Test on my OpenBSD desktop machine: OpenBSD logan.my.domain 5.4 GENERIC.MP#41 amd64 run test dhgex.sh ... dhgex bits 3072 diffie-hellman-group-exchange-sha1 cast128-cbc FATAL: dhgex expected 3072 bit group, got 2048 *** Error 1 in regress (Makefile:172 't-exec': @if [ "xconnect.sh proxy-connect.sh connect-privsep.sh proto-version.sh proto-mismatch.sh exi...) *** Error 1 in /home/logan/openssh_snap/openssh (Makefile:454 'tests') On Sat, Mar 1, 2014 at 2:19 AM, Damien Miller <djm@xxxxxxxxxxx> wrote: > Hi, > > OpenSSH 6.6 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a small release > mostly to fix some minor but annoying bugs in openssh-6.5. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via anonymous CVS using the > instructions at http://www.openssh.com/portable.html#cvs or > via Git at https://anongit.mindrot.org/openssh.git/ > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also > appreciated. Please send reports of success or failure to > openssh-unix-dev@xxxxxxxxxxx. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > Changes since OpenSSH 6.5 > ========================= > > This is primarily a bugfix release. > > New / changed features: > > * ssh(1), sshd(8): this release removes the J-PAKE authentication code. > This code was experimental, never enabled and had been unmaintained > for some time. > > * ssh(1): when processing Match blocks, skip 'exec' clauses other clauses > predicates failed to match. > > * ssh(1): if hostname canonicalisation is enabled and results in the > destination hostname being changed, then re-parse ssh_config(5) files > using the new destination hostname. This gives 'Host' and 'Match' > directives that use the expanded hostname a chance to be applied. > > Bugfixes: > > * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in > ssh -W. bz#2200, debian#738692 > > * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace > sandbox modes, as it is reachable if the connection is terminated > during the pre-auth phase. > > * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum > parsing. Minimum key length checks render this bug unexploitable to > compromise SSH 1 sessions. > > * sshd_config(5): clarify behaviour of a keyword that appears in > multiple matching Match blocks. bz#2184 > > * ssh(1): avoid unnecessary hostname lookups when canonicalisation is > disabled. bz#2205 > > * sshd(8): avoid sandbox violation crashes in GSSAPI code by caching > the supported list of GSSAPI mechanism OIDs before entering the > sandbox. bz#2107 > > * ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption > that the SOCKS username is nul-terminated. > > * ssh(1): fix regression for UsePrivilegedPort=yes when BindAddress is > not specified. > > * ssh(1), sshd(8): fix memory leak in ECDSA signature verification. > > * ssh(1): fix matching of 'Host' directives in ssh_config(5) files > to be case-sensitive again (regression in 6.5). > > Portable OpenSSH: > > * sshd(8): don't fatal if the FreeBSD Capsicum is offered by the > system headers and libc but is not supported by the kernel. > * Fix build using the HP-UX compiler. > > Reporting Bugs: > =============== > > - Please read http://www.openssh.com/report.html > Security bugs should be reported directly to openssh@xxxxxxxxxxx > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, > Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and > Ben Lindstrom. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev -- This message is strictly personal and the opinions expressed do not represent those of my employers, either past or present. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
