comparison CHANGES @ 837:fdf51d3f26e1 ecc

merge
author Matt Johnston <matt@ucc.asn.au>
date Sun, 20 Oct 2013 21:07:05 +0800
parents b9f0058860f1
children e894dbc015ba
comparison
equal deleted inserted replaced
836:d7d9f1612d51 837:fdf51d3f26e1
1 2013.60 - Wednesday 16 October 2013
2
3 - Fix "make install" so that it doesn't always install to /bin and /sbin
4
5 - Fix "make install MULTI=1", installing manpages failed
6
7 - Fix "make install" when scp is included since it has no manpage
8
9 - Make --disable-bundled-libtom work
10
11 2013.59 - Friday 4 October 2013
12
13 - Fix crash from -J command
14 Thanks to LluĂ­s Batlle i Rossell and Arnaud Mouiche for patches
15
16 - Avoid reading too much from /proc/net/rt_cache since that causes
17 system slowness.
18
19 - Improve EOF handling for half-closed connections
20 Thanks to Catalin Patulea
21
22 - Send a banner message to report PAM error messages intended for the user
23 Patch from Martin Donnelly
24
25 - Limit the size of decompressed payloads, avoids memory exhaustion denial
26 of service
27 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421
28
29 - Avoid disclosing existence of valid users through inconsistent delays
30 Thanks to Logan Lamb for reporting. CVE-2013-4434
31
32 - Update config.guess and config.sub for newer architectures
33
34 - Avoid segfault in server for locked accounts
35
36 - "make install" now installs manpages
37 dropbearkey.8 has been renamed to dropbearkey.1
38 manpage added for dropbearconvert
39
40 - Get rid of one second delay when running non-interactive commands
41
42
1 2013.58 - Thursday 18 April 2013 43 2013.58 - Thursday 18 April 2013
2 44
3 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz 45 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
4 46
5 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder 47 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
284 326
285 0.49 - Fri 23 February 2007 327 0.49 - Fri 23 February 2007
286 328
287 - Security: dbclient previously would prompt to confirm a 329 - Security: dbclient previously would prompt to confirm a
288 mismatching hostkey but wouldn't warn loudly. It will now 330 mismatching hostkey but wouldn't warn loudly. It will now
289 exit upon a mismatch. 331 exit upon a mismatch. CVE-2007-1099
290 332
291 - Compile fixes, make sure that all variable definitions are at the start 333 - Compile fixes, make sure that all variable definitions are at the start
292 of a scope. 334 of a scope.
293 335
294 - Added -P pidfile argument to the server (from Swen Schillig) 336 - Added -P pidfile argument to the server (from Swen Schillig)
346 - Check that the circular buffer is properly empty before 388 - Check that the circular buffer is properly empty before
347 closing a channel, which could cause truncated transfers 389 closing a channel, which could cause truncated transfers
348 (thanks to Tomas Vanek for helping track it down) 390 (thanks to Tomas Vanek for helping track it down)
349 391
350 - Implement per-IP pre-authentication connection limits 392 - Implement per-IP pre-authentication connection limits
351 (after some poking from Pablo Fernandez) 393 (after some poking from Pablo Fernandez) CVE-2006-1206
352 394
353 - Exit gracefully if trying to connect to as SSH v1 server 395 - Exit gracefully if trying to connect to as SSH v1 server
354 (reported by Rushi Lala) 396 (reported by Rushi Lala)
355 397
356 - Only read /dev/random once at startup when in non-inetd mode 398 - Only read /dev/random once at startup when in non-inetd mode
367 0.47 - Thurs Dec 8 2005 409 0.47 - Thurs Dec 8 2005
368 410
369 - SECURITY: fix for buffer allocation error in server code, could potentially 411 - SECURITY: fix for buffer allocation error in server code, could potentially
370 allow authenticated users to gain elevated privileges. All multi-user systems 412 allow authenticated users to gain elevated privileges. All multi-user systems
371 running the server should upgrade (or apply the patch available on the 413 running the server should upgrade (or apply the patch available on the
372 Dropbear webpage). 414 Dropbear webpage). CVE-2005-4178
373 415
374 - Fix channel handling code so that redirecting to /dev/null doesn't use 416 - Fix channel handling code so that redirecting to /dev/null doesn't use
375 100% CPU. 417 100% CPU.
376 418
377 - Turn on zlib compression for dbclient. 419 - Turn on zlib compression for dbclient.
574 0.43 - Fri Jul 16 2004 17:44:54 +0800 616 0.43 - Fri Jul 16 2004 17:44:54 +0800
575 617
576 - SECURITY: Don't try to free() uninitialised variables in DSS verification 618 - SECURITY: Don't try to free() uninitialised variables in DSS verification
577 code. Thanks to Arne Bernin for pointing out this bug. This is possibly 619 code. Thanks to Arne Bernin for pointing out this bug. This is possibly
578 exploitable, all users with DSS and pubkey-auth compiled in are advised to 620 exploitable, all users with DSS and pubkey-auth compiled in are advised to
579 upgrade. 621 upgrade. CVE-2004-2486
580 622
581 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape. 623 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
582 624
583 - Don't go into an infinite loop when portforwarding to servers which don't 625 - Don't go into an infinite loop when portforwarding to servers which don't
584 send any initial data/banner. Patch from Nikola Vladov 626 send any initial data/banner. Patch from Nikola Vladov