From 70a22818230565ebe5ca49dcd43e7f1afff04bfb Mon Sep 17 00:00:00 2001
From: Matt Johnston <matt@ucc.asn.au>
Date: Thu, 22 Feb 2007 15:46:57 +0000
Subject: [PATCH] 0.49 probably done

--HG--
extra : convert_revision : 61cdf48863b44c54cf8abe33d263f7c1d57a27df
---
 CHANGES          | 9 ++++++++-
 dbclient.1       | 4 ++++
 debian/changelog | 4 ++--
 options.h        | 7 ++++---
 4 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/CHANGES b/CHANGES
index f58ed7e6..85e50a0f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,8 @@
-0.49test1 - Mon 12 February 2007
+0.49 - Fri 23 February 2007
+
+- Security: dbclient previously would prompt to confirm a 
+  mismatching hostkey but wouldn't warn loudly. It will now
+  exit upon a mismatch.
 
 - Compile fixes, make sure that all variable definitions are at the start
   of a scope.
@@ -9,6 +13,9 @@
 
 - Add -f dbclient option for "background after auth"
 
+- Add ability to limit binding to particular addresses, use 
+  -p [address:]port, patch from Max-Gerd Retzlaff.
+
 - Try to finally fix ss_family compilation problems (for old
   glibc systems)
 
diff --git a/dbclient.1 b/dbclient.1
index c91c2724..41453423 100644
--- a/dbclient.1
+++ b/dbclient.1
@@ -70,6 +70,10 @@ This is useful when using password authentication.
 Allow non-local hosts to connect to forwarded ports. Applies to -L and -R
 forwarded ports, though remote connections to -R forwarded ports may be limited
 by the ssh server.
+.TP
+.B \-y
+Always accept hostkeys if they are unknown. If a hostkey mismatch occurs the
+connection will abort as normal.
 .SH AUTHOR
 Matt Johnston (matt@ucc.asn.au).
 .br
diff --git a/debian/changelog b/debian/changelog
index d2011766..0ad67efe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,8 @@
-dropbear (0.49test1-0.1) unstable; urgency=low
+dropbear (0.49-0.1) unstable; urgency=low
 
   * New upstream release.
 
- -- Matt Johnston <matt@ucc.asn.au>  Mon, 12 Feb 2007 23:59:00 +0900
+ -- Matt Johnston <matt@ucc.asn.au>  Fri, 23 Feb 2007 00:44:00 +0900
 
 dropbear (0.48.1-1) unstable; urgency=medium
 
diff --git a/options.h b/options.h
index 4ba51c3a..cd6f7ca7 100644
--- a/options.h
+++ b/options.h
@@ -133,7 +133,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  * You can't enable both PASSWORD and PAM. */
 
 #define ENABLE_SVR_PASSWORD_AUTH
-/*#define ENABLE_SVR_PAM_AUTH */
+/*#define ENABLE_SVR_PAM_AUTH */ /* requires ./configure --enable-pam */
 #define ENABLE_SVR_PUBKEY_AUTH
 
 #define ENABLE_CLI_PASSWORD_AUTH
@@ -182,7 +182,8 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
 #define MAX_AUTH_TRIES 10
 #endif
 
-/* The file to store the daemon's process ID, for shutdown scripts etc */
+/* The default file to store the daemon's process ID, for shutdown
+   scripts etc. This can be overridden with the -P flag */
 #ifndef DROPBEAR_PIDFILE
 #define DROPBEAR_PIDFILE "/var/run/dropbear.pid"
 #endif
@@ -214,7 +215,7 @@ etc) slower (perhaps by 50%). Recommended for most small systems. */
  *******************************************************************/
 
 #ifndef DROPBEAR_VERSION
-#define DROPBEAR_VERSION "0.49test1"
+#define DROPBEAR_VERSION "0.49"
 #endif
 
 #define LOCAL_IDENT "SSH-2.0-dropbear_" DROPBEAR_VERSION
-- 
GitLab