# HG changeset patch # User Matt Johnston # Date 1392818461 -28800 # Node ID 49ed526daedc3ca1375e89a9e9adf1342f5b7e99 # Parent 115f8a3c2d5ad004dbfe3779deaab73a5d90f666 CHANGES for 2014.63 diff -r 115f8a3c2d5a -r 49ed526daedc CHANGES --- a/CHANGES Tue Feb 18 21:33:56 2014 +0800 +++ b/CHANGES Wed Feb 19 22:01:01 2014 +0800 @@ -1,3 +1,47 @@ +2014.63 - Wednesday 19 February 2014 + +- Fix ~. to terminate a client interactive session after waking a laptop + from sleep. + +- Changed port separator syntax again, now using host^port. This is because + IPv6 link-local addresses use %. Reported by Gui Iribarren + +- Avoid constantly relinking dropbearmulti target, fix "make install" + for multi target, thanks to Mike Frysinger + +- Avoid getting stuck in a loop writing huge key files, reported by Bruno + Thomsen + +- Don't link dropbearkey or dropbearconvert to libz or libutil, + thanks to Nicolas Boos + +- Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos + +- Avoid crash on exit due to cleaned up keys before last packets are sent, + debugged by Ronald Wahl + +- Fix a race condition in rekeying where Dropbear would exit if it received a + still-in-flight packet after initiating rekeying. Reported by Oliver Metz. + This is a longstanding bug but is triggered more easily since 2013.57 + +- Fix README for ecdsa keys, from Caralin Patulea + +- Ensure that generated RSA keys are always exactly the length + requested. Previously Dropbear always generated N+16 or N+15 bit keys. + Thanks to Unit 193 + +- Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the + first public key succeeds. Still not enabled by default, needs more + compatibility testing with other implementations. + +- Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to + +- Fix for bad system linux/pkt-sched.h header file with older Linux +kernels, from Steve Dover + +- Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch + and Mark Wickham for independently spotting the same problem. + 2013.62 - Tuesday 3 December 2013 - Disable "interactive" QoS connection options when a connection doesn't diff -r 115f8a3c2d5a -r 49ed526daedc options.h --- a/options.h Tue Feb 18 21:33:56 2014 +0800 +++ b/options.h Wed Feb 19 22:01:01 2014 +0800 @@ -222,6 +222,12 @@ * return the password on standard output */ /*#define ENABLE_CLI_ASKPASS_HELPER*/ +/* Save a network roundtrip by sendng a real auth request immediately after + * sending a query for the available methods. It is at the expense of < 100 + * bytes of extra network traffic. This is not yet enabled by default since it + * could cause problems with non-compliant servers */ +/* #define DROPBEAR_CLI_IMMEDIATE_AUTH */ + /* Source for randomness. This must be able to provide hundreds of bytes per SSH * connection without blocking. In addition /dev/random is used for seeding * rsa/dss key generation */ diff -r 115f8a3c2d5a -r 49ed526daedc sysoptions.h --- a/sysoptions.h Tue Feb 18 21:33:56 2014 +0800 +++ b/sysoptions.h Wed Feb 19 22:01:01 2014 +0800 @@ -176,11 +176,6 @@ accept for keyb-interactive auth */ -/* Send a real auth request immediately after sending a query for the available methods. - * It saves a network round trip at login. - * If problems are encountered it can be disabled here. */ - #define DROPBEAR_CLI_IMMEDIATE_AUTH - #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128) #define DROPBEAR_AES