Portable OpenSSH Changelog

New in version 6.7p1

October 7th, 2014
  • Portable OpenSSH now supports building against libressl-portable.
  • Portable OpenSSH now requires openssl 0.9.8f or greater. Older versions are no longer supported.
  • In the OpenSSL version check, allow fix version upgrades (but not downgrades. Debian bug #748150.
  • sshd(8): On Cygwin, determine privilege separation user at runtime, since it may need to be a domain account.
  • sshd(8): Don't attempt to use vhangup on Linux. It doesn't work for non-root users, and for them it just messes up the tty settings.
  • Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is available. It considers time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly. bz#2228
  • Add support for ed25519 to opensshd.init init script.
  • sftp-server(8): On platforms that support it, use prctl() to prevent sftp-server from accessing /proc/self/{mem,maps}

New in version 6.5p1 (January 30th, 2014)

  • New features:
  • ssh(1), sshd(8): Add support for key exchange using elliptic-curve Diffie Hellman in Daniel Bernstein's Curve25519. This key exchange method is the default when both the client and server support it.
  • ssh(1), sshd(8): Add support for Ed25519 as a public key type. Ed25519 is a elliptic curve signature scheme that offers better security than ECDSA and DSA and good performance. It may be used for both user and host keys.
  • Add a new private key format that uses a bcrypt KDF to better protect keys at rest. This format is used unconditionally for Ed25519 keys, but may be requested when generating or saving existing keys of other types via the -o ssh-keygen(1) option. We intend to make the new format the default in the near future. Details of the new format are in the PROTOCOL.key file.
  • ssh(1), sshd(8): Add a new transport cipher "chacha20-poly1305@openssh.com" that combines Daniel Bernstein's ChaCha20 stream cipher and Poly1305 MAC to build an authenticated encryption mode. Details are in the PROTOCOL.chacha20poly1305 file.
  • ssh(1), sshd(8): Refuse RSA keys from old proprietary clients and servers that use the obsolete RSA+MD5 signature scheme. It will still be possible to connect with these clients/servers but only DSA keys will be accepted, and OpenSSH will refuse connection entirely in a future release.
  • ssh(1), sshd(8): Refuse old proprietary clients and servers that use a weaker key exchange hash calculation.
  • ssh(1): Increase the size of the Diffie-Hellman groups requested for each symmetric key size. New values from NIST Special Publication 800-57 with the upper limit specified by RFC4419.
  • ssh(1), ssh-agent(1): Support pkcs#11 tokes that only provide X.509 certs instead of raw public keys (requested as bz#1908).
  • ssh(1): Add a ssh_config(5) "Match" keyword that allows conditional configuration to be applied by matching on hostname, user and result of arbitrary commands.
  • ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names.
  • sftp-server(8): Add the ability to whitelist and/or blacklist sftp protocol requests by name.
  • sftp-server(8): Add a sftp "fsync@openssh.com" to support calling fsync(2) on an open file handle.
  • sshd(8): Add a ssh_config(5) PermitTTY to disallow TTY allocation, mirroring the longstanding no-pty authorized_keys option.
  • ssh(1): Add a ssh_config ProxyUseFDPass option that supports the use of ProxyCommands that establish a connection and then pass a connected file descriptor back to ssh(1). This allows the ProxyCommand to exit rather than staying around to transfer data.
  • Bugfixes:
  • ssh(1), sshd(8): Fix potential stack exhaustion caused by nested certificates.
  • ssh(1): bz#1211: make BindAddress work with UsePrivilegedPort.
  • sftp(1): bz#2137: fix the progress meter for resumed transfer.
  • ssh-add(1): bz#2187: do not request smartcard PIN when removing keys from ssh-agent.
  • sshd(8): bz#2139: fix re-exec fallback when original sshd binary cannot be executed.
  • ssh-keygen(1): Make relative-specified certificate expiry times relative to current time and not the validity start time.
  • sshd(8): bz#2161: fix AuthorizedKeysCommand inside a Match block.
  • sftp(1): bz#2129: symlinking a file would incorrectly canonicalise the target path.
  • ssh-agent(1): bz#2175: fix a use-after-free in the PKCS#11 agent helper executable.
  • sshd(8): Improve logging of sessions to include the user name, remote host and port, the session type (shell, command, etc.) and allocated TTY (if any).
  • sshd(8): bz#1297: tell the client (via a debug message) when their preferred listen address has been overridden by the server's GatewayPorts setting.
  • sshd(8): bz#2162: include report port in bad protocol banner message.
  • sftp(1): bz#2163: fix memory leak in error path in do_readdir().
  • sftp(1): bz#2171: don't leak file descriptor on error.
  • sshd(8): Include the local address and port in "Connection from ..." message (only shown at loglevel>=verbose).
  • Portable OpenSSH:
  • Please note that this is the last version of Portable OpenSSH that will support versions of OpenSSL prior to 0.9.6. Support (i.e. SSH_OLD_EVP) will be removed following the 6.5p1 release.
  • Portable OpenSSH will attempt compile and link as a Position Independent Executable on Linux, OS X and OpenBSD on recent gcc- like compilers. Other platforms and older/other compilers may request this using the --with-pie configure flag.
  • A number of other toolchain-related hardening options are used automatically if available, including -ftrapv to abort on signed integer overflow and options to write-protect dynamic linking information. The use of these options may be disabled using the --without-hardening configure flag.
  • If the toolchain supports it, one of the -fstack-protector-strong, -fstack-protector-all or -fstack-protector compilation flag are used to add guards to mitigate attacks based on stack overflows. The use of these options may be disabled using the --without-stackprotect configure option.
  • sshd(8): Add support for pre-authentication sandboxing using the Capsicum API introduced in FreeBSD 10.
  • Switch to a ChaCha20-based arc4random() PRNG for platforms that do not provide their own.
  • sshd(8): bz#2156: restore Linux oom_adj setting when handling SIGHUP to maintain behaviour over retart.
  • sshd(8): bz#2032: use local username in krb5_kuserok check rather than full client name which may be of form user@REALM.
  • ssh(1), sshd(8): Test for both the presence of ECC NID numbers in OpenSSL and that they actually work. Fedora (at least) has NID_secp521r1 that doesn't work.
  • bz#2173: use pkg-config --libs to include correct -L location for libedit.

New in version 6.4p1 (November 9th, 2013)

  • This release fixes a security bug: sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected. Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv

New in version 6.3p1 (September 13th, 2013)

  • Features:
  • sshd(8): add ssh-agent(1) support to sshd(8); allows encrypted hostkeys, or hostkeys on smartcards.
  • ssh(1)/sshd(8): allow optional time-based rekeying via a second argument to the existing RekeyLimit option. RekeyLimit is now supported in sshd_config as well as on the client.
  • sshd(8): standardise logging of information during user authentication.
  • The presented key/cert and the remote username (if available) is now logged in the authentication success/failure message on the same log line as the local username, remote host/port and protocol in use. Certificates contents and the key fingerprint of the signing CA are logged too.
  • Including all relevant information on a single line simplifies log analysis as it is no longer necessary to relate information scattered across multiple log entries.
  • ssh(1): add the ability to query which ciphers, MAC algorithms, key types and key exchange methods are supported in the binary.
  • ssh(1): support ProxyCommand=- to allow support cases where stdin and stdout already point to the proxy.
  • ssh(1): allow IdentityFile=none
  • ssh(1)/sshd(8): add -E option to ssh and sshd to append debugging logs to a specified file instead of stderr or syslog.
  • sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option.
  • ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives.
  • sshd(8): add support for submethods to be appended to required authentication methods listed via AuthenticationMethods.
  • Bugfixes:
  • sshd(8): fix refusal to accept certificate if a key of a different type to the CA key appeared in authorized_keys before the CA key.
  • ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for timers so that things like keepalives and rekeying will work properly over clock steps.
  • sftp(1): update progressmeter when data is acknowledged, not when it's sent. bz#2108
  • ssh(1)/ssh-keygen(1): improve error messages when the current user does not exist in /etc/passwd; bz#2125
  • ssh(1): reset the order in which public keys are tried after partial authentication success.
  • ssh-agent(1): clean up socket files after SIGINT when in debug mode; bz#2120
  • ssh(1) and others: avoid confusing error messages in the case of broken system resolver configurations; bz#2122
  • ssh(1): set TCP nodelay for connections started with -N; bz#2124
  • ssh(1): correct manual for permission requirements on ~/.ssh/config; bz#2078
  • ssh(1): fix ControlPersist timeout not triggering in cases where TCP connections have hung. bz#1917
  • ssh(1): properly deatch a ControlPersist master from its controlling terminal.
  • sftp(1): avoid crashes in libedit when it has been compiled with multi- byte character support. bz#1990
  • sshd(8): when running sshd -D, close stderr unless we have explicitly requested logging to stderr. bz#1976,
  • ssh(1): fix incomplete bzero; bz#2100
  • sshd(8): log and error and exit if ChrootDirectory is specified and running without root privileges.
  • Many improvements to the regression test suite. In particular log files are now saved from ssh and sshd after failures.
  • Fix a number of memory leaks. bz#1967 bz#2096 and others
  • sshd(8): fix public key authentication when a :style is appended to the requested username.
  • ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened. bz#2079
  • Portable OpenSSH:
  • Major overhaul of contrib/cygwin/README
  • Fix unaligned accesses in umac.c for strict-alignment architectures. bz#2101
  • Enable -Wsizeof-pointer-memaccess if the compiler supports it. bz#2100
  • Fix broken incorrect commandline reporting errors. bz#1448
  • Only include SHA256 and ECC-based key exchange methods if libcrypto has the required support.
  • Fix crash in SOCKS5 dynamic forwarding code on strict-alignment architectures.
  • A number of portability fixes for Android: * Don't try to use lastlog on Android; bz#2111 * Fall back to using openssl's DES_crypt function on platorms that don't have a native crypt() function; bz#2112 * Test for fd_mask, howmany and NFDBITS rather than trying to enumerate the plaforms that don't have them. bz#2085 * Replace S_IWRITE, which isn't standardized, with S_IWUSR, which is. bz#2085 * Add a null implementation of endgrent for platforms that don't have it (eg Android) bz#2087 * Support platforms, such as Android, that lack struct passwd.pw_gecos. bz#2086

New in version 6.2p2 (May 17th, 2013)

  • sshd(8): The Linux seccomp-filter sandbox is now supported on ARM platforms where the kernel supports it.
  • sshd(8): The seccomp-filter sandbox will not be enabled if the system headers support it at compile time, regardless of whether it can be enabled then. If the run-time system does not support seccomp-filter, sshd will fall back to the rlimit pseudo-sandbox.
  • ssh(1): Don't link in the Kerberos libraries. They aren't necessary on the client, just on sshd(8). bz#2072
  • Fix GSSAPI linking on Solaris, which uses a differently-named GSSAPI library. bz#2073
  • Fix compilation on systems with openssl-1.0.0-fips.
  • Fix a number of errors in the RPM spec files.

New in version 5.8p1 (February 4th, 2011)

  • Portable OpenSSH Bugfixes:
  • Fix compilation failure when enableing SELinux support.
  • Do not attempt to call SELinux functions when SELinux is disabled. bz#1851