Call for testing: OpenSSH 9.3

Tue Mar 14 04:14:44 AEDT 2023

Dear Damien,

Build and tests on Fedora 36 have passed.

On Fri, Mar 10, 2023 at 5:35 AM Damien Miller <djm at mindrot.org> wrote:
>
> Hi,
>
> OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Changes since OpenSSH 9.2
> =========================
>
> New features
> ------------
>
>  * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
>    outputting SSHFP fingerprints to allow algorithm selection. bz3493
>
>  * sshd(8): add a `sshd -G` option that parses and prints the
>    effective configuration without attempting to load private keys
>    and perform other checks. This allows usage of the option before
>    keys have been generated and for configuration evaluation and
>    verification by unprivileged users.
>
> Bugfixes
> --------
>
>  * scp(1), sftp(1): fix progressmeter corruption on wide displays;
>    bz3534
>
>  * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
>    of private keys as some systems are starting to disable RSA/SHA1
>    in libcrypto.
>
>  * sftp-server(8): fix a memory leak. GHPR363
>
>  * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
>    compatibility code and simplify what's left.
>
>  * Fix a number of low-impact Coverity static analysis findings.
>
>  * ssh_config(5), sshd_config(5): mention that some options are not
>    first-match-wins.
>
>  * Rework logging for the regression tests. Regression tests will now
>    capture separate logs for each ssh and sshd invocation in a test.
>
>  * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
>    says it should; bz3532.
>
>  * ssh(1): ensure that there is a terminating newline when adding a
>    new entry to known_hosts; bz3529
>
> Portability
> -----------
>
>  * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
>    mmap(2), madvise(2) and futex(2) flags, removing some concerning
>    kernel attack surface.
>
>  * sshd(8): improve Linux seccomp-bpf sandbox for older systems;
>    bz3537
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

-- 
Dmitry Belyavskiy