--- a/CHANGES	Mon Oct 02 06:40:51 2006 +0000
+++ b/CHANGES	Thu Nov 06 13:16:55 2008 +0000
@@ -1,3 +1,144 @@
+0.52
+
+- Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel
+  standard input/output to a TCP port-forwarded remote host.
+
+- Add "proxy command" support to dbclient, to allow using a spawned process for
+  IO rather than a direct TCP connection. eg
+	  dbclient remotehost
+  is equivalent to
+	  dbclient -J 'nc remotehost 22' remotehost
+  (the hostname is still provided purely for looking up saved host keys)
+
+- Combine netcat-alike and proxy support to allow "multihop" connections, with
+  comma-separated host syntax.  Allows running
+	  dbclient user1@host1,user2@host2,user3@host3
+  to end up at host3 via the other two, using SSH TCP forwarding. It's a bit
+  like onion-routing. All connections are established from the local machine.
+  The comma-separated syntax can also be used for scp/rsync, eg
+	  scp -S dbclient matt@martello,root@wrt,canyons:/tmp/dump .
+  to bounce through a few hosts.
+
+- Allow restrictions on authorized_keys logins such as restricting commands
+  to be run etc. This is a subset of those allowed by OpenSSH, doesn't
+  yet allow restricting source host.
+
+- Use vfork() for scp on uClinux
+
+- Default to PATH=/usr/bin:/bin for shells.
+
+- Report errors if -R forwarding fails
+
+- Add counter mode cipher support, which avoids some security problems with the
+  standard CBC mode.
+
+- Support [email protected] delayed compression for client/server. It can be
+  required for the Dropbear server with the '-Z' option. This is useful for
+  security as it avoids exposing the server to attacks on zlib by
+  unauthenticated remote users, though requires client side support.
+
+- options.h has been split into options.h (user-changable) and sysoptions.h
+  (less commonly changed)
+
+- Support "dbclient -s sftp" to specify a subsystem
+
+- Fix a bug in replies to channel requests that could be triggered by recent
+  versions of PuTTY
+
+0.51 - Thu 27 March 2008
+
+- Make a copy of password fields rather erroneously relying on getwpnam()
+  to be safe to call multiple times
+
+- If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is
+  as well) always use that program, ignoring isatty() and $DISPLAY
+
+- Wait until a process exits before the server closes a connection, so
+  that an exit code can be sent. This fixes problems with exit codes not
+  being returned, which could cause scp to fail.
+
+0.50 - Wed 8 August 2007
+
+- Add DROPBEAR_PASSWORD environment variable to specify a dbclient password
+
+- Use /dev/urandom by default, since that's what everyone does anyway
+
+- Correct vfork() use for uClinux in scp
+  (thanks to Alex Landau)
+
+- Exit with an exit code of 1 if dropbear can't bind to any ports
+  (thanks to Nicolai Ehemann)
+
+- Improve network performance and add a -W <receive_window> argument for
+  adjusting the tradeoff between network performance and memory consumption.
+
+- Fix a problem where reply packets could be sent during key exchange,
+  in violation of the SSH spec. This could manifest itself with connections
+  being terminated after 8 hours with new TCP-forward connections being
+  established.
+
+- Add -K <keepalive_time> argument, ensuring that data is transmitted
+  over the connection at least every N seconds.
+
+- dropbearkey will no longer generate DSS keys of sizes other than 1024
+  bits, as required by the DSS specification. (Other sizes are still
+  accepted for use to provide backwards compatibility).
+
+0.49 - Fri 23 February 2007
+
+- Security: dbclient previously would prompt to confirm a 
+  mismatching hostkey but wouldn't warn loudly. It will now
+  exit upon a mismatch.
+
+- Compile fixes, make sure that all variable definitions are at the start
+  of a scope.
+
+- Added -P pidfile argument to the server (from Swen Schillig)
+
+- Add -N dbclient option for "no command"
+
+- Add -f dbclient option for "background after auth"
+
+- Add ability to limit binding to particular addresses, use 
+  -p [address:]port, patch from Max-Gerd Retzlaff.
+
+- Try to finally fix ss_family compilation problems (for old
+  glibc systems)
+
+- Fix finding relative-path server hostkeys when running daemonized
+
+- Use $HOME in preference to that from /etc/passwd, so that
+  dbclient can still work on broken systems.
+
+- Fix various issues found by Klocwork defect analysis, mostly memory leaks
+  and error-handling. Thanks to Klocwork for their service.
+
+- Improve building in a separate directory
+
+- Add compile-time LOG_COMMANDS option to log user commands
+
+- Add '-y' flag to dbclient to unconditionally accept host keys,
+  patch from Luciano Miguel Ferreira Rocha
+
+- Return immediately for "sleep 10 & echo foo", rather than waiting
+  for the sleep to return (pointed out by Rob Landley).
+  
+- Avoid hanging after exit in certain cases (such as scp)
+
+- Various minor fixes, in particular various leaks reported by
+  Erik Hovland
+  
+- Disable core dumps on startup
+
+- Don't erase over every single buffer, since it was a bottleneck.
+  On systems where it really matters, encrypted swap should be utilised.
+
+- Read /dev/[u]random only once at startup to conserve kernel entropy
+
+- Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40
+
+- Upgrade config.status and config.guess 
+
 0.48.1 - Sat 11 March 2006
 
 - Compile fix for scp