Changelog
LibreSSL 3.7.2
Cygwin 3.4.6
component name component version component license component source
Changelog
Fix - Installer finish page - Auto run doesn't work
New - Installer finish page - Option to create shortcut at desktop
component name component version component license component source
Changelog
OpenSSH 9.3p
LibreSSL 3.6.2
component name component version component license component source
Changelog
component name component version component license component source
Changelog
Changes since OpenSSH 9.1
=========================
This release fixes a number of security bugs.
Security
========
This release contains fixes for two security problems and a memory
safety problem. The memory safety problem is not believed to be
exploitable, but we report most network-reachable memory faults as
security bugs.
* sshd(8): fix a pre-authentication double-free memory fault
introduced in OpenSSH 9.1. This is not believed to be exploitable,
and it occurs in the unprivileged pre-auth process that is
subject to chroot(2) and is further sandboxed on most major
platforms.
* ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option
would ignore its first argument unless it was one of the special
keywords "any" or "none", causing the permission list to fail open
if only one permission was specified. bz3515
* ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs
options were enabled, and the system/libc resolver did not check
that names in DNS responses were valid, then use of these options
could allow an attacker with control of DNS to include invalid
characters (possibly including wildcards) in names added to
known_hosts files when they were updated. These names would still
have to match the CanonicalizePermittedCNAMEs allow-list, so
practical exploitation appears unlikely.
component name component version component license component source
Changelog
LibreSSL 3.6.1
Cygwin 3.3.6
component name component version component license component source
Changelog
component name component version component license component source
Changelog
LibreSSL 3.5.3
Cygwin 3.3.5
Major tool update
component name component version component license component source
Changelog
OpenSSH 9.0p
LibreSSL 3.5.1
Cygwin 3.3.4
component name component version component license component source
Changelog
component name component version component license component source
Changelog
LibreSSL 3.4.2
Cygwin 3.3.3
component name component version component license component source
Changelog
Highlights:
- The internal implementation of pipes has been overhauled; this should result in improved performance. Addresses: https://cygwin.com/pipermail/cygwin/2021-August/249238.html
==========================================================================
IMPORTANT DEPRECATION NOTES
==========================================================================
- Cygwin 3.3.0 is the LAST major version supporting
- Windows Vista
- Windows Server 2008
- Cygwin 3.3.0 is the LAST major version supporting 32 bit installations.
component name component version component license component source
Changelog
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.4.1-relnotes.txt:
We have released LibreSSL 3.4.1, which will be arriving in the
LibreSSL directory of your local OpenBSD mirror soon. This is the
first stable release for the 3.4.x branch, also available with OpenBSD 7.0.
It includes the following changes from LibreSSL 3.3.x
* New Features
- Added support for OpenSSL 1.1.1 TLSv1.3 APIs.
- Enabled the new X.509 validator to allow verification of
modern certificate chains.
* Portable Improvements
- Added Universal Windows Platform (UWP) build support.
- Fixed mingw-w64 builds on newer versions with missing SSP support.
* API and Documentation Enhancements
- Added the following APIs from OpenSSL
BN_bn2binpad BN_bn2lebinpad BN_lebin2bn EC_GROUP_get_curve
EC_GROUP_order_bits EC_GROUP_set_curve
EC_POINT_get_affine_coordinates
EC_POINT_set_affine_coordinates
EC_POINT_set_compressed_coordinates EVP_DigestSign
EVP_DigestVerify SSL_CIPHER_find SSL_CTX_get0_privatekey
SSL_CTX_get_max_early_data SSL_CTX_get_ssl_method
SSL_CTX_set_ciphersuites SSL_CTX_set_max_early_data
SSL_CTX_set_post_handshake_auth SSL_SESSION_get0_cipher
SSL_SESSION_get_max_early_data SSL_SESSION_is_resumable
SSL_SESSION_set_max_early_data SSL_get_early_data_status
SSL_get_max_early_data SSL_read_early_data SSL_set0_rbio
SSL_set_ciphersuites SSL_set_max_early_data
SSL_set_post_handshake_auth
SSL_set_psk_use_session_callback
SSL_verify_client_post_handshake SSL_write_early_data
- Added AES-GCM constants from RFC 7714 for SRTP.
* Compatibility Changes
- Implement flushing for TLSv1.3 handshakes behavior, needed for Apache.
- Call the info callback on connect/accept exit in TLSv1.3,
needed for p5-Net-SSLeay.
- Default to using named curve parameter encoding from
pre-OpenSSL 1.1.0, adding OPENSSL_EC_EXPLICIT_CURVE.
- Do not ignore SSL_TLSEXT_ERR_FATAL from the ALPN callback.
* Testing and Proactive Security
- Added additional state machine test coverage.
- Improved integration test support with ruby/openssl tests.
- Error codes and callback support in new X.509 validator made
compatible with p5-Net_SSLeay tests.
* Internal Improvements
- Numerous fixes and improvements to the new X.509 validator to
ensure compatible error codes and callback support compatible
with the legacy OpenSSL validator.
The LibreSSL project continues improvement of the codebase to reflect modern,
safe programming practices. We welcome feedback and improvements from the
broader community. Thanks to all of the contributors who helped make this
release possible.
component name component version component license component source
Changelog
Security
========
sshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise
supplemental groups when executing an AuthorizedKeysCommand or
AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or
AuthorizedPrincipalsCommandUser directive has been set to run the
command as a different user. Instead these commands would inherit
the groups that sshd(8) was started with.
Depending on system configuration, inherited groups may allow
AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to
gain unintended privilege.
Neither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are
enabled by default in sshd_config(5).
Potentially-incompatible changes
================================
This release disables RSA signatures using the SHA-1 hash algorithm
by default. This change has been made as the SHA-1 hash algorithm is
cryptographically broken, and it is possible to create chosen-prefix
hash collisions for <USD$50K
For most users, this change should be invisible and there is
no need to replace ssh-rsa keys. OpenSSH has supported RFC8332
RSA/SHA-256/512 signatures since release 7.2 and existing ssh-rsa keys
will automatically use the stronger algorithm where possible.
Incompatibility is more likely when connecting to older SSH
implementations that have not been upgraded or have not closely tracked
improvements in the SSH protocol. For these cases, it may be necessary
to selectively re-enable RSA/SHA1 to allow connection and/or user
authentication via the HostkeyAlgorithms and PubkeyAcceptedAlgorithms
options. For example, the following stanza in ~/.ssh/config will enable
RSA/SHA1 for host and user authentication for a single destination host:
Host old-host
HostkeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
We recommend enabling RSA/SHA1 only as a stopgap measure until legacy
implementations can be upgraded or reconfigured with another key type
(such as ECDSA or Ed25519).
"SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
component name component version component license component source
Changelog
component name component version component license component source
Changelog
OpenSSH 8.6p
LibreSSL 3.3.3
Cygwin 3.2.0
component name component version component license component source
Changelog
OpenSSH 8.5p
LibreSSL 3.2.4
component name component version component license component source
Changelog
Use a built-in password generator instead of an external tool
component name component version component license component source
Changelog
component name component version component license component source
Changelog
Copssh version 7.4.0 installers come with OpenSSH 8.4p(link is external) and LibreSSL 3.1.4(link is external) . Cygwin and GNU tools are also upgraded.
Future deprecation notice
=========================
It is now possible to perform chosen-prefix attacks against the
SHA-1 algorithm for less than USD$50K. For this reason, we will be
disabling the "ssh-rsa" public key signature algorithm by default in a
near-future release.
This algorithm is unfortunately still used widely despite the
existence of better alternatives, being the only remaining public key
signature algorithm specified by the original SSH RFCs.
The better alternatives include:
* The RFC8332 RSA SHA-2 signature algorithms rsa-sha2-256/512. These
algorithms have the advantage of using the same key type as
"ssh-rsa" but use the safe SHA-2 hash algorithms. These have been
supported since OpenSSH 7.2 and are already used by default if the
client and server support them.
* The ssh-ed25519 signature algorithm. It has been supported in
OpenSSH since release 6.5.
* The RFC5656 ECDSA algorithms: ecdsa-sha2-nistp256/384/521. These
have been supported by OpenSSH since release 5.7.
To check whether a server is using the weak ssh-rsa public key
algorithm, for host authentication, try to connect to it after
removing the ssh-rsa algorithm from ssh(1)'s allowed list:
ssh -oHostKeyAlgorithms=-ssh-rsa user@host
If the host key verification fails and no other supported host key
types are available, the server software on that host should be
upgraded.
We intend to enable UpdateHostKeys by default in the next OpenSSH
release. This will assist the client by automatically migrating to
better algorithms. Users may consider enabling this option manually.
"SHA-1 is a Shambles: First Chosen-Prefix Collision on SHA-1 and
Application to the PGP Web of Trust" Leurent, G and Peyrin, T
(2020) https://eprint.iacr.org/2020/014.pdf
Security
========
* ssh-agent(1): restrict ssh-agent from signing web challenges for
FIDO/U2F keys.
When signing messages in ssh-agent using a FIDO key that has an
application string that does not start with "ssh:", ensure that the
message being signed is one of the forms expected for the SSH protocol
(currently public key authentication and sshsig signatures).
This prevents ssh-agent forwarding on a host that has FIDO keys
attached granting the ability for the remote side to sign challenges
for web authentication using those keys too.
Note that the converse case of web browsers signing SSH challenges is
already precluded because no web RP can have the "ssh:" prefix in the
application string that we require.
* ssh-keygen(1): Enable FIDO 2.1 credProtect extension when generating
a FIDO resident key.
The recent FIDO 2.1 Client to Authenticator Protocol introduced a
"credProtect" feature to better protect resident keys. We use this
option to require a PIN prior to all operations that may retrieve
a resident key from a FIDO token.
component name component version component license component source
