Other Sites

9to5Linux

NetworkManager 1.56 Released with New Features and Improvements

Coming six months after NetworkManager 1.54, the NetworkManager 1.56 release introduces support for configuring the HSR interlink port via the “hsr.interlink” property, support for reapplying the “sriov.vfs” property as long as “sriov.total-vfs” is not changed, and support for reapplying “bond-port.vlans”.

Ubuntu 24.04.4 LTS Is Now Available for Download Powered by Linux Kernel 6.17

Coming six months after Ubuntu 24.04.3 LTS, the Ubuntu 24.04.4 LTS point release is here as an up-to-date installation media, which includes all the latest software updates and security patches, for those who want to deploy the long-term supported Ubuntu 24.04 LTS (Noble Numbat) operating system on new computers without having to download hundreds of updated packages from the repositories after the installation.

GitHub Tray GNOME Shell Extension Puts Your GitHub Repos in the System Tray

With GitHub Tray, you can check the recent activity of your GitHub repositories directly from the top bar of your GNOME desktop without opening a web browser, providing real-time notifications about forks, issues, stars, language, and last update time.

Tails 7.4.2 Anonymous Linux OS Released to Fix Critical Security Vulnerabilities

Tails 7.4.2 comes almost two weeks after Tails 7.4.1, an emergency release that fixes critical security vulnerabilities in the OpenSSL library, and it’s yet another emergency release that fixes critical security vulnerabilities in the Linux kernel.

Mesa 26.0 Open-Source Graphics Stack Officially Released, Here’s What’s New

Highlights of Mesa 26.0 include KosmicKrisp, a new Vulkan to Metal layered driver for macOS, significant raytracing performance improvements to the RADV Vulkan driver for AMD GPUs, and support for ACO by default for the RadeonSI driver for better GPU performance and better compile times.

OpenVPN 2.7 Released with Support for DCO Linux Kernel Module, mbedTLS 4

Highlights of OpenVPN 2.7 include support for the new upstream DCO Linux kernel module, which will be available in future upstream kernel releases, multi-socket support to handle multiple addresses/ports/protocols within one server, mbedTLS 4 support, and TLS 1.3 support with bleeding-edge mbedTLS versions.

IPFire DBL Launches as a Community-Powered Domain Blocking for Everyone

IPFire DBL is designed to organize millions of domains into specific threat categories, based on your security and content policies, including malware, phishing, advertising, pornography, gambling, games, social networks, violence, piracy, dating, Smart TV, and DNS-over-HTTPS.

Parrot 7.1 Ethical Hacking Distro Released with Enlightenment Spin, Updated Tools

Coming one and a half months after Parrot 7.0, the Parrot 7.1 release introduces a new spin that uses the lightweight Enlightenment graphical environment, in addition to the MATE and LXQt desktops, and improves the management of the software repositories with Mirror Director.

LinuxGizmos.com

Radxa Cubie A7S Integrates A733 SoC, RISC-V MCU, and LPDDR5 Memory

The Allwinner A733 features a heterogeneous octa-core configuration with 2x Cortex-A76 cores running up to 2.0GHz and 6x Cortex-A55 cores up to 1.8GHz. Graphics are handled by an Imagination PowerVR BXM-4-64 MC1 GPU supporting OpenGL ES 1.1/2.0/3.x, Vulkan 1.3, and OpenCL 3.0 for UI rendering and compute acceleration.

OpenSSH 9.1 released (UPDATED)

posted by Roy Schestowitz on Oct 04, 2022,
updated Oct 05, 2022

OpenSSH 9.1 has just been released. It will be available from the
mirrors listed at https://www.openssh.com/ shortly.


OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.


Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html


Changes since OpenSSH 9.0
=========================


This release is focused on bug fixing.


Security
========


This release contains fixes for three minor memory safety problems.
None are believed to be exploitable, but we report most memory safety
problems as potential security vulnerabilities out of caution.


 * ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
   Reported by Qualys


 * ssh-keygen(1): double free() in error path of file hashing step in
   signing/verify code; GHPR333


 * ssh-keysign(8): double-free in error path introduced in openssh-8.9


Potentially-incompatible changes
--------------------------------


 * The portable OpenSSH project now signs commits and release tags
   using git's recent SSH signature support. The list of developer
   signing keys is included in the repository as .git_allowed_signers
   and is cross-signed using the PGP key that is still used to sign
   release artifacts:
   https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc


 * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
   are now first-match-wins to match other directives. Previously
   if an environment variable was multiply specified the last set
   value would have been used. bz3438


 * ssh-keygen(8): ssh-keygen -A (generate all default host key types)
   will no longer generate DSA keys, as these are insecure and have
   not been used by default for some years.


New features
------------


 * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
   RSA key length. Keys below this length will be ignored for user
   authentication and for host authentication in sshd(8). 


   ssh(1) will terminate a connection if the server offers an RSA key
   that falls below this limit, as the SSH protocol does not include
   the ability to retry a failed key exchange.


 * sftp-server(8): add a "users-groups-by-id@openssh.com" extension
   request that allows the client to obtain user/group names that
   correspond to a set of uids/gids.


 * sftp(1): use "users-groups-by-id@openssh.com" sftp-server
   extension (when available) to fill in user/group names for
   directory listings.


 * sftp-server(8): support the "home-directory" extension request
   defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
   a bit with the existing "expand-path@openssh.com", but some other
   clients support it.


 * ssh-keygen(1), sshd(8): allow certificate validity intervals,
   sshsig verification times and authorized_keys expiry-time options
   to accept dates in the UTC time zone in addition to the default
   of interpreting them in the system time zone. YYYYMMDD and
   YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
   with a 'Z' character.


   Also allow certificate validity intervals to be specified in raw
   seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
   is intended for use by regress tests and other tools that call
   ssh-keygen as part of a CA workflow. bz3468


 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
   "/usr/libexec/sftp-server -el debug3"


 * ssh-keygen(1): allow the existing -U (use agent) flag to work
   with "-Y sign" operations, where it will be interpreted to require
   that the private keys is hosted in an agent; bz3429


Bugfixes
--------


 * ssh-keygen(1): implement the "verify-required" certificate option.
   This was already documented when support for user-verified FIDO
   keys was added, but the ssh-keygen(1) code was missing.


 * ssh-agent(1): hook up the restrict_websafe command-line flag;
   previously the flag was accepted but never actually used.


 * sftp(1): improve filename tab completions: never try to complete
   names to non-existent commands, and better match the completion
   type (local or remote filename) against the argument position
   being completed.


 * ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
   handling, especially relating to keys that request
   user-verification. These should reduce the number of unnecessary
   PIN prompts for keys that support intrinsic user verification.
   GHPR302, GHPR329


 * ssh-keygen(1): when enrolling a FIDO resident key, check if a
   credential with matching application and user ID strings already
   exists and, if so, prompt the user for confirmation before
   overwriting the credential. GHPR329


 * sshd(8): improve logging of errors when opening authorized_keys
   files. bz2042


 * ssh(1): avoid multiplexing operations that could cause SIGPIPE from
   causing the client to exit early. bz3454


 * ssh_config(5), sshd_config(5): clarify that the RekeyLimit
   directive applies to both transmitted and received data. GHPR328


 * ssh-keygen(1): avoid double fclose() in error path.


 * sshd(8): log an error if pipe() fails while accepting a
   connection. bz3447


 * ssh(1), ssh-keygen(1): fix possible NULL deref when built without
   FIDO support. bz3443


 * ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
   GHPR294.


 * sshd(8): ensure that authentication passwords are cleared from
   memory in error paths. GHPR286


 * ssh(1), ssh-agent(1): avoid possibility of notifier code executing
   kill(-1). GHPR286


 * ssh_config(5): note that the ProxyJump directive also accepts the
   same tokens as ProxyCommand. GHPR305.


 * scp(1): do not not ftruncate(3) files early when in sftp mode. The
   previous behaviour of unconditionally truncating the destination
   file would cause "scp ~/foo localhost:foo" and the reverse
   "scp localhost:foo ~/foo" to delete all the contents of their
   destination. bz3431


 * ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is
   unable to load a private key; bz3429


 * sftp(1), scp(1): when performing operations that glob(3) a remote
   path, ensure that the implicit working directory used to construct
   that path escapes glob(3) characters. This prevents glob characters
   from being processed in places they shouldn't, e.g. "cd /tmp/a*/",
   "get *.txt" should have the get operation treat the path "/tmp/a*"
   literally and not attempt to expand it.


 * ssh(1), sshd(8): be stricter in which characters will be accepted
   in specifying a mask length; allow only 0-9. GHPR278


 * ssh-keygen(1): avoid printing hash algorithm twice when dumping a
   KRL


 * ssh(1), sshd(8): continue running local I/O for open channels
   during SSH transport rekeying. This should make ~-escapes work in
   the client (e.g. to exit) if the connection happened to have
   stalled during a rekey event.


 * ssh(1), sshd(8): avoid potential poll() spin during rekeying


 * Further hardening for sshbuf internals: disallow "reparenting" a
   hierarchical sshbuf and zero the entire buffer if reallocation
   fails. GHPR287


Portability
-----------


 * ssh(1), ssh-keygen(1), sshd(8): automatically enable the built-in
   FIDO security key support if libfido2 is found and usable, unless
   --without-security-key-builtin was requested.


 * ssh(1), ssh-keygen(1), sshd(8): many fixes to make the WinHello
   FIDO device usable on Cygwin. The windows://hello FIDO device will
   be automatically used by default on this platform unless requested
   otherwise, or when probing resident FIDO credentials (an operation
   not currently supported by WinHello).


 * Portable OpenSSH: remove workarounds for obsolete and unsupported
   versions of OpenSSL libcrypto. In particular, this release removes
   fallback support for OpenSSL that lacks AES-CTR or AES-GCM.


   Those AES cipher modes were added to OpenSSL prior to the minimum
   version currently supported by OpenSSH, so this is not expected to
   impact any currently supported configurations.


 * sshd(8): fix SANDBOX_SECCOMP_FILTER_DEBUG on current Linux/glibc


 * All: resync and clean up internal CSPRNG code.


 * scp(1), sftp(1), sftp-server(8): avoid linking these programs with
   unnecessary libraries. They are no longer linked against libz and
   libcrypto. This may be of benefit to space constrained systems
   using any of those components in isolation.


 * sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox
   architectures.


 * configure: remove special casing of crypt(). configure will no
   longer search for crypt() in libcrypto, as it was removed from
   there years ago. configure will now only search libc and libcrypt.


 * configure: refuse to use OpenSSL 3.0.4 due to potential RCE in its
   RSA implementation (CVE-2022-2274) on x86_64.


 * All: request 1.1x API compatibility for OpenSSL >=3.x; GHPR#322


 * ssh(1), ssh-keygen(1), sshd(8): fix a number of missing includes
   required by the XMSS code on some platforms.


 * sshd(8): cache timezone data in capsicum sandbox.


Checksums:
==========


- SHA1 (openssh-9.1.tar.gz) = 3ae2d6a3a695d92778c4c4567dcd6ad481092f6c
- SHA256 (openssh-9.1.tar.gz) = QKfVArlcItV+e8V1Th85TL5//5d/AvOUhYOeHMDEGuE=


- SHA1 (openssh-9.1p1.tar.gz) = 15545440268967511d3194ebf20bcd0c7ff3fcc9
- SHA256 (openssh-9.1p1.tar.gz) = GfhQCcfj4jeH8CNvuxV4OSq01L+fjsX+a8HNfov90og=


Please note that the SHA256 signatures are base64 encoded and not
hexadecimal (which is the default for most checksum tools). The PGP
key used to sign the releases is available from the mirror sites:
https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc


Reporting Bugs:
===============


- Please read https://www.openssh.com/report.html
  Security bugs should be reported directly to openssh@openssh.com

UPDATE

A couple of reference pages:

Announce: OpenSSH 9.1 released

OpenSSH 9.1 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly.
OpenSSH 9.1/9.1p1 (2022-10-04)

This release contains fixes for three minor memory safety problems. None are believed to be exploitable, but we report most memory safety problems as potential security vulnerabilities out of caution.

Other Recent Tux Machines' Posts

Linux mint: Monthly News – January 2026: Before we start with the news, I’d like to thank you for your donations and for your support
Bullies Versus GNU/Linux Sites [original]: Promoting GNU/Linux and condemning people who attack GNU/Linux is not a crime
Applications: mtPaint in OpenEmbedded, Self-hosted eBook Server, and Linux man pages 6.17: Application/software news
Mesa 26.0 Open-Source Graphics Stack Officially Released, Here’s What’s New: The Mesa 26.0 open-source graphics stack has been released today as a major update that introduces new features and improvements across most of the included graphics drivers.
Android Leftovers: Chrome for Android rolling out pinned tabs
Forget "tiny" distros: How I built my own minimal Linux using Debian: When I was writing an article on tiny Linux distros
Not sure if you'll like Linux? Try it from your browser: As a long-time Linux user
Free and Open Source Software, howtos and Installations: This is free and open source software
Essora Eos – minimal Devuan based Linux distribution: Essora Eos is a minimalist Linux distribution based on Devuan excalibur
Linux 6.12.71: I'm announcing the release of the 6.12.71 kernel
Hands-On With Lilidog Linux 26.02.06, the New Debian-Based Openbox Distro: When Lilidog Linux 26.02.06 was released on Friday, our Larry Cafiero opened it up and took a look to become one of the first to review it
The British Legal System Fails People Who Expose Crimes and Wrongdoing [original]: We'll soon show messages that we transmitted to politicians
Today in Techrights: Some of the latest articles
NetworkManager 1.56 Released with New Features and Improvements: NetworkManager 1.56 has been released as the latest stable version of this popular open-source software for managing network connections inside a Linux-based operating system.
Ubuntu 24.04.4 LTS Is Now Available for Download Powered by Linux Kernel 6.17: Canonical released today Ubuntu 24.04.4 LTS as the fourth point release of the long-term supported Ubuntu 24.04 LTS (Noble Numbat) operating system series.
today's leftovers: mostly GNU/Linux news
Web, Free, Libre, and Open Source Software, Standards: FOSS and more
Steam Performance in GNU/Linux, Price Hike Speculations, and More: gaming news
Mozilla: Support, Thunderbird, and Slop: some misc. Mozilla links
Red Hat Leftovers: slop and more
Open Hardware/Modding: ESP32, KiCad, postmarketOS, and More: Hardware news
today's howtos: Instructionals/Technical posts
Security and FUD, Breaches and Smears: blaming ssh and irc
GitHub Tray GNOME Shell Extension Puts Your GitHub Repos in the System Tray: Meet GitHub Tray, a GNOME Shell extension that puts your GitHub repositories into the system tray on your GNOME desktop environment with info about issues, forks, and more.
GNU/Linux and Standards-Related Leftovers: mostly GNU/Linux
Open Hardware/Modding: Linux On Mobile, 3D Printing, RISC-V, and More: Hardware picks
Programming Leftovers: Development picks for today
Games: Proton Experimental, No Man's Sky Remnant, and More: some of the latest from GamingOnLinux
Android Leftovers: Android Update Distribution Figures (2026): What the Numbers Reveal
I automated my most annoying daily Linux tasks and saved hours every week: I was procrastinating productively, which is a Linux tradition
Bluefin Linux: ChromeOS simplicity meets Linux power: Fedora-based Bluefin Linux combines the simplicity of ChromeOS with the power of a full Linux distribution
I installed Ubuntu on my old MacBook Air and I wish I'd done it sooner: As someone writing Linux articles for How-To Geek, having a dedicated Linux machine makes sense
Free and Open Source Software: This is free and open source software
Stable kernels: Linux 6.18.10, Linux 6.6.124, Linux 6.12.70, Linux 6.1.163, Linux 5.15.200, and Linux 5.10.250: I'm announcing the release of the 6.18.10 kernel
Microsoft Attack Dogs/Operatives Try to Put the Operators of Techrights and of Tux Machines in Prison [original]: The hired guns in London are eager to turn the UK into another China
Ubuntu on Old MacBook Air and Ubuntu Discards Software and Updates Tool: Canonical/Ubuntu news
LWN on Kernel, Rust, and Sigil: half a dozen new articles
Today in Techrights: Some of the latest articles
Tails 7.4.2 Anonymous Linux OS Released to Fix Critical Security Vulnerabilities: Today, the Tails project released Tails 7.4.2 as the second maintenance update to the latest Tails 7.4 series of this Debian-based distribution that protects you against surveillance and censorship.
Apple's iOS Looks Like It's About to Exceed Microsoft Windows Market Share in Switzerland [original]: Microsoft's dominance wanes
GNU/Linux Leftovers: GNU/Linux news
Red Hat, Clones, and Buzzwords: the latest
Free, Libre, and Open Source Software and Open Data: FOSS and more
Databases: PostgreSQL, MySQL, and More: DB picks for today
Security Patches, Breaches, and Windows TCO: some news related to security today
Programming Leftovers: Development picks
Retro/Hardware/Modding: Beelink, Arduino, BeagleBoard, and More: hardware projects with Linux focus
CrossOver 26 Released: for WINErs
GNU/Linux Applications: Cine, Hyprland, and More: Application in the news
today's howtos: Instructionals/Technical posts
BSD: An Introduction, Jails, and Symlinks: BSD leftovers
Linux 7.0 Kernel Confirmed by Linus Torvalds, Expected in Mid-April 2026: With the release of Linux kernel 6.19 earlier today, Linus Torvalds confirmed that the next major kernel series will have a version number bump as Linux 7.0 rather than Linux 6.20.
Linux Kernel 6.19 Officially Released, This Is What’s New: Linux kernel 6.19 is now available for download, as announced today by Linus Torvalds himself, featuring enhanced hardware support through new and updated drivers, improvements to file systems and networking, and more.
Games: Besiege, Motorsport Manager, Mewgenics, and More: a handful of articles from GamingOnLinux
OpenVPN 2.7 Released with Support for DCO Linux Kernel Module, mbedTLS 4: OpenVPN 2.7 has been released today as the latest version of this virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections.
IPFire DBL Launches as a Community-Powered Domain Blocking for Everyone: IPFire DBL (Domain Blocklist) launches as a comprehensive, community-driven domain blocking solution that gives you control over what gets blocked in your network.
Parrot 7.1 Ethical Hacking Distro Released with Enlightenment Spin, Updated Tools: ParrotSec released Parrot 7.1 today as the latest stable update to this Debian-based GNU/Linux distribution for ethical hacking and penetration testing that introduces new and updated tools.
On multitasking and "freedom to study source code in the Spanish Court": a couple of leftovers
Recent GNU/Linux Videos in Invidious: from the past week or so
Android Leftovers: The Snapdragon 8 Elite Gen 6 Pro brings LPDDR6 to Android, and it won't come cheap
Linux Mint is too bland by default: 5 "Spices" to fix your desktop: Do you love Linux Mint but think that the desktop looks a bit too plain and boring
This lightweight Linux distro I tried can run on older machines - but looks modern: If you'd like a lightweight Linux distribution for that aging hardware, but you want a more modern-looking UI
Gaming On An Arduino Uno Q In Linux: After Qualcomm’s purchase of Arduino it has left many wondering what market its new Uno Q board is trying to target
8 Linux distros I always recommend first to developers - and why: These Linux distributions deliver the compilers, flexibility, and stability serious development work demands
Free and Open Source Software, howtos and Installations: This is free and open source software
Deblinux – lightweight operating system based on Debian: Deblinux is a lightweight operating system based on Debian 13 “Trixie”
Cangaroo open-source CAN bus analyzer supports SocketCAN and CAN-FD on Linux: Cangaroo is an open-source CAN bus analyzer for Linux systems used in automotive, robotics, and industrial environments
Sad news: Dave Farber has passed away: David J. Farber passed away suddenly at his home in Roppongi
Microsoft Windows Falls to All-Time Low in Lithuania, Says statCounter [original]: Windows was near 99% back in the Vista 7 days
Today in Techrights: Some of the latest articles