File: dropbear-bin.NEWS

package info (click to toggle)
dropbear 2025.89-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 12,580 kB
  • sloc: ansic: 108,210; sh: 4,765; perl: 774; python: 763; makefile: 715; java: 177
file content (45 lines) | stat: -rw-r--r-- 2,183 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
dropbear (2022.83-1) unstable; urgency=medium

  Support for ssh-dss (DSA) host and user keys is disabled by default at
  compile-time.  Such keys are considered insecure as they are only 1024
  bits long and use the SHA-1 digest algorithm.  Note that OpenSSH
  disables support for such keys at run-time since 7.0/7.0p1.

 -- Guilhem Moulin <guilhem@debian.org>  Mon, 14 Nov 2022 22:16:35 +0100

dropbear (2020.79-1) unstable; urgency=low

  dropbear 2020.79 includes a number of upstream changes that may affect
  existing configurations:

   * dropbear(8): X11 forwarding is disabled at compile time.

   * dbclient(1), dropbear(8): 3DES support, as well as any cipher using
     CBC mode, is disabled at compile time.  Note that these ciphers are
     also disabled - at run time - in OpenSSH's ssh(1) since 7.4 and 7.6
     respectively.

     On the other hand ChaCha20/Poly1305 support was added, so the cipher
     proposal is now chacha20-poly1305@openssh.com,aes128-ctr,aes256-ctr,
     which should be compatible with OpenSSH's ssh(1) 3.7 or later.

   * dbclient(1), dropbear(8): hmac-sha1-96 support is disabled at
     compile time.  Note that this MAC (message authentication code)
     algorithm is also disabled - at run time - in OpenSSH's ssh(1) since
     7.2.  The current MAC proposal is hmac-sha1,hmac-sha2-256, which
     should be compatible with any OpenSSH version up to the current one
     (8.3).  Moreover MACs are not used with authenticated ciphers such
     as ChaCha20/Poly1305.

   * Use getrandom() call to ensure sufficient entropy has been gathered
     at startup.  Tests suggests that this doesn't lead to entropy
     starvation, even at initramfs stage on a headless virtual machine
     without RNG device.  Please file a bug if that cause issues for you.

  Moreover this release adds support for ed25519 host and user keys.
  Like for other algorithms /etc/ssh/ssh_host_ed25519_key resp.
  /etc/dropbear-initramfs/dropbear_ed25519_host_key will only be created
  by the post-install script if no other host key file exist (for
  instance on a fresh installation).

 -- Guilhem Moulin <guilhem@debian.org>  Tue, 16 Jun 2020 02:50:00 +0200