Mercurial > dropbear
changeset 1520:84578193ef47
draft CHANGES
author | Matt Johnston <matt@ucc.asn.au> |
---|---|
date | Sun, 18 Feb 2018 23:48:32 +0800 (2018-02-18) |
parents | 2f4d52b1334e |
children | 198e2ee0f4b1 |
files | CHANGES |
diffstat | 1 files changed, 73 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGES Sun Feb 18 23:48:24 2018 +0800 +++ b/CHANGES Sun Feb 18 23:48:32 2018 +0800 @@ -1,3 +1,76 @@ +Upcoming... + +- IMPORTANT: + Custom configuration is now specified in local_options.h rather than options.h + Available options and defaults can be seen in default_options.h.in + + To migrate your configuration, compare your customised options.h against the + upstream options.h from your relevant version. Any customised options should + be put in localoptions.h + +- "configure --enable-static" should now be used instead of "make STATIC=1" + +- Add group14-256 and group16 key exchange options + +- Set hardened build flags by default if supported by the compiler. + -Wl,-pie + -Wl,-z,now -Wl,-z,relro + -fstack-protector-strong + -D_FORTIFY_SOURCE=2 + # spectre v2 mitigation + -mfunction-return=thunk + -mindirect-branch=thunk + + These can be disabled with configure --disable-harden if needed + Spectre patch from Loganaden Velvindron + +- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant + +- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket. + See dbclient manpage for a socat example. Patch from Harald Becker + +- Add "-c forced_command" option. Patch from Jeremy Kerr + +- Support server-chosen TCP forwarding ports, patch from houseofkodai + +- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port] + Patch from houseofkodai + +- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1 + +- Minimum RSA key length has been increased to 1024 bits + +- Set PAM_RHOST which is needed by modules such as pam_abl + +- Improvements to DSS public key validation, found by OSS-Fuzz. + +- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz + +- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz + +- Numerous code cleanups and small issues fixed by Francois Perrad + +- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl + platforms. Reported by Oliver Schneider and Andrew Bainbridge + +- Fix some platform portability problems, from Ben Gardner + +- Add EXEEXT filename suffix for building dropbearmulti, from William Foster + +- Support --enable-<option> properly for configure, from Stefan Hauser + +- configure have_openpty result can be cached, from Eric BĂ©nard + +- handle platforms that return close() < -1 on failure, from Marco Wenzel + +- Build and configuration cleanups from Michael Witten + +- Fix libtomcrypt/libtommath linking order, from Andre McCurdy + +- Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC + +- Update curve25519-donna implementation to current version + 2017.75 - 18 May 2017 - Security: Fix double-free in server TCP listener cleanup