===================================================================
RCS file: /cvsrepo/anoncvs/cvs/www/71.html,v
retrieving revision 1.46
retrieving revision 1.47
diff -c -r1.46 -r1.47
*** www/71.html	2022/04/14 20:59:01	1.46
--- www/71.html	2022/04/15 04:36:09	1.47
***************
*** 1086,1108 ****
   <ul>
    <li>Security
    <ul>
!     <li>...
    </ul>
    <li>Potentially incompatible changes
    <ul>
!     <li>...
    </ul>
  
    <li>New features
    <ul>
!     <li>...
    </ul>
  
    <li>Bugfixes
    <ul>
!     <li>...
    </ul>
!  </ul>
  
  <li>mandoc 1.14.6 plus several bugfixes, including:
      <ul>
--- 1086,1263 ----
   <ul>
    <li>Security
    <ul>
!     <!-- OpenSSH 8.9 -->
!     <li>Near miss in sshd(8):
!         fix an integer overflow in the user authentication path
!         that, in conjunction with other logic errors, could have yielded
!         unauthenticated access under difficult to exploit conditions.<br>
!         This situation is not exploitable because of independent checks in
!         the privilege separation monitor. Privilege separation has been
!         enabled by default in since openssh-3.2.2 (released in 2002) and
!         has been mandatory since openssh-7.5 (released in 2017).<br>
!         Thanks to Malcolm Stagg for finding and reporting this bug.
    </ul>
    <li>Potentially incompatible changes
    <ul>
!     <!-- OpenSSH 8.9 -->
!     <li>In OpenSSH 8.9 the FIDO security key middleware interface
!         changed and increments SSH_SK_VERSION_MAJOR.
    </ul>
  
    <li>New features
    <ul>
!     <!-- OpenSSH 8.9 -->
!     <li>ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
!         restricting forwarding and use of keys added to ssh-agent(1)
!         A detailed description of the feature is available at
!         https://www.openssh.com/agent-restrict.html and the protocol
!         extensions are documented in the PROTOCOL and PROTOCOL.agent
!         files in the source release.
!     <li>ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
!         ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
!         default KEXAlgorithms list (after the ECDH methods but before the
!         prime-group DH ones).
!     <li>ssh-keygen(1): when downloading resident keys from a FIDO token,
!         pass back the user ID that was used when the key was created and
!         append it to the filename the key is written to (if it is not the
!         default). Avoids keys being clobbered if the user created multiple
!         resident keys with the same application string but different user
!         IDs.
!     <li>ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
!         on tokens that provide user verification (UV) on the device itself,
!         including biometric keys, avoiding unnecessary PIN prompts.
!     <li>ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
!         perform matching of principals names against an allowed signers
!         file. To be used towards a TOFU model for SSH signatures in git.
!     <li>ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
!         to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
!         authentication time.
!     <li>ssh-keygen(1): allow selection of hash at sshsig signing time
!         (either sha512 (default) or sha256).
!     <li>ssh(1), sshd(8): read network data directly to the packet input
!         buffer instead of indirectly via a small stack buffer. Provides a
!         modest performance improvement.
!     <li>ssh(1), sshd(8): read data directly to the channel input buffer,
!         providing a similar modest performance improvement.
!     <li>ssh(1): extend the PubkeyAuthentication configuration directive to
!         accept yes|no|unbound|host-bound to allow control over one of the
!         protocol extensions used to implement agent-restricted keys.
!     <!-- OpenSSH 9.0 -->
!     <li>ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
!         exchange method by default ("sntrup761x25519-sha512@openssh.com").
!         The NTRU algorithm is believed to resist attacks enabled by future
!         quantum computers and is paired with the X25519 ECDH key exchange
!         (the previous default) as a backstop against any weaknesses in
!         NTRU Prime that may be discovered in the future. The combination
!         ensures that the hybrid exchange offers at least as good security
!         as the status quo.<br>
!         We are making this change now (i.e. ahead of cryptographically-
!         relevant quantum computers) to prevent "capture now, decrypt
!         later" attacks where an adversary who can record and store SSH
!         session ciphertext would be able to decrypt it once a sufficiently
!         advanced quantum computer is available.
!     <li>sftp-server(8): support the "copy-data" extension to allow server-
!         side copying of files/data, following the design in
!         draft-ietf-secsh-filexfer-extensions-00.
!     <li>sftp(1): add a "cp" command to allow the sftp client to perform
!         server-side file copies.
    </ul>
+   </ul>
  
    <li>Bugfixes
    <ul>
!     <!-- OpenSSH 8.9 -->
!     <li>sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
!         PubkeyAuthOptions can be used in a Match block.
!     <li>sshd(8): fix possible string truncation when constructing paths to
!         .rhosts/.shosts files with very long user home directory names.
!     <li>ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
!         exchange hashes
!     <li>ssh(1): don't put the TTY into raw mode when SessionType=none,
!         avoids ^C being unable to kill such a session.
!     <li>scp(1): fix some corner-case bugs in SFTP-mode handling of
!         ~-prefixed paths.
!     <li>ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
!         select RSA keys when only RSA/SHA2 signature algorithms are
!         configured (this is the default case). Previously RSA keys were
!         not being considered in the default case.
!     <li>ssh-keysign(1): make ssh-keysign use the requested signature
!         algorithm and not the default for the key type. Part of unbreaking
!         hostbased auth for RSA/SHA2 keys.
!     <li>ssh(1): stricter UpdateHostkey signature verification logic on
!         the client- side. Require RSA/SHA2 signatures for RSA hostkeys
!         except when RSA/SHA1 was explicitly negotiated during initial
!         KEX
!     <li>ssh(1), sshd(8): fix signature algorithm selection logic for
!         UpdateHostkeys on the server side. The previous code tried to
!         prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
!         cases. This will use RSA/SHA2 signatures for RSA keys if the
!         client proposed these algorithms in initial KEX.
!     <li>All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
!         This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
!         and sftp-server(8), as well as the sshd(8) listen loop and all
!         other FD read/writability checks. On platforms with missing or
!         broken poll(2)/ppoll(2) syscalls a select(2)-based compat shim is
!         available.
!     <li>ssh-keygen(1): the "-Y find-principals" command was verifying key
!         validity when using ca certs but not with simple key lifetimes
!         within the allowed signers file.
!     <li>ssh-keygen(1): make sshsig verify-time argument parsing optional
!     <li>sshd(8): fix truncation in rhosts/shosts path construction.
!     <li>ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
!         keys (we already did this for RSA keys). Avoids fatal errors for
!         PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
!         "cryptoauthlib"
!     <li>ssh(1), ssh-agent(1): improve the testing of credentials against
!         inserted FIDO: ask the token whether a particular key belongs to
!         it in cases where the token supports on-token user-verification
!         (e.g. biometrics) rather than just assuming that it will accept it.<br>
!         Will reduce spurious "Confirm user presence" notifications for key
!         handles that relate to FIDO keys that are not currently inserted in at
!         least some cases.
!     <li>ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
!         allow for the preceding two ECN bits.
!     <li>ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
!         option.
!     <li>ssh-keygen(1): fix a NULL deref when using the find-principals
!         function, when matching an allowed_signers line that contains a
!         namespace restriction, but no restriction specified on the
!         command-line
!     <li>ssh-agent(1): fix memleak in process_extension(); oss-fuzz
!         issue #42719
!     <li>ssh(1): suppress "Connection to xxx closed" messages when LogLevel
!         is set to "error" or above.
!     <li>ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
!         compressed packet data.
!     <li>scp(1): when recursively transferring files in SFTP mode, create the
!         destination directory if it doesn't already exist to match scp(1) in
!         legacy RCP mode behaviour.
!     <li>scp(1): many improvements in error message consistency between scp(1)
!         in SFTP mode vs legacy RCP mode.
!     <li>sshd(8): fix potential race in SIGTERM handling
!     <li>ssh(1), ssh(8): since DSA keys are deprecated, move them to the
!         end of the default list of public keys so that they will be tried
!         last.
!     <li>ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
!         wildcard principals in allowed_signers files
!     <!-- OpenSSH 9.0 -->
!     <li>ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output
!         fd closes without data in the channel buffer.
!     <li>sshd(8): pack pollfd array in server listen/accept loop. Could
!         cause the server to hang/spin when MaxStartups &gt; RLIMIT_NOFILE
!     <li>ssh-keygen(1): avoid NULL deref via the find-principals and
!         check-novalidate operations.
!     <li>scp(1): fix a memory leak in argument processing.
!     <li>sshd(8): don't try to resolve ListenAddress directives in the sshd
!         re-exec path. They are unused after re-exec and parsing errors
!         (possible for example if the host's network configuration changed)
!         could prevent connections from being accepted.
!     <li>sshd(8): when refusing a public key authentication request from a
!         client for using an unapproved or unsupported signature algorithm
!         include the algorithm name in the log message to make debugging
!         easier.
    </ul>
! </ul>
  
  <li>mandoc 1.14.6 plus several bugfixes, including:
      <ul>