OpenSSH 7.4 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support. OpenSSH also includes
transitional support for the legacy SSH 1.3 and 1.5 protocols
that may be enabled at compile-time.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
http://www.openssh.com/donations.html
Future deprecation notice
=========================
We plan on retiring more legacy cryptography in future releases,
specifically:
* In approximately August 2017, removing remaining support for the
SSH v.1 protocol (client-only and currently compile-time disabled).
* In the same release, removing support for Blowfish and RC4 ciphers
and the RIPE-MD160 HMAC. (These are currently run-time disabled).
* Refusing all RSA keys smaller than 1024 bits (the current minimum
is 768 bits)
* The next release of OpenSSH will remove support for running sshd(8)
with privilege separation disabled.
* The next release of portable OpenSSH will remove support for
OpenSSL version prior to 1.0.1.
This list reflects our current intentions, but please check the final
release notes for future releases.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* This release removes server support for the SSH v.1 protocol.
* ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
block ciphers are not safe in 2016 and we don't want to wait until
attacks like SWEET32 are extended to SSH. As 3des-cbc was the
only mandatory cipher in the SSH RFCs, this may cause problems
connecting to older devices using the default configuration,
but it's highly likely that such devices already need explicit
configuration for key exchange and hostkey algorithms already
anyway.
* sshd(8): Remove support for pre-authentication compression.
Doing compression early in the protocol probably seemed reasonable
in the 1990s, but today it's clearly a bad idea in terms of both
cryptography (cf. multiple compression oracle attacks in TLS) and
attack surface. Pre-auth compression support has been disabled by
default for >10 years. Support remains in the client.
* ssh-agent will refuse to load PKCS#11 modules outside a whitelist
of trusted paths by default. The path whitelist may be specified
at run-time.
* sshd(8): When a forced-command appears in both a certificate and
an authorized keys/principals command= restriction, sshd will now
refuse to accept the certificate unless they are identical.
The previous (documented) behaviour of having the certificate
forced-command override the other could be a bit confusing and
error-prone.
* sshd(8): Remove the UseLogin configuration directive and support
for having /bin/login manage login sessions.
Since we unconditionally expose the uvm_physseg.h API via uvm_extern.h
right now, and since uvm_physseg.h uses a kernel only datatype, viz
psize_t, we restrict exposure of uvm_physseg.h API exposure to kernel
only.
This is in conformance of its documentation via uvm_hotplug(9) as a
kernel internal API.
The .SS field of the datetime argument of -t option can have range from 0 to 60
as per the 1003.1 2008 standard. POSIX has removed all mentions of double leap
seconds, therefore the allowed range of seconds is now [0,60].
Also, add an ENVIRONMENT section, as the interpretation of the datetime
argument in -t option depends on the TZ environment variable.
Add an xref for parsedate(3) in SEE ALSO.
ok wiz@
This change introduced ABI incompatible change with older versions shipped
on NetBSD. This back out code that is currently not working correctly due
to TLS-based std::call_once implementation in GNU libstdc++.
Error when starting gnuchash:
/usr/pkg/lib/libwebkitgtk-1.0.so.0: Undefined symbol "_ZSt15__once_callable" (symnum = 1705)
PR 51139
Reported by <wiz>
It may be that all callers guarantee no zero-size ttm objects, but I
can't prove that in five minutes of browsing callers. Rather than
add a KASSERT, lacking proof, we'll add a warning message so that if
it does happen then it happens noisily, but we'll also prevent the
bad consequences of passing zero into uao_create by rounding up to a
harmless nonzero allocation.
XXX pullup-7
paddr_t which isn't available to userland, breaking builds that use uvm
headers, like devel/libuv on pkgsrc.
pointed out by Carsten Kunze on pkgsrc-users.
ok riastradh
as a side effect, this fixes the evbarm64 build, which was failing due
to a declaration of psize_t physmem in systm.h, while psize_t is
kernel-only.
ok riastradh
rather than [0,61]. The standard has removed mention of double leap seconds.
The standard has give the following rationale in the time.h man page:
"The range [0,60] seconds allows for positive or negative leap seconds.
The formal definition of UTC does not permit double leap seconds, so all
mention of double leap seconds has been removed, and the range shortened
from the former [0,61] seconds seen in previous versions of POSIX."
