Bump version to 2022.82

2025-01-31 02:46:58 +00:00 · 2022-04-01 14:43:27 +08:00 · 2022-04-01 14:43:27 +08:00 · b8669b063b
commit b8669b063b
parent c6e2d50310
3 changed files with 30 additions and 15 deletions
--- a/37
+++ b/37
@ -1,21 +1,23 @@
-Future Release
-Features and Changes:
+2022.82 - 1 April 2022

- Implement OpenSSH format private key handling for dropbearconvert.
-  Keys can be read in OpenSSH format or the old PEM format, they will be
-  written in OpenSSH format. (DSS has not been implemented).
-  ED25519 support is now correct.
+Features and Changes:
+  Note >> for compatibility/configuration changes
+
+- Implemented OpenSSH format private key handling for dropbearconvert.
+  Keys can be read in OpenSSH format or the old PEM format.
+  >> Keys are now written in OpenSSH format rather than PEM.
+  ED25519 support is now correct. DSS keys are still PEM format.

 - Use SHA256 for key fingerprints

- Reworked -v verbose printing, specifying multiple times will increase
+- >> Reworked -v verbose printing, specifying multiple times will increase
  verbosity. -vvvv is equivalent to the old DEBUG_TRACE -v level, it
  can be configured at compile time in localoptions.h (see default_options.h)
  Lower -v options can be used to check connection progress or algorithm
  negotiation.
  Thanks to Hans Harder for the implementation

-  > > localoptions.h DEBUG_TRACE should be set to 4 for the same result as the
+  localoptions.h DEBUG_TRACE should be set to 4 for the same result as the
  previous DEBUG_TRACE 1.

 - Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in
@ -23,7 +25,7 @@ Features and Changes:
  Thanks to Egor Duda for the implementation

 - autoconf output (configure script etc) is now committed to version control.
-  It isn't necessary to run "autoconf" any more on a checkout.
+  >> It isn't necessary to run "autoconf" any more on a checkout.

 - sha1 will be omitted from the build if KEX/signing/MAC algorithms don't
  require it. Instead sha256 is used for random number generation.
@ -34,12 +36,15 @@ Features and Changes:
  (must only have characters a-z A-Z 0-9 .,_-+@)
  Patch from Hans Harder, modified by Matt Johnston

+- Let dbclient multihop mode be used with '-J'.
+  Patch from Hans Harder
+
 - Allow home-directory relative paths ~/path for various settings
  and command line options.
  *_PRIV_FILENAME DROPBEAR_PIDFILE SFTPSERVER_PATH MOTD_FILENAME
  Thanks to Begley Brothers Inc

-  > > The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs
+  >> The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs
  a tilde prefix.

 - LANG environment variable is carried over from the Dropbear server process
@ -50,7 +55,7 @@ Features and Changes:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403

 - Added client option "-o DisableTrivialAuth". This can be used to prevent
-  the server immediately allowing successful authentication (before any auth
+  the server immediately accepting successful authentication (before any auth
  request) which could cause UI confusion and security issues with agent
  forwarding - it isn't clear which host is prompting to use a key.
  Thanks to Manfred Kaiser from Austrian MilCERT
@ -61,14 +66,14 @@ Features and Changes:
  This should be used with caution.
  Patch from Roland Vollgraf (github #118)

- Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to
+- >> Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to
  AF21 "interactive". Previously TOS classes were used, they are not used by
  modern traffic classifiers. Non-tty traffic is left at default priority.

- Disable dh-group1 key exchange by default. It has been disabled server
+- >> Disable dh-group1 key exchange by default. It has been disabled server
  side by default since 2018.

- Removed Twofish cipher
+- >> Removed Twofish cipher

 Fixes:

@ -86,6 +91,9 @@ Fixes:

 - A missing home directory is now non-fatal, starting in / instead

+- Fixed IPv6 [address]:port parsing for dbclient -b
+  Reported by Fabio Molinari
+
 - Improve error logging so that they are logged on the server rather than being
  sent to the client over the connection

@ -107,6 +115,7 @@ Infrastructure:
 - Improvements to fuzzers. Added post-auth fuzzer, and a mutator that can
  handle the structure of SSH packet streams. Added cifuzz to run on commits
  and pull requests.
+  Thanks to OSS-Fuzz for the tools/clusters and reward funding.

 - Dropbear source tarballs generated by release.sh are now reproducible from a
  Git or Mercurial checkout, they will be identical on any system. Tested
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,9 @@
+dropbear (2022.82-0.1) unstable; urgency=low
+
+  * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 1 Apr 2022 22:51:57 +0800
+
 dropbear (2020.81-0.1) unstable; urgency=low

  * New upstream release.
--- a/sysoptions.h
+++ b/sysoptions.h
@ -4,7 +4,7 @@
 *******************************************************************/

 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2020.81"
+#define DROPBEAR_VERSION "2022.82"
 #endif

 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION