summaryrefslogtreecommitdiff
path: root/CHANGES
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2022-04-01 14:43:27 +0800
committerMatt Johnston <matt@ucc.asn.au>2022-04-01 14:43:27 +0800
commitb8669b063bd2fc1906a13fb4b50c8b4697bf49ce (patch)
tree2119aba11277b3e2e64103d070413510231ea1d4 /CHANGES
parentc6e2d50310d6f62183cb0c364ca02a7729d1dbab (diff)
downloaddropbear-b8669b063bd2fc1906a13fb4b50c8b4697bf49ce.tar.gz
Bump version to 2022.82DROPBEAR_2022.82
Diffstat (limited to 'CHANGES')
-rw-r--r--CHANGES35
1 files changed, 22 insertions, 13 deletions
diff --git a/CHANGES b/CHANGES
index 2094a4c..7c2f85c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,21 +1,23 @@
-Future Release
+2022.82 - 1 April 2022
+
Features and Changes:
+ Note >> for compatibility/configuration changes
-- Implement OpenSSH format private key handling for dropbearconvert.
- Keys can be read in OpenSSH format or the old PEM format, they will be
- written in OpenSSH format. (DSS has not been implemented).
- ED25519 support is now correct.
+- Implemented OpenSSH format private key handling for dropbearconvert.
+ Keys can be read in OpenSSH format or the old PEM format.
+ >> Keys are now written in OpenSSH format rather than PEM.
+ ED25519 support is now correct. DSS keys are still PEM format.
- Use SHA256 for key fingerprints
-- Reworked -v verbose printing, specifying multiple times will increase
+- >> Reworked -v verbose printing, specifying multiple times will increase
verbosity. -vvvv is equivalent to the old DEBUG_TRACE -v level, it
can be configured at compile time in localoptions.h (see default_options.h)
Lower -v options can be used to check connection progress or algorithm
negotiation.
Thanks to Hans Harder for the implementation
- > > localoptions.h DEBUG_TRACE should be set to 4 for the same result as the
+ localoptions.h DEBUG_TRACE should be set to 4 for the same result as the
previous DEBUG_TRACE 1.
- Added server support for U2F/FIDO keys (ecdsa-sk and ed25519-sk) in
@@ -23,7 +25,7 @@ Features and Changes:
Thanks to Egor Duda for the implementation
- autoconf output (configure script etc) is now committed to version control.
- It isn't necessary to run "autoconf" any more on a checkout.
+ >> It isn't necessary to run "autoconf" any more on a checkout.
- sha1 will be omitted from the build if KEX/signing/MAC algorithms don't
require it. Instead sha256 is used for random number generation.
@@ -34,12 +36,15 @@ Features and Changes:
(must only have characters a-z A-Z 0-9 .,_-+@)
Patch from Hans Harder, modified by Matt Johnston
+- Let dbclient multihop mode be used with '-J'.
+ Patch from Hans Harder
+
- Allow home-directory relative paths ~/path for various settings
and command line options.
*_PRIV_FILENAME DROPBEAR_PIDFILE SFTPSERVER_PATH MOTD_FILENAME
Thanks to Begley Brothers Inc
- > > The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs
+ >> The default DROPBEAR_DEFAULT_CLI_AUTHKEY has now changed, it now needs
a tilde prefix.
- LANG environment variable is carried over from the Dropbear server process
@@ -50,7 +55,7 @@ Features and Changes:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903403
- Added client option "-o DisableTrivialAuth". This can be used to prevent
- the server immediately allowing successful authentication (before any auth
+ the server immediately accepting successful authentication (before any auth
request) which could cause UI confusion and security issues with agent
forwarding - it isn't clear which host is prompting to use a key.
Thanks to Manfred Kaiser from Austrian MilCERT
@@ -61,14 +66,14 @@ Features and Changes:
This should be used with caution.
Patch from Roland Vollgraf (github #118)
-- Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to
+- >> Use DSCP for QoS traffic classes. Priority (tty) traffic is now set to
AF21 "interactive". Previously TOS classes were used, they are not used by
modern traffic classifiers. Non-tty traffic is left at default priority.
-- Disable dh-group1 key exchange by default. It has been disabled server
+- >> Disable dh-group1 key exchange by default. It has been disabled server
side by default since 2018.
-- Removed Twofish cipher
+- >> Removed Twofish cipher
Fixes:
@@ -86,6 +91,9 @@ Fixes:
- A missing home directory is now non-fatal, starting in / instead
+- Fixed IPv6 [address]:port parsing for dbclient -b
+ Reported by Fabio Molinari
+
- Improve error logging so that they are logged on the server rather than being
sent to the client over the connection
@@ -107,6 +115,7 @@ Infrastructure:
- Improvements to fuzzers. Added post-auth fuzzer, and a mutator that can
handle the structure of SSH packet streams. Added cifuzz to run on commits
and pull requests.
+ Thanks to OSS-Fuzz for the tools/clusters and reward funding.
- Dropbear source tarballs generated by release.sh are now reproducible from a
Git or Mercurial checkout, they will be identical on any system. Tested