Hi all. Dropbear 0.49 is now released, as usual at http://matt.ucc.asn.au/dropbear/dropbear.html
The release features a few new options, as well as improved channel handling which should resolve various hangs on exit. The changelog is included below. It contains a security fix for dbclient when a mismatching hostkey is encountered (comparing with ~/.ssh/known_hosts). The previous behaviour was to just prompt the user to confirm the key - now it will print a warning and exit. Cheers, Matt 0.49 - Fri 23 February 2007 - Security: dbclient previously would prompt to confirm a mismatching hostkey but wouldn't warn loudly. It will now exit upon a mismatch. - Compile fixes, make sure that all variable definitions are at the start of a scope. - Added -P pidfile argument to the server (from Swen Schillig) - Add -N dbclient option for "no command" - Add -f dbclient option for "background after auth" - Add ability to limit binding to particular addresses, use -p [address:]port, patch from Max-Gerd Retzlaff. - Try to finally fix ss_family compilation problems (for old glibc systems) - Fix finding relative-path server hostkeys when running daemonized - Use $HOME in preference to that from /etc/passwd, so that dbclient can still work on broken systems. - Fix various issues found by Klocwork defect analysis, mostly memory leaks and error-handling. Thanks to Klocwork for their service. - Improve building in a separate directory - Add compile-time LOG_COMMANDS option to log user commands - Add '-y' flag to dbclient to unconditionally accept host keys, patch from Luciano Miguel Ferreira Rocha - Return immediately for "sleep 10 & echo foo", rather than waiting for the sleep to return (pointed out by Rob Landley). - Avoid hanging after exit in certain cases (such as scp) - Various minor fixes, in particular various leaks reported by Erik Hovland - Disable core dumps on startup - Don't erase over every single buffer, since it was a bottleneck. On systems where it really matters, encrypted swap should be utilised. - Read /dev/[u]random only once at startup to conserve kernel entropy - Upgrade to LibTomCrypt 1.16 and LibTomMath 0.40 - Upgrade config.status and config.guess
