Mercurial > dropbear
comparison CHANGES @ 1520:84578193ef47
draft CHANGES
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Sun, 18 Feb 2018 23:48:32 +0800 |
| parents | b19877938d6a |
| children | d35cf9a5e0b5 |
comparison
equal
deleted
inserted
replaced
| 1519:2f4d52b1334e | 1520:84578193ef47 |
|---|---|
| 1 Upcoming... | |
| 2 | |
| 3 - IMPORTANT: | |
| 4 Custom configuration is now specified in local_options.h rather than options.h | |
| 5 Available options and defaults can be seen in default_options.h.in | |
| 6 | |
| 7 To migrate your configuration, compare your customised options.h against the | |
| 8 upstream options.h from your relevant version. Any customised options should | |
| 9 be put in localoptions.h | |
| 10 | |
| 11 - "configure --enable-static" should now be used instead of "make STATIC=1" | |
| 12 | |
| 13 - Add group14-256 and group16 key exchange options | |
| 14 | |
| 15 - Set hardened build flags by default if supported by the compiler. | |
| 16 -Wl,-pie | |
| 17 -Wl,-z,now -Wl,-z,relro | |
| 18 -fstack-protector-strong | |
| 19 -D_FORTIFY_SOURCE=2 | |
| 20 # spectre v2 mitigation | |
| 21 -mfunction-return=thunk | |
| 22 -mindirect-branch=thunk | |
| 23 | |
| 24 These can be disabled with configure --disable-harden if needed | |
| 25 Spectre patch from Loganaden Velvindron | |
| 26 | |
| 27 - Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant | |
| 28 | |
| 29 - Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket. | |
| 30 See dbclient manpage for a socat example. Patch from Harald Becker | |
| 31 | |
| 32 - Add "-c forced_command" option. Patch from Jeremy Kerr | |
| 33 | |
| 34 - Support server-chosen TCP forwarding ports, patch from houseofkodai | |
| 35 | |
| 36 - Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port] | |
| 37 Patch from houseofkodai | |
| 38 | |
| 39 - Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1 | |
| 40 | |
| 41 - Minimum RSA key length has been increased to 1024 bits | |
| 42 | |
| 43 - Set PAM_RHOST which is needed by modules such as pam_abl | |
| 44 | |
| 45 - Improvements to DSS public key validation, found by OSS-Fuzz. | |
| 46 | |
| 47 - Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz | |
| 48 | |
| 49 - Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz | |
| 50 | |
| 51 - Numerous code cleanups and small issues fixed by Francois Perrad | |
| 52 | |
| 53 - Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl | |
| 54 platforms. Reported by Oliver Schneider and Andrew Bainbridge | |
| 55 | |
| 56 - Fix some platform portability problems, from Ben Gardner | |
| 57 | |
| 58 - Add EXEEXT filename suffix for building dropbearmulti, from William Foster | |
| 59 | |
| 60 - Support --enable-<option> properly for configure, from Stefan Hauser | |
| 61 | |
| 62 - configure have_openpty result can be cached, from Eric BĂ©nard | |
| 63 | |
| 64 - handle platforms that return close() < -1 on failure, from Marco Wenzel | |
| 65 | |
| 66 - Build and configuration cleanups from Michael Witten | |
| 67 | |
| 68 - Fix libtomcrypt/libtommath linking order, from Andre McCurdy | |
| 69 | |
| 70 - Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC | |
| 71 | |
| 72 - Update curve25519-donna implementation to current version | |
| 73 | |
| 1 2017.75 - 18 May 2017 | 74 2017.75 - 18 May 2017 |
| 2 | 75 |
| 3 - Security: Fix double-free in server TCP listener cleanup | 76 - Security: Fix double-free in server TCP listener cleanup |
| 4 A double-free in the server could be triggered by an authenticated user if | 77 A double-free in the server could be triggered by an authenticated user if |
| 5 dropbear is running with -a (Allow connections to forwarded ports from any host) | 78 dropbear is running with -a (Allow connections to forwarded ports from any host) |