Mercurial > dropbear

comparison CHANGES @ 1739:13d834efc376 fuzz

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
merge from main
author Matt Johnston <matt@ucc.asn.au>
date Thu, 15 Oct 2020 19:55:15 +0800
parents 8b27de2c92ee
children 4b984c42372d
comparison
equal deleted inserted replaced
1562:768ebf737aa0 1739:13d834efc376
1 2020.80 - 26 June 2020
2
3 - Don't block authorized_keys logins with no-X11-forwarding or no-agent-forwarding
4 restrictions when X11 or agent forwarding are disabled at compile time.
5 This is more of a problem now X11 is disabled by default, reported by Guilhem Moulin
6
7 - Reduce binary size by 4kB (x64) when using bundled libtommath
8
9 - Define GNU_SOURCE for getrandom() on uclibc, reported by Laurent Bercot and
10 Fabrice Fontaine
11
12 - Improve checking libtomcrypt version compatibility
13
14 - Add some style notes to DEVELOPING.md
15
16 2020.79 - 15 June 2020
17
18 - Support ed25519 hostkeys and authorized_keys, many thanks to Vladislav Grishenko.
19 This also replaces curve25519 with a TweetNaCl implementation that reduces code size.
20
21 - Add chacha20-poly1305 authenticated cipher. This will perform faster than AES
22 on many platforms. Thanks to Vladislav Grishenko
23
24 - Support using rsa-sha2 signatures. No changes are needed to hostkeys/authorized_keys
25 entries, existing RSA keys can be used with the new signature format (signatures
26 are ephemeral within a session). Old ssh-rsa signatures will no longer
27 be supported by OpenSSH in future so upgrading is recommended.
28
29 - Use getrandom() call on Linux to ensure sufficient entropy has been gathered at startup.
30 Dropbear now avoids reading from the random source at startup, instead waiting until
31 the first connection. It is possible that some platforms were running without enough
32 entropy previously, those could potentially block at first boot generating host keys.
33 The dropbear "-R" option is one way to avoid that.
34
35 - Upgrade libtomcrypt to 1.18.2 and libtommath to 1.2.0, many thanks to Steffen Jaeckel for
36 updating Dropbear to use the current API. Dropbear's configure script will check
37 for sufficient system library versions, otherwise using the bundled versions.
38
39 - CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by default.
40 They can be set in localoptions.h if required.
41 Blowfish has been removed.
42
43 - Support AES GCM, patch from Vladislav Grishenko. This is disabled by default,
44 Dropbear doesn't currently use hardware accelerated AES.
45
46 - Added an API for specifying user public keys as an authorized_keys replacement.
47 See pubkeyapi.h for details, thanks to Fabrizio Bertocci
48
49 - Fix idle detection clashing with keepalives, thanks to jcmathews
50
51 - Include IP addresses in more early exit messages making it easier for fail2ban
52 processing. Patch from Kevin Darbyshire-Bryant
53
54 - scp fix for CVE-2018-20685 where a server could modify name of output files
55
56 - SSH_ORIGINAL_COMMAND is set for "dropbear -c" forced command too
57
58 - Fix writing key files on systems without hard links, from Matt Robinson
59
60 - Compatibility fixes for IRIX from Kazuo Kuroi
61
62 - Re-enable printing MOTD by default, was lost moving from options.h. Thanks to zciendor
63
64 - Call fsync() is called on parent directory when writing key files to ensure they are flushed
65
66 - Fix "make install" for manpages in out-of-tree builds, from Gabor Z. Papp
67
68 - Some notes are added in DEVELOPING.md
69
70 2019.78 - 27 March 2019
71
72 - Fix dbclient regression in 2019.77. After exiting the terminal would be left
73 in a bad state. Reported by Ryan Woodsmall
74
75 2019.77 - 23 March 2019
76
77 - Fix server -R option with ECDSA - only advertise one key size which will be accepted.
78 Reported by Peter Krefting, 2018.76 regression.
79
80 - Fix server regression in 2018.76 where multiple client -R forwards were all forwarded
81 to the first destination. Reported by Iddo Samet.
82
83 - Make failure delay more consistent to avoid revealing valid usernames, set server password
84 limit of 100 characters. Problem reported by usd responsible disclosure team
85
86 - Change handling of failed authentication to avoid disclosing valid usernames,
87 CVE-2018-15599.
88
89 - Fix dbclient to reliably return the exit code from the remote server.
90 Reported by W. Mike Petullo
91
92 - Fix export of 521-bit ECDSA keys, from Christian Hohnstädt
93
94 - Add -o Port=xxx option to work with sshfs, from xcko
95
96 - Merged fuzzing code, see FUZZER-NOTES.md
97
98 - Add a DROPBEAR_SVR_MULTIUSER=0 compile option to run on
99 single-user Linux kernels (CONFIG_MULTIUSER disabled). From Patrick Stewart
100
101 - Increase allowed username to 100 characters, reported by W. Mike Petullo
102
103 - Update config.sub and config.guess, should now work with RISC-V
104
105 - Cygwin compile fix from karel-m
106
107 - Don't require GNU sed (accidentally in 2018.76), reported by Samuel Hsu
108
109 - Fix for IRIX and writev(), reported by Kazuo Kuroi
110
111 - Other fixes and cleanups from François Perrad, Andre McCurdy, Konstantin Demin,
112 Michael Jones, Pawel Rapkiewicz
113
114
1 2018.76 - 27 February 2018 115 2018.76 - 27 February 2018
2 116
3 > > > Configuration/compatibility changes 117 > > > Configuration/compatibility changes
4 IMPORTANT 118 IMPORTANT
5 Custom configuration is now specified in local_options.h rather than options.h 119 Custom configuration is now specified in localoptions.h rather than options.h
6 Available options and defaults can be seen in default_options.h 120 Available options and defaults can be seen in default_options.h
7 121
8 To migrate your configuration, compare your customised options.h against the 122 To migrate your configuration, compare your customised options.h against the
9 upstream options.h from your relevant version. Any customised options should 123 upstream options.h from your relevant version. Any customised options should
10 be put in localoptions.h 124 be put in localoptions.h in the build directory.
11 125
12 - "configure --enable-static" should now be used instead of "make STATIC=1" 126 - "configure --enable-static" should now be used instead of "make STATIC=1"
13 This will avoid 'hardened build' flags that conflict with static binaries 127 This will avoid 'hardened build' flags that conflict with static binaries
14 128
15 - Set 'hardened build' flags by default if supported by the compiler. 129 - Set 'hardened build' flags by default if supported by the compiler.
99 - Security: Fix double-free in server TCP listener cleanup 213 - Security: Fix double-free in server TCP listener cleanup
100 A double-free in the server could be triggered by an authenticated user if 214 A double-free in the server could be triggered by an authenticated user if
101 dropbear is running with -a (Allow connections to forwarded ports from any host) 215 dropbear is running with -a (Allow connections to forwarded ports from any host)
102 This could potentially allow arbitrary code execution as root by an authenticated user. 216 This could potentially allow arbitrary code execution as root by an authenticated user.
103 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash. 217 Affects versions 2013.56 to 2016.74. Thanks to Mark Shepard for reporting the crash.
104 CVE-2017-9078 https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c 218 CVE-2017-9078 https://hg.ucc.asn.au/dropbear/rev/c8114a48837c
105 219
106 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink. 220 - Security: Fix information disclosure with ~/.ssh/authorized_keys symlink.
107 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix 221 Dropbear parsed authorized_keys as root, even if it were a symlink. The fix
108 is to switch to user permissions when opening authorized_keys 222 is to switch to user permissions when opening authorized_keys
109 223
111 couldn't normally read. If they managed to get that file to contain valid 225 couldn't normally read. If they managed to get that file to contain valid
112 authorized_keys with command= options it might be possible to read other 226 authorized_keys with command= options it might be possible to read other
113 contents of that file. 227 contents of that file.
114 This information disclosure is to an already authenticated user. 228 This information disclosure is to an already authenticated user.
115 Thanks to Jann Horn of Google Project Zero for reporting this. 229 Thanks to Jann Horn of Google Project Zero for reporting this.
116 CVE-2017-9079 https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123 230 CVE-2017-9079 https://hg.ucc.asn.au/dropbear/rev/0d889b068123
117 231
118 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync 232 - Generate hostkeys with dropbearkey atomically and flush to disk with fsync
119 Thanks to Andrei Gherzan for a patch 233 Thanks to Andrei Gherzan for a patch
120 234
121 - Fix out of tree builds with bundled libtom 235 - Fix out of tree builds with bundled libtom
131 245
132 A dbclient user who can control username or host arguments could potentially 246 A dbclient user who can control username or host arguments could potentially
133 run arbitrary code as the dbclient user. This could be a problem if scripts 247 run arbitrary code as the dbclient user. This could be a problem if scripts
134 or webpages pass untrusted input to the dbclient program. 248 or webpages pass untrusted input to the dbclient program.
135 CVE-2016-7406 249 CVE-2016-7406
136 https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb 250 https://hg.ucc.asn.au/dropbear/rev/b66a483f3dcb
137 251
138 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as 252 - Security: dropbearconvert import of OpenSSH keys could run arbitrary code as
139 the local dropbearconvert user when parsing malicious key files 253 the local dropbearconvert user when parsing malicious key files
140 CVE-2016-7407 254 CVE-2016-7407
141 https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e 255 https://hg.ucc.asn.au/dropbear/rev/34e6127ef02e
142 256
143 - Security: dbclient could run arbitrary code as the local dbclient user if 257 - Security: dbclient could run arbitrary code as the local dbclient user if
144 particular -m or -c arguments are provided. This could be an issue where 258 particular -m or -c arguments are provided. This could be an issue where
145 dbclient is used in scripts. 259 dbclient is used in scripts.
146 CVE-2016-7408 260 CVE-2016-7408
147 https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6 261 https://hg.ucc.asn.au/dropbear/rev/eed9376a4ad6
148 262
149 - Security: dbclient or dropbear server could expose process memory to the 263 - Security: dbclient or dropbear server could expose process memory to the
150 running user if compiled with DEBUG_TRACE and running with -v 264 running user if compiled with DEBUG_TRACE and running with -v
151 CVE-2016-7409 265 CVE-2016-7409
152 https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04 266 https://hg.ucc.asn.au/dropbear/rev/6a14b1f6dc04
153 267
154 The security issues were reported by an anonymous researcher working with 268 The security issues were reported by an anonymous researcher working with
155 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html 269 Beyond Security's SecuriTeam Secure Disclosure www.beyondsecurity.com/ssd.html
156 270
157 - Fix port forwarding failure when connecting to domains that have both 271 - Fix port forwarding failure when connecting to domains that have both
193 307
194 2016.72 - 9 March 2016 308 2016.72 - 9 March 2016
195 309
196 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions, 310 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
197 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116 311 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
198 https://secure.ucc.asn.au/hg/dropbear/rev/a3e8389e01ff 312 https://hg.ucc.asn.au/dropbear/rev/a3e8389e01ff
199 313
200 2015.71 - 3 December 2015 314 2015.71 - 3 December 2015
201 315
202 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69 316 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
203 317
474 Patch from Martin Donnelly 588 Patch from Martin Donnelly
475 589
476 - Limit the size of decompressed payloads, avoids memory exhaustion denial 590 - Limit the size of decompressed payloads, avoids memory exhaustion denial
477 of service 591 of service
478 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 592 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421
479 https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f 593 https://hg.ucc.asn.au/dropbear/rev/0bf76f54de6f
480 594
481 - Avoid disclosing existence of valid users through inconsistent delays 595 - Avoid disclosing existence of valid users through inconsistent delays
482 Thanks to Logan Lamb for reporting. CVE-2013-4434 596 Thanks to Logan Lamb for reporting. CVE-2013-4434
483 https://secure.ucc.asn.au/hg/dropbear/rev/d7784616409a 597 https://hg.ucc.asn.au/dropbear/rev/d7784616409a
484 598
485 - Update config.guess and config.sub for newer architectures 599 - Update config.guess and config.sub for newer architectures
486 600
487 - Avoid segfault in server for locked accounts 601 - Avoid segfault in server for locked accounts
488 602
581 authorized_keys restrictions are used. Could allow arbitrary code execution 695 authorized_keys restrictions are used. Could allow arbitrary code execution
582 or bypass of the command="..." restriction to an authenticated user. 696 or bypass of the command="..." restriction to an authenticated user.
583 This bug affects releases 0.52 onwards. Ref CVE-2012-0920. 697 This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
584 Thanks to Danny Fullerton of Mantor Organization for reporting 698 Thanks to Danny Fullerton of Mantor Organization for reporting
585 the bug. 699 the bug.
586 https://secure.ucc.asn.au/hg/dropbear/rev/818108bf7749 700 https://hg.ucc.asn.au/dropbear/rev/818108bf7749
587 701
588 - Compile fix, only apply IPV6 socket options if they are available in headers 702 - Compile fix, only apply IPV6 socket options if they are available in headers
589 Thanks to Gustavo Zacarias for the patch 703 Thanks to Gustavo Zacarias for the patch
590 704
591 - Overwrite session key memory on exit 705 - Overwrite session key memory on exit
625 message informing what the port is, thanks to Ali Onur Uyar. 739 message informing what the port is, thanks to Ali Onur Uyar.
626 740
627 - New version numbering scheme. 741 - New version numbering scheme.
628 742
629 Source repository has now migrated to Mercurial at 743 Source repository has now migrated to Mercurial at
630 https://secure.ucc.asn.au/hg/dropbear/graph/default 744 https://hg.ucc.asn.au/dropbear/graph/default
631 745
632 0.53.1 - Wednesday 2 March 2011 746 0.53.1 - Wednesday 2 March 2011
633 747
634 - -lcrypt needs to be before object files for static linking 748 - -lcrypt needs to be before object files for static linking
635 749