mirror of
https://github.com/clearml/dropbear
synced 2025-06-26 18:17:32 +00:00
draft CHANGES
This commit is contained in:
Matt Johnston
parent
8fdaf0268d
commit
316c923188
73
CHANGES
73
CHANGES
@ -1,3 +1,76 @@
|
|||||||
|
Upcoming...
|
||||||
|
|
||||||
|
- IMPORTANT:
|
||||||
|
Custom configuration is now specified in local_options.h rather than options.h
|
||||||
|
Available options and defaults can be seen in default_options.h.in
|
||||||
|
|
||||||
|
To migrate your configuration, compare your customised options.h against the
|
||||||
|
upstream options.h from your relevant version. Any customised options should
|
||||||
|
be put in localoptions.h
|
||||||
|
|
||||||
|
- "configure --enable-static" should now be used instead of "make STATIC=1"
|
||||||
|
|
||||||
|
- Add group14-256 and group16 key exchange options
|
||||||
|
|
||||||
|
- Set hardened build flags by default if supported by the compiler.
|
||||||
|
-Wl,-pie
|
||||||
|
-Wl,-z,now -Wl,-z,relro
|
||||||
|
-fstack-protector-strong
|
||||||
|
-D_FORTIFY_SOURCE=2
|
||||||
|
# spectre v2 mitigation
|
||||||
|
-mfunction-return=thunk
|
||||||
|
-mindirect-branch=thunk
|
||||||
|
|
||||||
|
These can be disabled with configure --disable-harden if needed
|
||||||
|
Spectre patch from Loganaden Velvindron
|
||||||
|
|
||||||
|
- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
|
||||||
|
|
||||||
|
- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
|
||||||
|
See dbclient manpage for a socat example. Patch from Harald Becker
|
||||||
|
|
||||||
|
- Add "-c forced_command" option. Patch from Jeremy Kerr
|
||||||
|
|
||||||
|
- Support server-chosen TCP forwarding ports, patch from houseofkodai
|
||||||
|
|
||||||
|
- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
|
||||||
|
Patch from houseofkodai
|
||||||
|
|
||||||
|
- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
|
||||||
|
|
||||||
|
- Minimum RSA key length has been increased to 1024 bits
|
||||||
|
|
||||||
|
- Set PAM_RHOST which is needed by modules such as pam_abl
|
||||||
|
|
||||||
|
- Improvements to DSS public key validation, found by OSS-Fuzz.
|
||||||
|
|
||||||
|
- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
|
||||||
|
|
||||||
|
- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
|
||||||
|
|
||||||
|
- Numerous code cleanups and small issues fixed by Francois Perrad
|
||||||
|
|
||||||
|
- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
|
||||||
|
platforms. Reported by Oliver Schneider and Andrew Bainbridge
|
||||||
|
|
||||||
|
- Fix some platform portability problems, from Ben Gardner
|
||||||
|
|
||||||
|
- Add EXEEXT filename suffix for building dropbearmulti, from William Foster
|
||||||
|
|
||||||
|
- Support --enable-<option> properly for configure, from Stefan Hauser
|
||||||
|
|
||||||
|
- configure have_openpty result can be cached, from Eric Bénard
|
||||||
|
|
||||||
|
- handle platforms that return close() < -1 on failure, from Marco Wenzel
|
||||||
|
|
||||||
|
- Build and configuration cleanups from Michael Witten
|
||||||
|
|
||||||
|
- Fix libtomcrypt/libtommath linking order, from Andre McCurdy
|
||||||
|
|
||||||
|
- Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
|
||||||
|
|
||||||
|
- Update curve25519-donna implementation to current version
|
||||||
|
|
||||||
2017.75 - 18 May 2017
|
2017.75 - 18 May 2017
|
||||||
|
|
||||||
- Security: Fix double-free in server TCP listener cleanup
|
- Security: Fix double-free in server TCP listener cleanup
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user