From a3bb3137ac5b59f120930ec43e141d96ee8a7609 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 7 Mar 2005 03:57:26 +0000 Subject: [PATCH 1/2] changes for 0.45 --HG-- extra : convert_revision : ced3f1d1fe81c6cc53ca2c15ac71a84d894971d8 --- CHANGES | 13 +++++++++++++ options.h | 19 +++++++++---------- 2 files changed, 22 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index 086758c..ace4cec 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,16 @@ +0.45 - Mon March 7 2005 + +- Makefile no longer appends 'static' to statically linked binaries + +- Add optional SSH_ASKPASS support to the client + +- Respect HOST_LOOKUP option + +- Fix accidentally removed "return;" statement which was removed in 0.44 + (causing clients which sent an empty terminal-modes string to fail to + connect - including pssh, ssh.com, danger hiptop). (patches + independently from Paul Fox, David Horwitt and Sven-Ola Tuecke) + - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient will work with scp. diff --git a/options.h b/options.h index 7e88dbc..3596670 100644 --- a/options.h +++ b/options.h @@ -111,16 +111,14 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ /* Authentication Types - at least one required. RFC Draft requires pubkey auth, and recommends password */ -/* PAM auth is quite simple, and only works for PAM modules which just do a - * simple "Login: " "Password: " (or something like that - if your module is - * similar but not quite like that, edit the strings in svr-authpam.c). - * Basically, it's useful for systems like OS X where standard password crypts - * don't work, but there's an interface via a PAM module. You'll need to - * configure with --enable-pam as well, since it's off by default. And you - * should only enable either PASSWORD _or_ PAM auth, not both. */ +/* Note: PAM auth is quite simple, and only works for PAM modules which just do + * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). + * It's useful for systems like OS X where standard password crypts don't work, + * but there's an interface via a PAM module - don't bother using it otherwise. + * You can't enable both PASSWORD and PAM. */ #define ENABLE_SVR_PASSWORD_AUTH -/*#define ENABLE_SVR_PAM_AUTH*/ +//#define ENABLE_SVR_PAM_AUTH #define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_CLI_PASSWORD_AUTH @@ -143,7 +141,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ /* If you are lacking entropy on the system then using /dev/urandom * will prevent Dropbear from blocking on the device. This could * however significantly reduce the security of your ssh connections - * if the PRNG state becomes simpler. */ + * if the PRNG state becomes guessable - make sure you know what you are + * doing if you change this. */ #define DROPBEAR_RANDOM_DEV "/dev/random" /* prngd must be manually set up to produce output */ @@ -190,7 +189,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "0.44" +#define DROPBEAR_VERSION "0.45" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION From e903109d9f91f014ceb5ffa2918440d4d12acd61 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Mon, 7 Mar 2005 04:25:43 +0000 Subject: [PATCH 2/2] * fix comment style in options.h * bump debian version --HG-- extra : convert_revision : d815305b19d789fe97890c3fdedb55df2e9cf324 --- debian/changelog | 6 ++++++ options.h | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index ab74956..253bc3b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dropbear (0.45-1) unstable; urgency=high + + * New upstream release, various fixes. + + -- Matt Johnston Mon, 7 March 2005 00:44:54 +0800 + dropbear (0.44+final-1) unstable; urgency=high * New upstream release, various fixes. diff --git a/options.h b/options.h index 3596670..8fc1109 100644 --- a/options.h +++ b/options.h @@ -118,7 +118,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */ * You can't enable both PASSWORD and PAM. */ #define ENABLE_SVR_PASSWORD_AUTH -//#define ENABLE_SVR_PAM_AUTH +/*#define ENABLE_SVR_PAM_AUTH*/ #define ENABLE_SVR_PUBKEY_AUTH #define ENABLE_CLI_PASSWORD_AUTH