Mercurial > dropbear
comparison CHANGES @ 1719:25b0ce1936c4
changelog for 2020.79
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Mon, 15 Jun 2020 23:36:14 +0800 |
| parents | 009d52ae26d3 |
| children | cddc90de1b6f |
comparison
equal
deleted
inserted
replaced
| 1718:72bb7fb1fced | 1719:25b0ce1936c4 |
|---|---|
| 1 2020.79 - 15 June 2020 | |
| 2 | |
| 3 - Support ed25519 hostkeys and authorized_keys, many thanks to Vladislav Grishenko. | |
| 4 This also replaces curve25519 with a TweetNaCl implementation that reduces code size. | |
| 5 | |
| 6 - Add chacha20-poly1305 authenticated cipher. This will perform faster than AES | |
| 7 on many platforms. Thanks to Vladislav Grishenko | |
| 8 | |
| 9 - Support using rsa-sha2 signatures. No changes are needed to hostkeys/authorized_keys | |
| 10 entries, existing RSA keys can be used with the new signature format (signatures | |
| 11 are ephemeral within a session). Old ssh-rsa signatures will no longer | |
| 12 be supported by OpenSSH in future so upgrading is recommended. | |
| 13 | |
| 14 - Use getrandom() call on Linux to ensure sufficient entropy has been gathered at startup. | |
| 15 Dropbear now avoids reading from the random source at startup, instead waiting until | |
| 16 the first connection. It is possible that some platforms were running without enough | |
| 17 entropy previously, those could potentially block at first boot generating host keys. | |
| 18 The dropbear "-R" option is one way to avoid that. | |
| 19 | |
| 20 - Upgrade libtomcrypt to 1.18.2 and libtommath to 1.2.0, many thanks to Steffen Jaeckel for | |
| 21 updating Dropbear to use the current API. Dropbear's configure script will check | |
| 22 for sufficient system library versions, otherwise using the bundled versions. | |
| 23 | |
| 24 - CBC ciphers, 3DES, hmac-sha1-96, and x11 forwarding are now disabled by default. | |
| 25 They can be set in localoptions.h if required. | |
| 26 Blowfish has been removed. | |
| 27 | |
| 28 - Support AES GCM, patch from Vladislav Grishenko. This is disabled by default, | |
| 29 Dropbear doesn't currently use hardware accelerated AES. | |
| 30 | |
| 31 - Added an API for specifying user public keys as an authorized_keys replacement. | |
| 32 See pubkeyapi.h for details, thanks to Fabrizio Bertocci | |
| 33 | |
| 34 - Fix idle detection clashing with keepalives, thanks to jcmathews | |
| 35 | |
| 36 - Include IP addresses in more early exit messages making it easier for fail2ban | |
| 37 processing. Patch from Kevin Darbyshire-Bryant | |
| 38 | |
| 39 - scp fix for CVE-2018-20685 where a server could modify name of output files | |
| 40 | |
| 41 - SSH_ORIGINAL_COMMAND is set for "dropbear -c" forced command too | |
| 42 | |
| 43 - Fix writing key files on systems without hard links, from Matt Robinson | |
| 44 | |
| 45 - Compatibility fixes for IRIX from Kazuo Kuroi | |
| 46 | |
| 47 - Re-enable printing MOTD by default, was lost moving from options.h. Thanks to zciendor | |
| 48 | |
| 49 - Call fsync() is called on parent directory when writing key files to ensure they are flushed | |
| 50 | |
| 51 - Fix "make install" for manpages in out-of-tree builds, from Gabor Z. Papp | |
| 52 | |
| 53 - Some notes are added in DEVELOPER.md | |
| 54 | |
| 1 2019.78 - 27 March 2019 | 55 2019.78 - 27 March 2019 |
| 2 | 56 |
| 3 - Fix dbclient regression in 2019.77. After exiting the terminal would be left | 57 - Fix dbclient regression in 2019.77. After exiting the terminal would be left |
| 4 in a bad state. Reported by Ryan Woodsmall | 58 in a bad state. Reported by Ryan Woodsmall |
| 5 | 59 |