Call for testing: OpenSSH 9.3
dbelyavs at redhat.com
Tue Mar 14 04:14:44 AEDT 2023
Build and tests on Fedora 36 have passed.
On Fri, Mar 10, 2023 at 5:35 AM Damien Miller <djm at mindrot.org> wrote:
> OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> Snapshot releases for portable OpenSSH are available from
> The OpenBSD version is available in CVS HEAD:
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> $ ./configure && make tests
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> Thanks to the many people who contributed to this release.
> Changes since OpenSSH 9.2
> New features
> * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
> outputting SSHFP fingerprints to allow algorithm selection. bz3493
> * sshd(8): add a `sshd -G` option that parses and prints the
> effective configuration without attempting to load private keys
> and perform other checks. This allows usage of the option before
> keys have been generated and for configuration evaluation and
> verification by unprivileged users.
> * scp(1), sftp(1): fix progressmeter corruption on wide displays;
> * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
> of private keys as some systems are starting to disable RSA/SHA1
> in libcrypto.
> * sftp-server(8): fix a memory leak. GHPR363
> * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
> compatibility code and simplify what's left.
> * Fix a number of low-impact Coverity static analysis findings.
> * ssh_config(5), sshd_config(5): mention that some options are not
> * Rework logging for the regression tests. Regression tests will now
> capture separate logs for each ssh and sshd invocation in a test.
> * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
> says it should; bz3532.
> * ssh(1): ensure that there is a terminating newline when adding a
> new entry to known_hosts; bz3529
> * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
> mmap(2), madvise(2) and futex(2) flags, removing some concerning
> kernel attack surface.
> * sshd(8): improve Linux seccomp-bpf sandbox for older systems;
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
More information about the openssh-unix-dev