Call for testing: OpenSSH 8.9

The Doctor doctor at doctor.nl2k.ab.ca
Wed Feb 16 16:20:01 AEDT 2022


On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote:
> Hi,
> 
> OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> 
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
> 
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ ./configure && make tests
> 
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
> 
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> 
> Thanks to the many people who contributed to this release.
> 
> Future deprecation notice
> =========================
> 
> A near-future release of OpenSSH will switch scp(1) from using the
> legacy scp/rcp protocol to using SFTP by default.
> 
> Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
> "scp host:* .") through the remote shell. This has the side effect of
> requiring double quoting of shell meta-characters in file names
> included on scp(1) command-lines, otherwise they could be interpreted
> as shell commands on the remote side.
> 
> This creates one area of potential incompatibility: scp(1) when using
> the SFTP protocol no longer requires this finicky and brittle quoting,
> and attempts to use it may cause transfers to fail. We consider the
> removal of the need for double-quoting shell characters in file names
> to be a benefit and do not intend to introduce bug-compatibility for
> legacy scp/rcp in scp(1) when using the SFTP protocol.
> 
> Another area of potential incompatibility relates to the use of remote
> paths relative to other user's home directories, for example -
> "scp host:~user/file /tmp". The SFTP protocol has no native way to
> expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
> support a protocol extension "expand-path at openssh.com" to support
> this.
> 
> Potentially-incompatible changes
> ================================
> 
>  * sshd(8), portable OpenSSH only: this release removes in-built
>    support for MD5-hashed passwords. If you require these on your
>    system then we recommend linking against libxcrypt or similar.
> 
>  * This release modifies the FIDO security key middleware interface
>    and increments SSH_SK_VERSION_MAJOR.
> 
> Changes since OpenSSH 8.8
> =========================
> 
> This release includes a number of new features.
> 
> New features
> ------------
> 
>  * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
>    restricting forwarding and use of keys added to ssh-agent(1)
>    A detailed description of the feature is available at
>    https://www.openssh.com/agent-restrict.html and the protocol
>    extensions are documented in the PROTOCOL and PROTOCOL.agent
>    files in the source release.
> 
>  * ssh(1), sshd(8): add the sntrup761x25519-sha512 at openssh.com hybrid
>    ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
>    default KEXAlgorithms list (after the ECDH methods but before the
>    prime-group DH ones).
>     
>  * ssh-keygen(1): when downloading resident keys from a FIDO token,
>    pass back the user ID that was used when the key was created and
>    append it to the filename the key is written to (if it is not the
>    default). Avoids keys being clobbered if the user created multiple
>    resident keys with the same application string but different user
>    IDs.
> 
>  * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
>    on tokens that provide user verification (UV) on the device itself,
>    including biometric keys, avoiding unnecessary PIN prompts.
> 
>  * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
>    perform matching of principals names against an allowed signers
>    file. To be used towards a TOFU model for SSH signatures in git.
> 
>  * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
>    to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
>    authentication time.
>     
>  * ssh-keygen(1): allow selection of hash at sshsig signing time
>    (either sha512 (default) or sha256).
> 
>  * ssh(1), sshd(8): read network data directly to the packet input
>    buffer instead indirectly via a small stack buffer. Provides a
>    modest performance improvement.
> 
>  * ssh(1), sshd(8): read data directly to the channel input buffer,
>    providing a similar modest performance improvement.
> 
>  * ssh(1): extend the PubkeyAuthentication configuration directive to
>    accept yes|no|unbound|host-bound to allow control over one of the
>    protocol extensions used to implement agent-restricted keys.
> 
> Bugfixes
> --------
> 
>  * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
>    PubkeyAuthOptions can be used in a Match block. PR#277.
> 
>  * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
>    exchange hashes
>     
>  * ssh(1): don't put the TTY into raw mode when SessionType=none,
>    avoids ^C being unable to kill such a session. bz3360
> 
>  * scp(1): fix some corner-case bugs in SFTP-mode handling of
>    ~-prefixed paths.
> 
>  * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
>    select RSA keys when only RSA/SHA2 signature algorithms are
>    configured (this is the default case). Previously RSA keys were
>    not being considered in the default case.
> 
>  * ssh-keysign(1): make ssh-keysign use the requested signature
>    algorithm and not the default for the key type. Part of unbreaking
>    hostbased auth for RSA/SHA2 keys.
> 
>  * ssh(1): stricter UpdateHostkey signature verification logic on
>    the client- side. Require RSA/SHA2 signatures for RSA hostkeys
>    except when RSA/SHA1 was explicitly negotiated during initial
>    KEX; bz3375
> 
>  * ssh(1), sshd(8): fix signature algorithm selection logic for
>    UpdateHostkeys on the server side. The previous code tried to
>    prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
>    cases. This will use RSA/SHA2 signatures for RSA keys if the
>    client proposed these algorithms in initial KEX. bz3375
> 
>  * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
>    This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
>    and sftp-server(8), as well as the sshd(8) listen loop and all
>    other FD read/writability checks. On platforms with missing or
>    broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is
>    available.
>     
>  * ssh-keygen(1): the "-Y find-principals" command was verifying key
>    validity when using ca certs but not with simple key lifetimes
>    within the allowed signers file.
>     
>  * ssh-keygen(1): make sshsig verify-time argument parsing optional
> 
>  * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
>    keys (we already did this for RSA keys). Avoids fatal errors for
>    PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
>    "cryptoauthlib"; bz#3364
> 
>  * ssh(1), ssh-agent(1): improve the testing of credentials against
>     inserted FIDO: ask the token whether a particular key belongs to
>     it in cases where the token supports on-token user-verification
>     (e.g. biometrics) rather than just assuming that it will accept it.
> 
>     Will reduce spurious "Confirm user presence" notifications for key
>     handles that relate to FIDO keys that are not currently inserted in at
>     least some cases. bz3366
>     
>  * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
>    allow for the preceding two ECN bits. bz#3373
> 
>  * ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
>    option.
> 
>  * ssh-keygen(1): fix a NULL deref when using the find-principals
>    function, when matching an allowed_signers line that contains a
>    namespace restriction, but no restriction specified on the
>    command-line
> 
>  * ssh-agent(1): fix memleak in process_extension(); oss-fuzz
>    issue #42719
> 
>  * ssh(1): suppress "Connection to xxx closed" messages when LogLevel
>    is set to "error" or above. bz3378
> 
>  * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
>    compressed packet data. bz3372
>  
>  * scp(1): when recursively transferring files in SFTP mode, create the
>    destination directory if it doesn't already exist to match scp(1) in
>    legacy RCP mode behaviour.
>     
>  * scp(1): many improvements in error message consistency between scp(1)
>    in SFTP mode vs legacy RCP mode.
> 
>  * sshd(8): fix potential race in SIGTERM handling PR#289
> 
>  * ssh(1), ssh(8): since DSA keys are deprecated, move them to the
>    end of the default list of public keys so that they will be tried
>    last. PR#295
> 
>  * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
>    wildcard principals in allowed_signers files
>     
> Portability
> -----------
> 
>  * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
>    implementation does not work in a chroot when the kernel does not
>    have close_range(2). It tries to read from /proc/self/fd and when
>    that fails dies with an assertion of sorts. Instead, call
>    close_range(2) directly from our compat code and fall back if
>    that fails.  bz#3349,
> 
>  * OS X poll(2) is broken; use compat replacement. For character-
>    special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
>    when polled with POLLIN. Apparently this is Apple bug 3710161 -
>    not public but a websearch will find other OSS projects
>    rediscovering it periodically since it was first identified in
>    2005.
> 
>  * Correct handling of exceptfds/POLLPRI in our select(2)-based
>    poll(2)/ppoll(2) compat implementation.
> 
>  * Cygwin: correct checking of mbstowcs() return value.
> 
>  * Add a basic SECURITY.md that refers people to the openssh.com
>    website.
> 
>  * Enable additional compiler warnings and toolchain hardening flags,
>    including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
>    -fzero-call-used-regs and -ftrivial-auto-var-init.
> 
>  * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
>    is not reliable.
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH_8.8p1-snap20220216, OpenSSL 1.1.1m+quic  14 Dec 2021

Working in FreeBSD 13.0-p7

-- 
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b  
Do they do as the Word said, or as the world said? -unknown Beware https://mindspring.com


More information about the openssh-unix-dev mailing list