# HG changeset patch # User Matt Johnston # Date 1439037328 -28800 # Node ID 809feaa9408f036734129c77f2b3c7e779d4f099 # Parent 3c8403f4669de7fb572d87fbcbebea5679ee7bb2 changelog and version 2015.68 diff -r 3c8403f4669d -r 809feaa9408f CHANGES --- a/CHANGES Fri Aug 07 23:07:16 2015 +0800 +++ b/CHANGES Sat Aug 08 20:35:28 2015 +0800 @@ -1,23 +1,31 @@ -- Improve efficiency of writing data to local program/pipes, measured 30% increase +2015.68 - Saturday 8 August 2015 + +- Reduce local data copying for improved efficiency. Measured 30% increase in throughput for connections to localhost -- Use TCP Fast Open on Linux if available. saves a round trip at connection +- Forwarded TCP ports connect asynchronously and try all available addresses + (IPv4, IPv6, round robin DNS) + +- Fix all compile warnings, many patches from Gaël Portay + Note that configure with -Werror may not be successful on some platforms (OS X) + and some configuration options may still result in unused variable + warnings. + +- Use TCP Fast Open on Linux if available. Saves a round trip at connection to hosts that have previously been connected. Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3" Client side is disabled by default pending further compatibility testing with networks and systems. -- Forwarded TCP ports connect asynchronously and retry with other available - addresses (IPv4 versus IPv6, round robin IPs) +- Increase maximum command length to 9000 bytes - Free memory before exiting, patch from Thorsten Horstmann. Useful for Dropbear ports to embedded systems and for checking memory leaks - with valgrind. Only partially implemented for client side. + with valgrind. Only partially implemented for dbclient. + This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h -- Fix all compile warnings, patch from Gaël Portay - (note that configure with -Werror may not be successful on some platforms - such as OS X and some configuration options may result in unused variable - warnings) +- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless + there is a leading slash (~ isn't treated specially) - Fix small ECC memory leaks @@ -29,10 +37,13 @@ - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks to CL Ouyang -- Increase maximum command size to 9000 bytes +- Fix null pointer crash with restrictions in authorized_keys without a command, patch from + Guilhem Moulin -- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless - there is a leading slash (~ isn't treated specially) +- Ensure authentication timeout is handled while reading the initial banner, + thanks to CL Ouyang for finding it. + +- Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz 2015.67 - Wednesday 28 January 2015 diff -r 3c8403f4669d -r 809feaa9408f debian/changelog --- a/debian/changelog Fri Aug 07 23:07:16 2015 +0800 +++ b/debian/changelog Sat Aug 08 20:35:28 2015 +0800 @@ -1,3 +1,9 @@ +dropbear (2015.68-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston Sat, 8 Aug 2015 22:52:58 +0800 + dropbear (2015.67-0.1) unstable; urgency=low * New upstream release. diff -r 3c8403f4669d -r 809feaa9408f sysoptions.h --- a/sysoptions.h Fri Aug 07 23:07:16 2015 +0800 +++ b/sysoptions.h Sat Aug 08 20:35:28 2015 +0800 @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2015.67" +#define DROPBEAR_VERSION "2015.68" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION