Dropbear 0.49 released

Matt Johnston matt at ucc.asn.au
Fri Feb 23 01:31:15 WST 2007


Hi all.

Dropbear 0.49 is now released, as usual at
http://matt.ucc.asn.au/dropbear/dropbear.html

The release features a few new options, as well as improved
channel handling which should resolve various hangs on exit.
The changelog is included below.

It contains a security fix for dbclient when a mismatching
hostkey is encountered (comparing with ~/.ssh/known_hosts).
The previous behaviour was to just prompt the user to
confirm the key - now it will print a warning and
exit.

Cheers,
Matt

0.49 - Fri 23 February 2007

- Security: dbclient previously would prompt to confirm a 
  mismatching hostkey but wouldn't warn loudly. It will now
  exit upon a mismatch.

- Compile fixes, make sure that all variable definitions are at the start
  of a scope.

- Added -P pidfile argument to the server (from Swen Schillig)

- Add -N dbclient option for "no command"

- Add -f dbclient option for "background after auth"

- Add ability to limit binding to particular addresses, use 
  -p [address:]port, patch from Max-Gerd Retzlaff.

- Try to finally fix ss_family compilation problems (for old
  glibc systems)

- Fix finding relative-path server hostkeys when running daemonized

- Use $HOME in preference to that from /etc/passwd, so that
  dbclient can still work on broken systems.

- Fix various issues found by Klocwork defect analysis, mostly memory leaks
  and error-handling. Thanks to Klocwork for their service.

- Improve building in a separate directory

- Add compile-time LOG_COMMANDS option to log user commands

- Add '-y' flag to dbclient to unconditionally accept host keys,
  patch from Luciano Miguel Ferreira Rocha

- Return immediately for "sleep 10 & echo foo", rather than waiting
  for the sleep to return (pointed out by Rob Landley).
  
- Avoid hanging after exit in certain cases (such as scp)

- Various minor fixes, in particular various leaks reported by
  Erik Hovland
  
- Disable core dumps on startup

- Don't erase over every single buffer, since it was a bottleneck.
  On systems where it really matters, encrypted swap should be utilised.

- Read /dev/[u]random only once at startup to conserve kernel entropy

- Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40

- Upgrade config.status and config.guess 


More information about the Dropbear mailing list