# HG changeset patch # User Matt Johnston # Date 1648653480 -28800 # Node ID b366dfaeae683c3048d6916ffa774afd5f791c2e # Parent 299f4f19ba198d5e895dd7cbb98a5c106dfd4471 Write CHANGES since last release diff -r 299f4f19ba19 -r b366dfaeae68 CHANGES --- a/CHANGES Mon Jul 09 16:27:53 2018 +0200 +++ b/CHANGES Wed Mar 30 23:18:00 2022 +0800 @@ -1,9 +1,125 @@ -- The following config paths are now relative to a home directory if - starting with "~". Thanks to Begley Brothers Inc - *_PRIV_FILENAME - DROPBEAR_PIDFILE - SFTPSERVER_PATH - MOTD_FILENAME +Future Release +Features and Changes: + +- Implement OpenSSH format private key handling for dropbearconvert. + Keys can be read in OpenSSH format or the old PEM format, they will be + written in OpenSSH format. (DSS has not been implemented). + ED25519 support is now correct. + +- Use SHA256 for key fingerprints + +- Reworked -v verbose printing, specifying multiple times will increase + verbosity. -vvvv is equivalent to the old DEBUG_TRACE -v level, it + can be configured at compile time in localoptions.h (see default_options.h) + Lower -v options can be used to check connection progress or algorithm + negotiation. + Thanks to Hans Harder for the implementation + + > > localoptions.h DEBUG_TRACE should be set to 4 for the same result as the + previous DEBUG_TRACE 1. + +- Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in + authorized_keys. no-touch-required option isn't allowed yet. + Thanks to Egor Duda for the implementation + +- autoconf output (configure script etc) is now committed to version control. + It isn't necessary to run "autoconf" any more on a checkout. + +- sha1 will be omitted from the build if KEX/signing/MAC algorithms don't + require it. Instead sha256 is used for random number generation. + See sysoptions.h to see which algorithms require which hashes. + +- Set SSH_PUBKEYINFO environment variable based on the authorized_keys + entry used for auth. The first word of the comment after the key is used + (must only have characters a-z A-Z 0-9 .,_-+@) + Patch from Hans Harder, modified by Matt Johnston + +- Allow home-directory relative paths ~/path for various settings + and command line options. + *_PRIV_FILENAME DROPBEAR_PIDFILE SFTPSERVER_PATH MOTD_FILENAME + Thanks to Begley Brothers Inc + + > > The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs + a tilde prefix. + +- LANG environment variable is carried over from the Dropbear server process + From Maxim Kochetkov + +- Add /usr/sbin and /sbin to $PATH when logging in as root. + Patch from Raphaƫl Hertzog + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403 + +- Added client option "-o DisableTrivialAuth". This can be used to prevent + the server immediately allowing successful authentication (before any auth + request) which could cause UI confusion and security issues with agent + forwarding - it isn't clear which host is prompting to use a key. + Thanks to Manfred Kaiser from Austrian MilCERT + +- Add -q client option to hide remote banner, from Hans Harder + +- Add -e option to pass all server environment variables to child processes. + This should be used with caution. + Patch from Roland Vollgraf (github #118) + +- Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to + AF21 "interactive". Previously TOS classes were used, they are not used by + modern traffic classifiers. Non-tty traffic is left at default priority. + +- Disable dh-group1 key exchange by default. It has been disabled server + side by default since 2018. + +- Removed Twofish cipher + +Fixes: + +- Fix flushing channel data when pty was allocated (github #85) + Data wasn't completely transmitted at channel close. + Reported and initial patch thanks to Yousong Zhou + +- Dropbear now re-executes itself rather than just forking for each connection + (only on Linux). This allows ASLR to randomise address space for each + connection as a security mitigation. It should not have any visible impact + - if there are any performance impacts in the wild please report it. + +- Check authorized_keys permissions as the user, fixes NFS squash root. + Patch from Chris Dragan (github #107) + +- A missing home directory is now non-fatal, starting in / instead + +- Improve error logging so that they are logged on the server rather than being + sent to the client over the connection + +- Max window size is increased to 10MB, more graceful fallback if it's invalid. + +- Fix correctness of Dropbear's handling of global requests. + Patch from Dirkjan Bussink + +- Fix some small bugs found by fuzzers, null pointer dereference crash and leaks + (post authentication) + +- $HOME variable is used before /etc/passwd when expanding paths such as + ~/.ssh/id_dropbear (for the client). Patch from Matt Robinson + +- C89 build fixes from Guillaume Picquet + +Infrastructure: + +- Improvements to fuzzers. Added post-auth fuzzer, and a mutator that can + handle the structure of SSH packet streams. Added cifuzz to run on commits + and pull requests. + +- Dropbear source tarballs generated by release.sh are now reproducible from a + Git or Mercurial checkout, they will be identical on any system. Tested + on ubuntu and macos. + +- Added some integration testing using pytest. Currently this has tests + for various channel handling edge cases, ASLR fork randomisation, + dropbearconvert, and SSH_PUBKEYINFO + +- Set up github actions. This runs the pytest suite and other checks. + - build matrix includes c89, dropbearmulti, bundled libtom, macos, DEBUG_TRACE + - test for configure script regeneration + - build a tarball for external reproducibility 2020.81 - 29 October 2020