Hi Michael, I will pick this up. Regards, Adolf. On 03/03/2021 11:16, Michael Tremer wrote: > Who wants to grab this one? > > Looks like a simple package upgrade with no other changes required. > > Best, > -Michael > >> Begin forwarded message: >> >> *From: *Damien Miller > >> *Subject: **[openssh-unix-announce] Announce: OpenSSH 8.5 released* >> *Date: *3 March 2021 at 01:19:55 GMT >> *To: *openssh-unix-announce(a)mindrot.org >> >> OpenSSH 8.5 has just been released. It will be available from the >> mirrors listed at https://www.openssh.com/ shortly. >> >> OpenSSH is a 100% complete SSH protocol 2.0 implementation and >> includes sftp client and server support. >> >> Once again, we would like to thank the OpenSSH community for their >> continued support of the project, especially those who contributed >> code or patches, reported bugs, tested snapshots or donated to the >> project. More information on donations may be found at: >> https://www.openssh.com/donations.html >> >> Future deprecation notice >> ========================= >> >> It is now possible[1] to perform chosen-prefix attacks against the >> SHA-1 algorithm for less than USD$50K. >> >> In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1 >> hash algorithm in conjunction with the RSA public key algorithm. >> OpenSSH will disable this signature scheme by default in the near >> future. >> >> Note that the deactivation of "ssh-rsa" signatures does not necessarily >> require cessation of use for RSA keys. In the SSH protocol, keys may be >> capable of signing using multiple algorithms. In particular, "ssh-rsa" >> keys are capable of signing using "rsa-sha2-256" (RSA/SHA256), >> "rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of >> these is being turned off by default. >> >> This algorithm is unfortunately still used widely despite the >> existence of better alternatives, being the only remaining public key >> signature algorithm specified by the original SSH RFCs that is still >> enabled by default. >> >> The better alternatives include: >> >> * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These >>   algorithms have the advantage of using the same key type as >>   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been >>   supported since OpenSSH 7.2 and are already used by default if the >>   client and server support them. >> >> * The RFC8709 ssh-ed25519 signature algorithm. It has been supported >>   in OpenSSH since release 6.5. >> >> * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These >>   have been supported by OpenSSH since release 5.7. >> >> To check whether a server is using the weak ssh-rsa public key >> algorithm, for host authentication, try to connect to it after >> removing the ssh-rsa algorithm from ssh(1)'s allowed list: >> >>    ssh -oHostKeyAlgorithms=-ssh-rsa user(a)host >> >> If the host key verification fails and no other supported host key >> types are available, the server software on that host should be >> upgraded. >> >> This release enables the UpdateHostKeys option by default to assist >> the client by automatically migrating to better algorithms. >> >> [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and >>    Application to the PGP Web of Trust" Leurent, G and Peyrin, T >>    (2020) https://eprint.iacr.org/2020/014.pdf >> >> Security >> ======== >> >> * ssh-agent(1): fixed a double-free memory corruption that was >>   introduced in OpenSSH 8.2 . We treat all such memory faults as >>   potentially exploitable. This bug could be reached by an attacker >>   with access to the agent socket. >> >>   On modern operating systems where the OS can provide information >>   about the user identity connected to a socket, OpenSSH ssh-agent >>   and sshd limit agent socket access only to the originating user >>   and root. Additional mitigation may be afforded by the system's >>   malloc(3)/free(3) implementation, if it detects double-free >>   conditions. >> >>   The most likely scenario for exploitation is a user forwarding an >>   agent either to an account shared with a malicious user or to a >>   host with an attacker holding root access. >> >> * Portable sshd(8): Prevent excessively long username going to PAM. >>   This is a mitigation for a buffer overflow in Solaris' PAM username >>   handling (CVE-2020-14871), and is only enabled for Sun-derived PAM >>   implementations.  This is not a problem in sshd itself, it only >>   prevents sshd from being used as a vector to attack Solaris' PAM. >>   It does not prevent the bug in PAM from being exploited via some >>   other PAM application. GHPR#212 >> >> >> Potentially-incompatible changes >> ================================ >> >> This release includes a number of changes that may affect existing >> configurations: >> >> * ssh(1), sshd(8): this release changes the first-preference signature >>   algorithm from ECDSA to ED25519. >> >> * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration >>   for interactive use prior to TCP connect. The connection phase of >>   the SSH session is time-sensitive and often explicitly interactive. >>   The ultimate interactive/bulk TOS/DSCP will be set after >>   authentication completes. >> >> * ssh(1), sshd(8): remove the pre-standardization cipher >>   rijndael-cbc(a)lysator.liu.se. It is an alias for aes256-cbc before >>   it was standardized in RFC4253 (2006), has been deprecated and >>   disabled by default since OpenSSH 7.2 (2016) and was only briefly >>   documented in ssh.1 in 2001. >> >> * ssh(1), sshd(8): update/replace the experimental post-quantum >>   hybrid key exchange method based on Streamlined NTRU Prime coupled >>   with X25519. >> >>   The previous sntrup4591761x25519-sha512(a)tinyssh.org method is >>   replaced with sntrup761x25519-sha512(a)openssh.com. Per its >>   designers, the sntrup4591761 algorithm was superseded almost two >>   years ago by sntrup761. >> >>   (note this both the updated method and the one that it replaced are >>   disabled by default) >> >> * ssh(1): disable CheckHostIP by default. It provides insignificant >>   benefits while making key rotation significantly more difficult, >>   especially for hosts behind IP-based load-balancers. >> >> Changes since OpenSSH 8.4 >> ========================= >> >> New features >> ------------ >> >> * ssh(1): this release enables UpdateHostkeys by default subject to >>   some conservative preconditions: >>    - The key was matched in the UserKnownHostsFile (and not in the >>      GlobalKnownHostsFile). >>    - The same key does not exist under another name. >>    - A certificate host key is not in use. >>    - known_hosts contains no matching wildcard hostname pattern. >>    - VerifyHostKeyDNS is not enabled. >>    - The default UserKnownHostsFile is in use. >> >>   We expect some of these conditions will be modified or relaxed in >>   future. >> >> * ssh(1), sshd(8): add a new LogVerbose configuration directive for >>   that allows forcing maximum debug logging by file/function/line >>   pattern-lists. >> >> * ssh(1): when prompting the user to accept a new hostkey, display >>   any other host names/addresses already associated with the key. >> >> * ssh(1): allow UserKnownHostsFile=none to indicate that no >>   known_hosts file should be used to identify host keys. >> >> * ssh(1): add a ssh_config KnownHostsCommand option that allows the >>   client to obtain known_hosts data from a command in addition to >>   the usual files. >> >> * ssh(1): add a ssh_config PermitRemoteOpen option that allows the >>   client to restrict the destination when RemoteForward is used >>   with SOCKS. >> >> * ssh(1): for FIDO keys, if a signature operation fails with a >>   "incorrect PIN" reason and no PIN was initially requested from the >>   user, then request a PIN and retry the operation. This supports >>   some biometric devices that fall back to requiring PIN when reading >>   of the biometric failed, and devices that require PINs for all >>   hosted credentials. >> >> * sshd(8): implement client address-based rate-limiting via new >>   sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize >>   directives that provide more fine-grained control on a per-origin >>   address basis than the global MaxStartups limit. >> >> Bugfixes >> -------- >> >> * ssh(1): Prefix keyboard interactive prompts with "(user(a)host)" to >>   make it easier to determine which connection they are associated >>   with in cases like scp -3, ProxyJump, etc. bz#3224 >> >> * sshd(8): fix sshd_config SetEnv directives located inside Match >>   blocks. GHPR#201 >> >> * ssh(1): when requesting a FIDO token touch on stderr, inform the >>   user once the touch has been recorded. >> >> * ssh(1): prevent integer overflow when ridiculously large >>   ConnectTimeout values are specified, capping the effective value >>   (for most platforms) at 24 days. bz#3229 >> >> * ssh(1): consider the ECDSA key subtype when ordering host key >>   algorithms in the client. >> >> * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to >>   PubkeyAcceptedAlgorithms. The previous name incorrectly suggested >>   that it control allowed key algorithms, when this option actually >>   specifies the signature algorithms that are accepted. The previous >>   name remains available as an alias. bz#3253 >> >> * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and >>   HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms. >> >> * sftp-server(8): add missing lsetstat(a)openssh.com documentation >>   and advertisement in the server's SSH2_FXP_VERSION hello packet. >> >> * ssh(1), sshd(8): more strictly enforce KEX state-machine by >>   banning packet types once they are received. Fixes memleak caused >>   by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078). >> >> * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit >>   platforms instead of being limited by LONG_MAX. bz#3206 >> >> * Minor man page fixes (capitalization, commas, etc.) bz#3223 >> >> * sftp(1): when doing an sftp recursive upload or download of a >>   read-only directory, ensure that the directory is created with >>   write and execute permissions in the interim so that the transfer >>   can actually complete, then set the directory permission as the >>   final step. bz#3222 >> >> * ssh-keygen(1): document the -Z, check the validity of its argument >>   earlier and provide a better error message if it's not correct. >>   bz#2879 >> >> * ssh(1): ignore comments at the end of config lines in ssh_config, >>   similar to what we already do for sshd_config. bz#2320 >> >> * sshd_config(5): mention that DisableForwarding is valid in a >>   sshd_config Match block. bz3239 >> >> * sftp(1): fix incorrect sorting of "ls -ltr" under some >>   circumstances. bz3248. >> >> * ssh(1), sshd(8): fix potential integer truncation of (unlikely) >>   timeout values. bz#3250 >> >> * ssh(1): make hostbased authentication send the signature algorithm >>   in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. >>   This make HostbasedAcceptedAlgorithms do what it is supposed to - >>   filter on signature algorithm and not key type. >> >> Portability >> ----------- >> >> * sshd(8): add a number of platform-specific syscalls to the Linux >>   seccomp-bpf sandbox. bz#3232 bz#3260 >> >> * sshd(8): remove debug message from sigchld handler that could cause >>   deadlock on some platforms. bz#3259 >> >> * Sync contrib/ssh-copy-id with upstream. >> >> * unittests: add a hostname function for systems that don't have it. >>   Some systems don't have a hostname command (it's not required by >>   POSIX). The do have uname -n (which is), but not all of those have >>   it report the FQDN. >> >> Checksums: >> ========== >> >> - SHA1 (openssh-8.5.tar.gz) = 04cae43c389fb411227c01219e4eb46e3113f34e >> - SHA256 (openssh-8.5.tar.gz) = 5qB2CgzNG4io4DmChTjHgCWqRWvEOvCKJskLdJCz+SU= >> >> - SHA1 (openssh-8.5p1.tar.gz) = 72eadcbe313b07b1dd3b693e41d3cd56d354e24e >> - SHA256 (openssh-8.5p1.tar.gz) = 9S8/QdQpqpkY44zyAK8iXM3Y5m8FLaVyhwyJc3ZG7CU= >> >> Please note that the SHA256 signatures are base64 encoded and not >> hexadecimal (which is the default for most checksum tools). The PGP >> key used to sign the releases is available from the mirror sites: >> https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc >> >> Please note that the OpenPGP key used to sign releases has been >> rotated for this release. The new key has been signed by the previous >> key to provide continuity. >> >> Reporting Bugs: >> =============== >> >> - Please read https://www.openssh.com/report.html >>  Security bugs should be reported directly to openssh(a)openssh.com >> _______________________________________________ >> openssh-unix-announce mailing list >> openssh-unix-announce(a)mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-announce >