mirror of
https://github.com/clearml/dropbear
synced 2025-02-07 13:21:15 +00:00
merge
This commit is contained in:
Matt Johnston
commit
c2b1327deb
1
.hgsigs
1
.hgsigs
@ -3,3 +3,4 @@ aa2f51a6b81d33de5e9898a7f27c792a173d9b26 0 iD8DBQBOuADmjPn4sExkf7wRAv/fAJ9FJFvjD
|
||||
85f835f2fe0ac2c503c50a414de127222fb0a57c 0 iD8DBQBPRkMUjPn4sExkf7wRAvM4AJ9mw2OAkyjhSbamM1MizlEJUX18HACgoFKQkYf6BnYxN34Nv2HhM0cmzUc=
|
||||
9b80981212fe6c01b7c16b3ca7c4e66af56f12f1 0 iEYEABECAAYFAlFLKKcACgkQjPn4sExkf7xK7wCfcioCmJPsysSbQO6+4qZMVe0mmLwAn2/o+wRf4MrUXlohrr7aXEF9vdSB
|
||||
095b46180bbc412b029420587736a6185afc17e1 0 iEYEABECAAYFAlFsCnkACgkQjPn4sExkf7xLrwCfeMWjUaSmfU/fvseT5TdrYRqBEVQAoLz5SFLEA40C5f8zE8Ma/vgVJVIC
|
||||
f168962bab857ca030829e4cd73d9b32c868c874 0 iEYEABECAAYFAlFwDNwACgkQjPn4sExkf7wJ6QCePVovn/avKXUyNwNBYCcov6JLYqkAnRCPQdkXgv20N3t10r6PRMBBo1/S
|
||||
|
||||
1
.hgtags
1
.hgtags
@ -37,3 +37,4 @@ d7da3b1e15401eb234ec866d5eac992fc4cd5878 t:ltc-0.95-db-merge1
|
||||
0000000000000000000000000000000000000000 t:ltc-0.95-db-merge1
|
||||
1b8b2b9d6e94bc3cc5e61b620476ea36cc466e1b DROPBEAR_2013.56
|
||||
96b8bcb88017815040949a417caa55686271e8a9 DROPBEAR_2013.57
|
||||
e76614145aea67f66e4a4257685c771efba21aa1 DROPBEAR_2013.58
|
||||
|
||||
21
CHANGES
21
CHANGES
@ -1,3 +1,14 @@
|
||||
2013.58 - Thursday 18 April 2013
|
||||
|
||||
- Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
|
||||
|
||||
- Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
|
||||
|
||||
- Reject logins for other users when running as non-root, from Hans Harder
|
||||
|
||||
- Disable client immediate authentication request by default, it prevents
|
||||
passwordless logins from working
|
||||
|
||||
2013.57 - Monday 15 April 2013
|
||||
|
||||
- Decreased connection setup time particularly with high latency connections,
|
||||
@ -20,7 +31,7 @@
|
||||
~^Z (background session)
|
||||
|
||||
- Server will more reliably clean up utmp when connection is closed, reported by
|
||||
Mattias Walström
|
||||
Mattias Walström
|
||||
|
||||
- Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
|
||||
|
||||
@ -60,10 +71,10 @@ though probably will be soon
|
||||
|
||||
- Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks
|
||||
|
||||
- A few improvements for Android from Reimar Döffinger
|
||||
- A few improvements for Android from Reimar Döffinger
|
||||
|
||||
- Fix memory leak for TCP forwarded connections to hosts that timed out,
|
||||
reported by Norbert Benczúr. Appears to be a very long-standing bug.
|
||||
reported by Norbert Benczúr. Appears to be a very long-standing bug.
|
||||
|
||||
- Fix "make clean" for out of tree builds
|
||||
|
||||
@ -689,7 +700,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default
|
||||
Lobenstock and Mihnea Stoenescu
|
||||
|
||||
- Use daemon() function if available (or our own copy) rather than separate
|
||||
code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard
|
||||
code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard
|
||||
Blackham for his suggestion on what to look at)
|
||||
|
||||
- Fixed up support for first_kex_packet_follows, required to talk to ssh.com
|
||||
@ -808,7 +819,7 @@ https://secure.ucc.asn.au/hg/dropbear/graph/default
|
||||
- Various signedness fixes
|
||||
- Can listen on multiple ports
|
||||
- added option to disable openpty with configure script,
|
||||
(from K.-P. Kirchdörfer <kapeka at epost.de>)
|
||||
(from K.-P. Kirchdörfer <kapeka at epost.de>)
|
||||
- Various cleanups to bignum code
|
||||
(thanks to Tom St Denis <tomstdenis at iahu.ca>)
|
||||
- Fix compile error when disabling RSA
|
||||
|
||||
@ -610,7 +610,11 @@ static void parse_hostname(const char* orighostarg) {
|
||||
cli_opts.username = m_strdup(cli_opts.own_user);
|
||||
}
|
||||
|
||||
port = strchr(cli_opts.remotehost, '/');
|
||||
port = strchr(cli_opts.remotehost, '%');
|
||||
if (!port) {
|
||||
// legacy separator
|
||||
port = strchr(cli_opts.remotehost, '/');
|
||||
}
|
||||
if (port) {
|
||||
*port = '\0';
|
||||
cli_opts.remoteport = port+1;
|
||||
|
||||
@ -15,7 +15,7 @@ dbclient \- lightweight SSH2 client
|
||||
.B dbclient
|
||||
[
|
||||
.I args ]
|
||||
.I [user1]@host1[/port1],[user2]@host2[/port2],...
|
||||
.I [user1]@host1[%port1],[user2]@host2[%port2],...
|
||||
|
||||
.SH DESCRIPTION
|
||||
.B dbclient
|
||||
@ -24,10 +24,9 @@ environments, while still being functional and secure enough for general use.
|
||||
.SH OPTIONS
|
||||
.TP
|
||||
.B \-p \fIport
|
||||
Remote port.
|
||||
Connect to port
|
||||
Connect to
|
||||
.I port
|
||||
on the remote host.
|
||||
on the remote host. Alternatively a port can be specified as hostname%port.
|
||||
Default is 22.
|
||||
.TP
|
||||
.B \-i \fIidfile
|
||||
@ -127,7 +126,7 @@ Dropbear will also allow multiple "hops" to be specified, separated by commas. I
|
||||
this case a connection will be made to the first host, then a TCP forwarded
|
||||
connection will be made through that to the second host, and so on. Hosts other than
|
||||
the final destination will not see anything other than the encrypted SSH stream.
|
||||
A port for a host can be specified with a slash (eg matt@martello/44 ).
|
||||
A port for a host can be specified with a hash (eg matt@martello%44 ).
|
||||
This syntax can also be used with scp or rsync (specifying dbclient as the
|
||||
ssh/rsh command). A file can be "bounced" through multiple SSH hops, eg
|
||||
|
||||
|
||||
6
debian/changelog
vendored
6
debian/changelog
vendored
@ -1,3 +1,9 @@
|
||||
dropbear (2013.58-0.1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
-- Matt Johnston <matt@ucc.asn.au> Thu, 18 Apr 2013 22:54:00 +0800
|
||||
|
||||
dropbear (2013.57-0.1) unstable; urgency=low
|
||||
|
||||
* New upstream release.
|
||||
|
||||
@ -204,6 +204,13 @@ much traffic. */
|
||||
* return the password on standard output */
|
||||
/*#define ENABLE_CLI_ASKPASS_HELPER*/
|
||||
|
||||
/* Send a real auth request first rather than requesting a list of available methods.
|
||||
* It saves a network round trip at login but prevents immediate login to
|
||||
* accounts with no password, and might be rejected by some strict servers (none
|
||||
* encountered yet) - hence it isn't enabled by default. */
|
||||
/* #define CLI_IMMEDIATE_AUTH */
|
||||
|
||||
|
||||
/* Source for randomness. This must be able to provide hundreds of bytes per SSH
|
||||
* connection without blocking. In addition /dev/random is used for seeding
|
||||
* rsa/dss key generation */
|
||||
|
||||
@ -66,6 +66,14 @@ void svr_auth_password() {
|
||||
m_burn(password, passwordlen);
|
||||
m_free(password);
|
||||
|
||||
if (testcrypt == NULL) {
|
||||
/* crypt() with an invalid salt like "!!" */
|
||||
dropbear_log(LOG_WARNING, "User account '%s' is locked",
|
||||
ses.authstate.pw_name);
|
||||
send_msg_userauth_failure(0, 1);
|
||||
return;
|
||||
}
|
||||
|
||||
/* check for empty password */
|
||||
if (passwdcrypt[0] == '\0') {
|
||||
dropbear_log(LOG_WARNING, "User '%s' has blank password, rejected",
|
||||
|
||||
@ -4,7 +4,7 @@
|
||||
*******************************************************************/
|
||||
|
||||
#ifndef DROPBEAR_VERSION
|
||||
#define DROPBEAR_VERSION "2013.57"
|
||||
#define DROPBEAR_VERSION "2013.58"
|
||||
#endif
|
||||
|
||||
#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
|
||||
@ -198,9 +198,6 @@
|
||||
#define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */
|
||||
#endif
|
||||
|
||||
/* Send an auth request straight away rather than trying "none" type to get a list */
|
||||
#define CLI_IMMEDIATE_AUTH
|
||||
|
||||
/* Changing this is inadvisable, it appears to have problems
|
||||
* with flushing compressed data */
|
||||
#define DROPBEAR_ZLIB_MEM_LEVEL 8
|
||||
|
||||
Loading…
Reference in New Issue
Block a user