changelog and version 2015.68
diff --git a/CHANGES b/CHANGES
index 0e7f83a..704e644 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,23 +1,31 @@
-- Improve efficiency of writing data to local program/pipes, measured 30% increase
+2015.68 - Saturday 8 August 2015
+
+- Reduce local data copying for improved efficiency. Measured 30%
increase in throughput for connections to localhost
-- Use TCP Fast Open on Linux if available. saves a round trip at connection
+- Forwarded TCP ports connect asynchronously and try all available addresses
+ (IPv4, IPv6, round robin DNS)
+
+- Fix all compile warnings, many patches from Gaël Portay
+ Note that configure with -Werror may not be successful on some platforms (OS X)
+ and some configuration options may still result in unused variable
+ warnings.
+
+- Use TCP Fast Open on Linux if available. Saves a round trip at connection
to hosts that have previously been connected.
Needs a recent Linux kernel and possibly "sysctl -w net.ipv4.tcp_fastopen=3"
Client side is disabled by default pending further compatibility testing
with networks and systems.
-- Forwarded TCP ports connect asynchronously and retry with other available
- addresses (IPv4 versus IPv6, round robin IPs)
+- Increase maximum command length to 9000 bytes
- Free memory before exiting, patch from Thorsten Horstmann. Useful for
Dropbear ports to embedded systems and for checking memory leaks
- with valgrind. Only partially implemented for client side.
+ with valgrind. Only partially implemented for dbclient.
+ This is disabled by default, enable with DROPBEAR_CLEANUP in sysoptions.h
-- Fix all compile warnings, patch from Gaël Portay
- (note that configure with -Werror may not be successful on some platforms
- such as OS X and some configuration options may result in unused variable
- warnings)
+- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
+ there is a leading slash (~ isn't treated specially)
- Fix small ECC memory leaks
@@ -29,10 +37,13 @@
- Fix pre-authentication timeout when waiting for client SSH-2.0 banner, thanks
to CL Ouyang
-- Increase maximum command size to 9000 bytes
+- Fix null pointer crash with restrictions in authorized_keys without a command, patch from
+ Guilhem Moulin
-- DROPBEAR_DEFAULT_CLI_AUTHKEY setting now always prepends home directory unless
- there is a leading slash (~ isn't treated specially)
+- Ensure authentication timeout is handled while reading the initial banner,
+ thanks to CL Ouyang for finding it.
+
+- Fix null pointer crash when handling bad ECC keys. Found by afl-fuzz
2015.67 - Wednesday 28 January 2015
diff --git a/debian/changelog b/debian/changelog
index 12484cc..5ab39e6 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+dropbear (2015.68-0.1) unstable; urgency=low
+
+ * New upstream release.
+
+ -- Matt Johnston <matt@ucc.asn.au> Sat, 8 Aug 2015 22:52:58 +0800
+
dropbear (2015.67-0.1) unstable; urgency=low
* New upstream release.
diff --git a/sysoptions.h b/sysoptions.h
index 731232d..d6f1a1f 100644
--- a/sysoptions.h
+++ b/sysoptions.h
@@ -4,7 +4,7 @@
*******************************************************************/
#ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "2015.67"
+#define DROPBEAR_VERSION "2015.68"
#endif
#define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
