Format: 1.8 Date: Sun, 21 Oct 2018 10:39:24 +0100 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: armhf armhf_translations Version: 1:7.9p1-1 Distribution: disco-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Colin Watson Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Closes: 177406 789532 828475 844494 Launchpad-Bugs-Fixed: 1037738 1674330 1718227 1790963 Changes: openssh (1:7.9p1-1) unstable; urgency=medium . * New upstream release (https://www.openssh.com/txt/release-7.9): - ssh(1), sshd(8): allow most port numbers to be specified using service names from getservbyname(3) (typically /etc/services; closes: #177406). - ssh(1): allow the IdentityAgent configuration directive to accept environment variable names. This supports the use of multiple agent sockets without needing to use fixed paths. - sshd(8): support signalling sessions via the SSH protocol. A limited subset of signals is supported and only for login or command sessions (i.e. not subsystems) that were not subject to a forced command via authorized_keys or sshd_config. - ssh(1): support "ssh -Q sig" to list supported signature options. Also "ssh -Q help" to show the full set of supported queries. - ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and server configs to allow control over which signature formats are allowed for CAs to sign certificates. For example, this allows banning CAs that sign certificates using the RSA-SHA1 signature algorithm. - sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash. - ssh-keygen(1): allow creation of key revocation lists directly from base64-encoded SHA256 fingerprints. This supports revoking keys using only the information contained in sshd(8) authentication log messages. - ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when attempting to load PEM private keys while using an incorrect passphrase. - sshd(8): when a channel closed message is received from a client, close the stderr file descriptor at the same time stdout is closed. This avoids stuck processes if they were waiting for stderr to close and were insensitive to stdin/out closing (closes: #844494). - ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11 forwarding timeout and support X11 forwarding indefinitely. Previously the behaviour of ForwardX11Timeout=0 was undefined. - sshd(8): when compiled with GSSAPI support, cache supported method OIDs regardless of whether GSSAPI authentication is enabled in the main section of sshd_config. This avoids sandbox violations if GSSAPI authentication was later enabled in a Match block. - sshd(8): do not fail closed when configured with a text key revocation list that contains a too-short key. - ssh(1): treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). - ssh(1): fix regression in OpenSSH 7.8 that could prevent public-key authentication using certificates hosted in a ssh-agent(1) or against sshd(8) from OpenSSH <7.8 (LP: #1790963). - All: support building against the openssl-1.1 API (releases 1.1.0g and later). The openssl-1.0 API will remain supported at least until OpenSSL terminates security patch support for that API version (closes: #828475). - sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox; apparently required by some glibc/OpenSSL combinations. * Remove dh_builddeb override to use xz compression; this has been the default since dpkg 1.17.0. * Simplify debian/rules using /usr/share/dpkg/default.mk. * Remove /etc/network/if-up.d/openssh-server, as it causes more problems than it solves (thanks, Christian Ehrhardt, Andreas Hasenack, and David Britton; closes: #789532, LP: #1037738, #1674330, #1718227). Add an "if-up hook removed" section to README.Debian documenting the corner case that may need configuration adjustments. Checksums-Sha1: 0dc3c6bcd932d66bc2ddb39d1dd3b685816ec5b6 3257840 openssh-client-dbgsym_7.9p1-1_armhf.ddeb cee6984f87c02e0b3c96ec44691a988a6390a883 249408 openssh-client-udeb_7.9p1-1_armhf.udeb 0195afdd7d0b2f63b624bf50559e87b4e0969e96 535944 openssh-client_7.9p1-1_armhf.deb f5ad95dbe215c9d13f81f91bec81b289e6bc5f81 974592 openssh-server-dbgsym_7.9p1-1_armhf.ddeb 63215ebc7fa106353642b0160ddac41d8d16d1bd 259500 openssh-server-udeb_7.9p1-1_armhf.udeb 9b9cd3603ef4054cfea7446f06444ad933f4a607 304500 openssh-server_7.9p1-1_armhf.deb 0907c3d376853bd74116f11713f669b64ed1dd4b 136280 openssh-sftp-server-dbgsym_7.9p1-1_armhf.ddeb 144d628c99d07bafee7c4d6b9859f8116b0bf01f 38796 openssh-sftp-server_7.9p1-1_armhf.deb 9428a4ce5af780fd1bd1147493bed2645420e1e5 16891 openssh_7.9p1-1_armhf.buildinfo 8d76ab3ece794da114fc7f09b13cfb52ff863a5c 8495 openssh_7.9p1-1_armhf_translations.tar.gz 43b0dfa1368b1f500ec21eefc9c146646fc53cc8 12560 ssh-askpass-gnome-dbgsym_7.9p1-1_armhf.ddeb d4d433d70b783963b9b3a78012c4ddb0d591062e 16636 ssh-askpass-gnome_7.9p1-1_armhf.deb Checksums-Sha256: 8c78f45c940a40af59c7d1ea19e31cb8a36770a5c5db39801e2cb9672c1027e6 3257840 openssh-client-dbgsym_7.9p1-1_armhf.ddeb 156d8b0ea62918f2f5957cb89ed3e97744f0bf704ba315251b749abeb9c0f719 249408 openssh-client-udeb_7.9p1-1_armhf.udeb a5c883b4f659358b48db116c1fb820d5b3a8ef98eae27472858351e58ed20d10 535944 openssh-client_7.9p1-1_armhf.deb b779ebffe19a7bd0dd5505fcc3464e7a1019bd638b40138fc84b03d78d93737e 974592 openssh-server-dbgsym_7.9p1-1_armhf.ddeb 33a5981b0dca37a7b07ae207f577642761048c8f878bff8bf2928def7720f187 259500 openssh-server-udeb_7.9p1-1_armhf.udeb 3c95f0c6a7ede780ddc199adfedf531c898ade2000ad80cb6a2d498fec3ea7e1 304500 openssh-server_7.9p1-1_armhf.deb be340a8e58e57028e365d573d779961859836213c607ccc8ced3de3136e14e11 136280 openssh-sftp-server-dbgsym_7.9p1-1_armhf.ddeb c9adeb05be173811ebb3e9e3657a3cfa6202f2e1f713af2eac2427942cf95c33 38796 openssh-sftp-server_7.9p1-1_armhf.deb eae4d230ebe6a633bd694d81e432f0136bcf67bdf3b8c00be99cd66419c6965b 16891 openssh_7.9p1-1_armhf.buildinfo ea7456e91663cd45443ff3aa72e565c3f729b2de45cc8c5febb8ff4676cb901e 8495 openssh_7.9p1-1_armhf_translations.tar.gz cd59629803878a1406d85cdf7c90be62c973a9b03e3413da932df9f37332e841 12560 ssh-askpass-gnome-dbgsym_7.9p1-1_armhf.ddeb 41bd007181e47a5b95bcd7c61b49322b21ec8fb0cad0bc41e9f55939cf24989b 16636 ssh-askpass-gnome_7.9p1-1_armhf.deb Files: e82ca35942a8f5e484799f36230bac41 3257840 debug optional openssh-client-dbgsym_7.9p1-1_armhf.ddeb ac55d2ec7b0ef0d2e803ccaef0875cf6 249408 debian-installer optional openssh-client-udeb_7.9p1-1_armhf.udeb 0885b446b00ac5ba4a2ec9799710c584 535944 net standard openssh-client_7.9p1-1_armhf.deb 9f5aaec2ed928469db71f95595e783ee 974592 debug optional openssh-server-dbgsym_7.9p1-1_armhf.ddeb e25ee5472747081ed9e98dda1ccda7ad 259500 debian-installer optional openssh-server-udeb_7.9p1-1_armhf.udeb ab26cf06f1c415273980042cdd009172 304500 net optional openssh-server_7.9p1-1_armhf.deb c8410320525c30064f5e2e0f2fc221b6 136280 debug optional openssh-sftp-server-dbgsym_7.9p1-1_armhf.ddeb 8a43fc9752fe50547b5d422c00a16748 38796 net optional openssh-sftp-server_7.9p1-1_armhf.deb 4336635d08d4495d936252661c3e4a30 16891 net standard openssh_7.9p1-1_armhf.buildinfo 469b34964d592512c7bf46c3e0abb979 8495 raw-translations - openssh_7.9p1-1_armhf_translations.tar.gz d40ee95c17c4ea2aa154a51a302463b4 12560 debug optional ssh-askpass-gnome-dbgsym_7.9p1-1_armhf.ddeb 690abcc826b51bdea15ec8895611bae1 16636 gnome optional ssh-askpass-gnome_7.9p1-1_armhf.deb