mirror of
https://github.com/clearml/dropbear
synced 2025-06-26 18:17:32 +00:00
draft CHANGES
This commit is contained in:
Matt Johnston
parent
8fdaf0268d
commit
316c923188
73
CHANGES
73
CHANGES
@ -1,3 +1,76 @@
|
||||
Upcoming...
|
||||
|
||||
- IMPORTANT:
|
||||
Custom configuration is now specified in local_options.h rather than options.h
|
||||
Available options and defaults can be seen in default_options.h.in
|
||||
|
||||
To migrate your configuration, compare your customised options.h against the
|
||||
upstream options.h from your relevant version. Any customised options should
|
||||
be put in localoptions.h
|
||||
|
||||
- "configure --enable-static" should now be used instead of "make STATIC=1"
|
||||
|
||||
- Add group14-256 and group16 key exchange options
|
||||
|
||||
- Set hardened build flags by default if supported by the compiler.
|
||||
-Wl,-pie
|
||||
-Wl,-z,now -Wl,-z,relro
|
||||
-fstack-protector-strong
|
||||
-D_FORTIFY_SOURCE=2
|
||||
# spectre v2 mitigation
|
||||
-mfunction-return=thunk
|
||||
-mindirect-branch=thunk
|
||||
|
||||
These can be disabled with configure --disable-harden if needed
|
||||
Spectre patch from Loganaden Velvindron
|
||||
|
||||
- Add runtime -T max_auth_tries option from Kevin Darbyshire-Bryant
|
||||
|
||||
- Add 'dbclient -J &fd' to allow dbclient to connect over an existing socket.
|
||||
See dbclient manpage for a socat example. Patch from Harald Becker
|
||||
|
||||
- Add "-c forced_command" option. Patch from Jeremy Kerr
|
||||
|
||||
- Support server-chosen TCP forwarding ports, patch from houseofkodai
|
||||
|
||||
- Allow choosing outgoing address for dbclient with -b [bind_address][:bind_port]
|
||||
Patch from houseofkodai
|
||||
|
||||
- Update bundled libtomcrypt to 1.18.1, libtommath to 1.0.1
|
||||
|
||||
- Minimum RSA key length has been increased to 1024 bits
|
||||
|
||||
- Set PAM_RHOST which is needed by modules such as pam_abl
|
||||
|
||||
- Improvements to DSS public key validation, found by OSS-Fuzz.
|
||||
|
||||
- Don't exit when an authorized_keys file has malformed entries. Found by OSS-Fuzz
|
||||
|
||||
- Fix null-pointer crash with malformed ECDSA or DSS keys. Found by OSS-Fuzz
|
||||
|
||||
- Numerous code cleanups and small issues fixed by Francois Perrad
|
||||
|
||||
- Test for pkt_sched.h rather than SO_PRIORITY which was problematic with some musl
|
||||
platforms. Reported by Oliver Schneider and Andrew Bainbridge
|
||||
|
||||
- Fix some platform portability problems, from Ben Gardner
|
||||
|
||||
- Add EXEEXT filename suffix for building dropbearmulti, from William Foster
|
||||
|
||||
- Support --enable-<option> properly for configure, from Stefan Hauser
|
||||
|
||||
- configure have_openpty result can be cached, from Eric Bénard
|
||||
|
||||
- handle platforms that return close() < -1 on failure, from Marco Wenzel
|
||||
|
||||
- Build and configuration cleanups from Michael Witten
|
||||
|
||||
- Fix libtomcrypt/libtommath linking order, from Andre McCurdy
|
||||
|
||||
- Fix old Linux platforms that have SYS_clock_gettime but not CLOCK_MONOTONIC
|
||||
|
||||
- Update curve25519-donna implementation to current version
|
||||
|
||||
2017.75 - 18 May 2017
|
||||
|
||||
- Security: Fix double-free in server TCP listener cleanup
|
||||
|
||||
Loading…
Reference in New Issue
Block a user