File dropbear.changes of Package dropbear
-------------------------------------------------------------------
Mon Aug 11 08:38:04 UTC 2014 - thardeck@suse.com
- updated to upstream version 2014.65
* Fix 2014.64 regression, server session hang on exit with scp (and probably
others), thanks to NiLuJe for tracking it down
* Fix 2014.64 regression, clock_gettime() error handling which broke on older
Linux kernels, reported by NiLuJe
* Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
wasn't caught
* Avoid error message when trying to set QoS on proxycommand or multihop pipes
* Use /usr/bin/xauth, thanks to Mike Frysinger
* Don't exit the client if the local user entry can't be found, thanks to iquaba
-------------------------------------------------------------------
Mon Jul 28 09:40:02 UTC 2014 - thardeck@suse.com
- removed obsolete gpg soure code verifcation workaround
- added missing systemd entries for dropbear-keygen.service
- updated to upstream version 2014.64
* Fix compiling with ECDSA and DSS disabled
* Don't exit abruptly if too many outgoing packets are queued for writev(). Patch
thanks to Ronny Meeus
* The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval".
If no response is received after 3 keepalives then the session is terminated. This
will close connections faster than waiting for a TCP timeout.
* Rework TCP priority setting. New settings are
if (connecting || ptys || x11) tos = LOWDELAY
else if (tcp_forwards) tos = 0
else tos = BULK
Thanks to Catalin Patulea for the suggestion.
* Improve handling of many concurrent new TCP forwarded connections, should now
be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting
and investigating it.
* Make sure that exit messages from the client are printed, regression in 2013.57
* Use monotonic clock where available, timeouts won't be affected by system time
changes
* Add -V for version
-------------------------------------------------------------------
Thu Feb 20 09:25:00 UTC 2014 - thardeck@suse.com
- fixed automatic tarball verfication
- updated regular init script to also create ECDSA keys
-------------------------------------------------------------------
Wed Feb 19 14:40:50 UTC 2014 - thardeck@suse.com
- update to upstream version 2014.63
* Fix ~. to terminate a client interactive session after waking a laptop
from sleep.
* Changed port separator syntax again, now using host^port. This is because
IPv6 link-local addresses use %. Reported by Gui Iribarren
* Avoid constantly relinking dropbearmulti target, fix "make install"
for multi target, thanks to Mike Frysinger
* Avoid getting stuck in a loop writing huge key files, reported by Bruno
Thomsen
* Don't link dropbearkey or dropbearconvert to libz or libutil,
thanks to Nicolas Boos
* Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos
* Avoid crash on exit due to cleaned up keys before last packets are sent,
debugged by Ronald Wahl
* Fix a race condition in rekeying where Dropbear would exit if it received a
still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
This is a longstanding bug but is triggered more easily since 2013.57
* [...]
- updated service files and activated building of ecdsa keys
- only package the old init service in distributions without systemd
- adapted spec to follow systemd package guidelines
- cleaned up spec file
-------------------------------------------------------------------
Wed Dec 4 13:50:10 UTC 2013 - thardeck@suse.com
- imported upstream version 2013.62
* Disable "interactive" QoS connection options when a connection doesn't
have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
* Log when a hostkey is generated with -R, fix some bugs in handling server
hostkey commandline options
* Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
* Update config.guess and config.sub again
* ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
be generated) and ECDH for setting up encryption keys (no intervention
required). This is significantly faster.
* curve25519-sha256@libssh.org support for setting up encryption keys. This is
another elliptic curve mode with less potential of NSA interference in
algorithm parameters. curve25519-donna code thanks to Adam Langley
* -R option to automatically generate hostkeys. This is recommended for
embedded platforms since it allows the system random number device
/dev/urandom a longer startup time to generate a secure seed before the
hostkey is required.
* Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
* Make authorized_keys handling more robust, don't exit encountering
malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
-------------------------------------------------------------------
Thu Oct 17 08:35:01 UTC 2013 - thardeck@suse.com
- imported upstream version 2013.60
* Fix "make install" so that it doesn't always install to /bin and /sbin
* Fix "make install MULTI=1", installing manpages failed
* Fix "make install" when scp is included since it has no manpage
* Make --disable-bundled-libtom work
- used as bug fix release for bnc#845306 - VUL-0: CVE-2013-4421
-------------------------------------------------------------------
Thu Oct 10 07:29:00 UTC 2013 - thardeck@suse.com
- provided links for download sources
- employed gpg-offline - verify sources
-------------------------------------------------------------------
Mon Oct 7 08:10:32 UTC 2013 - thardeck@suse.com
- imported upstream version 2013.59
* Fix crash from -J command
Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches
* Avoid reading too much from /proc/net/rt_cache since that causes
system slowness.
* Improve EOF handling for half-closed connections
Thanks to Catalin Patulea
* Send a banner message to report PAM error messages intended for the user
Patch from Martin Donnelly
* Limit the size of decompressed payloads, avoids memory exhaustion denial
of service
Thanks to Logan Lamb for reporting and investigating it
* Avoid disclosing existence of valid users through inconsistent delays
Thanks to Logan Lamb for reporting
* Update config.guess and config.sub for newer architectures
* Avoid segfault in server for locked accounts
* "make install" now installs manpages
dropbearkey.8 has been renamed to dropbearkey.1
manpage added for dropbearconvert
* Get rid of one second delay when running non-interactive commands
-------------------------------------------------------------------
Sat Apr 20 18:49:38 UTC 2013 - thardeck@suse.com
- reverted init file installation on 12.3
-------------------------------------------------------------------
Fri Apr 19 08:26:17 UTC 2013 - thardeck@suse.com
- imported upstream version 2013.58
* Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
* Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
* Reject logins for other users when running as non-root, from Hans Harder
* Disable client immediate authentication request by default, it prevents passwordless logins from working
-------------------------------------------------------------------
Fri Mar 22 08:48:43 UTC 2013 - thardeck@suse.com
- imported upstream version 2013.56
* Allow specifying cipher (-c) and MAC (-m) lists for dbclient
* Allow using 'none' cipher or MAC (off by default, use options.h). Encryption
is used during authentication then disabled, similar to OpenSSH HPN mode
* Allow a user in immediately if the account has a blank password and blank
passwords are enabled
* Include a few extra sources of entropy from /proc on Linux, hash private keys
as well. Dropbear will also write gathered entropy back into /dev/urandom
* Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)
* Don't sent bad address "localhost" for -R forward connections,
reported by Denis Bider
* Add "-B" runtime option to allow blank passwords
* Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks
* A few improvements for Android from Reimar Döffinger
* Fix memory leak for TCP forwarded connections to hosts that timed out,
reported by Norbert Benczúr. Appears to be a very long-standing bug.
* Fix "make clean" for out of tree builds
* Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset
-------------------------------------------------------------------
Thu Aug 2 11:13:49 UTC 2012 - thardeck@suse.com
- removed PAM dependency since Dropbear should be usable in initrd and PAM wasn't used without an additional patch anyway https://wiki.yoctoproject.org/wiki/PAM_Integration#dropbear
-------------------------------------------------------------------
Mon Jul 9 20:11:26 UTC 2012 - thardeck@suse.com
- fixed typo in service file
-------------------------------------------------------------------
Sat Jun 30 11:49:10 UTC 2012 - thardeck@suse.com
- added systemd service files for 12.1 and later
- cleaned up sysconfig and rcdropbear files
-------------------------------------------------------------------
Tue Jun 19 12:42:00 UTC 2012 - thardeck@suse.com
- added init daemon with key generation option
- added sysconfig file with default configuration
-------------------------------------------------------------------
Fri Jun 15 09:45:36 UTC 2012 - thardeck@suse.com
- updated spec file - changed the group
-------------------------------------------------------------------
Wed Jun 13 11:50:22 UTC 2012 - thardeck@suse.com
- initial version 2012.55
