a bug detected in dropbear v071

Thomas De Schampheleire patrickdepinguin at gmail.com
Tue May 17 21:27:38 AWST 2016


On Thu, May 12, 2016 at 5:21 PM, Matt Johnston <matt at ucc.asn.au> wrote:
> On Wed 11/5/2016, at 11:55 pm, Thomas De Schampheleire <patrickdepinguin at gmail.com> wrote:
>>>
>>> I expect the next release will be in perhaps a month's
>>> time - it could be longer though.
>>
>> Is there a certain strategy with respect to timing of releases? Could
>> you describe it?
>>
>> It seems a long time to me to wait a month before releasing a bug fix
>> of this type (100% CPU load). Meanwhile we can of course apply your
>> patch explicitly, but other users may be experiencing the same and may
>> not be aware of this fix.
>
> Hi Thomas,
>
> Releases usually occur once sufficient new CHANGES items have accumulated, around a dozen or so is the trend. So far since 2016.73 there are about 5. For the next release I intend to sort out being able to build without sha1, it also needs some more thorough testing of the #ifdef->#if changes.
>
> If there's an important fix then I'll sometimes make a smaller release. How frequently have you seen the 100% CPU rekey issue? As far as I can tell the bug's been present since 2007 with no other reports, which is why I was leaving it for the next release.

Thanks for the feedback.
The issue was seen consistently in a specific validation scenario, but
other than that we do not see it indeed.
I have applied the patch for now, and we will update to the new
release when it's ready.

Thanks for your support,
Thomas


More information about the Dropbear mailing list