Softpedia >Linux >Adaptive Technologies >Portable OpenSSH >  Changelog

Portable OpenSSH Changelog

What's new in Portable OpenSSH 8.1p1

Oct 9, 2019
  • ssh(1): fix SIGWINCH delivery of Solaris for multiplexed sessions bz#3030
  • ssh(1), sshd(8): fix typo that prevented detection of Linux VRF
  • sshd(8): add no-op implementation of pam_putenv to avoid build breakage on platforms where the PAM implementation lacks this function (e.g. HP-UX). bz#3008
  • sftp-server(8): fix Solaris privilege sandbox from preventing the legacy sftp rename operation from working (was refusing to allow hard links to files owned by other users). bz#3036
  • All: add a proc_pidinfo()-based closefrom() for OS X to avoid the need to brute-force close all high-numbered file descriptors. bz#3049
  • sshd(8): in the Linux seccomp-bpf sandbox, allow mprotect(2) with PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened heap allocators. Github PR#142
  • sshd(8): in the Linux seccomp-bpf sandbox, allow the s390-specific ioctl for ECC hardware support.
  • All: use "doc" man page format if the mandoc(1) tool is present on the system. Previously configure would not select the "doc" man page format if mandoc was present but nroff was not.
  • sshd(8): don't install duplicate STREAMS modules on Solaris; check if STREAMS modules are already installed on a pty before installing since when compiling with XPG>=4 they will likely be installed already. Prevents hangs and duplicate lines on the terminal. bz#2945 and bz#2998,

New in Portable OpenSSH 7.3p1 (Aug 2, 2016)

  • ssh(1), sshd(8): Fix compilation by automatically disabling ciphers not supported by OpenSSL. bz#2466
  • misc: Fix compilation failures on some versions of AIX's compiler related to the definition of the VA_COPY macro. bz#2589
  • sshd(8): Whitelist more architectures to enable the seccomp-bpf sandbox. bz#2590
  • ssh-agent(1), sftp-server(8): Disable process tracing on Solaris using setpflags(__PROC_PROTECT, ...). bz#2584
  • sshd(8): On Solaris, don't call Solaris setproject() with UsePAM=yes it's PAM's responsibility. bz#2425

New in Portable OpenSSH 7.1 (Aug 21, 2015)

  • Bugfixes:
  • ssh(1), sshd(8): add compatability workarounds for FuTTY
  • ssh(1), sshd(8): refine compatability workarounds for WinSCP
  • Fix a number of memory faults (double-free, free of uninitialised memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz Kocielski.

New in Portable OpenSSH 7.0p1 (Aug 17, 2015)

  • Check realpath(3) behaviour matches what sftp-server requires and use a replacement if necessary.

New in Portable OpenSSH 6.9p1 (Jul 1, 2015)

  • sshd(8): Format UsePAM setting when using sshd -T, part of bz#2346
  • Look for '${host}-ar' before 'ar', making cross-compilation easier; bz#2352.
  • Several portable compilation fixes: bz#2402, bz#2337, bz#2370
  • moduli(5): update DH-GEX moduli

New in Portable OpenSSH 6.8p1 (Mar 18, 2015)

  • Support --without-openssl at configure time. Disables and removes dependency on OpenSSL. Many features, including SSH protocol 1 are not supported and the set of crypto options is greatly restricted. This will only work on systems with native arc4random or /dev/urandom. Considered highly experimental for now.
  • Support --without-ssh1 option at configure time. Allows disabling support for SSH protocol 1.
  • sshd(8): Fix compilation on systems with IPv6 support in utmpx; bz#2296
  • Allow custom service name for sshd on Cygwin. Permits the use of multiple sshd running with different service names.

New in Portable OpenSSH 6.7p1 (Oct 7, 2014)

  • Portable OpenSSH now supports building against libressl-portable.
  • Portable OpenSSH now requires openssl 0.9.8f or greater. Older versions are no longer supported.
  • In the OpenSSL version check, allow fix version upgrades (but not downgrades. Debian bug #748150.
  • sshd(8): On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account.
  • sshd(8): Don't attempt to use vhangup on Linux. It doesn't work for non-root users, and for them it just messes up the tty settings.
  • Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is available. It considers time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228
  • Add support for ed25519 to opensshd.init init script.
  • sftp-server(8): On platforms that support it, use prctl() to prevent sftp-server from accessing /proc/self/{mem,maps}

New in Portable OpenSSH 6.5p1 (Jan 30, 2014)

  • New features:
  • ssh(1), sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it.
  • ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys.
  • Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for Ed25519 keys, but may be requested when generating or saving existing keys of other types via the -o ssh-keygen(1) option. We intend to make the new format the default in the near future. Details of the new format are in the PROTOCOL.key file.
  • ssh(1), sshd(8): Add a new transport cipher "[email protected]" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Details are in the PROTOCOL.chacha20poly1305 file.
  • ssh(1), sshd(8): Refuse RSA keys from old proprietary clients and servers that use the obsolete RSA+MD5 signature scheme. It will still be possible to connect with these clients/servers but only DSA keys will be accepted, and OpenSSH will refuse connection entirely in a future release.
  • ssh(1), sshd(8): Refuse old proprietary clients and servers that use a weaker key exchange hash calculation.
  • ssh(1): Increase the size of the Diffie-Hellman groups requested for each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC4419.
  • ssh(1), ssh-agent(1): Support pkcs#11 tokes that only provide X.509 certs instead of raw public keys (requested as bz#1908).
  • ssh(1): Add a ssh_config(5) "Match" keyword that allows conditional configuration to be applied by matching on hostname, user and result of arbitrary commands.
  • ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names.
  • sftp-server(8): Add the ability to whitelist and/or blacklist sftp protocol requests by name.
  • sftp-server(8): Add a sftp "[email protected]" to support calling fsync(2) on an open file handle.
  • sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option.
  • ssh(1): Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data.
  • Bugfixes:
  • ssh(1), sshd(8): Fix potential stack exhaustion caused by nested certificates.
  • ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort.
  • sftp(1): bz#2137: fix the progress meter for resumed transfer.
  • ssh-add(1): bz#2187: do not request smartcard PIN when removing keys from ssh-agent.
  • sshd(8): bz#2139: fix re-exec fallback when original sshd binary cannot be executed.
  • ssh-keygen(1): Make relative-specified certificate expiry times relative to current time and not the validity start time.
  • sshd(8): bz#2161: fix AuthorizedKeysCommand inside a Match block.
  • sftp(1): bz#2129: symlinking a file would incorrectly canonicalise the target path.
  • ssh-agent(1): bz#2175: fix a use-after-free in the PKCS#11 agent helper executable.
  • sshd(8): Improve logging of sessions to include the user name, remote host and port, the session type (shell, command, etc.) and allocated TTY (if any).
  • sshd(8): bz#1297: tell the client (via a debug message) when their preferred listen address has been overridden by the server's GatewayPorts setting.
  • sshd(8): bz#2162: include report port in bad protocol banner message.
  • sftp(1): bz#2163: fix memory leak in error path in do_readdir().
  • sftp(1): bz#2171: don't leak file descriptor on error.
  • sshd(8): Include the local address and port in "Connection from ..." message (only shown at loglevel>=verbose).
  • Portable OpenSSH:
  • Please note that this is the last version of Portable OpenSSH that will support versions of OpenSSL prior to 0.9.6. Support (i.e. SSH_OLD_EVP) will be removed following the 6.5p1 release.
  • Portable OpenSSH will attempt compile and link as a Position Independent Executable on Linux, OS X and OpenBSD on recent gcc- like compilers. Other platforms and older/other compilers may request this using the --with-pie configure flag.
  • A number of other toolchain-related hardening options are used automatically if available, including -ftrapv to abort on signed integer overflow and options to write-protect dynamic linking information. The use of these options may be disabled using the --without-hardening configure flag.
  • If the toolchain supports it, one of the -fstack-protector-strong, -fstack-protector-all or -fstack-protector compilation flag are used to add guards to mitigate attacks based on stack overflows. The use of these options may be disabled using the --without-stackprotect configure option.
  • sshd(8): Add support for pre-authentication sandboxing using the Capsicum API introduced in FreeBSD 10.
  • Switch to a ChaCha20-based arc4random() PRNG for platforms that do not provide their own.
  • sshd(8): bz#2156: restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over retart.
  • sshd(8): bz#2032: use local username in krb5_kuserok check rather than full client name which may be of form user@REALM.
  • ssh(1), sshd(8): Test for both the presence of ECC NID numbers in OpenSSL and that they actually work. Fedora (at least) has NID_secp521r1 that doesn't work.
  • bz#2173: use pkg-config --libs to include correct -L location for libedit.

New in Portable OpenSSH 6.4p1 (Nov 9, 2013)

  • This release fixes a security bug: sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv

New in Portable OpenSSH 6.3p1 (Sep 13, 2013)

  • Features:
  • sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards.
  • ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client.
  • sshd(8): standardise logging of information during user authentication.
  • The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too.
  • Including all relevant information on a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries.
  • ssh(1): add the ability to query which ciphers, MAC algorithms, key types and key exchange methods are supported in the binary.
  • ssh(1): support ProxyCommand=- to allow support cases where stdin and stdout already point to the proxy.
  • ssh(1): allow IdentityFile=none
  • ssh(1)/sshd(8): add -E option to ssh and sshd to append debugging logs to a specified file instead of stderr or syslog.
  • sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option.
  • ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives.
  • sshd(8): add support for submethods to be appended to required authentication methods listed via AuthenticationMethods.
  • Bugfixes:
  • sshd(8): fix refusal to accept certificate if a key of a different type to the CA key appeared in authorized_keys before the CA key.
  • ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps.
  • sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108
  • ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125
  • ssh(1): reset the order in which public keys are tried after partial authentication success.
  • ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#2120
  • ssh(1) and others: avoid confusing error messages in the case of broken system resolver configurations; bz#2122
  • ssh(1): set TCP nodelay for connections started with -N; bz#2124
  • ssh(1): correct manual for permission requirements on ~/.ssh/config; bz#2078
  • ssh(1): fix ControlPersist timeout not triggering in cases where TCP connections have hung. bz#1917
  • ssh(1): properly deatch a ControlPersist master from its controlling terminal.
  • sftp(1): avoid crashes in libedit when it has been compiled with multi- byte character support. bz#1990
  • sshd(8): when running sshd -D, close stderr unless we have explicitly requested logging to stderr. bz#1976,
  • ssh(1): fix incomplete bzero; bz#2100
  • sshd(8): log and error and exit if ChrootDirectory is specified and running without root privileges.
  • Many improvements to the regression test suite. In particular log files are now saved from ssh and sshd after failures.
  • Fix a number of memory leaks. bz#1967 bz#2096 and others
  • sshd(8): fix public key authentication when a :style is appended to the requested username.
  • ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened. bz#2079
  • Portable OpenSSH:
  • Major overhaul of contrib/cygwin/README
  • Fix unaligned accesses in umac.c for strict-alignment architectures. bz#2101
  • Enable -Wsizeof-pointer-memaccess if the compiler supports it. bz#2100
  • Fix broken incorrect commandline reporting errors. bz#1448
  • Only include SHA256 and ECC-based key exchange methods if libcrypto has the required support.
  • Fix crash in SOCKS5 dynamic forwarding code on strict-alignment architectures.
  • A number of portability fixes for Android: * Don't try to use lastlog on Android; bz#2111 * Fall back to using openssl's DES_crypt function on platorms that don't have a native crypt() function; bz#2112 * Test for fd_mask, howmany and NFDBITS rather than trying to enumerate the plaforms that don't have them. bz#2085 * Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. bz#2085 * Add a null implementation of endgrent for platforms that don't have it (eg Android) bz#2087 * Support platforms, such as Android, that lack struct passwd.pw_gecos. bz#2086

New in Portable OpenSSH 6.2p2 (May 17, 2013)

  • sshd(8): The Linux seccomp-filter sandbox is now supported on ARM platforms where the kernel supports it.
  • sshd(8): The seccomp-filter sandbox will not be enabled if the system headers support it at compile time, regardless of whether it can be enabled then. If the run-time system does not support seccomp-filter, sshd will fall back to the rlimit pseudo-sandbox.
  • ssh(1): Don't link in the Kerberos libraries. They aren't necessary on the client, just on sshd(8). bz#2072
  • Fix GSSAPI linking on Solaris, which uses a differently-named GSSAPI library. bz#2073
  • Fix compilation on systems with openssl-1.0.0-fips.
  • Fix a number of errors in the RPM spec files.

New in Portable OpenSSH 5.8p1 (Feb 4, 2011)

  • Portable OpenSSH Bugfixes:
  • Fix compilation failure when enableing SELinux support.
  • Do not attempt to call SELinux functions when SELinux is disabled. bz#1851