Dear Damien, Build and tests on Fedora 36 have passed. On Fri, Mar 10, 2023 at 5:35 AM Damien Miller <djm@xxxxxxxxxxx> wrote: > > Hi, > > OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing > on as many platforms and systems as possible. This is a bugfix release. > > Snapshot releases for portable OpenSSH are available from > http://www.mindrot.org/openssh_snap/ > > The OpenBSD version is available in CVS HEAD: > http://www.openbsd.org/anoncvs.html > > Portable OpenSSH is also available via git using the > instructions at http://www.openssh.com/portable.html#cvs > At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github: > https://github.com/openssh/openssh-portable > > Running the regression tests supplied with Portable OpenSSH does not > require installation and is a simply: > > $ ./configure && make tests > > Live testing on suitable non-production systems is also appreciated. > Please send reports of success or failure to > openssh-unix-dev@xxxxxxxxxxx. Security bugs should be reported > directly to openssh@xxxxxxxxxxx. > > Below is a summary of changes. More detail may be found in the ChangeLog > in the portable OpenSSH tarballs. > > Thanks to the many people who contributed to this release. > > Changes since OpenSSH 9.2 > ========================= > > New features > ------------ > > * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when > outputting SSHFP fingerprints to allow algorithm selection. bz3493 > > * sshd(8): add a `sshd -G` option that parses and prints the > effective configuration without attempting to load private keys > and perform other checks. This allows usage of the option before > keys have been generated and for configuration evaluation and > verification by unprivileged users. > > Bugfixes > -------- > > * scp(1), sftp(1): fix progressmeter corruption on wide displays; > bz3534 > > * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability > of private keys as some systems are starting to disable RSA/SHA1 > in libcrypto. > > * sftp-server(8): fix a memory leak. GHPR363 > > * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol > compatibility code and simplify what's left. > > * Fix a number of low-impact Coverity static analysis findings. > > * ssh_config(5), sshd_config(5): mention that some options are not > first-match-wins. > > * Rework logging for the regression tests. Regression tests will now > capture separate logs for each ssh and sshd invocation in a test. > > * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage > says it should; bz3532. > > * ssh(1): ensure that there is a terminating newline when adding a > new entry to known_hosts; bz3529 > > Portability > ----------- > > * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of > mmap(2), madvise(2) and futex(2) flags, removing some concerning > kernel attack surface. > > * sshd(8): improve Linux seccomp-bpf sandbox for older systems; > bz3537 > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > -- Dmitry Belyavskiy _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
