Mercurial > dropbear
comparison CHANGES @ 837:fdf51d3f26e1 ecc
merge
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 20 Oct 2013 21:07:05 +0800 |
parents | b9f0058860f1 |
children | e894dbc015ba |
comparison
equal
deleted
inserted
replaced
836:d7d9f1612d51 | 837:fdf51d3f26e1 |
---|---|
1 2013.60 - Wednesday 16 October 2013 | |
2 | |
3 - Fix "make install" so that it doesn't always install to /bin and /sbin | |
4 | |
5 - Fix "make install MULTI=1", installing manpages failed | |
6 | |
7 - Fix "make install" when scp is included since it has no manpage | |
8 | |
9 - Make --disable-bundled-libtom work | |
10 | |
11 2013.59 - Friday 4 October 2013 | |
12 | |
13 - Fix crash from -J command | |
14 Thanks to LluĂs Batlle i Rossell and Arnaud Mouiche for patches | |
15 | |
16 - Avoid reading too much from /proc/net/rt_cache since that causes | |
17 system slowness. | |
18 | |
19 - Improve EOF handling for half-closed connections | |
20 Thanks to Catalin Patulea | |
21 | |
22 - Send a banner message to report PAM error messages intended for the user | |
23 Patch from Martin Donnelly | |
24 | |
25 - Limit the size of decompressed payloads, avoids memory exhaustion denial | |
26 of service | |
27 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 | |
28 | |
29 - Avoid disclosing existence of valid users through inconsistent delays | |
30 Thanks to Logan Lamb for reporting. CVE-2013-4434 | |
31 | |
32 - Update config.guess and config.sub for newer architectures | |
33 | |
34 - Avoid segfault in server for locked accounts | |
35 | |
36 - "make install" now installs manpages | |
37 dropbearkey.8 has been renamed to dropbearkey.1 | |
38 manpage added for dropbearconvert | |
39 | |
40 - Get rid of one second delay when running non-interactive commands | |
41 | |
42 | |
1 2013.58 - Thursday 18 April 2013 | 43 2013.58 - Thursday 18 April 2013 |
2 | 44 |
3 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz | 45 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz |
4 | 46 |
5 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder | 47 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder |
284 | 326 |
285 0.49 - Fri 23 February 2007 | 327 0.49 - Fri 23 February 2007 |
286 | 328 |
287 - Security: dbclient previously would prompt to confirm a | 329 - Security: dbclient previously would prompt to confirm a |
288 mismatching hostkey but wouldn't warn loudly. It will now | 330 mismatching hostkey but wouldn't warn loudly. It will now |
289 exit upon a mismatch. | 331 exit upon a mismatch. CVE-2007-1099 |
290 | 332 |
291 - Compile fixes, make sure that all variable definitions are at the start | 333 - Compile fixes, make sure that all variable definitions are at the start |
292 of a scope. | 334 of a scope. |
293 | 335 |
294 - Added -P pidfile argument to the server (from Swen Schillig) | 336 - Added -P pidfile argument to the server (from Swen Schillig) |
346 - Check that the circular buffer is properly empty before | 388 - Check that the circular buffer is properly empty before |
347 closing a channel, which could cause truncated transfers | 389 closing a channel, which could cause truncated transfers |
348 (thanks to Tomas Vanek for helping track it down) | 390 (thanks to Tomas Vanek for helping track it down) |
349 | 391 |
350 - Implement per-IP pre-authentication connection limits | 392 - Implement per-IP pre-authentication connection limits |
351 (after some poking from Pablo Fernandez) | 393 (after some poking from Pablo Fernandez) CVE-2006-1206 |
352 | 394 |
353 - Exit gracefully if trying to connect to as SSH v1 server | 395 - Exit gracefully if trying to connect to as SSH v1 server |
354 (reported by Rushi Lala) | 396 (reported by Rushi Lala) |
355 | 397 |
356 - Only read /dev/random once at startup when in non-inetd mode | 398 - Only read /dev/random once at startup when in non-inetd mode |
367 0.47 - Thurs Dec 8 2005 | 409 0.47 - Thurs Dec 8 2005 |
368 | 410 |
369 - SECURITY: fix for buffer allocation error in server code, could potentially | 411 - SECURITY: fix for buffer allocation error in server code, could potentially |
370 allow authenticated users to gain elevated privileges. All multi-user systems | 412 allow authenticated users to gain elevated privileges. All multi-user systems |
371 running the server should upgrade (or apply the patch available on the | 413 running the server should upgrade (or apply the patch available on the |
372 Dropbear webpage). | 414 Dropbear webpage). CVE-2005-4178 |
373 | 415 |
374 - Fix channel handling code so that redirecting to /dev/null doesn't use | 416 - Fix channel handling code so that redirecting to /dev/null doesn't use |
375 100% CPU. | 417 100% CPU. |
376 | 418 |
377 - Turn on zlib compression for dbclient. | 419 - Turn on zlib compression for dbclient. |
574 0.43 - Fri Jul 16 2004 17:44:54 +0800 | 616 0.43 - Fri Jul 16 2004 17:44:54 +0800 |
575 | 617 |
576 - SECURITY: Don't try to free() uninitialised variables in DSS verification | 618 - SECURITY: Don't try to free() uninitialised variables in DSS verification |
577 code. Thanks to Arne Bernin for pointing out this bug. This is possibly | 619 code. Thanks to Arne Bernin for pointing out this bug. This is possibly |
578 exploitable, all users with DSS and pubkey-auth compiled in are advised to | 620 exploitable, all users with DSS and pubkey-auth compiled in are advised to |
579 upgrade. | 621 upgrade. CVE-2004-2486 |
580 | 622 |
581 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. | 623 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. |
582 | 624 |
583 - Don't go into an infinite loop when portforwarding to servers which don't | 625 - Don't go into an infinite loop when portforwarding to servers which don't |
584 send any initial data/banner. Patch from Nikola Vladov | 626 send any initial data/banner. Patch from Nikola Vladov |