dropbear: CHANGES annotate

annotate CHANGES @ 1462:e017e46b1434

configure: add a variable to allow openpty check to be cached Signed-off-by: Dengke Du <[email protected]>

author	Eric Bénard <eric@eukrea.com>
date	Thu, 25 Apr 2013 00:27:25 +0200
parents	b19877938d6a
children	84578193ef47

rev	line source
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	1 2017.75 - 18 May 2017
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	2
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	3 - Security: Fix double-free in server TCP listener cleanup
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	4 A double-free in the server could be triggered by an authenticated user if
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	5 dropbear is running with -a (Allow connections to forwarded ports from any host)
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	6 This could potentially allow arbitrary code execution as root by an authenticated user.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	7 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
1345 1a3c4ec0f840 add cve and patch link Matt Johnston <matt@ucc.asn.au> parents: 1339 diff changeset	8 CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	9
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	10 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	11 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	12 is to switch to user permissions when opening authorized_keys
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	13
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	14 A user could symlink their ~/.ssh/authorized_keys to a root-owned file they
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	15 couldn't normally read. If they managed to get that file to contain valid
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	16 authorized_keys with command= options it might be possible to read other
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	17 contents of that file.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	18 This information disclosure is to an already authenticated user.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	19 Thanks to Jann Horn of Google Project Zero for reporting this.
1345 1a3c4ec0f840 add cve and patch link Matt Johnston <matt@ucc.asn.au> parents: 1339 diff changeset	20 CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	21
1339 c31276613181 fix changelog for atomic dropbearkey Matt Johnston <matt@ucc.asn.au> parents: 1337 diff changeset	22 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync
1337 8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	23 Thanks to Andrei Gherzan for a patch
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	24
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	25 - Fix out of tree builds with bundled libtom
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	26 Thanks to Henrik Nordström and Peter Krefting for patches.
8978d879ef07 changes for 2017.75 Matt Johnston <matt@ucc.asn.au> parents: 1321 diff changeset	27
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	28 2016.74 - 21 July 2016
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	29
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	30 - Security: Message printout was vulnerable to format string injection.
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	31
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	32 If specific usernames including "%" symbols can be created on a system
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	33 (validated by getpwnam()) then an attacker could run arbitrary code as root
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	34 when connecting to Dropbear server.
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	35
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	36 A dbclient user who can control username or host arguments could potentially
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	37 run arbitrary code as the dbclient user. This could be a problem if scripts
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	38 or webpages pass untrusted input to the dbclient program.
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	39 CVE-2016-7406
2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	40 https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	41
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	42 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	43 the local dropbearconvert user when parsing malicious key files
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	44 CVE-2016-7407
2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	45 https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	46
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	47 - Security: dbclient could run arbitrary code as the local dbclient user if
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	48 particular -m or -c arguments are provided. This could be an issue where
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	49 dbclient is used in scripts.
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	50 CVE-2016-7408
2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	51 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	52
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	53 - Security: dbclient or dropbear server could expose process memory to the
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	54 running user if compiled with DEBUG_TRACE and running with -v
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	55 CVE-2016-7409
2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	56 https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	57
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	58 The security issues were reported by an anonymous researcher working with
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	59 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	60
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	61 - Fix port forwarding failure when connecting to domains that have both
1313 0ed3d2bbf956 mention regression release Matt Johnston <matt@ucc.asn.au> parents: 1311 diff changeset	62 IPv4 and IPv6 addresses. The bug was introduced in 2015.68
1311 10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	63
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	64 - Fix 100% CPU use while waiting for rekey to complete. Thanks to Zhang Hui P
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	65 for the patch
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	66
10f28c95ca31 changelogs Matt Johnston <matt@ucc.asn.au> parents: 1285 diff changeset	67
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	68 2016.73 - 18 March 2016
1253 3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	69
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	70 - Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	71
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	72 - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	73
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	74 - Option to exit when a TCP forward fails, patch from Konstantin Tokarev
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	75
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	76 - New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	77 in the style of OpenSSH, though implementing all OpenSSH options is not planned.
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	78
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	79 - Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
1253 3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	80
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	81 - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	82
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	83 - Various cleanups for issues found by a lint tool, patch from Francois Perrad
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	84
1253 3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	85 - Fix tab indent consistency, patch from Francois Perrad
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	86
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	87 - Fix issues found by cppcheck, reported by Mike Tzou
3b990ddaea4f update CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1234 diff changeset	88
1285 309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	89 - Use system memset_s() or explicit_bzero() if available to clear memory. Also make
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	90 libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	91
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	92 - Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	93
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	94 - Improved Travis CI test running, thanks to Mike Tzou
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	95
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	96 - Improve some code that was flagged by Coverity and Fortify Static Code Analyzer
309e1c4a8768 update for 2016.73 Matt Johnston <matt@ucc.asn.au> parents: 1279 diff changeset	97
1230 2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	98 2016.72 - 9 March 2016
2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	99
2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	100 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
1279 f107cef4be68 add CVE Matt Johnston <matt@ucc.asn.au> parents: 1253 diff changeset	101 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
1321 2535ea9d0a6f add CVEs and patch urls Matt Johnston <matt@ucc.asn.au> parents: 1313 diff changeset	102 https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff
1230 2c23d72e06b2 2016.72 Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	103
1200 9a944a243f08 2015.71 Matt Johnston <matt@ucc.asn.au> parents: 1199 diff changeset	104 2015.71 - 3 December 2015
1198 388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	105
1199 1d41a7b8f31c wrong breakage version Matt Johnston <matt@ucc.asn.au> parents: 1198 diff changeset	106 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
1198 388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	107
1203 e49a204effe3 Thanks Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	108 - Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to
e49a204effe3 Thanks Matt Johnston <matt@ucc.asn.au> parents: 1200 diff changeset	109 Frank Stollenwerk for reporting and investigation
1198 388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	110
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	111 - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	112
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	113 - Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	114 broke in 2015.70
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	115
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	116 - Fix server race condition that could cause sessions to hang on exit,
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	117 https://github.com/robotframework/SSHLibrary/issues/128
388e5c3e380e preliminary 2015.71 CHANGES Matt Johnston <matt@ucc.asn.au> parents: 1188 diff changeset	118
1188 79a6ef02307d Wrong date Matt Johnston <matt@ucc.asn.au> parents: 1187 diff changeset	119 2015.70 - 26 November 2015
1187 88fd422cfa11 2015.70 Matt Johnston <matt@ucc.asn.au> parents: 1178 diff changeset	120
88fd422cfa11 2015.70 Matt Johnston <matt@ucc.asn.au> parents: 1178 diff changeset	121 - Fix server password authentication on Linux, broke in 2015.69
88fd422cfa11 2015.70 Matt Johnston <matt@ucc.asn.au> parents: 1178 diff changeset	122
1178 4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	123 2015.69 - 25 November 2015
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	124
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	125 - Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	126
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	127 - Avoid hang on session close when multiple sessions are started, affects Qt Creator
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	128 Patch from Andrzej Szombierski
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	129
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	130 - Reduce per-channel memory consumption in common case, increase default
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	131 channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	132 webpages
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	133
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	134 - Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	135
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	136 - Manpage improvements from Guilhem Moulin
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	137
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	138 - Build fixes for Android from Mike Frysinger
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	139
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	140 - Don't display the MOTD when an explicit command is run from Guilhem Moulin
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	141
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	142 - Check curve25519 shared secret isn't zero
4ab757b14b2d changelog Matt Johnston <matt@ucc.asn.au> parents: 1147 diff changeset	143
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	144 2015.68 - Saturday 8 August 2015
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	145
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	146 - Reduce local data copying for improved efficiency. Measured 30%
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	147 increase in throughput for connections to localhost
1063 9a5677293671 changes (also testing hg bookmarks) Matt Johnston <matt@ucc.asn.au> parents: 1004 diff changeset	148
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	149 - Forwarded TCP ports connect asynchronously and try all available addresses
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	150 (IPv4, IPv6, round robin DNS)
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	151
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	152 - Fix all compile warnings, many patches from Gaël Portay
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	153 Note that configure with -Werror may not be successful on some platforms (OS X)
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	154 and some configuration options may still result in unused variable
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	155 warnings.
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	156
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	157 - Use TCP Fast Open on Linux if available. Saves a round trip at connection
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	158 to hosts that have previously been connected.
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	159 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	160 Client side is disabled by default pending further compatibility testing
7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	161 with networks and systems.
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	162
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	163 - Increase maximum command length to 9000 bytes
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	164
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	165 - Free memory before exiting, patch from Thorsten Horstmann. Useful for
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	166 Dropbear ports to embedded systems and for checking memory leaks
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	167 with valgrind. Only partially implemented for dbclient.
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	168 This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	169
1147 809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	170 - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
809feaa9408f changelog and version 2015.68 Matt Johnston <matt@ucc.asn.au> parents: 1141 diff changeset	171 there is a leading slash (~ isn't treated specially)
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	172
1064 0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	173 - Fix small ECC memory leaks
0b365b6a6f08 more changes Matt Johnston <matt@ucc.asn.au> parents: 1063 diff changeset	174
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	175 - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
1141 63ac2261e1b0 couple more changelog items Matt Johnston <matt@ucc.asn.au> parents: 1125 diff changeset	176 Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
1125 7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	177
7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	178 - Twofish-ctr cipher is supported though disabled by default
7cb1f49d89a8 a bit more changelog Matt Johnston <matt@ucc.asn.au> parents: 1064 diff changeset	179
1141

Mercurial > dropbear

annotate CHANGES @ 1462:e017e46b1434