges. All multi-user systems |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1000 running the server should upgrade (or apply the patch available on the |
830 | 1001 Dropbear webpage). CVE-2005-4178 |
265
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1002 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1003 - Fix channel handling code so that redirecting to /dev/null doesn't use |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1004 100% CPU. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1005 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1006 - Turn on zlib compression for dbclient. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1007 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1008 - Set "low delay" TOS bit, can significantly improve interactivity |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1009 over some links. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1010 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1011 - Added client keyboard-interactive mode support, allows operation with |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1012 newer OpenSSH servers in default config. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1013 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1014 - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1015 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1016 - Improve logging of assertions |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1017 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1018 - Added aes-256 cipher and sha1-96 hmac. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1019 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1020 - Fix twofish so that it actually works. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1021 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1022 - Improve PAM prompt comparison. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1023 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1024 - Added -g (dbclient) and -a (dropbear server) options to allow |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1025 connections to listening forwarded ports from remote machines. |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1026 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1027 - Various other minor fixes |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1028 |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1029 - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1030 (netinet/in_systm.h needs to be included). |
9b9664204b97
* Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents:
224
diff
changeset
|
1031 |
223 | 1032 0.46 - Sat July 9 2005 |
193 | 1033 |
1034 - Fix long-standing bug which caused connections to be closed if an ssh-agent | |
1035 socket was no longer available | |
1036 | |
220
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1037 - Print a warning if we seem to be blocking on /dev/random |
193 | 1038 (suggested by Paul Fox) |
1039 | |
220
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1040 - Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch) |
193 | 1041 |
1042 - dbclient -L no longer segfaults, allocate correct buffer size (thanks | |
220
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1043 to David Cook for reporting it, and Christopher Faylor for independently |
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1044 sending in a patch) |
193 | 1045 |
223 | 1046 - Added RSA blinding to signing code (suggested by Dan Kaminsky) |
193 | 1047 |
220
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1048 - Rearranged bignum reading/random generation code |
193 | 1049 |
1050 - Reset the non-blocking status on stderr and stdout as well as stdin, | |
1051 fixes a problem where the shell running dbclient will exit (thanks to | |
1052 Brent Roman for reporting it) | |
1053 | |
223 | 1054 - Fix so that all file descriptors are closed so the child shell doesn't |
220
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1055 inherit descriptors (thanks to Linden May for the patch) |
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1056 |
223 | 1057 - Change signkey.c to avoid gcc 4 generating incorrect code |
220
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1058 |
224
1dbd2473482f
* ... and a bit more for the CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
223
diff
changeset
|
1059 - After both sides of a file descriptor have been shutdown(), close() |
1dbd2473482f
* ... and a bit more for the CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
223
diff
changeset
|
1060 it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch) |
1dbd2473482f
* ... and a bit more for the CHANGES
Matt Johnston <matt@ucc.asn.au>
parents:
223
diff
changeset
|
1061 |
220
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1062 - Update to LibTomCrypt 1.05 and LibTomMath 0.35 |
9089929fb2b7
* preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents:
193
diff
changeset
|
1063 |
176 | 1064 0.45 - Mon March 7 2005 |
1065 | |
1066 - Makefile no longer appends 'static' to statically linked binaries | |
1067 | |
1068 - Add optional SSH_ASKPASS support to the client | |
1069 | |
1070 - Respect HOST_LOOKUP option | |
1071 | |
1072 - Fix accidentally removed "return;" statement which was removed in 0.44 | |
1073 (causing clients which sent an empty terminal-modes string to fail to | |
1074 connect - including pssh, ssh.com, danger hiptop). (patches | |
1075 independently from Paul Fox, David Horwitt and Sven-Ola Tuecke) | |
1076 | |
170
a62cb364f615
Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
1077 - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient |
a62cb364f615
Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
1078 will work with scp. |
a62cb364f615
Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
Matt Johnston <matt@ucc.asn.au>
parents:
161
diff
changeset
|
1079 |
161 | 1080 0.44 - Mon Jan 3 2005 |
1081 | |
1082 - SECURITY: Fix for PAM auth so that usernames are logged and conversation | |
1083 function responses are allocated correctly - all 0.44test4 users with PAM | |
1084 compiled in (not default) are advised to upgrade. | |
1085 | |
1086 - Fix calls to getnameinfo() for compatibility with Solaris | |
1087 | |
1088 - Pristine compilation works (run 'configure' from a fresh dir and make it | |
1089 there) | |
1090 | |
1091 - Fixes for compiling with most options disabled. | |
1092 | |
1093 - Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32 | |
1094 | |
1095 - Make sure that zeroing out of values in LTM and LTC won't get optimised away | |
1096 | |
1097 - Removed unused functions from loginrec.c | |
1098 | |
1099 - /dev/random is now the default entropy source rather than /dev/urandom | |
1100 | |
1101 - Logging of IPs in auth success/failure messages for improved greppability | |
134 | 1102 |
1103 - Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile | |
1104 properly) | |
1105 | |
1106 - Avoid a race in server shell-handling code which prevents the exit-code | |
161 | 1107 from being returned to the client in some circumstances. |
134 | 1108 |
1109 - Makefile modified so that install target works correctly (doesn't try | |
1110 to install "all" binary) - patch from Juergen Daubert | |
1111 | |
161 | 1112 - Various minor fixes and compile warnings. |
1113 | |
1114 0.44test4 - Tue Sept 14 2004 21:15:54 +0800 | |
124 | 1115 |
1116 - Fix inetd mode so it actually loads the hostkeys (oops) | |
1117 | |
1118 - Changed DROPBEAR_DEFPORT properly everywhere | |
1119 | |
1120 - Fix a small memory leak in the auth code | |
1121 | |
1122 - WCOREDUMP is only used on systems which support it (ie not cygwin or AIX) | |
1123 | |
1124 - Check (and fail for) cases when we can't negotiate algorithms with the | |
1125 remote side successfully (rather than bombing out ungracefully) | |
1126 | |
1127 - Handle authorized_keys files without a terminating newline | |
1128 | |
1129 - Fiddle the channel receive window size for possibly better performance | |
1130 | |
1131 - Added in the PAM authentication code (finally! thanks to Martin Carlsson) | |
1132 | |
111
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1133 0.44test3 - Fri Aug 27 22:20:54 +0800 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1134 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1135 - Fixed a bunch of warnings. |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1136 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1137 - scp works correctly when passed a username (fix for the dbclient program |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1138 itself as well, "-lmatt" works as well as "-l matt"). |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1139 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1140 - Remove unrequired debian files |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1141 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1142 - Exit with the remote process's return code for dbclient |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1143 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1144 - Display stderr messages from the server in the client |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1145 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1146 - Add circular buffering to the channel code. This should dramatically reduce |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1147 the amount of backtraffic sent in response to traffic incoming to the |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1148 Dropbear end - improves high-latency performance (ie dialup). |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1149 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1150 - Various other related channel-handling fixups. |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1151 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1152 - Allow leading lines in the banner when connecting to servers |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1153 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1154 - Fixed printing out errors onto the network socket with stderr (for inetd |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1155 mode when using xinetd) |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1156 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1157 - Remove obselete documentation |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1158 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1159 - Fix a null-pointer exception when trying to free non-existant listeners |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1160 at cleanup. |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1161 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1162 - DEBUG_TRACE now only works if you add "-v" to the program commandline |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1163 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1164 - Don't leave stdin non-blocking on exit - this caused the parent shell |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1165 of dbclient to close when dbclient exited, for some shells in BusyBox |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1166 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1167 - Server connections no longer timeout after 5 minutes |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1168 |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1169 - Fixed stupid DSS hostkey typo (server couldn't load host keys) |
88e0a1ad951a
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
90
diff
changeset
|
1170 |
90
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1171 0.44test2 - Tues Aug 17 2004 17:43:54 +0800 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1172 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1173 - Fix up dropbearmulti targets in the Makefile - symlinks are now created |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1174 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1175 - Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1176 allows them to work on platforms without a native getaddrinfo() |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1177 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1178 - Create ~/.ssh/known_hosts properly if it doesn't exist |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1179 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1180 - Fix basename() function prototype |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1181 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1182 - Backport some local changes (more #ifdefs for termcodes.c, a fix for missing |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1183 defines on AIX). |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1184 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1185 - Let dbclient be run as "ssh" |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1186 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1187 - Initialise mp_ints by default |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1188 |
c2ac796b130e
merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents:
78
diff
changeset
|
1189 0.44test1 - Sun Aug 16 2005 17:43:54 +0800 |
78 | 1190 |
1191 - TESTING RELEASE - this is the first public release of the client codebase, | |
1192 so there are sure to be bugs to be found. In addition, if you're just using | |
1193 the server portion, the final binary size probably will increase - I'll | |
1194 be trying to get it back down in future releases. | |
1195 | |
1196 - Dropbear client added - lots of changes to the server code as well to | |
1197 generalise things | |
1198 | |
1199 - IPv6 support added for client, server, and forwarding | |
1200 | |
1201 - New makefile with more generic support for multiple-program binaries | |
1202 | |
69 | 1203 0.43 - Fri Jul 16 2004 17:44:54 +0800 |
1204 | |
1205 - SECURITY: Don't try to free() uninitialised variables in DSS verification | |
1206 code. Thanks to Arne Bernin for pointing out this bug. This is possibly | |
1207 exploitable, all users with DSS and pubkey-auth compiled in are advised to | |
830 | 1208 upgrade. CVE-2004-2486 |
69 | 1209 |
1210 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. | |
1211 | |
1212 - Don't go into an infinite loop when portforwarding to servers which don't | |
1213 send any initial data/banner. Patch from Nikola Vladov | |
1214 | |
1215 - Fix for network vs. host byte order in logging remote TCP ports, also | |
1216 from Gerrit Pape. | |
1217 | |
1218 - Initialise many pointers to NULL, for general safety. Also checked cleanup | |
1219 code for mp_ints (related to security issues above). | |
1220 | |
1221 0.42 - Wed Jun 16 2004 12:44:54 +0800 | |
1222 | |
1223 - Updated to Gerrit Pape's official Debian subdirectory | |
1224 | |
1225 - Fixed bad check when opening /dev/urandom - thanks to Danny Sung. | |
1226 | |
1227 - Added -i inetd mode flag, and associated options in options.h . Dropbear | |
1228 can be compiled with either normal mode, inetd, or both modes. Thanks | |
1229 to Gerrit Pape for basic patch and motivation. | |
1230 | |
1231 - Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill | |
1232 Sommerfield. | |
1233 | |
1234 - Fixed a TCP forwarding (client-local, -L style) bug which caused the whole | |
1235 session to close if the TCP connection failed. Thanks to Andrew Braund for | |
1236 reporting it and helping track it down. | |
1237 | |
1238 - Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some | |
1239 suggestions, and BSD manpages for a clearer explanation of the behaviour. | |
1240 | |
1241 - Added manpages, thanks to Gerrit Pape. | |
1242 | |
1243 - Changed license text for LibTomCrypt and LibTomMath. | |
1244 | |
1245 - Added strip-static target | |
1246 | |
1247 - Fixed a bug in agent-forwarding cleanup handler - would segfault | |
1248 (dereferencing a null pointer) if agent forwarding had failed. | |
1249 | |
1250 - Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will | |
1251 work. Thanks to Dr. Markus Waldeck for the report. | |
1252 | |
1253 - Fixed local port forwarding code so that the "-j" option will make forwarding | |
1254 attempts fail more gracefully. | |
1255 | |
1256 - Allow repeated requests in a single session if previous ones fail - this fixes PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it | |
1257 isn't available. Thanks to Stirling Westrup for the report. | |
1258 | |
1259 - Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses | |
1260 smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in | |
1261 options.h, leading to a significant reduction in the binary size. | |
1262 | |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1263 0.41 - Mon Jan 19 2004 22:40:19 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1264 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1265 - Fix in configure so that cross-compiling works, thanks to numerous people for |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1266 reporting and testing |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1267 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1268 - Terminal mode parsing now handles empty terminal mode strings (sent by |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1269 Windows ssh.com clients), thanks to Ricardo Derbes for the report |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1270 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1271 - Handling is improved for users with no shell specified in /etc/passwd, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1272 thanks again to Ricardo Derbes |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1273 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1274 - Fix for compiling with --disable-syslog, thanks to gordonfh |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1275 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1276 - Various minor fixes allow scp to work with irix, thanks to Paul Marinceu for |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1277 fixing it up |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1278 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1279 - Use <stropts.h> not <sys/stropts.h>, since the former seems more common |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1280 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1281 0.40 - Tue Jan 13 2004 21:05:19 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1282 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1283 - Remote TCP forwarding (-R) style implemented |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1284 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1285 - Local and remote TCP forwarding can each be disabled at runtime (-k and -j |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1286 switches) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1287 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1288 - Fix for problems detecting openpty() with uClibc - many thanks to various |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1289 people for reporting and testing fixes, including (in random order) Cristian |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1290 Ionescu-Idbohrn, James Ewing, Steve Dover, Thomas Lundquist and Frederic |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1291 Lavernhe |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1292 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1293 - Improved portability for IRIX, thanks to Paul Marinceu |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1294 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1295 - AIX and HPUX portability fixes, thanks to Darren Tucker for patches |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1296 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1297 - prngd should now work correctly, thanks to Darren Tucker for the patch |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1298 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1299 - scp compilation on systems without strlcpy() is fixed, thanks to Peter |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1300 Jannesen and David Muse for reporting it (independently and simultaneously :) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1301 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1302 - Merged in new LibTomCrypt 0.92 and LibTomMath 0.28 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1303 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1304 0.39 - Tue Dec 16 2003 15:19:19 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1305 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1306 - Better checking of key lengths and parameters for DSS and RSA auth |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1307 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1308 - Print fingerprint of keys used for pubkey auth |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1309 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1310 - More consistent logging of usernames and IPs |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1311 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1312 - Added option to disable password auth (or just for root) at runtime |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1313 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1314 - Avoid including bignum functions which don't give much speed benefit but |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1315 take up binary size |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1316 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1317 - Added a stripped down version of OpenSSH's scp binary |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1318 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1319 - Added additional supporting functions for Irix, thanks to Paul Marinceu |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1320 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1321 - Don't check for unused libraries in configure script |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1322 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1323 - Removed trailing comma in algorithm lists (thanks to Mihnea Stoenescu) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1324 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1325 - Fixed up channel close handling, always send close packet in response |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1326 (also thanks to Mihnea Stoenescu) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1327 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1328 - Various makefile improvements for cross-compiling, thanks to Friedrich |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1329 Lobenstock and Mihnea Stoenescu |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1330 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1331 - Use daemon() function if available (or our own copy) rather than separate |
789 | 1332 code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1333 Blackham for his suggestion on what to look at) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1334 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1335 - Fixed up support for first_kex_packet_follows, required to talk to ssh.com |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1336 clients. Thanks to Marian Stagarescu for the bug report. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1337 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1338 - Avoid using MAXPATHLEN, pointer from Ian Morris |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1339 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1340 - Improved input sanity checking |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1341 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1342 0.38 - Sat Oct 11 2003 16:28:13 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1343 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1344 - Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1345 rather than /etc/dropbear_{rsa,dss}_host_key |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1346 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1347 - Added SMALL and MULTI text files which have info on compiling for multiple |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1348 binaries or small binaries |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1349 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1350 - Allow for commandline definition of some options.h settings |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1351 (without warnings) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1352 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1353 - Be more careful handling EINTR |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1354 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1355 - More fixes for channel closing |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1356 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1357 - Added multi-binary support |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1358 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1359 - Improved logging of IPs, now get logged in all cases |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1360 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1361 - Don't chew cpu when waiting for version identification string, also |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1362 make sure that we kick off people if they don't auth within 5 minutes. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1363 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1364 - Various small fixes, warnings etc |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1365 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1366 - Display MOTD if requested - suggested by |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1367 Trent Lloyd <lathiat at sixlabs.org> and |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1368 Zach White <zwhite at darkstar.frop.org> |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1369 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1370 - sftp support works (relies on OpenSSH sftp binary or similar) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1371 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1372 - Added --disable-shadow option (requested by the floppyfw guys) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1373 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1374 0.37 - Wed Sept 24 2003 19:42:12 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1375 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1376 - Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1377 AIX, BSDs |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1378 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1379 - Updated LibTomMath to 0.27 and LibTomCrypt to 0.90 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1380 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1381 - Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1382 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1383 - Added some small changes so it'll work with AIX (plus Linux Affinity). |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1384 Thanks to Shig for them. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1385 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1386 - Improved the closing messages, so a clean exit is "Exited normally" |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1387 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1388 - Added some more robust integer/size checking in buffer.c as a backstop for |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1389 integer overflows |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1390 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1391 - X11 forwarding fixed for OSX, path for xauth changed to /usr/X11R6/bin/xauth |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1392 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1393 - Channel code handles closing more nicely, doesn't sit waiting for an extra |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1394 keystroke on BSD/OSX platforms, and data is flushed fully before closing |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1395 child processes (thanks to |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1396 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> for |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1397 pointing that out). |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1398 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1399 - Changed "DISABLE_TCPFWD" to "ENABLE_TCPFWD" (and for x11/auth) so |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1400 "disable DISABLE_TCPWD" isn't so confusing. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1401 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1402 - Fix authorized_keys handling (don't crash on too-long keys, and |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1403 use fgetc not getc to avoid strange macro-related issues), thanks to |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1404 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1405 and Steve Rodgers <hwstar at cox.net> for reporting and testing. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1406 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1407 - Fixes to the README with regard to uClibc systems, thanks to |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1408 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1409 as well as general improvements to documentation (split README/INSTALL) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1410 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1411 - Fixed up some compilation problems with dropbearconvert/dropbearkey if |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1412 DSS or RSA were disabled, reported by Patrik Karlsson <patrik at cqure.net> |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1413 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1414 - Fix double-free bug for hostkeys, reported by |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1415 Vincent Sanders <vince at kyllikki.org> |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1416 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1417 - Fix up missing \ns from dropbearconvert help message, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1418 thanks to Mordy Ovits <movits at bloomberg.com> for the patch |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1419 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1420 0.36 - Tue August 19 2003 12:16:23 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1421 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1422 - Fix uninitialised temporary variable in DSS signing code |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1423 (thanks to Matthew Franz <mdfranz at io.com> for reporting, and the authors |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1424 of Valgrind for making it easy to track down) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1425 - Fix remote version-string parsing error |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1426 (thanks to Bernard Blackham <bernard at blackham.com.au> for noticing) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1427 - Improved host-algorithm-matching algorithm in algo.c |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1428 - Decreased MAX_STRING_LEN to a more realistic value |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1429 - Fix incorrect version (0.34) in this CHANGES file for the previous release. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1430 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1431 0.35 - Sun August 17 2003 05:37:47 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1432 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1433 - Fix for remotely exploitable format string buffer overflow. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1434 (thanks to Joel Eriksson <je at bitnux.com>) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1435 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1436 0.34 - Fri August 15 2003 15:10:00 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1437 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1438 - Made syslog optional, both at compile time and as a compile option |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1439 (suggested by Laurent Bercot <ska at skarnet.org>) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1440 - Fixup for bad base64 parsing in authorized_keys |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1441 (noticed by Davyd Madeley <davyd at zdlcomputing.com>) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1442 - Added initial tcp forwarding code, only -L (local) at this stage |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1443 - Improved "make install" with DESTDIR and changing ownership seperately, |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1444 don't check for setpgrp on Linux for crosscompiling. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1445 (from Erik Andersen <andersen at codepoet.org>) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1446 - More commenting, fix minor compile warnings, make return values more |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1447 consistent etc |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1448 - Various signedness fixes |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1449 - Can listen on multiple ports |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1450 - added option to disable openpty with configure script, |
789 | 1451 (from K.-P. Kirchdörfer <kapeka at epost.de>) |
4
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1452 - Various cleanups to bignum code |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1453 (thanks to Tom St Denis <tomstdenis at iahu.ca>) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1454 - Fix compile error when disabling RSA |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1455 (from Marc Kleine-Budde <kleine-budde at gmx.de>) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1456 - Other cleanups, splitting large functions for packet and kex handling etc |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1457 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1458 0.33 - Sun June 22 2003 22:24:12 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1459 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1460 - Fixed some invalid assertions in the channel code, fixing the server dying |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1461 when forwarding X11 connections. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1462 - Add dropbearconvert to convert to/from OpenSSH host keys and Dropbear keys |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1463 - RSA keys now keep p and q parameters for compatibility -- old Dropbear keys |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1464 still work, but can't be converted to OpenSSH etc. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1465 - Debian packaging directory added, thanks to |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1466 Grahame (grahame at angrygoats.net) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1467 - 'install' target added to the makefile |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1468 - general tidying, improve consistency of functions etc |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1469 - If RSA or DSS hostkeys don't exist, that algorithm won't be used. |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1470 - Improved RSA and DSS key generation, more efficient and fixed some minor bugs |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1471 (thanks to Tom St Denis for the advice) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1472 - Merged new versions of LibTomCrypt (0.86) and LibTomMath (0.21) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1473 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1474 0.32 - Sat May 24 2003 12:44:11 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1475 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1476 - Don't compile unused code from libtomcrypt (test vectors etc) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1477 - Updated to libtommath 0.17 and libtomcrypt 0.83. New libtommath results |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1478 in smaller binary size, due to not linking unrequired code |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1479 - X11 forwarding added |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1480 - Agent forwarding added (for OpenSSH.com ssh client/agent) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1481 - Fix incorrect buffer freeing when banners are used |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1482 - Hostname resolution works |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1483 - Various minor bugfixes/code size improvements etc |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1484 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1485 0.31 - Fri May 9 2003 17:57:16 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1486 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1487 - Improved syslog messages - IP logging etc |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1488 - Strip control characters from log messages (specified username currently) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1489 - Login recording (utmp/wtmp) support, so last/w/who work - taken from OpenSSH |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1490 - Shell is started as a proper login shell, so /etc/profile etc is sourced |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1491 - Ptys work on Solaris (2.8 x86 tested) now |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1492 - Fixed bug in specifying the rsa hostkey |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1493 - Fixed bug in compression code, could trigger if compression resulted in |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1494 larger output than input (uncommon but possible). |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1495 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1496 0.30 - Thu Apr 17 2003 18:46:15 +0800 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1497 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1498 - SECURITY: buffer.c had bad checking for buffer increment length - fixed |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1499 - channel code now closes properly on EOF - scp processes don't hang around |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1500 - syslog support added - improved auth/login/failure messages |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1501 - general code tidying, made return codes more consistent |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1502 - Makefile fixed for dependencies and makes libtomcrypt as well |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1503 - Implemented sending SSH_MSG_UNIMPLEMENTED :) |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1504 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1505 0.29 - Wed Apr 9 2003 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1506 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1507 - Fixed a stupid bug in 0.28 release, 'newstr = strdup(oldstr)', |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1508 not 'newstr=oldstr' |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1509 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1510 0.28 - Sun Apr 6 2003 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1511 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1512 - Initial public release |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1513 |
fe6bca95afa7
Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff
changeset
|
1514 Development was started in October 2002 |