Format: 1.8 Date: Sun, 21 Oct 2018 10:39:24 +0100 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: amd64 amd64_translations all Version: 1:7.9p1-1 Distribution: disco-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Colin Watson Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Closes: 177406 789532 828475 844494 Launchpad-Bugs-Fixed: 1037738 1674330 1718227 1790963 Changes: openssh (1:7.9p1-1) unstable; urgency=medium . * New upstream release (https://www.openssh.com/txt/release-7.9): - ssh(1), sshd(8): allow most port numbers to be specified using service names from getservbyname(3) (typically /etc/services; closes: #177406). - ssh(1): allow the IdentityAgent configuration directive to accept environment variable names. This supports the use of multiple agent sockets without needing to use fixed paths. - sshd(8): support signalling sessions via the SSH protocol. A limited subset of signals is supported and only for login or command sessions (i.e. not subsystems) that were not subject to a forced command via authorized_keys or sshd_config. - ssh(1): support "ssh -Q sig" to list supported signature options. Also "ssh -Q help" to show the full set of supported queries. - ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and server configs to allow control over which signature formats are allowed for CAs to sign certificates. For example, this allows banning CAs that sign certificates using the RSA-SHA1 signature algorithm. - sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash. - ssh-keygen(1): allow creation of key revocation lists directly from base64-encoded SHA256 fingerprints. This supports revoking keys using only the information contained in sshd(8) authentication log messages. - ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when attempting to load PEM private keys while using an incorrect passphrase. - sshd(8): when a channel closed message is received from a client, close the stderr file descriptor at the same time stdout is closed. This avoids stuck processes if they were waiting for stderr to close and were insensitive to stdin/out closing (closes: #844494). - ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11 forwarding timeout and support X11 forwarding indefinitely. Previously the behaviour of ForwardX11Timeout=0 was undefined. - sshd(8): when compiled with GSSAPI support, cache supported method OIDs regardless of whether GSSAPI authentication is enabled in the main section of sshd_config. This avoids sandbox violations if GSSAPI authentication was later enabled in a Match block. - sshd(8): do not fail closed when configured with a text key revocation list that contains a too-short key. - ssh(1): treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). - ssh(1): fix regression in OpenSSH 7.8 that could prevent public-key authentication using certificates hosted in a ssh-agent(1) or against sshd(8) from OpenSSH <7.8 (LP: #1790963). - All: support building against the openssl-1.1 API (releases 1.1.0g and later). The openssl-1.0 API will remain supported at least until OpenSSL terminates security patch support for that API version (closes: #828475). - sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox; apparently required by some glibc/OpenSSL combinations. * Remove dh_builddeb override to use xz compression; this has been the default since dpkg 1.17.0. * Simplify debian/rules using /usr/share/dpkg/default.mk. * Remove /etc/network/if-up.d/openssh-server, as it causes more problems than it solves (thanks, Christian Ehrhardt, Andreas Hasenack, and David Britton; closes: #789532, LP: #1037738, #1674330, #1718227). Add an "if-up hook removed" section to README.Debian documenting the corner case that may need configuration adjustments. Checksums-Sha1: 18e5ca7ed4ac905c328cba3bed83d645f76cfa99 3311164 openssh-client-dbgsym_7.9p1-1_amd64.ddeb 8393989a4cb66123bbcd1bd5ad27f49d59e6f6ab 277052 openssh-client-udeb_7.9p1-1_amd64.udeb 746a2f38c8557a3cbc90dc59f4f6fce957c6c716 613996 openssh-client_7.9p1-1_amd64.deb f881a61d08325f90b8d75044b7bfc85caeb27bce 995364 openssh-server-dbgsym_7.9p1-1_amd64.ddeb 279aec06aff0c816a668597f5081f684d8407d99 288208 openssh-server-udeb_7.9p1-1_amd64.udeb b33926c705b7a5c34ef8f7611faf1df3349fdbe6 338396 openssh-server_7.9p1-1_amd64.deb fbf9d7f671c4f468715097a389ac7825cf54ebeb 137456 openssh-sftp-server-dbgsym_7.9p1-1_amd64.ddeb f4f00ab0c46f94651fec6838cc287d91970c2a34 44756 openssh-sftp-server_7.9p1-1_amd64.deb ad3250d00f3f3ffcba087a5121d7defcdb5e090b 17170 openssh_7.9p1-1_amd64.buildinfo e7970f2b97b36ced973381206c9cd8746d11ceff 8482 openssh_7.9p1-1_amd64_translations.tar.gz ee4e3a0d117d3d187170cb53d4c7daf165e4a02e 12428 ssh-askpass-gnome-dbgsym_7.9p1-1_amd64.ddeb 9224e7e944b92e5bfe3d9dbf94d8caddbe27cc7f 17172 ssh-askpass-gnome_7.9p1-1_amd64.deb 872d041c62ccbc1a69a507d83097bb279cbe7479 5064 ssh_7.9p1-1_all.deb Checksums-Sha256: 21b5247aa2bb19f6aeb58fc7a44b31b0790eaa465dbf10ff1019307b129dbd6d 3311164 openssh-client-dbgsym_7.9p1-1_amd64.ddeb 0df24372e6350390580ccda7364c9f055373b5b76b41974ec9ff6f2a2e448487 277052 openssh-client-udeb_7.9p1-1_amd64.udeb 49b4b58c374e1e3d250d30fde4890a8f9043d96a4775f0f18b817259399401b8 613996 openssh-client_7.9p1-1_amd64.deb 2e8539dd5a45e2bfcbf8e1b50c0f00ea5354920bcfd79509f916569c0c7a2448 995364 openssh-server-dbgsym_7.9p1-1_amd64.ddeb cf5a3a91543db6c53112ae6eb82773ecbb555b3252059b2eeb1104cf8fb7c812 288208 openssh-server-udeb_7.9p1-1_amd64.udeb ce608e6003c3a3e7aaadd3f133483d68c71918419655ef95c004b895242ff736 338396 openssh-server_7.9p1-1_amd64.deb 5b181b98eb6b63a54aa7d1e48e7461a4e40446afe4a7c278a21856a3012ac5fe 137456 openssh-sftp-server-dbgsym_7.9p1-1_amd64.ddeb fc19b2dfa29ecb1204d8a8470a04243804ce217d32a3164858c0f07af2ef9b88 44756 openssh-sftp-server_7.9p1-1_amd64.deb ad132f56b3bcaee6394b4c516ace81558a8efe80c37be9d64732ca4330c334d3 17170 openssh_7.9p1-1_amd64.buildinfo 41b6f57dfa40746d98ad52505ad5f47d8a7470cbb466ab819ecfa51cd5bcc6f7 8482 openssh_7.9p1-1_amd64_translations.tar.gz a8b57b5c18ee2bc92c0fa2bc3b91edcb4ae695a0eea41d3bfe87b15093e6ff86 12428 ssh-askpass-gnome-dbgsym_7.9p1-1_amd64.ddeb b62d673267e0b5cb2ec5d59cc59c02ecbd90d63eb4a93eec73dc135790cca5ef 17172 ssh-askpass-gnome_7.9p1-1_amd64.deb 02e397ed3de31e764e3be1450e3f330d88f5b6a39f7ea7d526c5f527f099b0dd 5064 ssh_7.9p1-1_all.deb Files: 67abe1837439dc3e2aa371a4972eab99 3311164 debug optional openssh-client-dbgsym_7.9p1-1_amd64.ddeb 40352bc9030bbe0103f771cc7c7231ff 277052 debian-installer optional openssh-client-udeb_7.9p1-1_amd64.udeb ac18cd15b0fbc1b37a8fd3872d1fffde 613996 net standard openssh-client_7.9p1-1_amd64.deb b9a80abf0d293ae766a4ab5a9080ff59 995364 debug optional openssh-server-dbgsym_7.9p1-1_amd64.ddeb dc42d385b7749b8289e61add90b206bf 288208 debian-installer optional openssh-server-udeb_7.9p1-1_amd64.udeb 5dab76ac66931783bfbfb4b474104760 338396 net optional openssh-server_7.9p1-1_amd64.deb 1b57ffd4be15c64c543ca0026857cc4b 137456 debug optional openssh-sftp-server-dbgsym_7.9p1-1_amd64.ddeb 5b174230e159f2b8d935596af4e8f872 44756 net optional openssh-sftp-server_7.9p1-1_amd64.deb 8a41e0aa3faca85690009e596313e5a1 17170 net standard openssh_7.9p1-1_amd64.buildinfo a802aea692e407f5ccb1d408e84010c4 8482 raw-translations - openssh_7.9p1-1_amd64_translations.tar.gz 4143645c0fed9e4995c2502d536d27ab 12428 debug optional ssh-askpass-gnome-dbgsym_7.9p1-1_amd64.ddeb e451719cd6bfc5c8444ffee54195a907 17172 gnome optional ssh-askpass-gnome_7.9p1-1_amd64.deb 4c3a00ddff8a163fdbd11ea546f3bcd0 5064 net optional ssh_7.9p1-1_all.deb