Mercurial > dropbear

annotate CHANGES @ 1666:c148e7afa0d1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Handle early exit when addrstring isn't set
author Matt Johnston <matt@ucc.asn.au>
date Wed, 18 Mar 2020 23:37:45 +0800
parents 009d52ae26d3
children 25b0ce1936c4
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
1650
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
1 2019.78 - 27 March 2019
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
2
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
3 - Fix dbclient regression in 2019.77. After exiting the terminal would be left
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
4 in a bad state. Reported by Ryan Woodsmall
009d52ae26d3 Bump to 2019.78
Matt Johnston <matt@ucc.asn.au>
parents: 1646
diff changeset
5
1646
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
6 2019.77 - 23 March 2019
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
7
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
8 - Fix server -R option with ECDSA - only advertise one key size which will be accepted.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
9 Reported by Peter Krefting, 2018.76 regression.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
10
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
11 - Fix server regression in 2018.76 where multiple client -R forwards were all forwarded
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
12 to the first destination. Reported by Iddo Samet.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
13
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
14 - Make failure delay more consistent to avoid revealing valid usernames, set server password
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
15 limit of 100 characters. Problem reported by usd responsible disclosure team
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
16
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
17 - Change handling of failed authentication to avoid disclosing valid usernames,
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
18 CVE-2018-15599.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
19
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
20 - Fix dbclient to reliably return the exit code from the remote server.
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
21 Reported by W. Mike Petullo
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
22
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
23 - Fix export of 521-bit ECDSA keys, from Christian Hohnstädt
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
24
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
25 - Add -o Port=xxx option to work with sshfs, from xcko
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
26
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
27 - Merged fuzzing code, see FUZZER-NOTES.md
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
28
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
29 - Add a DROPBEAR_SVR_MULTIUSER=0 compile option to run on
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
30 single-user Linux kernels (CONFIG_MULTIUSER disabled). From Patrick Stewart
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
31
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
32 - Increase allowed username to 100 characters, reported by W. Mike Petullo
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
33
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
34 - Update config.sub and config.guess, should now work with RISC-V
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
35
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
36 - Cygwin compile fix from karel-m
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
37
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
38 - Don't require GNU sed (accidentally in 2018.76), reported by Samuel Hsu
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
39
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
40 - Fix for IRIX and writev(), reported by Kazuo Kuroi
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
41
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
42 - Other fixes and cleanups from François Perrad, Andre McCurdy, Konstantin Demin,
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
43 Michael Jones, Pawel Rapkiewicz
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
44
6d1bbe7d5fa5 2019.77
Matt Johnston <matt@ucc.asn.au>
parents: 1565
diff changeset
45
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
46 2018.76 - 27 February 2018
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
47
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
48 > > > Configuration/compatibility changes
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
49 IMPORTANT
1565
2fd52c383163 mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1552
diff changeset
50 Custom configuration is now specified in localoptions.h rather than options.h
1524
d35cf9a5e0b5 rename default_options.h.in in docs too
Matt Johnston <matt@ucc.asn.au>
parents: 1520
diff changeset
51 Available options and defaults can be seen in default_options.h
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
52
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
53 To migrate your configuration, compare your customised options.h against the
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
54 upstream options.h from your relevant version. Any customised options should
1565
2fd52c383163 mention localoptions.h being build directory, fix underscore in CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1552
diff changeset
55 be put in localoptions.h in the build directory.
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
56
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
57 - "configure --enable-static" should now be used instead of "make STATIC=1"
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
58 This will avoid 'hardened build' flags that conflict with static binaries
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
59
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
60 - Set 'hardened build' flags by default if supported by the compiler.
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
61 These can be disabled with configure --disable-harden if needed.
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
62 -Wl,-pie
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
63 -Wl,-z,now -Wl,-z,relro
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
64 -fstack-protector-strong
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
65 -D_FORTIFY_SOURCE=2
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
66 # spectre v2 mitigation
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
67 -mfunction-return=thunk
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
68 -mindirect-branch=thunk
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
69
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
70 Spectre patch from Loganaden Velvindron
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
71
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
72 - "dropbear -r" option for hostkeys no longer attempts to load the default
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
73 hostkey paths as well. If desired these can be specified manually.
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
74 Patch from CamVan Nguyen
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
75
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
76 - group1-sha1 key exchange is disabled in the server by default since
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
77 the fixed 1024-bit group may be susceptible to attacks
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
78
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
79 - twofish ciphers are now disabled in the default configuration
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
80
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
81 - Default generated ECDSA key size is now 256 (rather than 521)
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
82 for better interoperability
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
83
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
84 - Minimum RSA key length has been increased to 1024 bits
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
85
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
86 > > > Other features and fixes
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
87
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
88 - Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
89
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
90 - Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
91 See dbclient manpage for a socat example. Patch from Harald Becker
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
92
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
93 - Add "-c forced_command" option. Patch from Jeremy Kerr
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
94
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
95 - Restricted group -G option added with patch from stellarpower
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
96
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
97 - Support server-chosen TCP forwarding ports, patch from houseofkodai
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
98
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
99 - Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
100 Patch from houseofkodai
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
101
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
102 - Makefile will now rebuild object files when header files are modified
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
103
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
104 - Add group14-256 and group16 key exchange options
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
105
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
106 - curve25519-sha256 also supported without @libssh.org suffix
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
107
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
108 - Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
109 This fixes building with some recent versions of clang
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
110
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
111 - Set PAM_RHOST which is needed by modules such as pam_abl
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
112
1552
e46f7f1da56a CHANGES for 2018.76
Matt Johnston <matt@ucc.asn.au>
parents: 1524
diff changeset
113 - Improvements to DSS and RSA public key validation, found by OSS-Fuzz.
1520
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
114
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
115 - Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
116
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
117 - Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
118
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
119 - Numerous code cleanups and small issues fixed by Francois Perrad
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
120
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
121 - Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
122 platforms. Reported by Oliver Schneider and Andrew Bainbridge
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
123
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
124 - Fix some platform portability problems, from Ben Gardner
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
125
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
126 - Add EXEEXT filename suffix for building dropbearmulti, from William Foster
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
127
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
128 - Support --enable-<option> properly for configure, from Stefan Hauser
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
129
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
130 - configure have_openpty result can be cached, from Eric Bénard
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
131
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
132 - handle platforms that return close() < -1 on failure, from Marco Wenzel
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
133
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
134 - Build and configuration cleanups from Michael Witten
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
135
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
136 - Fix libtomcrypt/libtommath linking order, from Andre McCurdy
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
137
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
138 - Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
139
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
140 - Update curve25519-donna implementation to current version
84578193ef47 draft CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1433
diff changeset
141
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
142 2017.75 - 18 May 2017
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
143
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
144 - Security: Fix double-free in server TCP listener cleanup
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
145 A double-free in the server could be triggered by an authenticated user if
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
146 dropbear is running with -a (Allow connections to forwarded ports from any host)
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
147 This could potentially allow arbitrary code execution as root by an authenticated user.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
148 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
1345
1a3c4ec0f840 add cve and patch link
Matt Johnston <matt@ucc.asn.au>
parents: 1339
diff changeset
149 CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
150
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
151 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
152 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
153 is to switch to user permissions when opening authorized_keys
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
154
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
155 A user could symlink their ~/.ssh/authorized_keys to a root-owned file they
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
156 couldn't normally read. If they managed to get that file to contain valid
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
157 authorized_keys with command= options it might be possible to read other
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
158 contents of that file.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
159 This information disclosure is to an already authenticated user.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
160 Thanks to Jann Horn of Google Project Zero for reporting this.
1345
1a3c4ec0f840 add cve and patch link
Matt Johnston <matt@ucc.asn.au>
parents: 1339
diff changeset
161 CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
162
1339
c31276613181 fix changelog for atomic dropbearkey
Matt Johnston <matt@ucc.asn.au>
parents: 1337
diff changeset
163 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync
1337
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
164 Thanks to Andrei Gherzan for a patch
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
165
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
166 - Fix out of tree builds with bundled libtom
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
167 Thanks to Henrik Nordström and Peter Krefting for patches.
8978d879ef07 changes for 2017.75
Matt Johnston <matt@ucc.asn.au>
parents: 1321
diff changeset
168
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
169 2016.74 - 21 July 2016
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
170
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
171 - Security: Message printout was vulnerable to format string injection.
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
172
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
173 If specific usernames including "%" symbols can be created on a system
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
174 (validated by getpwnam()) then an attacker could run arbitrary code as root
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
175 when connecting to Dropbear server.
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
176
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
177 A dbclient user who can control username or host arguments could potentially
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
178 run arbitrary code as the dbclient user. This could be a problem if scripts
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
179 or webpages pass untrusted input to the dbclient program.
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
180 CVE-2016-7406
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
181 https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
182
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
183 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
184 the local dropbearconvert user when parsing malicious key files
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
185 CVE-2016-7407
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
186 https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
187
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
188 - Security: dbclient could run arbitrary code as the local dbclient user if
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
189 particular -m or -c arguments are provided. This could be an issue where
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
190 dbclient is used in scripts.
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
191 CVE-2016-7408
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
192 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
193
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
194 - Security: dbclient or dropbear server could expose process memory to the
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
195 running user if compiled with DEBUG_TRACE and running with -v
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
196 CVE-2016-7409
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
197 https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
198
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
199 The security issues were reported by an anonymous researcher working with
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
200 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
201
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
202 - Fix port forwarding failure when connecting to domains that have both
1313
0ed3d2bbf956 mention regression release
Matt Johnston <matt@ucc.asn.au>
parents: 1311
diff changeset
203 IPv4 and IPv6 addresses. The bug was introduced in 2015.68
1311
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
204
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
205 - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
206 for the patch
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
207
10f28c95ca31 changelogs
Matt Johnston <matt@ucc.asn.au>
parents: 1285
diff changeset
208
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
209 2016.73 - 18 March 2016
1253
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
210
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
211 - Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
212
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
213 - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
214
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
215 - Option to exit when a TCP forward fails, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
216
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
217 - New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
218 in the style of OpenSSH, though implementing all OpenSSH options is not planned.
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
219
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
220 - Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
1253
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
221
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
222 - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
223
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
224 - Various cleanups for issues found by a lint tool, patch from Francois Perrad
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
225
1253
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
226 - Fix tab indent consistency, patch from Francois Perrad
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
227
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
228 - Fix issues found by cppcheck, reported by Mike Tzou
3b990ddaea4f update CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1234
diff changeset
229
1285
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
230 - Use system memset_s() or explicit_bzero() if available to clear memory. Also make
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
231 libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
232
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
233 - Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
234
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
235 - Improved Travis CI test running, thanks to Mike Tzou
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
236
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
237 - Improve some code that was flagged by Coverity and Fortify Static Code Analyzer
309e1c4a8768 update for 2016.73
Matt Johnston <matt@ucc.asn.au>
parents: 1279
diff changeset
238
1230
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
239 2016.72 - 9 March 2016
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
240
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
241 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
1279
f107cef4be68 add CVE
Matt Johnston <matt@ucc.asn.au>
parents: 1253
diff changeset
242 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
1321
2535ea9d0a6f add CVEs and patch urls
Matt Johnston <matt@ucc.asn.au>
parents: 1313
diff changeset
243 https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff
1230
2c23d72e06b2 2016.72
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
244
1200
9a944a243f08 2015.71
Matt Johnston <matt@ucc.asn.au>
parents: 1199
diff changeset
245 2015.71 - 3 December 2015
1198
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
246
1199
1d41a7b8f31c wrong breakage version
Matt Johnston <matt@ucc.asn.au>
parents: 1198
diff changeset
247 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
1198
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
248
1203
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
249 - Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to
Matt Johnston <matt@ucc.asn.au>
parents: 1200
diff changeset
250 Frank Stollenwerk for reporting and investigation
1198
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
251
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
252 - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
253
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
254 - Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
255 broke in 2015.70
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
256
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
257 - Fix server race condition that could cause sessions to hang on exit,
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
258 https://github.com/robotframework/SSHLibrary/issues/128
388e5c3e380e preliminary 2015.71 CHANGES
Matt Johnston <matt@ucc.asn.au>
parents: 1188
diff changeset
259
1188
79a6ef02307d Wrong date
Matt Johnston <matt@ucc.asn.au>
parents: 1187
diff changeset
260 2015.70 - 26 November 2015
1187
88fd422cfa11 2015.70
Matt Johnston <matt@ucc.asn.au>
parents: 1178
diff changeset
261
88fd422cfa11 2015.70
Matt Johnston <matt@ucc.asn.au>
parents: 1178
diff changeset
262 - Fix server password authentication on Linux, broke in 2015.69
88fd422cfa11 2015.70
Matt Johnston <matt@ucc.asn.au>
parents: 1178
diff changeset
263
1178
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
264 2015.69 - 25 November 2015
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
265
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
266 - Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
267
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
268 - Avoid hang on session close when multiple sessions are started, affects Qt Creator
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
269 Patch from Andrzej Szombierski
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
270
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
271 - Reduce per-channel memory consumption in common case, increase default
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
272 channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
273 webpages
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
274
4ab757b14b2d changelog
Matt Johnston <matt@ucc.asn.au>
parents: 1147
diff changeset
275 - Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin