comparison CHANGES @ 1147:809feaa9408f DROPBEAR_2015.68

changelog and version 2015.68
author Matt Johnston <matt@ucc.asn.au>
date Sat, 08 Aug 2015 20:35:28 +0800
parents 63ac2261e1b0
children 4ab757b14b2d
comparison
equal deleted inserted replaced
1146:3c8403f4669d 1147:809feaa9408f
1 - Improve efficiency of writing data to local program/pipes, measured 30% increase 1 2015.68 - Saturday 8 August 2015
2
3 - Reduce local data copying for improved efficiency. Measured 30%
2 increase in throughput for connections to localhost 4 increase in throughput for connections to localhost
3 5
4 - Use TCP Fast Open on Linux if available. saves a round trip at connection 6 - Forwarded TCP ports connect asynchronously and try all available addresses
7 (IPv4, IPv6, round robin DNS)
8
9 - Fix all compile warnings, many patches from Gaël Portay
10 Note that configure with -Werror may not be successful on some platforms (OS X)
11 and some configuration options may still result in unused variable
12 warnings.
13
14 - Use TCP Fast Open on Linux if available. Saves a round trip at connection
5 to hosts that have previously been connected. 15 to hosts that have previously been connected.
6 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3" 16 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
7 Client side is disabled by default pending further compatibility testing 17 Client side is disabled by default pending further compatibility testing
8 with networks and systems. 18 with networks and systems.
9 19
10 - Forwarded TCP ports connect asynchronously and retry with other available 20 - Increase maximum command length to 9000 bytes
11 addresses (IPv4 versus IPv6, round robin IPs)
12 21
13 - Free memory before exiting, patch from Thorsten Horstmann. Useful for 22 - Free memory before exiting, patch from Thorsten Horstmann. Useful for
14 Dropbear ports to embedded systems and for checking memory leaks 23 Dropbear ports to embedded systems and for checking memory leaks
15 with valgrind. Only partially implemented for client side. 24 with valgrind. Only partially implemented for dbclient.
16 25 This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
17 - Fix all compile warnings, patch from Gaël Portay 26
18 (note that configure with -Werror may not be successful on some platforms 27 - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
19 such as OS X and some configuration options may result in unused variable 28 there is a leading slash (~ isn't treated specially)
20 warnings)
21 29
22 - Fix small ECC memory leaks 30 - Fix small ECC memory leaks
23 31
24 - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of 32 - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
25 Matta Consulting. Odds of bad values are around 2**-512 -- improbable. 33 Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
27 - Twofish-ctr cipher is supported though disabled by default 35 - Twofish-ctr cipher is supported though disabled by default
28 36
29 - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks 37 - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
30 to CL Ouyang 38 to CL Ouyang
31 39
32 - Increase maximum command size to 9000 bytes 40 - Fix null pointer crash with restrictions in authorized_keys without a command, patch from
33 41 Guilhem Moulin
34 - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless 42
35 there is a leading slash (~ isn't treated specially) 43 - Ensure authentication timeout is handled while reading the initial banner,
44 thanks to CL Ouyang for finding it.
45
46 - Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
36 47
37 2015.67 - Wednesday 28 January 2015 48 2015.67 - Wednesday 28 January 2015
38 49
39 - Call fsync() after generating private keys to ensure they aren't lost if a 50 - Call fsync() after generating private keys to ensure they aren't lost if a
40 reboot occurs. Thanks to Peter Korsgaard 51 reboot occurs. Thanks to Peter Korsgaard