changeset 69:59d16db56e9f

Simple text changes
author Matt Johnston <matt@ucc.asn.au>
date Thu, 12 Aug 2004 15:41:36 +0000
parents eee77ac31ccc
children b0316ce64e4b
files CHANGES INSTALL LICENSE TODO
diffstat 4 files changed, 74 insertions(+), 15 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Thu Aug 12 14:56:22 2004 +0000
+++ b/CHANGES	Thu Aug 12 15:41:36 2004 +0000
@@ -1,3 +1,63 @@
+0.43 - Fri Jul 16 2004 17:44:54 +0800
+
+- SECURITY: Don't try to free() uninitialised variables in DSS verification
+  code. Thanks to Arne Bernin for pointing out this bug. This is possibly
+  exploitable, all users with DSS and pubkey-auth compiled in are advised to
+  upgrade.
+
+- Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
+
+- Don't go into an infinite loop when portforwarding to servers which don't
+  send any initial data/banner. Patch from Nikola Vladov
+
+- Fix for network vs. host byte order in logging remote TCP ports, also
+  from Gerrit Pape.
+
+- Initialise many pointers to NULL, for general safety. Also checked cleanup
+  code for mp_ints (related to security issues above).
+
+0.42 - Wed Jun 16 2004 12:44:54 +0800
+
+- Updated to Gerrit Pape's official Debian subdirectory
+
+- Fixed bad check when opening /dev/urandom - thanks to Danny Sung.
+
+- Added -i inetd mode flag, and associated options in options.h . Dropbear
+  can be compiled with either normal mode, inetd, or both modes. Thanks
+  to Gerrit Pape for basic patch and motivation.
+
+- Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill
+  Sommerfield.
+
+- Fixed a TCP forwarding (client-local, -L style) bug which caused the whole
+  session to close if the TCP connection failed. Thanks to Andrew Braund for
+  reporting it and helping track it down.
+
+- Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some
+  suggestions, and BSD manpages for a clearer explanation of the behaviour.
+
+- Added manpages, thanks to Gerrit Pape.
+
+- Changed license text for LibTomCrypt and LibTomMath.
+
+- Added strip-static target
+
+- Fixed a bug in agent-forwarding cleanup handler - would segfault
+  (dereferencing a null pointer) if agent forwarding had failed.
+
+- Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will
+  work. Thanks to Dr. Markus Waldeck for the report. 
+
+- Fixed local port forwarding code so that the "-j" option will make forwarding
+  attempts fail more gracefully.
+
+- Allow repeated requests in a single session if previous ones fail - this fixes  PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it
+  isn't available. Thanks to Stirling Westrup for the report.
+
+- Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses
+  smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in
+  options.h, leading to a significant reduction in the binary size.
+
 0.41 - Mon Jan 19 2004 22:40:19 +0800
 
 - Fix in configure so that cross-compiling works, thanks to numerous people for
--- a/INSTALL	Thu Aug 12 14:56:22 2004 +0000
+++ b/INSTALL	Thu Aug 12 15:41:36 2004 +0000
@@ -78,7 +78,11 @@
 You may want to manually disable lastlog recording when using uClibc, configure
 with --disable-lastlog.
 
-One common problem is pty allocation. There are a number of types of pty allocation which can be used -- if they work properly, the end result is the same for each type. Running configure should detect the best type to use automatically, however for some embedded systems, this may be incorrect. Some things to note:
+One common problem is pty allocation. There are a number of types of pty
+allocation which can be used -- if they work properly, the end result is the
+same for each type. Running configure should detect the best type to use
+automatically, however for some systems, this may be incorrect. Some
+things to note:
 
     If your system expects /dev/pts to be mounted (this is a uClibc option),
 	make sure that it is.
--- a/LICENSE	Thu Aug 12 14:56:22 2004 +0000
+++ b/LICENSE	Thu Aug 12 15:41:36 2004 +0000
@@ -23,9 +23,8 @@
 
 =====
 
-LibTomCrypt and LibTomMath are (c) Tom St Denis, under TDCAL (Tom Doesn't Care
-About Licenses) some files are from public domain sources, see
-libtomcrypt/legal.txt
+LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
+Some files are from other public domain sources, see libtomcrypt/legal.txt
 
 =====
 
--- a/TODO	Thu Aug 12 14:56:22 2004 +0000
+++ b/TODO	Thu Aug 12 15:41:36 2004 +0000
@@ -1,28 +1,24 @@
 Current:
 
-Things which need doing:
+Things which might need doing:
 
 - Make options.h generated from configure perhaps?
 
-- investigate self-pipe?
+- Improved queueing of unauthed connections
+
 - fix agent fwd problems
+
 - improve channel window adjustment algorithm (circular buffering)
 
-- Don't use pregenerated AES tables
-
-- check PRNG
 - check that there aren't timing issues with valid/invalid user authentication
   feedback.
 
-- IP6 (binding to :: takes over ipv4 as well, sigh. If anyone wants to suggest
-  a clean way (ie no V4MAPPED or setsockopt things) please let me know :)
-- Binding to different interfaces (see ipv6 probably)
+- Binding to different interfaces
 
-- PAM ??
-- inetd
 - possible RSA blinding? need to check whether this is vuln to timing attacks
+- check PRNG
 - CTR mode, SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly
+- DH Group Exchange possibly, or just add group14 (whatever it's called today)
 
 - Use m_burn for clearing sensitive items in LTM/LTC