On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote: > Hi, > > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a bugfix release. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via git using the > instructions at http://www.openssh.com/portable.html#cvs > At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github: > https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also appreciated. > Please send reports of success or failure to > openssh-unix-dev@xxxxxxxxxxx. Security bugs should be reported > directly to openssh@xxxxxxxxxxx. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > Future deprecation notice > ========================= > > A near-future release of OpenSSH will switch scp(1) from using the > legacy scp/rcp protocol to using SFTP by default. > > Legacy scp/rcp performs wildcard expansion of remote filenames (e.g. > "scp host:* .") through the remote shell. This has the side effect of > requiring double quoting of shell meta-characters in file names > included on scp(1) command-lines, otherwise they could be interpreted > as shell commands on the remote side. > > This creates one area of potential incompatibility: scp(1) when using > the SFTP protocol no longer requires this finicky and brittle quoting, > and attempts to use it may cause transfers to fail. We consider the > removal of the need for double-quoting shell characters in file names > to be a benefit and do not intend to introduce bug-compatibility for > legacy scp/rcp in scp(1) when using the SFTP protocol. > > Another area of potential incompatibility relates to the use of remote > paths relative to other user's home directories, for example - > "scp host:~user/file /tmp". The SFTP protocol has no native way to > expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later > support a protocol extension "expand-path@xxxxxxxxxxx" to support > this. > > Potentially-incompatible changes > ================================ > > * sshd(8), portable OpenSSH only: this release removes in-built > support for MD5-hashed passwords. If you require these on your > system then we recommend linking against libxcrypt or similar. > > * This release modifies the FIDO security key middleware interface > and increments SSH_SK_VERSION_MAJOR. > > Changes since OpenSSH 8.8 > ========================= > > This release includes a number of new features. > > New features > ------------ > > * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for > restricting forwarding and use of keys added to ssh-agent(1) > A detailed description of the feature is available at > https://www.openssh.com/agent-restrict.html and the protocol > extensions are documented in the PROTOCOL and PROTOCOL.agent > files in the source release. > > * ssh(1), sshd(8): add the sntrup761x25519-sha512@xxxxxxxxxxx hybrid > ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the > default KEXAlgorithms list (after the ECDH methods but before the > prime-group DH ones). > > * ssh-keygen(1): when downloading resident keys from a FIDO token, > pass back the user ID that was used when the key was created and > append it to the filename the key is written to (if it is not the > default). Avoids keys being clobbered if the user created multiple > resident keys with the same application string but different user > IDs. > > * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys > on tokens that provide user verification (UV) on the device itself, > including biometric keys, avoiding unnecessary PIN prompts. > > * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to > perform matching of principals names against an allowed signers > file. To be used towards a TOFU model for SSH signatures in git. > > * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added > to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at > authentication time. > > * ssh-keygen(1): allow selection of hash at sshsig signing time > (either sha512 (default) or sha256). > > * ssh(1), sshd(8): read network data directly to the packet input > buffer instead indirectly via a small stack buffer. Provides a > modest performance improvement. > > * ssh(1), sshd(8): read data directly to the channel input buffer, > providing a similar modest performance improvement. > > * ssh(1): extend the PubkeyAuthentication configuration directive to > accept yes|no|unbound|host-bound to allow control over one of the > protocol extensions used to implement agent-restricted keys. > > Bugfixes > -------- > > * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and > PubkeyAuthOptions can be used in a Match block. PR#277. > > * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512 > exchange hashes > > * ssh(1): don't put the TTY into raw mode when SessionType=none, > avoids ^C being unable to kill such a session. bz3360 > > * scp(1): fix some corner-case bugs in SFTP-mode handling of > ~-prefixed paths. > > * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to > select RSA keys when only RSA/SHA2 signature algorithms are > configured (this is the default case). Previously RSA keys were > not being considered in the default case. > > * ssh-keysign(1): make ssh-keysign use the requested signature > algorithm and not the default for the key type. Part of unbreaking > hostbased auth for RSA/SHA2 keys. > > * ssh(1): stricter UpdateHostkey signature verification logic on > the client- side. Require RSA/SHA2 signatures for RSA hostkeys > except when RSA/SHA1 was explicitly negotiated during initial > KEX; bz3375 > > * ssh(1), sshd(8): fix signature algorithm selection logic for > UpdateHostkeys on the server side. The previous code tried to > prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some > cases. This will use RSA/SHA2 signatures for RSA keys if the > client proposed these algorithms in initial KEX. bz3375 > > * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2). > This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1) > and sftp-server(8), as well as the sshd(8) listen loop and all > other FD read/writability checks. On platforms with missing or > broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is > available. > > * ssh-keygen(1): the "-Y find-principals" command was verifying key > validity when using ca certs but not with simple key lifetimes > within the allowed signers file. > > * ssh-keygen(1): make sshsig verify-time argument parsing optional > > * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA > keys (we already did this for RSA keys). Avoids fatal errors for > PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B > "cryptoauthlib"; bz#3364 > > * ssh(1), ssh-agent(1): improve the testing of credentials against > inserted FIDO: ask the token whether a particular key belongs to > it in cases where the token supports on-token user-verification > (e.g. biometrics) rather than just assuming that it will accept it. > > Will reduce spurious "Confirm user presence" notifications for key > handles that relate to FIDO keys that are not currently inserted in at > least some cases. bz3366 > > * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to > allow for the preceding two ECN bits. bz#3373 > > * ssh-keygen(1): add missing -O option to usage() for the "-Y sign" > option. > > * ssh-keygen(1): fix a NULL deref when using the find-principals > function, when matching an allowed_signers line that contains a > namespace restriction, but no restriction specified on the > command-line > > * ssh-agent(1): fix memleak in process_extension(); oss-fuzz > issue #42719 > > * ssh(1): suppress "Connection to xxx closed" messages when LogLevel > is set to "error" or above. bz3378 > > * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing > compressed packet data. bz3372 > > * scp(1): when recursively transferring files in SFTP mode, create the > destination directory if it doesn't already exist to match scp(1) in > legacy RCP mode behaviour. > > * scp(1): many improvements in error message consistency between scp(1) > in SFTP mode vs legacy RCP mode. > > * sshd(8): fix potential race in SIGTERM handling PR#289 > > * ssh(1), ssh(8): since DSA keys are deprecated, move them to the > end of the default list of public keys so that they will be tried > last. PR#295 > > * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match > wildcard principals in allowed_signers files > > Portability > ----------- > > * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's > implementation does not work in a chroot when the kernel does not > have close_range(2). It tries to read from /proc/self/fd and when > that fails dies with an assertion of sorts. Instead, call > close_range(2) directly from our compat code and fall back if > that fails. bz#3349, > > * OS X poll(2) is broken; use compat replacement. For character- > special devices like /dev/null, Darwin's poll(2) returns POLLNVAL > when polled with POLLIN. Apparently this is Apple bug 3710161 - > not public but a websearch will find other OSS projects > rediscovering it periodically since it was first identified in > 2005. > > * Correct handling of exceptfds/POLLPRI in our select(2)-based > poll(2)/ppoll(2) compat implementation. > > * Cygwin: correct checking of mbstowcs() return value. > > * Add a basic SECURITY.md that refers people to the openssh.com > website. > > * Enable additional compiler warnings and toolchain hardening flags, > including -Wbitwise-instead-of-logical, -Wmisleading-indentation, > -fzero-call-used-regs and -ftrivial-auto-var-init. > > * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version > is not reliable. > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev OpenSSH_8.8p1-snap20220216, OpenSSL 1.1.1m+quic 14 Dec 2021 Working in FreeBSD 13.0-p7 -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b Do they do as the Word said, or as the world said? -unknown Beware https://mindspring.com _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
