Format: 1.8 Date: Sun, 21 Oct 2018 10:39:24 +0100 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: s390x s390x_translations Version: 1:7.9p1-1 Distribution: disco-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Colin Watson Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad Closes: 177406 789532 828475 844494 Launchpad-Bugs-Fixed: 1037738 1674330 1718227 1790963 Changes: openssh (1:7.9p1-1) unstable; urgency=medium . * New upstream release (https://www.openssh.com/txt/release-7.9): - ssh(1), sshd(8): allow most port numbers to be specified using service names from getservbyname(3) (typically /etc/services; closes: #177406). - ssh(1): allow the IdentityAgent configuration directive to accept environment variable names. This supports the use of multiple agent sockets without needing to use fixed paths. - sshd(8): support signalling sessions via the SSH protocol. A limited subset of signals is supported and only for login or command sessions (i.e. not subsystems) that were not subject to a forced command via authorized_keys or sshd_config. - ssh(1): support "ssh -Q sig" to list supported signature options. Also "ssh -Q help" to show the full set of supported queries. - ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and server configs to allow control over which signature formats are allowed for CAs to sign certificates. For example, this allows banning CAs that sign certificates using the RSA-SHA1 signature algorithm. - sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash. - ssh-keygen(1): allow creation of key revocation lists directly from base64-encoded SHA256 fingerprints. This supports revoking keys using only the information contained in sshd(8) authentication log messages. - ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when attempting to load PEM private keys while using an incorrect passphrase. - sshd(8): when a channel closed message is received from a client, close the stderr file descriptor at the same time stdout is closed. This avoids stuck processes if they were waiting for stderr to close and were insensitive to stdin/out closing (closes: #844494). - ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11 forwarding timeout and support X11 forwarding indefinitely. Previously the behaviour of ForwardX11Timeout=0 was undefined. - sshd(8): when compiled with GSSAPI support, cache supported method OIDs regardless of whether GSSAPI authentication is enabled in the main section of sshd_config. This avoids sandbox violations if GSSAPI authentication was later enabled in a Match block. - sshd(8): do not fail closed when configured with a text key revocation list that contains a too-short key. - ssh(1): treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). - ssh(1): fix regression in OpenSSH 7.8 that could prevent public-key authentication using certificates hosted in a ssh-agent(1) or against sshd(8) from OpenSSH <7.8 (LP: #1790963). - All: support building against the openssl-1.1 API (releases 1.1.0g and later). The openssl-1.0 API will remain supported at least until OpenSSL terminates security patch support for that API version (closes: #828475). - sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox; apparently required by some glibc/OpenSSL combinations. * Remove dh_builddeb override to use xz compression; this has been the default since dpkg 1.17.0. * Simplify debian/rules using /usr/share/dpkg/default.mk. * Remove /etc/network/if-up.d/openssh-server, as it causes more problems than it solves (thanks, Christian Ehrhardt, Andreas Hasenack, and David Britton; closes: #789532, LP: #1037738, #1674330, #1718227). Add an "if-up hook removed" section to README.Debian documenting the corner case that may need configuration adjustments. Checksums-Sha1: 55ca8acc061ed6d027f294f00ee12fc75dbeb24f 3347616 openssh-client-dbgsym_7.9p1-1_s390x.ddeb 5c728893580b4d960833466c3d75d76d6cef52f9 266596 openssh-client-udeb_7.9p1-1_s390x.udeb 8948113a60ecf10e00b224bf78d07966651ff3a2 570956 openssh-client_7.9p1-1_s390x.deb 59e6a9950e28fe67d6e9bb9fb3734da6adba7a0b 1005616 openssh-server-dbgsym_7.9p1-1_s390x.ddeb a3f61505b75108804d879d4e33b64ac0c3e1ee80 274760 openssh-server-udeb_7.9p1-1_s390x.udeb a8e35806ac6e317e18e381e1b5a5de4f9e3e4672 313152 openssh-server_7.9p1-1_s390x.deb 3e05553aec1aed031e92fda72667de8199914fc5 139280 openssh-sftp-server-dbgsym_7.9p1-1_s390x.ddeb 07971a67040e84c1484179b252b4f834b20d6d60 41996 openssh-sftp-server_7.9p1-1_s390x.deb 62c3b115a0734589948c0de40b67595d9db27361 16702 openssh_7.9p1-1_s390x.buildinfo 383faa39b419b03a250039c6aabf7fcb96658113 8564 openssh_7.9p1-1_s390x_translations.tar.gz 5f37584b1f03d1f8e4ae7bd855a0a8e71f06abff 12396 ssh-askpass-gnome-dbgsym_7.9p1-1_s390x.ddeb 38efb4945746be97087311ac54a9e6bdddd56115 17172 ssh-askpass-gnome_7.9p1-1_s390x.deb Checksums-Sha256: 521fc792d9e8ae878f494e816d31b27cbe7eb8f0375fe11a3b3cb878f1dc79ed 3347616 openssh-client-dbgsym_7.9p1-1_s390x.ddeb c6299f061a8af2832a4e5084a3c847db441b682a70d8dc73b9da45f8f5f21847 266596 openssh-client-udeb_7.9p1-1_s390x.udeb 15195ae712d4255f77e191b03ef176c23340eba5ad589f4b492373126c8aac62 570956 openssh-client_7.9p1-1_s390x.deb 2a28823e421385c751a864a3147e47541738d902fcfe841f03dcc90f4ba30954 1005616 openssh-server-dbgsym_7.9p1-1_s390x.ddeb 53e492319fe384aab659d112a0fa70f8425fd6026438e3523b08878b497e63ea 274760 openssh-server-udeb_7.9p1-1_s390x.udeb 286e1950ed8b514a219a0c1fbb58388b53a243572271decc635e62050cbd4245 313152 openssh-server_7.9p1-1_s390x.deb 82af92485d61b4453a24b47c0e6cca4421e03efd66a4dc34ff10b3ec83ae130f 139280 openssh-sftp-server-dbgsym_7.9p1-1_s390x.ddeb 1762694caa5affb337cc9da60647fd9020204f831cefda03daf803145f63f470 41996 openssh-sftp-server_7.9p1-1_s390x.deb 93948f0282e88e7b37497f633da4e155d40b0b73b0c8a00938c6e2a27e0b7102 16702 openssh_7.9p1-1_s390x.buildinfo ca779a175a5f8fc8d60bf592a9f43919919a13c0166a96e010bbb5b4dc91fa69 8564 openssh_7.9p1-1_s390x_translations.tar.gz 34714b277c87810a2db67be33a456960c2121d32aa9425e5d1e620c7ea531cf2 12396 ssh-askpass-gnome-dbgsym_7.9p1-1_s390x.ddeb 6df695b09cb67cc58b347601f1b9fc8ccf49b2d8881f4cfebbd6bf794e709fc4 17172 ssh-askpass-gnome_7.9p1-1_s390x.deb Files: 582932ddfa7279eaee27036d585de045 3347616 debug optional openssh-client-dbgsym_7.9p1-1_s390x.ddeb 4be1c502f4fa0b8c13d43911db1a1488 266596 debian-installer optional openssh-client-udeb_7.9p1-1_s390x.udeb f7c73584ff579de7da75c79119b6c6da 570956 net standard openssh-client_7.9p1-1_s390x.deb c93c201825b523af0809cc7634c0b8ff 1005616 debug optional openssh-server-dbgsym_7.9p1-1_s390x.ddeb fff932f42fdad9e436aa49196feb219f 274760 debian-installer optional openssh-server-udeb_7.9p1-1_s390x.udeb 5ad2db1e6d821b92cf8da76804cc63b3 313152 net optional openssh-server_7.9p1-1_s390x.deb bb2f896988b0adc04f1d4955b87ab1d3 139280 debug optional openssh-sftp-server-dbgsym_7.9p1-1_s390x.ddeb 9deab4f476bfb60a7ec703e190b29afe 41996 net optional openssh-sftp-server_7.9p1-1_s390x.deb a359c5bb3dd0f5c70f213800ab1feb06 16702 net standard openssh_7.9p1-1_s390x.buildinfo c73e4e9436a66662552b063ed098f74e 8564 raw-translations - openssh_7.9p1-1_s390x_translations.tar.gz b9d56d5c142fdc4a5b780d3d0243cbc2 12396 debug optional ssh-askpass-gnome-dbgsym_7.9p1-1_s390x.ddeb aa08f139c8baf5256c0d60039bd12156 17172 gnome optional ssh-askpass-gnome_7.9p1-1_s390x.deb