Call for testing: OpenSSH 8.3
Jeff Wieland
wieland at purdue.edu
Thu May 14 22:05:07 AEST 2020
Using openssh-SNAP-20200514, on Solaris 10 for SPARC, using
Solaris Studio 12.4, and our local build of OpenSSL 1.1.1g,
all tests pass.
--
Jeff Wieland, UNIX/Network Systems Administrator
Purdue University IT Infrastructure Services UNIX Platforms
Damien Miller wrote:
> Hi,
>
> OpenSSH 8.3p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Security
> ========
>
> * scp(1): when receiving files, scp(1) could be become desynchronised
> if a utimes(2) system call failed. This could allow file contents
> to be interpreted as file metadata and thereby permit an adversary
> to craft a file system that, when copied with scp(1) in a
> configuration that caused utimes(2) to fail (e.g. under a SELinux
> policy or syscall sandbox), transferred different file names and
> contents to the actual file system layout.
>
> Exploitation of this is not likely as utimes(2) does not fail under
> normal circumstances. Successful exploitation is not silent - the
> output of scp(1) would show transfer errors followed by the actual
> file(s) that were received.
>
> Finally, filenames returned from the peer are (since openssh-8.0)
> matched against the user's requested destination, thereby
> disallowing a successful exploit from writing files outside the
> user's selected target glob (or directory, in the case of a
> recursive transfer). This ensures that this attack can achieve no
> more than a hostile peer is already able to do within the scp
> protocol.
>
> Potentially-incompatible changes
> ================================
>
> This release includes a number of changes that may affect existing
> configurations:
>
> * sftp(1): reject an argument of "-1" in the same way as ssh(1) and
> scp(1) do instead of accepting and silently ignoring it.
>
> Changes since OpenSSH 8.2
> =========================
>
> The focus of this release is bug fixing.
>
> New Features
> ------------
>
> * sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
> rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
> to allow .shosts files but not .rhosts.
>
> * sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
> sshd_config, not just before any Match blocks; bz3148
>
> * ssh(1): add %TOKEN percent expansion for the LocalFoward and
> RemoteForward keywords when used for Unix domain socket forwarding.
> bz#3014
>
> * all: allow loading public keys from the unencrypted envelope of a
> private key file if no corresponding public key file is present.
>
> * ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
> possible instead of the (slower) portable C implementation included
> in OpenSSH.
>
> * ssh-keygen(1): add ability to dump the contents of a binary key
> revocation list via "ssh-keygen -lQf /path" bz#3132
>
> Bugfixes
> --------
>
> * ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from
> a PKCS11Provider; bz#3141
>
> * ssh-keygen(1): avoid NULL dereference when trying to convert an
> invalid RFC4716 private key.
>
> * scp(2): when performing remote-to-remote copies using "scp -3",
> start the second ssh(1) channel with BatchMode=yes enabled to
> avoid confusing and non-deterministic ordering of prompts.
>
> * ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
> perform hashing of the message to be signed in the middleware layer
> rather than in OpenSSH code. This permits the use of security key
> middlewares that perform the hashing implicitly, such as Windows
> Hello.
>
> * ssh(1): fix incorrect error message for "too many known hosts
> files." bz#3149
>
> * ssh(1): make failures when establishing "Tunnel" forwarding
> terminate the connection when ExitOnForwardFailure is enabled;
> bz#3116
>
> * ssh-keygen(1): fix printing of fingerprints on private keys and add
> a regression test for same.
>
> * sshd(8): document order of checking AuthorizedKeysFile (first) and
> AuthorizedKeysCommand (subsequently, if the file doesn't match);
> bz#3134
>
> * sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are
> not considered for HostbasedAuthentication when the target user is
> root; bz#3148
>
> * ssh(1), ssh-keygen(1): fix NULL dereference in private certificate
> key parsing (oss-fuzz #20074).
>
> * ssh(1), sshd(8): more consistency between sets of %TOKENS are
> accepted in various configuration options.
>
> * ssh(1), ssh-keygen(1): improve error messages for some common
> PKCS#11 C_Login failure cases; bz#3130
>
> * ssh(1), sshd(8): make error messages for problems during SSH banner
> exchange consistent with other SSH transport-layer error messages
> and ensure they include the relevant IP addresses bz#3129
>
> * various: fix a number of spelling errors in comments and debug/error
> messages
>
> * ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys
> from a token, don't prompt for a PIN until the token has told us
> that it needs one. Avoids double-prompting on devices that
> implement on-device authentication.
>
> * sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
> should be an extension, not a critical option.
>
> * ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message
> when trying to use a FIDO key function and SecurityKeyProvider is
> empty.
>
> * ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within
> the values allowed by the wire format (u32). Prevents integer
> wraparound of the timeout values. bz#3119
>
> * ssh(1): detect and prevent trivial configuration loops when using
> ProxyJump. bz#3057.
>
> Portability
> -----------
>
> * Detect systems where signals flagged with SA_RESTART will interrupt
> select(2). POSIX permits implementations to choose whether
> select(2) will return when interrupted with a SA_RESTART-flagged
> signal, but OpenSSH requires interrupting behaviour.
>
> * Several compilation fixes for HP/UX and AIX.
>
> * On platforms that do not support setting process-wide routing
> domains (all excepting OpenBSD at present), fail to accept a
> configuration attempts to set one at process start time rather than
> fatally erroring at run time. bz#3126
>
> * Improve detection of egrep (used in regression tests) on platforms
> that offer a poor default one (e.g. Solaris).
>
> * A number of shell portability fixes for the regression tests.
>
> * Fix theoretical infinite loop in the glob(3) replacement
> implementation.
>
> * Fix seccomp sandbox compilation problems for some Linux
> configurations bz#3085
>
> * Improved detection of libfido2 and some compilation fixes for some
> configurations when --with-security-key-builtin is selected.
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list