Change log for openssh package in Ubuntu
| 1 → 50 of 348 results | First • Previous • Next • Last |
openssh (1:8.9p1-3ubuntu0.4) jammy; urgency=medium
* d/p/fix-authorized-principals-command.patch: Fix the situation where
sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand
is also set by checking if the value pointed to by the pointer
'charptr' is NULL. (LP: #2031942)
-- Michal Maloszewski <email address hidden> Thu, 24 Aug 2023 15:40:24 +0200
Available diffs
openssh (1:9.0p1-1ubuntu8.5) lunar; urgency=medium
* d/p/fix-authorized-principals-command.patch: Fix the situation where
sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand
is also set by checking if the value pointed to by the pointer
'charptr' is NULL. (LP: #2031942)
-- Michal Maloszewski <email address hidden> Thu, 24 Aug 2023 15:52:47 +0200
Available diffs
openssh (1:9.3p1-1ubuntu3) mantic; urgency=medium
* d/p/fix-authorized-principals-command.patch: Fix the situation where
sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand
is also set by checking if the value pointed to by the pointer
'charptr' is NULL. (LP: #2031942)
-- Michal Maloszewski <email address hidden> Thu, 24 Aug 2023 15:20:27 +0200
Available diffs
openssh (1:8.2p1-4ubuntu0.9) focal-security; urgency=medium * SECURITY UPDATE: information leak in algorithm negotiation (LP: #2030275) - debian/patches/CVE-2020-14145-mitigation.patch: tweak the client hostkey preference ordering algorithm in sshconnect2.c. - Note: This update does not solve CVE-2020-14145, but does mitigate the issue in the specific scenario where the user has a key that matches the best-preference default algorithm. -- Marc Deslauriers <email address hidden> Fri, 04 Aug 2023 18:02:08 -0400
Available diffs
openssh (1:9.3p1-1ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: remote code execution relating to PKCS#11 providers
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
- debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
- CVE-2023-38408
-- Marc Deslauriers <email address hidden> Mon, 24 Jul 2023 15:01:06 -0400
Available diffs
openssh (1:8.9p1-3ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: remote code execution relating to PKCS#11 providers
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
- debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
- CVE-2023-38408
-- Marc Deslauriers <email address hidden> Wed, 19 Jul 2023 15:41:52 -0400
Available diffs
openssh (1:9.0p1-1ubuntu8.4) lunar-security; urgency=medium
* SECURITY UPDATE: remote code execution relating to PKCS#11 providers
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
- debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
- CVE-2023-38408
-- Marc Deslauriers <email address hidden> Wed, 19 Jul 2023 15:40:25 -0400
Available diffs
openssh (1:8.2p1-4ubuntu0.8) focal-security; urgency=medium
* SECURITY UPDATE: remote code execution relating to PKCS#11 providers
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
- CVE-2023-38408
-- Marc Deslauriers <email address hidden> Wed, 19 Jul 2023 15:56:59 -0400
Available diffs
openssh (1:9.3p1-1ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2025664). Remaining changes: - debian/rules: modify dh_installsystemd invocations for socket-activated sshd - debian/openssh-server.postinst: handle migration of sshd_config options to systemd socket options on upgrade. - debian/README.Debian: document systemd socket activation. - debian/patches/socket-activation-documentation.patch: Document in sshd_config(5) that ListenAddress and Port no longer work. - debian/openssh-server.templates: include debconf prompt explaining when migration cannot happen due to multiple ListenAddress values - debian/.gitignore: drop file - debian/openssh-server.postrm: remove systemd drop-ins for socket-activated sshd on purge - debian/openssh-server.ucf-md5sum: update for Ubuntu delta - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move /run/sshd creation out of the systemd unit to a tmpfile config so that sshd can be run manually if necessary without having to create this directory by hand. - debian/patches/systemd-socket-activation.patch: Fix sshd re-execution behavior when socket activation is used - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket activation functionality. - d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no for some tests - Ensure smooth upgrade path from versions affected by LP: #2020474: + debian/openssh-server.postint: do not try to restart systemd units, and instead indicate that a reboot is required + debian/tests/systemd-socket-activation: Reboot the testbed before starting the test + debian/rules: Do not stop ssh.socket on upgrade
Available diffs
- diff from 1:9.2p1-2ubuntu3 to 1:9.3p1-1ubuntu1 (330.2 KiB)
openssh (1:9.0p1-1ubuntu7.3) kinetic; urgency=medium
* debian/patches/systemd-socket-activation.patch: do not leak sockets in
child process. Follow-up fix for LP: #2011458.
-- Nick Rosbrook <email address hidden> Tue, 30 May 2023 16:58:06 -0400
Available diffs
openssh (1:9.0p1-1ubuntu8.2) lunar; urgency=medium
* debian/patches/systemd-socket-activation.patch: do not leak sockets in
child process. Follow-up fix for LP: #2011458.
-- Nick Rosbrook <email address hidden> Fri, 26 May 2023 10:44:48 -0400
Available diffs
openssh (1:9.2p1-2ubuntu3) mantic; urgency=medium * Fix upgrade of openssh-server with active ssh session (LP: #2020474) - debian/patches/systemd-socket-activation.patch: + Do force closing of listen sockets in child process + Set rexec_flag = 0 when sshd is socket-activated so that child process does not re-exec - debian/openssh-server.postint: + When upgrading from affected versions of openssh, do not try to restart systemd units, and instead indicate that a reboot is required - debian/tests/systemd-socket-activation: + Reboot the testbed before starting the test - debian/rules: + Do not stop ssh.socket on upgrade * d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no for some tests
Available diffs
| Superseded in mantic-proposed |
openssh (1:9.2p1-2ubuntu2) mantic; urgency=medium * debian/README.Debian: Fix path of addresses.conf drop-in
Available diffs
- diff from 1:9.2p1-2ubuntu1 to 1:9.2p1-2ubuntu2 (484 bytes)
| Superseded in mantic-proposed |
openssh (1:9.2p1-2ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2018094). Remaining changes: - debian/rules: modify dh_installsystemd invocations for socket-activated sshd - debian/openssh-server.postinst: handle migration of sshd_config options to systemd socket options on upgrade. - debian/README.Debian: document systemd socket activation. - debian/patches/socket-activation-documentation.patch: Document in sshd_config(5) that ListenAddress and Port no longer work. - debian/openssh-server.templates: include debconf prompt explaining when migration cannot happen due to multiple ListenAddress values - debian/.gitignore: drop file - debian/openssh-server.postrm: remove systemd drop-ins for socket-activated sshd on purge - debian/openssh-server.ucf-md5sum: Update list of stock sshd_config checksums to include those from jammy and kinetic. - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move /run/sshd creation out of the systemd unit to a tmpfile config so that sshd can be run manually if necessary without having to create this directory by hand. - debian/patches/systemd-socket-activation.patch: Fix sshd re-execution behavior when socket activation is used - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket activation functionality. * Dropped changes, included in Debian: - debian/patches/systemd-socket-activation.patch: Initial implementation * New changes: - debian/README.Debian: mention drop-in configurations in instructions for disabling sshd socket activation (LP: #2017434). - debian/openssh-server.ucf-md5sum: update for Ubuntu delta
Available diffs
- diff from 1:9.0p1-1ubuntu8.1 to 1:9.2p1-2ubuntu1 (726.3 KiB)
| Superseded in kinetic-proposed |
openssh (1:9.0p1-1ubuntu7.2) kinetic; urgency=medium
* debian/patches/systemd-socket-activation.patch: Fix re-execution behavior
(LP: #2011458):
- Remove FD_CLOEXEC on fds passed by systemd to prevent automatic closing
when sshd re-executes.
- Do not manually close fds passed by systemd when re-executing.
- Only call sd_listen_fds() once, and only in the parent process.
- Check the LISTEN_FDS environment variable to get the number of fds
passed by systemd when re-executing as a child process.
* debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
-- Nick Rosbrook <email address hidden> Tue, 18 Apr 2023 10:23:13 -0400
Available diffs
| Superseded in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
| Superseded in lunar-proposed |
openssh (1:9.0p1-1ubuntu8.1) lunar; urgency=medium
* debian/patches/systemd-socket-activation.patch: Fix re-execution behavior
(LP: #2011458):
- Remove FD_CLOEXEC on fds passed by systemd to prevent automatic closing
when sshd re-executes.
- Do not manually close fds passed by systemd when re-executing.
- Only call sd_listen_fds() once, and only in the parent process.
- Check the LISTEN_FDS environment variable to get the number of fds
passed by systemd when re-executing as a child process.
* debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
-- Nick Rosbrook <email address hidden> Fri, 31 Mar 2023 12:44:32 -0400
Available diffs
openssh (1:8.2p1-4ubuntu0.7) focal; urgency=medium
* d/p/lp2012298-upstream-fix-match-in-d-config.patch: Allow ssh_config.d/
configuration files to correctly update the PasswordAuthentication setting
(LP: #2012298)
-- Lena Voytek <email address hidden> Mon, 03 Apr 2023 15:47:13 -0700
Available diffs
openssh (1:8.9p1-3ubuntu0.1) jammy; urgency=medium
* d/p/fix-poll-spin.patch: Fix poll(2) spin when a channel's output
fd closes without data in the channel buffer.
(LP: #1986521)
-- Bryce Harrington <email address hidden> Tue, 22 Nov 2022 23:38:19 -0800
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
openssh (1:9.0p1-1ubuntu8) lunar; urgency=medium
* debian/openssh-server.postinst: Fix handling of ListenAddress when a port
is specified (LP: #1993478):
- Strip port before converting hostnames to numerical addresses.
- Only append ports when the ListenAddress does not already specify a
port.
- Revert socket migration on upgrade if a previous version did the
migration when it should not have.
* debian/openssh-server.postinst: Ignore empty directory failure from rmdir
when skipping socket migration (LP: #1995294).
-- Nick Rosbrook <email address hidden> Tue, 25 Oct 2022 11:57:43 -0400
Available diffs
openssh (1:9.0p1-1ubuntu7.1) kinetic; urgency=medium
* debian/openssh-server.postinst: Fix handling of ListenAddress when a port
is specified (LP: #1993478):
- Strip port before converting hostnames to numerical addresses.
- Only append ports when the ListenAddress does not already specify a
port.
- Revert socket migration on upgrade if a previous version did the
migration when it should not have.
* debian/openssh-server.postinst: Ignore empty directory failure from rmdir
when skipping socket migration (LP: #1995294).
-- Nick Rosbrook <email address hidden> Tue, 25 Oct 2022 11:57:43 -0400
Available diffs
| Superseded in lunar-release |
| Published in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
openssh (1:9.0p1-1ubuntu7) kinetic; urgency=medium
* Update list of stock sshd_config checksums to include those from
jammy and kinetic.
* Add a workaround for LP: #1990863 (now fixed in livecd-rootfs) to
avoid spurious ucf prompts on upgrade.
* Move /run/sshd creation out of the systemd unit to a tmpfile config
so that sshd can be run manually if necessary without having to create
this directory by hand. LP: #1991283.
[ Nick Rosbrook ]
* debian/openssh-server.postinst: Fix addresses.conf generation when only
non-default Port is used in /etc/ssh/sshd_config (LP: #1991199).
-- Steve Langasek <email address hidden> Mon, 26 Sep 2022 21:55:14 +0000
Available diffs
openssh (1:9.0p1-1ubuntu6) kinetic; urgency=medium * Fix syntax error in postinst :/ -- Steve Langasek <email address hidden> Fri, 23 Sep 2022 19:51:32 +0000
Available diffs
- diff from 1:9.0p1-1ubuntu3 to 1:9.0p1-1ubuntu6 (4.7 KiB)
- diff from 1:9.0p1-1ubuntu5 to 1:9.0p1-1ubuntu6 (514 bytes)
| Superseded in kinetic-proposed |
openssh (1:9.0p1-1ubuntu5) kinetic; urgency=medium
* Correctly handle the case of new installs, and correctly apply systemd
unit overrides on upgrade from existing kinetic systems.
-- Steve Langasek <email address hidden> Fri, 23 Sep 2022 19:45:18 +0000
Available diffs
- diff from 1:9.0p1-1ubuntu4 to 1:9.0p1-1ubuntu5 (798 bytes)
| Superseded in kinetic-proposed |
openssh (1:9.0p1-1ubuntu4) kinetic; urgency=medium
* Don't migrate users to socket activation if multiple ListenAddresses
might make sshd unreliable on boot.
* Fix regexp bug that prevented proper migration of IPv6 address settings.
-- Steve Langasek <email address hidden> Fri, 23 Sep 2022 19:35:37 +0000
Available diffs
| Superseded in focal-proposed |
openssh (1:8.2p1-4ubuntu0.6) focal; urgency=medium
* d/p/fix-outdated-info-ssh-conf.patch: Fix outdated information
(LP: #1871465)
-- Michal Maloszewski <email address hidden> Tue, 26 Jul 2022 21:51:55 +0200
Available diffs
openssh (1:9.0p1-1ubuntu3) kinetic; urgency=medium
* Document in the default sshd_config file the changes in behavior
triggered by use of socket-based activation.
-- Steve Langasek <email address hidden> Fri, 26 Aug 2022 00:40:11 +0000
Available diffs
| Superseded in kinetic-proposed |
openssh (1:9.0p1-1ubuntu2) kinetic; urgency=medium
* Fix manpage to not claim socket-based activation is the default on
Debian!
-- Steve Langasek <email address hidden> Fri, 26 Aug 2022 00:21:42 +0000
Available diffs
- diff from 1:9.0p1-1ubuntu1 to 1:9.0p1-1ubuntu2 (562 bytes)
| Superseded in kinetic-proposed |
openssh (1:9.0p1-1ubuntu1) kinetic; urgency=medium
* debian/patches/systemd-socket-activation.patch: support systemd
socket activation.
* debian/systemd/ssh.socket, debian/systemd/ssh.service: use socket
activation by default.
* debian/rules: rejigger dh_installsystemd invocations so ssh.service and
ssh.socket don't fight.
* debian/openssh-server.postinst: handle migration of sshd_config options
to systemd socket options on upgrade.
* debian/README.Debian: document systemd socket activation.
* debian/patches/socket-activation-documentation.patch: Document in
sshd_config(5) that ListenAddress and Port no longer work.
* debian/openssh-server.templates, debian/openssh-server.postinst: include
debconf warning about possible service failure with multiple
ListenAddress settings.
-- Steve Langasek <email address hidden> Fri, 19 Aug 2022 20:43:16 +0000
Available diffs
openssh (1:9.0p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):
- scp(1): Use the SFTP protocol by default (closes: #144579, #204546,
#327019). This changes scp's quoting semantics by no longer performing
wildcard expansion using the remote shell, and (with some server
versions) no longer expanding ~user paths. The -O option is available
to use the old protocol. See NEWS.Debian for more details.
- ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
exchange method by default ("<email address hidden>").
The NTRU algorithm is believed to resist attacks enabled by future
quantum computers and is paired with the X25519 ECDH key exchange (the
previous default) as a backstop against any weaknesses in NTRU Prime
that may be discovered in the future. The combination ensures that the
hybrid exchange offers at least as good security as the status quo.
- sftp-server(8): support the "copy-data" extension to allow server-
side copying of files/data, following the design in
draft-ietf-secsh-filexfer-extensions-00.
- sftp(1): add a "cp" command to allow the sftp client to perform
server-side file copies.
- ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output fd
closes without data in the channel buffer (closes: #1007822).
- sshd(8): pack pollfd array in server listen/accept loop. Could cause
the server to hang/spin when MaxStartups > RLIMIT_NOFILE.
- ssh-keygen(1): avoid NULL deref via the find-principals and
check-novalidate operations. bz3409 and GHPR307 respectively.
- scp(1): fix a memory leak in argument processing.
- sshd(8): don't try to resolve ListenAddress directives in the sshd
re-exec path. They are unused after re-exec and parsing errors
(possible for example if the host's network configuration changed)
could prevent connections from being accepted.
- sshd(8): when refusing a public key authentication request from a
client for using an unapproved or unsupported signature algorithm
include the algorithm name in the log message to make debugging
easier.
- ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
parsing of K/M/G/etc quantities.
- sshd(8): default to not using sandbox when cross compiling. On most
systems poll(2) does not work when the number of FDs is reduced with
setrlimit, so assume it doesn't when cross compiling and we can't run
the test.
* Remove obsolete FAQ, removed from openssh.com in 2016.
-- Colin Watson <email address hidden> Sat, 09 Apr 2022 14:14:10 +0100
Available diffs
- diff from 1:8.9p1-3 to 1:9.0p1-1 (68.2 KiB)
| Deleted in impish-proposed (Reason: Block-proposed set and series is going EOL) |
openssh (1:8.4p1-6ubuntu2.2) impish; urgency=medium
* d/p/fix-connect-timeout-overflow.patch: prevent ConnectTimeout overflow.
(LP: #1903516)
-- Athos Ribeiro <email address hidden> Wed, 30 Mar 2022 09:40:10 -0300
Available diffs
openssh (1:8.2p1-4ubuntu0.5) focal; urgency=medium
* d/p/fix-connect-timeout-overflow.patch: prevent ConnectTimeout overflow.
(LP: #1903516)
[ Sergio Durigan Junior ]
* d/p/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch:
Preserve group/world read permissions on known_hosts. (LP: #1966591)
-- Athos Ribeiro <email address hidden> Wed, 30 Mar 2022 10:03:15 -0300
Available diffs
openssh (1:7.6p1-4ubuntu0.7) bionic; urgency=medium
* d/p/fix-connect-timeout-overflow.patch: prevent ConnectTimeout overflow.
(LP: #1903516)
[ Sergio Durigan Junior ]
* d/p/lp1966591-upstream-preserve-group-world-read-permission-on-kno.patch:
Preserve group/world read permissions on known_hosts. (LP: #1966591)
-- Athos Ribeiro <email address hidden> Wed, 30 Mar 2022 10:17:14 -0300
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
openssh (1:8.9p1-3) unstable; urgency=medium * Allow ppoll_time64 in seccomp filter (closes: #1006445). -- Colin Watson <email address hidden> Fri, 25 Feb 2022 23:30:49 +0000
Available diffs
- diff from 1:8.8p1-1 to 1:8.9p1-3 (486.2 KiB)
- diff from 1:8.9p1-2 to 1:8.9p1-3 (1.0 KiB)
openssh (1:8.9p1-2) unstable; urgency=medium * Improve detection of -fzero-call-used-regs=all support. -- Colin Watson <email address hidden> Thu, 24 Feb 2022 16:09:56 +0000
Available diffs
- diff from 1:8.9p1-1 to 1:8.9p1-2 (1.2 KiB)
openssh (1:8.9p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#8.9p1):
- sshd(8): fix an integer overflow in the user authentication path that,
in conjunction with other logic errors, could have yielded
unauthenticated access under difficult to exploit conditions.
- sshd(8), portable OpenSSH only: this release removes in-built support
for MD5-hashed passwords.
- ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1).
- ssh(1), sshd(8): add the <email address hidden> hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default
KEXAlgorithms list (after the ECDH methods but before the prime-group
DH ones). The next release of OpenSSH is likely to make this key
exchange the default method.
- ssh-keygen(1): when downloading resident keys from a FIDO token, pass
back the user ID that was used when the key was created and append it
to the filename the key is written to (if it is not the default).
Avoids keys being clobbered if the user created multiple resident keys
with the same application string but different user IDs.
- ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys on
tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.
- ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers file.
To be used towards a TOFU model for SSH signatures in git.
- ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added to
ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.
- ssh-keygen(1): allow selection of hash at sshsig signing time (either
sha512 (default) or sha256).
- ssh(1), sshd(8): read network data directly to the packet input buffer
instead indirectly via a small stack buffer. Provides a modest
performance improvement.
- ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.
- ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.
- sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block.
- sshd(8): fix possible string truncation when constructing paths to
.rhosts/.shosts files with very long user home directory names.
- ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes.
- ssh(1): don't put the TTY into raw mode when SessionType=none, avoids
^C being unable to kill such a session.
- scp(1): fix some corner-case bugs in SFTP-mode handling of ~-prefixed
paths.
- ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to select
RSA keys when only RSA/SHA2 signature algorithms are configured (this
is the default case). Previously RSA keys were not being considered in
the default case.
- ssh-keysign(1): make ssh-keysign use the requested signature algorithm
and not the default for the key type. Part of unbreaking hostbased
auth for RSA/SHA2 keys.
- ssh(1): stricter UpdateHostkey signature verification logic on the
client-side. Require RSA/SHA2 signatures for RSA hostkeys except when
RSA/SHA1 was explicitly negotiated during initial KEX.
- ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to prefer
RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This
will use RSA/SHA2 signatures for RSA keys if the client proposed these
algorithms in initial KEX.
- All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1) and
sftp-server(8), as well as the sshd(8) listen loop and all other FD
read/writability checks. On platforms with missing or broken
poll(2)/ppoll(2) syscalls a select(2)-based compat shim is available.
- ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes within
the allowed signers file.
- ssh-keygen(1): make sshsig verify-time argument parsing optional.
- sshd(8): fix truncation in rhosts/shosts path construction.
- ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib".
- ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to it in
cases where the token supports on-token user-verification (e.g.
biometrics) rather than just assuming that it will accept it. Will
reduce spurious "Confirm user presence" notifications for key handles
that relate to FIDO keys that are not currently inserted in at least
some cases.
- ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to allow
for the preceding two ECN bits.
- ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.
- ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line
- ssh-agent(1): fix memleak in process_extension().
- ssh(1): suppress "Connection to xxx closed" messages when LogLevel is
set to "error" or above.
- ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing compressed
packet data.
- scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.
- scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.
- sshd(8): fix potential race in SIGTERM handling.
- ssh(1), ssh(8): since DSA keys are deprecated, move them to the end of
the default list of public keys so that they will be tried last.
- ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match wildcard
principals in allowed_signers files.
- ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not have
close_range(2). It tries to read from /proc/self/fd and when that
fails dies with an assertion of sorts. Instead, call close_range(2)
directly from our compat code and fall back if that fails.
- Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.
* Drop patch to work around https://twistedmatrix.com/trac/ticket/9515,
since the fix for that is in Debian stable.
-- Colin Watson <email address hidden> Thu, 24 Feb 2022 11:06:15 +0000
Available diffs
- diff from 1:8.8p1-1 to 1:8.9p1-1 (485.3 KiB)
openssh (1:8.8p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#8.8p1,
closes: #996391):
- This release disables RSA signatures using the SHA-1 hash algorithm by
default. (Existing RSA keys may still be used and do not need to be
replaced; see NEWS.Debian if you have problems connecting to old SSH
servers.)
- ssh(1): allow the ssh_config(5) CanonicalizePermittedCNAMEs directive
to accept a "none" argument to specify the default behaviour.
- scp(1): when using the SFTP protocol, continue transferring files
after a transfer error occurs, better matching original scp/rcp
behaviour.
- ssh(1): fixed a number of memory leaks in multiplexing,
- ssh-keygen(1): avoid crash when using the -Y find-principals command.
- A number of documentation and manual improvements.
- ssh(1)/sshd(8): some fixes to the pselect(2) replacement compatibility
code.
* Work around missing RSA SHA-2 signature support in conch until the
upstream fix lands in Debian.
-- Colin Watson <email address hidden> Tue, 15 Feb 2022 19:20:21 +0000
Available diffs
- diff from 1:8.7p1-4 to 1:8.8p1-1 (47.8 KiB)
openssh (1:7.6p1-4ubuntu0.6) bionic; urgency=medium * fix clients advertising version 1.99 (LP: #1863930) - d/p/lp-1863930-Fix-logic-bug-in-sshd_exchange_identification.patch - d/p/lp-1863930-unbreak-clients-that-advertise-protocol.patch -- Christian Ehrhardt <email address hidden> Tue, 03 Mar 2020 07:47:02 +0100
Available diffs
openssh (1:8.7p1-4) unstable; urgency=medium [ Daniel Baumann ] * Fix typo in openssh-client.alternatives (closes: #1002803). [ Colin Watson ] * Further clarify socket activation instructions. -- Colin Watson <email address hidden> Wed, 29 Dec 2021 12:08:38 +0000
Available diffs
- diff from 1:8.7p1-2build1 (in Ubuntu) to 1:8.7p1-4 (6.2 KiB)
- diff from 1:8.7p1-3 to 1:8.7p1-4 (802 bytes)
openssh (1:8.7p1-3) unstable; urgency=medium
* Include unit test binaries in openssh-tests even if building with
DEB_BUILD_OPTIONS=nocheck.
* Install built version of sshd_config, with corrected PATH and PidFile.
* Upgrade to debhelper v13.
* debian/copyright: Use HTTPS in Source field.
* Update renamed Lintian tag name in Lintian override.
* debian/watch: Upgrade to version 4.
* Clarify instructions for using socket activation to avoid accidental
attempts to start the non-socket-activated service that can result in
systems without a running sshd (closes: #1001320).
* Remove maintainer script code for upgrades from before Debian 9.
* Make the sysvinit script provide "ssh" as well as "sshd".
* Set Rules-Requires-Root: no.
* Use dh_installalternatives.
* Simplify some debhelper overrides slightly.
-- Colin Watson <email address hidden> Wed, 29 Dec 2021 01:12:00 +0000
Available diffs
openssh (1:8.2p1-4ubuntu0.4) focal; urgency=medium
* d/p/match-host-certs-w-public-keys.patch: Add patch
to match host certificates agianst host public keys.
(LP: #1952421)
-- ChloƩ S <email address hidden> Thu, 02 Dec 2021 22:38:52 +0000
Available diffs
openssh (1:8.4p1-5ubuntu1.2) hirsute; urgency=medium
* d/p/match-host-certs-w-public-keys.patch: Add patch
to match host certificates agianst host public keys.
(LP: #1952421)
-- ChloƩ S <email address hidden> Wed, 01 Dec 2021 14:12:42 +0000
Available diffs
openssh (1:8.7p1-2build1) jammy; urgency=medium * No-change rebuild against openssl3 -- Simon Chopin <email address hidden> Wed, 01 Dec 2021 16:09:22 +0000
Available diffs
openssh (1:8.4p1-6ubuntu2.1) impish; urgency=medium
* d/p/match-host-certs-w-public-keys.patch: Add patch
to match host certificates agianst host public keys.
(LP: #1952421)
-- Utkarsh Gupta <email address hidden> Fri, 26 Nov 2021 17:25:36 +0530
Available diffs
openssh (1:8.7p1-2) unstable; urgency=medium
* Backport from upstream:
- Avoid NULL deref in -Y find-principals (closes: #999593).
-- Colin Watson <email address hidden> Sat, 13 Nov 2021 13:40:50 +0000
Available diffs
- diff from 1:8.4p1-6ubuntu2 (in Ubuntu) to 1:8.7p1-2 (766.5 KiB)
- diff from 1:8.7p1-1 to 1:8.7p1-2 (1.4 KiB)
openssh (1:8.7p1-1) unstable; urgency=medium
* debian/upstream/signing-key.asc: Update from upstream.
* New upstream release (https://www.openssh.com/releasenotes.html#8.7p1):
- scp(1): this release changes the behaviour of remote to remote copies
(e.g. "scp host-a:/path host-b:") to transfer through the local host
by default (closes: #734386, LP: #1462758). This was previously
available via the -3 flag. A -R flag has been added to select the old
behaviour.
- ssh(1)/sshd(8): both the client and server are now using a stricter
configuration file parser.
- ssh(1): when using SSHFP DNS records for host key verification, ssh(1)
will verify all matching records instead of just those with the
specific signature type requested.
- ssh-keygen(1): when generating a FIDO key and specifying an explicit
attestation challenge (using -Ochallenge), the challenge will now be
hashed by the builtin security key middleware.
- sshd(8): environment="..." directives in authorized_keys files are now
first-match-wins and limited to 1024 discrete environment variable
names.
- scp(1): experimental support for transfers using the SFTP protocol as
a replacement for the venerable SCP/RCP protocol that it has
traditionally used. SFTP offers more predictable filename handling and
does not require expansion of glob(3) patterns via the shell on the
remote side.
SFTP support may be enabled via a temporary scp -s flag. It is
intended for SFTP to become the default transfer mode in the near
future, at which time the -s flag will be removed. The -O flag exists
to force use of the original SCP/RCP protocol for cases where SFTP may
be unavailable or incompatible.
- sftp-server(8): add a protocol extension to support expansion of ~/
and ~user/ prefixed paths. This was added to support these paths when
used by scp(1) while in SFTP mode.
- ssh(1): add a ForkAfterAuthentication ssh_config(5) counterpart to the
ssh(1) -f flag. GHPR231
- ssh(1): add a StdinNull directive to ssh_config(5) that allows the
config file to do the same thing as -n does on the ssh(1) command-
line. GHPR231
- ssh(1): add a SessionType directive to ssh_config, allowing the
configuration file to offer equivalent control to the -N (no session)
and -s (subsystem) command-line flags (closes: #609122).
- ssh-keygen(1): allowed signers files used by ssh-keygen(1) signatures
now support listing key validity intervals alongside they key, and
ssh-keygen(1) can optionally check during signature verification
whether a specified time falls inside this interval. This feature is
intended for use by git to support signing and verifying objects using
ssh keys.
- ssh-keygen(8): support printing of the full public key in a sshsig
signature via a -Oprint-pubkey flag.
- ssh(1)/sshd(8): start time-based re-keying exactly on schedule in the
client and server mainloops. Previously the re-key timeout could
expire but re-keying would not start until a packet was sent or
received, causing a spin in select() if the connection was quiescent.
- ssh-keygen(1): avoid Y2038 problem in printing certificate validity
lifetimes. Dates past 2^31-1 seconds since epoch were displayed
incorrectly on some platforms.
- scp(1): allow spaces to appear in usernames for local to remote and
scp -3 remote to remote copies.
- ssh(1)/sshd(8): remove references to ChallengeResponseAuthentication
in favour of KbdInteractiveAuthentication. The former is what was in
SSHv1, the latter is what is in SSHv2 (RFC4256) and they were treated
as somewhat but not entirely equivalent. We retain the old name as a
deprecated alias so configuration files continue to work as well as a
reference in the man page for people looking for it.
- ssh(1)/ssh-add(1)/ssh-keygen(1): fix decoding of X.509 subject name
when extracting a key from a PKCS#11 certificate.
- ssh(1): restore blocking status on stdio fds before close. ssh(1)
needs file descriptors in non-blocking mode to operate but it was not
restoring the original state on exit. This could cause problems with
fds shared with other programs via the shell.
- ssh(1)/sshd(8): switch both client and server mainloops from select(3)
to pselect(3). Avoids race conditions where a signal may arrive
immediately before select(3) and not be processed until an event
fires.
- ssh(1): sessions started with ControlPersist were incorrectly
executing a shell when the -N (no shell) option was specified (closes:
#762633).
- ssh(1): check if IPQoS or TunnelDevice are already set before
overriding. Prevents values in config files from overriding values
supplied on the command line.
- ssh(1): fix debug message when finding a private key to match a
certificate being attempted for user authentication. Previously it
would print the certificate's path, whereas it was supposed to be
showing the private key's path.
- sshd(8): match host certificates against host public keys, not private
keys. Allows use of certificates with private keys held in a
ssh-agent.
- ssh(1): add a workaround for a bug in OpenSSH 7.4 sshd(8), which
allows RSA/SHA2 signatures for public key authentication but fails to
advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of
these server to incorrectly match PubkeyAcceptedAlgorithms and
potentially refuse to offer valid keys.
- sftp(1)/scp(1): degrade gracefully if a sftp-server offers the
<email address hidden> extension but fails when the client tries to invoke
it.
- ssh(1): allow ssh_config SetEnv to override $TERM, which is otherwise
handled specially by the protocol. Useful in ~/.ssh/config to set TERM
to something generic (e.g. "xterm" instead of "xterm-256color") for
destinations that lack terminfo entries.
- sftp-server(8): the <email address hidden> extension was incorrectly
marked as an operation that writes to the filesystem, which made it
unavailable in sftp-server read-only mode.
- ssh(1): fix SEGV in UpdateHostkeys debug() message, triggered when the
update removed more host keys than remain present.
- Many manual page fixes.
- sshd(8): handle GIDs > 2^31 in getgrouplist. When compiled in 32bit
mode, the getgrouplist implementation may fail for GIDs greater than
LONG_MAX.
- ssh(1): xstrdup environment variable used by ForwardAgent.
- sshd(8): don't sigdie() in signal handler in privsep child process;
this can end up causing sandbox violations.
* New upstream release (https://www.openssh.com/releasenotes.html#8.6p1):
- sftp-server(8): add a new <email address hidden> protocol extension that
allows a client to discover various server limits, including maximum
packet size and maximum read/write length.
- sftp(1): use the new <email address hidden> extension (when available) to
select better transfer lengths in the client.
- sshd(8): Add ModuliFile keyword to sshd_config to specify the location
of the "moduli" file containing the groups for DH-GEX.
- ssh_config(5), sshd_config(5): sync CASignatureAlgorithms lists in
manual pages with the current default.
- ssh(1): ensure that pkcs11_del_provider() is called before exit.
- ssh(1), sshd(8): fix problems in string->argv conversion. Multiple
backslashes were not being dequoted correctly and quoted space in the
middle of a string was being incorrectly split.
- ssh(1): return non-zero exit status when killed by signal.
- sftp-server(8): increase maximum SSH2_FXP_READ to match the maximum
packet size. Also handle zero-length reads that are not explicitly
banned by the spec.
- sshd(8): don't mistakenly exit on transient read errors on the network
socket (e.g. EINTR, EAGAIN).
- Create a dedicated contrib/gnome-ssk-askpass3.c source instead of
building it from the same file as used for GNOME2. Use the GNOME3
gdk_seat_grab() to manage keyboard/mouse/server grabs for better
compatibility with Wayland.
- sshd(8): soft-disallow the fstatat64 syscall in the Linux seccomp-bpf
sandbox.
* New upstream release (https://www.openssh.com/releasenotes.html#8.5p1):
- ssh(1), sshd(8): change the first-preference signature algorithm from
ECDSA to ED25519.
- ssh(1), sshd(8): set the TOS/DSCP specified in the configuration for
interactive use prior to TCP connect.
- ssh(1), sshd(8): remove the pre-standardization cipher
<email address hidden>.
- ssh(1), sshd(8): update/replace the experimental post-quantum hybrid
key exchange method based on Streamlined NTRU Prime coupled with
X25519.
- ssh(1): disable CheckHostIP by default. It provides insignificant
benefits while making key rotation significantly more difficult,
especially for hosts behind IP-based load-balancers (closes: #764027).
- ssh(1): enable UpdateHostkeys by default subject to some conservative
preconditions (closes: #875532):
+ The key was matched in the UserKnownHostsFile (and not in the
GlobalKnownHostsFile).
+ The same key does not exist under another name.
+ A certificate host key is not in use.
+ known_hosts contains no matching wildcard hostname pattern.
+ VerifyHostKeyDNS is not enabled.
+ The default UserKnownHostsFile is in use.
We expect some of these conditions will be modified or relaxed in
future.
- ssh(1), sshd(8): add a new LogVerbose configuration directive that
allows forcing maximum debug logging by file/function/line
pattern-lists.
- ssh(1): when prompting the user to accept a new hostkey, display any
other host names/addresses already associated with the key.
- ssh(1): allow UserKnownHostsFile=none to indicate that no known_hosts
file should be used to identify host keys.
- ssh(1): add a ssh_config KnownHostsCommand option that allows the
client to obtain known_hosts data from a command in addition to the
usual files.
- ssh(1): add a ssh_config PermitRemoteOpen option that allows the
client to restrict the destination when RemoteForward is used with
SOCKS.
- ssh(1): for FIDO keys, if a signature operation fails with a
"incorrect PIN" reason and no PIN was initially requested from the
user, then request a PIN and retry the operation. This supports some
biometric devices that fall back to requiring PIN when reading of the
biometric failed, and devices that require PINs for all hosted
credentials.
- sshd(8): implement client address-based rate-limiting via new
sshd_config(5) PerSourceMaxStartups and PerSourceNetBlockSize
directives that provide more fine-grained control on a per-origin
address basis than the global MaxStartups limit.
- ssh(1): Prefix keyboard interactive prompts with "(user@host)" to make
it easier to determine which connection they are associated with in
cases like scp -3, ProxyJump, etc. (closes: #343267).
- sshd(8): fix sshd_config SetEnv directives located inside Match
blocks.
- ssh(1): when requesting a FIDO token touch on stderr, inform the user
once the touch has been recorded.
- ssh(1): prevent integer overflow when ridiculously large
ConnectTimeout values are specified, capping the effective value (for
most platforms) at 24 days.
- ssh(1): consider the ECDSA key subtype when ordering host key
algorithms in the client.
- ssh(1), sshd(8): rename the PubkeyAcceptedKeyTypes keyword to
PubkeyAcceptedAlgorithms. The previous name incorrectly suggested that
it control allowed key algorithms, when this option actually specifies
the signature algorithms that are accepted. The previous name remains
available as an alias (closes: #933665).
- ssh(1), sshd(8): similarly, rename HostbasedKeyTypes (ssh) and
HostbasedAcceptedKeyTypes (sshd) to HostbasedAcceptedAlgorithms.
- sftp-server(8): add missing <email address hidden> documentation and
advertisement in the server's SSH2_FXP_VERSION hello packet.
- ssh(1), sshd(8): more strictly enforce KEX state-machine by banning
packet types once they are received. Fixes memleak caused by duplicate
SSH2_MSG_KEX_DH_GEX_REQUEST.
- sftp(1): allow the full range of UIDs/GIDs for chown/chgrp on 32bit
platforms instead of being limited by LONG_MAX.
- Minor man page fixes (capitalization, commas, etc.)
- sftp(1): when doing an sftp recursive upload or download of a
read-only directory, ensure that the directory is created with write
and execute permissions in the interim so that the transfer can
actually complete, then set the directory permission as the final
step.
- ssh-keygen(1): document the -Z, check the validity of its argument
earlier and provide a better error message if it's not correct.
- ssh(1): ignore comments at the end of config lines in ssh_config,
similar to what we already do for sshd_config.
- sshd_config(5): mention that DisableForwarding is valid in a
sshd_config Match block.
- sftp(1): fix incorrect sorting of "ls -ltr" under some circumstances.
- ssh(1), sshd(8): fix potential integer truncation of (unlikely)
timeout values.
- ssh(1): make hostbased authentication send the signature algorithm in
its SSH2_MSG_USERAUTH_REQUEST packets instead of the key type. This
make HostbasedAcceptedAlgorithms do what it is supposed to - filter on
signature algorithm and not key type.
- sshd(8): add a number of platform-specific syscalls to the Linux
seccomp-bpf sandbox.
- sshd(8): remove debug message from sigchld handler that could cause
deadlock on some platforms.
- Sync contrib/ssh-copy-id with upstream.
* Remove OpenBSD-specific rdomain references from sshd_config(5) (closes:
#998069).
* Define MAXHOSTNAMELEN on GNU/Hurd (thanks, Svante Signell; closes:
#997030).
* Build-depend on libelogind-dev as an alternative to libsystemd-dev on
Linux (thanks, Svante Signell; closes: #997035).
* Backport from upstream:
- CVE-2021-41617 (closes: #995130): sshd(8) from OpenSSH 6.2 through 8.7
failed to correctly initialise supplemental groups when executing an
AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a
AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive
has been set to run the command as a different user. Instead these
commands would inherit the groups that sshd(8) was started with.
* Configure with ac_cv_func_closefrom=no to avoid an incompatibility with
glibc 2.34's fallback_closefrom function (thanks, William 'jawn-smith'
Wilson; LP: #1944621).
-- Colin Watson <email address hidden> Sat, 06 Nov 2021 12:23:47 +0000
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
openssh (1:8.4p1-6ubuntu2) impish; urgency=medium
* Configure with ac_cv_func_closefrom=no to avoid an incompatibility
with glibc 2.34's fallback_closefrom function (LP: #1944621)
-- William 'jawn-smith' Wilson <email address hidden> Tue, 21 Sep 2021 22:08:39 +0000
Available diffs
- diff from 1:8.4p1-5ubuntu2 to 1:8.4p1-6ubuntu2 (3.5 KiB)
- diff from 1:8.4p1-6ubuntu1 to 1:8.4p1-6ubuntu2 (620 bytes)
| Superseded in impish-proposed |
openssh (1:8.4p1-6ubuntu1) impish; urgency=low * Merge from Debian unstable (LP: #1941799). Remaining changes: - Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for reports on armhf. -- William 'jawn-smith' Wilson <email address hidden> Thu, 26 Aug 2021 12:51:02 -0600
Available diffs
openssh (1:7.6p1-4ubuntu0.5) bionic-security; urgency=medium * SECURITY REGRESSION: User enumeration issue (LP: #1934501) - debian/patches/CVE-2018-15473.patch: updated to fix bad patch backport. -- Marc Deslauriers <email address hidden> Wed, 11 Aug 2021 14:02:09 -0400
Available diffs
openssh (1:8.4p1-5ubuntu1.1) hirsute; urgency=medium
* d/systemd/ssh@.service: preserve the systemd managed runtime directory to
ensure parallel processes will not disrupt one another when halting
(LP: #1905285)
-- Athos Ribeiro <email address hidden> Wed, 28 Jul 2021 10:33:49 -0300
Available diffs
- diff from 1:8.4p1-5ubuntu1 to 1:8.4p1-5ubuntu1.1 (541 bytes)
openssh (1:8.2p1-4ubuntu0.3) focal; urgency=medium
* d/systemd/ssh@.service: preserve the systemd managed runtime directory to
ensure parallel processes will not disrupt one another when halting
(LP: #1905285)
-- Athos Ribeiro <email address hidden> Fri, 23 Jul 2021 09:55:12 -0300
Available diffs
| 1 → 50 of 348 results | First • Previous • Next • Last |
