comparison CHANGES @ 1069:2fa71c3b2827 pam

merge pam branch up to date
author Matt Johnston <matt@ucc.asn.au>
date Mon, 16 Mar 2015 21:34:05 +0800
parents 0b365b6a6f08
children 7cb1f49d89a8
comparison
equal deleted inserted replaced
1068:9a6395ddb1b6 1069:2fa71c3b2827
1 - Improve efficiency of writing data to local program/pipes, measured 30% for
2 connections to localhost
3
4 - Use TCP Fast Open on Linux if available. saves a round trip at connection
5 to hosts that have previously been connected.
6 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
7
8 - Forwarded TCP ports connect asynchronously and retry with other available
9 addresses (IPv4 or IPv6)
10
11 - Free memory before exiting, patch from Thorsten Horstmann. Useful for
12 Dropbear ports to embedded systems and for checking memory leaks
13 with valgrind. Only partially implemented for client side.
14
15 - Fix small ECC memory leaks
16
17 2015.67 - Wednesday 28 January 2015
18
19 - Call fsync() after generating private keys to ensure they aren't lost if a
20 reboot occurs. Thanks to Peter Korsgaard
21
22 - Disable non-delayed zlib compression by default on the server. Can be
23 enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
24
25 - Default client key path ~/.ssh/id_dropbear
26
27 - Prefer stronger algorithms by default, from Fedor Brunner.
28 AES256 over 3DES
29 Diffie-hellman group14 over group1
30
31 - Add option to disable CBC ciphers.
32
33 - Disable twofish in default options.h
34
35 - Enable sha2 HMAC algorithms by default, the code was already required
36 for ECC key exchange. sha1 is the first preference still for performance.
37
38 - Fix installing dropbear.8 in a separate build directory, from Like Ma
39
40 - Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
41
42 - Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
43
44 - Minor bug fixes, a few issues found by Coverity scan
45
1 2014.66 - Thursday 23 October 2014 46 2014.66 - Thursday 23 October 2014
2 47
3 - Use the same keepalive handling behaviour as OpenSSH. This will work better 48 - Use the same keepalive handling behaviour as OpenSSH. This will work better
4 with some SSH implementations that have different behaviour with unknown 49 with some SSH implementations that have different behaviour with unknown
5 message types. 50 message types.