-
openssh (1:8.4p1-5ubuntu1.2) hirsute; urgency=medium
* d/p/match-host-certs-w-public-keys.patch: Add patch
to match host certificates agianst host public keys.
(LP: #1952421)
-- ChloƩ S <email address hidden> Wed, 01 Dec 2021 14:12:42 +0000
-
openssh (1:8.4p1-5ubuntu1.1) hirsute; urgency=medium
* d/systemd/ssh@.service: preserve the systemd managed runtime directory to
ensure parallel processes will not disrupt one another when halting
(LP: #1905285)
-- Athos Ribeiro <email address hidden> Wed, 28 Jul 2021 10:33:49 -0300
-
openssh (1:8.4p1-5ubuntu1) hirsute; urgency=medium
* Merge with Debian; remaining changes:
- Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for
reports on armhf.
openssh (1:8.4p1-5) unstable; urgency=high
* CVE-2021-28041: Fix double free in ssh-agent(1) (closes: #984940).
-- Matthias Klose <email address hidden> Tue, 23 Mar 2021 15:27:12 +0100
-
openssh (1:8.4p1-4ubuntu2) hirsute; urgency=medium
* SECURITY UPDATE: double-free memory corruption in ssh-agent
- debian/patches/CVE-2021-28041.patch: set ext_name to NULL after
freeing it so it doesn't get freed again later on in ssh-agent.c.
- CVE-2021-28041
-- Marc Deslauriers <email address hidden> Tue, 09 Mar 2021 08:44:15 -0500
-
openssh (1:8.4p1-4ubuntu1) hirsute; urgency=medium
* Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for
reports on armhf.
-- Dimitri John Ledkov <email address hidden> Tue, 23 Feb 2021 12:55:46 +0000
-
openssh (1:8.4p1-4build2) hirsute; urgency=medium
* No-change rebuild to drop the udeb package.
-- Matthias Klose <email address hidden> Mon, 22 Feb 2021 10:35:45 +0100
-
openssh (1:8.4p1-4build1) hirsute; urgency=medium
* No change rebuild with fixed ownership.
-- Dimitri John Ledkov <email address hidden> Tue, 16 Feb 2021 15:19:19 +0000
-
openssh (1:8.4p1-4) unstable; urgency=medium
* Avoid using libmd's <sha2.h> even if it's installed (closes: #982705).
-- Colin Watson <email address hidden> Mon, 15 Feb 2021 10:25:17 +0000
-
openssh (1:8.4p1-3) unstable; urgency=medium
* Backport from upstream:
- Fix `EOF: command not found` error in ssh-copy-id (closes: #975540).
-- Colin Watson <email address hidden> Wed, 02 Dec 2020 10:32:23 +0000
-
openssh (1:8.4p1-2) unstable; urgency=medium
* Revert incorrect upstream patch that claimed to fix the seccomp sandbox
on x32 but in fact broke it instead.
-- Colin Watson <email address hidden> Mon, 26 Oct 2020 17:41:13 +0000
-
openssh (1:8.3p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/txt/release-8.3):
- [SECURITY] scp(1): when receiving files, scp(1) could become
desynchronised if a utimes(2) system call failed. This could allow
file contents to be interpreted as file metadata and thereby permit an
adversary to craft a file system that, when copied with scp(1) in a
configuration that caused utimes(2) to fail (e.g. under a SELinux
policy or syscall sandbox), transferred different file names and
contents to the actual file system layout.
- sftp(1): reject an argument of "-1" in the same way as ssh(1) and
scp(1) do instead of accepting and silently ignoring it.
- sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
rhosts/shosts, "no" to allow rhosts/shosts or (new) "shosts-only" to
allow .shosts files but not .rhosts.
- sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
sshd_config, not just before any Match blocks.
- ssh(1): add %TOKEN percent expansion for the LocalForward and
RemoteForward keywords when used for Unix domain socket forwarding.
- all: allow loading public keys from the unencrypted envelope of a
private key file if no corresponding public key file is present.
- ssh(1), sshd(8): prefer to use chacha20 from libcrypto where possible
instead of the (slower) portable C implementation included in OpenSSH.
- ssh-keygen(1): add ability to dump the contents of a binary key
revocation list via "ssh-keygen -lQf /path".
- ssh(1): fix IdentitiesOnly=yes to also apply to keys loaded from a
PKCS11Provider.
- ssh-keygen(1): avoid NULL dereference when trying to convert an
invalid RFC4716 private key.
- scp(1): when performing remote-to-remote copies using "scp -3", start
the second ssh(1) channel with BatchMode=yes enabled to avoid
confusing and non-deterministic ordering of prompts.
- ssh(1), ssh-keygen(1): when signing a challenge using a FIDO token,
perform hashing of the message to be signed in the middleware layer
rather than in OpenSSH code. This permits the use of security key
middlewares that perform the hashing implicitly, such as Windows
Hello.
- ssh(1): fix incorrect error message for "too many known hosts files."
- ssh(1): make failures when establishing "Tunnel" forwarding terminate
the connection when ExitOnForwardFailure is enabled.
- ssh-keygen(1): fix printing of fingerprints on private keys and add a
regression test for same.
- sshd(8): document order of checking AuthorizedKeysFile (first) and
AuthorizedKeysCommand (subsequently, if the file doesn't match).
- sshd(8): document that /etc/hosts.equiv and /etc/shosts.equiv are not
considered for HostbasedAuthentication when the target user is root.
- ssh(1), ssh-keygen(1): fix NULL dereference in private certificate key
parsing.
- ssh(1), sshd(8): more consistency between sets of %TOKENS are accepted
in various configuration options.
- ssh(1), ssh-keygen(1): improve error messages for some common PKCS#11
C_Login failure cases.
- ssh(1), sshd(8): make error messages for problems during SSH banner
exchange consistent with other SSH transport-layer error messages and
ensure they include the relevant IP addresses.
- ssh-keygen(1), ssh-add(1): when downloading FIDO2 resident keys from a
token, don't prompt for a PIN until the token has told us that it
needs one. Avoids double-prompting on devices that implement
on-device authentication (closes: #932071).
- sshd(8), ssh-keygen(1): no-touch-required FIDO certificate option
should be an extension, not a critical option.
- ssh(1), ssh-keygen(1), ssh-add(1): offer a better error message when
trying to use a FIDO key function and SecurityKeyProvider is empty.
- ssh-add(1), ssh-agent(8): ensure that a key lifetime fits within the
values allowed by the wire format (u32). Prevents integer wraparound
of the timeout values.
- ssh(1): detect and prevent trivial configuration loops when using
ProxyJump. bz#3057.
- On platforms that do not support setting process-wide routing domains
(all excepting OpenBSD at present), fail to accept a configuration
attempts to set one at process start time rather than fatally erroring
at run time.
- Fix theoretical infinite loop in the glob(3) replacement
implementation.
* Update GSSAPI key exchange patch from
https://github.com/openssh-gsskex/openssh-gsskex:
- Fix connection through ProxyJump in combination with "GSSAPITrustDNS
yes".
- Enable SHA2-based GSSAPI key exchange methods by default as RFC 8732
was published.
* Fix or suppress various shellcheck errors under debian/.
* Use AUTOPKGTEST_TMP rather than the deprecated ADTTMP.
* Apply upstream patch to fix the handling of Port directives after
Include (closes: #962035, LP: #1876320).
-- Colin Watson <email address hidden> Sun, 07 Jun 2020 13:44:04 +0100