From fd234018a43ba9ca6a276d54942d96b95df024f1 Mon Sep 17 00:00:00 2001 From: Matt Johnston Date: Thu, 10 Nov 2022 18:39:08 +0800 Subject: [PATCH] Add draft CHANGES --- CHANGES | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 101 insertions(+) diff --git a/CHANGES b/CHANGES index 7c2f85c..9d9d480 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,104 @@ +2022.83 - + +Features and Changes: + Note >> for compatibility/configuration changes + +- >> Disable DROPBEAR_DSS by default + It is only 1024 bit and uses SHA1, most distros disable it by default already. + +- >> Remove HMAC_MD5 entirely + +- Added DROPBEAR_RSA_SHA1 option to allow disabling sha1 rsa signatures. + RSA with sha1 will be disabled in a future release (rsa keys will continue + to work OK, with sha256 signatures used instead). + +- Add option for requiring both password and pubkey (-t) + Patch from Jackkal + +- Add 'permitopen' option for authorized_keys to restrict forwarded ports + Patch from Tuomas Haikarainen + +- Add 'no-touch-required' and 'verify-required' options for sk keys + Patch from Egor Duda + +- Added LTM_CFLAGS configure argument to set flags for building + bundled libtommath. This also restores the previous arguments used + in 2020.81 (-O3 -funroll-loops). That gives a big speedup for RSA + key generation, which regressed in 2022.82. + There is a tradeoff with code size, so -Os can be used if required. + https://github.com/mkj/dropbear/issues/174 + Reported by David Bernard + +- Add '-z' flag to disable setting QoS traffic class. This may be necessary + to work with broken networks or network drivers. + https://github.com/mkj/dropbear/issues/193 + Reported by yuhongwei380, patch from Petr Štetiar + +- Allow overriding user shells with COMPAT_USER_SHELLS + Based on a patch from Matt Robinson + +- Improve permission error message + Patch from k-kurematsu + +2022.82 regression fixes: + +- Fix X11 build + +- Fix build warning + +- Fix compilation when disabling pubkey authentication + Patch from MaxMougg + +- Fix MAX_UNAUTH_CLIENTS regression + Reported by ptpt52 + +- Avoid using slower prime testing in bundled libtomcrypt when DSS is disabled + https://github.com/mkj/dropbear/issues/174 + Suggested by Steffen Jaeckel + +- Fix Dropbear plugin support + https://github.com/mkj/dropbear/issues/194 + Reported by Struan Bartlett + +Other fixes: + +- Fix long standing incorrect compression size check. Dropbear + (client or server) would erroneously exit with + "bad packet, oversized decompressed" + when receiving a compressed packet of exactly the maximum size. + +- Fix missing setsid() removed in 2020.79 + https://github.com/mkj/dropbear/issues/180 + Reported and debugged by m5jt and David Bernard + +- Try keyboard-interactive auth before password, in dbclient. + This was unintentionally changed back in 2013 + https://github.com/mkj/dropbear/pull/190 + Patch from Michele Giacomoli + +- Flush the terminal when reading the fingerprint confirmation response + https://github.com/mkj/dropbear/pull/191 + Patch from Michele Giacomoli + +- Fix utx wtmp variable typo. This has been wrong for a long time but + only recently became a problem when wtmp was detected. + https://github.com/mkj/dropbear/pull/189 + Patch from Michele Giacomoli + +- Improve configure test for hardening options. + Fixes building on AIX + https://github.com/mkj/dropbear/issues/158 + +- Fix debian/dropbear.init newline + From wulei-student + +Infrastructure: + +- Test off-by-default compile options + +- Set -Wundef to catch typos in #if statements + + 2022.82 - 1 April 2022 Features and Changes: