Re: Call for testing: OpenSSH 9.3

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi Damien,

builds on OpenIndiana /hipster:
* GCC 11
* OpenSSL 1.1.1t

---8<------
/pz/SFW/bin/ssh -V
OpenSSH_9.2p1-snap20230314, OpenSSL 1.1.1t  7 Feb 2023

/pz/SFW/sbin/sshd -V
OpenSSH_9.2, OpenSSL 1.1.1t  7 Feb 2023
---8<------

Thanks and regards

On 3/10/23 05:33, Damien Miller wrote:
Hi,

OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.

Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable OpenSSH is also available via git using the
instructions at http://www.openssh.com/portable.html#cvs
At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
https://github.com/openssh/openssh-portable

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev@xxxxxxxxxxx. Security bugs should be reported
directly to openssh@xxxxxxxxxxx.

Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Changes since OpenSSH 9.2
=========================

New features
------------

  * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
    outputting SSHFP fingerprints to allow algorithm selection. bz3493
* sshd(8): add a `sshd -G` option that parses and prints the
    effective configuration without attempting to load private keys
    and perform other checks. This allows usage of the option before
    keys have been generated and for configuration evaluation and
    verification by unprivileged users.

Bugfixes
--------

  * scp(1), sftp(1): fix progressmeter corruption on wide displays;
    bz3534

  * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
    of private keys as some systems are starting to disable RSA/SHA1
    in libcrypto.

  * sftp-server(8): fix a memory leak. GHPR363

  * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
    compatibility code and simplify what's left.

  * Fix a number of low-impact Coverity static analysis findings.

  * ssh_config(5), sshd_config(5): mention that some options are not
    first-match-wins.

  * Rework logging for the regression tests. Regression tests will now
    capture separate logs for each ssh and sshd invocation in a test.

  * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
    says it should; bz3532.

  * ssh(1): ensure that there is a terminating newline when adding a
    new entry to known_hosts; bz3529

Portability
-----------

  * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
    mmap(2), madvise(2) and futex(2) flags, removing some concerning
    kernel attack surface.

  * sshd(8): improve Linux seccomp-bpf sandbox for older systems;
    bz3537

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

--
Predrag Zečević
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux