Debian
openssh package

openssh 1:9.0p1-1 source package in Debian

Changelog

openssh (1:9.0p1-1) unstable; urgency=medium

  * New upstream release (https://www.openssh.com/releasenotes.html#9.0p1):
    - scp(1): Use the SFTP protocol by default (closes: #144579, #204546,
      #327019). This changes scp's quoting semantics by no longer performing
      wildcard expansion using the remote shell, and (with some server
      versions) no longer expanding ~user paths. The -O option is available
      to use the old protocol. See NEWS.Debian for more details.
    - ssh(1), sshd(8): use the hybrid Streamlined NTRU Prime + x25519 key
      exchange method by default ("<email address hidden>").
      The NTRU algorithm is believed to resist attacks enabled by future
      quantum computers and is paired with the X25519 ECDH key exchange (the
      previous default) as a backstop against any weaknesses in NTRU Prime
      that may be discovered in the future. The combination ensures that the
      hybrid exchange offers at least as good security as the status quo.
    - sftp-server(8): support the "copy-data" extension to allow server-
      side copying of files/data, following the design in
      draft-ietf-secsh-filexfer-extensions-00.
    - sftp(1): add a "cp" command to allow the sftp client to perform
      server-side file copies.
    - ssh(1), sshd(8): upstream: fix poll(2) spin when a channel's output fd
      closes without data in the channel buffer (closes: #1007822).
    - sshd(8): pack pollfd array in server listen/accept loop. Could cause
      the server to hang/spin when MaxStartups > RLIMIT_NOFILE.
    - ssh-keygen(1): avoid NULL deref via the find-principals and
      check-novalidate operations. bz3409 and GHPR307 respectively.
    - scp(1): fix a memory leak in argument processing.
    - sshd(8): don't try to resolve ListenAddress directives in the sshd
      re-exec path. They are unused after re-exec and parsing errors
      (possible for example if the host's network configuration changed)
      could prevent connections from being accepted.
    - sshd(8): when refusing a public key authentication request from a
      client for using an unapproved or unsupported signature algorithm
      include the algorithm name in the log message to make debugging
      easier.
    - ssh(1), sshd(8): Fix possible integer underflow in scan_scaled(3)
      parsing of K/M/G/etc quantities.
    - sshd(8): default to not using sandbox when cross compiling. On most
      systems poll(2) does not work when the number of FDs is reduced with
      setrlimit, so assume it doesn't when cross compiling and we can't run
      the test.
  * Remove obsolete FAQ, removed from openssh.com in 2016.

 -- Colin Watson <email address hidden>  Sat, 09 Apr 2022 14:14:10 +0100

Upload details

Uploaded by:
Debian OpenSSH Maintainers
Uploaded to:
Sid
Original maintainer:
Debian OpenSSH Maintainers
Architectures:
any all
Section:
net
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
openssh_9.0p1-1.dsc 3.3 KiB ff368f3247c89eea2be10cd2ad2fcb9d0811fc6652c9cab9d01d087203e28fdd
openssh_9.0p1.orig.tar.gz 1.7 MiB 03974302161e9ecce32153cfa10012f1e65c8f3750f573a73ab1befd5972a28a
openssh_9.0p1.orig.tar.gz.asc 833 bytes 5db3a2eb3e8e9c8ae62527ea55f5a6fa41c395ebd0bbb65f4b3dfebeeee5fa00
openssh_9.0p1-1.debian.tar.xz 172.0 KiB 46f24ab534892c55c82ebafdac23564579f9be73a7cc0230730a2e6aa64e17ab

Available diffs

No changes file available.

Binary packages built by this source