1 2016.73 - 18 March 2016
3 - Support syslog in dbclient, option -o usesyslog=yes. Patch from Konstantin Tokarev
5 - Kill a proxycommand when dbclient exits, patch from Konstantin Tokarev
7 - Option to exit when a TCP forward fails, patch from Konstantin Tokarev
9 - New "-o" option parsing from Konstantin Tokarev. This allows handling some extra options
10 in the style of OpenSSH, though implementing all OpenSSH options is not planned.
12 - Fix crash when fallback initshells() is used, reported by Michael Nowak and Mike Tzou
14 - Allow specifying commands eg "dropbearmulti dbclient ..." instead of symlinks
16 - Various cleanups for issues found by a lint tool, patch from Francois Perrad
18 - Fix tab indent consistency, patch from Francois Perrad
20 - Fix issues found by cppcheck, reported by Mike Tzou
22 - Use system memset_s() or explicit_bzero() if available to clear memory. Also make
23 libtomcrypt/libtommath routines use that (or Dropbear's own m_burn()).
25 - Prevent scp failing when the local user doesn't exist. Based on patch from Michael Witten.
27 - Improved Travis CI test running, thanks to Mike Tzou
29 - Improve some code that was flagged by Coverity and Fortify Static Code Analyzer
31 2016.72 - 9 March 2016
33 - Validate X11 forwarding input. Could allow bypass of authorized_keys command= restrictions,
34 found by github.com/tintinweb. Thanks for Damien Miller for a patch. CVE-2016-3116
36 2015.71 - 3 December 2015
38 - Fix "bad buf_incrpos" when data is transferred, broke in 2015.69
40 - Fix crash on exit when -p address:port is used, broke in 2015.68, thanks to
41 Frank Stollenwerk for reporting and investigation
43 - Fix building with only ENABLE_CLI_REMOTETCPFWD given, patch from Konstantin Tokarev
45 - Fix bad configure script test which didn't work with dash shell, patch from Juergen Daubert,
48 - Fix server race condition that could cause sessions to hang on exit,
49 https://github.com/robotframework/SSHLibrary/issues/128
51 2015.70 - 26 November 2015
53 - Fix server password authentication on Linux, broke in 2015.69
55 2015.69 - 25 November 2015
57 - Fix crash when forwarded TCP connections fail to connect (bug introduced in 2015.68)
59 - Avoid hang on session close when multiple sessions are started, affects Qt Creator
60 Patch from Andrzej Szombierski
62 - Reduce per-channel memory consumption in common case, increase default
63 channel limit from 100 to 1000 which should improve SOCKS forwarding for modern
66 - Handle multiple command line arguments in a single flag, thanks to Guilhem Moulin
68 - Manpage improvements from Guilhem Moulin
70 - Build fixes for Android from Mike Frysinger
72 - Don't display the MOTD when an explicit command is run from Guilhem Moulin
74 - Check curve25519 shared secret isn't zero
76 2015.68 - Saturday 8 August 2015
78 - Reduce local data copying for improved efficiency. Measured 30%
79 increase in throughput for connections to localhost
81 - Forwarded TCP ports connect asynchronously and try all available addresses
82 (IPv4, IPv6, round robin DNS)
84 - Fix all compile warnings, many patches from Gaël Portay
85 Note that configure with -Werror may not be successful on some platforms (OS X)
86 and some configuration options may still result in unused variable
89 - Use TCP Fast Open on Linux if available. Saves a round trip at connection
90 to hosts that have previously been connected.
91 Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
92 Client side is disabled by default pending further compatibility testing
93 with networks and systems.
95 - Increase maximum command length to 9000 bytes
97 - Free memory before exiting, patch from Thorsten Horstmann. Useful for
98 Dropbear ports to embedded systems and for checking memory leaks
99 with valgrind. Only partially implemented for dbclient.
100 This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
102 - DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
103 there is a leading slash (~ isn't treated specially)
105 - Fix small ECC memory leaks
107 - Tighten validation of Diffie-Hellman parameters, from Florent Daigniere of
108 Matta Consulting. Odds of bad values are around 2**-512 -- improbable.
110 - Twofish-ctr cipher is supported though disabled by default
112 - Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
115 - Fix null pointer crash with restrictions in authorized_keys without a command, patch from
118 - Ensure authentication timeout is handled while reading the initial banner,
119 thanks to CL Ouyang for finding it.
121 - Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
123 2015.67 - Wednesday 28 January 2015
125 - Call fsync() after generating private keys to ensure they aren't lost if a
126 reboot occurs. Thanks to Peter Korsgaard
128 - Disable non-delayed zlib compression by default on the server. Can be
129 enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB
131 - Default client key path ~/.ssh/id_dropbear
133 - Prefer stronger algorithms by default, from Fedor Brunner.
135 Diffie-hellman group14 over group1
137 - Add option to disable CBC ciphers.
139 - Disable twofish in default options.h
141 - Enable sha2 HMAC algorithms by default, the code was already required
142 for ECC key exchange. sha1 is the first preference still for performance.
144 - Fix installing dropbear.8 in a separate build directory, from Like Ma
146 - Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe
148 - Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea
150 - Minor bug fixes, a few issues found by Coverity scan
152 2014.66 - Thursday 23 October 2014
154 - Use the same keepalive handling behaviour as OpenSSH. This will work better
155 with some SSH implementations that have different behaviour with unknown
158 - Don't reply with SSH_MSG_UNIMPLEMENTED when we receive a reply to our own
161 - Set $SSH_CLIENT to keep bash happy, patch from Ryan Cleere
163 - Fix wtmp which broke since 2013.62, patch from Whoopie
165 2014.65 - Friday 8 August 2014
167 - Fix 2014.64 regression, server session hang on exit with scp (and probably
168 others), thanks to NiLuJe for tracking it down
170 - Fix 2014.64 regression, clock_gettime() error handling which broke on older
171 Linux kernels, reported by NiLuJe
173 - Fix 2014.64 regression, writev() could occassionally fail with EAGAIN which
176 - Avoid error message when trying to set QoS on proxycommand or multihop pipes
178 - Use /usr/bin/xauth, thanks to Mike Frysinger
180 - Don't exit the client if the local user entry can't be found, thanks to iquaba
182 2014.64 - Sunday 27 July 2014
184 - Fix compiling with ECDSA and DSS disabled
186 - Don't exit abruptly if too many outgoing packets are queued for writev(). Patch
187 thanks to Ronny Meeus
189 - The -K keepalive option now behaves more like OpenSSH's "ServerAliveInterval".
190 If no response is received after 3 keepalives then the session is terminated. This
191 will close connections faster than waiting for a TCP timeout.
193 - Rework TCP priority setting. New settings are
194 if (connecting || ptys || x11) tos = LOWDELAY
195 else if (tcp_forwards) tos = 0
197 Thanks to Catalin Patulea for the suggestion.
199 - Improve handling of many concurrent new TCP forwarded connections, should now
200 be able to handle as many as MAX_CHANNELS. Thanks to Eduardo Silva for reporting
201 and investigating it.
203 - Make sure that exit messages from the client are printed, regression in 2013.57
205 - Use monotonic clock where available, timeouts won't be affected by system time
210 2014.63 - Wednesday 19 February 2014
212 - Fix ~. to terminate a client interactive session after waking a laptop
215 - Changed port separator syntax again, now using host^port. This is because
216 IPv6 link-local addresses use %. Reported by Gui Iribarren
218 - Avoid constantly relinking dropbearmulti target, fix "make install"
219 for multi target, thanks to Mike Frysinger
221 - Avoid getting stuck in a loop writing huge key files, reported by Bruno
224 - Don't link dropbearkey or dropbearconvert to libz or libutil,
225 thanks to Nicolas Boos
227 - Fix linking -lcrypt on systems without /usr/lib, thanks to Nicolas Boos
229 - Avoid crash on exit due to cleaned up keys before last packets are sent,
230 debugged by Ronald Wahl
232 - Fix a race condition in rekeying where Dropbear would exit if it received a
233 still-in-flight packet after initiating rekeying. Reported by Oliver Metz.
234 This is a longstanding bug but is triggered more easily since 2013.57
236 - Fix README for ecdsa keys, from Catalin Patulea
238 - Ensure that generated RSA keys are always exactly the length
239 requested. Previously Dropbear always generated N+16 or N+15 bit keys.
242 - Fix DROPBEAR_CLI_IMMEDIATE_AUTH mode which saves a network round trip if the
243 first public key succeeds. Still not enabled by default, needs more
244 compatibility testing with other implementations.
246 - Fix for port 0 forwarding in the client and port forwarding with Apache MINA SSHD. Thanks to
248 - Fix for bad system linux/pkt-sched.h header file with older Linux
249 kernels, from Steve Dover
251 - Fix signal handlers so that errno is saved, thanks to Erik Ahlén for a patch
252 and Mark Wickham for independently spotting the same problem.
254 2013.62 - Tuesday 3 December 2013
256 - Disable "interactive" QoS connection options when a connection doesn't
257 have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
259 - Log when a hostkey is generated with -R, fix some bugs in handling server
260 hostkey commandline options
262 - Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
264 - Update config.guess and config.sub again
266 2013.61test - Thursday 14 November 2013
268 - ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
269 be generated) and ECDH for setting up encryption keys (no intervention
270 required). This is significantly faster.
272 - curve25519-sha256@libssh.org support for setting up encryption keys. This is
273 another elliptic curve mode with less potential of NSA interference in
274 algorithm parameters. curve25519-donna code thanks to Adam Langley
276 - -R option to automatically generate hostkeys. This is recommended for
277 embedded platforms since it allows the system random number device
278 /dev/urandom a longer startup time to generate a secure seed before the
281 - Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
283 - Make authorized_keys handling more robust, don't exit encountering
284 malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
286 2013.60 - Wednesday 16 October 2013
288 - Fix "make install" so that it doesn't always install to /bin and /sbin
290 - Fix "make install MULTI=1", installing manpages failed
292 - Fix "make install" when scp is included since it has no manpage
294 - Make --disable-bundled-libtom work
296 2013.59 - Friday 4 October 2013
298 - Fix crash from -J command
299 Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches
301 - Avoid reading too much from /proc/net/rt_cache since that causes
304 - Improve EOF handling for half-closed connections
305 Thanks to Catalin Patulea
307 - Send a banner message to report PAM error messages intended for the user
308 Patch from Martin Donnelly
310 - Limit the size of decompressed payloads, avoids memory exhaustion denial
312 Thanks to Logan Lamb for reporting and investigating it. CVE-2013-4421
314 - Avoid disclosing existence of valid users through inconsistent delays
315 Thanks to Logan Lamb for reporting. CVE-2013-4434
317 - Update config.guess and config.sub for newer architectures
319 - Avoid segfault in server for locked accounts
321 - "make install" now installs manpages
322 dropbearkey.8 has been renamed to dropbearkey.1
323 manpage added for dropbearconvert
325 - Get rid of one second delay when running non-interactive commands
328 2013.58 - Thursday 18 April 2013
330 - Fix building with Zlib disabled, thanks to Hans Harder and cuma@freetz
332 - Use % as a separator for ports, fixes scp in multihop mode, from Hans Harder
334 - Reject logins for other users when running as non-root, from Hans Harder
336 - Disable client immediate authentication request by default, it prevents
337 passwordless logins from working
339 2013.57 - Monday 15 April 2013
341 - Decreased connection setup time particularly with high latency connections,
342 the number of round trips has been reduced for both client and server.
343 CPU time hasn't been changed.
345 - Client will send an initial key exchange guess to save a round trip.
346 Dropbear implements an extension kexguess2@matt.ucc.asn.au to allow the first
347 packet guess to succeed in wider circumstances than the standard behaviour.
348 When communicating with other implementations the standard behaviour is used.
350 - Client side: when public key or password authentication with
351 $DROPBEAR_PASSWORD is used an initial authentication request will
352 be sent immediately rather than querying the list of available methods.
353 This behaviour is enabled by CLI_IMMEDIATE_AUTH option (on by default),
354 please let the Dropbear author know if it causes any interoperability
357 - Implement client escape characters ~. (terminate session) and
358 ~^Z (background session)
360 - Server will more reliably clean up utmp when connection is closed, reported by
363 - Don't crash if /dev/urandom isn't writable (RHEL5), thanks to Scott Case
365 - Add "-y -y" client option to skip host key checking, thanks to Hans Harder
367 - scp didn't work properly on systems using vfork(), thanks to Frank Van Uffelen
369 - Added IUTF8 terminal mode support (Linux and Mac OS). Not standardised yet
370 though probably will be soon
372 - Some verbose DROPBEAR_TRACE output is now hidden unless $DROPBEAR_TRACE2
373 enviroment variable is set
375 - Fix using asymmetric MAC algorithms (broke in )
377 - Renamed configure.in to configure.ac to quieten autoconf, from Mike Frysinger
379 2013.56 - Thursday 21 March 2013
381 - Allow specifying cipher (-c) and MAC (-m) lists for dbclient
383 - Allow using 'none' cipher or MAC (off by default, use options.h). Encryption
384 is used during authentication then disabled, similar to OpenSSH HPN mode
386 - Allow a user in immediately if the account has a blank password and blank
387 passwords are enabled
389 - Include a few extra sources of entropy from /proc on Linux, hash private keys
390 as well. Dropbear will also write gathered entropy back into /dev/urandom
392 - Added hmac-sha2-256 and hmac-sha2-512 support (off by default, use options.h)
394 - Don't sent bad address "localhost" for -R forward connections,
395 reported by Denis Bider
397 - Add "-B" runtime option to allow blank passwords
399 - Allow using IPv6 bracket notation for addresses in server "-p" option, from Ben Jencks
401 - A few improvements for Android from Reimar Döffinger
403 - Fix memory leak for TCP forwarded connections to hosts that timed out,
404 reported by Norbert Benczúr. Appears to be a very long-standing bug.
406 - Fix "make clean" for out of tree builds
408 - Fix compilation when ENABLE_{SVR,CLI}_AGENTFWD are unset
410 2012.55 - Wednesday 22 February 2012
412 - Security: Fix use-after-free bug that could be triggered if command="..."
413 authorized_keys restrictions are used. Could allow arbitrary code execution
414 or bypass of the command="..." restriction to an authenticated user.
415 This bug affects releases 0.52 onwards. Ref CVE-2012-0920.
416 Thanks to Danny Fullerton of Mantor Organization for reporting
419 - Compile fix, only apply IPV6 socket options if they are available in headers
420 Thanks to Gustavo Zacarias for the patch
422 - Overwrite session key memory on exit
424 - Fix minor memory leak in unusual PAM authentication configurations.
425 Thanks to Stathis Voukelatos
427 - Other small code cleanups
429 2011.54 - Tuesday 8 November 2011
431 - Building statically works again, broke in 0.53 and 0.53.1
433 - Fix crash when forwarding with -R
435 - Fixed various leaks found by Klocwork analysis software, thanks to them for
438 - Set IPTOS_LOWDELAY for IPv6, thanks to Dave Taht
440 - Bind to sockets with IPV6_V6ONLY so that it works properly on systems
441 regardless of the system-wide setting
443 - Added ALLOW_BLANK_PASSWORD option. Dropbear also now allows public key logins
444 to accounts with a blank password. Thanks to Rob Landley
446 - Fixed case where "-K 1" keepalive for dbclient would cause a SSH_MSG_IGNORE
449 - Avoid some memory allocations in big number maths routines, improves
452 - Fix symlink target for installdropbearmulti with DESTDIR set, thanks to
455 - When requesting server allocated remote ports (-R 0:host:port) print a
456 message informing what the port is, thanks to Ali Onur Uyar.
458 - New version numbering scheme.
460 Source repository has now migrated to Mercurial at
461 https://secure.ucc.asn.au/hg/dropbear/graph/default
463 0.53.1 - Wednesday 2 March 2011
465 - -lcrypt needs to be before object files for static linking
467 - Compile fix when both client and agent forwarding are disabled
469 - Fix DROPBEAR_PRNGD_SOCKET mode
471 - Don't allow setting zlib memLevel since it seems buggy
473 0.53 - Thurs 24 February 2011
475 - Various performance/memory use improvements
477 - Client agent forwarding now works, using OpenSSH's ssh-agent
479 - Improve robustness of client multihop mode
481 - Fix a prime generation bug in bundled libtommath. This is unlikely to have
482 generated any bad keys in the wild.
484 https://bugzilla.redhat.com/show_bug.cgi?id=615088
485 http://bugs.gentoo.org/show_bug.cgi?id=328383
486 http://bugs.gentoo.org/show_bug.cgi?id=328409
488 - Attempt to build against system libtomcrypt/libtommath if available. This
489 can be disabled with ./configure --enable-bundled-libtom
491 - Make -K (keepalive) and -I (idle timeout) work together sensibly in the client.
492 The idle timeout is no longer reset by SSH_MSG_IGNORE packets.
494 - Add diffie-hellman-group14-sha1 key exchange method
496 - Compile fix if ENABLE_CLI_PROXYCMD is disabled
498 - /usr/bin/X11/xauth is now the default path
500 - Client remote forward (-L/-R) arguments now accept a listen address
502 - In uClinux avoid trashing the parent process when a session exits
504 - Blowfish is now disabled by default since it has large memory usage
506 - Add option to change zlib windowbits/memlevel. Use less memory by default
508 - DROPBEAR_SMALL_CODE is now disabled by default
510 - SSH_ORIGINAL_COMMAND environment variable is set by the server when an
511 authorized_keys command is specified.
513 - Set SSH_TTY and SSH_CONNECTION environment variables in the server
515 - Client banner is now printed to standard error rather than standard output
517 - Capitalisation in many log messages has been made consistent. This may affect
518 scripts that parse logfiles.
520 0.52 - Wed 12 November 2008
522 - Add "netcat-alike" option (-B) to dbclient, allowing Dropbear to tunnel
523 standard input/output to a TCP port-forwarded remote host.
525 - Add "proxy command" support to dbclient, to allow using a spawned process for
526 IO rather than a direct TCP connection. eg
529 dbclient -J 'nc remotehost 22' remotehost
530 (the hostname is still provided purely for looking up saved host keys)
532 - Combine netcat-alike and proxy support to allow "multihop" connections, with
533 comma-separated host syntax. Allows running
535 dbclient user1@host1,user2@host2,user3@host3
537 to end up at host3 via the other two, using SSH TCP forwarding. It's a bit
538 like onion-routing. All connections are established from the local machine.
539 The comma-separated syntax can also be used for scp/rsync, eg
541 rsync -a -e dbclient m@gateway,m2@host,martello:/home/matt/ ~/backup/
543 to bounce through a few hosts.
545 - Add -I "idle timeout" option (contributed by Farrell Aultman)
547 - Allow restrictions on authorized_keys logins such as restricting commands
548 to be run etc. This is a subset of those allowed by OpenSSH, doesn't
549 yet allow restricting source host.
551 - Use vfork() for scp on uClinux
553 - Default to PATH=/usr/bin:/bin for shells.
555 - Report errors if -R forwarding fails
557 - Add counter mode cipher support, which avoids some security problems with the
560 - Support zlib@openssh.com delayed compression for client/server. It can be
561 required for the Dropbear server with the '-Z' option. This is useful for
562 security as it avoids exposing the server to attacks on zlib by
563 unauthenticated remote users, though requires client side support.
565 - options.h has been split into options.h (user-changable) and sysoptions.h
566 (less commonly changed)
568 - Support "dbclient -s sftp" to specify a subsystem
570 - Fix a bug in replies to channel requests that could be triggered by recent
573 0.51 - Thu 27 March 2008
575 - Make a copy of password fields rather erroneously relying on getwpnam()
576 to be safe to call multiple times
578 - If $SSH_ASKPASS_ALWAYS environment variable is set (and $SSH_ASKPASS is
579 as well) always use that program, ignoring isatty() and $DISPLAY
581 - Wait until a process exits before the server closes a connection, so
582 that an exit code can be sent. This fixes problems with exit codes not
583 being returned, which could cause scp to fail.
585 0.50 - Wed 8 August 2007
587 - Add DROPBEAR_PASSWORD environment variable to specify a dbclient password
589 - Use /dev/urandom by default, since that's what everyone does anyway
591 - Correct vfork() use for uClinux in scp
592 (thanks to Alex Landau)
594 - Exit with an exit code of 1 if dropbear can't bind to any ports
595 (thanks to Nicolai Ehemann)
597 - Improve network performance and add a -W <receive_window> argument for
598 adjusting the tradeoff between network performance and memory consumption.
600 - Fix a problem where reply packets could be sent during key exchange,
601 in violation of the SSH spec. This could manifest itself with connections
602 being terminated after 8 hours with new TCP-forward connections being
605 - Add -K <keepalive_time> argument, ensuring that data is transmitted
606 over the connection at least every N seconds.
608 - dropbearkey will no longer generate DSS keys of sizes other than 1024
609 bits, as required by the DSS specification. (Other sizes are still
610 accepted for use to provide backwards compatibility).
612 0.49 - Fri 23 February 2007
614 - Security: dbclient previously would prompt to confirm a
615 mismatching hostkey but wouldn't warn loudly. It will now
616 exit upon a mismatch. CVE-2007-1099
618 - Compile fixes, make sure that all variable definitions are at the start
621 - Added -P pidfile argument to the server (from Swen Schillig)
623 - Add -N dbclient option for "no command"
625 - Add -f dbclient option for "background after auth"
627 - Add ability to limit binding to particular addresses, use
628 -p [address:]port, patch from Max-Gerd Retzlaff.
630 - Try to finally fix ss_family compilation problems (for old
633 - Fix finding relative-path server hostkeys when running daemonized
635 - Use $HOME in preference to that from /etc/passwd, so that
636 dbclient can still work on broken systems.
638 - Fix various issues found by Klocwork defect analysis, mostly memory leaks
639 and error-handling. Thanks to Klocwork for their service.
641 - Improve building in a separate directory
643 - Add compile-time LOG_COMMANDS option to log user commands
645 - Add '-y' flag to dbclient to unconditionally accept host keys,
646 patch from Luciano Miguel Ferreira Rocha
648 - Return immediately for "sleep 10 & echo foo", rather than waiting
649 for the sleep to return (pointed out by Rob Landley).
651 - Avoid hanging after exit in certain cases (such as scp)
653 - Various minor fixes, in particular various leaks reported by
656 - Disable core dumps on startup
658 - Don't erase over every single buffer, since it was a bottleneck.
659 On systems where it really matters, encrypted swap should be utilised.
661 - Read /dev/[u]random only once at startup to conserve kernel entropy
663 - Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40
665 - Upgrade config.status and config.guess
667 0.48.1 - Sat 11 March 2006
669 - Compile fix for scp
671 0.48 - Thurs 9 March 2006
673 - Check that the circular buffer is properly empty before
674 closing a channel, which could cause truncated transfers
675 (thanks to Tomas Vanek for helping track it down)
677 - Implement per-IP pre-authentication connection limits
678 (after some poking from Pablo Fernandez) CVE-2006-1206
680 - Exit gracefully if trying to connect to as SSH v1 server
681 (reported by Rushi Lala)
683 - Only read /dev/random once at startup when in non-inetd mode
685 - Allow ctrl-c to close a dbclient password prompt (may
686 still have to press enter on some platforms)
688 - Merged in uClinux patch for inetd mode
690 - Updated to scp from OpenSSH 4.3p2 - fixes a security issue
691 where use of system() could cause users to execute arbitrary
692 code through malformed filenames, ref CVE-2006-0225
694 0.47 - Thurs Dec 8 2005
696 - SECURITY: fix for buffer allocation error in server code, could potentially
697 allow authenticated users to gain elevated privileges. All multi-user systems
698 running the server should upgrade (or apply the patch available on the
699 Dropbear webpage). CVE-2005-4178
701 - Fix channel handling code so that redirecting to /dev/null doesn't use
704 - Turn on zlib compression for dbclient.
706 - Set "low delay" TOS bit, can significantly improve interactivity
709 - Added client keyboard-interactive mode support, allows operation with
710 newer OpenSSH servers in default config.
712 - Log when pubkey auth fails because of bad ~/.ssh/authorized_keys permissions
714 - Improve logging of assertions
716 - Added aes-256 cipher and sha1-96 hmac.
718 - Fix twofish so that it actually works.
720 - Improve PAM prompt comparison.
722 - Added -g (dbclient) and -a (dropbear server) options to allow
723 connections to listening forwarded ports from remote machines.
725 - Various other minor fixes
727 - Compile fixes for glibc 2.1 (ss_family vs __ss_family) and NetBSD
728 (netinet/in_systm.h needs to be included).
730 0.46 - Sat July 9 2005
732 - Fix long-standing bug which caused connections to be closed if an ssh-agent
733 socket was no longer available
735 - Print a warning if we seem to be blocking on /dev/random
736 (suggested by Paul Fox)
738 - Fixed a memory leak in DSS code (thanks to Boris Berezovsky for the patch)
740 - dbclient -L no longer segfaults, allocate correct buffer size (thanks
741 to David Cook for reporting it, and Christopher Faylor for independently
744 - Added RSA blinding to signing code (suggested by Dan Kaminsky)
746 - Rearranged bignum reading/random generation code
748 - Reset the non-blocking status on stderr and stdout as well as stdin,
749 fixes a problem where the shell running dbclient will exit (thanks to
750 Brent Roman for reporting it)
752 - Fix so that all file descriptors are closed so the child shell doesn't
753 inherit descriptors (thanks to Linden May for the patch)
755 - Change signkey.c to avoid gcc 4 generating incorrect code
757 - After both sides of a file descriptor have been shutdown(), close()
758 it to avoid leaking descriptors (thanks to Ari Hyttinen for a patch)
760 - Update to LibTomCrypt 1.05 and LibTomMath 0.35
762 0.45 - Mon March 7 2005
764 - Makefile no longer appends 'static' to statically linked binaries
766 - Add optional SSH_ASKPASS support to the client
768 - Respect HOST_LOOKUP option
770 - Fix accidentally removed "return;" statement which was removed in 0.44
771 (causing clients which sent an empty terminal-modes string to fail to
772 connect - including pssh, ssh.com, danger hiptop). (patches
773 independently from Paul Fox, David Horwitt and Sven-Ola Tuecke)
775 - Read "y/n" response for fingerprints from /dev/tty directly so that dbclient
778 0.44 - Mon Jan 3 2005
780 - SECURITY: Fix for PAM auth so that usernames are logged and conversation
781 function responses are allocated correctly - all 0.44test4 users with PAM
782 compiled in (not default) are advised to upgrade.
784 - Fix calls to getnameinfo() for compatibility with Solaris
786 - Pristine compilation works (run 'configure' from a fresh dir and make it
789 - Fixes for compiling with most options disabled.
791 - Upgraded to LibTomCrypt 0.99 and LibTomMath 0.32
793 - Make sure that zeroing out of values in LTM and LTC won't get optimised away
795 - Removed unused functions from loginrec.c
797 - /dev/random is now the default entropy source rather than /dev/urandom
799 - Logging of IPs in auth success/failure messages for improved greppability
801 - Fix dbclient so that "scp -i keyfile" works. (It can handle "-ikeyfile
804 - Avoid a race in server shell-handling code which prevents the exit-code
805 from being returned to the client in some circumstances.
807 - Makefile modified so that install target works correctly (doesn't try
808 to install "all" binary) - patch from Juergen Daubert
810 - Various minor fixes and compile warnings.
812 0.44test4 - Tue Sept 14 2004 21:15:54 +0800
814 - Fix inetd mode so it actually loads the hostkeys (oops)
816 - Changed DROPBEAR_DEFPORT properly everywhere
818 - Fix a small memory leak in the auth code
820 - WCOREDUMP is only used on systems which support it (ie not cygwin or AIX)
822 - Check (and fail for) cases when we can't negotiate algorithms with the
823 remote side successfully (rather than bombing out ungracefully)
825 - Handle authorized_keys files without a terminating newline
827 - Fiddle the channel receive window size for possibly better performance
829 - Added in the PAM authentication code (finally! thanks to Martin Carlsson)
831 0.44test3 - Fri Aug 27 22:20:54 +0800
833 - Fixed a bunch of warnings.
835 - scp works correctly when passed a username (fix for the dbclient program
836 itself as well, "-lmatt" works as well as "-l matt").
838 - Remove unrequired debian files
840 - Exit with the remote process's return code for dbclient
842 - Display stderr messages from the server in the client
844 - Add circular buffering to the channel code. This should dramatically reduce
845 the amount of backtraffic sent in response to traffic incoming to the
846 Dropbear end - improves high-latency performance (ie dialup).
848 - Various other related channel-handling fixups.
850 - Allow leading lines in the banner when connecting to servers
852 - Fixed printing out errors onto the network socket with stderr (for inetd
853 mode when using xinetd)
855 - Remove obselete documentation
857 - Fix a null-pointer exception when trying to free non-existant listeners
860 - DEBUG_TRACE now only works if you add "-v" to the program commandline
862 - Don't leave stdin non-blocking on exit - this caused the parent shell
863 of dbclient to close when dbclient exited, for some shells in BusyBox
865 - Server connections no longer timeout after 5 minutes
867 - Fixed stupid DSS hostkey typo (server couldn't load host keys)
869 0.44test2 - Tues Aug 17 2004 17:43:54 +0800
871 - Fix up dropbearmulti targets in the Makefile - symlinks are now created
873 - Compile fake-rfc2553 even with dropbearconvert/dropbearkey - this
874 allows them to work on platforms without a native getaddrinfo()
876 - Create ~/.ssh/known_hosts properly if it doesn't exist
878 - Fix basename() function prototype
880 - Backport some local changes (more #ifdefs for termcodes.c, a fix for missing
883 - Let dbclient be run as "ssh"
885 - Initialise mp_ints by default
887 0.44test1 - Sun Aug 16 2005 17:43:54 +0800
889 - TESTING RELEASE - this is the first public release of the client codebase,
890 so there are sure to be bugs to be found. In addition, if you're just using
891 the server portion, the final binary size probably will increase - I'll
892 be trying to get it back down in future releases.
894 - Dropbear client added - lots of changes to the server code as well to
897 - IPv6 support added for client, server, and forwarding
899 - New makefile with more generic support for multiple-program binaries
901 0.43 - Fri Jul 16 2004 17:44:54 +0800
903 - SECURITY: Don't try to free() uninitialised variables in DSS verification
904 code. Thanks to Arne Bernin for pointing out this bug. This is possibly
905 exploitable, all users with DSS and pubkey-auth compiled in are advised to
906 upgrade. CVE-2004-2486
908 - Clean up agent forwarding socket files correctly, patch from Gerrit Pape.
910 - Don't go into an infinite loop when portforwarding to servers which don't
911 send any initial data/banner. Patch from Nikola Vladov
913 - Fix for network vs. host byte order in logging remote TCP ports, also
916 - Initialise many pointers to NULL, for general safety. Also checked cleanup
917 code for mp_ints (related to security issues above).
919 0.42 - Wed Jun 16 2004 12:44:54 +0800
921 - Updated to Gerrit Pape's official Debian subdirectory
923 - Fixed bad check when opening /dev/urandom - thanks to Danny Sung.
925 - Added -i inetd mode flag, and associated options in options.h . Dropbear
926 can be compiled with either normal mode, inetd, or both modes. Thanks
927 to Gerrit Pape for basic patch and motivation.
929 - Use <dirent.h> rather than <sys/dir.h> for POSIX compliance. Thanks to Bill
932 - Fixed a TCP forwarding (client-local, -L style) bug which caused the whole
933 session to close if the TCP connection failed. Thanks to Andrew Braund for
934 reporting it and helping track it down.
936 - Re-enable sigpipe for child processes. Thanks to Gerrit Pape for some
937 suggestions, and BSD manpages for a clearer explanation of the behaviour.
939 - Added manpages, thanks to Gerrit Pape.
941 - Changed license text for LibTomCrypt and LibTomMath.
943 - Added strip-static target
945 - Fixed a bug in agent-forwarding cleanup handler - would segfault
946 (dereferencing a null pointer) if agent forwarding had failed.
948 - Fix behaviour of authorized_keys parsing, so larger (>1024 bit) DSA keys will
949 work. Thanks to Dr. Markus Waldeck for the report.
951 - Fixed local port forwarding code so that the "-j" option will make forwarding
952 attempts fail more gracefully.
954 - Allow repeated requests in a single session if previous ones fail - this fixes PuTTY and some other SCP clients, which try SFTP, then fall-back to SCP if it
955 isn't available. Thanks to Stirling Westrup for the report.
957 - Updated to LibTomCrypt 0.96 and LibTomMath 0.30. The AES code now uses
958 smaller non-precomputed tables if DROPBEAR_SMALL_CODE is defined in
959 options.h, leading to a significant reduction in the binary size.
961 0.41 - Mon Jan 19 2004 22:40:19 +0800
963 - Fix in configure so that cross-compiling works, thanks to numerous people for
964 reporting and testing
966 - Terminal mode parsing now handles empty terminal mode strings (sent by
967 Windows ssh.com clients), thanks to Ricardo Derbes for the report
969 - Handling is improved for users with no shell specified in /etc/passwd,
970 thanks again to Ricardo Derbes
972 - Fix for compiling with --disable-syslog, thanks to gordonfh
974 - Various minor fixes allow scp to work with irix, thanks to Paul Marinceu for
977 - Use <stropts.h> not <sys/stropts.h>, since the former seems more common
979 0.40 - Tue Jan 13 2004 21:05:19 +0800
981 - Remote TCP forwarding (-R) style implemented
983 - Local and remote TCP forwarding can each be disabled at runtime (-k and -j
986 - Fix for problems detecting openpty() with uClibc - many thanks to various
987 people for reporting and testing fixes, including (in random order) Cristian
988 Ionescu-Idbohrn, James Ewing, Steve Dover, Thomas Lundquist and Frederic
991 - Improved portability for IRIX, thanks to Paul Marinceu
993 - AIX and HPUX portability fixes, thanks to Darren Tucker for patches
995 - prngd should now work correctly, thanks to Darren Tucker for the patch
997 - scp compilation on systems without strlcpy() is fixed, thanks to Peter
998 Jannesen and David Muse for reporting it (independently and simultaneously :)
1000 - Merged in new LibTomCrypt 0.92 and LibTomMath 0.28
1002 0.39 - Tue Dec 16 2003 15:19:19 +0800
1004 - Better checking of key lengths and parameters for DSS and RSA auth
1006 - Print fingerprint of keys used for pubkey auth
1008 - More consistent logging of usernames and IPs
1010 - Added option to disable password auth (or just for root) at runtime
1012 - Avoid including bignum functions which don't give much speed benefit but
1015 - Added a stripped down version of OpenSSH's scp binary
1017 - Added additional supporting functions for Irix, thanks to Paul Marinceu
1019 - Don't check for unused libraries in configure script
1021 - Removed trailing comma in algorithm lists (thanks to Mihnea Stoenescu)
1023 - Fixed up channel close handling, always send close packet in response
1024 (also thanks to Mihnea Stoenescu)
1026 - Various makefile improvements for cross-compiling, thanks to Friedrich
1027 Lobenstock and Mihnea Stoenescu
1029 - Use daemon() function if available (or our own copy) rather than separate
1030 code (thanks to Frédéric Lavernhe for the report and debugging, and Bernard
1031 Blackham for his suggestion on what to look at)
1033 - Fixed up support for first_kex_packet_follows, required to talk to ssh.com
1034 clients. Thanks to Marian Stagarescu for the bug report.
1036 - Avoid using MAXPATHLEN, pointer from Ian Morris
1038 - Improved input sanity checking
1040 0.38 - Sat Oct 11 2003 16:28:13 +0800
1042 - Default hostkey path changed to /etc/dropbear/dropbear_{rsa,dss}_host_key
1043 rather than /etc/dropbear_{rsa,dss}_host_key
1045 - Added SMALL and MULTI text files which have info on compiling for multiple
1046 binaries or small binaries
1048 - Allow for commandline definition of some options.h settings
1051 - Be more careful handling EINTR
1053 - More fixes for channel closing
1055 - Added multi-binary support
1057 - Improved logging of IPs, now get logged in all cases
1059 - Don't chew cpu when waiting for version identification string, also
1060 make sure that we kick off people if they don't auth within 5 minutes.
1062 - Various small fixes, warnings etc
1064 - Display MOTD if requested - suggested by
1065 Trent Lloyd <lathiat at sixlabs.org> and
1066 Zach White <zwhite at darkstar.frop.org>
1068 - sftp support works (relies on OpenSSH sftp binary or similar)
1070 - Added --disable-shadow option (requested by the floppyfw guys)
1072 0.37 - Wed Sept 24 2003 19:42:12 +0800
1074 - Various portability fixes, fixes for Solaris 9, Tru64 5.1, Mac OS X 10.2,
1077 - Updated LibTomMath to 0.27 and LibTomCrypt to 0.90
1079 - Renamed util.{c,h} to dbutil.{c,h} to avoid conflicts with system util.h
1081 - Added some small changes so it'll work with AIX (plus Linux Affinity).
1082 Thanks to Shig for them.
1084 - Improved the closing messages, so a clean exit is "Exited normally"
1086 - Added some more robust integer/size checking in buffer.c as a backstop for
1089 - X11 forwarding fixed for OSX, path for xauth changed to /usr/X11R6/bin/xauth
1091 - Channel code handles closing more nicely, doesn't sit waiting for an extra
1092 keystroke on BSD/OSX platforms, and data is flushed fully before closing
1093 child processes (thanks to
1094 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> for
1097 - Changed "DISABLE_TCPFWD" to "ENABLE_TCPFWD" (and for x11/auth) so
1098 "disable DISABLE_TCPWD" isn't so confusing.
1100 - Fix authorized_keys handling (don't crash on too-long keys, and
1101 use fgetc not getc to avoid strange macro-related issues), thanks to
1102 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
1103 and Steve Rodgers <hwstar at cox.net> for reporting and testing.
1105 - Fixes to the README with regard to uClibc systems, thanks to
1106 Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>,
1107 as well as general improvements to documentation (split README/INSTALL)
1109 - Fixed up some compilation problems with dropbearconvert/dropbearkey if
1110 DSS or RSA were disabled, reported by Patrik Karlsson <patrik at cqure.net>
1112 - Fix double-free bug for hostkeys, reported by
1113 Vincent Sanders <vince at kyllikki.org>
1115 - Fix up missing \ns from dropbearconvert help message,
1116 thanks to Mordy Ovits <movits at bloomberg.com> for the patch
1118 0.36 - Tue August 19 2003 12:16:23 +0800
1120 - Fix uninitialised temporary variable in DSS signing code
1121 (thanks to Matthew Franz <mdfranz at io.com> for reporting, and the authors
1122 of Valgrind for making it easy to track down)
1123 - Fix remote version-string parsing error
1124 (thanks to Bernard Blackham <bernard at blackham.com.au> for noticing)
1125 - Improved host-algorithm-matching algorithm in algo.c
1126 - Decreased MAX_STRING_LEN to a more realistic value
1127 - Fix incorrect version (0.34) in this CHANGES file for the previous release.
1129 0.35 - Sun August 17 2003 05:37:47 +0800
1131 - Fix for remotely exploitable format string buffer overflow.
1132 (thanks to Joel Eriksson <je at bitnux.com>)
1134 0.34 - Fri August 15 2003 15:10:00 +0800
1136 - Made syslog optional, both at compile time and as a compile option
1137 (suggested by Laurent Bercot <ska at skarnet.org>)
1138 - Fixup for bad base64 parsing in authorized_keys
1139 (noticed by Davyd Madeley <davyd at zdlcomputing.com>)
1140 - Added initial tcp forwarding code, only -L (local) at this stage
1141 - Improved "make install" with DESTDIR and changing ownership seperately,
1142 don't check for setpgrp on Linux for crosscompiling.
1143 (from Erik Andersen <andersen at codepoet.org>)
1144 - More commenting, fix minor compile warnings, make return values more
1146 - Various signedness fixes
1147 - Can listen on multiple ports
1148 - added option to disable openpty with configure script,
1149 (from K.-P. Kirchdörfer <kapeka at epost.de>)
1150 - Various cleanups to bignum code
1151 (thanks to Tom St Denis <tomstdenis at iahu.ca>)
1152 - Fix compile error when disabling RSA
1153 (from Marc Kleine-Budde <kleine-budde at gmx.de>)
1154 - Other cleanups, splitting large functions for packet and kex handling etc
1156 0.33 - Sun June 22 2003 22:24:12 +0800
1158 - Fixed some invalid assertions in the channel code, fixing the server dying
1159 when forwarding X11 connections.
1160 - Add dropbearconvert to convert to/from OpenSSH host keys and Dropbear keys
1161 - RSA keys now keep p and q parameters for compatibility -- old Dropbear keys
1162 still work, but can't be converted to OpenSSH etc.
1163 - Debian packaging directory added, thanks to
1164 Grahame (grahame at angrygoats.net)
1165 - 'install' target added to the makefile
1166 - general tidying, improve consistency of functions etc
1167 - If RSA or DSS hostkeys don't exist, that algorithm won't be used.
1168 - Improved RSA and DSS key generation, more efficient and fixed some minor bugs
1169 (thanks to Tom St Denis for the advice)
1170 - Merged new versions of LibTomCrypt (0.86) and LibTomMath (0.21)
1172 0.32 - Sat May 24 2003 12:44:11 +0800
1174 - Don't compile unused code from libtomcrypt (test vectors etc)
1175 - Updated to libtommath 0.17 and libtomcrypt 0.83. New libtommath results
1176 in smaller binary size, due to not linking unrequired code
1177 - X11 forwarding added
1178 - Agent forwarding added (for OpenSSH.com ssh client/agent)
1179 - Fix incorrect buffer freeing when banners are used
1180 - Hostname resolution works
1181 - Various minor bugfixes/code size improvements etc
1183 0.31 - Fri May 9 2003 17:57:16 +0800
1185 - Improved syslog messages - IP logging etc
1186 - Strip control characters from log messages (specified username currently)
1187 - Login recording (utmp/wtmp) support, so last/w/who work - taken from OpenSSH
1188 - Shell is started as a proper login shell, so /etc/profile etc is sourced
1189 - Ptys work on Solaris (2.8 x86 tested) now
1190 - Fixed bug in specifying the rsa hostkey
1191 - Fixed bug in compression code, could trigger if compression resulted in
1192 larger output than input (uncommon but possible).
1194 0.30 - Thu Apr 17 2003 18:46:15 +0800
1196 - SECURITY: buffer.c had bad checking for buffer increment length - fixed
1197 - channel code now closes properly on EOF - scp processes don't hang around
1198 - syslog support added - improved auth/login/failure messages
1199 - general code tidying, made return codes more consistent
1200 - Makefile fixed for dependencies and makes libtomcrypt as well
1201 - Implemented sending SSH_MSG_UNIMPLEMENTED :)
1203 0.29 - Wed Apr 9 2003
1205 - Fixed a stupid bug in 0.28 release, 'newstr = strdup(oldstr)',
1208 0.28 - Sun Apr 6 2003
1210 - Initial public release
1212 Development was started in October 2002