[ubuntu/plucky-proposed] openssh 1:9.9p1-3ubuntu1 (Accepted)
Nick Rosbrook
enr0n at ubuntu.com
Fri Nov 15 17:28:18 UTC 2024
openssh (1:9.9p1-3ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2085261). Remaining changes:
- Make systemd socket activation the default:
+ debian/rules: modify dh_installsystemd invocations for
socket-activated sshd
+ debian/README.Debian: document systemd socket activation.
+ debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used
+ debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
+ debian/control: Build-Depends: systemd-dev
+ d/p/sshd-socket-generator.patch: add generator for socket activation
+ debian/openssh-server.install: install sshd-socket-generator
+ debian/openssh-server.postinst: handle migration to sshd-socket-generator
+ d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
+ ssh.socket: adjust unit for socket activation by default
+ debian/rules: explicitly enable LTO
- debian/.gitignore: drop file
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/patches: Immediately report interactive instructions to PAM clients
- debian/patches: sshconnect2: Write kbd-interactive messages as utf-8
- d/t/ssh-gssapi: disable -e in cleanup()
* Dropped changes, included in Debian:
- SECURITY UPDATE: timing attack against echo-off password entry
+ debian/patches/CVE-2024-39894.patch: don't rely on
channel_did_enqueue in clientloop.c
+ CVE-2024-39894
* New changes:
- d/p/systemd-socket-activation.patch: refresh and adapt for sshd-session
- d/openssh-server.links: add full sshd.service -> ssh.service alias
(LP: #2087949)
openssh (1:9.9p1-3) unstable; urgency=medium
* Fix mlkem768x25519-sha256 key exchange algorithm on big-endian
architectures.
* Drop patch to define MAXHOSTNAMELEN on GNU/Hurd (no longer needed).
openssh (1:9.9p1-2) unstable; urgency=medium
* Don't prefer host-bound public key signatures if there was no initial
host key, as is the case when using GSS-API key exchange (closes:
#1041521).
* Use runuser rather than sudo in autopkgtests where possible, avoiding a
dependency.
openssh (1:9.9p1-1) unstable; urgency=medium
* Alias the old Debian-specific SetupTimeOut client option to
ConnectTimeout rather than to ServerAliveInterval.
* New upstream release (https://www.openssh.com/releasenotes.html#9.9p1):
- ssh(1): remove support for pre-authentication compression.
- ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for quoted
strings, including allowing nested quotes and \-escaped characters.
- ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.
- ssh(1): the ssh_config "Include" directive can now expand environment
as well as the same set of %-tokens "Match Exec" supports.
- sshd(8): add a sshd_config "RefuseConnection" option that, if set will
terminate the connection at the first authentication request.
- sshd(8): add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped by the
new RefuseConnection keyword.
- sshd(8): add a "Match invalid-user" predicate to sshd_config Match
options that matches when the target username is not valid on the
server.
- ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
- ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange
algorithm now has an IANA-assigned name in addition to the
"@openssh.com" vendor extension name. This algorithm is now also
available under this name "sntrup761x25519-sha512"
- ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is in
addition to pre-existing controls in ssh-agent(1) and sshd(8) that
prevented coredumps.
- All: convert key handling to use the libcrypto EVP_PKEY API, with the
exception of DSA.
- sshd(8): add a random amount of jitter (up to 4 seconds) to the grace
login time to make its expiry unpredictable.
- sshd(8): fix regression introduced in openssh-9.8 that swapped the
order of source and destination addresses in some sshd log messages.
- sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
- ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools.
- ssh(1), ssh-add(1): make parsing user at host consistently look for the
last '@' in the string rather than the first. This makes it possible
to more consistently use usernames that contain '@' characters.
- ssh(1), sshd(8): be more strict in parsing key type names. Only allow
short names (e.g "rsa") in user-interface code and require full SSH
protocol names (e.g. "ssh-rsa") everywhere else.
- regress: many performance and correctness improvements to the
re-keying regression test.
- ssh-keygen(1): clarify that ed25519 is the default key type generated
and clarify that rsa-sha2-512 is the default signature scheme when RSA
is in use.
- sshd(8): fix minor memory leak in Subsystem option parsing.
- All: additional hardening and consistency checks for the sshbuf code.
- sshd(8): reduce default logingrace penalty to ensure that a single
forgotten login that times out will be below the penalty threshold.
- ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
ControlPersist then later has a forwarding added using mux proxy
connection and the forwarding was used, then when the mux proxy
session terminated, the mux master process would issue a bad message
that terminated the connection.
- Sync contrib/ssh-copy-id to the latest upstream version.
- sshd(8): restore audit call before exit that regressed in openssh-9.8.
Fixes an issue where the SSH_CONNECTION_ABANDON event was not
recorded.
- Fix detection of setres*id on GNU/Hurd.
openssh (1:9.8p1-8) unstable; urgency=medium
* Source-only reupload.
openssh (1:9.8p1-7) unstable; urgency=medium
* Adjust description line-wrapping so that lintian recognizes that
openssh-client-gssapi is an intentionally empty package.
openssh (1:9.8p1-6) unstable; urgency=medium
* Upload with binaries to satisfy Debian archive NEW checks.
openssh (1:9.8p1-5) unstable; urgency=medium
* Add openssh-client-gssapi and openssh-server-gssapi packages; these
currently just depend on their non-gssapi counterparts, but will become
different in future. See
https://lists.debian.org/debian-devel/2024/04/msg00044.html.
openssh (1:9.8p1-4) unstable; urgency=medium
[ Grzegorz Szymaszek ]
* Disable listening on 22 in the port change example in README.Debian.
[ Colin Watson ]
* sshd: Allow exec without absolute path in inetd mode (closes: #1078429).
* Add an autopkgtest for running sshd from xinetd.
openssh (1:9.8p1-3) unstable; urgency=medium
[ Dirk Van Haerenborgh ]
* Add sshd-session to openssh-server-udeb.
openssh (1:9.8p1-2) unstable; urgency=medium
* Don't close sockets passed by systemd socket activation (closes:
#1077765).
* Add an autopkgtest for socket activation.
* Consult /etc/hosts.{allow,deny} as "sshd", not "sshd-session" (closes:
#1077799).
openssh (1:9.8p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.8p1):
- CVE-2024-39894: Fix Logic error in ssh(1) ObscureKeystrokeTiming that
made the feature ineffective.
- The DSA signature algorithm is now disabled at compile-time.
- sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
- sshd(8): several log messages have changed. In particular, some log
messages will be tagged with as originating from a process named
"sshd-session" rather than "sshd".
- ssh-keyscan(1): this tool previously emitted comment lines containing
the hostname and SSH protocol banner to standard error. This release
now emits them to standard output, but adds a new "-q" flag to silence
them altogether.
- sshd(8): sshd will no longer use argv[0] as the PAM service name. A
new "PAMServiceName" sshd_config(5) directive allows selecting the
service name at runtime. This defaults to "sshd".
- sshd(8): penalise client addresses that, for various reasons, do not
successfully complete authentication. This feature is controlled by a
new sshd_config(5) PerSourcePenalties option and is on by default.
- ssh(8): allow the HostkeyAlgorithms directive to disable the implicit
fallback from certificate host key to plain host keys.
- misc: fix a number of inaccuracies in the PROTOCOL.* documentation
files.
- all: switch to strtonum(3) for more robust integer parsing in most
places.
- ssh(1), sshd(8): correctly restore sigprocmask around ppoll().
- ssh-keysign(8): stricter validation of messaging socket fd.
- sftp(1): flush stdout after writing "sftp>" prompt when not using
editline.
- sftp-server(8): fix home-directory extension implementation, it
previously always returned the current user's home directory contrary
to the spec.
- ssh-keyscan(1): do not close stdin to prevent error messages when
stdin is read multiple times.
- regression tests: fix rekey test that was testing the same KEX
algorithm repeatedly instead of testing all of them.
- ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
documentation, especially around what is supported vs available
(closes: #1073065).
- sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.
- build: fix OpenSSL ED25519 support detection. An incorrect function
signature in configure.ac previously prevented enabling the recently
added support for ED25519 private keys in PEM PKCS8 format.
- ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable (closes: #1037515, #1068044).
* Stop generating DSA host key.
* Apply X-Style: black.
Date: Tue, 12 Nov 2024 16:28:26 -0500
Changed-By: Nick Rosbrook <enr0n at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/openssh/1:9.9p1-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 12 Nov 2024 16:28:26 -0500
Source: openssh
Built-For-Profiles: noudeb
Architecture: source
Version: 1:9.9p1-3ubuntu1
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nick Rosbrook <enr0n at ubuntu.com>
Closes: 1037515 1041521 1068044 1073065 1077765 1077799 1078429
Launchpad-Bugs-Fixed: 2085261 2087949
Changes:
openssh (1:9.9p1-3ubuntu1) plucky; urgency=medium
.
* Merge with Debian unstable (LP: #2085261). Remaining changes:
- Make systemd socket activation the default:
+ debian/rules: modify dh_installsystemd invocations for
socket-activated sshd
+ debian/README.Debian: document systemd socket activation.
+ debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used
+ debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
+ debian/control: Build-Depends: systemd-dev
+ d/p/sshd-socket-generator.patch: add generator for socket activation
+ debian/openssh-server.install: install sshd-socket-generator
+ debian/openssh-server.postinst: handle migration to sshd-socket-generator
+ d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
+ ssh.socket: adjust unit for socket activation by default
+ debian/rules: explicitly enable LTO
- debian/.gitignore: drop file
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/patches: Immediately report interactive instructions to PAM clients
- debian/patches: sshconnect2: Write kbd-interactive messages as utf-8
- d/t/ssh-gssapi: disable -e in cleanup()
* Dropped changes, included in Debian:
- SECURITY UPDATE: timing attack against echo-off password entry
+ debian/patches/CVE-2024-39894.patch: don't rely on
channel_did_enqueue in clientloop.c
+ CVE-2024-39894
* New changes:
- d/p/systemd-socket-activation.patch: refresh and adapt for sshd-session
- d/openssh-server.links: add full sshd.service -> ssh.service alias
(LP: #2087949)
.
openssh (1:9.9p1-3) unstable; urgency=medium
.
* Fix mlkem768x25519-sha256 key exchange algorithm on big-endian
architectures.
* Drop patch to define MAXHOSTNAMELEN on GNU/Hurd (no longer needed).
.
openssh (1:9.9p1-2) unstable; urgency=medium
.
* Don't prefer host-bound public key signatures if there was no initial
host key, as is the case when using GSS-API key exchange (closes:
#1041521).
* Use runuser rather than sudo in autopkgtests where possible, avoiding a
dependency.
.
openssh (1:9.9p1-1) unstable; urgency=medium
.
* Alias the old Debian-specific SetupTimeOut client option to
ConnectTimeout rather than to ServerAliveInterval.
* New upstream release (https://www.openssh.com/releasenotes.html#9.9p1):
- ssh(1): remove support for pre-authentication compression.
- ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for quoted
strings, including allowing nested quotes and \-escaped characters.
- ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.
- ssh(1): the ssh_config "Include" directive can now expand environment
as well as the same set of %-tokens "Match Exec" supports.
- sshd(8): add a sshd_config "RefuseConnection" option that, if set will
terminate the connection at the first authentication request.
- sshd(8): add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped by the
new RefuseConnection keyword.
- sshd(8): add a "Match invalid-user" predicate to sshd_config Match
options that matches when the target username is not valid on the
server.
- ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
- ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange
algorithm now has an IANA-assigned name in addition to the
"@openssh.com" vendor extension name. This algorithm is now also
available under this name "sntrup761x25519-sha512"
- ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is in
addition to pre-existing controls in ssh-agent(1) and sshd(8) that
prevented coredumps.
- All: convert key handling to use the libcrypto EVP_PKEY API, with the
exception of DSA.
- sshd(8): add a random amount of jitter (up to 4 seconds) to the grace
login time to make its expiry unpredictable.
- sshd(8): fix regression introduced in openssh-9.8 that swapped the
order of source and destination addresses in some sshd log messages.
- sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
- ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools.
- ssh(1), ssh-add(1): make parsing user at host consistently look for the
last '@' in the string rather than the first. This makes it possible
to more consistently use usernames that contain '@' characters.
- ssh(1), sshd(8): be more strict in parsing key type names. Only allow
short names (e.g "rsa") in user-interface code and require full SSH
protocol names (e.g. "ssh-rsa") everywhere else.
- regress: many performance and correctness improvements to the
re-keying regression test.
- ssh-keygen(1): clarify that ed25519 is the default key type generated
and clarify that rsa-sha2-512 is the default signature scheme when RSA
is in use.
- sshd(8): fix minor memory leak in Subsystem option parsing.
- All: additional hardening and consistency checks for the sshbuf code.
- sshd(8): reduce default logingrace penalty to ensure that a single
forgotten login that times out will be below the penalty threshold.
- ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
ControlPersist then later has a forwarding added using mux proxy
connection and the forwarding was used, then when the mux proxy
session terminated, the mux master process would issue a bad message
that terminated the connection.
- Sync contrib/ssh-copy-id to the latest upstream version.
- sshd(8): restore audit call before exit that regressed in openssh-9.8.
Fixes an issue where the SSH_CONNECTION_ABANDON event was not
recorded.
- Fix detection of setres*id on GNU/Hurd.
.
openssh (1:9.8p1-8) unstable; urgency=medium
.
* Source-only reupload.
.
openssh (1:9.8p1-7) unstable; urgency=medium
.
* Adjust description line-wrapping so that lintian recognizes that
openssh-client-gssapi is an intentionally empty package.
.
openssh (1:9.8p1-6) unstable; urgency=medium
.
* Upload with binaries to satisfy Debian archive NEW checks.
.
openssh (1:9.8p1-5) unstable; urgency=medium
.
* Add openssh-client-gssapi and openssh-server-gssapi packages; these
currently just depend on their non-gssapi counterparts, but will become
different in future. See
https://lists.debian.org/debian-devel/2024/04/msg00044.html.
.
openssh (1:9.8p1-4) unstable; urgency=medium
.
[ Grzegorz Szymaszek ]
* Disable listening on 22 in the port change example in README.Debian.
.
[ Colin Watson ]
* sshd: Allow exec without absolute path in inetd mode (closes: #1078429).
* Add an autopkgtest for running sshd from xinetd.
.
openssh (1:9.8p1-3) unstable; urgency=medium
.
[ Dirk Van Haerenborgh ]
* Add sshd-session to openssh-server-udeb.
.
openssh (1:9.8p1-2) unstable; urgency=medium
.
* Don't close sockets passed by systemd socket activation (closes:
#1077765).
* Add an autopkgtest for socket activation.
* Consult /etc/hosts.{allow,deny} as "sshd", not "sshd-session" (closes:
#1077799).
.
openssh (1:9.8p1-1) unstable; urgency=medium
.
* New upstream release (https://www.openssh.com/releasenotes.html#9.8p1):
- CVE-2024-39894: Fix Logic error in ssh(1) ObscureKeystrokeTiming that
made the feature ineffective.
- The DSA signature algorithm is now disabled at compile-time.
- sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
- sshd(8): several log messages have changed. In particular, some log
messages will be tagged with as originating from a process named
"sshd-session" rather than "sshd".
- ssh-keyscan(1): this tool previously emitted comment lines containing
the hostname and SSH protocol banner to standard error. This release
now emits them to standard output, but adds a new "-q" flag to silence
them altogether.
- sshd(8): sshd will no longer use argv[0] as the PAM service name. A
new "PAMServiceName" sshd_config(5) directive allows selecting the
service name at runtime. This defaults to "sshd".
- sshd(8): penalise client addresses that, for various reasons, do not
successfully complete authentication. This feature is controlled by a
new sshd_config(5) PerSourcePenalties option and is on by default.
- ssh(8): allow the HostkeyAlgorithms directive to disable the implicit
fallback from certificate host key to plain host keys.
- misc: fix a number of inaccuracies in the PROTOCOL.* documentation
files.
- all: switch to strtonum(3) for more robust integer parsing in most
places.
- ssh(1), sshd(8): correctly restore sigprocmask around ppoll().
- ssh-keysign(8): stricter validation of messaging socket fd.
- sftp(1): flush stdout after writing "sftp>" prompt when not using
editline.
- sftp-server(8): fix home-directory extension implementation, it
previously always returned the current user's home directory contrary
to the spec.
- ssh-keyscan(1): do not close stdin to prevent error messages when
stdin is read multiple times.
- regression tests: fix rekey test that was testing the same KEX
algorithm repeatedly instead of testing all of them.
- ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
documentation, especially around what is supported vs available
(closes: #1073065).
- sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.
- build: fix OpenSSL ED25519 support detection. An incorrect function
signature in configure.ac previously prevented enabling the recently
added support for ED25519 private keys in PEM PKCS8 format.
- ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable (closes: #1037515, #1068044).
* Stop generating DSA host key.
* Apply X-Style: black.
Checksums-Sha1:
8a4de03e14baa66aee193778da87e595c70ac42f 3480 openssh_9.9p1-3ubuntu1.dsc
5ded7eb0add0b02b5d1a1c4bf5cb2c89d2117b53 1964864 openssh_9.9p1.orig.tar.gz
6f100e4757e1942d7b5e01310fcaf624b71f6740 833 openssh_9.9p1.orig.tar.gz.asc
bd01ab873971ad665cc3766d3e99d8d018ccea79 210072 openssh_9.9p1-3ubuntu1.debian.tar.xz
8a5aef5161210d7acc536c5d1002cd7b86c520f0 8629 openssh_9.9p1-3ubuntu1_source.buildinfo
Checksums-Sha256:
d0ec41f09935ed374f0f4155ebd93d02f23e8f19042892b080a38dd5bfaeb4a8 3480 openssh_9.9p1-3ubuntu1.dsc
b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02 1964864 openssh_9.9p1.orig.tar.gz
0a3c462e9cb862bf0bb3a56c7251091f1c88a47724d10cede3ea018f97cf1c94 833 openssh_9.9p1.orig.tar.gz.asc
74414fffa3ae06ac10c0332fdadc6f060435965460e6d3f5f4178407bd9e7533 210072 openssh_9.9p1-3ubuntu1.debian.tar.xz
d12adf218cd3cd010d613ceb063369aa0a7f1966d4f5512e198934ecf6d9e1b1 8629 openssh_9.9p1-3ubuntu1_source.buildinfo
Files:
d61998fa06980ae8af599ee76906b535 3480 net standard openssh_9.9p1-3ubuntu1.dsc
1893c9b712eb8c55ec2d5146e7323b92 1964864 net standard openssh_9.9p1.orig.tar.gz
8c3a6720795ce7234ba4e1532769bac6 833 net standard openssh_9.9p1.orig.tar.gz.asc
ba15715a5f7e319c51082e74f4dcef72 210072 net standard openssh_9.9p1-3ubuntu1.debian.tar.xz
0d488011ca70c731dee7d8f1d8d959f1 8629 net standard openssh_9.9p1-3ubuntu1_source.buildinfo
Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh at lists.debian.org>
Vcs-Git: https://git.launchpad.net/~enr0n/ubuntu/+source/openssh
Vcs-Git-Commit: 3b5fd3f4231b8a6beab8cb8e73ff5e3aa0ac028d
Vcs-Git-Ref: refs/heads/plucky
More information about the plucky-changes
mailing list