changeset 1938:77bc00dcc19f default tip main master

Bump version to 2022.82
author Matt Johnston <matt@ucc.asn.au>
date Fri, 01 Apr 2022 14:43:27 +0800 (2022-04-01)
parents 334b742fdeb8
children
files CHANGES debian/changelog sysoptions.h
diffstat 3 files changed, 29 insertions(+), 14 deletions(-) [+]
line wrap: on
line diff
--- a/CHANGES	Fri Apr 01 14:33:27 2022 +0800
+++ b/CHANGES	Fri Apr 01 14:43:27 2022 +0800
@@ -1,21 +1,23 @@
-Future Release
+2022.82 - 1 April 2022
+
 Features and Changes:
+  Note >> for compatibility/configuration changes
 
-- Implement OpenSSH format private key handling for dropbearconvert.
-  Keys can be read in OpenSSH format or the old PEM format, they will be
-  written in OpenSSH format. (DSS has not been implemented).
-  ED25519 support is now correct.
+- Implemented OpenSSH format private key handling for dropbearconvert.
+  Keys can be read in OpenSSH format or the old PEM format.
+  >> Keys are now written in OpenSSH format rather than PEM.
+  ED25519 support is now correct. DSS keys are still PEM format.
 
 - Use SHA256 for key fingerprints
 
-- Reworked -v verbose printing, specifying multiple times will increase
+- >> Reworked -v verbose printing, specifying multiple times will increase
   verbosity. -vvvv is equivalent to the old DEBUG_TRACE -v level, it
   can be configured at compile time in localoptions.h (see default_options.h)
   Lower -v options can be used to check connection progress or algorithm
   negotiation.
   Thanks to Hans Harder for the implementation
 
-  > > localoptions.h DEBUG_TRACE should be set to 4 for the same result as the
+  localoptions.h DEBUG_TRACE should be set to 4 for the same result as the
   previous DEBUG_TRACE 1.
 
 - Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in
@@ -23,7 +25,7 @@
   Thanks to Egor Duda for the implementation
 
 - autoconf output (configure script etc) is now committed to version control.
-  It isn't necessary to run "autoconf" any more on a checkout.
+  >> It isn't necessary to run "autoconf" any more on a checkout.
 
 - sha1 will be omitted from the build if KEX/signing/MAC algorithms don't
   require it. Instead sha256 is used for random number generation.
@@ -34,12 +36,15 @@
   (must only have characters a-z A-Z 0-9 .,_-+@)
   Patch from Hans Harder, modified by Matt Johnston
 
+- Let dbclient multihop mode be used with '-J'.
+  Patch from Hans Harder
+
 - Allow home-directory relative paths ~/path for various settings
   and command line options.
   *_PRIV_FILENAME DROPBEAR_PIDFILE SFTPSERVER_PATH MOTD_FILENAME
   Thanks to Begley Brothers Inc
 
-  > > The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs
+  >> The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs
   a tilde prefix.
 
 - LANG environment variable is carried over from the Dropbear server process
@@ -50,7 +55,7 @@
   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
 
 - Added client option "-o DisableTrivialAuth". This can be used to prevent
-  the server immediately allowing successful authentication (before any auth
+  the server immediately accepting successful authentication (before any auth
   request) which could cause UI confusion and security issues with agent
   forwarding - it isn't clear which host is prompting to use a key.
   Thanks to Manfred Kaiser from Austrian MilCERT
@@ -61,14 +66,14 @@
   This should be used with caution.
   Patch from Roland Vollgraf (github #118)
 
-- Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to
+- >> Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to
   AF21 "interactive". Previously TOS classes were used, they are not used by
   modern traffic classifiers. Non-tty traffic is left at default priority.
 
-- Disable dh-group1 key exchange by default. It has been disabled server
+- >> Disable dh-group1 key exchange by default. It has been disabled server
   side by default since 2018.
 
-- Removed Twofish cipher
+- >> Removed Twofish cipher
 
 Fixes:
 
@@ -86,6 +91,9 @@
 
 - A missing home directory is now non-fatal, starting in / instead
 
+- Fixed IPv6 [address]:port parsing for dbclient -b
+  Reported by Fabio Molinari
+
 - Improve error logging so that they are logged on the server rather than being
   sent to the client over the connection
 
@@ -107,6 +115,7 @@
 - Improvements to fuzzers. Added post-auth fuzzer, and a mutator that can
   handle the structure of SSH packet streams. Added cifuzz to run on commits
   and pull requests.
+  Thanks to OSS-Fuzz for the tools/clusters and reward funding.
 
 - Dropbear source tarballs generated by release.sh are now reproducible from a
   Git or Mercurial checkout, they will be identical on any system. Tested
--- a/debian/changelog	Fri Apr 01 14:33:27 2022 +0800
+++ b/debian/changelog	Fri Apr 01 14:43:27 2022 +0800
@@ -1,3 +1,9 @@
+dropbear (2022.82-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 1 Apr 2022 22:51:57 +0800
+
 dropbear (2020.81-0.1) unstable; urgency=low
 
   * New upstream release.
--- a/sysoptions.h	Fri Apr 01 14:33:27 2022 +0800
+++ b/sysoptions.h	Fri Apr 01 14:43:27 2022 +0800
@@ -4,7 +4,7 @@
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2020.81"
+#define DROPBEAR_VERSION "2022.82"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION