diff options
-rw-r--r-- | CHANGES | 29 | ||||
-rw-r--r-- | dbclient.1 | 2 | ||||
-rw-r--r-- | dbutil.h | 2 | ||||
-rw-r--r-- | dropbearconvert.1 | 4 | ||||
-rw-r--r-- | dropbearkey.1 | 2 | ||||
-rw-r--r-- | ecdsa.c | 1 | ||||
-rw-r--r-- | keyimport.c | 2 | ||||
-rw-r--r-- | svr-main.c | 1 |
8 files changed, 37 insertions, 6 deletions
@@ -1,3 +1,32 @@ +2015.67 - Wednesday 28 January 2015 + +- Call fsync() after generating private keys to ensure they aren't lost if a + reboot occurs. Thanks to Peter Korsgaard + +- Disable non-delayed zlib compression by default on the server. Can be + enabled if required for old clients with DROPBEAR_SERVER_DELAY_ZLIB + +- Default client key path ~/.ssh/id_dropbear + +- Prefer stronger algorithms by default, from Fedor Brunner. + AES256 over 3DES + Diffie-hellman group14 over group1 + +- Add option to disable CBC ciphers. + +- Disable twofish in default options.h + +- Enable sha2 HMAC algorithms by default, the code was already required + for ECC key exchange. sha1 is the first preference still for performance. + +- Fix installing dropbear.8 in a separate build directory, from Like Ma + +- Allow configure to succeed if libtomcrypt/libtommath are missing, from Elan Ruusamäe + +- Don't crash if ssh-agent provides an unknown type of key. From Catalin Patulea + +- Minor bug fixes, a few issues found by Coverity scan + 2014.66 - Thursday 23 October 2014 - Use the same keepalive handling behaviour as OpenSSH. This will work better @@ -33,7 +33,7 @@ Identity file. Read the identity key from file .I idfile (multiple allowed). This file is created with dropbearkey(1) or converted -from OpenSSH with dropbearconvert(1). +from OpenSSH with dropbearconvert(1). The default path ~/.ssh/id_dropbear is used .TP .B \-L [\fIlistenaddress\fR]:\fIlistenport\fR:\fIhost\fR:\fIport\fR Local port forwarding. @@ -91,7 +91,7 @@ void m_close(int fd); void * m_malloc(size_t size); void * m_strdup(const char * str); void * m_realloc(void* ptr, size_t size); -#define m_free(X) free(X); (X) = NULL; +#define m_free(X) do {free(X); (X) = NULL;} while (0); void m_burn(void* data, unsigned int len); void setnonblocking(int fd); void disallow_core(); diff --git a/dropbearconvert.1 b/dropbearconvert.1 index 4643f5f..b2f34ef 100644 --- a/dropbearconvert.1 +++ b/dropbearconvert.1 @@ -39,9 +39,9 @@ or An existing Dropbear or OpenSSH private key file .TP .B output file -The path to write the converted private key file +The path to write the converted private key file. For client authentication ~/.ssh/id_dropbear is loaded by default .SH EXAMPLE - # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/dropbear_priv + # dropbearconvert openssh dropbear ~/.ssh/id_rsa ~/.ssh/id_dropbear .SH AUTHOR Matt Johnston (matt@ucc.asn.au). .SH SEE ALSO diff --git a/dropbearkey.1 b/dropbearkey.1 index 207a6fe..b4d202e 100644 --- a/dropbearkey.1 +++ b/dropbearkey.1 @@ -33,7 +33,7 @@ or .TP .B \-f \fIfile Write the secret key to the file -.IR file . +.IR file . For client authentication ~/.ssh/id_dropbear is loaded by default .TP .B \-s \fIbits Set the key size to @@ -131,6 +131,7 @@ ecc_key *buf_get_ecdsa_priv_key(buffer *buf) { if (buf_getmpint(buf, new_key->k) != DROPBEAR_SUCCESS) { ecc_free(new_key); + m_free(new_key); return NULL; } diff --git a/keyimport.c b/keyimport.c index 272fcce..6f2634f 100644 --- a/keyimport.c +++ b/keyimport.c @@ -810,7 +810,7 @@ static sign_key *openssh_read(const char *filename, char * UNUSED(passphrase)) } m_burn(key->keyblob, key->keyblob_size); m_free(key->keyblob); - m_burn(key, sizeof(key)); + m_burn(key, sizeof(*key)); m_free(key); if (errmsg) { fprintf(stderr, "Error: %s\n", errmsg); @@ -343,6 +343,7 @@ static void sigchld_handler(int UNUSED(unused)) { sa_chld.sa_handler = sigchld_handler; sa_chld.sa_flags = SA_NOCLDSTOP; + sigemptyset(&sa_chld.sa_mask); if (sigaction(SIGCHLD, &sa_chld, NULL) < 0) { dropbear_exit("signal() error"); } |