changeset 900:49ed526daedc

CHANGES for 2014.63
author Matt Johnston <matt@ucc.asn.au>
date Wed, 19 Feb 2014 22:01:01 +0800
parents 115f8a3c2d5a
children 8bc704f417f3
files CHANGES options.h sysoptions.h
diffstat 3 files changed, 50 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Tue Feb 18 21:33:56 2014 +0800
+++ b/CHANGES	Wed Feb 19 22:01:01 2014 +0800
@@ -1,3 +1,47 @@
+2014.63 - Wednesday 19 February 2014
+
+- Fix ~. to terminate a client interactive session after waking a laptop
+  from sleep.
+
+- Changed port separator syntax again, now using host^port. This is because
+  IPv6 link-local addresses use %. Reported by Gui Iribarren
+
+- Avoid constantly relinking dropbearmulti target, fix "make install"
+  for multi target, thanks to Mike Frysinger
+
+- Avoid getting stuck in a loop writing huge key files, reported by Bruno
+  Thomsen
+
+- Don't link dropbearkey or dropbearconvert to libz or libutil, 
+  thanks to Nicolas Boos
+
+- Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos
+
+- Avoid crash on exit due to cleaned up keys before last packets are sent,
+  debugged by Ronald Wahl
+
+- Fix a race condition in rekeying where Dropbear would exit if it received a
+  still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
+  This is a longstanding bug but is triggered more easily since 2013.57
+
+- Fix README for ecdsa keys, from Caralin Patulea
+
+- Ensure that generated RSA keys are always exactly the length
+  requested. Previously Dropbear always generated N+16 or N+15 bit keys.
+  Thanks to Unit 193
+
+- Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the
+  first public key succeeds. Still not enabled by default, needs more
+  compatibility testing with other implementations.
+
+- Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to 
+
+- Fix for bad system linux/pkt-sched.h header file with older Linux
+kernels, from Steve Dover
+
+- Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch
+  and Mark Wickham for independently spotting the same problem.
+
 2013.62 - Tuesday 3 December 2013
 
 - Disable "interactive" QoS connection options when a connection doesn't
--- a/options.h	Tue Feb 18 21:33:56 2014 +0800
+++ b/options.h	Wed Feb 19 22:01:01 2014 +0800
@@ -222,6 +222,12 @@
  * return the password on standard output */
 /*#define ENABLE_CLI_ASKPASS_HELPER*/
 
+/* Save a network roundtrip by sendng a real auth request immediately after
+ * sending a query for the available methods.  It is at the expense of < 100
+ * bytes of extra network traffic. This is not yet enabled by default since it
+ * could cause problems with non-compliant servers */
+/* #define DROPBEAR_CLI_IMMEDIATE_AUTH */
+
 /* Source for randomness. This must be able to provide hundreds of bytes per SSH
  * connection without blocking. In addition /dev/random is used for seeding
  * rsa/dss key generation */
--- a/sysoptions.h	Tue Feb 18 21:33:56 2014 +0800
+++ b/sysoptions.h	Wed Feb 19 22:01:01 2014 +0800
@@ -176,11 +176,6 @@
 												accept for keyb-interactive
 												auth */
 
-/* Send a real auth request immediately after sending a query for the available methods.
- * It saves a network round trip at login.
- * If problems are encountered it can be disabled here. */
- #define DROPBEAR_CLI_IMMEDIATE_AUTH
-
 
 #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128)
 #define DROPBEAR_AES