view debian/changelog @ 1861:2b3a8026a6ce

Add re-exec for server This allows ASLR to re-randomize the address space for every connection, preventing some vulnerabilities from being exploitable by repeated probing. Overhead (memory and time) is yet to be confirmed. At present this is only enabled on Linux. Other BSD platforms with fexecve() would probably also work though have not been tested.
author Matt Johnston <matt@ucc.asn.au>
date Sun, 30 Jan 2022 10:14:56 +0800
parents 4b984c42372d
children 77bc00dcc19f
line wrap: on
line source

dropbear (2020.81-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 29 Oct 2020 22:51:57 +0800

dropbear (2020.80-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Fri, 26 Jun 2020 22:51:57 +0800

dropbear (2020.79-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Mon, 15 Jun 2020 22:51:57 +0800

dropbear (2019.78-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 27 Mar 2019 22:51:57 +0800

dropbear (2019.77-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Sat, 23 Mar 2019 22:51:57 +0800

dropbear (2018.76-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Tue, 27 Feb 2018 22:51:57 +0800

dropbear (2017.75-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 18 May 2017 22:51:57 +0800

dropbear (2016.74-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 21 Jul 2016 22:51:57 +0800

dropbear (2016.73-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Fri, 18 Mar 2016 22:52:58 +0800

dropbear (2016.72-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 10 Mar 2016 22:52:58 +0800

dropbear (2015.70-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 26 Nov 2015 22:52:58 +0800

dropbear (2015.69-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 25 Nov 2015 22:52:58 +0800

dropbear (2015.68-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Sat, 8 Aug 2015 22:52:58 +0800

dropbear (2015.67-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 28 Jan 2015 22:53:59 +0800

dropbear (2014.66-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 23 Oct 2014 22:54:00 +0800

dropbear (2014.65-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Fri, 8 Aug 2014 22:54:00 +0800

dropbear (2014.64-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Sun, 27 Jul 2014 22:54:00 +0800

dropbear (2014.63-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 19 Feb 2014 22:54:00 +0800

dropbear (2013.62) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Tue, 7 Dec 2013 22:54:00 +0800

dropbear (2013.60-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 16 Oct 2013 22:54:00 +0800

dropbear (2013.59-0.1) unstable; urgency=low

  * New upstream release.
  * Build with DEB_BUILD_MAINT_OPTIONS = hardening=+all

 -- Matt Johnston <[email protected]>  Fri, 4 Oct 2013 22:54:00 +0800

dropbear (2013.58-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 18 Apr 2013 22:54:00 +0800

dropbear (2013.57-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Mon, 15 Apr 2013 22:54:00 +0800

dropbear (2013.56-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 21 Mar 2013 22:54:00 +0800

dropbear (2012.55-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 22 Feb 2012 22:54:00 +0800

dropbear (2011.54-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Tues, 8 Nov 2011 22:54:00 +0800

dropbear (0.53.1-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 2 Mar 2011 22:54:00 +0900

dropbear (0.53-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 24 Feb 2011 22:54:00 +0900

dropbear (0.52-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Wed, 12 Nov 2008 22:54:00 +0900

dropbear (0.51-0.1) unstable; urgency=low

  * New upstream release.

 -- Matt Johnston <[email protected]>  Thu, 27 Mar 2008 19:14:00 +0900

dropbear (0.50-4) unstable; urgency=low

  * debian/dropbear.init: apply patch from Petter Reinholdtsen: add LSB
    formatted dependency info in init.d script (closes: #466257).
  * debian/rules: no longer include symlinks for ./supervise/ subdirectories.
  * debian/dropbear.postinst: upgrade from << 0.50-4: if dropbear is managed
    by runit, remove service, and re-add using update-service(8).
  * debian/control: Standards-Version: 3.7.3.0.
  * debian/rules: target clean: don't ignore errors but check for readable
    ./Makefile.

 -- Gerrit Pape <[email protected]>  Thu, 06 Mar 2008 19:06:58 +0000

dropbear (0.50-3) unstable; urgency=low

  * debian/dropbear.init: use the update-service(8) program from the runit
    package instead of directly checking for the symlink in /var/service/.
  * debian/README.runit: talk about update-service(8) instead of symlinks
    in /var/service/.

 -- Gerrit Pape <[email protected]>  Fri, 15 Feb 2008 00:32:37 +0000

dropbear (0.50-2) unstable; urgency=low

  * debian/dropbear.README.Debian: no longer talk about entropy from
    /dev/random, /dev/urandom is now used by default (thx Joey Hess,
    closes: #441515).

 -- Gerrit Pape <[email protected]>  Mon, 24 Sep 2007 16:49:17 +0000

dropbear (0.50-1) unstable; urgency=low

  * debian/README.runit: minor.
  * new upstream version.
  * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
    remove; fixed upstream.

 -- Gerrit Pape <[email protected]>  Thu, 09 Aug 2007 23:01:01 +0000

dropbear (0.49-2) unstable; urgency=low

  * debian/rules: apply diffs from debian/diff/ with patch -p1 instead of
    -p0.
  * debian/diff/0001-options.h-use-dev-urandom-instead-of-dev-random-a.diff:
    new; options.h: use /dev/urandom instead of /dev/random as
    DROPBEAR_RANDOM_DEV (closes: #386976).
  * debian/rules: target clean: remove libtomcrypt/Makefile,
    libtommath/Makefile.

 -- Gerrit Pape <[email protected]>  Sat, 09 Jun 2007 08:59:59 +0000

dropbear (0.49-1) unstable; urgency=high

  * new upstream release, fixes
    * CVE-2007-1099: dropbear dbclient insufficient warning on hostkey
      mismatch (closes: #412899).
    * dbclient uses static "Password:" prompt instead of using the server's
      prompt (closes: #394996).
  * debian/control: Suggests: openssh-client, not ssh (closes: #405686);
    Standards-Version: 3.7.2.2.
  * debian/README.Debian: ssh -> openssh-server, openssh-client; remove
    'Replacing OpenSSH "sshd" with Dropbear' part, this is simply done by not
    installing the openssh-server package.
  * debian/README.runit: runsvstat -> sv status.

 -- Gerrit Pape <[email protected]>  Fri,  2 Mar 2007 20:48:18 +0000

dropbear (0.48.1-1) unstable; urgency=medium

  * new upstream point release.
    * Compile fix for scp
  * debian/diff/dbclient.1.diff: new: document -R option to dbclient
    accurately (thx Markus Schaber; closes: #351882).
  * debian/dropbear.README.Debian: document a workaround for systems with
    possibly blocking /dev/random device (closes: #355414)..

 -- Gerrit Pape <[email protected]>  Sun, 16 Apr 2006 16:16:40 +0000

dropbear (0.48-1) unstable; urgency=medium

  * New upstream release.
  * SECURITY: Improve handling of denial of service attempts from a single
    IP.

  * debian/implicit: update to revision 1.11.
  * new upstream release updates to scp from OpenSSH 4.3p2 - fixes a
    security issue where use of system() could cause users to execute
    arbitrary code through malformed filenames; CVE-2006-0225 (see also
    #349645); the scp binary is not provided by this package though.

 -- Gerrit Pape <[email protected]>  Fri, 10 Mar 2006 22:00:32 +0000

dropbear (0.47-1) unstable; urgency=high

  * New upstream release.
  * SECURITY: Fix incorrect buffer sizing; CVE-2005-4178.

 -- Matt Johnston <[email protected]>  Thu, 8 Dec 2005 19:20:21 +0800

dropbear (0.46-2) unstable; urgency=low

  * debian/control: Standards-Version: 3.6.2.1; update descriptions to
    mention included server and client (thx Tino Keitel).
  * debian/dropbear.init: allow '/etc/init.d/dropbear stop' even though
    'NO_START is not set to zero.' (closes: #336723).

 -- Gerrit Pape <[email protected]>  Tue,  6 Dec 2005 13:30:49 +0000

dropbear (0.46-1) unstable; urgency=medium

  * New upstream release, various fixes.
  * debian/diff/dbclient-usage-typo.diff, debian/diff/manpages.diff: remove;
    obsolete.
  * debian/dbclient.1: move to ./dbclient.1.

 -- Matt Johnston <[email protected]>  Fri, 8 July 2005 21:32:55 +0800

dropbear (0.45-3) unstable; urgency=low

  * debian/dropbear.init: init script prints human readable message in case
    it's disabled (closes: #309099).
  * debian/dropbear.postinst: configure: restart service through init script
    instead of start.
  * debian/dropbear.prerm: set -u -> set -e.

 -- Gerrit Pape <[email protected]>  Wed, 25 May 2005 22:38:17 +0000

dropbear (0.45-2) unstable; urgency=low

  * Matt Johnston:
    * New upstream release, various fixes.

 -- Gerrit Pape <[email protected]>  Sat, 12 Mar 2005 15:17:55 +0000

dropbear (0.44-1) unstable; urgency=low

  * New upstream release.
  * debian/rules: install /usr/bin/dbclient; handle possible patches more
    gracefully; install debian/dbclient.1 man page; enable target patch;
    minor.
  * debian/implicit: update to revision 1.10.
  * debian/dbclient.1: new; man page.
  * debian/diff/dbclient-usage-typo.diff: new; fix typo.
  * debian/diff/manpages.diff: new; add references to dbclient man page.

 -- Gerrit Pape <[email protected]>  Sat,  8 Jan 2005 22:50:43 +0000

dropbear (0.43-2) unstable; urgency=high

  * Matt Johnston:
    * New upstream release 0.43
    * SECURITY: Don't attempt to free uninitialised buffers in DSS verification
      code
    * Handle portforwarding to servers which don't send any initial data
      (Closes: #258426)
  * debian/dropbear.postinst: remove code causing bothersome warning on
    package install (closes: #256752).
  * debian/README.Debian.diet: new; how to build with the diet libc.
  * debian/dropbear.docs: add debian/README.Debian.diet.
  * debian/rules: support "diet" in DEB_BUILD_OPTIONS; minor cleanup.

 -- Gerrit Pape <[email protected]>  Sat, 17 Jul 2004 19:31:19 +0000

dropbear (0.42-1) unstable; urgency=low

  * New upstream release 0.42.
  * debian/diff/cvs-20040520.diff: remove; obsolete.
  * debian/rules: disable target patch.

 -- Matt Johnston <[email protected]>  Wed, 16 June 2004 12:44:54 +0800

dropbear (0.41-3) unstable; urgency=low

  * 1st upload to the Debian archive (closes: #216553).
  * debian/diff/cvs-20040520.diff: new; stable cvs snapshot.
  * debian/rules: new target patch: apply diffs in debian/diff/, reverse
    apply in target clean; install man pages.
  * debian/control: Priority: optional.

 -- Gerrit Pape <[email protected]>  Sun, 23 May 2004 08:32:37 +0000

dropbear (0.41-2) unstable; urgency=low

  * new maintainer.
  * debian/control: no longer Build-Depends: debhelper; Build-Depends:
    libz-dev; Standards-Version: 3.6.1.0; Suggests: runit; update
    descriptions.
  * debian/rules: stop using debhelper, use implicit rules; cleanup;
    install dropbearconvert into /usr/lib/dropbear/.
  * debian/impicit: new; implicit rules.
  * debian/copyright.in: adapt.
  * debian/dropbear.init: minor adaptions; test for dropbear service
    directory.
  * debian/README.runit: new; how to use dropbear with runit.
  * debian/README.Debian, debian/docs: rename to debian/dropbear.*.
  * debian/dropbear.docs: add debian/README.runit
  * debian/conffiles: rename to debian/dropbear.conffiles; add init
    script, and run scripts.
  * debian/postinst: rename to debian/dropbear.postinst; adapt; use
    invloke-rc.d dropbear start.
  * debian/dropbear.prerm: new; invoke-rc.d dropbear stop.
  * debian/postrm: rename to debian/dropbear.postrm; adapt; clean up
    service directories.
  * debian/compat, debian/dirs, dropbear.default: remove; obsolete.

 -- Gerrit Pape <[email protected]>  Sun, 16 May 2004 16:50:55 +0000

dropbear (0.41-1) unstable; urgency=low

  * Updated to 0.41 release.
  * Various minor fixes

 -- Matt Johnston <[email protected]>  Mon, 19 Jan 2004 23:20:54 +0800

dropbear (0.39-1) unstable; urgency=low

  * updated to 0.39 release. Some new features, some bugfixes.

 -- Matt Johnston <[email protected]>  Tue, 16 Dec 2003 16:20:54 +0800

dropbear (0.38-1) unstable; urgency=medium

  * updated to 0.38 release - various important bugfixes

 -- Matt Johnston <[email protected]>  Sat, 11 Oct 2003 16:28:54 +0800

dropbear (0.37-1) unstable; urgency=medium

  * updated to 0.37 release - various important bugfixes

 -- Matt Johnston <[email protected]>  Wed, 24 Sept 2003 19:43:54 +0800

dropbear (0.36-1) unstable; urgency=high

  * updated to 0.36 release - various important bugfixes

 -- Matt Johnston <[email protected]>  Tues, 19 Aug 2003 12:20:54 +0800

dropbear (0.35-1) unstable; urgency=high

  * updated to 0.35 release - contains fix for remotely exploitable
    vulnerability.

 -- Matt Johnston <[email protected]>  Sun, 17 Aug 2003 05:37:47 +0800

dropbear (0.34-1) unstable; urgency=medium

  * updated to 0.34 release

 -- Matt Johnston <[email protected]>  Fri, 15 Aug 2003 15:10:00 +0800

dropbear (0.33-1) unstable; urgency=medium

  * updated to 0.33 release

 -- Matt Johnston <[email protected]>  Sun, 22 Jun 2003 22:22:00 +0800

dropbear (0.32cvs-1) unstable; urgency=medium

  * now maintained in UCC CVS
  * debian/copyright.in file added, generated from LICENSE

 -- Grahame Bowland <[email protected]>  Tue, 21 Jun 2003 17:57:02 +0800

dropbear (0.32cvs-1) unstable; urgency=medium

  * sync with CVS
  * fixes X crash bug

 -- Grahame Bowland <[email protected]>  Tue, 20 Jun 2003 15:04:47 +0800

dropbear (0.32-2) unstable; urgency=low

  * fix creation of host keys to use correct names in /etc/dropbear
  * init script "restart" function fixed
  * purging this package now deletes the host keys and /etc/dropbear
  * change priority in debian/control to 'standard'

 -- Grahame Bowland <[email protected]>  Tue, 17 Jun 2003 15:04:47 +0800

dropbear (0.32-1) unstable; urgency=low

  * Initial Release.

 -- Grahame Bowland <[email protected]>  Tue, 17 Jun 2003 15:04:47 +0800