Mercurial > dropbear

changeset 1646:6d1bbe7d5fa5 DROPBEAR_2019.77

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
2019.77
author Matt Johnston <matt@ucc.asn.au>
date Sat, 23 Mar 2019 21:46:29 +0800
parents 0276c0f8c2b8
children 07b0d56d186d
files CHANGES debian/changelog sysoptions.h
diffstat 3 files changed, 47 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Sat Mar 23 21:45:00 2019 +0800
+++ b/CHANGES	Sat Mar 23 21:46:29 2019 +0800
@@ -1,3 +1,43 @@
+2019.77 - 23 March 2019
+
+- Fix server -R option with ECDSA - only advertise one key size which will be accepted.
+  Reported by Peter Krefting, 2018.76 regression.
+
+- Fix server regression in 2018.76 where multiple client -R forwards were all forwarded 
+  to the first destination. Reported by Iddo Samet.
+
+- Make failure delay more consistent to avoid revealing valid usernames, set server password 
+  limit of 100 characters. Problem reported by usd responsible disclosure team
+
+- Change handling of failed authentication to avoid disclosing valid usernames,
+  CVE-2018-15599. 
+
+- Fix dbclient to reliably return the exit code from the remote server.
+  Reported by W. Mike Petullo
+
+- Fix export of 521-bit ECDSA keys, from Christian Hohnstädt
+
+- Add -o Port=xxx option to work with sshfs, from xcko
+
+- Merged fuzzing code, see FUZZER-NOTES.md
+
+- Add a DROPBEAR_SVR_MULTIUSER=0 compile option to run on 
+  single-user Linux kernels (CONFIG_MULTIUSER disabled). From Patrick Stewart
+
+- Increase allowed username to 100 characters, reported by W. Mike Petullo
+
+- Update config.sub and config.guess, should now work with RISC-V
+
+- Cygwin compile fix from karel-m
+
+- Don't require GNU sed (accidentally in 2018.76), reported by Samuel Hsu
+
+- Fix for IRIX and writev(), reported by Kazuo Kuroi
+
+- Other fixes and cleanups from François Perrad, Andre McCurdy, Konstantin Demin,
+  Michael Jones, Pawel Rapkiewicz
+
+
 2018.76 - 27 February 2018
 
 > > > Configuration/compatibility changes
--- a/debian/changelog	Sat Mar 23 21:45:00 2019 +0800
+++ b/debian/changelog	Sat Mar 23 21:46:29 2019 +0800
@@ -1,3 +1,9 @@
+dropbear (2019.77-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <[email protected]>  Sat, 23 Mar 2019 22:51:57 +0800
+
 dropbear (2018.76-0.1) unstable; urgency=low
 
   * New upstream release.
--- a/sysoptions.h	Sat Mar 23 21:45:00 2019 +0800
+++ b/sysoptions.h	Sat Mar 23 21:46:29 2019 +0800
@@ -4,7 +4,7 @@
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2018.76"
+#define DROPBEAR_VERSION "2019.77"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION