0.48 progress

--HG-- extra : convert_revision : 23abf9a27f91b8191c12b24a8b2557e5e8750c21
2025-04-16 21:41:37 +00:00 · 2006-03-09 12:37:38 +00:00 · 2006-03-09 12:37:38 +00:00 · 94b28e420c
commit 94b28e420c
parent 9368e4db33
6 changed files with 26 additions and 10824 deletions
--- a/23
+++ b/23
@ -1,3 +1,26 @@
 0.48 - 
 - Check that the circular buffer is properly empty before
  closing a channel, which could cause truncated transfers
  (thanks to Tomas Vanek for helping track it down)
 - Implement per-IP pre-authentication connection limits 
  (after some poking from Pablo Fernandez)
 - Exit gracefully if trying to connect to as SSH v1 server 
  (reported by Rushi Lala)
 - Only read /dev/random once at startup when in non-inetd mode
 - Allow ctrl-c to close a dbclient password prompt (may
  still have to press enter on some platforms)
 - Merged in uClinux patch for inetd mode
 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue
  where use of system() could cause users to execute arbitrary
  code through malformed filenames, ref CVE-2006-0225
 0.47 - Thurs Dec 8 2005
 - SECURITY: fix for buffer allocation error in server code, could potentially
--- a/2
+++ b/2
@ -25,7 +25,7 @@ the key entries in that file. They should be of the form:
 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwVa6M6cGVmUcLl2cFzkxEoJd06Ub4bVDsYrWvXhvUV+ZAM9uGuewZBDoAqNKJxoIn0Hyd0Nk/yU99UVv6NWV/5YSHtnf35LKds56j7cuzoQpFIdjNwdxAN0PCET/MG8qyskG/2IE2DPNIaJ3Wy+Ws4IZEgdJgPlTYUBWWtCWOGc= someone@hostname
 You must make sure that ~/.ssh, and the key file, are only writable by the
-user.
+user. Beware of editors that split the key into multiple lines.
 NOTE: Dropbear ignores authorized_keys options such as those described in the
 OpenSSH sshd manpage, and will not allow a login for these keys. 
--- a/3
+++ b/3
@ -6,8 +6,6 @@ Things which might need doing:
 - Make options.h generated from configure perhaps?
 - Improved queueing of unauthed connections
 - handle /etc/environment in AIX
 - check that there aren't timing issues with valid/invalid user authentication
@ -15,7 +13,6 @@ Things which might need doing:
 - Binding to different interfaces
 - check PRNG
 - CTR mode
 - SSH_MSG_IGNORE sending to improve CBC security
 - DH Group Exchange possibly, or just add group14 (whatever it's called today)
--- a/libtommath/tommath.tex
+++ b/libtommath/tommath.tex
--- a/options.h
+++ b/options.h
@ -128,7 +128,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 * You can't enable both PASSWORD and PAM. */
 #define ENABLE_SVR_PASSWORD_AUTH
-/*#define ENABLE_SVR_PAM_AUTH*/
+/* #define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
 #define ENABLE_SVR_PUBKEY_AUTH
 #define ENABLE_CLI_PASSWORD_AUTH
--- a/svr-main.c
+++ b/svr-main.c
@ -1,7 +1,7 @@
 /*
 * Dropbear - a SSH2 server
 * 
- * Copyright (c) 2002,2003 Matt Johnston
+ * Copyright (c) 2002-2006 Matt Johnston
 * All rights reserved.
 * 
 * Permission is hereby granted, free of charge, to any person obtaining a copy
@ -48,8 +48,6 @@ int dropbear_main(int argc, char ** argv)
 int main(int argc, char ** argv)
 #endif
 {
 	_dropbear_exit = svr_dropbear_exit;
 	_dropbear_log = svr_dropbear_log;
@ -139,7 +137,6 @@ void main_noinetd() {
 	commonsetup();
 	/* should be done after syslog is working */
 	if (svr_opts.forkbg) {
 		dropbear_log(LOG_INFO, "Running in background");
@ -161,7 +158,6 @@ void main_noinetd() {
 	bzero(preauth_addrs, sizeof(preauth_addrs));
 	/* Set up the listening sockets */
 	/* XXX XXX ports */
 	listensockcount = listensockets(listensocks, MAX_LISTEN_ADDR, &maxsock);
 	if (listensockcount == 0)
 	{