Mercurial > dropbear
comparison CHANGES @ 391:00fcf5045160
propagate from branch 'au.asn.ucc.matt.ltc.dropbear' (head c1db4398d56c56c6d06ae1e20c1e0d04dbb598ed)
to branch 'au.asn.ucc.matt.dropbear' (head d26d5eb2837f46b56a33fb0e7573aa0201abd4d5)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 11 Jan 2007 04:29:08 +0000 |
| parents | bfa09e369e0e |
| children | 67689b7ceaf0 |
comparison
equal
deleted
inserted
replaced
| 390:d8e44bef7917 | 391:00fcf5045160 |
|---|---|
| 1 0.49 - Tues 13 June 2003 | |
| 2 | |
| 3 - Return immediately for "sleep 10 & echo foo", rather than waiting | |
| 4 for the sleep to return (pointed out by Rob Landley) | |
| 5 | |
| 6 - Added -P pidfile argument to the server (from Swen Schillig) | |
| 7 | |
| 8 - Compile fixes, make sure that all variable definitions are at the start | |
| 9 of a scope. | |
| 10 | |
| 11 - Use $HOME in preference to that from /etc/passwd, so that it | |
| 12 dbclient can still work on systems with a broken setup. | |
| 13 | |
| 14 - Add -N dbclient option for "no command" | |
| 15 | |
| 16 - Add -f dbclient option for "background after auth" | |
| 17 | |
| 18 - Try to finally fix ss_family compilation problems | |
| 19 | |
| 20 0.48.1 - Sat 11 March 2006 | |
| 21 | |
| 22 - Compile fix for scp | |
| 23 | |
| 24 0.48 - Thurs 9 March 2006 | |
| 25 | |
| 26 - Check that the circular buffer is properly empty before | |
| 27 closing a channel, which could cause truncated transfers | |
| 28 (thanks to Tomas Vanek for helping track it down) | |
| 29 | |
| 30 - Implement per-IP pre-authentication connection limits | |
| 31 (after some poking from Pablo Fernandez) | |
| 32 | |
| 33 - Exit gracefully if trying to connect to as SSH v1 server | |
| 34 (reported by Rushi Lala) | |
| 35 | |
| 36 - Only read /dev/random once at startup when in non-inetd mode | |
| 37 | |
| 38 - Allow ctrl-c to close a dbclient password prompt (may | |
| 39 still have to press enter on some platforms) | |
| 40 | |
| 41 - Merged in uClinux patch for inetd mode | |
| 42 | |
| 43 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue | |
| 44 where use of system() could cause users to execute arbitrary | |
| 45 code through malformed filenames, ref CVE-2006-0225 | |
| 46 | |
| 47 0.47 - Thurs Dec 8 2005 | |
| 48 | |
| 49 - SECURITY: fix for buffer allocation error in server code, could potentially | |
| 50 allow authenticated users to gain elevated privileges. All multi-user systems | |
| 51 running the server should upgrade (or apply the patch available on the | |
| 52 Dropbear webpage). | |
| 53 | |
| 54 - Fix channel handling code so that redirecting to /dev/null doesn't use | |
| 55 100% CPU. | |
| 56 | |
| 57 - Turn on zlib compression for dbclient. | |
| 58 | |
| 59 - Set "low delay" TOS bit, can significantly improve interactivity | |
| 60 over some links. | |
| 61 | |
| 62 - Added client keyboard-interactive mode support, allows operation with | |
| 63 newer OpenSSH servers in default config. | |
| 64 | |
| 65 - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions | |
| 66 | |
| 67 - Improve logging of assertions | |
| 68 | |
| 69 - Added aes-256 cipher and sha1-96 hmac. | |
| 70 | |
| 71 - Fix twofish so that it actually works. | |
| 72 | |
| 73 - Improve PAM prompt comparison. | |
| 74 | |
| 75 - Added -g (dbclient) and -a (dropbear server) options to allow | |
| 76 connections to listening forwarded ports from remote machines. | |
| 77 | |
| 78 - Various other minor fixes | |
| 79 | |
| 80 - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD | |
| 81 (netinet/in_systm.h needs to be included). | |
| 82 | |
| 83 0.46 - Sat July 9 2005 | |
| 84 | |
| 85 - Fix long-standing bug which caused connections to be closed if an ssh-agent | |
| 86 socket was no longer available | |
| 87 | |
| 88 - Print a warning if we seem to be blocking on /dev/random | |
| 89 (suggested by Paul Fox) | |
| 90 | |
| 91 - Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch) | |
| 92 | |
| 93 - dbclient -L no longer segfaults, allocate correct buffer size (thanks | |
| 94 to David Cook for reporting it, and Christopher Faylor for independently | |
| 95 sending in a patch) | |
| 96 | |
| 97 - Added RSA blinding to signing code (suggested by Dan Kaminsky) | |
| 98 | |
| 99 - Rearranged bignum reading/random generation code | |
| 100 | |
| 101 - Reset the non-blocking status on stderr and stdout as well as stdin, | |
| 102 fixes a problem where the shell running dbclient will exit (thanks to | |
| 103 Brent Roman for reporting it) | |
| 104 | |
| 105 - Fix so that all file descriptors are closed so the child shell doesn't | |
| 106 inherit descriptors (thanks to Linden May for the patch) | |
| 107 | |
| 108 - Change signkey.c to avoid gcc 4 generating incorrect code | |
| 109 | |
| 110 - After both sides of a file descriptor have been shutdown(), close() | |
| 111 it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch) | |
| 112 | |
| 113 - Update to LibTomCrypt 1.05 and LibTomMath 0.35 | |
| 114 | |
| 115 0.45 - Mon March 7 2005 | |
| 116 | |
| 117 - Makefile no longer appends 'static' to statically linked binaries | |
| 118 | |
| 119 - Add optional SSH_ASKPASS support to the client | |
| 120 | |
| 121 - Respect HOST_LOOKUP option | |
| 122 | |
| 123 - Fix accidentally removed "return;" statement which was removed in 0.44 | |
| 124 (causing clients which sent an empty terminal-modes string to fail to | |
| 125 connect - including pssh, ssh.com, danger hiptop). (patches | |
| 126 independently from Paul Fox, David Horwitt and Sven-Ola Tuecke) | |
| 127 | |
| 128 - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient | |
| 129 will work with scp. | |
| 130 | |
| 131 0.44 - Mon Jan 3 2005 | |
| 132 | |
| 133 - SECURITY: Fix for PAM auth so that usernames are logged and conversation | |
| 134 function responses are allocated correctly - all 0.44test4 users with PAM | |
| 135 compiled in (not default) are advised to upgrade. | |
| 136 | |
| 137 - Fix calls to getnameinfo() for compatibility with Solaris | |
| 138 | |
| 139 - Pristine compilation works (run 'configure' from a fresh dir and make it | |
| 140 there) | |
| 141 | |
| 142 - Fixes for compiling with most options disabled. | |
| 143 | |
| 144 - Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32 | |
| 145 | |
| 146 - Make sure that zeroing out of values in LTM and LTC won't get optimised away | |
| 147 | |
| 148 - Removed unused functions from loginrec.c | |
| 149 | |
| 150 - /dev/random is now the default entropy source rather than /dev/urandom | |
| 151 | |
| 152 - Logging of IPs in auth success/failure messages for improved greppability | |
| 153 | |
| 154 - Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile | |
| 155 properly) | |
| 156 | |
| 157 - Avoid a race in server shell-handling code which prevents the exit-code | |
| 158 from being returned to the client in some circumstances. | |
| 159 | |
| 160 - Makefile modified so that install target works correctly (doesn't try | |
| 161 to install "all" binary) - patch from Juergen Daubert | |
| 162 | |
| 163 - Various minor fixes and compile warnings. | |
| 164 | |
| 165 0.44test4 - Tue Sept 14 2004 21:15:54 +0800 | |
| 166 | |
| 167 - Fix inetd mode so it actually loads the hostkeys (oops) | |
| 168 | |
| 169 - Changed DROPBEAR_DEFPORT properly everywhere | |
| 170 | |
| 171 - Fix a small memory leak in the auth code | |
| 172 | |
| 173 - WCOREDUMP is only used on systems which support it (ie not cygwin or AIX) | |
| 174 | |
| 175 - Check (and fail for) cases when we can't negotiate algorithms with the | |
| 176 remote side successfully (rather than bombing out ungracefully) | |
| 177 | |
| 178 - Handle authorized_keys files without a terminating newline | |
| 179 | |
| 180 - Fiddle the channel receive window size for possibly better performance | |
| 181 | |
| 182 - Added in the PAM authentication code (finally! thanks to Martin Carlsson) | |
| 183 | |
| 184 0.44test3 - Fri Aug 27 22:20:54 +0800 | |
| 185 | |
| 186 - Fixed a bunch of warnings. | |
| 187 | |
| 188 - scp works correctly when passed a username (fix for the dbclient program | |
| 189 itself as well, "-lmatt" works as well as "-l matt"). | |
| 190 | |
| 191 - Remove unrequired debian files | |
| 192 | |
| 193 - Exit with the remote process's return code for dbclient | |
| 194 | |
| 195 - Display stderr messages from the server in the client | |
| 196 | |
| 197 - Add circular buffering to the channel code. This should dramatically reduce | |
| 198 the amount of backtraffic sent in response to traffic incoming to the | |
| 199 Dropbear end - improves high-latency performance (ie dialup). | |
| 200 | |
| 201 - Various other related channel-handling fixups. | |
| 202 | |
| 203 - Allow leading lines in the banner when connecting to servers | |
| 204 | |
| 205 - Fixed printing out errors onto the network socket with stderr (for inetd | |
| 206 mode when using xinetd) | |
| 207 | |
| 208 - Remove obselete documentation | |
| 209 | |
| 210 - Fix a null-pointer exception when trying to free non-existant listeners | |
| 211 at cleanup. | |
| 212 | |
| 213 - DEBUG_TRACE now only works if you add "-v" to the program commandline | |
| 214 | |
| 215 - Don't leave stdin non-blocking on exit - this caused the parent shell | |
| 216 of dbclient to close when dbclient exited, for some shells in BusyBox | |
| 217 | |
| 218 - Server connections no longer timeout after 5 minutes | |
| 219 | |
| 220 - Fixed stupid DSS hostkey typo (server couldn't load host keys) | |
| 221 | |
| 222 0.44test2 - Tues Aug 17 2004 17:43:54 +0800 | |
| 223 | |
| 224 - Fix up dropbearmulti targets in the Makefile - symlinks are now created | |
| 225 | |
| 226 - Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this | |
| 227 allows them to work on platforms without a native getaddrinfo() | |
| 228 | |
| 229 - Create ~/.ssh/known_hosts properly if it doesn't exist | |
| 230 | |
| 231 - Fix basename() function prototype | |
| 232 | |
| 233 - Backport some local changes (more #ifdefs for termcodes.c, a fix for missing | |
| 234 defines on AIX). | |
| 235 | |
| 236 - Let dbclient be run as "ssh" | |
| 237 | |
| 238 - Initialise mp_ints by default | |
| 239 | |
| 240 0.44test1 - Sun Aug 16 2005 17:43:54 +0800 | |
| 241 | |
| 242 - TESTING RELEASE - this is the first public release of the client codebase, | |
| 243 so there are sure to be bugs to be found. In addition, if you're just using | |
| 244 the server portion, the final binary size probably will increase - I'll | |
| 245 be trying to get it back down in future releases. | |
| 246 | |
| 247 - Dropbear client added - lots of changes to the server code as well to | |
| 248 generalise things | |
| 249 | |
| 250 - IPv6 support added for client, server, and forwarding | |
| 251 | |
| 252 - New makefile with more generic support for multiple-program binaries | |
| 253 | |
| 254 0.43 - Fri Jul 16 2004 17:44:54 +0800 | |
| 255 | |
| 256 - SECURITY: Don't try to free() uninitialised variables in DSS verification | |
| 257 code. Thanks to Arne Bernin for pointing out this bug. This is possibly | |
| 258 exploitable, all users with DSS and pubkey-auth compiled in are advised to | |
| 259 upgrade. | |
| 260 | |
| 261 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. | |
| 262 | |
| 263 - Don't go into an infinite loop when portforwarding to servers which don't | |
| 264 send any initial data/banner. Patch from Nikola Vladov | |
| 265 | |
| 266 - Fix for network vs. host byte order in logging remote TCP ports, also | |
| 267 from Gerrit Pape. | |
| 268 | |
| 269 - Initialise many pointers to NULL, for general safety. Also checked cleanup | |
| 270 code for mp_ints (related to security issues above). | |
| 271 | |
| 272 0.42 - Wed Jun 16 2004 12:44:54 +0800 | |
| 273 | |
| 274 - Updated to Gerrit Pape's official Debian subdirectory | |
| 275 | |
| 276 - Fixed bad check when opening /dev/urandom - thanks to Danny Sung. | |
| 277 | |
| 278 - Added -i inetd mode flag, and associated options in options.h . Dropbear | |
| 279 can be compiled with either normal mode, inetd, or both modes. Thanks | |
| 280 to Gerrit Pape for basic patch and motivation. | |
| 281 | |
| 282 - Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill | |
| 283 Sommerfield. | |
| 284 | |
| 285 - Fixed a TCP forwarding (client-local, -L style) bug which caused the whole | |
| 286 session to close if the TCP connection failed. Thanks to Andrew Braund for | |
| 287 reporting it and helping track it down. | |
| 288 | |
| 289 - Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some | |
| 290 suggestions, and BSD manpages for a clearer explanation of the behaviour. | |
| 291 | |
| 292 - Added manpages, thanks to Gerrit Pape. | |
| 293 | |
| 294 - Changed license text for LibTomCrypt and LibTomMath. | |
| 295 | |
| 296 - Added strip-static target | |
| 297 | |
| 298 - Fixed a bug in agent-forwarding cleanup handler - would segfault | |
| 299 (dereferencing a null pointer) if agent forwarding had failed. | |
| 300 | |
| 301 - Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will | |
| 302 work. Thanks to Dr. Markus Waldeck for the report. | |
| 303 | |
| 304 - Fixed local port forwarding code so that the "-j" option will make forwarding | |
| 305 attempts fail more gracefully. | |
| 306 | |
| 307 - Allow repeated requests in a single session if previous ones fail - this fixes PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it | |
| 308 isn't available. Thanks to Stirling Westrup for the report. | |
| 309 | |
| 310 - Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses | |
| 311 smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in | |
| 312 options.h, leading to a significant reduction in the binary size. | |
| 313 | |
| 314 0.41 - Mon Jan 19 2004 22:40:19 +0800 | |
| 315 | |
| 316 - Fix in configure so that cross-compiling works, thanks to numerous people for | |
| 317 reporting and testing | |
| 318 | |
| 319 - Terminal mode parsing now handles empty terminal mode strings (sent by | |
| 320 Windows ssh.com clients), thanks to Ricardo Derbes for the report | |
| 321 | |
| 322 - Handling is improved for users with no shell specified in /etc/passwd, | |
| 323 thanks again to Ricardo Derbes | |
| 324 | |
| 325 - Fix for compiling with --disable-syslog, thanks to gordonfh | |
| 326 | |
| 327 - Various minor fixes allow scp to work with irix, thanks to Paul Marinceu for | |
| 328 fixing it up | |
| 329 | |
| 330 - Use <stropts.h> not <sys/stropts.h>, since the former seems more common | |
| 331 | |
| 332 0.40 - Tue Jan 13 2004 21:05:19 +0800 | |
| 333 | |
| 334 - Remote TCP forwarding (-R) style implemented | |
| 335 | |
| 336 - Local and remote TCP forwarding can each be disabled at runtime (-k and -j | |
| 337 switches) | |
| 338 | |
| 339 - Fix for problems detecting openpty() with uClibc - many thanks to various | |
| 340 people for reporting and testing fixes, including (in random order) Cristian | |
| 341 Ionescu-Idbohrn, James Ewing, Steve Dover, Thomas Lundquist and Frederic | |
| 342 Lavernhe | |
| 343 | |
| 344 - Improved portability for IRIX, thanks to Paul Marinceu | |
| 345 | |
| 346 - AIX and HPUX portability fixes, thanks to Darren Tucker for patches | |
| 347 | |
| 348 - prngd should now work correctly, thanks to Darren Tucker for the patch | |
| 349 | |
| 350 - scp compilation on systems without strlcpy() is fixed, thanks to Peter | |
| 351 Jannesen and David Muse for reporting it (independently and simultaneously :) | |
| 352 | |
| 353 - Merged in new LibTomCrypt 0.92 and LibTomMath 0.28 | |
| 354 | |
| 355 0.39 - Tue Dec 16 2003 15:19:19 +0800 | |
| 356 | |
| 357 - Better checking of key lengths and parameters for DSS and RSA auth | |
| 358 | |
| 359 - Print fingerprint of keys used for pubkey auth | |
| 360 | |
| 361 - More consistent logging of usernames and IPs | |
| 362 | |
| 363 - Added option to disable password auth (or just for root) at runtime | |
| 364 | |
| 365 - Avoid including bignum functions which don't give much speed benefit but | |
| 366 take up binary size | |
| 367 | |
| 368 - Added a stripped down version of OpenSSH's scp binary | |
| 369 | |
| 370 - Added additional supporting functions for Irix, thanks to Paul Marinceu | |
| 371 | |
| 372 - Don't check for unused libraries in configure script | |
| 373 | |
| 374 - Removed trailing comma in algorithm lists (thanks to Mihnea Stoenescu) | |
| 375 | |
| 376 - Fixed up channel close handling, always send close packet in response | |
| 377 (also thanks to Mihnea Stoenescu) | |
| 378 | |
| 379 - Various makefile improvements for cross-compiling, thanks to Friedrich | |
| 380 Lobenstock and Mihnea Stoenescu | |
| 381 | |
| 382 - Use daemon() function if available (or our own copy) rather than separate | |
| 383 code (thanks to Fr�d�ric Lavernhe for the report and debugging, and Bernard | |
| 384 Blackham for his suggestion on what to look at) | |
| 385 | |
| 386 - Fixed up support for first_kex_packet_follows, required to talk to ssh.com | |
| 387 clients. Thanks to Marian Stagarescu for the bug report. | |
| 388 | |
| 389 - Avoid using MAXPATHLEN, pointer from Ian Morris | |
| 390 | |
| 391 - Improved input sanity checking | |
| 392 | |
| 393 0.38 - Sat Oct 11 2003 16:28:13 +0800 | |
| 394 | |
| 395 - Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key | |
| 396 rather than /etc/dropbear_{rsa,dss}_host_key | |
| 397 | |
| 398 - Added SMALL and MULTI text files which have info on compiling for multiple | |
| 399 binaries or small binaries | |
| 400 | |
| 401 - Allow for commandline definition of some options.h settings | |
| 402 (without warnings) | |
| 403 | |
| 404 - Be more careful handling EINTR | |
| 405 | |
| 406 - More fixes for channel closing | |
| 407 | |
| 408 - Added multi-binary support | |
| 409 | |
| 410 - Improved logging of IPs, now get logged in all cases | |
| 411 | |
| 412 - Don't chew cpu when waiting for version identification string, also | |
| 413 make sure that we kick off people if they don't auth within 5 minutes. | |
| 414 | |
| 415 - Various small fixes, warnings etc | |
| 416 | |
| 417 - Display MOTD if requested - suggested by | |
| 418 Trent Lloyd <lathiat at sixlabs.org> and | |
| 419 Zach White <zwhite at darkstar.frop.org> | |
| 420 | |
| 421 - sftp support works (relies on OpenSSH sftp binary or similar) | |
| 422 | |
| 423 - Added --disable-shadow option (requested by the floppyfw guys) | |
| 424 | |
| 425 0.37 - Wed Sept 24 2003 19:42:12 +0800 | |
| 426 | |
| 427 - Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2, | |
| 428 AIX, BSDs | |
| 429 | |
| 430 - Updated LibTomMath to 0.27 and LibTomCrypt to 0.90 | |
| 431 | |
| 432 - Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h | |
| 433 | |
| 434 - Added some small changes so it'll work with AIX (plus Linux Affinity). | |
| 435 Thanks to Shig for them. | |
| 436 | |
| 437 - Improved the closing messages, so a clean exit is "Exited normally" | |
| 438 | |
| 439 - Added some more robust integer/size checking in buffer.c as a backstop for | |
| 440 integer overflows | |
| 441 | |
| 442 - X11 forwarding fixed for OSX, path for xauth changed to /usr/X11R6/bin/xauth | |
| 443 | |
| 444 - Channel code handles closing more nicely, doesn't sit waiting for an extra | |
| 445 keystroke on BSD/OSX platforms, and data is flushed fully before closing | |
| 446 child processes (thanks to | |
| 447 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> for | |
| 448 pointing that out). | |
| 449 | |
| 450 - Changed "DISABLE_TCPFWD" to "ENABLE_TCPFWD" (and for x11/auth) so | |
| 451 "disable DISABLE_TCPWD" isn't so confusing. | |
| 452 | |
| 453 - Fix authorized_keys handling (don't crash on too-long keys, and | |
| 454 use fgetc not getc to avoid strange macro-related issues), thanks to | |
| 455 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> | |
| 456 and Steve Rodgers <hwstar at cox.net> for reporting and testing. | |
| 457 | |
| 458 - Fixes to the README with regard to uClibc systems, thanks to | |
| 459 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>, | |
| 460 as well as general improvements to documentation (split README/INSTALL) | |
| 461 | |
| 462 - Fixed up some compilation problems with dropbearconvert/dropbearkey if | |
| 463 DSS or RSA were disabled, reported by Patrik Karlsson <patrik at cqure.net> | |
| 464 | |
| 465 - Fix double-free bug for hostkeys, reported by | |
| 466 Vincent Sanders <vince at kyllikki.org> | |
| 467 | |
| 468 - Fix up missing \ns from dropbearconvert help message, | |
| 469 thanks to Mordy Ovits <movits at bloomberg.com> for the patch | |
| 470 | |
| 471 0.36 - Tue August 19 2003 12:16:23 +0800 | |
| 472 | |
| 473 - Fix uninitialised temporary variable in DSS signing code | |
| 474 (thanks to Matthew Franz <mdfranz at io.com> for reporting, and the authors | |
| 475 of Valgrind for making it easy to track down) | |
| 476 - Fix remote version-string parsing error | |
| 477 (thanks to Bernard Blackham <bernard at blackham.com.au> for noticing) | |
| 478 - Improved host-algorithm-matching algorithm in algo.c | |
| 479 - Decreased MAX_STRING_LEN to a more realistic value | |
| 480 - Fix incorrect version (0.34) in this CHANGES file for the previous release. | |
| 481 | |
| 482 0.35 - Sun August 17 2003 05:37:47 +0800 | |
| 483 | |
| 484 - Fix for remotely exploitable format string buffer overflow. | |
| 485 (thanks to Joel Eriksson <je at bitnux.com>) | |
| 486 | |
| 487 0.34 - Fri August 15 2003 15:10:00 +0800 | |
| 488 | |
| 489 - Made syslog optional, both at compile time and as a compile option | |
| 490 (suggested by Laurent Bercot <ska at skarnet.org>) | |
| 491 - Fixup for bad base64 parsing in authorized_keys | |
| 492 (noticed by Davyd Madeley <davyd at zdlcomputing.com>) | |
| 493 - Added initial tcp forwarding code, only -L (local) at this stage | |
| 494 - Improved "make install" with DESTDIR and changing ownership seperately, | |
| 495 don't check for setpgrp on Linux for crosscompiling. | |
| 496 (from Erik Andersen <andersen at codepoet.org>) | |
| 497 - More commenting, fix minor compile warnings, make return values more | |
| 498 consistent etc | |
| 499 - Various signedness fixes | |
| 500 - Can listen on multiple ports | |
| 501 - added option to disable openpty with configure script, | |
| 502 (from K.-P. Kirchd�rfer <kapeka at epost.de>) | |
| 503 - Various cleanups to bignum code | |
| 504 (thanks to Tom St Denis <tomstdenis at iahu.ca>) | |
| 505 - Fix compile error when disabling RSA | |
| 506 (from Marc Kleine-Budde <kleine-budde at gmx.de>) | |
| 507 - Other cleanups, splitting large functions for packet and kex handling etc | |
| 508 | |
| 509 0.33 - Sun June 22 2003 22:24:12 +0800 | |
| 510 | |
| 511 - Fixed some invalid assertions in the channel code, fixing the server dying | |
| 512 when forwarding X11 connections. | |
| 513 - Add dropbearconvert to convert to/from OpenSSH host keys and Dropbear keys | |
| 514 - RSA keys now keep p and q parameters for compatibility -- old Dropbear keys | |
| 515 still work, but can't be converted to OpenSSH etc. | |
| 516 - Debian packaging directory added, thanks to | |
| 517 Grahame (grahame at angrygoats.net) | |
| 518 - 'install' target added to the makefile | |
| 519 - general tidying, improve consistency of functions etc | |
| 520 - If RSA or DSS hostkeys don't exist, that algorithm won't be used. | |
| 521 - Improved RSA and DSS key generation, more efficient and fixed some minor bugs | |
| 522 (thanks to Tom St Denis for the advice) | |
| 523 - Merged new versions of LibTomCrypt (0.86) and LibTomMath (0.21) | |
| 524 | |
| 525 0.32 - Sat May 24 2003 12:44:11 +0800 | |
| 526 | |
| 527 - Don't compile unused code from libtomcrypt (test vectors etc) | |
| 528 - Updated to libtommath 0.17 and libtomcrypt 0.83. New libtommath results | |
| 529 in smaller binary size, due to not linking unrequired code | |
| 530 - X11 forwarding added | |
| 531 - Agent forwarding added (for OpenSSH.com ssh client/agent) | |
| 532 - Fix incorrect buffer freeing when banners are used | |
| 533 - Hostname resolution works | |
| 534 - Various minor bugfixes/code size improvements etc | |
| 535 | |
| 536 0.31 - Fri May 9 2003 17:57:16 +0800 | |
| 537 | |
| 538 - Improved syslog messages - IP logging etc | |
| 539 - Strip control characters from log messages (specified username currently) | |
| 540 - Login recording (utmp/wtmp) support, so last/w/who work - taken from OpenSSH | |
| 541 - Shell is started as a proper login shell, so /etc/profile etc is sourced | |
| 542 - Ptys work on Solaris (2.8 x86 tested) now | |
| 543 - Fixed bug in specifying the rsa hostkey | |
| 544 - Fixed bug in compression code, could trigger if compression resulted in | |
| 545 larger output than input (uncommon but possible). | |
| 546 | |
| 547 0.30 - Thu Apr 17 2003 18:46:15 +0800 | |
| 548 | |
| 549 - SECURITY: buffer.c had bad checking for buffer increment length - fixed | |
| 550 - channel code now closes properly on EOF - scp processes don't hang around | |
| 551 - syslog support added - improved auth/login/failure messages | |
| 552 - general code tidying, made return codes more consistent | |
| 553 - Makefile fixed for dependencies and makes libtomcrypt as well | |
| 554 - Implemented sending SSH_MSG_UNIMPLEMENTED :) | |
| 555 | |
| 556 0.29 - Wed Apr 9 2003 | |
| 557 | |
| 558 - Fixed a stupid bug in 0.28 release, 'newstr = strdup(oldstr)', | |
| 559 not 'newstr=oldstr' | |
| 560 | |
| 561 0.28 - Sun Apr 6 2003 | |
| 562 | |
| 563 - Initial public release | |
| 564 | |
| 565 Development was started in October 2002 |