Call for testing: OpenSSH 6.6

Loganaden Velvindron loganaden at gmail.com
Sat Mar 1 16:38:20 EST 2014 

Test on my OpenBSD desktop machine:

OpenBSD logan.my.domain 5.4 GENERIC.MP#41 amd64

run test dhgex.sh ...
dhgex bits 3072 diffie-hellman-group-exchange-sha1 cast128-cbc
FATAL: dhgex expected 3072 bit group, got 2048
*** Error 1 in regress (Makefile:172 't-exec': @if [ "xconnect.sh
proxy-connect.sh connect-privsep.sh proto-version.sh proto-mismatch.sh
exi...)
*** Error 1 in /home/logan/openssh_snap/openssh (Makefile:454 'tests')


On Sat, Mar 1, 2014 at 2:19 AM, Damien Miller <djm at mindrot.org> wrote:
> Hi,
>
> OpenSSH 6.6 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a small release
> mostly to fix some minor but annoying bugs in openssh-6.5.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via anonymous CVS using the
> instructions at http://www.openssh.com/portable.html#cvs or
> via Git at https://anongit.mindrot.org/openssh.git/
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also
> appreciated. Please send reports of success or failure to
> openssh-unix-dev at mindrot.org.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Changes since OpenSSH 6.5
> =========================
>
> This is primarily a bugfix release.
>
> New / changed features:
>
>  * ssh(1), sshd(8): this release removes the J-PAKE authentication code.
>    This code was experimental, never enabled and had been unmaintained
>    for some time.
>
>  * ssh(1): when processing Match blocks, skip 'exec' clauses other clauses
>    predicates failed to match.
>
>  * ssh(1): if hostname canonicalisation is enabled and results in the
>    destination hostname being changed, then re-parse ssh_config(5) files
>    using the new destination hostname. This gives 'Host' and 'Match'
>    directives that use the expanded hostname a chance to be applied.
>
> Bugfixes:
>
>  * ssh(1): avoid spurious "getsockname failed: Bad file descriptor" in
>    ssh -W. bz#2200, debian#738692
>
>  * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and systrace
>    sandbox modes, as it is reachable if the connection is terminated
>    during the pre-auth phase.
>
>  * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1 bignum
>    parsing. Minimum key length checks render this bug unexploitable to
>    compromise SSH 1 sessions.
>
>  * sshd_config(5): clarify behaviour of a keyword that appears in
>    multiple matching Match blocks. bz#2184
>
>  * ssh(1): avoid unnecessary hostname lookups when canonicalisation is
>    disabled. bz#2205
>
>  * sshd(8): avoid sandbox violation crashes in GSSAPI code by caching
>    the supported list of GSSAPI mechanism OIDs before entering the
>    sandbox. bz#2107
>
>  * ssh(1): fix possible crashes in SOCKS4 parsing caused by assumption
>    that the SOCKS username is nul-terminated.
>
>  * ssh(1): fix regression for UsePrivilegedPort=yes when BindAddress is
>    not specified.
>
>  * ssh(1), sshd(8): fix memory leak in ECDSA signature verification.
>
>  * ssh(1): fix matching of 'Host' directives in ssh_config(5) files
>    to be case-sensitive again (regression in 6.5).
>
> Portable OpenSSH:
>
>  * sshd(8): don't fatal if the FreeBSD Capsicum is offered by the
>    system headers and libc but is not supported by the kernel.
>  * Fix build using the HP-UX compiler.
>
> Reporting Bugs:
> ===============
>
> - Please read http://www.openssh.com/report.html
>   Security bugs should be reported directly to openssh at openssh.com
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt,
> Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and
> Ben Lindstrom.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



-- 
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.

More information about the openssh-unix-dev mailing list