openssh 1:9.2p1-2ubuntu1 source package in Ubuntu
Changelog
openssh (1:9.2p1-2ubuntu1) mantic; urgency=medium * Merge with Debian unstable (LP: #2018094). Remaining changes: - debian/rules: modify dh_installsystemd invocations for socket-activated sshd - debian/openssh-server.postinst: handle migration of sshd_config options to systemd socket options on upgrade. - debian/README.Debian: document systemd socket activation. - debian/patches/socket-activation-documentation.patch: Document in sshd_config(5) that ListenAddress and Port no longer work. - debian/openssh-server.templates: include debconf prompt explaining when migration cannot happen due to multiple ListenAddress values - debian/.gitignore: drop file - debian/openssh-server.postrm: remove systemd drop-ins for socket-activated sshd on purge - debian/openssh-server.ucf-md5sum: Update list of stock sshd_config checksums to include those from jammy and kinetic. - debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move /run/sshd creation out of the systemd unit to a tmpfile config so that sshd can be run manually if necessary without having to create this directory by hand. - debian/patches/systemd-socket-activation.patch: Fix sshd re-execution behavior when socket activation is used - debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket activation functionality. * Dropped changes, included in Debian: - debian/patches/systemd-socket-activation.patch: Initial implementation * New changes: - debian/README.Debian: mention drop-in configurations in instructions for disabling sshd socket activation (LP: #2017434). - debian/openssh-server.ucf-md5sum: update for Ubuntu delta openssh (1:9.2p1-2) unstable; urgency=medium * Fix mistakenly-unreleased entry for 1:9.2p1-1 in debian/NEWS. openssh (1:9.2p1-1) unstable; urgency=medium * Set "UsePAM yes" when running regression tests, to match our default sshd configuration. * Ignore Lintian error about depending on lsb-base for now, to avoid problems with partial upgrades on non-default init systems. * New upstream release (https://www.openssh.com/releasenotes.html#9.2p1): - [SECURITY] sshd(8): fix a pre-authentication double-free memory fault introduced in OpenSSH 9.1. This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms. - [SECURITY] ssh(8): in OpenSSH releases after 8.7, the PermitRemoteOpen option would ignore its first argument unless it was one of the special keywords "any" or "none", causing the permission list to fail open if only one permission was specified. - [SECURITY] ssh(1): if the CanonicalizeHostname and CanonicalizePermittedCNAMEs options were enabled, and the system/libc resolver did not check that names in DNS responses were valid, then use of these options could allow an attacker with control of DNS to include invalid characters (possibly including wildcards) in names added to known_hosts files when they were updated. These names would still have to match the CanonicalizePermittedCNAMEs allow-list, so practical exploitation appears unlikely. - ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that controls whether the client-side ~C escape sequence that provides a command-line is available. Among other things, the ~C command-line could be used to add additional port-forwards at runtime. This option defaults to "no", disabling the ~C command-line that was previously enabled by default. - sshd(8): add support for channel inactivity timeouts via a new sshd_config(5) ChannelTimeout directive. This allows channels that have not seen traffic in a configurable interval to be automatically closed. Different timeouts may be applied to session, X11, agent and TCP forwarding channels. - sshd(8): add a sshd_config UnusedConnectionTimeout option to terminate client connections that have no open channels for a length of time. This complements the ChannelTimeout option above. - sshd(8): add a -V (version) option to sshd like the ssh client has. - ssh(1): add a "Host" line to the output of ssh -G showing the original hostname argument. bz3343 - scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to allow control over some SFTP protocol parameters: the copy buffer length and the number of in-flight requests, both of which are used during upload/download. Previously these could be controlled in sftp(1) only. This makes them available in both SFTP protocol clients using the same option character sequence. - ssh-keyscan(1): allow scanning of complete CIDR address ranges, e.g. "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. - ssh(1): support dynamic remote port forwarding in escape command-line's -R processing. - ssh(1): when restoring non-blocking mode to stdio fds, restore exactly the flags that ssh started with and don't just clobber them with zero, as this could also remove the append flag from the set. - ssh(1): avoid printf("%s", NULL) if using UserKnownHostsFile=none and a hostkey in one of the system known hosts file changes. - scp(1): switch scp from using pipes to a socket-pair for communication with its ssh sub-processes, matching how sftp(1) operates. - sshd(8): clear signal mask early in main(); sshd may have been started with one or more signals masked (sigprocmask(2) is not cleared on fork/exec) and this could interfere with various things, e.g. the login grace timer. Execution environments that fail to clear the signal mask before running sshd are clearly broken, but apparently they do exist. - ssh(1): warn if no host keys for hostbased auth can be loaded. - sshd(8): Add server debugging for hostbased auth that is queued and sent to the client after successful authentication, but also logged to assist in diagnosis of HostbasedAuthentication problems. - ssh(1): document use of the IdentityFile option as being usable to list public keys as well as private keys. - sshd(8): check for and disallow MaxStartups values less than or equal to zero during config parsing, rather than failing later at runtime. - ssh-keygen(1): fix parsing of hex cert expiry times specified on the command-line when acting as a CA. - scp(1): when scp(1) is using the SFTP protocol for transport (the default), better match scp/rcp's handling of globs that don't match the globbed characters but do match literally (e.g. trying to transfer a file named "foo.[1]"). Previously scp(1) in SFTP mode would not match these pathnames but legacy scp/rcp mode would. - ssh-agent(1): document the "-O no-restrict-websafe" command-line option. - ssh(1): honour user's umask(2) if it is more restrictive then the ssh default (022). - sshd(8): allow writev(2) in the Linux seccomp sandbox. This seems to be used by recent glibcs at least in some configurations during error conditions. - sshd(8): simplify handling of SSH_CONNECTION PAM env var, removing global variable and checking the return value from pam_putenv. - sshd(8): disable SANDBOX_SECCOMP_FILTER_DEBUG that was mistakenly enabled during the OpenSSH 9.1 release cycle. - sshd(8): defer PRNG seeding until after the initial closefrom(2) call. PRNG seeding will initialize OpenSSL, and some engine providers (e.g. Intel's QAT) will open descriptors for their own use that closefrom(2) could clobber. * debian/run-tests: Add a little more flexibility for debugging. openssh (1:9.1p1-2) unstable; urgency=medium [ Christian Göttsche ] * Do not copy SELinux security context in postinst. [ Colin Watson ] * Add missing ${misc:Depends} to Depends for openssh-client-udeb, openssh-server-udeb. * Use secure URI in Homepage field. * Remove 2 obsolete maintscript entries in 2 files. * Fix day-of-week for changelog entries 1:3.0.2p1-9, 1:3.0.2p1-2, 1:3.0.1p1-1. * Remove deprecated Encoding key from desktop file debian/ssh-askpass-gnome.desktop. * Update standards version to 4.6.2, no changes needed. * debian/tests/regress: Adjust to cope with changes in adduser 3.130 (see #625758). openssh (1:9.1p1-1) unstable; urgency=medium [ Markus Teich ] * Delete obsolete upstart configuration override. [ Colin Watson ] * Work around apparent dh-exec regressions (closes: #1016340). * Don't install unnecessary *.lo files in openssh-tests. * Update Lintian overrides to current syntax. * Pass on compiler/linker flags when building debian/keygen-test. * Remove obsolete and misleading rcp/rlogin/rsh alternatives, and stop providing rsh-client (closes: #197037). * Add sshd_config checksums for 1:8.2p1-1 and 1:8.7p1-1 to ucf reference file. * New upstream release (https://www.openssh.com/releasenotes.html#9.1p1, closes: #1021585): - ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing. - ssh-keygen(1): double free() in error path of file hashing step in signing/verify code. - ssh-keysign(8): double-free in error path introduced in openssh-8.9. - ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are now first-match-wins to match other directives. Previously if an environment variable was multiply specified the last set value would have been used. - ssh-keygen(8): ssh-keygen -A (generate all default host key types) will no longer generate DSA keys, as these are insecure and have not been used by default for some years. - ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA key length. Keys below this length will be ignored for user authentication and for host authentication in sshd(8). ssh(1) will terminate a connection if the server offers an RSA key that falls below this limit, as the SSH protocol does not include the ability to retry a failed key exchange. - sftp-server(8): add a "<email address hidden>" extension request that allows the client to obtain user/group names that correspond to a set of uids/gids. - sftp(1): use "<email address hidden>" sftp-server extension (when available) to fill in user/group names for directory listings. - sftp-server(8): support the "home-directory" extension request defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with the existing "<email address hidden>", but some other clients support it. - ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig verification times and authorized_keys expiry-time options to accept dates in the UTC time zone in addition to the default of interpreting them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed with a 'Z' character. Also allow certificate validity intervals to be specified in raw seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is intended for use by regress tests and other tools that call ssh-keygen as part of a CA workflow. - sftp(1): allow arguments to the sftp -D option, e.g. sftp -D "/usr/libexec/sftp-server -el debug3". - ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y sign" operations, where it will be interpreted to require that the private keys is hosted in an agent. - ssh-keygen(1): implement the "verify-required" certificate option. This was already documented when support for user-verified FIDO keys was added, but the ssh-keygen(1) code was missing. - ssh-agent(1): hook up the restrict_websafe command-line flag; previously the flag was accepted but never actually used. - sftp(1): improve filename tab completions: never try to complete names to non-existent commands, and better match the completion type (local or remote filename) against the argument position being completed. - ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key handling, especially relating to keys that request user-verification. These should reduce the number of unnecessary PIN prompts for keys that support intrinsic user verification. - ssh-keygen(1): when enrolling a FIDO resident key, check if a credential with matching application and user ID strings already exists and, if so, prompt the user for confirmation before overwriting the credential. - sshd(8): improve logging of errors when opening authorized_keys files. - ssh(1): avoid multiplexing operations that could cause SIGPIPE from causing the client to exit early. - ssh_config(5), sshd_config(5): clarify that the RekeyLimit directive applies to both transmitted and received data. - ssh-keygen(1): avoid double fclose() in error path. - sshd(8): log an error if pipe() fails while accepting a connection. - ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage. - sshd(8): ensure that authentication passwords are cleared from memory in error paths. - ssh(1), ssh-agent(1): avoid possibility of notifier code executing kill(-1). - ssh_config(5): note that the ProxyJump directive also accepts the same tokens as ProxyCommand. - scp(1): do not ftruncate(3) files early when in sftp mode. The previous behaviour of unconditionally truncating the destination file would cause "scp ~/foo localhost:foo" and the reverse "scp localhost:foo ~/foo" to delete all the contents of their destination. - ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is unable to load a private key. - sftp(1), scp(1): when performing operations that glob(3) a remote path, ensure that the implicit working directory used to construct that path escapes glob(3) characters. This prevents glob characters from being processed in places they shouldn't, e.g. "cd /tmp/a*/", "get *.txt" should have the get operation treat the path "/tmp/a*" literally and not attempt to expand it (LP: #1483751). - ssh(1), sshd(8): be stricter in which characters will be accepted in specifying a mask length; allow only 0-9. - ssh-keygen(1): avoid printing hash algorithm twice when dumping a KRL. - ssh(1), sshd(8): continue running local I/O for open channels during SSH transport rekeying. This should make ~-escapes work in the client (e.g. to exit) if the connection happened to have stalled during a rekey event. - ssh(1), sshd(8): avoid potential poll() spin during rekeying. - Further hardening for sshbuf internals: disallow "reparenting" a hierarchical sshbuf and zero the entire buffer if reallocation fails. - sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox architectures. * Drop patch to work around https://twistedmatrix.com/trac/ticket/9765, since the fix for that is in Debian testing. * Rewrite gnome-ssh-askpass(1) manual page using mdoc macros, and flesh it out a bit more. [ Steve Langasek ] * Support systemd socket activation. Migrate any existing inetd-style socket activation to systemd socket activation. [ Gioele Barabucci ] * Remove ancient version constraints. * d/openssh-server.{postinst,config}: get_config_option: Replace perl with sed. -- Nick Rosbrook <email address hidden> Fri, 19 May 2023 15:18:17 -0400
Upload details
- Uploaded by:
- Nick Rosbrook
- Sponsored by:
- Steve Langasek
- Uploaded to:
- Mantic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- net
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
openssh_9.2p1.orig.tar.gz | 1.8 MiB | 3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46 |
openssh_9.2p1.orig.tar.gz.asc | 833 bytes | 7acc8e9502040972aeecb785fa3b6bb00c069cc01fbd7c214f8f7867033a6dbb |
openssh_9.2p1-2ubuntu1.debian.tar.xz | 182.6 KiB | 126aef708ae56fda0f57d6ce8577b212e4a82a9c8a60b07f99ce79b7bfe0485f |
openssh_9.2p1-2ubuntu1.dsc | 3.3 KiB | 03c19bdae201be293aa950a37a6a387fc5a4fd6828c5aa41dcd0a42890390cd4 |
Available diffs
- diff from 1:9.0p1-1ubuntu8.1 to 1:9.2p1-2ubuntu1 (726.3 KiB)
Binary packages built by this source
- openssh-client: secure shell (SSH) client, for secure access to remote machines
This is the portable version of OpenSSH, a free implementation of
the Secure Shell protocol as specified by the IETF secsh working
group.
.
Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands on a remote machine.
It provides secure encrypted communications between two untrusted
hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel.
It can be used to provide applications with a secure communication
channel.
.
This package provides the ssh, scp and sftp clients, the ssh-agent
and ssh-add programs to make public key authentication more convenient,
and the ssh-keygen, ssh-keyscan, ssh-copy-id and ssh-argv0 utilities.
.
In some countries it may be illegal to use any encryption at all
without a special permit.
.
ssh replaces the insecure rsh, rcp and rlogin programs, which are
obsolete for most purposes.
- openssh-client-dbgsym: debug symbols for openssh-client
- openssh-server: secure shell (SSH) server, for secure access from remote machines
This is the portable version of OpenSSH, a free implementation of
the Secure Shell protocol as specified by the IETF secsh working
group.
.
Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands on a remote machine.
It provides secure encrypted communications between two untrusted
hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel.
It can be used to provide applications with a secure communication
channel.
.
This package provides the sshd server.
.
In some countries it may be illegal to use any encryption at all
without a special permit.
.
sshd replaces the insecure rshd program, which is obsolete for most
purposes.
- openssh-server-dbgsym: debug symbols for openssh-server
- openssh-sftp-server: secure shell (SSH) sftp server module, for SFTP access from remote machines
This is the portable version of OpenSSH, a free implementation of
the Secure Shell protocol as specified by the IETF secsh working
group.
.
Ssh (Secure Shell) is a program for logging into a remote machine
and for executing commands on a remote machine.
It provides secure encrypted communications between two untrusted
hosts over an insecure network. X11 connections and arbitrary TCP/IP
ports can also be forwarded over the secure channel.
It can be used to provide applications with a secure communication
channel.
.
This package provides the SFTP server module for the SSH server. It
is needed if you want to access your SSH server with SFTP. The SFTP
server module also works with other SSH daemons like dropbear.
.
OpenSSH's sftp and sftp-server implement revision 3 of the SSH filexfer
protocol described in:
.
http://www.openssh. com/txt/ draft-ietf- secsh-filexfer- 02.txt
.
Newer versions of the draft will not be supported, though some features
are individually implemented as extensions.
- openssh-sftp-server-dbgsym: debug symbols for openssh-sftp-server
- openssh-tests: OpenSSH regression tests
This package provides OpenSSH's regression test suite. It is mainly
intended for use with the autopkgtest system, though can also be run
directly using /usr/lib/openssh/ regress/ run-tests.
- openssh-tests-dbgsym: debug symbols for openssh-tests
- ssh: secure shell client and server (metapackage)
This metapackage is a convenient way to install both the OpenSSH client
and the OpenSSH server. It provides nothing in and of itself, so you
may remove it if nothing depends on it.
- ssh-askpass-gnome: interactive X program to prompt users for a passphrase for ssh-add
This has been split out of the main openssh-client package so that
openssh-client does not need to depend on GTK+.
.
You probably want the ssh-askpass package instead, but this is
provided to add to your choice and/or confusion.
- ssh-askpass-gnome-dbgsym: debug symbols for ssh-askpass-gnome