Mercurial > dropbear
comparison CHANGES @ 511:582cb38e4eb5 insecure-nocrypto
propagate from branch 'au.asn.ucc.matt.dropbear' (head cdcc3c729e29544e8b98a408e2dc60e4483dfd2a)
to branch 'au.asn.ucc.matt.dropbear.insecure-nocrypto' (head 0ca38a1cf349f7426ac9de34ebe4c3e3735effab)
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Thu, 06 Nov 2008 13:16:55 +0000 |
| parents | b85507ade010 |
| children | a3748e54273c |
comparison
equal
deleted
inserted
replaced
| 361:461c4b1fb35f | 511:582cb38e4eb5 |
|---|---|
| 1 0.52 | |
| 2 | |
| 3 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel | |
| 4 standard input/output to a TCP port-forwarded remote host. | |
| 5 | |
| 6 - Add "proxy command" support to dbclient, to allow using a spawned process for | |
| 7 IO rather than a direct TCP connection. eg | |
| 8 dbclient remotehost | |
| 9 is equivalent to | |
| 10 dbclient -J 'nc remotehost 22' remotehost | |
| 11 (the hostname is still provided purely for looking up saved host keys) | |
| 12 | |
| 13 - Combine netcat-alike and proxy support to allow "multihop" connections, with | |
| 14 comma-separated host syntax. Allows running | |
| 15 dbclient user1@host1,user2@host2,user3@host3 | |
| 16 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit | |
| 17 like onion-routing. All connections are established from the local machine. | |
| 18 The comma-separated syntax can also be used for scp/rsync, eg | |
| 19 scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump . | |
| 20 to bounce through a few hosts. | |
| 21 | |
| 22 - Allow restrictions on authorized_keys logins such as restricting commands | |
| 23 to be run etc. This is a subset of those allowed by OpenSSH, doesn't | |
| 24 yet allow restricting source host. | |
| 25 | |
| 26 - Use vfork() for scp on uClinux | |
| 27 | |
| 28 - Default to PATH=/usr/bin:/bin for shells. | |
| 29 | |
| 30 - Report errors if -R forwarding fails | |
| 31 | |
| 32 - Add counter mode cipher support, which avoids some security problems with the | |
| 33 standard CBC mode. | |
| 34 | |
| 35 - Support [email protected] delayed compression for client/server. It can be | |
| 36 required for the Dropbear server with the '-Z' option. This is useful for | |
| 37 security as it avoids exposing the server to attacks on zlib by | |
| 38 unauthenticated remote users, though requires client side support. | |
| 39 | |
| 40 - options.h has been split into options.h (user-changable) and sysoptions.h | |
| 41 (less commonly changed) | |
| 42 | |
| 43 - Support "dbclient -s sftp" to specify a subsystem | |
| 44 | |
| 45 - Fix a bug in replies to channel requests that could be triggered by recent | |
| 46 versions of PuTTY | |
| 47 | |
| 48 0.51 - Thu 27 March 2008 | |
| 49 | |
| 50 - Make a copy of password fields rather erroneously relying on getwpnam() | |
| 51 to be safe to call multiple times | |
| 52 | |
| 53 - If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is | |
| 54 as well) always use that program, ignoring isatty() and $DISPLAY | |
| 55 | |
| 56 - Wait until a process exits before the server closes a connection, so | |
| 57 that an exit code can be sent. This fixes problems with exit codes not | |
| 58 being returned, which could cause scp to fail. | |
| 59 | |
| 60 0.50 - Wed 8 August 2007 | |
| 61 | |
| 62 - Add DROPBEAR_PASSWORD environment variable to specify a dbclient password | |
| 63 | |
| 64 - Use /dev/urandom by default, since that's what everyone does anyway | |
| 65 | |
| 66 - Correct vfork() use for uClinux in scp | |
| 67 (thanks to Alex Landau) | |
| 68 | |
| 69 - Exit with an exit code of 1 if dropbear can't bind to any ports | |
| 70 (thanks to Nicolai Ehemann) | |
| 71 | |
| 72 - Improve network performance and add a -W <receive_window> argument for | |
| 73 adjusting the tradeoff between network performance and memory consumption. | |
| 74 | |
| 75 - Fix a problem where reply packets could be sent during key exchange, | |
| 76 in violation of the SSH spec. This could manifest itself with connections | |
| 77 being terminated after 8 hours with new TCP-forward connections being | |
| 78 established. | |
| 79 | |
| 80 - Add -K <keepalive_time> argument, ensuring that data is transmitted | |
| 81 over the connection at least every N seconds. | |
| 82 | |
| 83 - dropbearkey will no longer generate DSS keys of sizes other than 1024 | |
| 84 bits, as required by the DSS specification. (Other sizes are still | |
| 85 accepted for use to provide backwards compatibility). | |
| 86 | |
| 87 0.49 - Fri 23 February 2007 | |
| 88 | |
| 89 - Security: dbclient previously would prompt to confirm a | |
| 90 mismatching hostkey but wouldn't warn loudly. It will now | |
| 91 exit upon a mismatch. | |
| 92 | |
| 93 - Compile fixes, make sure that all variable definitions are at the start | |
| 94 of a scope. | |
| 95 | |
| 96 - Added -P pidfile argument to the server (from Swen Schillig) | |
| 97 | |
| 98 - Add -N dbclient option for "no command" | |
| 99 | |
| 100 - Add -f dbclient option for "background after auth" | |
| 101 | |
| 102 - Add ability to limit binding to particular addresses, use | |
| 103 -p [address:]port, patch from Max-Gerd Retzlaff. | |
| 104 | |
| 105 - Try to finally fix ss_family compilation problems (for old | |
| 106 glibc systems) | |
| 107 | |
| 108 - Fix finding relative-path server hostkeys when running daemonized | |
| 109 | |
| 110 - Use $HOME in preference to that from /etc/passwd, so that | |
| 111 dbclient can still work on broken systems. | |
| 112 | |
| 113 - Fix various issues found by Klocwork defect analysis, mostly memory leaks | |
| 114 and error-handling. Thanks to Klocwork for their service. | |
| 115 | |
| 116 - Improve building in a separate directory | |
| 117 | |
| 118 - Add compile-time LOG_COMMANDS option to log user commands | |
| 119 | |
| 120 - Add '-y' flag to dbclient to unconditionally accept host keys, | |
| 121 patch from Luciano Miguel Ferreira Rocha | |
| 122 | |
| 123 - Return immediately for "sleep 10 & echo foo", rather than waiting | |
| 124 for the sleep to return (pointed out by Rob Landley). | |
| 125 | |
| 126 - Avoid hanging after exit in certain cases (such as scp) | |
| 127 | |
| 128 - Various minor fixes, in particular various leaks reported by | |
| 129 Erik Hovland | |
| 130 | |
| 131 - Disable core dumps on startup | |
| 132 | |
| 133 - Don't erase over every single buffer, since it was a bottleneck. | |
| 134 On systems where it really matters, encrypted swap should be utilised. | |
| 135 | |
| 136 - Read /dev/[u]random only once at startup to conserve kernel entropy | |
| 137 | |
| 138 - Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40 | |
| 139 | |
| 140 - Upgrade config.status and config.guess | |
| 141 | |
| 1 0.48.1 - Sat 11 March 2006 | 142 0.48.1 - Sat 11 March 2006 |
| 2 | 143 |
| 3 - Compile fix for scp | 144 - Compile fix for scp |
| 4 | 145 |
| 5 0.48 - Thurs 9 March 2006 | 146 0.48 - Thurs 9 March 2006 |