Mercurial > dropbear
diff CHANGES @ 835:4095b6d7c9fc ecc
Merge in changes from the past couple of releases
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 18 Oct 2013 21:38:01 +0800 |
parents | b9f0058860f1 |
children | e894dbc015ba |
line wrap: on
line diff
--- a/CHANGES Sat May 25 00:54:19 2013 +0800 +++ b/CHANGES Fri Oct 18 21:38:01 2013 +0800 @@ -1,3 +1,45 @@ +2013.60 - Wednesday 16 October 2013 + +- Fix "make install" so that it doesn't always install to /bin and /sbin + +- Fix "make install MULTI=1", installing manpages failed + +- Fix "make install" when scp is included since it has no manpage + +- Make --disable-bundled-libtom work + +2013.59 - Friday 4 October 2013 + +- Fix crash from -J command + Thanks to LluĂs Batlle i Rossell and Arnaud Mouiche for patches + +- Avoid reading too much from /proc/net/rt_cache since that causes + system slowness. + +- Improve EOF handling for half-closed connections + Thanks to Catalin Patulea + +- Send a banner message to report PAM error messages intended for the user + Patch from Martin Donnelly + +- Limit the size of decompressed payloads, avoids memory exhaustion denial + of service + Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421 + +- Avoid disclosing existence of valid users through inconsistent delays + Thanks to Logan Lamb for reporting. CVE-2013-4434 + +- Update config.guess and config.sub for newer architectures + +- Avoid segfault in server for locked accounts + +- "make install" now installs manpages + dropbearkey.8 has been renamed to dropbearkey.1 + manpage added for dropbearconvert + +- Get rid of one second delay when running non-interactive commands + + 2013.58 - Thursday 18 April 2013 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz @@ -286,7 +328,7 @@ - Security: dbclient previously would prompt to confirm a mismatching hostkey but wouldn't warn loudly. It will now - exit upon a mismatch. + exit upon a mismatch. CVE-2007-1099 - Compile fixes, make sure that all variable definitions are at the start of a scope. @@ -348,7 +390,7 @@ (thanks to Tomas Vanek for helping track it down) - Implement per-IP pre-authentication connection limits - (after some poking from Pablo Fernandez) + (after some poking from Pablo Fernandez) CVE-2006-1206 - Exit gracefully if trying to connect to as SSH v1 server (reported by Rushi Lala) @@ -369,7 +411,7 @@ - SECURITY: fix for buffer allocation error in server code, could potentially allow authenticated users to gain elevated privileges. All multi-user systems running the server should upgrade (or apply the patch available on the - Dropbear webpage). + Dropbear webpage). CVE-2005-4178 - Fix channel handling code so that redirecting to /dev/null doesn't use 100% CPU. @@ -576,7 +618,7 @@ - SECURITY: Don't try to free() uninitialised variables in DSS verification code. Thanks to Arne Bernin for pointing out this bug. This is possibly exploitable, all users with DSS and pubkey-auth compiled in are advised to - upgrade. + upgrade. CVE-2004-2486 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape.