summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMatt Johnston <matt@ucc.asn.au>2015-01-28 22:49:28 +0800
committerMatt Johnston <matt@ucc.asn.au>2015-01-28 22:49:28 +0800
commit9d495ab2b5ab69ebb2cc65cc748a86d19d6be1d7 (patch)
tree601d89e90c39cfa7c53e01b6438945ce920f8717
parent9174de47a9f8dfa817e65bea99fd3ee8b8f85511 (diff)
changes for 2015.67
-rw-r--r--CHANGES29
1 files changed, 29 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 21d42ca..6621e8d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,32 @@
+2015.67 - Wednesday 28 January 2015
+
+- Call fsync() after generating private keys to ensure they aren't lost if a
+ reboot occurs. Thanks to Peter Korsgaard
+
+- Disable non-delayed zlib compression by default on the server. Can be
+ enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
+
+- Default client key path ~/.ssh/id_dropbear
+
+- Prefer stronger algorithms by default, from Fedor Brunner.
+ AES256 over 3DES
+ Diffie-hellman group14 over group1
+
+- Add option to disable CBC ciphers.
+
+- Disable twofish in default options.h
+
+- Enable sha2 HMAC algorithms by default, the code was already required
+ for ECC key exchange. sha1 is the first preference still for performance.
+
+- Fix installing dropbear.8 in a separate build directory, from Like Ma
+
+- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
+
+- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
+
+- Minor bug fixes, a few issues found by Coverity scan
+
2014.66 - Thursday 23 October 2014
- Use the same keepalive handling behaviour as OpenSSH. This will work better