comparison CHANGES @ 389:5ff8218bcee9

propagate from branch 'au.asn.ucc.matt.ltm.dropbear' (head 2af95f00ebd5bb7a28b3817db1218442c935388e) to branch 'au.asn.ucc.matt.dropbear' (head ecd779509ef23a8cdf64888904fc9b31d78aa933)
author Matt Johnston <matt@ucc.asn.au>
date Thu, 11 Jan 2007 03:14:55 +0000
parents bfa09e369e0e
children 67689b7ceaf0
comparison
equal deleted inserted replaced
388:fb54020f78e1 389:5ff8218bcee9
1 0.49 - Tues 13 June 2003
2
3 - Return immediately for "sleep 10 & echo foo", rather than waiting
4 for the sleep to return (pointed out by Rob Landley)
5
6 - Added -P pidfile argument to the server (from Swen Schillig)
7
8 - Compile fixes, make sure that all variable definitions are at the start
9 of a scope.
10
11 - Use $HOME in preference to that from /etc/passwd, so that it
12 dbclient can still work on systems with a broken setup.
13
14 - Add -N dbclient option for "no command"
15
16 - Add -f dbclient option for "background after auth"
17
18 - Try to finally fix ss_family compilation problems
19
20 0.48.1 - Sat 11 March 2006
21
22 - Compile fix for scp
23
24 0.48 - Thurs 9 March 2006
25
26 - Check that the circular buffer is properly empty before
27 closing a channel, which could cause truncated transfers
28 (thanks to Tomas Vanek for helping track it down)
29
30 - Implement per-IP pre-authentication connection limits
31 (after some poking from Pablo Fernandez)
32
33 - Exit gracefully if trying to connect to as SSH v1 server
34 (reported by Rushi Lala)
35
36 - Only read /dev/random once at startup when in non-inetd mode
37
38 - Allow ctrl-c to close a dbclient password prompt (may
39 still have to press enter on some platforms)
40
41 - Merged in uClinux patch for inetd mode
42
43 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue
44 where use of system() could cause users to execute arbitrary
45 code through malformed filenames, ref CVE-2006-0225
46
47 0.47 - Thurs Dec 8 2005
48
49 - SECURITY: fix for buffer allocation error in server code, could potentially
50 allow authenticated users to gain elevated privileges. All multi-user systems
51 running the server should upgrade (or apply the patch available on the
52 Dropbear webpage).
53
54 - Fix channel handling code so that redirecting to /dev/null doesn't use
55 100% CPU.
56
57 - Turn on zlib compression for dbclient.
58
59 - Set "low delay" TOS bit, can significantly improve interactivity
60 over some links.
61
62 - Added client keyboard-interactive mode support, allows operation with
63 newer OpenSSH servers in default config.
64
65 - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
66
67 - Improve logging of assertions
68
69 - Added aes-256 cipher and sha1-96 hmac.
70
71 - Fix twofish so that it actually works.
72
73 - Improve PAM prompt comparison.
74
75 - Added -g (dbclient) and -a (dropbear server) options to allow
76 connections to listening forwarded ports from remote machines.
77
78 - Various other minor fixes
79
80 - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
81 (netinet/in_systm.h needs to be included).
82
83 0.46 - Sat July 9 2005
84
85 - Fix long-standing bug which caused connections to be closed if an ssh-agent
86 socket was no longer available
87
88 - Print a warning if we seem to be blocking on /dev/random
89 (suggested by Paul Fox)
90
91 - Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch)
92
93 - dbclient -L no longer segfaults, allocate correct buffer size (thanks
94 to David Cook for reporting it, and Christopher Faylor for independently
95 sending in a patch)
96
97 - Added RSA blinding to signing code (suggested by Dan Kaminsky)
98
99 - Rearranged bignum reading/random generation code
100
101 - Reset the non-blocking status on stderr and stdout as well as stdin,
102 fixes a problem where the shell running dbclient will exit (thanks to
103 Brent Roman for reporting it)
104
105 - Fix so that all file descriptors are closed so the child shell doesn't
106 inherit descriptors (thanks to Linden May for the patch)
107
108 - Change signkey.c to avoid gcc 4 generating incorrect code
109
110 - After both sides of a file descriptor have been shutdown(), close()
111 it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch)
112
113 - Update to LibTomCrypt 1.05 and LibTomMath 0.35
114
115 0.45 - Mon March 7 2005
116
117 - Makefile no longer appends 'static' to statically linked binaries
118
119 - Add optional SSH_ASKPASS support to the client
120
121 - Respect HOST_LOOKUP option
122
123 - Fix accidentally removed "return;" statement which was removed in 0.44
124 (causing clients which sent an empty terminal-modes string to fail to
125 connect - including pssh, ssh.com, danger hiptop). (patches
126 independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
127
128 - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
129 will work with scp.
130
131 0.44 - Mon Jan 3 2005
132
133 - SECURITY: Fix for PAM auth so that usernames are logged and conversation
134 function responses are allocated correctly - all 0.44test4 users with PAM
135 compiled in (not default) are advised to upgrade.
136
137 - Fix calls to getnameinfo() for compatibility with Solaris
138
139 - Pristine compilation works (run 'configure' from a fresh dir and make it
140 there)
141
142 - Fixes for compiling with most options disabled.
143
144 - Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32
145
146 - Make sure that zeroing out of values in LTM and LTC won't get optimised away
147
148 - Removed unused functions from loginrec.c
149
150 - /dev/random is now the default entropy source rather than /dev/urandom
151
152 - Logging of IPs in auth success/failure messages for improved greppability
153
154 - Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile
155 properly)
156
157 - Avoid a race in server shell-handling code which prevents the exit-code
158 from being returned to the client in some circumstances.
159
160 - Makefile modified so that install target works correctly (doesn't try
161 to install "all" binary) - patch from Juergen Daubert
162
163 - Various minor fixes and compile warnings.
164
165 0.44test4 - Tue Sept 14 2004 21:15:54 +0800
166
167 - Fix inetd mode so it actually loads the hostkeys (oops)
168
169 - Changed DROPBEAR_DEFPORT properly everywhere
170
171 - Fix a small memory leak in the auth code
172
173 - WCOREDUMP is only used on systems which support it (ie not cygwin or AIX)
174
175 - Check (and fail for) cases when we can't negotiate algorithms with the
176 remote side successfully (rather than bombing out ungracefully)
177
178 - Handle authorized_keys files without a terminating newline
179
180 - Fiddle the channel receive window size for possibly better performance
181
182 - Added in the PAM authentication code (finally! thanks to Martin Carlsson)
183
184 0.44test3 - Fri Aug 27 22:20:54 +0800
185
186 - Fixed a bunch of warnings.
187
188 - scp works correctly when passed a username (fix for the dbclient program
189 itself as well, "-lmatt" works as well as "-l matt").
190
191 - Remove unrequired debian files
192
193 - Exit with the remote process's return code for dbclient
194
195 - Display stderr messages from the server in the client
196
197 - Add circular buffering to the channel code. This should dramatically reduce
198 the amount of backtraffic sent in response to traffic incoming to the
199 Dropbear end - improves high-latency performance (ie dialup).
200
201 - Various other related channel-handling fixups.
202
203 - Allow leading lines in the banner when connecting to servers
204
205 - Fixed printing out errors onto the network socket with stderr (for inetd
206 mode when using xinetd)
207
208 - Remove obselete documentation
209
210 - Fix a null-pointer exception when trying to free non-existant listeners
211 at cleanup.
212
213 - DEBUG_TRACE now only works if you add "-v" to the program commandline
214
215 - Don't leave stdin non-blocking on exit - this caused the parent shell
216 of dbclient to close when dbclient exited, for some shells in BusyBox
217
218 - Server connections no longer timeout after 5 minutes
219
220 - Fixed stupid DSS hostkey typo (server couldn't load host keys)
221
222 0.44test2 - Tues Aug 17 2004 17:43:54 +0800
223
224 - Fix up dropbearmulti targets in the Makefile - symlinks are now created
225
226 - Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this
227 allows them to work on platforms without a native getaddrinfo()
228
229 - Create ~/.ssh/known_hosts properly if it doesn't exist
230
231 - Fix basename() function prototype
232
233 - Backport some local changes (more #ifdefs for termcodes.c, a fix for missing
234 defines on AIX).
235
236 - Let dbclient be run as "ssh"
237
238 - Initialise mp_ints by default
239
240 0.44test1 - Sun Aug 16 2005 17:43:54 +0800
241
242 - TESTING RELEASE - this is the first public release of the client codebase,
243 so there are sure to be bugs to be found. In addition, if you're just using
244 the server portion, the final binary size probably will increase - I'll
245 be trying to get it back down in future releases.
246
247 - Dropbear client added - lots of changes to the server code as well to
248 generalise things
249
250 - IPv6 support added for client, server, and forwarding
251
252 - New makefile with more generic support for multiple-program binaries
253
254 0.43 - Fri Jul 16 2004 17:44:54 +0800
255
256 - SECURITY: Don't try to free() uninitialised variables in DSS verification
257 code. Thanks to Arne Bernin for pointing out this bug. This is possibly
258 exploitable, all users with DSS and pubkey-auth compiled in are advised to
259 upgrade.
260
261 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
262
263 - Don't go into an infinite loop when portforwarding to servers which don't
264 send any initial data/banner. Patch from Nikola Vladov
265
266 - Fix for network vs. host byte order in logging remote TCP ports, also
267 from Gerrit Pape.
268
269 - Initialise many pointers to NULL, for general safety. Also checked cleanup
270 code for mp_ints (related to security issues above).
271
272 0.42 - Wed Jun 16 2004 12:44:54 +0800
273
274 - Updated to Gerrit Pape's official Debian subdirectory
275
276 - Fixed bad check when opening /dev/urandom - thanks to Danny Sung.
277
278 - Added -i inetd mode flag, and associated options in options.h . Dropbear
279 can be compiled with either normal mode, inetd, or both modes. Thanks
280 to Gerrit Pape for basic patch and motivation.
281
282 - Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill
283 Sommerfield.
284
285 - Fixed a TCP forwarding (client-local, -L style) bug which caused the whole
286 session to close if the TCP connection failed. Thanks to Andrew Braund for
287 reporting it and helping track it down.
288
289 - Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some
290 suggestions, and BSD manpages for a clearer explanation of the behaviour.
291
292 - Added manpages, thanks to Gerrit Pape.
293
294 - Changed license text for LibTomCrypt and LibTomMath.
295
296 - Added strip-static target
297
298 - Fixed a bug in agent-forwarding cleanup handler - would segfault
299 (dereferencing a null pointer) if agent forwarding had failed.
300
301 - Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will
302 work. Thanks to Dr. Markus Waldeck for the report.
303
304 - Fixed local port forwarding code so that the "-j" option will make forwarding
305 attempts fail more gracefully.
306
307 - Allow repeated requests in a single session if previous ones fail - this fixes PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it
308 isn't available. Thanks to Stirling Westrup for the report.
309
310 - Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses
311 smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in
312 options.h, leading to a significant reduction in the binary size.
313
314 0.41 - Mon Jan 19 2004 22:40:19 +0800
315
316 - Fix in configure so that cross-compiling works, thanks to numerous people for
317 reporting and testing
318
319 - Terminal mode parsing now handles empty terminal mode strings (sent by
320 Windows ssh.com clients), thanks to Ricardo Derbes for the report
321
322 - Handling is improved for users with no shell specified in /etc/passwd,
323 thanks again to Ricardo Derbes
324
325 - Fix for compiling with --disable-syslog, thanks to gordonfh
326
327 - Various minor fixes allow scp to work with irix, thanks to Paul Marinceu for
328 fixing it up
329
330 - Use <stropts.h> not <sys/stropts.h>, since the former seems more common
331
332 0.40 - Tue Jan 13 2004 21:05:19 +0800
333
334 - Remote TCP forwarding (-R) style implemented
335
336 - Local and remote TCP forwarding can each be disabled at runtime (-k and -j
337 switches)
338
339 - Fix for problems detecting openpty() with uClibc - many thanks to various
340 people for reporting and testing fixes, including (in random order) Cristian
341 Ionescu-Idbohrn, James Ewing, Steve Dover, Thomas Lundquist and Frederic
342 Lavernhe
343
344 - Improved portability for IRIX, thanks to Paul Marinceu
345
346 - AIX and HPUX portability fixes, thanks to Darren Tucker for patches
347
348 - prngd should now work correctly, thanks to Darren Tucker for the patch
349
350 - scp compilation on systems without strlcpy() is fixed, thanks to Peter
351 Jannesen and David Muse for reporting it (independently and simultaneously :)
352
353 - Merged in new LibTomCrypt 0.92 and LibTomMath 0.28
354
355 0.39 - Tue Dec 16 2003 15:19:19 +0800
356
357 - Better checking of key lengths and parameters for DSS and RSA auth
358
359 - Print fingerprint of keys used for pubkey auth
360
361 - More consistent logging of usernames and IPs
362
363 - Added option to disable password auth (or just for root) at runtime
364
365 - Avoid including bignum functions which don't give much speed benefit but
366 take up binary size
367
368 - Added a stripped down version of OpenSSH's scp binary
369
370 - Added additional supporting functions for Irix, thanks to Paul Marinceu
371
372 - Don't check for unused libraries in configure script
373
374 - Removed trailing comma in algorithm lists (thanks to Mihnea Stoenescu)
375
376 - Fixed up channel close handling, always send close packet in response
377 (also thanks to Mihnea Stoenescu)
378
379 - Various makefile improvements for cross-compiling, thanks to Friedrich
380 Lobenstock and Mihnea Stoenescu
381
382 - Use daemon() function if available (or our own copy) rather than separate
383 code (thanks to Fr�d�ric Lavernhe for the report and debugging, and Bernard
384 Blackham for his suggestion on what to look at)
385
386 - Fixed up support for first_kex_packet_follows, required to talk to ssh.com
387 clients. Thanks to Marian Stagarescu for the bug report.
388
389 - Avoid using MAXPATHLEN, pointer from Ian Morris
390
391 - Improved input sanity checking
392
393 0.38 - Sat Oct 11 2003 16:28:13 +0800
394
395 - Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key
396 rather than /etc/dropbear_{rsa,dss}_host_key
397
398 - Added SMALL and MULTI text files which have info on compiling for multiple
399 binaries or small binaries
400
401 - Allow for commandline definition of some options.h settings
402 (without warnings)
403
404 - Be more careful handling EINTR
405
406 - More fixes for channel closing
407
408 - Added multi-binary support
409
410 - Improved logging of IPs, now get logged in all cases
411
412 - Don't chew cpu when waiting for version identification string, also
413 make sure that we kick off people if they don't auth within 5 minutes.
414
415 - Various small fixes, warnings etc
416
417 - Display MOTD if requested - suggested by
418 Trent Lloyd <lathiat at sixlabs.org> and
419 Zach White <zwhite at darkstar.frop.org>
420
421 - sftp support works (relies on OpenSSH sftp binary or similar)
422
423 - Added --disable-shadow option (requested by the floppyfw guys)
424
425 0.37 - Wed Sept 24 2003 19:42:12 +0800
426
427 - Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2,
428 AIX, BSDs
429
430 - Updated LibTomMath to 0.27 and LibTomCrypt to 0.90
431
432 - Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h
433
434 - Added some small changes so it'll work with AIX (plus Linux Affinity).
435 Thanks to Shig for them.
436
437 - Improved the closing messages, so a clean exit is "Exited normally"
438
439 - Added some more robust integer/size checking in buffer.c as a backstop for
440 integer overflows
441
442 - X11 forwarding fixed for OSX, path for xauth changed to /usr/X11R6/bin/xauth
443
444 - Channel code handles closing more nicely, doesn't sit waiting for an extra
445 keystroke on BSD/OSX platforms, and data is flushed fully before closing
446 child processes (thanks to
447 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> for
448 pointing that out).
449
450 - Changed "DISABLE_TCPFWD" to "ENABLE_TCPFWD" (and for x11/auth) so
451 "disable DISABLE_TCPWD" isn't so confusing.
452
453 - Fix authorized_keys handling (don't crash on too-long keys, and
454 use fgetc not getc to avoid strange macro-related issues), thanks to
455 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
456 and Steve Rodgers <hwstar at cox.net> for reporting and testing.
457
458 - Fixes to the README with regard to uClibc systems, thanks to
459 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>,
460 as well as general improvements to documentation (split README/INSTALL)
461
462 - Fixed up some compilation problems with dropbearconvert/dropbearkey if
463 DSS or RSA were disabled, reported by Patrik Karlsson <patrik at cqure.net>
464
465 - Fix double-free bug for hostkeys, reported by
466 Vincent Sanders <vince at kyllikki.org>
467
468 - Fix up missing \ns from dropbearconvert help message,
469 thanks to Mordy Ovits <movits at bloomberg.com> for the patch
470
471 0.36 - Tue August 19 2003 12:16:23 +0800
472
473 - Fix uninitialised temporary variable in DSS signing code
474 (thanks to Matthew Franz <mdfranz at io.com> for reporting, and the authors
475 of Valgrind for making it easy to track down)
476 - Fix remote version-string parsing error
477 (thanks to Bernard Blackham <bernard at blackham.com.au> for noticing)
478 - Improved host-algorithm-matching algorithm in algo.c
479 - Decreased MAX_STRING_LEN to a more realistic value
480 - Fix incorrect version (0.34) in this CHANGES file for the previous release.
481
482 0.35 - Sun August 17 2003 05:37:47 +0800
483
484 - Fix for remotely exploitable format string buffer overflow.
485 (thanks to Joel Eriksson <je at bitnux.com>)
486
487 0.34 - Fri August 15 2003 15:10:00 +0800
488
489 - Made syslog optional, both at compile time and as a compile option
490 (suggested by Laurent Bercot <ska at skarnet.org>)
491 - Fixup for bad base64 parsing in authorized_keys
492 (noticed by Davyd Madeley <davyd at zdlcomputing.com>)
493 - Added initial tcp forwarding code, only -L (local) at this stage
494 - Improved "make install" with DESTDIR and changing ownership seperately,
495 don't check for setpgrp on Linux for crosscompiling.
496 (from Erik Andersen <andersen at codepoet.org>)
497 - More commenting, fix minor compile warnings, make return values more
498 consistent etc
499 - Various signedness fixes
500 - Can listen on multiple ports
501 - added option to disable openpty with configure script,
502 (from K.-P. Kirchd�rfer <kapeka at epost.de>)
503 - Various cleanups to bignum code
504 (thanks to Tom St Denis <tomstdenis at iahu.ca>)
505 - Fix compile error when disabling RSA
506 (from Marc Kleine-Budde <kleine-budde at gmx.de>)
507 - Other cleanups, splitting large functions for packet and kex handling etc
508
509 0.33 - Sun June 22 2003 22:24:12 +0800
510
511 - Fixed some invalid assertions in the channel code, fixing the server dying
512 when forwarding X11 connections.
513 - Add dropbearconvert to convert to/from OpenSSH host keys and Dropbear keys
514 - RSA keys now keep p and q parameters for compatibility -- old Dropbear keys
515 still work, but can't be converted to OpenSSH etc.
516 - Debian packaging directory added, thanks to
517 Grahame (grahame at angrygoats.net)
518 - 'install' target added to the makefile
519 - general tidying, improve consistency of functions etc
520 - If RSA or DSS hostkeys don't exist, that algorithm won't be used.
521 - Improved RSA and DSS key generation, more efficient and fixed some minor bugs
522 (thanks to Tom St Denis for the advice)
523 - Merged new versions of LibTomCrypt (0.86) and LibTomMath (0.21)
524
525 0.32 - Sat May 24 2003 12:44:11 +0800
526
527 - Don't compile unused code from libtomcrypt (test vectors etc)
528 - Updated to libtommath 0.17 and libtomcrypt 0.83. New libtommath results
529 in smaller binary size, due to not linking unrequired code
530 - X11 forwarding added
531 - Agent forwarding added (for OpenSSH.com ssh client/agent)
532 - Fix incorrect buffer freeing when banners are used
533 - Hostname resolution works
534 - Various minor bugfixes/code size improvements etc
535
536 0.31 - Fri May 9 2003 17:57:16 +0800
537
538 - Improved syslog messages - IP logging etc
539 - Strip control characters from log messages (specified username currently)
540 - Login recording (utmp/wtmp) support, so last/w/who work - taken from OpenSSH
541 - Shell is started as a proper login shell, so /etc/profile etc is sourced
542 - Ptys work on Solaris (2.8 x86 tested) now
543 - Fixed bug in specifying the rsa hostkey
544 - Fixed bug in compression code, could trigger if compression resulted in
545 larger output than input (uncommon but possible).
546
547 0.30 - Thu Apr 17 2003 18:46:15 +0800
548
549 - SECURITY: buffer.c had bad checking for buffer increment length - fixed
550 - channel code now closes properly on EOF - scp processes don't hang around
551 - syslog support added - improved auth/login/failure messages
552 - general code tidying, made return codes more consistent
553 - Makefile fixed for dependencies and makes libtomcrypt as well
554 - Implemented sending SSH_MSG_UNIMPLEMENTED :)
555
556 0.29 - Wed Apr 9 2003
557
558 - Fixed a stupid bug in 0.28 release, 'newstr = strdup(oldstr)',
559 not 'newstr=oldstr'
560
561 0.28 - Sun Apr 6 2003
562
563 - Initial public release
564
565 Development was started in October 2002