From 70a22818230565ebe5ca49dcd43e7f1afff04bfb Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 22 Feb 2007 15:46:57 +0000 Subject: [PATCH] 0.49 probably done --HG-- extra : convert_revision : 61cdf48863b44c54cf8abe33d263f7c1d57a27df --- CHANGES | 9 ++++++++- dbclient.1 | 4 ++++ debian/changelog | 4 ++-- options.h | 7 ++++--- 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index f58ed7e..85e50a0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ -0.49test1 - Mon 12 February 2007 +0.49 - Fri 23 February 2007 + +- Security: dbclient previously would prompt to confirm a + mismatching hostkey but wouldn't warn loudly. It will now + exit upon a mismatch. - Compile fixes, make sure that all variable definitions are at the start of a scope. @@ -9,6 +13,9 @@ - Add -f dbclient option for "background after auth" +- Add ability to limit binding to particular addresses, use + -p [address:]port, patch from Max-Gerd Retzlaff. + - Try to finally fix ss_family compilation problems (for old glibc systems) diff --git a/dbclient.1 b/dbclient.1 index c91c272..4145342 100644 --- a/dbclient.1 +++ b/dbclient.1 @@ -70,6 +70,10 @@ This is useful when using password authentication. Allow non-local hosts to connect to forwarded ports. Applies to -L and -R forwarded ports, though remote connections to -R forwarded ports may be limited by the ssh server. +.TP +.B \-y +Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the +connection will abort as normal. .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .br diff --git a/debian/changelog b/debian/changelog index d201176..0ad67ef 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ -dropbear (0.49test1-0.1) unstable; urgency=low +dropbear (0.49-0.1) unstable; urgency=low * New upstream release. - -- Matt Johnston Mon, 12 Feb 2007 23:59:00 +0900 + -- Matt Johnston Fri, 23 Feb 2007 00:44:00 +0900 dropbear (0.48.1-1) unstable; urgency=medium diff --git a/options.h b/options.h index 4ba51c3..cd6f7ca 100644 --- a/options.h +++ b/options.h @@ -133,7 +133,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * You can't enable both PASSWORD and PAM. */ #define ENABLE_SVR_PASSWORD_AUTH -/*#define ENABLE_SVR_PAM_AUTH */ +/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */ #define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_CLI_PASSWORD_AUTH @@ -182,7 +182,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ #define MAX_AUTH_TRIES 10 #endif -/* The file to store the daemon's process ID, for shutdown scripts etc */ +/* The default file to store the daemon's process ID, for shutdown + scripts etc. This can be overridden with the -P flag */ #ifndef DROPBEAR_PIDFILE #define DROPBEAR_PIDFILE "/var/run/dropbear.pid" #endif @@ -214,7 +215,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "0.49test1" +#define DROPBEAR_VERSION "0.49" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION