From 5e4dc719077011bd52c6f51554014838e5c62b12 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Wed, 19 Feb 2014 22:01:01 +0800 Subject: [PATCH] CHANGES for 2014.63 --- CHANGES | 44 ++++++++++++++++++++++++++++++++++++++++++++ options.h | 6 ++++++ sysoptions.h | 5 ----- 3 files changed, 50 insertions(+), 5 deletions(-) diff --git a/CHANGES b/CHANGES index b93a8df..10ae26e 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,47 @@ +2014.63 - Wednesday 19 February 2014 + +- Fix ~. to terminate a client interactive session after waking a laptop + from sleep. + +- Changed port separator syntax again, now using host^port. This is because + IPv6 link-local addresses use %. Reported by Gui Iribarren + +- Avoid constantly relinking dropbearmulti target, fix "make install" + for multi target, thanks to Mike Frysinger + +- Avoid getting stuck in a loop writing huge key files, reported by Bruno + Thomsen + +- Don't link dropbearkey or dropbearconvert to libz or libutil, + thanks to Nicolas Boos + +- Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos + +- Avoid crash on exit due to cleaned up keys before last packets are sent, + debugged by Ronald Wahl + +- Fix a race condition in rekeying where Dropbear would exit if it received a + still-in-flight packet after initiating rekeying. Reported by Oliver Metz. + This is a longstanding bug but is triggered more easily since 2013.57 + +- Fix README for ecdsa keys, from Caralin Patulea + +- Ensure that generated RSA keys are always exactly the length + requested. Previously Dropbear always generated N+16 or N+15 bit keys. + Thanks to Unit 193 + +- Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the + first public key succeeds. Still not enabled by default, needs more + compatibility testing with other implementations. + +- Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to + +- Fix for bad system linux/pkt-sched.h header file with older Linux +kernels, from Steve Dover + +- Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch + and Mark Wickham for independently spotting the same problem. + 2013.62 - Tuesday 3 December 2013 - Disable "interactive" QoS connection options when a connection doesn't diff --git a/options.h b/options.h index 357bf42..44d6d23 100644 --- a/options.h +++ b/options.h @@ -222,6 +222,12 @@ much traffic. */ * return the password on standard output */ /*#define ENABLE_CLI_ASKPASS_HELPER*/ +/* Save a network roundtrip by sendng a real auth request immediately after + * sending a query for the available methods. It is at the expense of < 100 + * bytes of extra network traffic. This is not yet enabled by default since it + * could cause problems with non-compliant servers */ +/* #define DROPBEAR_CLI_IMMEDIATE_AUTH */ + /* Source for randomness. This must be able to provide hundreds of bytes per SSH * connection without blocking. In addition /dev/random is used for seeding * rsa/dss key generation */ diff --git a/sysoptions.h b/sysoptions.h index 3bb8e92..5b2f78d 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -176,11 +176,6 @@ accept for keyb-interactive auth */ -/* Send a real auth request immediately after sending a query for the available methods. - * It saves a network round trip at login. - * If problems are encountered it can be disabled here. */ - #define DROPBEAR_CLI_IMMEDIATE_AUTH - #if defined(DROPBEAR_AES256) || defined(DROPBEAR_AES128) #define DROPBEAR_AES