Re: Fwd: [openssh-unix-announce] Announce: OpenSSH 8.5 released

Re: Fwd: [openssh-unix-announce] Announce: OpenSSH 8.5 released

[Adolf Belka (ipfire)]

[-- Attachment #1: Type: text/plain, Size: 13641 bytes --]

Hi Michael,

I will pick this up.

Regards,

Adolf.

On 03/03/2021 11:16, Michael Tremer wrote:
> Who wants to grab this one?
>
> Looks like a simple package upgrade with no other changes required.
>
> Best,
> -Michael
>
>> Begin forwarded message:
>>
>> *From: *Damien Miller <djm(a)cvs.openbsd.org <mailto:djm(a)cvs.openbsd.org>>
>> *Subject: **[openssh-unix-announce] Announce: OpenSSH 8.5 released*
>> *Date: *3 March 2021 at 01:19:55 GMT
>> *To: *openssh-unix-announce(a)mindrot.org <mailto:openssh-unix-announce(a)mindrot.org>
>>
>> OpenSSH 8.5 has just been released. It will be available from the
>> mirrors listed at https://www.openssh.com/ <https://www.openssh.com/> shortly.
>>
>> OpenSSH is a 100% complete SSH protocol 2.0 implementation and
>> includes sftp client and server support.
>>
>> Once again, we would like to thank the OpenSSH community for their
>> continued support of the project, especially those who contributed
>> code or patches, reported bugs, tested snapshots or donated to the
>> project. More information on donations may be found at:
>> https://www.openssh.com/donations.html <https://www.openssh.com/donations.html>
>>
>> Future deprecation notice
>> =========================
>>
>> It is now possible[1] to perform chosen-prefix attacks against the
>> SHA-1 algorithm for less than USD$50K.
>>
>> In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
>> hash algorithm in conjunction with the RSA public key algorithm.
>> OpenSSH will disable this signature scheme by default in the near
>> future.
>>
>> Note that the deactivation of "ssh-rsa" signatures does not necessarily
>> require cessation of use for RSA keys. In the SSH protocol, keys may be
>> capable of signing using multiple algorithms. In particular, "ssh-rsa"
>> keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
>> "rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
>> these is being turned off by default.
>>
>> This algorithm is unfortunately still used widely despite the
>> existence of better alternatives, being the only remaining public key
>> signature algorithm specified by the original SSH RFCs that is still
>> enabled by default.
>>
>> The better alternatives include:
>>
>> * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
>>   algorithms have the advantage of using the same key type as
>>   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
>>   supported since OpenSSH 7.2 and are already used by default if the
>>   client and server support them.
>>
>> * The RFC8709 ssh-ed25519 signature algorithm. It has been supported
>>   in OpenSSH since release 6.5.
>>
>> * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
>>   have been supported by OpenSSH since release 5.7.
>>
>> To check whether a server is using the weak ssh-rsa public key
>> algorithm, for host authentication, try to connect to it after
>> removing the ssh-rsa algorithm from ssh(1)'s allowed list:
>>
>>    ssh -oHostKeyAlgorithms=-ssh-rsa user(a)host
>>
>> If the host key verification fails and no other supported host key
>> types are available, the server software on that host should be
>> upgraded.
>>
>> This release enables the UpdateHostKeys option by default to assist
>> the client by automatically migrating to better algorithms.
>>
>> [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
>>    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
>>    (2020) https://eprint.iacr.org/2020/014.pdf
>>
>> Security
>> ========
>>
>> * ssh-agent(1): fixed a double-free memory corruption that was
>>   introduced in OpenSSH 8.2 . We treat all such memory faults as
>>   potentially exploitable. This bug could be reached by an attacker
>>   with access to the agent socket.
>>
>>   On modern operating systems where the OS can provide information
>>   about the user identity connected to a socket, OpenSSH ssh-agent
>>   and sshd limit agent socket access only to the originating user
>>   and root. Additional mitigation may be afforded by the system's
>>   malloc(3)/free(3) implementation, if it detects double-free
>>   conditions.
>>
>>   The most likely scenario for exploitation is a user forwarding an
>>   agent either to an account shared with a malicious user or to a
>>   host with an attacker holding root access.
>>
>> * Portable sshd(8): Prevent excessively long username going to PAM.
>>   This is a mitigation for a buffer overflow in Solaris' PAM username
>>   handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
>>   implementations.  This is not a problem in sshd itself, it only
>>   prevents sshd from being used as a vector to attack Solaris' PAM.
>>   It does not prevent the bug in PAM from being exploited via some
>>   other PAM application. GHPR#212
>>
>>
>> Potentially-incompatible changes
>> ================================
>>
>> This release includes a number of changes that may affect existing
>> configurations:
>>
>> * ssh(1), sshd(8): this release changes the first-preference signature
>>   algorithm from ECDSA to ED25519.
>>
>> * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
>>   for interactive use prior to TCP connect. The connection phase of
>>   the SSH session is time-sensitive and often explicitly interactive.
>>   The ultimate interactive/bulk TOS/DSCP will be set after
>>   authentication completes.
>>
>> * ssh(1), sshd(8): remove the pre-standardization cipher
>>   rijndael-cbc(a)lysator.liu.se. It is an alias for aes256-cbc before
>>   it was standardized in RFC4253 (2006), has been deprecated and
>>   disabled by default since OpenSSH 7.2 (2016) and was only briefly
>>   documented in ssh.1 in 2001.
>>
>> * ssh(1), sshd(8): update/replace the experimental post-quantum
>>   hybrid key exchange method based on Streamlined NTRU Prime coupled
>>   with X25519.
>>
>>   The previous sntrup4591761x25519-sha512(a)tinyssh.org method is
>>   replaced with sntrup761x25519-sha512(a)openssh.com. Per its
>>   designers, the sntrup4591761 algorithm was superseded almost two
>>   years ago by sntrup761.
>>
>>   (note this both the updated method and the one that it replaced are
>>   disabled by default)
>>
>> * ssh(1): disable CheckHostIP by default. It provides insignificant
>>   benefits while making key rotation significantly more difficult,
>>   especially for hosts behind IP-based load-balancers.
>>
>> Changes since OpenSSH 8.4
>> =========================
>>
>> New features
>> ------------
>>
>> * ssh(1): this release enables UpdateHostkeys by default subject to
>>   some conservative preconditions:
>>    - The key was matched in the UserKnownHostsFile (and not in the
>>      GlobalKnownHostsFile).
>>    - The same key does not exist under another name.
>>    - A certificate host key is not in use.
>>    - known_hosts contains no matching wildcard hostname pattern.
>>    - VerifyHostKeyDNS is not enabled.
>>    - The default UserKnownHostsFile is in use.
>>
>>   We expect some of these conditions will be modified or relaxed in
>>   future.
>>
>> * ssh(1), sshd(8): add a new LogVerbose configuration directive for
>>   that allows forcing maximum debug logging by file/function/line
>>   pattern-lists.
>>
>> * ssh(1): when prompting the user to accept a new hostkey, display
>>   any other host names/addresses already associated with the key.
>>
>> * ssh(1): allow UserKnownHostsFile=none to indicate that no
>>   known_hosts file should be used to identify host keys.
>>
>> * ssh(1): add a ssh_config KnownHostsCommand option that allows the
>>   client to obtain known_hosts data from a command in addition to
>>   the usual files.
>>
>> * ssh(1): add a ssh_config PermitRemoteOpen option that allows the
>>   client to restrict the destination when RemoteForward is used
>>   with SOCKS.
>>
>> * ssh(1): for FIDO keys, if a signature operation fails with a
>>   "incorrect PIN" reason and no PIN was initially requested from the
>>   user, then request a PIN and retry the operation. This supports
>>   some biometric devices that fall back to requiring PIN when reading
>>   of the biometric failed, and devices that require PINs for all
>>   hosted credentials.
>>
>> * sshd(8): implement client address-based rate-limiting via new
>>   sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
>>   directives that provide more fine-grained control on a per-origin
>>   address basis than the global MaxStartups limit.
>>
>> Bugfixes
>> --------
>>
>> * ssh(1): Prefix keyboard interactive prompts with "(user(a)host)" to
>>   make it easier to determine which connection they are associated
>>   with in cases like scp -3, ProxyJump, etc. bz#3224
>>
>> * sshd(8): fix sshd_config SetEnv directives located inside Match
>>   blocks. GHPR#201
>>
>> * ssh(1): when requesting a FIDO token touch on stderr, inform the
>>   user once the touch has been recorded.
>>
>> * ssh(1): prevent integer overflow when ridiculously large
>>   ConnectTimeout values are specified, capping the effective value
>>   (for most platforms) at 24 days. bz#3229
>>
>> * ssh(1): consider the ECDSA key subtype when ordering host key
>>   algorithms in the client.
>>
>> * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
>>   PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
>>   that it control allowed key algorithms, when this option actually
>>   specifies the signature algorithms that are accepted. The previous
>>   name remains available as an alias. bz#3253
>>
>> * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
>>   HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
>>
>> * sftp-server(8): add missing lsetstat(a)openssh.com documentation
>>   and advertisement in the server's SSH2_FXP_VERSION hello packet.
>>
>> * ssh(1), sshd(8): more strictly enforce KEX state-machine by
>>   banning packet types once they are received. Fixes memleak caused
>>   by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
>>
>> * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
>>   platforms instead of being limited by LONG_MAX. bz#3206
>>
>> * Minor man page fixes (capitalization, commas, etc.) bz#3223
>>
>> * sftp(1): when doing an sftp recursive upload or download of a
>>   read-only directory, ensure that the directory is created with
>>   write and execute permissions in the interim so that the transfer
>>   can actually complete, then set the directory permission as the
>>   final step. bz#3222
>>
>> * ssh-keygen(1): document the -Z, check the validity of its argument
>>   earlier and provide a better error message if it's not correct.
>>   bz#2879
>>
>> * ssh(1): ignore comments at the end of config lines in ssh_config,
>>   similar to what we already do for sshd_config. bz#2320
>>
>> * sshd_config(5): mention that DisableForwarding is valid in a
>>   sshd_config Match block. bz3239
>>
>> * sftp(1): fix incorrect sorting of "ls -ltr" under some
>>   circumstances. bz3248.
>>
>> * ssh(1), sshd(8): fix potential integer truncation of (unlikely)
>>   timeout values. bz#3250
>>
>> * ssh(1): make hostbased authentication send the signature algorithm
>>   in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
>>   This make HostbasedAcceptedAlgorithms do what it is supposed to -
>>   filter on signature algorithm and not key type.
>>
>> Portability
>> -----------
>>
>> * sshd(8): add a number of platform-specific syscalls to the Linux
>>   seccomp-bpf sandbox. bz#3232 bz#3260
>>
>> * sshd(8): remove debug message from sigchld handler that could cause
>>   deadlock on some platforms. bz#3259
>>
>> * Sync contrib/ssh-copy-id with upstream.
>>
>> * unittests: add a hostname function for systems that don't have it.
>>   Some systems don't have a hostname command (it's not required by
>>   POSIX). The do have uname -n (which is), but not all of those have
>>   it report the FQDN.
>>
>> Checksums:
>> ==========
>>
>> - SHA1 (openssh-8.5.tar.gz) = 04cae43c389fb411227c01219e4eb46e3113f34e
>> - SHA256 (openssh-8.5.tar.gz) = 5qB2CgzNG4io4DmChTjHgCWqRWvEOvCKJskLdJCz+SU=
>>
>> - SHA1 (openssh-8.5p1.tar.gz) = 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
>> - SHA256 (openssh-8.5p1.tar.gz) = 9S8/QdQpqpkY44zyAK8iXM3Y5m8FLaVyhwyJc3ZG7CU=
>>
>> Please note that the SHA256 signatures are base64 encoded and not
>> hexadecimal (which is the default for most checksum tools). The PGP
>> key used to sign the releases is available from the mirror sites:
>> https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
>>
>> Please note that the OpenPGP key used to sign releases has been
>> rotated for this release. The new key has been signed by the previous
>> key to provide continuity.
>>
>> Reporting Bugs:
>> ===============
>>
>> - Please read https://www.openssh.com/report.html
>>  Security bugs should be reported directly to openssh(a)openssh.com
>> _______________________________________________
>> openssh-unix-announce mailing list
>> openssh-unix-announce(a)mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-announce
>

Re: [openssh-unix-announce] Announce: OpenSSH 8.5 released

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 13921 bytes --]

Thank you.

> On 3 Mar 2021, at 12:30, Adolf Belka (ipfire) <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Michael,
> 
> I will pick this up.
> 
> Regards,
> 
> Adolf.
> 
> On 03/03/2021 11:16, Michael Tremer wrote:
>> Who wants to grab this one?
>> 
>> Looks like a simple package upgrade with no other changes required.
>> 
>> Best,
>> -Michael
>> 
>>> Begin forwarded message:
>>> 
>>> *From: *Damien Miller <djm(a)cvs.openbsd.org <mailto:djm(a)cvs.openbsd.org>>
>>> *Subject: **[openssh-unix-announce] Announce: OpenSSH 8.5 released*
>>> *Date: *3 March 2021 at 01:19:55 GMT
>>> *To: *openssh-unix-announce(a)mindrot.org <mailto:openssh-unix-announce(a)mindrot.org>
>>> 
>>> OpenSSH 8.5 has just been released. It will be available from the
>>> mirrors listed at https://www.openssh.com/ <https://www.openssh.com/> shortly.
>>> 
>>> OpenSSH is a 100% complete SSH protocol 2.0 implementation and
>>> includes sftp client and server support.
>>> 
>>> Once again, we would like to thank the OpenSSH community for their
>>> continued support of the project, especially those who contributed
>>> code or patches, reported bugs, tested snapshots or donated to the
>>> project. More information on donations may be found at:
>>> https://www.openssh.com/donations.html <https://www.openssh.com/donations.html>
>>> 
>>> Future deprecation notice
>>> =========================
>>> 
>>> It is now possible[1] to perform chosen-prefix attacks against the
>>> SHA-1 algorithm for less than USD$50K.
>>> 
>>> In the SSH protocol, the "ssh-rsa" signature scheme uses the SHA-1
>>> hash algorithm in conjunction with the RSA public key algorithm.
>>> OpenSSH will disable this signature scheme by default in the near
>>> future.
>>> 
>>> Note that the deactivation of "ssh-rsa" signatures does not necessarily
>>> require cessation of use for RSA keys. In the SSH protocol, keys may be
>>> capable of signing using multiple algorithms. In particular, "ssh-rsa"
>>> keys are capable of signing using "rsa-sha2-256" (RSA/SHA256),
>>> "rsa-sha2-512" (RSA/SHA512) and "ssh-rsa" (RSA/SHA1). Only the last of
>>> these is being turned off by default.
>>> 
>>> This algorithm is unfortunately still used widely despite the
>>> existence of better alternatives, being the only remaining public key
>>> signature algorithm specified by the original SSH RFCs that is still
>>> enabled by default.
>>> 
>>> The better alternatives include:
>>> 
>>> * The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
>>>   algorithms have the advantage of using the same key type as
>>>   "ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
>>>   supported since OpenSSH 7.2 and are already used by default if the
>>>   client and server support them.
>>> 
>>> * The RFC8709 ssh-ed25519 signature algorithm. It has been supported
>>>   in OpenSSH since release 6.5.
>>> 
>>> * The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
>>>   have been supported by OpenSSH since release 5.7.
>>> 
>>> To check whether a server is using the weak ssh-rsa public key
>>> algorithm, for host authentication, try to connect to it after
>>> removing the ssh-rsa algorithm from ssh(1)'s allowed list:
>>> 
>>>    ssh -oHostKeyAlgorithms=-ssh-rsa user(a)host
>>> 
>>> If the host key verification fails and no other supported host key
>>> types are available, the server software on that host should be
>>> upgraded.
>>> 
>>> This release enables the UpdateHostKeys option by default to assist
>>> the client by automatically migrating to better algorithms.
>>> 
>>> [1] "SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
>>>    Application to the PGP Web of Trust" Leurent, G and Peyrin, T
>>>    (2020) https://eprint.iacr.org/2020/014.pdf
>>> 
>>> Security
>>> ========
>>> 
>>> * ssh-agent(1): fixed a double-free memory corruption that was
>>>   introduced in OpenSSH 8.2 . We treat all such memory faults as
>>>   potentially exploitable. This bug could be reached by an attacker
>>>   with access to the agent socket.
>>> 
>>>   On modern operating systems where the OS can provide information
>>>   about the user identity connected to a socket, OpenSSH ssh-agent
>>>   and sshd limit agent socket access only to the originating user
>>>   and root. Additional mitigation may be afforded by the system's
>>>   malloc(3)/free(3) implementation, if it detects double-free
>>>   conditions.
>>> 
>>>   The most likely scenario for exploitation is a user forwarding an
>>>   agent either to an account shared with a malicious user or to a
>>>   host with an attacker holding root access.
>>> 
>>> * Portable sshd(8): Prevent excessively long username going to PAM.
>>>   This is a mitigation for a buffer overflow in Solaris' PAM username
>>>   handling (CVE-2020-14871), and is only enabled for Sun-derived PAM
>>>   implementations.  This is not a problem in sshd itself, it only
>>>   prevents sshd from being used as a vector to attack Solaris' PAM.
>>>   It does not prevent the bug in PAM from being exploited via some
>>>   other PAM application. GHPR#212
>>> 
>>> 
>>> Potentially-incompatible changes
>>> ================================
>>> 
>>> This release includes a number of changes that may affect existing
>>> configurations:
>>> 
>>> * ssh(1), sshd(8): this release changes the first-preference signature
>>>   algorithm from ECDSA to ED25519.
>>> 
>>> * ssh(1), sshd(8): set the TOS/DSCP specified in the configuration
>>>   for interactive use prior to TCP connect. The connection phase of
>>>   the SSH session is time-sensitive and often explicitly interactive.
>>>   The ultimate interactive/bulk TOS/DSCP will be set after
>>>   authentication completes.
>>> 
>>> * ssh(1), sshd(8): remove the pre-standardization cipher
>>>   rijndael-cbc(a)lysator.liu.se. It is an alias for aes256-cbc before
>>>   it was standardized in RFC4253 (2006), has been deprecated and
>>>   disabled by default since OpenSSH 7.2 (2016) and was only briefly
>>>   documented in ssh.1 in 2001.
>>> 
>>> * ssh(1), sshd(8): update/replace the experimental post-quantum
>>>   hybrid key exchange method based on Streamlined NTRU Prime coupled
>>>   with X25519.
>>> 
>>>   The previous sntrup4591761x25519-sha512(a)tinyssh.org method is
>>>   replaced with sntrup761x25519-sha512(a)openssh.com. Per its
>>>   designers, the sntrup4591761 algorithm was superseded almost two
>>>   years ago by sntrup761.
>>> 
>>>   (note this both the updated method and the one that it replaced are
>>>   disabled by default)
>>> 
>>> * ssh(1): disable CheckHostIP by default. It provides insignificant
>>>   benefits while making key rotation significantly more difficult,
>>>   especially for hosts behind IP-based load-balancers.
>>> 
>>> Changes since OpenSSH 8.4
>>> =========================
>>> 
>>> New features
>>> ------------
>>> 
>>> * ssh(1): this release enables UpdateHostkeys by default subject to
>>>   some conservative preconditions:
>>>    - The key was matched in the UserKnownHostsFile (and not in the
>>>      GlobalKnownHostsFile).
>>>    - The same key does not exist under another name.
>>>    - A certificate host key is not in use.
>>>    - known_hosts contains no matching wildcard hostname pattern.
>>>    - VerifyHostKeyDNS is not enabled.
>>>    - The default UserKnownHostsFile is in use.
>>> 
>>>   We expect some of these conditions will be modified or relaxed in
>>>   future.
>>> 
>>> * ssh(1), sshd(8): add a new LogVerbose configuration directive for
>>>   that allows forcing maximum debug logging by file/function/line
>>>   pattern-lists.
>>> 
>>> * ssh(1): when prompting the user to accept a new hostkey, display
>>>   any other host names/addresses already associated with the key.
>>> 
>>> * ssh(1): allow UserKnownHostsFile=none to indicate that no
>>>   known_hosts file should be used to identify host keys.
>>> 
>>> * ssh(1): add a ssh_config KnownHostsCommand option that allows the
>>>   client to obtain known_hosts data from a command in addition to
>>>   the usual files.
>>> 
>>> * ssh(1): add a ssh_config PermitRemoteOpen option that allows the
>>>   client to restrict the destination when RemoteForward is used
>>>   with SOCKS.
>>> 
>>> * ssh(1): for FIDO keys, if a signature operation fails with a
>>>   "incorrect PIN" reason and no PIN was initially requested from the
>>>   user, then request a PIN and retry the operation. This supports
>>>   some biometric devices that fall back to requiring PIN when reading
>>>   of the biometric failed, and devices that require PINs for all
>>>   hosted credentials.
>>> 
>>> * sshd(8): implement client address-based rate-limiting via new
>>>   sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
>>>   directives that provide more fine-grained control on a per-origin
>>>   address basis than the global MaxStartups limit.
>>> 
>>> Bugfixes
>>> --------
>>> 
>>> * ssh(1): Prefix keyboard interactive prompts with "(user(a)host)" to
>>>   make it easier to determine which connection they are associated
>>>   with in cases like scp -3, ProxyJump, etc. bz#3224
>>> 
>>> * sshd(8): fix sshd_config SetEnv directives located inside Match
>>>   blocks. GHPR#201
>>> 
>>> * ssh(1): when requesting a FIDO token touch on stderr, inform the
>>>   user once the touch has been recorded.
>>> 
>>> * ssh(1): prevent integer overflow when ridiculously large
>>>   ConnectTimeout values are specified, capping the effective value
>>>   (for most platforms) at 24 days. bz#3229
>>> 
>>> * ssh(1): consider the ECDSA key subtype when ordering host key
>>>   algorithms in the client.
>>> 
>>> * ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
>>>   PubkeyAcceptedAlgorithms. The previous name incorrectly suggested
>>>   that it control allowed key algorithms, when this option actually
>>>   specifies the signature algorithms that are accepted. The previous
>>>   name remains available as an alias. bz#3253
>>> 
>>> * ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
>>>   HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
>>> 
>>> * sftp-server(8): add missing lsetstat(a)openssh.com documentation
>>>   and advertisement in the server's SSH2_FXP_VERSION hello packet.
>>> 
>>> * ssh(1), sshd(8): more strictly enforce KEX state-machine by
>>>   banning packet types once they are received. Fixes memleak caused
>>>   by duplicate SSH2_MSG_KEX_DH_GEX_REQUEST (oss-fuzz #30078).
>>> 
>>> * sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
>>>   platforms instead of being limited by LONG_MAX. bz#3206
>>> 
>>> * Minor man page fixes (capitalization, commas, etc.) bz#3223
>>> 
>>> * sftp(1): when doing an sftp recursive upload or download of a
>>>   read-only directory, ensure that the directory is created with
>>>   write and execute permissions in the interim so that the transfer
>>>   can actually complete, then set the directory permission as the
>>>   final step. bz#3222
>>> 
>>> * ssh-keygen(1): document the -Z, check the validity of its argument
>>>   earlier and provide a better error message if it's not correct.
>>>   bz#2879
>>> 
>>> * ssh(1): ignore comments at the end of config lines in ssh_config,
>>>   similar to what we already do for sshd_config. bz#2320
>>> 
>>> * sshd_config(5): mention that DisableForwarding is valid in a
>>>   sshd_config Match block. bz3239
>>> 
>>> * sftp(1): fix incorrect sorting of "ls -ltr" under some
>>>   circumstances. bz3248.
>>> 
>>> * ssh(1), sshd(8): fix potential integer truncation of (unlikely)
>>>   timeout values. bz#3250
>>> 
>>> * ssh(1): make hostbased authentication send the signature algorithm
>>>   in its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type.
>>>   This make HostbasedAcceptedAlgorithms do what it is supposed to -
>>>   filter on signature algorithm and not key type.
>>> 
>>> Portability
>>> -----------
>>> 
>>> * sshd(8): add a number of platform-specific syscalls to the Linux
>>>   seccomp-bpf sandbox. bz#3232 bz#3260
>>> 
>>> * sshd(8): remove debug message from sigchld handler that could cause
>>>   deadlock on some platforms. bz#3259
>>> 
>>> * Sync contrib/ssh-copy-id with upstream.
>>> 
>>> * unittests: add a hostname function for systems that don't have it.
>>>   Some systems don't have a hostname command (it's not required by
>>>   POSIX). The do have uname -n (which is), but not all of those have
>>>   it report the FQDN.
>>> 
>>> Checksums:
>>> ==========
>>> 
>>> - SHA1 (openssh-8.5.tar.gz) = 04cae43c389fb411227c01219e4eb46e3113f34e
>>> - SHA256 (openssh-8.5.tar.gz) = 5qB2CgzNG4io4DmChTjHgCWqRWvEOvCKJskLdJCz+SU=
>>> 
>>> - SHA1 (openssh-8.5p1.tar.gz) = 72eadcbe313b07b1dd3b693e41d3cd56d354e24e
>>> - SHA256 (openssh-8.5p1.tar.gz) = 9S8/QdQpqpkY44zyAK8iXM3Y5m8FLaVyhwyJc3ZG7CU=
>>> 
>>> Please note that the SHA256 signatures are base64 encoded and not
>>> hexadecimal (which is the default for most checksum tools). The PGP
>>> key used to sign the releases is available from the mirror sites:
>>> https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc
>>> 
>>> Please note that the OpenPGP key used to sign releases has been
>>> rotated for this release. The new key has been signed by the previous
>>> key to provide continuity.
>>> 
>>> Reporting Bugs:
>>> ===============
>>> 
>>> - Please read https://www.openssh.com/report.html
>>>  Security bugs should be reported directly to openssh(a)openssh.com
>>> _______________________________________________
>>> openssh-unix-announce mailing list
>>> openssh-unix-announce(a)mindrot.org
>>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-announce
>>