Mercurial > dropbear
comparison CHANGES @ 691:e698d1a9f428
Some changes since 2012.55
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Fri, 22 Feb 2013 23:54:47 +0800 |
| parents | d354464b2aa6 |
| children | b207d5183bb7 |
comparison
equal
deleted
inserted
replaced
| 690:4b47ff154ff6 | 691:e698d1a9f428 |
|---|---|
| 1 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient | |
| 2 | |
| 3 - Allow using 'none' cipher or MAC | |
| 4 | |
| 5 - Allow a user in immediately if the account has a blank password and blank | |
| 6 passwords are enabled | |
| 7 | |
| 8 - Include a few extra sources of entropy from /proc on Linux, hash private keys | |
| 9 as well | |
| 10 | |
| 11 - Added sha2-256 and sha2-512 hashes | |
| 12 | |
| 13 - Don't sent "localhost" for -R forward connections, reported by Denis Bider | |
| 14 | |
| 15 - Add "-B" runtime option to allow blank passwords | |
| 16 | |
| 1 2012.55 - Wednesday 22 February 2012 | 17 2012.55 - Wednesday 22 February 2012 |
| 2 | 18 |
| 3 - Security: Fix use-after-free bug that could be triggered if command="..." | 19 - Security: Fix use-after-free bug that could be triggered if command="..." |
| 4 authorized_keys restrictions are used. Could allow arbitrary code execution | 20 authorized_keys restrictions are used. Could allow arbitrary code execution |
| 5 or bypass of the command="..." restriction to an authenticated user. | 21 or bypass of the command="..." restriction to an authenticated user. |