similar to: [Bug 3289] New: Patch fixing the issues found by coverity scan

https://bugzilla.mindrot.org/show_bug.cgi?id=3449 Bug ID: 3449 Summary: LocalForward doesn't support ~/path syntax for UNIX sockets Product: Portable OpenSSH Version: v9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh

https://bugzilla.mindrot.org/show_bug.cgi?id=3367 Bug ID: 3367 Summary: ssh-keyscan with non-22 port does not hash correct host Product: Portable OpenSSH Version: 8.8p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh-keyscan

https://bugzilla.mindrot.org/show_bug.cgi?id=3210 Bug ID: 3210 Summary: Confusing errors when pam_acct_mgmt() fails Product: Portable OpenSSH Version: 8.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: PAM support Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=2687 Bug ID: 2687 Summary: Coverity scan fixes Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=3512 Bug ID: 3512 Summary: net-misc/openssh-9.1_p1: stopped accepting connections after upgrade to sys-libs/glibc-2.36 (fatal: ssh_sandbox_violation: unexpected system call) Product: Portable OpenSSH Version: 9.1p1 Hardware: amd64 OS: Linux

https://bugzilla.mindrot.org/show_bug.cgi?id=3558 Bug ID: 3558 Summary: Spelling "yes" as "Yes" in sshd_config has a fatal result Product: Portable OpenSSH Version: 7.2p2 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=3674 Bug ID: 3674 Summary: Tracking bug for OpenSSH 9.8 Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

Dear colleagues, I came across an upstream test suite failure on Fedora 36. The test in question is forwarding, the output is ========== adding modulifile='/home/dbelyavs/work/upstream/openssh-portable/moduli' to sshd_config using cached key type ssh-ed25519 using cached key type sk-ssh-ed25519 at openssh.com using cached key type ecdsa-sha2-nistp256 using cached key type

@Dmitry, you may get more traction by reporting this issue (with patch) at https://www.openssh.com/report.html . It can also help other folks who may be encountering the same issue. -- jmk > On Mar 3, 2023, at 02:10, Dmitry Belyavskiy <dbelyavs at redhat.com> wrote: > > ?Dear colleagues, > > Could you please take a look? > >> On Fri, Jan 20, 2023 at 12:55?PM

On Wed, 25 Jan 2023 at 19:29, Darren Tucker <dtucker at dtucker.net> wrote: [...] > I have a part-done patch that logs the output from all ssh and sshd > instances to separate datestamped files. I'll see if I can tidy that > up for you to try You can grab it from here: https://github.com/daztucker/openssh-portable/commit/b54b39349e1a64cbbb9b56b0f8b91a35589fb528 It's not

https://bugzilla.mindrot.org/show_bug.cgi?id=3531 Bug ID: 3531 Summary: Ssh will not exit when it receives SIGTERM before calling poll in client_wait_until_can_do_something until some events happen. Product: Portable OpenSSH Version: 9.1p1 Hardware: Other OS: Linux Status:

https://bugzilla.mindrot.org/show_bug.cgi?id=3603 Bug ID: 3603 Summary: ssh clients can't communicate with server with default cipher when fips is enabled at server end Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: critical

Dear colleagues, Could you please take a look? On Fri, Jan 20, 2023 at 12:55?PM Dmitry Belyavskiy <dbelyavs at redhat.com> wrote: > > Dear colleagues, > > ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). > > The proposed patch enforces

Dear Damien, On Wed, Apr 19, 2023 at 9:55?AM Damien Miller <djm at mindrot.org> wrote: > > On Wed, 19 Apr 2023, Dmitry Belyavskiy wrote: > > > > While I'm sure this is good for RHEL/rawhide users who care about FIPS, > > > Portable OpenSSH won't be able to merge this. We explictly aim to support > > > LibreSSL's libcrypto as well as

https://bugzilla.mindrot.org/show_bug.cgi?id=3549 Bug ID: 3549 Summary: Tracking bug for OpenSSH 9.4 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: normal Priority: P5 Component: Miscellaneous Assignee:

Dear Peter, I'm trying to balance the original problem statement (protection from users enumeration) and avoid doubling time here if the process has already taken a long time to provide faster auth method iteration. I believe that a better solution is to set some arbitrary (probably configurable) timeout and, in case when we spend more time than that value, avoid doubling it. On Wed, Jun 28,

https://bugzilla.mindrot.org/show_bug.cgi?id=3708 Bug ID: 3708 Summary: Tracking bug for OpenSSH 9.9 Product: Portable OpenSSH Version: -current Hardware: Other OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=3533 Bug ID: 3533 Summary: tracking bug for openssh-9.3 Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=3673 Bug ID: 3673 Summary: -fzero-call-used-regs=used detection fails on Linux m68k with GCC 13 Product: Portable OpenSSH Version: 9.7p1 Hardware: 68k URL: https://bugs.debian.org/1067243 OS: Linux Status: NEW Severity: normal

Dear colleagues, ssh-keygen uses SHA1 algorithm (default) when verifying that the key is usable. It causes problems on recent systems where SHA1 is disabled for use with signatures (at least, RHEL 9+). The proposed patch enforces using a sha2 algorithm for key verification. -- Dmitry Belyavskiy -------------- next part -------------- A non-text attachment was scrubbed... Name: ssh-keygen.patch