Call for testing: OpenSSH 10.4

Felix Fehlauer felix.fehlauer at fs.ei.tum.de
Tue Jun 30 21:21:04 AEST 2026


Hi Damien,

the (V_10_4) - Tracking bug for openssh-10.4 bz3942 [1] depends on 
bz3968 [2], which is still open.

Also the preliminary release notes you included mentions bz3954 [3], but 
this bug is not mentioned in the tracking bug.

Likewise, this tracking bug mentions bz3947 [4] and bz3952 [5], which 
are not mentioned in the preliminary release notes.

Is this intentional?

Besides this tests fail on Fedora Linux 44:

failed copy of /bin/ls
cmp: EOF on ‘/tmp/openssh/regress/copy’ which is empty
corrupted copy of /bin/ls
failed local and remote forwarding

Let me know, if I can assist you further.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=3942
[2] https://bugzilla.mindrot.org/show_bug.cgi?id=3968
[3] https://bugzilla.mindrot.org/show_bug.cgi?id=3954
[4] https://bugzilla.mindrot.org/show_bug.cgi?id=3947
[5] https://bugzilla.mindrot.org/show_bug.cgi?id=3952

Thanks,

On 6/30/26 04:58, Damien Miller wrote:
> Hi,
> 
> OpenSSH 10.4p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> 
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
> 
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ ./configure && make tests
> 
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
> 
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> 
> Thanks to the many people who contributed to this release.
> 
> Potentially-incompatible changes
> --------------------------------
> 
>   * sshd(8): configuration dump mode ("sshd -G") now writes directives
>     in mixed case (e.g. "PubkeyAuthentication") whereas previously it
>     emitted only lower-case names.
> 
>   * sshd(8): on Linux systems with the seccomp sandbox enabled,
>     failures to enable SECCOMP or NO_NEW_PRIVS are now fatal.
>     Previously sshd(8) would log the error but continue operation,
>     to support systems that lacked these features. Now systems that
>     lack these should instead disable the sandbox at configure time.
> 
>   * ssh(1), sshd(8): make the transport protocol stricter by
>     disconnecting if the peer sends non-KEX messages during a post-
>     authentication key re-exchange. Previously a malicious peer could
>     continue sending non-key exchange messages without penalty. These
>     would be buffered, causing memory to be wasted up until the
>     connection terminated or the server/client hit a memory limit.
>     Implementations that do not restrict messages sent during key
>     exchange as per RFC4253 section 7.1 may be disconnected.
>     Reported by Marko Jevtic.
> 
> New features
> ------------
> 
>   * All: add experimental support for a composite post-quantum
>     signature scheme that combines ML-DSA 44 and Ed25519 as specified
>     in draft-miller-sshm-mldsa44-ed25519-composite-sigs.
> 
>     This scheme is not enabled by default. To use it, you'll need
>     to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc.
>     Keys may be generated using "ssh-keygen -t mldsa44-ed25519".
> 
>   * ssh(1), sshd(8): replace the wildcard pattern matcher with an
>     implementation based on an NFA. This avoids exponential worst-case
>     behaviour for the old implementation.
> 
> Bugfixes
> --------
> 
>   * ssh-agent(1): fix incorrect reply to "query" SSH_AGENTC_EXTENSION
>     requests. bz3967
> 
>   * ssh(1), sshd(8): fix several bugs that incorrectly
>     classified bulk traffic as interactive. bz3972, bz3958
> 
>   * ssh-keygen(1), ssh-add(1): skip unsupported key types when
>     downloading resident keys from a FIDO token. Previously, downloads
>     would abort when one was encountered. GHPR657
> 
>   * ssh(1): fix a potential use-after-free on an error path if
>     cipher_init() fails.
> 
>   * sshd(8): perform stricter encoding and validation of transport
>     state passed between sshd privilege separation subprocesses. This
>     somewhat further hardens the server against attacks on sshd-auth
>     or sshd-session subprocesses.
> 
>   * ssh-agent(1): avoid possible runtime denial of service by
>     enforcing some limits on the length of usernames in key use
>     constraints.
> 
>   * sftp(1): fix two separate one-byte out-of-bounds reads, in
>     SSH2_FXP_REALPATH and batch command processing.
> 
>   * sftp-server(8): disallow use of the copy-data extension to read
>     and write to the same inode simultaneously.
> 
>   * ssh(1), sshd(8): avoid strlen(NULL) crash if an X11 channel was
>     created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent.
>     GHPR679
> 
>   * sftp(1), scp(1): avoid a situation where sftp_download() could get
>     stuck in a loop if a broken server repeatedly returned zero length
>     while reading a file.
> 
>   * ssh(1): avoid leaking DNS0x20 case-randomised names into names
>     canonicalised using CanonicalizePermittedCNAMEs. bz3966
> 
>   * sftp-server(8): avoid truncation of pathnames passed to lstat()
>     during SSH_FXP_REALPATH handling on systems where PATH_MAX is not
>     the actual max. GHPR688
> 
>   * ssh(1), sshd(8): correct arming of poll(2) event masks for some
>     socket-type channels. GHPR660
> 
>   * sshd(8): major refactor of sshd_config parsing and management
>     code, to allow for more exact serialisation/deserialisation across
>     privilege separation boundaries.
> 
>   * ssh-add(1): open connection to the agent only after getopt()
>     processing has completed, to give options like "-v" a chance to
>     display debug information about this operation.
> 
>   * crypto code: fix bounds checking when signing messages of length
>     greater than will fit in a size_t. In OpenSSH, message sizes are
>     bounded by SSHBUF_SIZE_MAX so this was unreachable.
> 
>   * crypto code: add signature malleability and pubkey validity checks
>     to ed25519 verification. SSH doesn't depend on these properties
> 
>   * crypto code: fix ECDSA order check for curves with cofactor != 1.
>     All supported EC curves have cofactor 1, so this was
>     unreachable.
> 
>   * sshd(8): differentiate between execution failures and a subsystem
>     that was not found when logging why a subsystem failed to start.
>     GHPR637
> 
>   * All: use safer idioms for timegm(3) and mktime(3) error detection.
> 
>   * ssh(1), sshd(8): avoid accepting invalid cipher or MAC lists in
>     config files or command-line arguments. This could cause runtime
>     failures later.
> 
>   * ssh(1): fix NULL deref crash during pubkey auth when using a PEM
>     style private key with no corresponding .pub key adjacent to it.
> 
>   * sshd(8): don't print an error message when trying to load a host
>     private key when PKCS#11 keys are in use, as these don't need the
>     private half on the filesystem. GHPR664
> 
>   * All: don't use deprecated ERR_load_crypto_strings(). GHPR650
> 
>   * ssh(1): properly report errors during configuration default
>     setting. GHPR649
> 
>   * ssh(1): use correct directive name (Match instead of Host) in
>     error message. bz3968
> 
>   * sftp(1): fix "ls -ln" which was not correctly showing numeric
>     UID/GIDs but rather user and group names. bz3953
> 
>   * sshd(8): avoid possible NULL dereference if an allocation fails
>     during config parsing. bz3948
> 
>   * All: fix ineffective guards against loading overly large public
>     keys in several places. bz3969 and bz3970
> 
>   * sftp(1): ensure file descriptors used by sftp to communicate to
>     its ssh(1) subprocess don't leak into executed subprocesses (e.g.
>     via "!"). GHPR693
> 
> Portability
> -----------
> 
>   * Sync fmt_scaled.c with OpenBSD upstream, picking up an exactness
>     fix for large exponents (GHPR671)
> 
>   * sshd(8): remove duplicate sandbox entry for clock_gettime64.
> 
>   * ssh(1), sshd(8): use correct IPTOS_DSCP_VA value if not provided
>     by the system headers.
> 
>   * Sync getrrsetbyname.c with OpenBSD upstream, picking up robustness
>     fixes.
> 
>   * Disable replacements in openbsd-compat for strvisx(3) and
>     stravis(3), as these are unused in OpenSSH
> 
>   * Avoid fortify warnings on Android bz3954
> 
>   * Fix a number of memory leaks on error paths in the portability
>     code. GHPR681
> 
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Fachschaft Elektrotechnik und Informationstechnik e. V.
an der Technischen Universität München
Arcisstraße 21 | 80333 München
Tel.: +49 (0)89/289-22998
Web: https://fsei.de
Rechtsform: eingetragener Verein (e. V.) Amtsgericht München VR 8497
Vertretungsberechtigung gemäß § 26 BGB:
Geschäftsführender Vorstand: Laura Häcker | Pascal Klamm
Finanzvorstand: Veronika Vitez
USt-IdNr. DE129515443



More information about the openssh-unix-dev mailing list