diff options
| author | Matt Johnston <matt@ucc.asn.au> | 2015-08-08 20:35:28 +0800 |
|---|---|---|
| committer | Matt Johnston <matt@ucc.asn.au> | 2015-08-08 20:35:28 +0800 |
| commit | 84e18f72ae13c7227c7660a5e7812ac8ffa22c48 (patch) | |
| tree | ede3490648698d201ab8d332e9cbe6fe05c84712 | |
| parent | 633b98ef2876f573321d4a72e81c7fca44321299 (diff) | |
changelog and version 2015.68
| -rw-r--r-- | CHANGES | 35 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | sysoptions.h | 2 |
3 files changed, 30 insertions, 13 deletions
@@ -1,23 +1,31 @@ -- Improve efficiency of writing data to local program/pipes, measured 30% increase +2015.68 - Saturday 8 August 2015 + +- Reduce local data copying for improved efficiency. Measured 30% increase in throughput for connections to localhost -- Use TCP Fast Open on Linux if available. saves a round trip at connection +- Forwarded TCP ports connect asynchronously and try all available addresses + (IPv4, IPv6, round robin DNS) + +- Fix all compile warnings, many patches from Gaël Portay + Note that configure with -Werror may not be successful on some platforms (OS X) + and some configuration options may still result in unused variable + warnings. + +- Use TCP Fast Open on Linux if available. Saves a round trip at connection to hosts that have previously been connected. Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3" Client side is disabled by default pending further compatibility testing with networks and systems. -- Forwarded TCP ports connect asynchronously and retry with other available - addresses (IPv4 versus IPv6, round robin IPs) +- Increase maximum command length to 9000 bytes - Free memory before exiting, patch from Thorsten Horstmann. Useful for Dropbear ports to embedded systems and for checking memory leaks - with valgrind. Only partially implemented for client side. + with valgrind. Only partially implemented for dbclient. + This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h -- Fix all compile warnings, patch from Gaël Portay - (note that configure with -Werror may not be successful on some platforms - such as OS X and some configuration options may result in unused variable - warnings) +- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless + there is a leading slash (~ isn't treated specially) - Fix small ECC memory leaks @@ -29,10 +37,13 @@ - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks to CL Ouyang -- Increase maximum command size to 9000 bytes +- Fix null pointer crash with restrictions in authorized_keys without a command, patch from + Guilhem Moulin -- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless - there is a leading slash (~ isn't treated specially) +- Ensure authentication timeout is handled while reading the initial banner, + thanks to CL Ouyang for finding it. + +- Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz 2015.67 - Wednesday 28 January 2015 diff --git a/debian/changelog b/debian/changelog index 12484cc..5ab39e6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +dropbear (2015.68-0.1) unstable; urgency=low + + * New upstream release. + + -- Matt Johnston <matt@ucc.asn.au> Sat, 8 Aug 2015 22:52:58 +0800 + dropbear (2015.67-0.1) unstable; urgency=low * New upstream release. diff --git a/sysoptions.h b/sysoptions.h index 731232d..d6f1a1f 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -4,7 +4,7 @@ *******************************************************************/ #ifndef DROPBEAR_VERSION -#define DROPBEAR_VERSION "2015.67" +#define DROPBEAR_VERSION "2015.68" #endif #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION |