Call for testing: OpenSSH 9.3

Predrag Zečević predrag.zecevic.1961 at googlemail.com
Tue Mar 14 18:59:47 AEDT 2023


Hi Damien,

builds on OpenIndiana /hipster:
* GCC 11
* OpenSSL 1.1.1t

---8<------
/pz/SFW/bin/ssh -V
OpenSSH_9.2p1-snap20230314, OpenSSL 1.1.1t  7 Feb 2023

/pz/SFW/sbin/sshd -V
OpenSSH_9.2, OpenSSL 1.1.1t  7 Feb 2023
---8<------

Thanks and regards

On 3/10/23 05:33, Damien Miller wrote:
> Hi,
> 
> OpenSSH 9.3p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
> 
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
> 
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
> 
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
> 
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
> 
> $ ./configure && make tests
> 
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
> 
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
> 
> Thanks to the many people who contributed to this release.
> 
> Changes since OpenSSH 9.2
> =========================
> 
> New features
> ------------
> 
>   * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256 when
>     outputting SSHFP fingerprints to allow algorithm selection. bz3493
>      
>   * sshd(8): add a `sshd -G` option that parses and prints the
>     effective configuration without attempting to load private keys
>     and perform other checks. This allows usage of the option before
>     keys have been generated and for configuration evaluation and
>     verification by unprivileged users.
> 
> Bugfixes
> --------
> 
>   * scp(1), sftp(1): fix progressmeter corruption on wide displays;
>     bz3534
> 
>   * ssh-add(1), ssh-keygen(1): use RSA/SHA256 when testing usability
>     of private keys as some systems are starting to disable RSA/SHA1
>     in libcrypto.
> 
>   * sftp-server(8): fix a memory leak. GHPR363
> 
>   * ssh(1), sshd(8), ssh-keyscan(1): remove vestigal protocol
>     compatibility code and simplify what's left.
> 
>   * Fix a number of low-impact Coverity static analysis findings.
> 
>   * ssh_config(5), sshd_config(5): mention that some options are not
>     first-match-wins.
> 
>   * Rework logging for the regression tests. Regression tests will now
>     capture separate logs for each ssh and sshd invocation in a test.
> 
>   * ssh(1): make `ssh -Q CASignatureAlgorithms` work as the manpage
>     says it should; bz3532.
> 
>   * ssh(1): ensure that there is a terminating newline when adding a
>     new entry to known_hosts; bz3529
> 
> Portability
> -----------
> 
>   * sshd(8): harden Linux seccomp sandbox. Move to an allowlist of
>     mmap(2), madvise(2) and futex(2) flags, removing some concerning
>     kernel attack surface.
> 
>   * sshd(8): improve Linux seccomp-bpf sandbox for older systems;
>     bz3537
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
Predrag Zečević


More information about the openssh-unix-dev mailing list