a bug detected in dropbear v071

Matt Johnston matt at ucc.asn.au
Thu May 12 23:21:05 AWST 2016


On Wed 11/5/2016, at 11:55 pm, Thomas De Schampheleire <patrickdepinguin at gmail.com> wrote:
>> 
>> I expect the next release will be in perhaps a month's
>> time - it could be longer though.
> 
> Is there a certain strategy with respect to timing of releases? Could
> you describe it?
> 
> It seems a long time to me to wait a month before releasing a bug fix
> of this type (100% CPU load). Meanwhile we can of course apply your
> patch explicitly, but other users may be experiencing the same and may
> not be aware of this fix.

Hi Thomas,

Releases usually occur once sufficient new CHANGES items have accumulated, around a dozen or so is the trend. So far since 2016.73 there are about 5. For the next release I intend to sort out being able to build without sha1, it also needs some more thorough testing of the #ifdef->#if changes.

If there's an important fix then I'll sometimes make a smaller release. How frequently have you seen the 100% CPU rekey issue? As far as I can tell the bug's been present since 2007 with no other reports, which is why I was leaving it for the next release.

Cheers,
Matt


More information about the Dropbear mailing list