Mercurial > dropbear
diff CHANGES @ 293:9d110777f345 contrib-blacklist
propagate from branch 'au.asn.ucc.matt.dropbear' (head 7ad1775ed65e75dbece27fe6b65bf1a234db386a)
to branch 'au.asn.ucc.matt.dropbear.contrib.blacklist' (head 1d86a4f0a401cc68c2670d821a2f6366c37af143)
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Fri, 10 Mar 2006 06:31:29 +0000 |
parents | 55a99934db87 |
children | 03f65e461915 |
line wrap: on
line diff
--- a/CHANGES Tue Sep 06 04:57:14 2005 +0000 +++ b/CHANGES Fri Mar 10 06:31:29 2006 +0000 @@ -1,3 +1,62 @@ +0.48 - Thurs 9 March 2006 + +- Check that the circular buffer is properly empty before + closing a channel, which could cause truncated transfers + (thanks to Tomas Vanek for helping track it down) + +- Implement per-IP pre-authentication connection limits + (after some poking from Pablo Fernandez) + +- Exit gracefully if trying to connect to as SSH v1 server + (reported by Rushi Lala) + +- Only read /dev/random once at startup when in non-inetd mode + +- Allow ctrl-c to close a dbclient password prompt (may + still have to press enter on some platforms) + +- Merged in uClinux patch for inetd mode + +- Updated to scp from OpenSSH 4.3p2 - fixes a security issue + where use of system() could cause users to execute arbitrary + code through malformed filenames, ref CVE-2006-0225 + +0.47 - Thurs Dec 8 2005 + +- SECURITY: fix for buffer allocation error in server code, could potentially + allow authenticated users to gain elevated privileges. All multi-user systems + running the server should upgrade (or apply the patch available on the + Dropbear webpage). + +- Fix channel handling code so that redirecting to /dev/null doesn't use + 100% CPU. + +- Turn on zlib compression for dbclient. + +- Set "low delay" TOS bit, can significantly improve interactivity + over some links. + +- Added client keyboard-interactive mode support, allows operation with + newer OpenSSH servers in default config. + +- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions + +- Improve logging of assertions + +- Added aes-256 cipher and sha1-96 hmac. + +- Fix twofish so that it actually works. + +- Improve PAM prompt comparison. + +- Added -g (dbclient) and -a (dropbear server) options to allow + connections to listening forwarded ports from remote machines. + +- Various other minor fixes + +- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD + (netinet/in_systm.h needs to be included). + 0.46 - Sat July 9 2005 - Fix long-standing bug which caused connections to be closed if an ssh-agent