| version 1.48, 2022/10/02 20:33:04 |
version 1.49, 2022/10/03 12:47:04 |
|
|
| |
|
| <li>OpenSSH 9.1 |
<li>OpenSSH 9.1 |
| <ul> |
<ul> |
| <li>... |
<li>Security |
| |
<ul> |
| |
<li>ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing |
| |
<li>ssh-keygen(1): fix double free() in error path of signing/verify code |
| |
<li>ssh-keysign(8): fix double-free in error path introduced in OpenSSH 8.9. |
| |
</ul> |
| |
<li>Potentially-incompatible changes |
| |
<ul> |
| |
<li>ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config |
| |
are now first-match-wins to match other directives. Previously |
| |
if an environment variable was multiply specified the last set |
| |
value would have been used. |
| |
<li>ssh-keygen(8): ssh-keygen -A (generate all default host key types) |
| |
will no longer generate DSA keys, as these are insecure and have |
| |
not been used by default for some years. |
| |
<li>ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum |
| |
RSA key length. Keys below this length will be ignored for user |
| |
authentication and for host authentication in sshd(8).<br> |
| |
ssh(1) will terminate a connection if the server offers an RSA key |
| |
that falls below this limit, as the SSH protocol does not include |
| |
the ability to retry a failed key exchange |
| |
<li>sftp-server(8): add a <code>users-groups-by-id@openssh.com</code> |
| |
extension request that allows the client to obtain user/group names that |
| |
correspond to a set of uids/gids. |
| |
<li>sftp(1): use <code>users-groups-by-id@openssh.com</code> sftp-server |
| |
extension (when available) to fill in user/group names for |
| |
directory listings. |
| |
<li>sftp-server(8): support the <code>home-directory</code> extension |
| |
request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps |
| |
a bit with the existing "expand-path@openssh.com", but some other |
| |
clients support it. |
| |
<li>ssh-keygen(1), sshd(8): allow certificate validity intervals, |
| |
sshsig verification times and authorized_keys expiry-time options |
| |
to accept dates in the UTC time zone in addition to the default |
| |
of interpreting them in the system time zone. YYYYMMDD and |
| |
YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed |
| |
with a 'Z' character.<br> |
| |
Also allow certificate validity intervals to be specified in raw |
| |
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This |
| |
is intended for use by regress tests and other tools that call |
| |
ssh-keygen as part of a CA workflow. |
| |
<li>sftp(1): allow arguments to the sftp -D option, e.g. sftp -D |
| |
<code>/usr/libexec/sftp-server -el debug3</code>. |
| |
<li>ssh-keygen(1): allow the existing -U (use agent) flag to work |
| |
with <code>-Y sign</code> operations, where it will be interpreted to |
| |
require that the private keys is hosted in an agent. |
| |
</ul> |
| |
<li>Bugfixes |
| |
<ul> |
| |
<li>ssh-keygen(1): implement the "verify-required" certificate option. |
| |
This was already documented when support for user-verified FIDO |
| |
keys was added, but the ssh-keygen(1) code was missing. |
| |
<li>ssh-agent(1): hook up the restrict_websafe command-line flag; |
| |
previously the flag was accepted but never actually used. |
| |
<li>sftp(1): improve filename tab completions: never try to complete |
| |
names to non-existent commands, and better match the completion |
| |
type (local or remote filename) against the argument position |
| |
being completed. |
| |
<li>ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key |
| |
handling, especially relating to keys that request |
| |
user-verification. These should reduce the number of unnecessary |
| |
PIN prompts for keys that support intrinsic user verification. |
| |
<li>ssh-keygen(1): when enrolling a FIDO resident key, check if a |
| |
credential with matching application and user ID strings already |
| |
exists and, if so, prompt the user for confirmation before |
| |
overwriting the credential. |
| |
<li> sshd(8): improve logging of errors when opening authorized_keys |
| |
files. |
| |
<li>ssh(1): avoid multiplexing operations that could cause SIGPIPE from |
| |
causing the client to exit early. bz3454 |
| |
<li>ssh_config(5), sshd_config(5): clarify that the RekeyLimit |
| |
directive applies to both transmitted and received data. |
| |
<li>ssh-keygen(1): avoid double fclose() in error path. |
| |
<li>sshd(8): log an error if pipe() fails while accepting a connection. |
| |
<li>ssh(1), ssh-keygen(1): fix possible NULL deref when built without |
| |
FIDO support. |
| |
<li>ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage. |
| |
<li>sshd(8): ensure that authentication passwords are cleared from |
| |
memory in error paths. |
| |
<li>ssh(1), ssh-agent(1): avoid possibility of notifier code executing |
| |
kill(-1). |
| |
<li>ssh_config(5): note that the ProxyJump directive also accepts the |
| |
same tokens as ProxyCommand. |
| |
<li>scp(1): do not not ftruncate(3) files early when in sftp mode. The |
| |
previous behaviour of unconditionally truncating the destination |
| |
file would cause <code>scp ~/foo localhost:</code> and <code>scp |
| |
localhost:foo ~/</code> to delete all the contents of their destination. |
| |
<li>ssh-keygen(1): improve error message when <code>ssh-keygen -Y sign |
| |
</code> is unable to load a private key. |
| |
<li>sftp(1), scp(1): when performing operations that glob(3) a remote |
| |
path, ensure that the implicit working directory used to construct |
| |
that path escapes glob(3) characters. This prevents glob characters |
| |
from being processed in places they shouldn't, e.g. <code>cd |
| |
/tmp/a*/</code>, <code>get *.txt</code> should have the get operation |
| |
treat the path <code>/tmp/a*</code> literally and not attempt to expand |
| |
it. |
| |
<li>ssh(1), sshd(8): be stricter in which characters will be accepted |
| |
in specifying a mask length; allow only 0-9. |
| |
<li>ssh-keygen(1): avoid printing hash algorithm twice when dumping a |
| |
KRL. |
| |
<li>ssh(1), sshd(8): continue running local I/O for open channels |
| |
during SSH transport rekeying. This should make ~-escapes work in |
| |
the client (e.g. to exit) if the connection happened to have |
| |
stalled during a rekey event. |
| |
<li>ssh(1), sshd(8): avoid potential poll() spin during rekeying |
| |
<li>Further hardening for sshbuf internals: disallow "reparenting" a |
| |
hierarchical sshbuf and zero the entire buffer if reallocation |
| |
fails. |
| |
</ul> |
| </ul> |
</ul> |
| |
|
| <li>mandoc 1.14.6 plus several bugfixes, including: |
<li>mandoc 1.14.6 plus several bugfixes, including: |
![[BACK]](/icons/back.gif){kind=icon}
Return to 72.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www