openssh unix dev - Aug 2021 - Call for testing: OpenSSH 8.7

Hi,

OpenSSH 8.7p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This release has a mix of
bugfixes and new features.

Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable OpenSSH is also available via git using the
instructions at http://www.openssh.com/portable.html#cvs
At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
https://github.com/openssh/openssh-portable

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-unix-dev at mindrot.org. Security bugs should be reported
directly to openssh at openssh.com.

Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Potentially-incompatible changes
===============================
This release includes a number of changes that may affect existing
configurations:

 * scp(1): this release changes the behaviour of remote to remote
   copies (e.g. "scp host-a:/path host-b:") to transfer through the
   local host by default. This was previously available via the -3
   flag. This mode avoids the need to expose credentials on the
   origin hop, avoids triplicate interpretation of filenames by the
   shell (by the local system, the copy origin and the destination)
   and, in conjunction with the SFTP support for scp(1) mentioned
   below, allows use of all authentication methods to the remote
   hosts (previously, only non-interactive methods could be used).
   A -R flag has been added to select the old behaviour.

 * ssh(1)/sshd(8): both the client and server are now using a more
   strict configuration file parser. The new parser uses more
   shell-like rules for quotes, space and escape characters. It is
   also more strict in rejecting configurations that include options
   lacking arguments. Previously some options (e.g. DenyUsers) to
   appear on a line with no subsequent arguments. This release will
   reject such configurations. The new parser will also reject
   configurations with unterminated quotes and multiple '='
   characters after the option name.

 * ssh(1): when using SSHFP DNS records for host key verification,
   ssh(1) will verify all matching records instead of just those
   with the specific signature type requested. This may cause host
   key verification problems if stale SSHFP records of a different
   or legacy signature type exist alongside other records for a
   particular host. bz#3322

 * ssh-keygen(1): when generating a FIDO key and specifying an
   explicit attestation challenge (using -Ochallenge), the challenge
   will now be hashed by the builtin security key middleware. This
   removes the (undocumented) requirement that challenges be exactly
   32 bytes in length and matches the expectations of libfido2.

 * sshd(8): environment="..." directives in authorized_keys files are
   now first-match-wins and limited to 1024 discrete environment
   variable names.

Changes since OpenSSH 8.6
========================
This release contains a mix of new features and bug-fixes.

New features
------------

 - scp(1): experimental support for transfers using the SFTP protocol
   as a replacement for the venerable SCP/RCP protocol that it has
   traditionally used. SFTP offers more predictable filename handling
   and does not require expansion of glob(3) patterns via the shell
   on the remote side.

   SFTP support may be enabled via a temporary scp -s flag. It is
   intended for SFTP to become the default transfer mode in the
   near future, at which time the -s flag will be removed. The -O
   flag exists to force use of the original SCP/RCP protocol for
   cases where SFTP may be unavailable or incompatible.

 - sftp-server(8): add a protocol extension to support expansion of
   ~/ and ~user/ prefixed paths. This was added to support these
   paths when used by scp(1) while in SFTP mode.

 - ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
   the ssh(1) -f flag. GHPR#231
    
 - ssh(1): add a StdinNull directive to ssh_config(5) that allows the
   config file to do the same thing as -n does on the ssh(1) command-
   line. GHPR#231

 - ssh(1): add a SessionType directive to ssh_config, allowing the
    configuration file to offer equivalent control to the -N (no
    session) and -s (subsystem) command-line flags. GHPR#231
    
 - ssh-keygen(1): let allowed signers files used by ssh-keygen(1)
   signatures support key lifetimes, and allow the verification mode to
   specify a signature time to check at. This is intended for use by
   git to support signing objects using ssh keys.

 - ssh-keygen(8): support printing of the full public key in a sshsig
   signature via a -Oprint-pubkey flag.

Bugfixes
--------

 * ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
   the client and server mainloops. Previously the re-key timeout
   could expire but re-keying would not start until a packet was sent
   or received, causing a spin in select() if the connection was
   quiescent.

 * ssh-keygen(1): avoid Y2038 problem in printing certificate
   validity lifetimes. Dates past 2^31-1 seconds since epoch were
   displayed incorrectly on some platforms. bz#3329

 * scp(1): allow spaces to appear in usernames for local to remote
   and scp -3 remote to remote copies. bz#1164

 * ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
   in favour of KbdInteractiveAuthentication. The former is what was in
   SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
   treated as somewhat but not entirely equivalent. We retain the old
   name as a deprecated alias so configuration files continue to work
   as well as a reference in the man page for people looking for it.
   bz#3303

 * ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
   when extracting a key from a PKCS#11 certificate. bz#3327
    
 * ssh(1): restore blocking status on stdio fds before close. ssh(1)
   needs file descriptors in non-blocking mode to operate but it was
   not restoring the original state on exit. This could cause
   problems with fds shared with other programs via the shell,
   bz#3280 and GHPR#246

 * ssh(1)/sshd(8): switch both client and server mainloops from
   select(3) to pselect(3). Avoids race conditions where a signal
   may arrive immediately before select(3) and not be processed until
   an event fires. bz#2158

 * ssh(1): sessions started with ControlPersist were incorrectly
   executing a shell when the -N (no shell) option was specified.
   bz#3290

 * ssh(1): check if IPQoS or TunnelDevice are already set before
   overriding. Prevents values in config files from overriding values
   supplied on the command line. bz#3319

 * ssh(1): fix debug message when finding a private key to match a
   certificate being attempted for user authentication. Previously it
   would print the certificate's path, whereas it was supposed to be
   showing the private key's path. GHPR#247

 * sshd(8): match host certificates against host public keys, not
   private keys. Allows use of certificates with private keys held in
   a ssh-agent.  bz#3524

 * ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
   allows RSA/SHA2 signatures for public key authentication but fails
   to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
   clients of these server to incorrectly match
   PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
   keys. bz#3213

 * sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
   limits at openssh.com extension but fails when the client tries to
   invoke it. bz#3318
 
 * ssh(1): allow ssh_config SetEnv to override $TERM, which is
   otherwise handled specially by the protocol. Useful in ~/.ssh/config
   to set TERM to something generic (e.g. "xterm" instead of
   "xterm-256color") for destinations that lack terminfo entries.

 * sftp-server(8): the limits at openssh.com extension was incorrectly
   marked as an operation that writes to the filesystem, which made it
   unavailable in sftp-server read-only mode. bz#3318

 * ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
   the update removed more host keys than remain present.

 * many manual page fixes.

Portability
-----------

 * ssh(1): move closefrom() to before first malloc. When built against
   tcmalloc, the closefrom() would stomp on file descriptors created
   for tcmalloc's internal use. bz#3321

 * sshd(8): handle GIDs > 2^31 in getgrouplist. When compiled in 32bit
   mode, the getgrouplist implementation may fail for GIDs greater than
   LONG_MAX.

 * ssh(1): xstrdup environment variable used by ForwardAgent. bz#3328

 * sshd(8): don't sigdie() in signal handler in privsep child process;
   this can end up causing sandbox violations per bz3286
    
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.

Hi,

Dumb question, where's the Bugzilla?  It's been a while for me. 
There's a typo in the changelog:

In the description of the configfile parser change, the text reads:

"Previously some options (e.g. DenyUsers) *to* appear on a line with no
subsequent arguments."

(emphasis mine)

The correct phrasing should be:

"Previously some options (e.g. DenyUsers) *could* appear on a line with no
subsequent arguments."

I'd file the bug, but I don't know where Bugzilla is.

Thanks,

ScottN

---
Scott Neugroschl | XYPRO Technology Corporation
4100 Guardian Street | Suite 100 |Simi Valley, CA 93063 | Phone 805 583-2874|Fax
805 583-0124 |


-----Original Message-----
From: openssh-unix-dev <openssh-unix-dev-bounces+scott_n=xypro.com at
mindrot.org> On Behalf Of Damien Miller
Sent: Thursday, August 12, 2021 5:10 PM
To: openssh-unix-dev at mindrot.org
Subject: Call for testing: OpenSSH 8.7

Hi,

OpenSSH 8.7p1 is almost ready for release, so we would appreciate testing on as
many platforms and systems as possible. This release has a mix of bugfixes and
new features.

Snapshot releases for portable OpenSSH are available from
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.mindrot.org%2fopenssh_snap%2f&c=E,1,8i3Ki8Q7-jZZhaHOpXFwpu6pVw_hEfokJtboa3jt5fzPrv9X33FSAStILgWqksuyQoK8RyR7A47Lsqh8_BR4ONadl7i07cEeXwu8DY2tC2_0LWWvt0rB7fdeNg,,&typo=1

The OpenBSD version is available in CVS HEAD:
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.openbsd.org%2fanoncvs.html&c=E,1,WB7vNd3D--rOPdr9Dl4uGCgKQPuS6TWCvYXOcSJ6iVWIr5KD1soDcj777jMxxzFmzh_7BfPCtm8yNEY1-Crak6d1ylvx0S4ucdBP_96quNCNGuaPrjEecSw,&typo=1

Portable OpenSSH is also available via git using the instructions at
https://linkprotect.cudasvc.com/url?a=http%3a%2f%2fwww.openssh.com%2fportable.html%23cvs&c=E,1,53c5oNbZCh0xDNbsyPMpY_rZ_U6QoEmaWkqcikNCsRZGxHWjG2-RnYPclle8mYyuJOPc1Ol2WPSKzs9Mc84Gv25wrXlEhu35ed5jNxqWJG66LcxFBo5zmQW25w,,&typo=1
At
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2fanongit.mindrot.org%2fopenssh.git%2f&c=E,1,5nNaRb8nUIrKsT7lWZjra-mvQUhH0J0BoYOuO9UM7Pf76sTewVIsGHJpf6v4xXJSkXDXFa0nQSAU1E7tqh4U6UtZyVor1g6M8LjbbDyvktIqfXls9Q,,&typo=1
or via a mirror at Github:
https://github.com/openssh/openssh-portable

Running the regression tests supplied with Portable OpenSSH does not require
installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to openssh-unix-dev at mindrot.org.
Security bugs should be reported directly to openssh at openssh.com.

Below is a summary of changes. More detail may be found in the ChangeLog in the
portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Potentially-incompatible changes
===============================
This release includes a number of changes that may affect existing
configurations:

 * scp(1): this release changes the behaviour of remote to remote
   copies (e.g. "scp host-a:/path host-b:") to transfer through the
   local host by default. This was previously available via the -3
   flag. This mode avoids the need to expose credentials on the
   origin hop, avoids triplicate interpretation of filenames by the
   shell (by the local system, the copy origin and the destination)
   and, in conjunction with the SFTP support for scp(1) mentioned
   below, allows use of all authentication methods to the remote
   hosts (previously, only non-interactive methods could be used).
   A -R flag has been added to select the old behaviour.

 * ssh(1)/sshd(8): both the client and server are now using a more
   strict configuration file parser. The new parser uses more
   shell-like rules for quotes, space and escape characters. It is
   also more strict in rejecting configurations that include options
   lacking arguments. Previously some options (e.g. DenyUsers) to
   appear on a line with no subsequent arguments. This release will
   reject such configurations. The new parser will also reject
   configurations with unterminated quotes and multiple '='
   characters after the option name.

 * ssh(1): when using SSHFP DNS records for host key verification,
   ssh(1) will verify all matching records instead of just those
   with the specific signature type requested. This may cause host
   key verification problems if stale SSHFP records of a different
   or legacy signature type exist alongside other records for a
   particular host. bz#3322

 * ssh-keygen(1): when generating a FIDO key and specifying an
   explicit attestation challenge (using -Ochallenge), the challenge
   will now be hashed by the builtin security key middleware. This
   removes the (undocumented) requirement that challenges be exactly
   32 bytes in length and matches the expectations of libfido2.

 * sshd(8): environment="..." directives in authorized_keys files are
   now first-match-wins and limited to 1024 discrete environment
   variable names.

Changes since OpenSSH 8.6
========================
This release contains a mix of new features and bug-fixes.

New features
------------

 - scp(1): experimental support for transfers using the SFTP protocol
   as a replacement for the venerable SCP/RCP protocol that it has
   traditionally used. SFTP offers more predictable filename handling
   and does not require expansion of glob(3) patterns via the shell
   on the remote side.

   SFTP support may be enabled via a temporary scp -s flag. It is
   intended for SFTP to become the default transfer mode in the
   near future, at which time the -s flag will be removed. The -O
   flag exists to force use of the original SCP/RCP protocol for
   cases where SFTP may be unavailable or incompatible.

 - sftp-server(8): add a protocol extension to support expansion of
   ~/ and ~user/ prefixed paths. This was added to support these
   paths when used by scp(1) while in SFTP mode.

 - ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
   the ssh(1) -f flag. GHPR#231
    
 - ssh(1): add a StdinNull directive to ssh_config(5) that allows the
   config file to do the same thing as -n does on the ssh(1) command-
   line. GHPR#231

 - ssh(1): add a SessionType directive to ssh_config, allowing the
    configuration file to offer equivalent control to the -N (no
    session) and -s (subsystem) command-line flags. GHPR#231
    
 - ssh-keygen(1): let allowed signers files used by ssh-keygen(1)
   signatures support key lifetimes, and allow the verification mode to
   specify a signature time to check at. This is intended for use by
   git to support signing objects using ssh keys.

 - ssh-keygen(8): support printing of the full public key in a sshsig
   signature via a -Oprint-pubkey flag.

Bugfixes
--------

 * ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
   the client and server mainloops. Previously the re-key timeout
   could expire but re-keying would not start until a packet was sent
   or received, causing a spin in select() if the connection was
   quiescent.

 * ssh-keygen(1): avoid Y2038 problem in printing certificate
   validity lifetimes. Dates past 2^31-1 seconds since epoch were
   displayed incorrectly on some platforms. bz#3329

 * scp(1): allow spaces to appear in usernames for local to remote
   and scp -3 remote to remote copies. bz#1164

 * ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
   in favour of KbdInteractiveAuthentication. The former is what was in
   SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
   treated as somewhat but not entirely equivalent. We retain the old
   name as a deprecated alias so configuration files continue to work
   as well as a reference in the man page for people looking for it.
   bz#3303

 * ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
   when extracting a key from a PKCS#11 certificate. bz#3327
    
 * ssh(1): restore blocking status on stdio fds before close. ssh(1)
   needs file descriptors in non-blocking mode to operate but it was
   not restoring the original state on exit. This could cause
   problems with fds shared with other programs via the shell,
   bz#3280 and GHPR#246

 * ssh(1)/sshd(8): switch both client and server mainloops from
   select(3) to pselect(3). Avoids race conditions where a signal
   may arrive immediately before select(3) and not be processed until
   an event fires. bz#2158

 * ssh(1): sessions started with ControlPersist were incorrectly
   executing a shell when the -N (no shell) option was specified.
   bz#3290

 * ssh(1): check if IPQoS or TunnelDevice are already set before
   overriding. Prevents values in config files from overriding values
   supplied on the command line. bz#3319

 * ssh(1): fix debug message when finding a private key to match a
   certificate being attempted for user authentication. Previously it
   would print the certificate's path, whereas it was supposed to be
   showing the private key's path. GHPR#247

 * sshd(8): match host certificates against host public keys, not
   private keys. Allows use of certificates with private keys held in
   a ssh-agent.  bz#3524

 * ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
   allows RSA/SHA2 signatures for public key authentication but fails
   to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
   clients of these server to incorrectly match
   PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
   keys. bz#3213

 * sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
   limits at openssh.com extension but fails when the client tries to
   invoke it. bz#3318
 
 * ssh(1): allow ssh_config SetEnv to override $TERM, which is
   otherwise handled specially by the protocol. Useful in ~/.ssh/config
   to set TERM to something generic (e.g. "xterm" instead of
   "xterm-256color") for destinations that lack terminfo entries.

 * sftp-server(8): the limits at openssh.com extension was incorrectly
   marked as an operation that writes to the filesystem, which made it
   unavailable in sftp-server read-only mode. bz#3318

 * ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
   the update removed more host keys than remain present.

 * many manual page fixes.

Portability
-----------

 * ssh(1): move closefrom() to before first malloc. When built against
   tcmalloc, the closefrom() would stomp on file descriptors created
   for tcmalloc's internal use. bz#3321

 * sshd(8): handle GIDs > 2^31 in getgrouplist. When compiled in 32bit
   mode, the getgrouplist implementation may fail for GIDs greater than
   LONG_MAX.

 * ssh(1): xstrdup environment variable used by ForwardAgent. bz#3328

 * sshd(8): don't sigdie() in signal handler in privsep child process;
   this can end up causing sandbox violations per bz3286
    
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin
Steves, Damien Miller, Darren Tucker, Jason McIntyre, Tim Rice and Ben
Lindstrom.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flists.mindrot.org%2fmailman%2flistinfo%2fopenssh-unix-dev&c=E,1,emzL49ETGv93rA6IWF4a3l9ZC63sGJuo3hVF0QBBtBe7g6EXk79qs8xaOeez-N0DhlY0VIIEpmaLybemFJXcIdmrW98A66LGOsmyt2YXBN4PUAs,&typo=1

Dear Damien,

Are there any chances that something from
https://github.com/openssh/openssh-portable/pull/253
https://github.com/openssh/openssh-portable/pull/236

will be added to release?

On Fri, Aug 13, 2021 at 2:12 AM Damien Miller <djm at mindrot.org> wrote:
> Hi,
>
> OpenSSH 8.7p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release has a mix of
> bugfixes and new features.
>
> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-unix-dev at mindrot.org. Security bugs should be reported
> directly to openssh at openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Potentially-incompatible changes
> ===============================>
> This release includes a number of changes that may affect existing
> configurations:
>
>  * scp(1): this release changes the behaviour of remote to remote
>    copies (e.g. "scp host-a:/path host-b:") to transfer through
the
>    local host by default. This was previously available via the -3
>    flag. This mode avoids the need to expose credentials on the
>    origin hop, avoids triplicate interpretation of filenames by the
>    shell (by the local system, the copy origin and the destination)
>    and, in conjunction with the SFTP support for scp(1) mentioned
>    below, allows use of all authentication methods to the remote
>    hosts (previously, only non-interactive methods could be used).
>    A -R flag has been added to select the old behaviour.
>
>  * ssh(1)/sshd(8): both the client and server are now using a more
>    strict configuration file parser. The new parser uses more
>    shell-like rules for quotes, space and escape characters. It is
>    also more strict in rejecting configurations that include options
>    lacking arguments. Previously some options (e.g. DenyUsers) to
>    appear on a line with no subsequent arguments. This release will
>    reject such configurations. The new parser will also reject
>    configurations with unterminated quotes and multiple '='
>    characters after the option name.
>
>  * ssh(1): when using SSHFP DNS records for host key verification,
>    ssh(1) will verify all matching records instead of just those
>    with the specific signature type requested. This may cause host
>    key verification problems if stale SSHFP records of a different
>    or legacy signature type exist alongside other records for a
>    particular host. bz#3322
>
>  * ssh-keygen(1): when generating a FIDO key and specifying an
>    explicit attestation challenge (using -Ochallenge), the challenge
>    will now be hashed by the builtin security key middleware. This
>    removes the (undocumented) requirement that challenges be exactly
>    32 bytes in length and matches the expectations of libfido2.
>
>  * sshd(8): environment="..." directives in authorized_keys files
are
>    now first-match-wins and limited to 1024 discrete environment
>    variable names.
>
> Changes since OpenSSH 8.6
> ========================>
> This release contains a mix of new features and bug-fixes.
>
> New features
> ------------
>
>  - scp(1): experimental support for transfers using the SFTP protocol
>    as a replacement for the venerable SCP/RCP protocol that it has
>    traditionally used. SFTP offers more predictable filename handling
>    and does not require expansion of glob(3) patterns via the shell
>    on the remote side.
>
>    SFTP support may be enabled via a temporary scp -s flag. It is
>    intended for SFTP to become the default transfer mode in the
>    near future, at which time the -s flag will be removed. The -O
>    flag exists to force use of the original SCP/RCP protocol for
>    cases where SFTP may be unavailable or incompatible.
>
>  - sftp-server(8): add a protocol extension to support expansion of
>    ~/ and ~user/ prefixed paths. This was added to support these
>    paths when used by scp(1) while in SFTP mode.
>
>  - ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to
>    the ssh(1) -f flag. GHPR#231
>
>  - ssh(1): add a StdinNull directive to ssh_config(5) that allows the
>    config file to do the same thing as -n does on the ssh(1) command-
>    line. GHPR#231
>
>  - ssh(1): add a SessionType directive to ssh_config, allowing the
>     configuration file to offer equivalent control to the -N (no
>     session) and -s (subsystem) command-line flags. GHPR#231
>
>  - ssh-keygen(1): let allowed signers files used by ssh-keygen(1)
>    signatures support key lifetimes, and allow the verification mode to
>    specify a signature time to check at. This is intended for use by
>    git to support signing objects using ssh keys.
>
>  - ssh-keygen(8): support printing of the full public key in a sshsig
>    signature via a -Oprint-pubkey flag.
>
> Bugfixes
> --------
>
>  * ssh(1)/sshd(8): start time-based re-keying exactly on schedule in
>    the client and server mainloops. Previously the re-key timeout
>    could expire but re-keying would not start until a packet was sent
>    or received, causing a spin in select() if the connection was
>    quiescent.
>
>  * ssh-keygen(1): avoid Y2038 problem in printing certificate
>    validity lifetimes. Dates past 2^31-1 seconds since epoch were
>    displayed incorrectly on some platforms. bz#3329
>
>  * scp(1): allow spaces to appear in usernames for local to remote
>    and scp -3 remote to remote copies. bz#1164
>
>  * ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
>    in favour of KbdInteractiveAuthentication. The former is what was in
>    SSHv1, the latter is what is in SSHv2 (RFC4256) and they were
>    treated as somewhat but not entirely equivalent. We retain the old
>    name as a deprecated alias so configuration files continue to work
>    as well as a reference in the man page for people looking for it.
>    bz#3303
>
>  * ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
>    when extracting a key from a PKCS#11 certificate. bz#3327
>
>  * ssh(1): restore blocking status on stdio fds before close. ssh(1)
>    needs file descriptors in non-blocking mode to operate but it was
>    not restoring the original state on exit. This could cause
>    problems with fds shared with other programs via the shell,
>    bz#3280 and GHPR#246
>
>  * ssh(1)/sshd(8): switch both client and server mainloops from
>    select(3) to pselect(3). Avoids race conditions where a signal
>    may arrive immediately before select(3) and not be processed until
>    an event fires. bz#2158
>
>  * ssh(1): sessions started with ControlPersist were incorrectly
>    executing a shell when the -N (no shell) option was specified.
>    bz#3290
>
>  * ssh(1): check if IPQoS or TunnelDevice are already set before
>    overriding. Prevents values in config files from overriding values
>    supplied on the command line. bz#3319
>
>  * ssh(1): fix debug message when finding a private key to match a
>    certificate being attempted for user authentication. Previously it
>    would print the certificate's path, whereas it was supposed to be
>    showing the private key's path. GHPR#247
>
>  * sshd(8): match host certificates against host public keys, not
>    private keys. Allows use of certificates with private keys held in
>    a ssh-agent.  bz#3524
>
>  * ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
>    allows RSA/SHA2 signatures for public key authentication but fails
>    to advertise this correctly via SSH2_MSG_EXT_INFO. This causes
>    clients of these server to incorrectly match
>    PubkeyAcceptedAlgorithmse and potentially refuse to offer valid
>    keys. bz#3213
>
>  * sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
>    limits at openssh.com extension but fails when the client tries to
>    invoke it. bz#3318
>
>  * ssh(1): allow ssh_config SetEnv to override $TERM, which is
>    otherwise handled specially by the protocol. Useful in ~/.ssh/config
>    to set TERM to something generic (e.g. "xterm" instead of
>    "xterm-256color") for destinations that lack terminfo entries.
>
>  * sftp-server(8): the limits at openssh.com extension was incorrectly
>    marked as an operation that writes to the filesystem, which made it
>    unavailable in sftp-server read-only mode. bz#3318
>
>  * ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when
>    the update removed more host keys than remain present.
>
>  * many manual page fixes.
>
> Portability
> -----------
>
>  * ssh(1): move closefrom() to before first malloc. When built against
>    tcmalloc, the closefrom() would stomp on file descriptors created
>    for tcmalloc's internal use. bz#3321
>
>  * sshd(8): handle GIDs > 2^31 in getgrouplist. When compiled in 32bit
>    mode, the getgrouplist implementation may fail for GIDs greater than
>    LONG_MAX.
>
>  * ssh(1): xstrdup environment variable used by ForwardAgent. bz#3328
>
>  * sshd(8): don't sigdie() in signal handler in privsep child process;
>    this can end up causing sandbox violations per bz3286
>
> OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
> Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
> Tim Rice and Ben Lindstrom.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
-- 
Dmitry Belyavskiy

Hi Damine,

On Aug 13 10:09, Damien Miller wrote:
> Hi,
> 
> OpenSSH 8.7p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release has a mix of
> bugfixes and new features.
I just built from git master.  Building works, but testing fails:

  run test dhgex.sh ...
  dhgex bits 3072 diffie-hellman-group-exchange-sha1 3des-cbc
  dhgex bits 3072 diffie-hellman-group-exchange-sha256 3des-cbc
  dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
  dhgex unexpected GEX sizes, expected 2048<3072<8192, got
  FATAL: dhgex expected 3072 bit group, got
  make[1]: *** [Makefile:218: t-exec] Error 1

Can you explain to me where the problem might be?  I attached the
files failed-ssh.log and failed-sshd.log.


Thanks,
Corinna
-------------- next part --------------
trace: dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
OpenSSH_8.6p1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh_proxy
debug1:
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh_proxy
line 1: Applying options for *
debug2: resolve_canonicalize: hostname 127.0.0.1 is address
debug1: Executing proxy command: exec env
SSH_SK_HELPER="/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/ssh-sk-helper"
sh
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/src/openssh-portable/regress/sshd-log-wrapper.sh
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/sshd.log
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/sshd -i -f
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/sshd_proxy
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh-ed25519
type 3
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh-ed25519-cert
type -1
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh-rsa
type 0
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh-rsa-cert
type -1
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh-dss
type 1
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ssh-dss-cert
type -1
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ecdsa-sha2-nistp256
type 2
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ecdsa-sha2-nistp256-cert
type -1
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ecdsa-sha2-nistp384
type 2
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ecdsa-sha2-nistp384-cert
type -1
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ecdsa-sha2-nistp521
type 2
debug1: identity file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/ecdsa-sha2-nistp521-cert
type -1
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.6
debug1: compat_banner: match: OpenSSH_8.6 pat OpenSSH* compat 0x04000000
debug2: fd 7 setting O_NONBLOCK
debug2: fd 6 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:4242 as 'corinna'
debug1: using hostkeyalias: localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:1
debug3: record_hostkey: found key type RSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:2
debug3: record_hostkey: found key type DSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:3
debug3: record_hostkey: found key type ECDSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:6
debug3: load_hostkeys_file: loaded 6 keys from localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:1
debug3: record_hostkey: found key type RSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:2
debug3: record_hostkey: found key type DSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:3
debug3: record_hostkey: found key type ECDSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file
/home/corinna/src/openssh/openssh-8.7p1/openssh-8.7p1-0.x86_64/build/regress/known_hosts:6
debug3: load_hostkeys_file: loaded 6 keys from localhost-with-alias
debug3: order_hostkeyalgs: have matching best-preference key type
ssh-ed25519-cert-v01 at openssh.com, using HostkeyAlgorithms verbatim
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
FAIL: dhgex unexpected GEX sizes, expected 2048<3072<8192, got

trace: expected '3072' got ''
FATAL: dhgex expected 3072 bit group, got

trace: expected '3072' got ''
FATAL: dhgex expected 3072 bit group, got
FAIL: dhgex expected 3072 bit group, got

-------------- next part --------------
trace: dhgex bits 3072 diffie-hellman-group-exchange-sha1 aes128-cbc
debug1: inetd sockets after dupping: 4, 5
Connection from UNKNOWN port 65535 on UNKNOWN port 65535
debug1: Local version string SSH-2.0-OpenSSH_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.6
debug1: compat_banner: match: OpenSSH_8.6 pat OpenSSH* compat 0x04000000
debug2: fd 4 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing rlimit sandbox
FAIL: dhgex unexpected GEX sizes, expected 2048<3072<8192, got

trace: expected '3072' got ''
FATAL: dhgex expected 3072 bit group, got

trace: expected '3072' got ''
FATAL: dhgex expected 3072 bit group, got
FAIL: dhgex expected 3072 bit group, got

On 13/08/2021 02:09, Damien Miller wrote:
> Hi,
> 
> OpenSSH 8.7p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This release has a mix of
> bugfixes and new features.
> 
These unit tests include <stdint.h> unconditionally:
regress/unittests/authopt/tests.c
regress/unittests/misc/test_argv.c
regress/unittests/misc/test_convtime.c
regress/unittests/misc/test_expand.c
regress/unittests/misc/test_parse.c
regress/unittests/misc/test_strdelim.c
regress/unittests/misc/tests.c

This is a problem for Solaris 2.6 so I guarded the include with #ifdef 
HAVE_STDINT_H.

On Solaris 2.6 and 7 the testsuite stops with:
regress/unittests/authopt/tests.c:93 test #51 "sshauthopt_from_cert 
source-address"
ASSERT_PTR_NE(opts, NULL) failed:
         opts = 0
         NULL = 0
gmake[1]: *** [unit] Error 134

This was also happening with 8.6p1.
If I skip the authopt test then the remaining unit tests pass.

On the SPARC systems which are a lot slower than the x86 test systems I 
am seeing a problem with hangs in the testsuite, most often in the rekey 
tests.
Looking at sshd.log it seems it closed the connection but from what I 
can gather from ssh.log the client still thinks it is connected and is 
just waiting.
Looking at ps output I see two sshd processes running, one a child of 
the other, and then a <defunct> child of the still running child.
With truss I see that the client is still doing poll().

I tried reverting 4bdf7a04797a0ea1c431a9d54588417c29177d19 and it seems 
to fix it. I've now run through the rekey test twice and the full 
testsuite once with no hangs where before it would always hang at some 
point.

-tgc

make tests passed all tests on a RockPro64 (ARM based system with 4 A53 
core + 2 A72 cores) running Armbian 20.08.17.

Passes all tests on NetBSD-current and NetBSD-9.2 (both amd64).

-- 
Hisashi T Fujinaka - htodd at twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee