NetBSD/pkgsrc 69YXxp3 — security/openssh distinfo Makefile, security/openssh/patches patch-sshd.c patch-configure.ac
OpenSSH 7.9
Potentially-incompatible changes
================================
* ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
option (see below) bans the use of DSA keys as certificate
authorities.
* sshd(8): the authentication success/failure log message has
changed format slightly. It now includes the certificate
fingerprint (previously it included only key ID and CA key
fingerprint).
New Features
------------
* ssh(1), sshd(8): allow most port numbers to be specified using
service names from getservbyname(3) (typically /etc/services).
* ssh(1): allow the IdentityAgent configuration directive to accept
environment variable names. This supports the use of multiple
agent sockets without needing to use fixed paths.
* sshd(8): support signalling sessions via the SSH protocol.
A limited subset of signals is supported and only for login or
command sessions (i.e. not subsystems) that were not subject to
a forced command via authorized_keys or sshd_config. bz#1424
* ssh(1): support "ssh -Q sig" to list supported signature options.
Also "ssh -Q help" to show the full set of supported queries.
* ssh(1), sshd(8): add a CASignatureAlgorithms option for the
client and server configs to allow control over which signature
formats are allowed for CAs to sign certificates. For example,
this allows banning CAs that sign certificates using the RSA-SHA1
signature algorithm.
* sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
revoke keys specified by SHA256 hash.
* ssh-keygen(1): allow creation of key revocation lists directly
from base64-encoded SHA256 fingerprints. This supports revoking
keys using only the information contained in sshd(8)
authentication log messages.
Bugfixes
--------
* ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
attempting to load PEM private keys while using an incorrect
passphrase. bz#2901
* sshd(8): when a channel closed message is received from a client,
close the stderr file descriptor at the same time stdout is
closed. This avoids stuck processes if they were waiting for
stderr to close and were insensitive to stdin/out closing. bz#2863
* ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
forwarding timeout and support X11 forwarding indefinitely.
Previously the behaviour of ForwardX11Timeout=0 was undefined.
* sshd(8): when compiled with GSSAPI support, cache supported method
OIDs regardless of whether GSSAPI authentication is enabled in the
main section of sshd_config. This avoids sandbox violations if
GSSAPI authentication was later enabled in a Match block. bz#2107
* sshd(8): do not fail closed when configured with a text key
revocation list that contains a too-short key. bz#2897
* ssh(1): treat connections with ProxyJump specified the same as
ones with a ProxyCommand set with regards to hostname
canonicalisation (i.e. don't try to canonicalise the hostname
unless CanonicalizeHostname is set to 'always'). bz#2896
* ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
key authentication using certificates hosted in a ssh-agent(1)
or against sshd(8) from OpenSSH <7.8.
Portability
-----------
* All: support building against the openssl-1.1 API (releases 1.1.0g
and later). The openssl-1.0 API will remain supported at least
until OpenSSL terminates security patch support for that API version.
* sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
apparently required by some glibc/OpenSSL combinations.
* sshd(8): handle getgrouplist(3) returning more than
_SC_NGROUPS_MAX groups. Some platforms consider this limit more
as a guideline.
OpenSSH 7.8:
Potentially-incompatible changes
================================
* ssh-keygen(1): write OpenSSH format private keys by default
instead of using OpenSSL's PEM format. The OpenSSH format,
supported in OpenSSH releases since 2014 and described in the
PROTOCOL.key file in the source distribution, offers substantially
better protection against offline password guessing and supports
key comments in private keys. If necessary, it is possible to write
old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
when generating or updating a key.
* sshd(8): remove internal support for S/Key multiple factor
authentication. S/Key may still be used via PAM or BSD auth.
* ssh(1): remove vestigal support for running ssh(1) as setuid. This
used to be required for hostbased authentication and the (long
gone) rhosts-style authentication, but has not been necessary for
a long time. Attempting to execute ssh as a setuid binary, or with
uid != effective uid will now yield a fatal error at runtime.
* sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar
HostbasedAcceptedKeyTypes options have changed. These now specify
signature algorithms that are accepted for their respective
authentication mechanism, where previously they specified accepted
key types. This distinction matters when using the RSA/SHA2
signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their
certificate counterparts. Configurations that override these
options but omit these algorithm names may cause unexpected
authentication failures (no action is required for configurations
that accept the default for these options).
* sshd(8): the precedence of session environment variables has
changed. ~/.ssh/environment and environment="..." options in
authorized_keys files can no longer override SSH_* variables set
implicitly by sshd.
* ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.
They will now use DSCP AF21 for interactive traffic and CS1 for
bulk. For a detailed rationale, please see the commit message:
https://cvsweb.openbsd.org/src/usr.bin/ssh/readconf.c#rev1.284
New Features
------------
* ssh(1)/sshd(8): add new signature algorithms "rsa-sha2-256-cert-
v01 at openssh.com" and "rsa-sha2-512-cert-v01 at openssh.com" to
explicitly force use of RSA/SHA2 signatures in authentication.
* sshd(8): extend the PermitUserEnvironment option to accept a
whitelist of environment variable names in addition to global
"yes" or "no" settings.
* sshd(8): add a PermitListen directive to sshd_config(5) and a
corresponding permitlisten= authorized_keys option that control
which listen addresses and port numbers may be used by remote
forwarding (ssh -R ...).
* sshd(8): add some countermeasures against timing attacks used for
account validation/enumeration. sshd will enforce a minimum time
or each failed authentication attempt consisting of a global 5ms
minimum plus an additional per-user 0-4ms delay derived from a
host secret.
* sshd(8): add a SetEnv directive to allow an administrator to
explicitly specify environment variables in sshd_config.
Variables set by SetEnv override the default and client-specified
environment.
* ssh(1): add a SetEnv directive to request that the server sets
an environment variable in the session. Similar to the existing
SendEnv option, these variables are set subject to server
configuration.
* ssh(1): allow "SendEnv -PATTERN" to clear environment variables
previously marked for sending to the server. bz#1285
* ssh(1)/sshd(8): make UID available as a %-expansion everywhere
that the username is available currently. bz#2870
* ssh(1): allow setting ProxyJump=none to disable ProxyJump
functionality. bz#2869
Bugfixes
--------
* sshd(8): avoid observable differences in request parsing that could
be used to determine whether a target user is valid.
* all: substantial internal refactoring
* ssh(1)/sshd(8): fix some memory leaks; bz#2366
* ssh(1): fix a pwent clobber (introduced in openssh-7.7) that could
occur during key loading, manifesting as crash on some platforms.
* sshd_config(5): clarify documentation for AuthenticationMethods
option; bz#2663
* ssh(1): ensure that the public key algorithm sent in a
public key SSH_MSG_USERAUTH_REQUEST matches the content of the
signature blob. Previously, these could be inconsistent when a
legacy or non-OpenSSH ssh-agent returned a RSA/SHA1 signature
when asked to make a RSA/SHA2 signature.
* sshd(8): fix failures to read authorized_keys caused by faulty
supplemental group caching. bz#2873
* scp(1): apply umask to directories, fixing potential mkdir/chmod
race when copying directory trees bz#2839
* ssh-keygen(1): return correct exit code when searching for and
hashing known_hosts entries in a single operation; bz#2772
* ssh(1): prefer the ssh binary pointed to via argv[0] to $PATH when
re-executing ssh for ProxyJump. bz#2831
* sshd(8): do not ban PTY allocation when a sshd session is
restricted because the user password is expired as it breaks
password change dialog. (regression in openssh-7.7).
* ssh(1)/sshd(8): fix error reporting from select() failures.
* ssh(1): improve documentation for -w (tunnel) flag, emphasising
that -w implicitly sets Tunnel=point-to-point. bz#2365
* ssh-agent(1): implement EMFILE mitigation for ssh-agent. ssh-agent
will no longer spin when its file descriptor limit is exceeded.
bz#2576
* ssh(1)/sshd(8): disable SSH2_MSG_DEBUG messages for Twisted Conch
clients. Twisted Conch versions that lack a version number in
their identification strings will mishandle these messages when
running on Python 2.x (https://twistedmatrix.com/trac/ticket/9422)
* sftp(1): notify user immediately when underlying ssh process dies
expectedly. bz#2719
* ssh(1)/sshd(8): fix tunnel forwarding; regression in 7.7 release.
bz#2855
* ssh-agent(1): don't kill ssh-agent's listening socket entirely if
it fails to accept(2) a connection. bz#2837
* sshd(8): relax checking of authorized_keys environment="..."
options to allow underscores in variable names (regression
introduced in 7.7). bz#2851
* ssh(1): add some missing options in the configuration dump output
(ssh -G). bz#2835
Portability
-----------
* sshd(8): Expose details of completed authentication to PAM auth
modules via SSH_AUTH_INFO_0 in the PAM environment. bz#2408
* Fix compilation problems caused by fights between zlib and OpenSSL
colliding uses of "free_func"
* Improve detection of unsupported compiler options. Recently these
may have manifested as "unsupported -Wl,-z,retpoline" warnings
during linking.
* sshd(8): some sandbox support for Linux/s390 bz#2752.
* regress tests: unbreak key-options.sh test on platforms without
openpty(3). bz#2856
* use getrandom(2) for PRNG seeding when built without OpenSSL.
OpenSSH 7.7:
Potentially-incompatible changes
================================
* ssh(1)/sshd(8): Drop compatibility support for some very old SSH
implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
versions were all released in or before 2001 and predate the final
SSH RFCs. The support in question isn't necessary for RFC-compliant
SSH implementations.
New Features
------------
* All: Add experimental support for PQC XMSS keys (Extended Hash-
Based Signatures) based on the algorithm described in
https://tools.ietf.org/html/draft-irtf-cfrg-xmss-hash-based-signatures-12
The XMSS signature code is experimental and not compiled in by
default.
* sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword
to allow conditional configuration that depends on which routing
domain a connection was received on (currently supported on OpenBSD
and Linux).
* sshd_config(5): Add an optional rdomain qualifier to the
ListenAddress directive to allow listening on different routing
domains. This is supported only on OpenBSD and Linux at present.
* sshd_config(5): Add RDomain directive to allow the authenticated
session to be placed in an explicit routing domain. This is only
supported on OpenBSD at present.
* sshd(8): Add "expiry-time" option for authorized_keys files to
allow for expiring keys.
* ssh(1): Add a BindInterface option to allow binding the outgoing
connection to an interface's address (basically a more usable
BindAddress)
* ssh(1): Expose device allocated for tun/tap forwarding via a new
%T expansion for LocalCommand. This allows LocalCommand to be used
to prepare the interface.
* sshd(8): Expose the device allocated for tun/tap forwarding via a
new SSH_TUNNEL environment variable. This allows automatic setup of
the interface and surrounding network configuration automatically on
the server.
* ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
ssh://user at host or sftp://user at host/path. Additional connection
parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
implemented since the ssh fingerprint format in the draft uses the
deprecated MD5 hash with no way to specify the any other algorithm.
* ssh-keygen(1): Allow certificate validity intervals that specify
only a start or stop time (instead of both or neither).
* sftp(1): Allow "cd" and "lcd" commands with no explicit path
argument. lcd will change to the local user's home directory as
usual. cd will change to the starting directory for session (because
the protocol offers no way to obtain the remote user's home
directory). bz#2760
* sshd(8): When doing a config test with sshd -T, only require the
attributes that are actually used in Match criteria rather than (an
incomplete list of) all criteria.
Bugfixes
--------
* ssh(1)/sshd(8): More strictly check signature types during key
exchange against what was negotiated. Prevents downgrade of RSA
signatures made with SHA-256/512 to SHA-1.
* sshd(8): Fix support for client that advertise a protocol version
of "1.99" (indicating that they are prepared to accept both SSHv1 and
SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
support. bz#2810
* ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when
a rsa-sha2-256/512 signature was requested. This condition is possible
when an old or non-OpenSSH agent is in use. bz#2799
* ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
to fatally exit if presented an invalid signature request message.
* sshd_config(5): Accept yes/no flag options case-insensitively, as
has been the case in ssh_config(5) for a long time. bz#2664
* ssh(1): Improve error reporting for failures during connection.
Under some circumstances misleading errors were being shown. bz#2814
* ssh-keyscan(1): Add -D option to allow printing of results directly
in SSHFP format. bz#2821
* regress tests: fix PuTTY interop test broken in last release's SSHv1
removal. bz#2823
* ssh(1): Compatibility fix for some servers that erroneously drop the
connection when the IUTF8 (RFC8160) option is sent.
* scp(1): Disable RemoteCommand and RequestTTY in the ssh session
started by scp (sftp was already doing this.)
* ssh-keygen(1): Refuse to create a certificate with an unusable
number of principals.
* ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
public key during key generation. Previously it would silently
ignore errors writing the comment and terminating newline.
* ssh(1): Do not modify hostname arguments that are addresses by
automatically forcing them to lower-case. Instead canonicalise them
to resolve ambiguities (e.g. ::0001 => ::1) before they are matched
against known_hosts. bz#2763
* ssh(1): Don't accept junk after "yes" or "no" responses to hostkey
prompts. bz#2803
* sftp(1): Have sftp print a warning about shell cleanliness when
decoding the first packet fails, which is usually caused by shells
polluting stdout of non-interactive startups. bz#2800
* ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
time to monotonic time, allowing the packet layer to better function
over a clock step and avoiding possible integer overflows during
steps.
* Numerous manual page fixes and improvements.
Portability
-----------
* sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
sandbox violations on some environments.
* sshd(8): Remove UNICOS support. The hardware and software are literal
museum pieces and support in sshd is too intrusive to justify
maintaining.
* All: Build and link with "retpoline" flags when available to mitigate
the "branch target injection" style (variant 2) of the Spectre
branch-prediction vulnerability.
* All: Add auto-generated dependency information to Makefile.
* Numerous fixed to the RPM spec files.
UnifiedSplitRaw
