annotate CHANGES @ 1902:4a6725ac957c

Revert "Don't include sk keys at all in KEX list" This reverts git commit f972813ecdc7bb981d25b5a63638bd158f1c8e72. The sk algorithms need to remain in the sigalgs list so that they are included in the server-sig-algs ext-info message sent by the server. RFC8308 for server-sig-algs requires that all algorithms are listed (though OpenSSH client 8.4p1 tested doesn't require that)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 24 Mar 2022 13:42:08 +0800
parents 4b984c42372d
children 284c3837891c
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1761
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
1 2020.81 - 29 October 2020
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
2
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
3 - Fix regression in 2020.79 which prevented connecting with some SSH
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
4 implementations. Increase MAX_PROPOSED_ALGO to 50, and print a log
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
5 message if the limit is hit. This fixes interoperability with sshj
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
6 library (used by PyCharm), and GoAnywhere.
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
7 Reported by Pirmin Walthert and Piotr Jurkiewicz
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
8
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
9 - Fix building with non-GCC compilers, reported by Kazuo Kuroi
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
10
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
11 - Fix potential long delay in dbclient, found by OSS Fuzz
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
12
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
13 - Fix null pointer dereference crash, found by OSS Fuzz
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
14
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
15 - libtommath now uses the same random source as Dropbear (in 2020.79
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
16 and 2020.80 used getrandom() separately)
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
17
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
18 - Some fuzzing improvements, start of a dbclient fuzzer
4b984c42372d Changelog for 2020.81
Matt Johnston <matt@ucc.asn.au>
parents: 1737
diff changeset
19
1731
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
20 2020.80 - 26 June 2020
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
21
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
22 - Don't block authorized_keys logins with no-X11-forwarding or no-agent-forwarding
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
23 restrictions when X11 or agent forwarding are disabled at compile time.
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
24 This is more of a problem now X11 is disabled by default, reported by Guilhem Moulin
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
25
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
26 - Reduce binary size by 4kB (x64) when using bundled libtommath
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
27
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
28 - Define GNU_SOURCE for getrandom() on uclibc, reported by Laurent Bercot and
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
29 Fabrice Fontaine
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
30
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
31 - Improve checking libtomcrypt version compatibility
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
32
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
33 - Add some style notes to DEVELOPING.md
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
34
1719
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
35 2020.79 - 15 June 2020
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
36
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
37 - Support ed25519 hostkeys and authorized_keys, many thanks to Vladislav Grishenko.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
38 This also replaces curve25519 with a TweetNaCl implementation that reduces code size.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
39
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
40 - Add chacha20-poly1305 authenticated cipher. This will perform faster than AES
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
41 on many platforms. Thanks to Vladislav Grishenko
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
42
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
43 - Support using rsa-sha2 signatures. No changes are needed to hostkeys/authorized_keys
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
44 entries, existing RSA keys can be used with the new signature format (signatures
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
45 are ephemeral within a session). Old ssh-rsa signatures will no longer
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
46 be supported by OpenSSH in future so upgrading is recommended.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
47
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
48 - Use getrandom() call on Linux to ensure sufficient entropy has been gathered at startup.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
49 Dropbear now avoids reading from the random source at startup, instead waiting until
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
50 the first connection. It is possible that some platforms were running without enough
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
51 entropy previously, those could potentially block at first boot generating host keys.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
52 The dropbear "-R" option is one way to avoid that.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
53
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
54 - Upgrade libtomcrypt to 1.18.2 and libtommath to 1.2.0, many thanks to Steffen Jaeckel for
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
55 updating Dropbear to use the current API. Dropbear's configure script will check
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
56 for sufficient system library versions, otherwise using the bundled versions.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
57
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
58 - CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by default.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
59 They can be set in localoptions.h if required.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
60 Blowfish has been removed.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
61
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
62 - Support AES GCM, patch from Vladislav Grishenko. This is disabled by default,
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
63 Dropbear doesn't currently use hardware accelerated AES.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
64
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
65 - Added an API for specifying user public keys as an authorized_keys replacement.
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
66 See pubkeyapi.h for details, thanks to Fabrizio Bertocci
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
67
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
68 - Fix idle detection clashing with keepalives, thanks to jcmathews
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
69
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
70 - Include IP addresses in more early exit messages making it easier for fail2ban
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
71 processing. Patch from Kevin Darbyshire-Bryant
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
72
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
73 - scp fix for CVE-2018-20685 where a server could modify name of output files
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
74
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
75 - SSH_ORIGINAL_COMMAND is set for "dropbear -c" forced command too
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
76
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
77 - Fix writing key files on systems without hard links, from Matt Robinson
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
78
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
79 - Compatibility fixes for IRIX from Kazuo Kuroi
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
80
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
81 - Re-enable printing MOTD by default, was lost moving from options.h. Thanks to zciendor
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
82
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
83 - Call fsync() is called on parent directory when writing key files to ensure they are flushed
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
84
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
85 - Fix "make install" for manpages in out-of-tree builds, from Gabor Z. Papp
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
86
1731
cddc90de1b6f update CHANGES for 2020.80
Matt Johnston <matt@ucc.asn.au>
parents: 1719
diff changeset
87 - Some notes are added in DEVELOPING.md
1719
25b0ce1936c4 changelog for 2020.79
Matt Johnston <matt@ucc.asn.au>
parents: 1650
diff changeset
88
1650
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
89 2019.78 - 27 March 2019
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
90
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
91 - Fix dbclient regression in 2019.77. After exiting the terminal would be left
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
92 in a bad state. Reported by Ryan Woodsmall
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
93
1646
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
94 2019.77 - 23 March 2019
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
95
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
96 - Fix server -R option with ECDSA - only advertise one key size which will be accepted.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
97 Reported by Peter Krefting, 2018.76 regression.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
98
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
99 - Fix server regression in 2018.76 where multiple client -R forwards were all forwarded
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
100 to the first destination. Reported by Iddo Samet.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
101
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
102 - Make failure delay more consistent to avoid revealing valid usernames, set server password
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
103 limit of 100 characters. Problem reported by usd responsible disclosure team
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
104
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
105 - Change handling of failed authentication to avoid disclosing valid usernames,
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
106 CVE-2018-15599.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
107
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
108 - Fix dbclient to reliably return the exit code from the remote server.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
109 Reported by W. Mike Petullo
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
110
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
111 - Fix export of 521-bit ECDSA keys, from Christian Hohnstädt
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
112
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
113 - Add -o Port=xxx option to work with sshfs, from xcko
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
114
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
115 - Merged fuzzing code, see FUZZER-NOTES.md
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
116
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
117 - Add a DROPBEAR_SVR_MULTIUSER=0 compile option to run on
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
118 single-user Linux kernels (CONFIG_MULTIUSER disabled). From Patrick Stewart
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
119
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
120 - Increase allowed username to 100 characters, reported by W. Mike Petullo
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
121
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
122 - Update config.sub and config.guess, should now work with RISC-V
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
123
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
124 - Cygwin compile fix from karel-m
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
125
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
126 - Don't require GNU sed (accidentally in 2018.76), reported by Samuel Hsu
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
127
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
128 - Fix for IRIX and writev(), reported by Kazuo Kuroi
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
129
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
130 - Other fixes and cleanups from François Perrad, Andre McCurdy, Konstantin Demin,
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
131 Michael Jones, Pawel Rapkiewicz
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
132
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
133
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
134 2018.76 - 27 February 2018
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
135
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
136 > > > Configuration/compatibility changes
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
137 IMPORTANT
1565
2fd52c383163 mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1552
diff changeset
138 Custom configuration is now specified in localoptions.h rather than options.h
1524
d35cf9a5e0b5 rename default_options.h.in in docs too
Matt Johnston <matt@ucc.asn.au>
parents: 1520
diff changeset
139 Available options and defaults can be seen in default_options.h
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
140
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
141 To migrate your configuration, compare your customised options.h against the
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
142 upstream options.h from your relevant version. Any customised options should
1565
2fd52c383163 mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1552
diff changeset
143 be put in localoptions.h in the build directory.
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
144
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
145 - "configure --enable-static" should now be used instead of "make STATIC=1"
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
146 This will avoid 'hardened build' flags that conflict with static binaries
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
147
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
148 - Set 'hardened build' flags by default if supported by the compiler.
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
149 These can be disabled with configure --disable-harden if needed.
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
150 -Wl,-pie
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
151 -Wl,-z,now -Wl,-z,relro
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
152 -fstack-protector-strong
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
153 -D_FORTIFY_SOURCE=2
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
154 # spectre v2 mitigation
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
155 -mfunction-return=thunk
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
156 -mindirect-branch=thunk
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
157
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
158 Spectre patch from Loganaden Velvindron
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
159
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
160 - "dropbear -r" option for hostkeys no longer attempts to load the default
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
161 hostkey paths as well. If desired these can be specified manually.
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
162 Patch from CamVan Nguyen
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
163
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
164 - group1-sha1 key exchange is disabled in the server by default since
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
165 the fixed 1024-bit group may be susceptible to attacks
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
166
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
167 - twofish ciphers are now disabled in the default configuration
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
168
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
169 - Default generated ECDSA key size is now 256 (rather than 521)
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
170 for better interoperability
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
171
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
172 - Minimum RSA key length has been increased to 1024 bits
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
173
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
174 > > > Other features and fixes
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
175
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
176 - Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
177
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
178 - Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
179 See dbclient manpage for a socat example. Patch from Harald Becker
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
180
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
181 - Add "-c forced_command" option. Patch from Jeremy Kerr
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
182
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
183 - Restricted group -G option added with patch from stellarpower
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
184
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
185 - Support server-chosen TCP forwarding ports, patch from houseofkodai
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
186
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
187 - Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
188 Patch from houseofkodai
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
189
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
190 - Makefile will now rebuild object files when header files are modified
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
191
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
192 - Add group14-256 and group16 key exchange options
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
193
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
194 - curve25519-sha256 also supported without @libssh.org suffix
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
195
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
196 - Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
197 This fixes building with some recent versions of clang
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
198
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
199 - Set PAM_RHOST which is needed by modules such as pam_abl
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
200
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
201 - Improvements to DSS and RSA public key validation, found by OSS-Fuzz.
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
202
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
203 - Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
204
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
205 - Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
206
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
207 - Numerous code cleanups and small issues fixed by Francois Perrad
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
208
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
209 - Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
210 platforms. Reported by Oliver Schneider and Andrew Bainbridge
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
211
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
212 - Fix some platform portability problems, from Ben Gardner
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
213
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
214 - Add EXEEXT filename suffix for building dropbearmulti, from William Foster
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
215
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
216 - Support --enable-<option> properly for configure, from Stefan Hauser
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
217
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
218 - configure have_openpty result can be cached, from Eric Bénard
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
219
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
220 - handle platforms that return close() < -1 on failure, from Marco Wenzel
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
221
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
222 - Build and configuration cleanups from Michael Witten
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
223
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
224 - Fix libtomcrypt/libtommath linking order, from Andre McCurdy
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
225
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
226 - Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
227
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
228 - Update curve25519-donna implementation to current version
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
229
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
230 2017.75 - 18 May 2017
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
231
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
232 - Security: Fix double-free in server TCP listener cleanup
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
233 A double-free in the server could be triggered by an authenticated user if
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
234 dropbear is running with -a (Allow connections to forwarded ports from any host)
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
235 This could potentially allow arbitrary code execution as root by an authenticated user.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
236 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
237 CVE-2017-9078 https://hg.ucc.asn.au/dropbear/rev/c8114a48837c
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
238
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
239 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
240 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
241 is to switch to user permissions when opening authorized_keys
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
242
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
243 A user could symlink their ~/.ssh/authorized_keys to a root-owned file they
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
244 couldn't normally read. If they managed to get that file to contain valid
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
245 authorized_keys with command= options it might be possible to read other
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
246 contents of that file.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
247 This information disclosure is to an already authenticated user.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
248 Thanks to Jann Horn of Google Project Zero for reporting this.
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
249 CVE-2017-9079 https://hg.ucc.asn.au/dropbear/rev/0d889b068123
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
250
1339
c31276613181 fix changelog for atomic dropbearkey
Matt Johnston <matt@ucc.asn.au>
parents: 1337
diff changeset
251 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
252 Thanks to Andrei Gherzan for a patch
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
253
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
254 - Fix out of tree builds with bundled libtom
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
255 Thanks to Henrik Nordström and Peter Krefting for patches.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
256
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
257 2016.74 - 21 July 2016
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
258
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
259 - Security: Message printout was vulnerable to format string injection.
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
260
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
261 If specific usernames including "%" symbols can be created on a system
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
262 (validated by getpwnam()) then an attacker could run arbitrary code as root
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
263 when connecting to Dropbear server.
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
264
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
265 A dbclient user who can control username or host arguments could potentially
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
266 run arbitrary code as the dbclient user. This could be a problem if scripts
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
267 or webpages pass untrusted input to the dbclient program.
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
268 CVE-2016-7406
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
269 https://hg.ucc.asn.au/dropbear/rev/b66a483f3dcb
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
270
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
271 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
272 the local dropbearconvert user when parsing malicious key files
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
273 CVE-2016-7407
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
274 https://hg.ucc.asn.au/dropbear/rev/34e6127ef02e
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
275
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
276 - Security: dbclient could run arbitrary code as the local dbclient user if
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
277 particular -m or -c arguments are provided. This could be an issue where
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
278 dbclient is used in scripts.
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
279 CVE-2016-7408
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
280 https://hg.ucc.asn.au/dropbear/rev/eed9376a4ad6
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
281
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
282 - Security: dbclient or dropbear server could expose process memory to the
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
283 running user if compiled with DEBUG_TRACE and running with -v
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
284 CVE-2016-7409
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
285 https://hg.ucc.asn.au/dropbear/rev/6a14b1f6dc04
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
286
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
287 The security issues were reported by an anonymous researcher working with
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
288 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
289
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
290 - Fix port forwarding failure when connecting to domains that have both
1313
0ed3d2bbf956 mention regression release
Matt Johnston <matt@ucc.asn.au>
parents: 1311
diff changeset
291 IPv4 and IPv6 addresses. The bug was introduced in 2015.68
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
292
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
293 - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
294 for the patch
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
295
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
296
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
297 2016.73 - 18 March 2016
1253
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
298
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
299 - Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
300
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
301 - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
302
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
303 - Option to exit when a TCP forward fails, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
304
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
305 - New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
306 in the style of OpenSSH, though implementing all OpenSSH options is not planned.
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
307
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
308 - Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
1253
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
309
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
310 - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
311
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
312 - Various cleanups for issues found by a lint tool, patch from Francois Perrad
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
313
1253
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
314 - Fix tab indent consistency, patch from Francois Perrad
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
315
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
316 - Fix issues found by cppcheck, reported by Mike Tzou
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
317
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
318 - Use system memset_s() or explicit_bzero() if available to clear memory. Also make
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
319 libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
320
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
321 - Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
322
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
323 - Improved Travis CI test running, thanks to Mike Tzou
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
324
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
325 - Improve some code that was flagged by Coverity and Fortify Static Code Analyzer
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
326
1230
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
327 2016.72 - 9 March 2016
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
328
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
329 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
1279
f107cef4be68 add CVE
Matt Johnston <matt@ucc.asn.au>
parents: 1253
diff changeset
330 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
331 https://hg.ucc.asn.au/dropbear/rev/a3e8389e01ff
1230
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
332
1200
9a944a243f08 2015.71
Matt Johnston <matt@ucc.asn.au>
parents: 1199
diff changeset
333 2015.71 - 3 December 2015
1198
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
334
1199
1d41a7b8f31c wrong breakage version
Matt Johnston <matt@ucc.asn.au>
parents: 1198
diff changeset
335 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
1198
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
336
1203
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
337 - Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
338 Frank Stollenwerk for reporting and investigation
1198
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
339
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
340 - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
341
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
342 - Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
343 broke in 2015.70
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
344
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
345 - Fix server race condition that could cause sessions to hang on exit,
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
346 https://github.com/robotframework/SSHLibrary/issues/128
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
347
1188
79a6ef02307d Wrong date
Matt Johnston <matt@ucc.asn.au>
parents: 1187
diff changeset
348 2015.70 - 26 November 2015
1187
88fd422cfa11 2015.70
Matt Johnston <matt@ucc.asn.au>
parents: 1178
diff changeset
349
88fd422cfa11 2015.70
Matt Johnston <matt@ucc.asn.au>
parents: 1178
diff changeset
350 - Fix server password authentication on Linux, broke in 2015.69
88fd422cfa11 2015.70
Matt Johnston <matt@ucc.asn.au>
parents: 1178
diff changeset
351
1178
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
352 2015.69 - 25 November 2015
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
353
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
354 - Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
355
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
356 - Avoid hang on session close when multiple sessions are started, affects Qt Creator
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
357 Patch from Andrzej Szombierski
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
358
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
359 - Reduce per-channel memory consumption in common case, increase default
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
360 channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
361 webpages
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
362
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
363 - Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
364
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
365 - Manpage improvements from Guilhem Moulin
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
366
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
367 - Build fixes for Android from Mike Frysinger
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
368
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
369 - Don't display the MOTD when an explicit command is run from Guilhem Moulin
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
370
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
371 - Check curve25519 shared secret isn't zero
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
372
1147
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
373 2015.68 - Saturday 8 August 2015
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
374
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
375 - Reduce local data copying for improved efficiency. Measured 30%
1125
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
376 increase in throughput for connections to localhost
1063
9a5677293671 changes (also testing hg bookmarks)
Matt Johnston <matt@ucc.asn.au>
parents: 1004
diff changeset
377
1147
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
378 - Forwarded TCP ports connect asynchronously and try all available addresses
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
379 (IPv4, IPv6, round robin DNS)
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
380
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
381 - Fix all compile warnings, many patches from Gaël Portay
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
382 Note that configure with -Werror may not be successful on some platforms (OS X)
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
383 and some configuration options may still result in unused variable
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
384 warnings.
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
385
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
386 - Use TCP Fast Open on Linux if available. Saves a round trip at connection
1064
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
387 to hosts that have previously been connected.
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
388 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
1125
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
389 Client side is disabled by default pending further compatibility testing
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
390 with networks and systems.
1064
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
391
1147
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
392 - Increase maximum command length to 9000 bytes
1064
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
393
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
394 - Free memory before exiting, patch from Thorsten Horstmann. Useful for
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
395 Dropbear ports to embedded systems and for checking memory leaks
1147
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
396 with valgrind. Only partially implemented for dbclient.
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
397 This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
1064
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
398
1147
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
399 - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
400 there is a leading slash (~ isn't treated specially)
1125
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
401
1064
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
402 - Fix small ECC memory leaks
0b365b6a6f08 more changes
Matt Johnston <matt@ucc.asn.au>
parents: 1063
diff changeset
403
1125
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
404 - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
1141
63ac2261e1b0 couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents: 1125
diff changeset
405 Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
1125
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
406
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
407 - Twofish-ctr cipher is supported though disabled by default
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
408
1141
63ac2261e1b0 couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents: 1125
diff changeset
409 - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
63ac2261e1b0 couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents: 1125
diff changeset
410 to CL Ouyang
63ac2261e1b0 couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents: 1125
diff changeset
411
1147
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
412 - Fix null pointer crash with restrictions in authorized_keys without a command, patch from
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
413 Guilhem Moulin
1141
63ac2261e1b0 couple more changelog items
Matt Johnston <matt@ucc.asn.au>
parents: 1125
diff changeset
414
1147
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
415 - Ensure authentication timeout is handled while reading the initial banner,
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
416 thanks to CL Ouyang for finding it.
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
417
809feaa9408f changelog and version 2015.68
Matt Johnston <matt@ucc.asn.au>
parents: 1141
diff changeset
418 - Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
1125
7cb1f49d89a8 a bit more changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1064
diff changeset
419
1004
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
420 2015.67 - Wednesday 28 January 2015
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
421
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
422 - Call fsync() after generating private keys to ensure they aren't lost if a
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
423 reboot occurs. Thanks to Peter Korsgaard
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
424
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
425 - Disable non-delayed zlib compression by default on the server. Can be
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
426 enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
427
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
428 - Default client key path ~/.ssh/id_dropbear
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
429
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
430 - Prefer stronger algorithms by default, from Fedor Brunner.
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
431 AES256 over 3DES
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
432 Diffie-hellman group14 over group1
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
433
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
434 - Add option to disable CBC ciphers.
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
435
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
436 - Disable twofish in default options.h
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
437
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
438 - Enable sha2 HMAC algorithms by default, the code was already required
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
439 for ECC key exchange. sha1 is the first preference still for performance.
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
440
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
441 - Fix installing dropbear.8 in a separate build directory, from Like Ma
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
442
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
443 - Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
444
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
445 - Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
446
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
447 - Minor bug fixes, a few issues found by Coverity scan
d63b569a7c86 changes for 2015.67
Matt Johnston <matt@ucc.asn.au>
parents: 979
diff changeset
448
979
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
449 2014.66 - Thursday 23 October 2014
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
450
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
451 - Use the same keepalive handling behaviour as OpenSSH. This will work better
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
452 with some SSH implementations that have different behaviour with unknown
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
453 message types.
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
454
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
455 - Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
456 keepalive message
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
457
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
458 - Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
459
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
460 - Fix wtmp which broke since 2013.62, patch from Whoopie
735511a4c761 changelog, version number bump
Matt Johnston <matt@ucc.asn.au>
parents: 965
diff changeset
461
965
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
462 2014.65 - Friday 8 August 2014
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
463
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
464 - Fix 2014.64 regression, server session hang on exit with scp (and probably
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
465 others), thanks to NiLuJe for tracking it down
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
466
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
467 - Fix 2014.64 regression, clock_gettime() error handling which broke on older
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
468 Linux kernels, reported by NiLuJe
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
469
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
470 - Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
471 wasn't caught
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
472
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
473 - Avoid error message when trying to set QoS on proxycommand or multihop pipes
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
474
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
475 - Use /usr/bin/xauth, thanks to Mike Frysinger
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
476
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
477 - Don't exit the client if the local user entry can't be found, thanks to iquaba
e9579816f20e 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 947
diff changeset
478
947
e4453b367db7 Version 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 942
diff changeset
479 2014.64 - Sunday 27 July 2014
942
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
480
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
481 - Fix compiling with ECDSA and DSS disabled
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
482
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
483 - Don't exit abruptly if too many outgoing packets are queued for writev(). Patch
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
484 thanks to Ronny Meeus
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
485
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
486 - The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval".
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
487 If no response is received after 3 keepalives then the session is terminated. This
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
488 will close connections faster than waiting for a TCP timeout.
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
489
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
490 - Rework TCP priority setting. New settings are
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
491 if (connecting || ptys || x11) tos = LOWDELAY
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
492 else if (tcp_forwards) tos = 0
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
493 else tos = BULK
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
494 Thanks to Catalin Patulea for the suggestion.
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
495
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
496 - Improve handling of many concurrent new TCP forwarded connections, should now
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
497 be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
498 and investigating it.
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
499
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
500 - Make sure that exit messages from the client are printed, regression in 2013.57
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
501
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
502 - Use monotonic clock where available, timeouts won't be affected by system time
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
503 changes
8664fea5072f changes for 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 905
diff changeset
504
947
e4453b367db7 Version 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 942
diff changeset
505 - Add -V for version
e4453b367db7 Version 2014.64
Matt Johnston <matt@ucc.asn.au>
parents: 942
diff changeset
506
900
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
507 2014.63 - Wednesday 19 February 2014
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
508
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
509 - Fix ~. to terminate a client interactive session after waking a laptop
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
510 from sleep.
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
511
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
512 - Changed port separator syntax again, now using host^port. This is because
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
513 IPv6 link-local addresses use %. Reported by Gui Iribarren
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
514
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
515 - Avoid constantly relinking dropbearmulti target, fix "make install"
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
516 for multi target, thanks to Mike Frysinger
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
517
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
518 - Avoid getting stuck in a loop writing huge key files, reported by Bruno
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
519 Thomsen
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
520
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
521 - Don't link dropbearkey or dropbearconvert to libz or libutil,
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
522 thanks to Nicolas Boos
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
523
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
524 - Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
525
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
526 - Avoid crash on exit due to cleaned up keys before last packets are sent,
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
527 debugged by Ronald Wahl
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
528
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
529 - Fix a race condition in rekeying where Dropbear would exit if it received a
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
530 still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
531 This is a longstanding bug but is triggered more easily since 2013.57
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
532
905
f98618496f82 Fix typo in Catalin's name
Matt Johnston <matt@ucc.asn.au>
parents: 900
diff changeset
533 - Fix README for ecdsa keys, from Catalin Patulea
900
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
534
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
535 - Ensure that generated RSA keys are always exactly the length
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
536 requested. Previously Dropbear always generated N+16 or N+15 bit keys.
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
537 Thanks to Unit 193
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
538
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
539 - Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
540 first public key succeeds. Still not enabled by default, needs more
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
541 compatibility testing with other implementations.
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
542
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
543 - Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
544
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
545 - Fix for bad system linux/pkt-sched.h header file with older Linux
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
546 kernels, from Steve Dover
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
547
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
548 - Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
549 and Mark Wickham for independently spotting the same problem.
49ed526daedc CHANGES for 2014.63
Matt Johnston <matt@ucc.asn.au>
parents: 878
diff changeset
550
878
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
551 2013.62 - Tuesday 3 December 2013
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
552
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
553 - Disable "interactive" QoS connection options when a connection doesn't
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
554 have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
555
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
556 - Log when a hostkey is generated with -R, fix some bugs in handling server
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
557 hostkey commandline options
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
558
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
559 - Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
560
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
561 - Update config.guess and config.sub again
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
562
861
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
563 2013.61test - Thursday 14 November 2013
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
564
1433
b19877938d6a document changed default RSA key size back in 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 1345
diff changeset
565 - Default generated RSA key size changed from 1024 to 2048 bits
b19877938d6a document changed default RSA key size back in 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 1345
diff changeset
566
861
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
567 - ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
568 be generated) and ECDH for setting up encryption keys (no intervention
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
569 required). This is significantly faster.
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
570
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
571 - [email protected] support for setting up encryption keys. This is
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
572 another elliptic curve mode with less potential of NSA interference in
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
573 algorithm parameters. curve25519-donna code thanks to Adam Langley
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
574
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
575 - -R option to automatically generate hostkeys. This is recommended for
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
576 embedded platforms since it allows the system random number device
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
577 /dev/urandom a longer startup time to generate a secure seed before the
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
578 hostkey is required.
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
579
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
580 - Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
e894dbc015ba 2013.61test
Matt Johnston <matt@ucc.asn.au>
parents: 830
diff changeset
581
878
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
582 - Make authorized_keys handling more robust, don't exit encountering
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
583 malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
3d1d7d151c0c 2013.62
Matt Johnston <matt@ucc.asn.au>
parents: 861
diff changeset
584
830
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
585 2013.60 - Wednesday 16 October 2013
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
586
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
587 - Fix "make install" so that it doesn't always install to /bin and /sbin
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
588
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
589 - Fix "make install MULTI=1", installing manpages failed
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
590
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
591 - Fix "make install" when scp is included since it has no manpage
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
592
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
593 - Make --disable-bundled-libtom work
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
594
822
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
595 2013.59 - Friday 4 October 2013
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
596
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
597 - Fix crash from -J command
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
598 Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
599
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
600 - Avoid reading too much from /proc/net/rt_cache since that causes
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
601 system slowness.
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
602
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
603 - Improve EOF handling for half-closed connections
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
604 Thanks to Catalin Patulea
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
605
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
606 - Send a banner message to report PAM error messages intended for the user
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
607 Patch from Martin Donnelly
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
608
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
609 - Limit the size of decompressed payloads, avoids memory exhaustion denial
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
610 of service
830
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
611 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
612 https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f
822
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
613
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
614 - Avoid disclosing existence of valid users through inconsistent delays
830
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
615 Thanks to Logan Lamb for reporting. CVE-2013-4434
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
616 https://hg.ucc.asn.au/dropbear/rev/d7784616409a
822
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
617
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
618 - Update config.guess and config.sub for newer architectures
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
619
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
620 - Avoid segfault in server for locked accounts
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
621
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
622 - "make install" now installs manpages
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
623 dropbearkey.8 has been renamed to dropbearkey.1
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
624 manpage added for dropbearconvert
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
625
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
626 - Get rid of one second delay when running non-interactive commands
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
627
32862e8283e7 Version 2013.59
Matt Johnston <matt@ucc.asn.au>
parents: 789
diff changeset
628
786
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
629 2013.58 - Thursday 18 April 2013
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
630
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
631 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
632
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
633 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
634
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
635 - Reject logins for other users when running as non-root, from Hans Harder
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
636
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
637 - Disable client immediate authentication request by default, it prevents
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
638 passwordless logins from working
e76614145aea 2013.58
Matt Johnston <matt@ucc.asn.au>
parents: 776
diff changeset
639
776
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
640 2013.57 - Monday 15 April 2013
775
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
641
776
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
642 - Decreased connection setup time particularly with high latency connections,
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
643 the number of round trips has been reduced for both client and server.
775
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
644 CPU time hasn't been changed.
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
645
776
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
646 - Client will send an initial key exchange guess to save a round trip.
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
647 Dropbear implements an extension [email protected] to allow the first
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
648 packet guess to succeed in wider circumstances than the standard behaviour.
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
649 When communicating with other implementations the standard behaviour is used.
775
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
650
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
651 - Client side: when public key or password authentication with
776
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
652 $DROPBEAR_PASSWORD is used an initial authentication request will
775
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
653 be sent immediately rather than querying the list of available methods.
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
654 This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default),
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
655 please let the Dropbear author know if it causes any interoperability
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
656 problems.
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
657
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
658 - Implement client escape characters ~. (terminate session) and
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
659 ~^Z (background session)
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
660
776
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
661 - Server will more reliably clean up utmp when connection is closed, reported by
789
ea04e3eb03e2 Save with utf8 encoding
Matt Johnston <matt@ucc.asn.au>
parents: 786
diff changeset
662 Mattias Walström
775
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
663
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
664 - Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
665
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
666 - Add "-y -y" client option to skip host key checking, thanks to Hans Harder
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
667
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
668 - scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
669
776
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
670 - Added IUTF8 terminal mode support (Linux and Mac OS). Not standardised yet
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
671 though probably will be soon
775
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
672
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
673 - Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2
776
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
674 enviroment variable is set
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
675
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
676 - Fix using asymmetric MAC algorithms (broke in )
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
677
f7c8b786e595 changelog updates for 2013.57
Matt Johnston <matt@ucc.asn.au>
parents: 775
diff changeset
678 - Renamed configure.in to configure.ac to quieten autoconf, from Mike Frysinger
775
2f1c199b6e4b requirenext fixup for firstkexfollows
Matt Johnston <matt@ucc.asn.au>
parents: 719
diff changeset
679
719
1b8b2b9d6e94 Forgot date in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 718
diff changeset
680 2013.56 - Thursday 21 March 2013
718
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
681
691
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
682 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
683
718
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
684 - Allow using 'none' cipher or MAC (off by default, use options.h). Encryption
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
685 is used during authentication then disabled, similar to OpenSSH HPN mode
691
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
686
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
687 - Allow a user in immediately if the account has a blank password and blank
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
688 passwords are enabled
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
689
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
690 - Include a few extra sources of entropy from /proc on Linux, hash private keys
718
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
691 as well. Dropbear will also write gathered entropy back into /dev/urandom
691
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
692
718
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
693 - Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)
691
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
694
718
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
695 - Don't sent bad address "localhost" for -R forward connections,
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
696 reported by Denis Bider
691
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
697
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
698 - Add "-B" runtime option to allow blank passwords
e698d1a9f428 Some changes since 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 662
diff changeset
699
708
b207d5183bb7 document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents: 691
diff changeset
700 - Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks
b207d5183bb7 document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents: 691
diff changeset
701
789
ea04e3eb03e2 Save with utf8 encoding
Matt Johnston <matt@ucc.asn.au>
parents: 786
diff changeset
702 - A few improvements for Android from Reimar Döffinger
708
b207d5183bb7 document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents: 691
diff changeset
703
b207d5183bb7 document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents: 691
diff changeset
704 - Fix memory leak for TCP forwarded connections to hosts that timed out,
789
ea04e3eb03e2 Save with utf8 encoding
Matt Johnston <matt@ucc.asn.au>
parents: 786
diff changeset
705 reported by Norbert Benczúr. Appears to be a very long-standing bug.
708
b207d5183bb7 document a few more changes
Matt Johnston <matt@ucc.asn.au>
parents: 691
diff changeset
706
718
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
707 - Fix "make clean" for out of tree builds
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
708
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
709 - Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset
9644f50434f1 2013.56 changelog
Matt Johnston <matt@ucc.asn.au>
parents: 708
diff changeset
710
661
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
711 2012.55 - Wednesday 22 February 2012
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
712
662
d354464b2aa6 - Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
713 - Security: Fix use-after-free bug that could be triggered if command="..."
d354464b2aa6 - Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
714 authorized_keys restrictions are used. Could allow arbitrary code execution
d354464b2aa6 - Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
715 or bypass of the command="..." restriction to an authenticated user.
d354464b2aa6 - Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
716 This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
d354464b2aa6 - Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
717 Thanks to Danny Fullerton of Mantor Organization for reporting
d354464b2aa6 - Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
718 the bug.
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
719 https://hg.ucc.asn.au/dropbear/rev/818108bf7749
661
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
720
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
721 - Compile fix, only apply IPV6 socket options if they are available in headers
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
722 Thanks to Gustavo Zacarias for the patch
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
723
662
d354464b2aa6 - Improve CHANGES description
Matt Johnston <matt@ucc.asn.au>
parents: 661
diff changeset
724 - Overwrite session key memory on exit
661
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
725
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
726 - Fix minor memory leak in unusual PAM authentication configurations.
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
727 Thanks to Stathis Voukelatos
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
728
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
729 - Other small code cleanups
c015af8a71cf 2012.55
Matt Johnston <matt@ucc.asn.au>
parents: 636
diff changeset
730
636
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
731 2011.54 - Tuesday 8 November 2011
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
732
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
733 - Building statically works again, broke in 0.53 and 0.53.1
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
734
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
735 - Fix crash when forwarding with -R
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
736
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
737 - Fixed various leaks found by Klocwork analysis software, thanks to them for
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
738 running it
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
739
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
740 - Set IPTOS_LOWDELAY for IPv6, thanks to Dave Taht
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
741
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
742 - Bind to sockets with IPV6_V6ONLY so that it works properly on systems
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
743 regardless of the system-wide setting
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
744
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
745 - Added ALLOW_BLANK_PASSWORD option. Dropbear also now allows public key logins
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
746 to accounts with a blank password. Thanks to Rob Landley
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
747
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
748 - Fixed case where "-K 1" keepalive for dbclient would cause a SSH_MSG_IGNORE
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
749 packet to be sent
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
750
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
751 - Avoid some memory allocations in big number maths routines, improves
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
752 performance slightly
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
753
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
754 - Fix symlink target for installdropbearmulti with DESTDIR set, thanks to
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
755 Scottie Shore
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
756
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
757 - When requesting server allocated remote ports (-R 0:host:port) print a
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
758 message informing what the port is, thanks to Ali Onur Uyar.
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
759
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
760 - New version numbering scheme.
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
761
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
762 Source repository has now migrated to Mercurial at
1737
8b27de2c92ee Change secure.ucc.asn.au/hg to hg.ucc.asn.au
Matt Johnston <matt@ucc.asn.au>
parents: 1731
diff changeset
763 https://hg.ucc.asn.au/dropbear/graph/default
636
3f12086c2ef2 Changelog and version bump for 2011.54
Matt Johnston <matt@ucc.asn.au>
parents: 607
diff changeset
764
607
aa2f51a6b81d Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents: 601
diff changeset
765 0.53.1 - Wednesday 2 March 2011
601
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
766
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
767 - -lcrypt needs to be before object files for static linking
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
768
607
aa2f51a6b81d Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents: 601
diff changeset
769 - Compile fix when both client and agent forwarding are disabled
aa2f51a6b81d Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents: 601
diff changeset
770
aa2f51a6b81d Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents: 601
diff changeset
771 - Fix DROPBEAR_PRNGD_SOCKET mode
aa2f51a6b81d Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents: 601
diff changeset
772
aa2f51a6b81d Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents: 601
diff changeset
773 - Don't allow setting zlib memLevel since it seems buggy
aa2f51a6b81d Update changelog for 0.53.1
Matt Johnston <matt@ucc.asn.au>
parents: 601
diff changeset
774
598
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
775 0.53 - Thurs 24 February 2011
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
776
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
777 - Various performance/memory use improvements
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
778
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
779 - Client agent forwarding now works, using OpenSSH's ssh-agent
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
780
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
781 - Improve robustness of client multihop mode
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
782
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
783 - Fix a prime generation bug in bundled libtommath. This is unlikely to have
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
784 generated any bad keys in the wild.
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
785 See
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
786 https://bugzilla.redhat.com/show_bug.cgi?id=615088
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
787 http://bugs.gentoo.org/show_bug.cgi?id=328383
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
788 http://bugs.gentoo.org/show_bug.cgi?id=328409
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
789
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
790 - Attempt to build against system libtomcrypt/libtommath if available. This
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
791 can be disabled with ./configure --enable-bundled-libtom
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
792
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
793 - Make -K (keepalive) and -I (idle timeout) work together sensibly in the client.
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
794 The idle timeout is no longer reset by SSH_MSG_IGNORE packets.
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
795
601
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
796 - Add diffie-hellman-group14-sha1 key exchange method
2cd89d627adb Updates changelog. Mention diffie-hellman-group14-sha1 in 0.53
Matt Johnston <matt@ucc.asn.au>
parents: 598
diff changeset
797
598
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
798 - Compile fix if ENABLE_CLI_PROXYCMD is disabled
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
799
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
800 - /usr/bin/X11/xauth is now the default path
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
801
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
802 - Client remote forward (-L/-R) arguments now accept a listen address
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
803
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
804 - In uClinux avoid trashing the parent process when a session exits
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
805
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
806 - Blowfish is now disabled by default since it has large memory usage
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
807
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
808 - Add option to change zlib windowbits/memlevel. Use less memory by default
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
809
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
810 - DROPBEAR_SMALL_CODE is now disabled by default
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
811
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
812 - SSH_ORIGINAL_COMMAND environment variable is set by the server when an
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
813 authorized_keys command is specified.
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
814
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
815 - Set SSH_TTY and SSH_CONNECTION environment variables in the server
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
816
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
817 - Client banner is now printed to standard error rather than standard output
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
818
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
819 - Capitalisation in many log messages has been made consistent. This may affect
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
820 scripts that parse logfiles.
7ec26a5b92e7 Changelog for 0.53, bump version
Matt Johnston <matt@ucc.asn.au>
parents: 518
diff changeset
821
518
ce104c8b0be1 - Add a date for the release
Matt Johnston <matt@ucc.asn.au>
parents: 515
diff changeset
822 0.52 - Wed 12 November 2008
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
823
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
824 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
825 standard input/output to a TCP port-forwarded remote host.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
826
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
827 - Add "proxy command" support to dbclient, to allow using a spawned process for
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
828 IO rather than a direct TCP connection. eg
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
829 dbclient remotehost
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
830 is equivalent to
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
831 dbclient -J 'nc remotehost 22' remotehost
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
832 (the hostname is still provided purely for looking up saved host keys)
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
833
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
834 - Combine netcat-alike and proxy support to allow "multihop" connections, with
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
835 comma-separated host syntax. Allows running
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
836
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
837 dbclient user1@host1,user2@host2,user3@host3
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
838
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
839 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
840 like onion-routing. All connections are established from the local machine.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
841 The comma-separated syntax can also be used for scp/rsync, eg
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
842
513
a3748e54273c Idle timeout patch from Farrell Aultman. Needs testing, unsure if server
Matt Johnston <matt@ucc.asn.au>
parents: 510
diff changeset
843 rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
844
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
845 to bounce through a few hosts.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
846
515
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
847 - Add -I "idle timeout" option (contributed by Farrell Aultman)
fe30d2a2d626 - Document idle_timeout
Matt Johnston <matt@ucc.asn.au>
parents: 513
diff changeset
848
510
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
849 - Allow restrictions on authorized_keys logins such as restricting commands
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
850 to be run etc. This is a subset of those allowed by OpenSSH, doesn't
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
851 yet allow restricting source host.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
852
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
853 - Use vfork() for scp on uClinux
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
854
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
855 - Default to PATH=/usr/bin:/bin for shells.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
856
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
857 - Report errors if -R forwarding fails
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
858
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
859 - Add counter mode cipher support, which avoids some security problems with the
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
860 standard CBC mode.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
861
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
862 - Support [email protected] delayed compression for client/server. It can be
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
863 required for the Dropbear server with the '-Z' option. This is useful for
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
864 security as it avoids exposing the server to attacks on zlib by
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
865 unauthenticated remote users, though requires client side support.
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
866
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
867 - options.h has been split into options.h (user-changable) and sysoptions.h
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
868 (less commonly changed)
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
869
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
870 - Support "dbclient -s sftp" to specify a subsystem
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
871
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
872 - Fix a bug in replies to channel requests that could be triggered by recent
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
873 versions of PuTTY
b85507ade010 - Update manuals, include section on authorized_keys
Matt Johnston <matt@ucc.asn.au>
parents: 471
diff changeset
874
471
Matt Johnston <matt@ucc.asn.au>
parents: 468
diff changeset
875 0.51 - Thu 27 March 2008
468
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
876
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
877 - Make a copy of password fields rather erroneously relying on getwpnam()
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
878 to be safe to call multiple times
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
879
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
880 - If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
881 as well) always use that program, ignoring isatty() and $DISPLAY
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
882
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
883 - Wait until a process exits before the server closes a connection, so
471
Matt Johnston <matt@ucc.asn.au>
parents: 468
diff changeset
884 that an exit code can be sent. This fixes problems with exit codes not
Matt Johnston <matt@ucc.asn.au>
parents: 468
diff changeset
885 being returned, which could cause scp to fail.
468
706e234212d0 Mention 0.51-test2 changes
Matt Johnston <matt@ucc.asn.au>
parents: 457
diff changeset
886
455
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
887 0.50 - Wed 8 August 2007
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
888
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
889 - Add DROPBEAR_PASSWORD environment variable to specify a dbclient password
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
890
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
891 - Use /dev/urandom by default, since that's what everyone does anyway
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
892
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
893 - Correct vfork() use for uClinux in scp
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
894 (thanks to Alex Landau)
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
895
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
896 - Exit with an exit code of 1 if dropbear can't bind to any ports
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
897 (thanks to Nicolai Ehemann)
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
898
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
899 - Improve network performance and add a -W <receive_window> argument for
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
900 adjusting the tradeoff between network performance and memory consumption.
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
901
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
902 - Fix a problem where reply packets could be sent during key exchange,
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
903 in violation of the SSH spec. This could manifest itself with connections
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
904 being terminated after 8 hours with new TCP-forward connections being
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
905 established.
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
906
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
907 - Add -K <keepalive_time> argument, ensuring that data is transmitted
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
908 over the connection at least every N seconds.
319262c94d24 Prepare for 0.50 release
Matt Johnston <matt@ucc.asn.au>
parents: 437
diff changeset
909
457
e430a26064ee Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents: 455
diff changeset
910 - dropbearkey will no longer generate DSS keys of sizes other than 1024
e430a26064ee Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents: 455
diff changeset
911 bits, as required by the DSS specification. (Other sizes are still
e430a26064ee Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents: 455
diff changeset
912 accepted for use to provide backwards compatibility).
e430a26064ee Make dropbearkey only generate 1024 bit keys
Matt Johnston <matt@ucc.asn.au>
parents: 455
diff changeset
913
437
7319d229799a 0.49 probably done
Matt Johnston <matt@ucc.asn.au>
parents: 430
diff changeset
914 0.49 - Fri 23 February 2007
7319d229799a 0.49 probably done
Matt Johnston <matt@ucc.asn.au>
parents: 430
diff changeset
915
7319d229799a 0.49 probably done
Matt Johnston <matt@ucc.asn.au>
parents: 430
diff changeset
916 - Security: dbclient previously would prompt to confirm a
7319d229799a 0.49 probably done
Matt Johnston <matt@ucc.asn.au>
parents: 430
diff changeset
917 mismatching hostkey but wouldn't warn loudly. It will now
830
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
918 exit upon a mismatch. CVE-2007-1099
337
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
919
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
920 - Compile fixes, make sure that all variable definitions are at the start
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
921 of a scope.
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
922
430
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
923 - Added -P pidfile argument to the server (from Swen Schillig)
337
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
924
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
925 - Add -N dbclient option for "no command"
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
926
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
927 - Add -f dbclient option for "background after auth"
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
928
437
7319d229799a 0.49 probably done
Matt Johnston <matt@ucc.asn.au>
parents: 430
diff changeset
929 - Add ability to limit binding to particular addresses, use
7319d229799a 0.49 probably done
Matt Johnston <matt@ucc.asn.au>
parents: 430
diff changeset
930 -p [address:]port, patch from Max-Gerd Retzlaff.
7319d229799a 0.49 probably done
Matt Johnston <matt@ucc.asn.au>
parents: 430
diff changeset
931
430
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
932 - Try to finally fix ss_family compilation problems (for old
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
933 glibc systems)
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
934
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
935 - Fix finding relative-path server hostkeys when running daemonized
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
936
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
937 - Use $HOME in preference to that from /etc/passwd, so that
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
938 dbclient can still work on broken systems.
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
939
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
940 - Fix various issues found by Klocwork defect analysis, mostly memory leaks
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
941 and error-handling. Thanks to Klocwork for their service.
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
942
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
943 - Improve building in a separate directory
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
944
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
945 - Add compile-time LOG_COMMANDS option to log user commands
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
946
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
947 - Add '-y' flag to dbclient to unconditionally accept host keys,
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
948 patch from Luciano Miguel Ferreira Rocha
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
949
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
950 - Return immediately for "sleep 10 & echo foo", rather than waiting
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
951 for the sleep to return (pointed out by Rob Landley).
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
952
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
953 - Avoid hanging after exit in certain cases (such as scp)
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
954
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
955 - Various minor fixes, in particular various leaks reported by
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
956 Erik Hovland
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
957
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
958 - Disable core dumps on startup
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
959
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
960 - Don't erase over every single buffer, since it was a bottleneck.
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
961 On systems where it really matters, encrypted swap should be utilised.
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
962
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
963 - Read /dev/[u]random only once at startup to conserve kernel entropy
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
964
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
965 - Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
966
67689b7ceaf0 Changes for 0.49test1
Matt Johnston <matt@ucc.asn.au>
parents: 337
diff changeset
967 - Upgrade config.status and config.guess
337
bfa09e369e0e 0.49 is close to done.
Matt Johnston <matt@ucc.asn.au>
parents: 295
diff changeset
968
295
Matt Johnston <matt@ucc.asn.au>
parents: 291
diff changeset
969 0.48.1 - Sat 11 March 2006
Matt Johnston <matt@ucc.asn.au>
parents: 291
diff changeset
970
Matt Johnston <matt@ucc.asn.au>
parents: 291
diff changeset
971 - Compile fix for scp
Matt Johnston <matt@ucc.asn.au>
parents: 291
diff changeset
972
291
55a99934db87 0.48 bump
Matt Johnston <matt@ucc.asn.au>
parents: 290
diff changeset
973 0.48 - Thurs 9 March 2006
290
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
974
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
975 - Check that the circular buffer is properly empty before
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
976 closing a channel, which could cause truncated transfers
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
977 (thanks to Tomas Vanek for helping track it down)
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
978
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
979 - Implement per-IP pre-authentication connection limits
830
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
980 (after some poking from Pablo Fernandez) CVE-2006-1206
290
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
981
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
982 - Exit gracefully if trying to connect to as SSH v1 server
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
983 (reported by Rushi Lala)
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
984
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
985 - Only read /dev/random once at startup when in non-inetd mode
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
986
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
987 - Allow ctrl-c to close a dbclient password prompt (may
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
988 still have to press enter on some platforms)
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
989
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
990 - Merged in uClinux patch for inetd mode
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
991
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
992 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
993 where use of system() could cause users to execute arbitrary
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
994 code through malformed filenames, ref CVE-2006-0225
94ee16f5b8a8 0.48 progress
Matt Johnston <matt@ucc.asn.au>
parents: 265
diff changeset
995
265
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
996 0.47 - Thurs Dec 8 2005
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
997
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
998 - SECURITY: fix for buffer allocation error in server code, could potentially
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
999 allow authenticated users to gain elevated privileges. All multi-user systems
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1000 running the server should upgrade (or apply the patch available on the
830
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
1001 Dropbear webpage). CVE-2005-4178
265
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1002
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1003 - Fix channel handling code so that redirecting to /dev/null doesn't use
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1004 100% CPU.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1005
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1006 - Turn on zlib compression for dbclient.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1007
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1008 - Set "low delay" TOS bit, can significantly improve interactivity
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1009 over some links.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1010
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1011 - Added client keyboard-interactive mode support, allows operation with
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1012 newer OpenSSH servers in default config.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1013
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1014 - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1015
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1016 - Improve logging of assertions
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1017
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1018 - Added aes-256 cipher and sha1-96 hmac.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1019
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1020 - Fix twofish so that it actually works.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1021
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1022 - Improve PAM prompt comparison.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1023
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1024 - Added -g (dbclient) and -a (dropbear server) options to allow
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1025 connections to listening forwarded ports from remote machines.
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1026
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1027 - Various other minor fixes
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1028
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1029 - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1030 (netinet/in_systm.h needs to be included).
9b9664204b97 * Update changelogs for 0.47 release
Matt Johnston <matt@ucc.asn.au>
parents: 224
diff changeset
1031
223
f3ef0d29ab65 * 0.46 CHANGES done
Matt Johnston <matt@ucc.asn.au>
parents: 220
diff changeset
1032 0.46 - Sat July 9 2005
193
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1033
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1034 - Fix long-standing bug which caused connections to be closed if an ssh-agent
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1035 socket was no longer available
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1036
220
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1037 - Print a warning if we seem to be blocking on /dev/random
193
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1038 (suggested by Paul Fox)
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1039
220
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1040 - Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch)
193
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1041
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1042 - dbclient -L no longer segfaults, allocate correct buffer size (thanks
220
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1043 to David Cook for reporting it, and Christopher Faylor for independently
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1044 sending in a patch)
193
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1045
223
f3ef0d29ab65 * 0.46 CHANGES done
Matt Johnston <matt@ucc.asn.au>
parents: 220
diff changeset
1046 - Added RSA blinding to signing code (suggested by Dan Kaminsky)
193
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1047
220
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1048 - Rearranged bignum reading/random generation code
193
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1049
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1050 - Reset the non-blocking status on stderr and stdout as well as stdin,
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1051 fixes a problem where the shell running dbclient will exit (thanks to
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1052 Brent Roman for reporting it)
ca6a7c7a925c Preparing for 0.46
Matt Johnston <matt@ucc.asn.au>
parents: 176
diff changeset
1053
223
f3ef0d29ab65 * 0.46 CHANGES done
Matt Johnston <matt@ucc.asn.au>
parents: 220
diff changeset
1054 - Fix so that all file descriptors are closed so the child shell doesn't
220
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1055 inherit descriptors (thanks to Linden May for the patch)
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1056
223
f3ef0d29ab65 * 0.46 CHANGES done
Matt Johnston <matt@ucc.asn.au>
parents: 220
diff changeset
1057 - Change signkey.c to avoid gcc 4 generating incorrect code
220
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1058
224
1dbd2473482f * ... and a bit more for the CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 223
diff changeset
1059 - After both sides of a file descriptor have been shutdown(), close()
1dbd2473482f * ... and a bit more for the CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 223
diff changeset
1060 it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch)
1dbd2473482f * ... and a bit more for the CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 223
diff changeset
1061
220
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1062 - Update to LibTomCrypt 1.05 and LibTomMath 0.35
9089929fb2b7 * preparing for 0.46 release
Matt Johnston <matt@ucc.asn.au>
parents: 193
diff changeset
1063
176
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1064 0.45 - Mon March 7 2005
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1065
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1066 - Makefile no longer appends 'static' to statically linked binaries
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1067
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1068 - Add optional SSH_ASKPASS support to the client
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1069
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1070 - Respect HOST_LOOKUP option
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1071
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1072 - Fix accidentally removed "return;" statement which was removed in 0.44
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1073 (causing clients which sent an empty terminal-modes string to fail to
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1074 connect - including pssh, ssh.com, danger hiptop). (patches
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1075 independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
bc69564ef57b changes for 0.45
Matt Johnston <matt@ucc.asn.au>
parents: 170
diff changeset
1076
170
a62cb364f615 Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 161
diff changeset
1077 - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
a62cb364f615 Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 161
diff changeset
1078 will work with scp.
a62cb364f615 Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
Matt Johnston <matt@ucc.asn.au>
parents: 161
diff changeset
1079
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1080 0.44 - Mon Jan 3 2005
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1081
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1082 - SECURITY: Fix for PAM auth so that usernames are logged and conversation
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1083 function responses are allocated correctly - all 0.44test4 users with PAM
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1084 compiled in (not default) are advised to upgrade.
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1085
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1086 - Fix calls to getnameinfo() for compatibility with Solaris
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1087
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1088 - Pristine compilation works (run 'configure' from a fresh dir and make it
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1089 there)
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1090
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1091 - Fixes for compiling with most options disabled.
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1092
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1093 - Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1094
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1095 - Make sure that zeroing out of values in LTM and LTC won't get optimised away
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1096
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1097 - Removed unused functions from loginrec.c
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1098
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1099 - /dev/random is now the default entropy source rather than /dev/urandom
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1100
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1101 - Logging of IPs in auth success/failure messages for improved greppability
134
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1102
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1103 - Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1104 properly)
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1105
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1106 - Avoid a race in server shell-handling code which prevents the exit-code
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1107 from being returned to the client in some circumstances.
134
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1108
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1109 - Makefile modified so that install target works correctly (doesn't try
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1110 to install "all" binary) - patch from Juergen Daubert
6b306ad5f5b5 -i works with scp now.
Matt Johnston <matt@ucc.asn.au>
parents: 124
diff changeset
1111
161
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1112 - Various minor fixes and compile warnings.
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1113
b9d3f725e00b 0.44 release changes
Matt Johnston <matt@ucc.asn.au>
parents: 134
diff changeset
1114 0.44test4 - Tue Sept 14 2004 21:15:54 +0800
124
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1115
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1116 - Fix inetd mode so it actually loads the hostkeys (oops)
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1117
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1118 - Changed DROPBEAR_DEFPORT properly everywhere
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1119
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1120 - Fix a small memory leak in the auth code
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1121
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1122 - WCOREDUMP is only used on systems which support it (ie not cygwin or AIX)
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1123
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1124 - Check (and fail for) cases when we can't negotiate algorithms with the
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1125 remote side successfully (rather than bombing out ungracefully)
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1126
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1127 - Handle authorized_keys files without a terminating newline
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1128
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1129 - Fiddle the channel receive window size for possibly better performance
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1130
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1131 - Added in the PAM authentication code (finally! thanks to Martin Carlsson)
8c08fd2b7f5b 0.44test4 probably
Matt Johnston <matt@ucc.asn.au>
parents: 111
diff changeset
1132
111
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1133 0.44test3 - Fri Aug 27 22:20:54 +0800
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1134
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1135 - Fixed a bunch of warnings.
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1136
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1137 - scp works correctly when passed a username (fix for the dbclient program
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1138 itself as well, "-lmatt" works as well as "-l matt").
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1139
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1140 - Remove unrequired debian files
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1141
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1142 - Exit with the remote process's return code for dbclient
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1143
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1144 - Display stderr messages from the server in the client
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1145
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1146 - Add circular buffering to the channel code. This should dramatically reduce
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1147 the amount of backtraffic sent in response to traffic incoming to the
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1148 Dropbear end - improves high-latency performance (ie dialup).
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1149
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1150 - Various other related channel-handling fixups.
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1151
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1152 - Allow leading lines in the banner when connecting to servers
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1153
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1154 - Fixed printing out errors onto the network socket with stderr (for inetd
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1155 mode when using xinetd)
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1156
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1157 - Remove obselete documentation
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1158
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1159 - Fix a null-pointer exception when trying to free non-existant listeners
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1160 at cleanup.
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1161
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1162 - DEBUG_TRACE now only works if you add "-v" to the program commandline
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1163
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1164 - Don't leave stdin non-blocking on exit - this caused the parent shell
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1165 of dbclient to close when dbclient exited, for some shells in BusyBox
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1166
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1167 - Server connections no longer timeout after 5 minutes
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1168
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1169 - Fixed stupid DSS hostkey typo (server couldn't load host keys)
88e0a1ad951a merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 90
diff changeset
1170
90
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1171 0.44test2 - Tues Aug 17 2004 17:43:54 +0800
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1172
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1173 - Fix up dropbearmulti targets in the Makefile - symlinks are now created
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1174
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1175 - Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1176 allows them to work on platforms without a native getaddrinfo()
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1177
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1178 - Create ~/.ssh/known_hosts properly if it doesn't exist
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1179
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1180 - Fix basename() function prototype
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1181
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1182 - Backport some local changes (more #ifdefs for termcodes.c, a fix for missing
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1183 defines on AIX).
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1184
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1185 - Let dbclient be run as "ssh"
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1186
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1187 - Initialise mp_ints by default
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1188
c2ac796b130e merge of 00b67a11e33c3ed390556805ed6d1078528bee70
Matt Johnston <matt@ucc.asn.au>
parents: 78
diff changeset
1189 0.44test1 - Sun Aug 16 2005 17:43:54 +0800
78
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1190
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1191 - TESTING RELEASE - this is the first public release of the client codebase,
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1192 so there are sure to be bugs to be found. In addition, if you're just using
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1193 the server portion, the final binary size probably will increase - I'll
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1194 be trying to get it back down in future releases.
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1195
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1196 - Dropbear client added - lots of changes to the server code as well to
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1197 generalise things
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1198
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1199 - IPv6 support added for client, server, and forwarding
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1200
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1201 - New makefile with more generic support for multiple-program binaries
677843bfa734 Added changelog entry
Matt Johnston <matt@ucc.asn.au>
parents: 69
diff changeset
1202
69
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1203 0.43 - Fri Jul 16 2004 17:44:54 +0800
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1204
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1205 - SECURITY: Don't try to free() uninitialised variables in DSS verification
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1206 code. Thanks to Arne Bernin for pointing out this bug. This is possibly
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1207 exploitable, all users with DSS and pubkey-auth compiled in are advised to
830
b9f0058860f1 - 2013.60, update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 822
diff changeset
1208 upgrade. CVE-2004-2486
69
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1209
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1210 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1211
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1212 - Don't go into an infinite loop when portforwarding to servers which don't
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1213 send any initial data/banner. Patch from Nikola Vladov
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1214
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1215 - Fix for network vs. host byte order in logging remote TCP ports, also
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1216 from Gerrit Pape.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1217
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1218 - Initialise many pointers to NULL, for general safety. Also checked cleanup
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1219 code for mp_ints (related to security issues above).
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1220
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1221 0.42 - Wed Jun 16 2004 12:44:54 +0800
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1222
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1223 - Updated to Gerrit Pape's official Debian subdirectory
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1224
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1225 - Fixed bad check when opening /dev/urandom - thanks to Danny Sung.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1226
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1227 - Added -i inetd mode flag, and associated options in options.h . Dropbear
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1228 can be compiled with either normal mode, inetd, or both modes. Thanks
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1229 to Gerrit Pape for basic patch and motivation.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1230
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1231 - Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1232 Sommerfield.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1233
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1234 - Fixed a TCP forwarding (client-local, -L style) bug which caused the whole
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1235 session to close if the TCP connection failed. Thanks to Andrew Braund for
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1236 reporting it and helping track it down.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1237
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1238 - Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1239 suggestions, and BSD manpages for a clearer explanation of the behaviour.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1240
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1241 - Added manpages, thanks to Gerrit Pape.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1242
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1243 - Changed license text for LibTomCrypt and LibTomMath.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1244
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1245 - Added strip-static target
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1246
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1247 - Fixed a bug in agent-forwarding cleanup handler - would segfault
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1248 (dereferencing a null pointer) if agent forwarding had failed.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1249
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1250 - Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1251 work. Thanks to Dr. Markus Waldeck for the report.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1252
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1253 - Fixed local port forwarding code so that the "-j" option will make forwarding
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1254 attempts fail more gracefully.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1255
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1256 - Allow repeated requests in a single session if previous ones fail - this fixes PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1257 isn't available. Thanks to Stirling Westrup for the report.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1258
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1259 - Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1260 smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1261 options.h, leading to a significant reduction in the binary size.
59d16db56e9f Simple text changes
Matt Johnston <matt@ucc.asn.au>
parents: 4
diff changeset
1262
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1263 0.41 - Mon Jan 19 2004 22:40:19 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1264
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1265 - Fix in configure so that cross-compiling works, thanks to numerous people for
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1266 reporting and testing
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1267
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1268 - Terminal mode parsing now handles empty terminal mode strings (sent by
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1269 Windows ssh.com clients), thanks to Ricardo Derbes for the report
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1270
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1271 - Handling is improved for users with no shell specified in /etc/passwd,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1272 thanks again to Ricardo Derbes
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1273
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1274 - Fix for compiling with --disable-syslog, thanks to gordonfh
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1275
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1276 - Various minor fixes allow scp to work with irix, thanks to Paul Marinceu for
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1277 fixing it up
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1278
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1279 - Use <stropts.h> not <sys/stropts.h>, since the former seems more common
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1280
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1281 0.40 - Tue Jan 13 2004 21:05:19 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1282
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1283 - Remote TCP forwarding (-R) style implemented
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1284
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1285 - Local and remote TCP forwarding can each be disabled at runtime (-k and -j
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1286 switches)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1287
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1288 - Fix for problems detecting openpty() with uClibc - many thanks to various
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1289 people for reporting and testing fixes, including (in random order) Cristian
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1290 Ionescu-Idbohrn, James Ewing, Steve Dover, Thomas Lundquist and Frederic
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1291 Lavernhe
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1292
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1293 - Improved portability for IRIX, thanks to Paul Marinceu
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1294
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1295 - AIX and HPUX portability fixes, thanks to Darren Tucker for patches
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1296
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1297 - prngd should now work correctly, thanks to Darren Tucker for the patch
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1298
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1299 - scp compilation on systems without strlcpy() is fixed, thanks to Peter
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1300 Jannesen and David Muse for reporting it (independently and simultaneously :)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1301
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1302 - Merged in new LibTomCrypt 0.92 and LibTomMath 0.28
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1303
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1304 0.39 - Tue Dec 16 2003 15:19:19 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1305
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1306 - Better checking of key lengths and parameters for DSS and RSA auth
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1307
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1308 - Print fingerprint of keys used for pubkey auth
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1309
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1310 - More consistent logging of usernames and IPs
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1311
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1312 - Added option to disable password auth (or just for root) at runtime
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1313
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1314 - Avoid including bignum functions which don't give much speed benefit but
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1315 take up binary size
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1316
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1317 - Added a stripped down version of OpenSSH's scp binary
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1318
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1319 - Added additional supporting functions for Irix, thanks to Paul Marinceu
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1320
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1321 - Don't check for unused libraries in configure script
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1322
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1323 - Removed trailing comma in algorithm lists (thanks to Mihnea Stoenescu)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1324
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1325 - Fixed up channel close handling, always send close packet in response
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1326 (also thanks to Mihnea Stoenescu)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1327
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1328 - Various makefile improvements for cross-compiling, thanks to Friedrich
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1329 Lobenstock and Mihnea Stoenescu
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1330
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1331 - Use daemon() function if available (or our own copy) rather than separate
789
ea04e3eb03e2 Save with utf8 encoding
Matt Johnston <matt@ucc.asn.au>
parents: 786
diff changeset
1332 code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1333 Blackham for his suggestion on what to look at)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1334
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1335 - Fixed up support for first_kex_packet_follows, required to talk to ssh.com
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1336 clients. Thanks to Marian Stagarescu for the bug report.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1337
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1338 - Avoid using MAXPATHLEN, pointer from Ian Morris
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1339
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1340 - Improved input sanity checking
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1341
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1342 0.38 - Sat Oct 11 2003 16:28:13 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1343
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1344 - Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1345 rather than /etc/dropbear_{rsa,dss}_host_key
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1346
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1347 - Added SMALL and MULTI text files which have info on compiling for multiple
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1348 binaries or small binaries
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1349
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1350 - Allow for commandline definition of some options.h settings
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1351 (without warnings)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1352
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1353 - Be more careful handling EINTR
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1354
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1355 - More fixes for channel closing
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1356
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1357 - Added multi-binary support
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1358
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1359 - Improved logging of IPs, now get logged in all cases
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1360
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1361 - Don't chew cpu when waiting for version identification string, also
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1362 make sure that we kick off people if they don't auth within 5 minutes.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1363
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1364 - Various small fixes, warnings etc
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1365
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1366 - Display MOTD if requested - suggested by
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1367 Trent Lloyd <lathiat at sixlabs.org> and
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1368 Zach White <zwhite at darkstar.frop.org>
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1369
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1370 - sftp support works (relies on OpenSSH sftp binary or similar)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1371
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1372 - Added --disable-shadow option (requested by the floppyfw guys)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1373
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1374 0.37 - Wed Sept 24 2003 19:42:12 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1375
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1376 - Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1377 AIX, BSDs
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1378
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1379 - Updated LibTomMath to 0.27 and LibTomCrypt to 0.90
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1380
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1381 - Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1382
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1383 - Added some small changes so it'll work with AIX (plus Linux Affinity).
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1384 Thanks to Shig for them.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1385
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1386 - Improved the closing messages, so a clean exit is "Exited normally"
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1387
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1388 - Added some more robust integer/size checking in buffer.c as a backstop for
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1389 integer overflows
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1390
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1391 - X11 forwarding fixed for OSX, path for xauth changed to /usr/X11R6/bin/xauth
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1392
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1393 - Channel code handles closing more nicely, doesn't sit waiting for an extra
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1394 keystroke on BSD/OSX platforms, and data is flushed fully before closing
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1395 child processes (thanks to
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1396 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> for
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1397 pointing that out).
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1398
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1399 - Changed "DISABLE_TCPFWD" to "ENABLE_TCPFWD" (and for x11/auth) so
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1400 "disable DISABLE_TCPWD" isn't so confusing.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1401
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1402 - Fix authorized_keys handling (don't crash on too-long keys, and
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1403 use fgetc not getc to avoid strange macro-related issues), thanks to
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1404 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1405 and Steve Rodgers <hwstar at cox.net> for reporting and testing.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1406
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1407 - Fixes to the README with regard to uClibc systems, thanks to
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1408 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1409 as well as general improvements to documentation (split README/INSTALL)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1410
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1411 - Fixed up some compilation problems with dropbearconvert/dropbearkey if
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1412 DSS or RSA were disabled, reported by Patrik Karlsson <patrik at cqure.net>
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1413
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1414 - Fix double-free bug for hostkeys, reported by
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1415 Vincent Sanders <vince at kyllikki.org>
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1416
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1417 - Fix up missing \ns from dropbearconvert help message,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1418 thanks to Mordy Ovits <movits at bloomberg.com> for the patch
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1419
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1420 0.36 - Tue August 19 2003 12:16:23 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1421
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1422 - Fix uninitialised temporary variable in DSS signing code
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1423 (thanks to Matthew Franz <mdfranz at io.com> for reporting, and the authors
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1424 of Valgrind for making it easy to track down)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1425 - Fix remote version-string parsing error
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1426 (thanks to Bernard Blackham <bernard at blackham.com.au> for noticing)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1427 - Improved host-algorithm-matching algorithm in algo.c
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1428 - Decreased MAX_STRING_LEN to a more realistic value
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1429 - Fix incorrect version (0.34) in this CHANGES file for the previous release.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1430
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1431 0.35 - Sun August 17 2003 05:37:47 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1432
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1433 - Fix for remotely exploitable format string buffer overflow.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1434 (thanks to Joel Eriksson <je at bitnux.com>)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1435
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1436 0.34 - Fri August 15 2003 15:10:00 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1437
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1438 - Made syslog optional, both at compile time and as a compile option
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1439 (suggested by Laurent Bercot <ska at skarnet.org>)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1440 - Fixup for bad base64 parsing in authorized_keys
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1441 (noticed by Davyd Madeley <davyd at zdlcomputing.com>)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1442 - Added initial tcp forwarding code, only -L (local) at this stage
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1443 - Improved "make install" with DESTDIR and changing ownership seperately,
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1444 don't check for setpgrp on Linux for crosscompiling.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1445 (from Erik Andersen <andersen at codepoet.org>)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1446 - More commenting, fix minor compile warnings, make return values more
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1447 consistent etc
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1448 - Various signedness fixes
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1449 - Can listen on multiple ports
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1450 - added option to disable openpty with configure script,
789
ea04e3eb03e2 Save with utf8 encoding
Matt Johnston <matt@ucc.asn.au>
parents: 786
diff changeset
1451 (from K.-P. Kirchdörfer <kapeka at epost.de>)
4
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1452 - Various cleanups to bignum code
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1453 (thanks to Tom St Denis <tomstdenis at iahu.ca>)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1454 - Fix compile error when disabling RSA
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1455 (from Marc Kleine-Budde <kleine-budde at gmx.de>)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1456 - Other cleanups, splitting large functions for packet and kex handling etc
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1457
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1458 0.33 - Sun June 22 2003 22:24:12 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1459
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1460 - Fixed some invalid assertions in the channel code, fixing the server dying
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1461 when forwarding X11 connections.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1462 - Add dropbearconvert to convert to/from OpenSSH host keys and Dropbear keys
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1463 - RSA keys now keep p and q parameters for compatibility -- old Dropbear keys
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1464 still work, but can't be converted to OpenSSH etc.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1465 - Debian packaging directory added, thanks to
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1466 Grahame (grahame at angrygoats.net)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1467 - 'install' target added to the makefile
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1468 - general tidying, improve consistency of functions etc
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1469 - If RSA or DSS hostkeys don't exist, that algorithm won't be used.
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1470 - Improved RSA and DSS key generation, more efficient and fixed some minor bugs
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1471 (thanks to Tom St Denis for the advice)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1472 - Merged new versions of LibTomCrypt (0.86) and LibTomMath (0.21)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1473
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1474 0.32 - Sat May 24 2003 12:44:11 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1475
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1476 - Don't compile unused code from libtomcrypt (test vectors etc)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1477 - Updated to libtommath 0.17 and libtomcrypt 0.83. New libtommath results
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1478 in smaller binary size, due to not linking unrequired code
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1479 - X11 forwarding added
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1480 - Agent forwarding added (for OpenSSH.com ssh client/agent)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1481 - Fix incorrect buffer freeing when banners are used
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1482 - Hostname resolution works
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1483 - Various minor bugfixes/code size improvements etc
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1484
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1485 0.31 - Fri May 9 2003 17:57:16 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1486
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1487 - Improved syslog messages - IP logging etc
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1488 - Strip control characters from log messages (specified username currently)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1489 - Login recording (utmp/wtmp) support, so last/w/who work - taken from OpenSSH
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1490 - Shell is started as a proper login shell, so /etc/profile etc is sourced
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1491 - Ptys work on Solaris (2.8 x86 tested) now
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1492 - Fixed bug in specifying the rsa hostkey
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1493 - Fixed bug in compression code, could trigger if compression resulted in
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1494 larger output than input (uncommon but possible).
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1495
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1496 0.30 - Thu Apr 17 2003 18:46:15 +0800
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1497
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1498 - SECURITY: buffer.c had bad checking for buffer increment length - fixed
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1499 - channel code now closes properly on EOF - scp processes don't hang around
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1500 - syslog support added - improved auth/login/failure messages
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1501 - general code tidying, made return codes more consistent
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1502 - Makefile fixed for dependencies and makes libtomcrypt as well
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1503 - Implemented sending SSH_MSG_UNIMPLEMENTED :)
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1504
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1505 0.29 - Wed Apr 9 2003
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1506
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1507 - Fixed a stupid bug in 0.28 release, 'newstr = strdup(oldstr)',
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1508 not 'newstr=oldstr'
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1509
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1510 0.28 - Sun Apr 6 2003
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1511
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1512 - Initial public release
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1513
fe6bca95afa7 Makefile.in contains updated files required
Matt Johnston <matt@ucc.asn.au>
parents:
diff changeset
1514 Development was started in October 2002