openssh 1:8.3p1-1 source package in Ubuntu

Changelog

openssh (1:8.3p1-1) unstable; urgency=medium

  * New upstream release (https://www.openssh.com/txt/release-8.3):
    - [SECURITY] scp(1): when receiving files, scp(1) could become
      desynchronised if a utimes(2) system call failed.  This could allow
      file contents to be interpreted as file metadata and thereby permit an
      adversary to craft a file system that, when copied with scp(1) in a
      configuration that caused utimes(2) to fail (e.g. under a SELinux
      policy or syscall sandbox), transferred different file names and
      contents to the actual file system layout.
    - sftp(1): reject an argument of "-1" in the same way as ssh(1) and
      scp(1) do instead of accepting and silently ignoring it.
    - sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
      rhosts/shosts, "no" to allow rhosts/shosts or (new) "shosts-only" to
      allow .shosts files but not .rhosts.
    - sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
      sshd_config, not just before any Match blocks.
    - ssh(1): add %TOKEN percent expansion for the LocalForward and
      RemoteForward keywords when used for Unix domain socket forwarding.
    - all: allow loading public keys from the unencrypted envelope of a
      private key file if no corresponding public key file is present.
    - ssh(1), sshd(8): prefer to use chacha20 from libcrypto where possible
      instead of the (slower) portable C implementation included in OpenSSH.
    - ssh-keygen(1): add ability to dump the contents of a binary key
      revocation list via "ssh-keygen -lQf /path".
    - ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from a
      PKCS11Provider.
    - ssh-keygen(1): avoid NULL dereference when trying to convert an
      invalid RFC4716 private key.
    - scp(1): when performing remote-to-remote copies using "scp -3", start
      the second ssh(1) channel with BatchMode=yes enabled to avoid
      confusing and non-deterministic ordering of prompts.
    - ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
      perform hashing of the message to be signed in the middleware layer
      rather than in OpenSSH code.  This permits the use of security key
      middlewares that perform the hashing implicitly, such as Windows
      Hello.
    - ssh(1): fix incorrect error message for "too many known hosts files."
    - ssh(1): make failures when establishing "Tunnel" forwarding terminate
      the connection when ExitOnForwardFailure is enabled.
    - ssh-keygen(1): fix printing of fingerprints on private keys and add a
      regression test for same.
    - sshd(8): document order of checking AuthorizedKeysFile (first) and
      AuthorizedKeysCommand (subsequently, if the file doesn't match).
    - sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are not
      considered for HostbasedAuthentication when the target user is root.
    - ssh(1), ssh-keygen(1): fix NULL dereference in private certificate key
      parsing.
    - ssh(1), sshd(8): more consistency between sets of %TOKENS are accepted
      in various configuration options.
    - ssh(1), ssh-keygen(1): improve error messages for some common PKCS#11
      C_Login failure cases.
    - ssh(1), sshd(8): make error messages for problems during SSH banner
      exchange consistent with other SSH transport-layer error messages and
      ensure they include the relevant IP addresses.
    - ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys from a
      token, don't prompt for a PIN until the token has told us that it
      needs one.  Avoids double-prompting on devices that implement
      on-device authentication (closes: #932071).
    - sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
      should be an extension, not a critical option.
    - ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message when
      trying to use a FIDO key function and SecurityKeyProvider is empty.
    - ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within the
      values allowed by the wire format (u32).  Prevents integer wraparound
      of the timeout values.
    - ssh(1): detect and prevent trivial configuration loops when using
      ProxyJump. bz#3057.
    - On platforms that do not support setting process-wide routing domains
      (all excepting OpenBSD at present), fail to accept a configuration
      attempts to set one at process start time rather than fatally erroring
      at run time.
    - Fix theoretical infinite loop in the glob(3) replacement
      implementation.
  * Update GSSAPI key exchange patch from
    https://github.com/openssh-gsskex/openssh-gsskex:
    - Fix connection through ProxyJump in combination with "GSSAPITrustDNS
      yes".
    - Enable SHA2-based GSSAPI key exchange methods by default as RFC 8732
      was published.
  * Fix or suppress various shellcheck errors under debian/.
  * Use AUTOPKGTEST_TMP rather than the deprecated ADTTMP.
  * Apply upstream patch to fix the handling of Port directives after
    Include (closes: #962035, LP: #1876320).

 -- Colin Watson <email address hidden>  Sun, 07 Jun 2020 13:44:04 +0100