# HG changeset patch # User Matt Johnston # Date 1134042858 0 # Node ID 9b9664204b97482c55ca6682d35ae1515e6ebddf # Parent 541b14504870f6df3e11685e27dc420d80ca5e29 * Update changelogs for 0.47 release diff -r 541b14504870 -r 9b9664204b97 CHANGES --- a/CHANGES Thu Dec 08 11:45:33 2005 +0000 +++ b/CHANGES Thu Dec 08 11:54:18 2005 +0000 @@ -1,3 +1,39 @@ +0.47 - Thurs Dec 8 2005 + +- SECURITY: fix for buffer allocation error in server code, could potentially + allow authenticated users to gain elevated privileges. All multi-user systems + running the server should upgrade (or apply the patch available on the + Dropbear webpage). + +- Fix channel handling code so that redirecting to /dev/null doesn't use + 100% CPU. + +- Turn on zlib compression for dbclient. + +- Set "low delay" TOS bit, can significantly improve interactivity + over some links. + +- Added client keyboard-interactive mode support, allows operation with + newer OpenSSH servers in default config. + +- Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions + +- Improve logging of assertions + +- Added aes-256 cipher and sha1-96 hmac. + +- Fix twofish so that it actually works. + +- Improve PAM prompt comparison. + +- Added -g (dbclient) and -a (dropbear server) options to allow + connections to listening forwarded ports from remote machines. + +- Various other minor fixes + +- Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD + (netinet/in_systm.h needs to be included). + 0.46 - Sat July 9 2005 - Fix long-standing bug which caused connections to be closed if an ssh-agent diff -r 541b14504870 -r 9b9664204b97 debian/changelog --- a/debian/changelog Thu Dec 08 11:45:33 2005 +0000 +++ b/debian/changelog Thu Dec 08 11:54:18 2005 +0000 @@ -1,3 +1,10 @@ +dropbear (0.47-0.1) unstable; urgency=high + + * New upstream release. + * SECURITY: Fix incorrect buffer sizing. + + -- Matt Johnston Thu, 8 Dec 2005 19:20:21 +0800 + dropbear (0.46-2) unstable; urgency=low * debian/control: Standards-Version: 3.6.2.1; update descriptions to