Simple text changes

--HG--
extra : convert_revision : 3e9897a609f03cef43230c22d3c1d085850057a8

CHANGES

@@ -1,3 +1,63 @@
+0.43 - Fri Jul 16 2004 17:44:54 +0800
+
+- SECURITY: Don't try to free() uninitialised variables in DSS verification
+  code. Thanks to Arne Bernin for pointing out this bug. This is possibly
+  exploitable, all users with DSS and pubkey-auth compiled in are advised to
+  upgrade.
+
+- Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
+
+- Don't go into an infinite loop when portforwarding to servers which don't
+  send any initial data/banner. Patch from Nikola Vladov
+
+- Fix for network vs. host byte order in logging remote TCP ports, also
+  from Gerrit Pape.
+
+- Initialise many pointers to NULL, for general safety. Also checked cleanup
+  code for mp_ints (related to security issues above).
+
+0.42 - Wed Jun 16 2004 12:44:54 +0800
+
+- Updated to Gerrit Pape's official Debian subdirectory
+
+- Fixed bad check when opening /dev/urandom - thanks to Danny Sung.
+
+- Added -i inetd mode flag, and associated options in options.h . Dropbear
+  can be compiled with either normal mode, inetd, or both modes. Thanks
+  to Gerrit Pape for basic patch and motivation.
+
+- Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill
+  Sommerfield.
+
+- Fixed a TCP forwarding (client-local, -L style) bug which caused the whole
+  session to close if the TCP connection failed. Thanks to Andrew Braund for
+  reporting it and helping track it down.
+
+- Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some
+  suggestions, and BSD manpages for a clearer explanation of the behaviour.
+
+- Added manpages, thanks to Gerrit Pape.
+
+- Changed license text for LibTomCrypt and LibTomMath.
+
+- Added strip-static target
+
+- Fixed a bug in agent-forwarding cleanup handler - would segfault
+  (dereferencing a null pointer) if agent forwarding had failed.
+
+- Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will
+  work. Thanks to Dr. Markus Waldeck for the report. 
+
+- Fixed local port forwarding code so that the "-j" option will make forwarding
+  attempts fail more gracefully.
+
+- Allow repeated requests in a single session if previous ones fail - this fixes  PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it
+  isn't available. Thanks to Stirling Westrup for the report.
+
+- Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses
+  smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in
+  options.h, leading to a significant reduction in the binary size.
+
 0.41 - Mon Jan 19 2004 22:40:19 +0800
 
 - Fix in configure so that cross-compiling works, thanks to numerous people for

INSTALL

@@ -78,7 +78,11 @@ globally in ~/.ssh/config, not just in the host entry in that file.
 You may want to manually disable lastlog recording when using uClibc, configure
 with --disable-lastlog.
 
-One common problem is pty allocation. There are a number of types of pty allocation which can be used -- if they work properly, the end result is the same for each type. Running configure should detect the best type to use automatically, however for some embedded systems, this may be incorrect. Some things to note:
+One common problem is pty allocation. There are a number of types of pty
+allocation which can be used -- if they work properly, the end result is the
+same for each type. Running configure should detect the best type to use
+automatically, however for some systems, this may be incorrect. Some
+things to note:
 
     If your system expects /dev/pts to be mounted (this is a uClibc option),
 	make sure that it is.

LICENSE

@@ -23,9 +23,8 @@ SOFTWARE.
 
 =====
 
-LibTomCrypt and LibTomMath are (c) Tom St Denis, under TDCAL (Tom Doesn't Care
+LibTomCrypt and LibTomMath are written by Tom St Denis, and are Public Domain.
-About Licenses) some files are from public domain sources, see
+Some files are from other public domain sources, see libtomcrypt/legal.txt
-libtomcrypt/legal.txt
 
 =====
 

TODO

@@ -1,28 +1,24 @@
 Current:
 
-Things which need doing:
+Things which might need doing:
 
 - Make options.h generated from configure perhaps?
 
-- investigate self-pipe?
+- Improved queueing of unauthed connections
+
 - fix agent fwd problems
+
 - improve channel window adjustment algorithm (circular buffering)
 
-- Don't use pregenerated AES tables
-
-- check PRNG
 - check that there aren't timing issues with valid/invalid user authentication
   feedback.
 
-- IP6 (binding to :: takes over ipv4 as well, sigh. If anyone wants to suggest
+- Binding to different interfaces
-  a clean way (ie no V4MAPPED or setsockopt things) please let me know :)
-- Binding to different interfaces (see ipv6 probably)
 
-- PAM ??
-- inetd
 - possible RSA blinding? need to check whether this is vuln to timing attacks
+- check PRNG
 - CTR mode, SSH_MSG_IGNORE sending to improve CBC security
-- DH Group Exchange possibly
+- DH Group Exchange possibly, or just add group14 (whatever it's called today)
 
 - Use m_burn for clearing sensitive items in LTM/LTC