Mercurial > dropbear
comparison CHANGES @ 1520:84578193ef47
draft CHANGES
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 18 Feb 2018 23:48:32 +0800 |
parents | b19877938d6a |
children | d35cf9a5e0b5 |
comparison
equal
deleted
inserted
replaced
1519:2f4d52b1334e | 1520:84578193ef47 |
---|---|
1 Upcoming... | |
2 | |
3 - IMPORTANT: | |
4 Custom configuration is now specified in local_options.h rather than options.h | |
5 Available options and defaults can be seen in default_options.h.in | |
6 | |
7 To migrate your configuration, compare your customised options.h against the | |
8 upstream options.h from your relevant version. Any customised options should | |
9 be put in localoptions.h | |
10 | |
11 - "configure --enable-static" should now be used instead of "make STATIC=1" | |
12 | |
13 - Add group14-256 and group16 key exchange options | |
14 | |
15 - Set hardened build flags by default if supported by the compiler. | |
16 -Wl,-pie | |
17 -Wl,-z,now -Wl,-z,relro | |
18 -fstack-protector-strong | |
19 -D_FORTIFY_SOURCE=2 | |
20 # spectre v2 mitigation | |
21 -mfunction-return=thunk | |
22 -mindirect-branch=thunk | |
23 | |
24 These can be disabled with configure --disable-harden if needed | |
25 Spectre patch from Loganaden Velvindron | |
26 | |
27 - Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant | |
28 | |
29 - Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket. | |
30 See dbclient manpage for a socat example. Patch from Harald Becker | |
31 | |
32 - Add "-c forced_command" option. Patch from Jeremy Kerr | |
33 | |
34 - Support server-chosen TCP forwarding ports, patch from houseofkodai | |
35 | |
36 - Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port] | |
37 Patch from houseofkodai | |
38 | |
39 - Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1 | |
40 | |
41 - Minimum RSA key length has been increased to 1024 bits | |
42 | |
43 - Set PAM_RHOST which is needed by modules such as pam_abl | |
44 | |
45 - Improvements to DSS public key validation, found by OSS-Fuzz. | |
46 | |
47 - Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz | |
48 | |
49 - Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz | |
50 | |
51 - Numerous code cleanups and small issues fixed by Francois Perrad | |
52 | |
53 - Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl | |
54 platforms. Reported by Oliver Schneider and Andrew Bainbridge | |
55 | |
56 - Fix some platform portability problems, from Ben Gardner | |
57 | |
58 - Add EXEEXT filename suffix for building dropbearmulti, from William Foster | |
59 | |
60 - Support --enable-<option> properly for configure, from Stefan Hauser | |
61 | |
62 - configure have_openpty result can be cached, from Eric BĂ©nard | |
63 | |
64 - handle platforms that return close() < -1 on failure, from Marco Wenzel | |
65 | |
66 - Build and configuration cleanups from Michael Witten | |
67 | |
68 - Fix libtomcrypt/libtommath linking order, from Andre McCurdy | |
69 | |
70 - Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC | |
71 | |
72 - Update curve25519-donna implementation to current version | |
73 | |
1 2017.75 - 18 May 2017 | 74 2017.75 - 18 May 2017 |
2 | 75 |
3 - Security: Fix double-free in server TCP listener cleanup | 76 - Security: Fix double-free in server TCP listener cleanup |
4 A double-free in the server could be triggered by an authenticated user if | 77 A double-free in the server could be triggered by an authenticated user if |
5 dropbear is running with -a (Allow connections to forwarded ports from any host) | 78 dropbear is running with -a (Allow connections to forwarded ports from any host) |