Re: Call for testing: OpenSSH 8.3

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Using openssh-SNAP-20200514, on Solaris 10 for SPARC, using
Solaris Studio 12.4, and our local build of OpenSSL 1.1.1g,
all tests pass.

--
Jeff Wieland, UNIX/Network Systems Administrator
Purdue University IT Infrastructure Services UNIX Platforms

Damien Miller wrote:
Hi,

OpenSSH 8.3p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.

Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable OpenSSH is also available via git using the
instructions at http://www.openssh.com/portable.html#cvs
At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
https://github.com/openssh/openssh-portable

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev@xxxxxxxxxxx. Security bugs should be reported
directly to openssh@xxxxxxxxxxx.

Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Security
========

  * scp(1): when receiving files, scp(1) could be become desynchronised
    if a utimes(2) system call failed. This could allow file contents
    to be interpreted as file metadata and thereby permit an adversary
    to craft a file system that, when copied with scp(1) in a
    configuration that caused utimes(2) to fail (e.g. under a SELinux
    policy or syscall sandbox), transferred different file names and
    contents to the actual file system layout.

    Exploitation of this is not likely as utimes(2) does not fail under
    normal circumstances. Successful exploitation is not silent - the
    output of scp(1) would show transfer errors followed by the actual
    file(s) that were received.

    Finally, filenames returned from the peer are (since openssh-8.0)
    matched against the user's requested destination, thereby
    disallowing a successful exploit from writing files outside the
    user's selected target glob (or directory, in the case of a
    recursive transfer). This ensures that this attack can achieve no
    more than a hostile peer is already able to do within the scp
    protocol.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

  * sftp(1): reject an argument of "-1" in the same way as ssh(1) and
    scp(1) do instead of accepting and silently ignoring it.

Changes since OpenSSH 8.2
=========================

The focus of this release is bug fixing.

New Features
------------

  * sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
    rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
    to allow .shosts files but not .rhosts.

  * sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
    sshd_config, not just before any Match blocks; bz3148

  * ssh(1): add %TOKEN percent expansion for the LocalFoward and
    RemoteForward keywords when used for Unix domain socket forwarding.
    bz#3014

  * all: allow loading public keys from the unencrypted envelope of a
    private key file if no corresponding public key file is present.
* ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
    possible instead of the (slower) portable C implementation included
    in OpenSSH.

  * ssh-keygen(1): add ability to dump the contents of a binary key
    revocation list via "ssh-keygen -lQf /path" bz#3132

Bugfixes
--------

  * ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
    a PKCS11Provider; bz#3141

  * ssh-keygen(1): avoid NULL dereference when trying to convert an
    invalid RFC4716 private key.

  * scp(2): when performing remote-to-remote copies using "scp -3",
    start the second ssh(1) channel with BatchMode=yes enabled to
    avoid confusing and non-deterministic ordering of prompts.

  * ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
    perform hashing of the message to be signed in the middleware layer
    rather than in OpenSSH code. This permits the use of security key
    middlewares that perform the hashing implicitly, such as Windows
    Hello.

  * ssh(1): fix incorrect error message for "too many known hosts
    files." bz#3149

  * ssh(1): make failures when establishing "Tunnel" forwarding
    terminate the connection when ExitOnForwardFailure is enabled;
    bz#3116

  * ssh-keygen(1): fix printing of fingerprints on private keys and add
    a regression test for same.

  * sshd(8): document order of checking AuthorizedKeysFile (first) and
    AuthorizedKeysCommand (subsequently, if the file doesn't match);
    bz#3134

  * sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
    not considered for HostbasedAuthentication when the target user is
    root; bz#3148
* ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
    key parsing (oss-fuzz #20074).

  * ssh(1), sshd(8): more consistency between sets of %TOKENS are
    accepted in various configuration options.

  * ssh(1), ssh-keygen(1): improve error messages for some common
    PKCS#11 C_Login failure cases; bz#3130

  * ssh(1), sshd(8): make error messages for problems during SSH banner
    exchange consistent with other SSH transport-layer error messages
    and ensure they include the relevant IP addresses bz#3129

  * various: fix a number of spelling errors in comments and debug/error
    messages

  * ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
    from a token, don't prompt for a PIN until the token has told us
    that it needs one. Avoids double-prompting on devices that
    implement on-device authentication.

  * sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
    should be an extension, not a critical option.
* ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
    when trying to use a FIDO key function and SecurityKeyProvider is
    empty.

  * ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
    the values allowed by the wire format (u32). Prevents integer
    wraparound of the timeout values. bz#3119

  * ssh(1): detect and prevent trivial configuration loops when using
     ProxyJump. bz#3057.
Portability
-----------

  * Detect systems where signals flagged with SA_RESTART will interrupt
    select(2). POSIX permits implementations to choose whether
    select(2) will return when interrupted with a SA_RESTART-flagged
    signal, but OpenSSH requires interrupting behaviour.

  * Several compilation fixes for HP/UX and AIX.

  * On platforms that do not support setting process-wide routing
    domains (all excepting OpenBSD at present), fail to accept a
    configuration attempts to set one at process start time rather than
    fatally erroring at run time. bz#3126

  * Improve detection of egrep (used in regression tests) on platforms
    that offer a poor default one (e.g. Solaris).

  * A number of shell portability fixes for the regression tests.

  * Fix theoretical infinite loop in the glob(3) replacement
    implementation.

  * Fix seccomp sandbox compilation problems for some Linux
    configurations bz#3085

  * Improved detection of libfido2 and some compilation fixes for some
    configurations when --with-security-key-builtin is selected.

OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux