On SPARC Solaris 10, using Solaris Studio 12.2, make tests fails with: ssh-add did not fail for nobody: 1 < 2 failed disallow agent attach from other uid *** Error code 1 -- Jeff Wieland, UNIX/Network Systems Administrator Purdue University IT Infrastructure Services UNIX Platforms Damien Miller wrote: > Hi, > > OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via git using the > instructions at http://www.openssh.com/portable.html#cvs > At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github: > https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also appreciated. > Please send reports of success or failure to > openssh-unix-dev@xxxxxxxxxxx. Security bugs should be reported > directly to openssh@xxxxxxxxxxx. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > Security > ======== > > This release contains mitigation for a weakness in the scp(1) tool > and protocol (CVE-2019-6111): when copying files from a remote system > to a local directory, scp(1) did not verify that the filenames that > the server sent matched those requested by the client. This could > allow a hostile server to create or clobber unexpected local files > with attacker-controlled content. > > This release adds client-side checking that the filenames sent from > the server match the command-line request, > > The scp protocol is outdated, inflexible and not readily fixed. We > recommend the use of more modern protocols like sftp and rsync for > file transfer instead. > > Potentially-incompatible changes > ================================ > > This release includes a number of changes that may affect existing > configurations: > > * scp(1): Relating to the above changes to scp(1); the scp protocol > relies on the remote shell for wildcard expansion, so there is no > infallible way for the client's wildcard matching to perfectly > reflect the server's. If there is a difference between client and > server wildcard expansion, the client may refuse files from the > server. For this reason, we have provided a new "-T" flag to scp > that disables these client-side checks at the risk of > reintroducing the attack described above. > > * sshd(8): Remove support for obsolete "host/port" syntax. Slash- > separated host/port was added in 2001 as an alternative to > host:port syntax for the benefit of IPv6 users. These days there > are establised standards for this like [::1]:22 and the slash > syntax is easily mistaken for CIDR notation, which OpenSSH > supports for some things. Remove the slash notation from > ListenAddress and PermitOpen; bz#2335 > > Changes since OpenSSH 7.9 > ========================= > > This release is focused on new features and internal refactoring. > > New Features > ------------ > > * ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in > PKCS#11 tokens. > > * ssh(1), sshd(8): Add experimental quantum-computing resistant > key exchange method, based on a combination of Streamlined NTRU > Prime 4591^761 and X25519. > > * ssh-keygen(1): Increase the default RSA key size to 3072 bits, > following NIST Special Publication 800-57's guidance for a > 128-bit equivalent symmetric security level. > > * ssh(1): Allow "PKCS11Provide=none" to override later instances of > the PKCS11Provide directive in ssh_config; bz#2974 > > * sshd(8): Add a log message for situations where a connection is > dropped for attempting to run a command but a sshd_config > ForceCommand=internal-sftp restriction is in effect; bz#2960 > > * ssh(1): When prompting whether to record a new host key, accept > the key fingerprint as a synonym for "yes". This allows the user > to paste a fingerprint obtained out of band at the prompt and > have the client do the comparison for you. > > * ssh-keygen(1): When signing multiple certificates on a single > command-line invocation, allow automatically incrementing the > certificate serial number. > > * scp(1), sftp(1): Accept -J option as an alias to ProxyJump on > the scp and sftp command-lines. > > * ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v" > command-line flags to increase the verbosity of output; pass > verbose flags though to subprocesses, such as ssh-pkcs11-helper > started from ssh-agent. > > * ssh-add(1): Add a "-T" option to allowing testing whether keys in > an agent are usable by performing a signature and a verification. > > * sftp-server(8): Add a "lsetstat@xxxxxxxxxxx" protocol extension > that replicates the functionality of the existing SSH2_FXP_SETSTAT > operation but does not follow symlinks. bz#2067 > > * sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request > they do not follow symlinks. > > * sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes > the connection 4-tuple available to PAM modules that wish to use > it in decision-making. bz#2741 > > * sshd(8): Add a ssh_config "Match final" predicate Matches in same > pass as "Match canonical" but doesn't require hostname > canonicalisation be enabled. bz#2906 > > * sftp(1): Support a prefix of '@' to suppress echo of sftp batch > commands; bz#2926 > > * ssh-keygen(1): When printing certificate contents using > "ssh-keygen -Lf /path/certificate", include the algorithm that > the CA used to sign the cert. > > Bugfixes > -------- > > * sshd(8): Fix authentication failures when sshd_config contains > "AuthenticationMethods any" inside a Match block that overrides > a more restrictive default. > > * sshd(8): Avoid sending duplicate keepalives when ClientAliveCount > is enabled. > > * sshd(8): Fix two race conditions related to SIGHUP daemon restart. > Remnant file descriptors in recently-forked child processes could > block the parent sshd's attempt to listen(2) to the configured > addresses. Also, the restarting parent sshd could exit before any > child processes that were awaiting their re-execution state had > completed reading it, leaving them in a fallback path. > > * ssh(1): Fix stdout potentially being redirected to /dev/null when > ProxyCommand=- was in use. > > * sshd(8): Avoid sending SIGPIPE to child processes if they attempt > to write to stderr after their parent processes have exited; > bz#2071 > > * ssh(1): Fix bad interaction between the ssh_config ConnectTimeout > and ConnectionAttempts directives - connection attempts after the > first were ignoring the requested timeout; bz#2918 > > * ssh-keyscan(1): Return a non-zero exit status if no keys were > found; bz#2903 > > * scp(1): Sanitize scp filenames to allow UTF-8 characters without > terminal control sequences; bz#2434 > > * sshd(8): Fix confusion between ClientAliveInterval and time-based > RekeyLimit that could cause connections to be incorrectly closed. > bz#2757 > > * ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN > handling at initial token login. The attempt to read the PIN > could be skipped in some cases, particularly on devices with > integrated PIN readers. This would lead to an inability to > retrieve keys from these tokens. bz#2652 > > * ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the > CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the > C_SignInit operation. bz#2638 > > * ssh(1): Improve documentation for ProxyJump/-J, clarifying that > local configuration does not apply to jump hosts. > > * ssh-keygen(1): Clarify manual - ssh-keygen -e only writes > public keys, not private. > > * ssh(1), sshd(8): be more strict in processing protocol banners, > allowing \r characters only immediately before \n. > > * Various: fix a number of memory leaks, including bz#2942 and > bz#2938 > > * scp(1), sftp(1): fix calculation of initial bandwidth limits. > Account for bytes written before the timer starts and adjust the > schedule on which recalculations are performed. Avoids an initial > burst of traffic and yields more accurate bandwidth limits; > bz#2927 > > * sshd(8): Only consider the ext-info-c extension during the initial > key eschange. It shouldn't be sent in subsequent ones, but if it > is present we should ignore it. This prevents sshd from sending a > SSH_MSG_EXT_INFO for REKEX for buggy these clients. bz#2929 > > * ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in > authorized_keys) and -R (remove host from authorized_keys) options > may accept either a bare hostname or a [hostname]:port combo. > bz#2935 > > * ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK; bz#2936 > > * sshd(8): Silence error messages when sshd fails to load some of > the default host keys. Failure to load an explicitly-configured > hostkey is still an error, and failure to load any host key is > still fatal. pr/103 > > * ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is > started with ControlPersist; prevents random ProxyCommand output > from interfering with session output. > > * ssh(1): The ssh client was keeping a redundant ssh-agent socket > (leftover from authentication) around for the life of the > connection; bz#2912 > > * sshd(8): Fix bug in HostbasedAcceptedKeyTypes and > PubkeyAcceptedKeyTypes options. If only RSA-SHA2 siganture types > were specified, then authentication would always fail for RSA keys > as the monitor checks only the base key (not the signature > algorithm) type against *AcceptedKeyTypes. bz#2746 > > * ssh(1): Request correct signature types from ssh-agent when > certificate keys and RSA-SHA2 signatures are in use. > > Portability > ----------- > > * sshd(8): On Cygwin, run as SYSTEM where possible, using S4U for > token creation if it supports MsV1_0 S4U Logon. > > * sshd(8): On Cygwin, use custom user/group matching code that > respects the OS' behaviour of case-insensitive matching. > > * sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies > the user environment if it's enabled; bz#2937 > > * sshd(8) Cygwin: Change service name to cygsshd to avoid collision > with Microsoft's OpenSSH port. > > * Allow building against OpenSSL -dev (3.x) > > * Fix a number of build problems against version configurations and > versions of OpenSSL. Including bz#2931 and bz#2921 > > * Improve warnings in cygwin service setup. bz#2922 > > * Remove hardcoded service name in cygwin setup. bz#2922 > > OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de > Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, > Tim Rice and Ben Lindstrom. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
