Testing for the 4.4p1 release

Damien Miller djm at mindrot.org
Wed Aug 30 23:41:53 EST 2006 

Hi,

The 4.4p1 release is approaching now, so we are now asking people to 
actively test snapshots or CVS and report back to the mailing list.

Snapshots are available from http://www.mindrot.org/openssh_snap or
from any of the mirrors listed on http://www.openssh.org/portable.html
The latter page also includes instructions for checking out portable
OpenSSH via anonymous CVS.

This release contains many bugfixes and feature improvements. Here
are some highlights:

- Implemented conditional configuration in sshd_config(5) using the
  "Match" directive. This allows some configuration options to be
  selectively overridden if specific criteria (based on user, group,
  hostname and/or address) are met. So far a useful subset of post-
  authentication options are supported and more are expected to be
  added in future releases.
- Added a "ForceCommand" directive to sshd_config(5). Similar to the
  command="..." option accepted in ~/.ssh/authorized_keys, this forces
  the execution of the specified command regardless of what the user
  requested. This is very useful in conjunction with the new "Match"
  option.
- Add a "PermitOpen" directive to sshd_config(5). This mirrors the
  permitopen="..." authorized_keys option, allowing fine-grained
  control over the port-forwardings that a user is allowed to
  establish.
- Add optional logging of transactions to sftp-server(8).
- ssh(1) will now record port numbers for hosts stored in
  ~/.ssh/authorized_keys when a non-standard port has been requested.
- Add an "ExitOnForwardFailure" options to cause ssh(1) to exit (with
  a non-zero exit code) when requested port forwardings could not be
  established.
- Extend the sshd_config(5) "SubSystem" directive to allow the
  specification of commandline arguments.
- Add optional support for SELinux, controlled using the --with-selinux
  configure option (experimental)
- Add optional support for Solaris process contracts, enabled using the
  --with-solaris-contracts configure option (experimental)
- Add support for Diffie-Hellman group exchange key agreement with a
  final hash of SHA256. 
- Fixed a lot of bugs. See
  http://bugzilla.mindrot.org/show_bug.cgi?id=1155 for an incomplete
  list (more in the ChangeLog)
- Lots of manpage fixes and improvements
- Many code cleanups, including:
    - Switching to safer memory allocation functions that avoid integer
      overflows when allocating arrays
    - Cleanups of header file usage (ongoing)
    - Fixes to leaks reported by the Coverity static analysis tool

Running the regression tests supplied with Portable does not require
installation, just run:

$ ./configure && make tests

Testing on suitable non-production systems is also appreciated. Please send
reports of success or failure to openssh-unix-dev at mindrot.org, including 
details of your platform, compiler and configure options.

Thanks,
Damien Miller

More information about the openssh-unix-dev mailing list