Ukukhishwa kwe-OpenSSH 8.6 kushicilelwe, ukuqaliswa okuvulekile kweklayenti neseva ngokusebenza kusetshenziswa izivumelwano ze-SSH 2.0 ne-SFTP. Inguqulo entsha isusa ubungozi ekusetshenzisweni komyalelo we-LogVerbose, ovele ekukhishweni kwangaphambilini futhi ikuvumela ukuthi ukhuphule izinga lolwazi lokulungisa iphutha olulahlwe kulogi, okuhlanganisa ikhono lokuhlunga ngezifanekiso, imisebenzi namafayela ahlotshaniswa nekhodi ekhishiwe. ngamalungelo okusetha kabusha kunqubo ehlukanisiwe ye-sshd endaweni ye-sandbox.
Umhlaseli ozuza ukulawula inqubo engenamalungelo asebenzisa ukuba sengozini okungakakwaziwa angasebenzisa inkinga ye-LogVerbose ukuze adlule isibhakela esisanti futhi ahlasele inqubo egijima ngezimvume eziphakeme. Ukuba sengozini kwe-LogVerbose kuthathwa njengokungathandeki ukuthi kwenzeke ngenxa yokuthi isilungiselelo se-LogVerbose sikhutshaziwe ngokuzenzakalela futhi ngokuvamile sisetshenziswa kuphela phakathi nokususa iphutha. Ukuhlasela futhi kudinga ukuthola ukuba sengozini okusha ngenqubo engenamalungelo.
Izinguquko ku-OpenSSH 8.6 azihlobene nokuba sengozini:
- Isandiso sephrothokholi esisha senziwe ku-sftp naku-sftp-server "[i-imeyili ivikelwe]", okuvumela iklayenti le-SFTP ukuthi lithole ulwazi mayelana nemikhawulo ebekwe kuseva, okuhlanganisa imikhawulo kusayizi wephakethe omkhulu kanye nokubhala nokufunda imisebenzi. Ku-sftp, isandiso esisha sisetshenziselwa ukukhetha usayizi webhulokhi olungile lapho kudluliswa idatha.
- Ukulungiselelwa kwe-ModuliFile kwengezwe ku-sshd_config ye-sshd, okukuvumela ukuba ucacise indlela eya kufayela elithi "moduli" eliqukethe amaqembu e-DH-GEX.
- I-TEST_SSH_ELAPSED_TIMES eguquguqukayo yemvelo yengezwe ekuhlolweni kweyunithi ukuze kunikwe amandla okukhiphayo kwesikhathi esidlulile kusukela ukuhlolwa ngakunye kwenziwa.
- I-interface yesicelo sephasiwedi ye-GNOME ihlukaniswe yaba izinketho ezimbili, eyodwa ye-GNOME2 neyodwa ye-GNOME3 (contrib/gnome-ssk-askpass3.c). Okuhlukile kwe-GNOME3 ukuthuthukisa ukusebenzisana kwe-Wayland kusebenzisa ikholi eya ku-gdk_seat_grab() lapho ulawula ikhibhodi nokuthwebula kwegundane.
- Ukungavumeli okuthambile kwekholi yesistimu ye-fstatat64 yengezwe kubhokisi lesihlabathi elisuselwa ku-seccomp-bpf elisetshenziswa ku-Linux.
Source: opennet.ru