Call for testing: OpenSSH 9.3
Dmitry Belyavskiy
dbelyavs at redhat.com
Tue Mar 14 04:14:44 AEDT 2023
Dear Damien,
Build and tests on Fedora 36 have passed.
On Fri, Mar 10, 2023 at 5:35 AM Damien Miller <djm at mindrot.org> wrote:
>
> Hi,
>
> OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Changes since OpenSSH 9.2
> =========================
>
> New features
> ------------
>
> * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
> outputting SSHFP fingerprints to allow algorithm selection. bz3493
>
> * sshd(8): add a `sshd -G` option that parses and prints the
> effective configuration without attempting to load private keys
> and perform other checks. This allows usage of the option before
> keys have been generated and for configuration evaluation and
> verification by unprivileged users.
>
> Bugfixes
> --------
>
> * scp(1), sftp(1): fix progressmeter corruption on wide displays;
> bz3534
>
> * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
> of private keys as some systems are starting to disable RSA/SHA1
> in libcrypto.
>
> * sftp-server(8): fix a memory leak. GHPR363
>
> * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
> compatibility code and simplify what's left.
>
> * Fix a number of low-impact Coverity static analysis findings.
>
> * ssh_config(5), sshd_config(5): mention that some options are not
> first-match-wins.
>
> * Rework logging for the regression tests. Regression tests will now
> capture separate logs for each ssh and sshd invocation in a test.
>
> * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
> says it should; bz3532.
>
> * ssh(1): ensure that there is a terminating newline when adding a
> new entry to known_hosts; bz3529
>
> Portability
> -----------
>
> * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
> mmap(2), madvise(2) and futex(2) flags, removing some concerning
> kernel attack surface.
>
> * sshd(8): improve Linux seccomp-bpf sandbox for older systems;
> bz3537
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
--
Dmitry Belyavskiy
More information about the openssh-unix-dev
mailing list