OpenSSH 7.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
========================
We plan on retiring more legacy cryptography in a near-future
release, specifically:
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
===============================
This release disables a number of legacy cryptographic algorithms
by default in ssh:
* Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants
and the rijndael-cbc aliases for AES.
* MD5-based and truncated HMAC algorithms.
These algorithms are already disabled by default in sshd.
Changes since OpenSSH 7.1p2
==========================
This is primarily a bugfix release.
Security
--------
* ssh(1), sshd(8): remove unfinished and unused roaming code (was
already forcibly disabled in OpenSSH 7.1p2).
* ssh(1): eliminate fallback from untrusted X11 forwarding to
trusted forwarding when the X server disables the SECURITY
extension.
* ssh(1), sshd(8): increase the minimum modulus size supported for
diffie-hellman-group-exchange to 2048 bits.
* sshd(8): pre-auth sandboxing is now enabled by default (previous
releases enabled it for new installations via sshd_config).
New Features
------------
* all: add support for RSA signatures using SHA-256/512 hash
algorithms based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt.
* ssh(1): Add an AddKeysToAgent client option which can be set to
'yes', 'no', 'ask', or 'confirm', and
defaults to 'no'. When
enabled, a private key that is used during authentication will be
added to ssh-agent if it is running (with confirmation enabled if
set to 'confirm').
* sshd(8): add a new authorized_keys option "restrict" that includes
all current and future key restrictions (no-*-forwarding, etc.).
Also add permissive versions of the existing restrictions, e.g.
"no-pty" -> "pty". This simplifies the task of setting
up
restricted keys and ensures they are maximally-restricted,
regardless of any permissions we might implement in the future.
* ssh(1): add ssh_config CertificateFile option to explicitly list
certificates. bz#2436
* ssh-keygen(1): allow ssh-keygen to change the key comment for all
supported formats.
* ssh-keygen(1): allow fingerprinting from standard input, e.g.
"ssh-keygen -lf -"
* ssh-keygen(1): allow fingerprinting multiple public keys in a
file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319
* sshd(8): support "none" as an argument for sshd_config
Foreground and ChrootDirectory. Useful inside Match blocks to
override a global default. bz#2486
* ssh-keygen(1): support multiple certificates (one per line) and
reading from standard input (using "-f -") for "ssh-keygen
-L"
* ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow fetching
certificates instead of plain keys.
* ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
hostname canonicalisation - treat them as already canonical and
remove the trailing '.' before matching ssh_config.
Bugfixes
--------
* sftp(1): existing destination directories should not terminate
recursive uploads (regression in openssh 6.8) bz#2528
* ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
replies to unexpected messages during key exchange. bz#2949
* ssh(1): refuse attempts to set ConnectionAttempts=0, which does
not make sense and would cause ssh to print an uninitialised stack
variable. bz#2500
* ssh(1): fix errors when attempting to connect to scoped IPv6
addresses with hostname canonicalisation enabled.
* sshd_config(5): list a couple more options usable in Match blocks.
bz#2489
* sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match block.
* ssh(1): expand tilde characters in filenames passed to -i options
before checking whether or not the identity file exists. Avoids
confusion for cases where shell doesn't expand (e.g. "-i
~/file"
vs. "-i~/file"). bz#2481
* ssh(1): do not prepend "exec" to the shell command run by
"Match
exec" in a config file, which could cause some commands to fail
in certain environments. bz#2471
* ssh-keyscan(1): fix output for multiple hosts/addrs on one line
when host hashing or a non standard port is in use bz#2479
* sshd(8): skip "Could not chdir to home directory" message when
ChrootDirectory is active. bz#2485
* ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.
* sshd(8): avoid changing TunnelForwarding device flags if they are
already what is needed; makes it possible to use tun/tap
networking as non-root user if device permissions and interface
flags are pre-established
* ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
bz#2521
* ssh(1): fix multiplexing master failure to notice client exit.
* ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that present
empty key IDs. bz#1773
* sshd(8): avoid printf of NULL argument. bz#2535
* ssh(1), sshd(8): allow RekeyLimits larger than 4GB. bz#2521
* ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL signature
support.
* ssh(1), sshd(8): fix connections with peers that use the key
exchange guess feature of the protocol. bz#2515
* sshd(8): include remote port number in log messages. bz#2503
* ssh(1): don't try to load SSHv1 private key when compiled without
SSHv1 support. bz#2505
* ssh-agent(1), ssh(1): fix incorrect error messages during key
loading and signing errors. bz#2507
* ssh-keygen(1): don't leave empty temporary files when performing
known_hosts file edits when known_hosts doesn't exist.
* sshd(8): correct packet format for tcpip-forward replies for
requests that don't allocate a port bz#2509
* ssh(1), sshd(8): fix possible hang on closed output. bz#2469
* ssh(1): expand %i in ControlPath to UID. bz#2449
* ssh(1), sshd(8): fix return type of openssh_RSA_verify. bz#2460
* ssh(1), sshd(8): fix some option parsing memory leaks. bz#2182
* ssh(1): add a some debug output before DNS resolution; it's a
place where ssh could previously silently stall in cases of
unresponsive DNS servers. bz#2433
* ssh(1): remove spurious newline in visual hostkey. bz#2686
* ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...
* ssh(1): fix expansion of HostkeyAlgorithms=+...
Documentation
-------------
* ssh_config(5), sshd_config(5): update default algorithm lists to
match current reality. bz#2527
* ssh(1): mention -Q key-plain and -Q key-cert query options.
bz#2455
* sshd_config(8): more clearly describe what AuthorizedKeysFile=none
does.
* ssh_config(5): better document ExitOnForwardFailure. bz#2444
* sshd(5): mention internal DH-GEX fallback groups in manual.
bz#2302
* sshd_config(5): better description for MaxSessions option.
bz#2531
Portability
-----------
* ssh(1), sftp-server(8), ssh-agent(1), sshd(8): Support Illumos/
Solaris fine-grained privileges. Including a pre-auth privsep
sandbox and several pledge() emulations. bz#2511
* Renovate redhat/openssh.spec, removing deprecated options and
syntax.
* configure: allow --without-ssl-engine with --without-openssl
* sshd(8): fix multiple authentication using S/Key. bz#2502
* sshd(8): read back from libcrypto RAND_* before dropping
privileges. Avoids sandboxing violations with BoringSSL.
* Fix name collision with system-provided glob(3) functions.
bz#2463
* Adapt Makefile to use ssh-keygen -A when generating host keys.
bz#2459
* configure: correct default value for --with-ssh1 bz#2457
* configure: better detection of _res symbol bz#2259
* support getrandom() syscall on Linux
Checksums:
=========
- SHA1 (openssh-7.2.tar.gz) = 9567d00fffe655010c087aeb80c830cecbbecca6
- SHA256 (openssh-7.2.tar.gz) = 99GsHA8NwSGuEJhMc7hAOQ510y1xfGx27uJqyw73sCI
- SHA1 (openssh-7.2p1.tar.gz) = d30a6fd472199ab5838a7668c0c5fd885fb8d371
- SHA256 (openssh-7.2p1.tar.gz) = lzzDey81l+TPWZsJ5gTnnA/l2bb1laJOke0GYoYLSsM
Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available as RELEASE_KEY.asc from
the mirror sites.
Reporting Bugs:
==============
- Please read http://www.openssh.com/report.html
Security bugs should be reported directly to openssh at openssh.com
OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de
Raadt, Kevin Steves, Damien Miller, Darren Tucker, Jason McIntyre,
Tim Rice and Ben Lindstrom.
On Sun, Feb 28, 2016 at 07:12:27PM -0700, Damien Miller wrote:> OpenSSH 7.2 has just been released. It will be available from the > mirrors listed at http://www.openssh.com/ shortly. > > OpenSSH is a 100% complete SSH protocol 2.0 implementation and > includes sftp client and server support. OpenSSH also includes > transitional support for the legacy SSH 1.3 and 1.5 protocols > that may be enabled at compile-time. > > Once again, we would like to thank the OpenSSH community for their > continued support of the project, especially those who contributed > code or patches, reported bugs, tested snapshots or donated to the > project. More information on donations may be found at: > http://www.openssh.com/donations.html > > Future deprecation notice > ========================> > We plan on retiring more legacy cryptography in a near-future > release, specifically: > > * Refusing all RSA keys smaller than 1024 bits (the current minimum > is 768 bits) > > This list reflects our current intentions, but please check the final > release notes for future releases. > > Potentially-incompatible changes > ===============================> > This release disables a number of legacy cryptographic algorithms > by default in ssh: > > * Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants > and the rijndael-cbc aliases for AES. > > * MD5-based and truncated HMAC algorithms. > > These algorithms are already disabled by default in sshd. >All right can we get this openssl 1.1 ready? Looks like not too much needs to be done in cipher.h line 69 needs to be changed to EVP_CIPHER_CTX *evp; In sshkey.c replace pk->type to EVP_PKEY_type Just cipher.c we get /usr/bin/gcc -g -O2 -Wall -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -I. -I. -I/usr/contrib//include -DSSHDIR=\"/etc\" -D_PATH_SSH_PROGRAM=\"/usr/contrib/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/contrib/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/contrib/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/contrib/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/contrib/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c cipher.c -o cipher.o cipher.c: In function `cipher_init': cipher.c:329: warning: passing arg 1 of `EVP_CIPHER_CTX_reset' from incompatible pointer type cipher.c:331: warning: passing arg 1 of `EVP_CipherInit' from incompatible pointer type cipher.c:337: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type cipher.c:341: warning: passing arg 1 of `EVP_CIPHER_CTX_key_length' from incompatible pointer type cipher.c:343: warning: passing arg 1 of `EVP_CIPHER_CTX_set_key_length' from incompatible pointer type cipher.c:348: warning: passing arg 1 of `EVP_CipherInit' from incompatible pointer type cipher.c:360: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type cipher.c:367: warning: passing arg 1 of `EVP_CIPHER_CTX_reset' from incompatible pointer type cipher.c: In function `cipher_crypt': cipher.c:414: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type cipher.c:419: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type cipher.c:424: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type cipher.c:431: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type cipher.c:435: warning: passing arg 1 of `EVP_Cipher' from incompatible pointer type cipher.c:440: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type cipher.c: In function `cipher_cleanup': cipher.c:471: warning: passing arg 1 of `EVP_CIPHER_CTX_reset' from incompatible pointer type cipher.c: In function `cipher_get_keyiv_len': cipher.c:518: warning: passing arg 1 of `EVP_CIPHER_CTX_iv_length' from incompatible pointer type cipher.c: In function `cipher_get_keyiv': cipher.c:550: warning: passing arg 1 of `EVP_CIPHER_CTX_iv_length' from incompatible pointer type cipher.c:564: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type cipher.c:567: request for member `iv' in something not a structure or union cipher.c: In function `cipher_set_keyiv': cipher.c:598: warning: passing arg 1 of `EVP_CIPHER_CTX_iv_length' from incompatible pointer type cipher.c:604: warning: passing arg 1 of `EVP_CIPHER_CTX_ctrl' from incompatible pointer type cipher.c:607: request for member `iv' in something not a structure or union cipher.c: In function `cipher_get_keycontext': cipher.c:633: request for member `cipher' in something not a structure or union cipher.c:636: request for member `cipher_data' in something not a structure or union cipher.c: In function `cipher_set_keycontext': cipher.c:652: request for member `cipher' in something not a structure or union cipher.c:653: request for member `cipher_data' in something not a structure or union *** Error code 1 Stop. Looks like change in evp.h are the source of these errors. -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Broadcasting the truth for 25 years
On Sun, Feb 28, 2016 at 07:12:27PM -0700, Damien Miller wrote:> OpenSSH 7.2 has just been released. It will be available from the > mirrors listed at http://www.openssh.com/ shortly.Thanks! I notice that there's no V_7_2_P1 tag in git; I normally use the tag as part of my packaging preparations. Please could a tag be pushed? -- Colin Watson [cjwatson at debian.org]
On Mon, 29 Feb 2016, Colin Watson wrote:> On Sun, Feb 28, 2016 at 07:12:27PM -0700, Damien Miller wrote: > > OpenSSH 7.2 has just been released. It will be available from the > > mirrors listed at http://www.openssh.com/ shortly. > > Thanks! > > I notice that there's no V_7_2_P1 tag in git; I normally use the tag as > part of my packaging preparations. Please could a tag be pushed?It's there now :) -d
On Feb 28 19:12, Damien Miller wrote:> OpenSSH 7.2 has just been released. It will be available from the > mirrors listed at http://www.openssh.com/ shortly. > > OpenSSH is a 100% complete SSH protocol 2.0 implementation and > includes sftp client and server support. OpenSSH also includes > transitional support for the legacy SSH 1.3 and 1.5 protocols > that may be enabled at compile-time. > > Once again, we would like to thank the OpenSSH community for their > continued support of the project, especially those who contributed > code or patches, reported bugs, tested snapshots or donated to the > project. More information on donations may be found at: > http://www.openssh.com/donations.htmlThere's a backward incompatible change in this release which is not mentioned in the release notes. The slogin symlink as well as the slogin.1 man page are not created anymore by the Makefile. This change potentially breaks lots and lots of aliases, shell scripts, and GUI keyboard shortcuts. Corinna -- Corinna Vinschen Cygwin Maintainer Red Hat -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160302/adea48a1/attachment.bin>
Corinna Vinschen <vinschen at redhat.com> wrote:> There's a backward incompatible change in this release which is not > mentioned in the release notes. The slogin symlink as well as the > slogin.1 man page are not created anymore by the Makefile. > > This change potentially breaks lots and lots of aliases, shell scripts, > and GUI keyboard shortcuts.This may also be a serious security issue! On most systems I know of the brandnew versions of OpenSSH are installed in parallel to the SSH that ships with the operating system. So users put (for example) /usr/local/bin in front of /usr/bin to get the new OpenSSH binaries instead of the old ones from the system. The shell automatically uses the new binaries because they come first in the shell command path. Now, when users run "slogin" they will no longer start the one from the new OpenSSH but instead the shell finds the old one from the operating system and starts that one. Although the old SSH from the operating system might be secure because it gets patches from the vendor, but usually it's an old version and lacks a lot of new features (functionaly + security). So users running "slogin" will not get the best protection possible. For people who used rlogin/rsh/rcp back in the old days, it's quite common to use slogin/ssh/scp in the same way (and the developers supported that behaviour by linking slogin to ssh). Now silently removing that historic link is a big issue. Yes, sure, it's mentioned in the "ChangeLog", but honestly, that should to be included in the main release notes. (IMHO, there should be a dummy script for "slogin" that warns users that they no longer get what they expect; it's better to break things instead of silently compromising security.) Greetings, Andreas