-
openssh (1:9.6p1-3ubuntu13) noble; urgency=medium
[ Marco Trevisan (Treviño) ]
* debian: Remove dependency on libsystemd
As per the xz backdoor we learned that the least dependencies sshd have,
the best it is, so avoid to plug libsystemd (which also brings various
other dependencies) inside sshd for no reason:
- d/p/systemd-readiness.patch: Use upstream patch with no libsystemd
dependency
- d/p/systemd-socket-activation.patch: Import patch from debian that
mimics the libsystemd sd_listen_fds() code, as refactored by Colin
Watson.
- d/control: Remove dependencies on libsystemd-dev | libelogind-dev
- d/rules: Drop --with-systemd flag (new options are used by default)
[ Nick Rosbrook ]
* debian/patches: only set PAM_RHOST if remote host is not "UNKNOWN"
(LP: #2060150)
* debian/openssh-server.postinst: don't re-enable ssh.socket if it was disabled
(LP: #2059874)
* d/p/sshd-socket-generator.patch: do not always ignore ListenStream=22
(LP: #2059872)
-- Nick Rosbrook <email address hidden> Fri, 05 Apr 2024 15:30:31 -0400
-
openssh (1:9.6p1-3ubuntu12) noble; urgency=medium
* No-change rebuild for CVE-2024-3094
-- Steve Langasek <email address hidden> Sun, 31 Mar 2024 09:23:28 +0000
-
openssh (1:9.6p1-3ubuntu11) noble; urgency=medium
* d/t/ssh-gssapi: make the test a bit more rebust (LP: #2058276):
- deal with return codes
- match a more specific success expression from the logs
- add klist output in the case of failure
-- Andreas Hasenack <email address hidden> Mon, 18 Mar 2024 10:25:15 -0300
-
openssh (1:9.6p1-3ubuntu10) noble; urgency=medium
* Build again with gnome.
-- Matthias Klose <email address hidden> Sat, 16 Mar 2024 19:30:41 +0100
-
openssh (1:9.6p1-3ubuntu9) noble; urgency=medium
* d/p/gssapi.patch: fix method_gsskeyex structure and
userauth_gsskeyex function regarding changes introduced in upstream
commit dbb339f015c33d63484261d140c84ad875a9e548 ("prepare for
multiple names for authmethods") (LP: #2053146)
* d/t/{ssh-gssapi,util}: ssh-gssapi DEP8 test for gssapi-with-mic
and gssapi-keyex authentication methods
-- Andreas Hasenack <email address hidden> Fri, 15 Mar 2024 16:18:01 -0300
-
openssh (1:9.6p1-3ubuntu8) noble; urgency=medium
* No-change rebuild against libcom-err2
-- Steve Langasek <email address hidden> Tue, 12 Mar 2024 20:34:07 +0000
-
openssh (1:9.6p1-3ubuntu7) noble; urgency=medium
* No-change rebuild against libglib2.0-0t64
-- Steve Langasek <email address hidden> Mon, 11 Mar 2024 23:25:42 +0000
-
openssh (1:9.6p1-3ubuntu6) noble; urgency=medium
* No-change rebuild against libglib2.0-0t64
-- Steve Langasek <email address hidden> Fri, 08 Mar 2024 06:32:05 +0000
-
openssh (1:9.6p1-3ubuntu5) noble; urgency=medium
* debian/systemd/ssh.service: restore RuntimeDirectory=sshd (LP: #2055806)
We started using a tmpfile in Ubuntu when we invoked sshd -G in
openssh-server.postinst as a part of migration to systemd socket activation.
Since we use a generator now, instead of invoking sshd -G, we no longer need
this change.
-- Nick Rosbrook <email address hidden> Thu, 07 Mar 2024 13:59:57 -0500
-
openssh (1:9.6p1-3ubuntu5~ppa2) noble; urgency=medium
* Build without gnome.
-- Matthias Klose <email address hidden> Tue, 05 Mar 2024 15:53:05 +0100
-
openssh (1:9.6p1-3ubuntu4) noble; urgency=medium
* No-change rebuild against libssl3t64
-- Steve Langasek <email address hidden> Mon, 04 Mar 2024 20:31:25 +0000
-
openssh (1:9.6p1-3ubuntu3) noble; urgency=medium
* Add sshd-socket-generator to generate ssh.socket drop-in configuration
instead of doing one-time generation on package upgrade:
- debian/control: Build-Depends: systemd-dev
- d/p/sshd-socket-generator.patch: add generator for socket activation
- debian/openssh-server.install: install sshd-socket-generator
- debian/openssh-server.postinst: handle migration to sshd-socket-generator
- d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
- ssh.socket: adjust unit for socket activation by default
- debian/README.Debian: update ssh.socket documentation
- debian/rules: explicitly enable LTO
The armhf build was not using LTO, which made sshd-socket-generator FTBFS.
This change ensures that all arches are using LTO.
* Drop the following changes related to previous ssh socket activation approach:
- debian/openssh-server.postrm: remove systemd drop-ins for
socket-activated sshd on purge
- debian/openssh-server.templates: include debconf prompt explaining
when migration cannot happen due to multiple ListenAddress values
- debian/openssh-server.postinst: handle migration of sshd_config options
to systemd socket options on upgrade.
- debian/patches/socket-activation-documentation.patch: Document in
sshd_config(5) that ListenAddress and Port no longer work.
* debian/openssh-server.ucf-md5sum: update for new Ubuntu delta
-- Nick Rosbrook <email address hidden> Wed, 21 Feb 2024 12:51:30 -0500
-
openssh (1:9.6p1-3ubuntu2) noble; urgency=medium
[ Marco Trevisan (Treviño) ]
* debian/patches: Immediately report interactive instructions to PAM clients
* debian/patches: sshconnect2: Write kbd-interactive messages as utf-8
-- Julian Andres Klode <email address hidden> Thu, 15 Feb 2024 11:13:03 +0100
-
openssh (1:9.6p1-3ubuntu1) noble; urgency=medium
* Merge with Debian unstable (LP: #2040406). Remaining changes:
- debian/rules: modify dh_installsystemd invocations for
socket-activated sshd.
- debian/openssh-server.postinst: handle migration of sshd_config
options to systemd socket options on upgrade.
- debian/README.Debian: document systemd socket activation.
- debian/patches/socket-activation-documentation.patch: Document
in sshd_config(5) that ListenAddress and Port no longer work.
- debian/openssh-server.templates: include debconf prompt
explaining when migration cannot happen due to multiple
ListenAddress values.
- debian/.gitignore: drop file.
- debian/openssh-server.postrm: remove systemd drop-ins for
socket-activated sshd on purge.
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
/run/sshd creation out of the systemd unit to a tmpfile config
so that sshd can be run manually if necessary without having to
create this directory by hand.
- debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used.
- debian/tests/systemd-socket-activation: Add autopkgtest
for systemd socket activation functionality.
- d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no
for some tests.
* Dropped changes, fixed upstream:
- d/p/fix-ftbfs-with-zlib13.patch: fix ftbfs when using zlib 1.3
(LP #2049552)
openssh (1:9.6p1-3) unstable; urgency=medium
* Allow passing extra ssh-agent arguments via
"/usr/lib/openssh/agent-launch start", making it possible to override
things like identity lifetime using a systemd drop-in unit (closes:
#1059639).
* Don't try to start rescue-ssh.target in postinst (LP: #2047082).
openssh (1:9.6p1-2) unstable; urgency=medium
* Improve detection of broken -fzero-call-used-regs=used (see
https://bugzilla.mindrot.org/show_bug.cgi?id=3645; fixes build on
ppc64/ppc64el).
openssh (1:9.6p1-1) unstable; urgency=medium
* Use single quotes in suggested ssh-keygen commands (closes: #1057835).
* Debconf translations:
- Catalan (thanks, Pablo Huguet; closes: #1049995).
* New upstream release (https://www.openssh.com/releasenotes.html#9.6p1):
- [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to
thwart the so-called "Terrapin attack" discovered by Fabian Bäumer,
Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect
a limited break of the integrity of the early encrypted SSH transport
protocol by sending extra messages prior to the commencement of
encryption, and deleting an equal number of consecutive messages
immediately after encryption starts. A peer SSH client/server would
not be able to detect that messages were deleted.
- [CVE-2023-51384] ssh-agent(1): when adding PKCS#11-hosted private keys
while specifying destination constraints, if the PKCS#11 token
returned multiple keys then only the first key had the constraints
applied. Use of regular private keys, FIDO tokens and unconstrained
keys are unaffected.
- [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained
shell metacharacters was passed to ssh(1), and a ProxyCommand,
LocalCommand directive or "match exec" predicate referenced the user
or hostname via %u, %h or similar expansion token, then an attacker
who could supply arbitrary user/hostnames to ssh(1) could potentially
perform command injection depending on what quoting was present in the
user-supplied ssh_config(5) directive. OpenSSH 9.6 now bans most shell
metacharacters from user and hostnames supplied via the command-line.
- ssh(1), sshd(8): the RFC4254 connection/channels protocol provides a
TCP-like window mechanism that limits the amount of data that can be
sent without acceptance from the peer. In cases where this limit was
exceeded by a non-conforming peer SSH implementation, ssh(1)/sshd(8)
previously discarded the extra data. From OpenSSH 9.6, ssh(1)/sshd(8)
will now terminate the connection if a peer exceeds the window limit
by more than a small grace factor. This change should have no effect
of SSH implementations that follow the specification.
- ssh(1): add a %j token that expands to the configured ProxyJump
hostname (or the empty string if this option is not being used) that
can be used in a number of ssh_config(5) keywords.
- ssh(1): add ChannelTimeout support to the client, mirroring the same
option in the server and allowing ssh(1) to terminate quiescent
channels.
- ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): add support for reading
ED25519 private keys in PEM PKCS8 format. Previously only the OpenSSH
private key format was supported.
- ssh(1), sshd(8): introduce a protocol extension to allow renegotiation
of acceptable signature algorithms for public key authentication after
the server has learned the username being used for authentication.
This allows varying sshd_config(5) PubkeyAcceptedAlgorithms in a
"Match user" block.
- ssh-add(1), ssh-agent(1): add an agent protocol extension to allow
specifying certificates when loading PKCS#11 keys. This allows the use
of certificates backed by PKCS#11 private keys in all OpenSSH tools
that support ssh-agent(1). Previously only ssh(1) supported this
use-case.
- ssh(1): when deciding whether to enable the keystroke timing
obfuscation, enable it only if a channel with a TTY is active.
- ssh(1): switch mainloop from poll(3) to ppoll(3) and mask signals
before checking flags set in signal handler. Avoids potential race
condition between signaling ssh to exit and polling.
- ssh(1): when connecting to a destination with both the AddressFamily
and CanonicalizeHostname directives in use, the AddressFamily
directive could be ignored.
- sftp(1): correct handling of the <email address hidden> option when the
server returned an unexpected message.
- ssh(1): release GSS OIDs only at end of authentication, avoiding
unnecessary init/cleanup cycles.
- ssh_config(5): mention "none" is a valid argument to IdentityFile in
the manual.
- scp(1): improved debugging for paths from the server rejected for not
matching the client's glob(3) pattern in old SCP/RCP protocol mode.
- ssh-agent(1): refuse signing operations on destination-constrained
keys if a previous session-bind operation has failed. This may prevent
a fail-open situation in future if a user uses a mismatched ssh(1)
client and ssh-agent(1) where the client supports a key type that the
agent does not support.
* debian/run-tests: Supply absolute paths to tools.
* debian/run-tests: Enable interop tests for Dropbear.
openssh (1:9.5p1-2) unstable; urgency=medium
* Upload to unstable.
openssh (1:9.5p1-1) experimental; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.5p1):
- ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
are very convenient due to their small size. Ed25519 keys are
specified in RFC 8709 and OpenSSH has supported them since version 6.5
(January 2014).
- sshd(8): the Subsystem directive now accurately preserves quoting of
subsystem commands and arguments. This may change behaviour for exotic
configurations, but the most common subsystem configuration
(sftp-server) is unlikely to be affected.
- ssh(1): add keystroke timing obfuscation to the client. This attempts
to hide inter-keystroke timings by sending interactive traffic at
fixed intervals (default: every 20ms) when there is only a small
amount of data being sent. It also sends fake "chaff" keystrokes for a
random interval after the last real keystroke. These are controlled by
a new ssh_config ObscureKeystrokeTiming keyword.
- ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
implement a ping capability. These messages use numbers in the "local
extensions" number space and are advertised using a "<email address hidden>"
ext-info message with a string version number of "0".
- sshd(8): allow override of Subsystem directives in sshd Match blocks.
- scp(1): fix scp in SFTP mode recursive upload and download of
directories that contain symlinks to other directories. In scp mode,
the links would be followed, but in SFTP mode they were not.
- ssh-keygen(1): handle cr+lf (instead of just cr) line endings in
sshsig signature files.
- ssh(1): interactive mode for ControlPersist sessions if they
originally requested a tty.
- sshd(8): make PerSourceMaxStartups first-match-wins.
- sshd(8): limit artificial login delay to a reasonable maximum (5s) and
don't delay at all for the "none" authentication mechanism.
- sshd(8): Log errors in kex_exchange_identification() with level
verbose instead of error to reduce preauth log spam. All of those get
logged with a more generic error message by sshpkt_fatal().
- sshd(8): correct math for ClientAliveInterval that caused the probes
to be sent less frequently than configured.
- ssh(1): fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
multiplexed sessions to ignore SIGINT under some circumstances.
* Build-depend on dh-sequence-movetousr.
* Report DebianBanner setting in "sshd -G/-T" output (thanks, Rasmus
Villemoes; closes: #1053555).
-- Miriam España Acebal <email address hidden> Mon, 29 Jan 2024 11:16:31 +0100
-
openssh (1:9.4p1-1ubuntu2) noble; urgency=medium
* d/p/fix-ftbfs-with-zlib13.patch: fix ftbfs when using
zlib 1.3 (LP: #2049552).
-- Miriam España Acebal <email address hidden> Wed, 17 Jan 2024 20:00:55 +0100
-
openssh (1:9.4p1-1ubuntu1) noble; urgency=medium
* Merge with Debian unstable. Remaining changes:
- debian/rules: modify dh_installsystemd invocations for
socket-activated sshd
- debian/openssh-server.postinst: handle migration of sshd_config options
to systemd socket options on upgrade.
- debian/README.Debian: document systemd socket activation.
- debian/patches/socket-activation-documentation.patch: Document in
sshd_config(5) that ListenAddress and Port no longer work.
- debian/openssh-server.templates: include debconf prompt explaining
when migration cannot happen due to multiple ListenAddress values
- debian/.gitignore: drop file
- debian/openssh-server.postrm: remove systemd drop-ins for
socket-activated sshd on purge
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/openssh-server.tmpfile,debian/systemd/ssh.service: Move
/run/sshd creation out of the systemd unit to a tmpfile config so
that sshd can be run manually if necessary without having to create
this directory by hand.
- debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used
- debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
- d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no for some tests
* Dropped changes, fixed upstream:
- d/p/fix-authorized-principals-command.patch: Fix the situation where
sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand
is also set by checking if the value pointed to by the pointer
'charptr' is NULL.
- debian/patches/CVE-2023-38408-1.patch: terminate process if requested
to load a PKCS#11 provider that isn't a PKCS#11 provider in
ssh-pkcs11.c.
- debian/patches/CVE-2023-38408-2.patch: disallow remote addition of
FIDO/PKCS11 provider in ssh-agent.1, ssh-agent.c.
- debian/patches/CVE-2023-38408-3.patch: ensure FIDO/PKCS11 libraries
contain expected symbols in misc.c, misc.h, ssh-pkcs11.c, ssh-sk.c.
* Dropped changes, affected package versions not published in supported
releases:
- debian/openssh-server.postint: do not try to restart systemd units,
and instead indicate that a reboot is required
- debian/tests/systemd-socket-activation: Reboot the testbed before starting the test
- debian/rules: Do not stop ssh.socket on upgrade
openssh (1:9.4p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.4p1):
- ssh-agent(1): PKCS#11 modules must now be specified by their full
paths. Previously dlopen(3) could search for them in system library
directories.
- ssh(1): allow forwarding Unix Domain sockets via ssh -W.
- ssh(1): add support for configuration tags to ssh(1). This adds a
ssh_config(5) "Tag" directive and corresponding "Match tag" predicate
that may be used to select blocks of configuration similar to the
pf.conf(5) keywords of the same name.
- ssh(1): add a "match localnetwork" predicate. This allows matching on
the addresses of available network interfaces and may be used to vary
the effective client configuration based on network location.
- ssh(1), sshd(8), ssh-keygen(1): infrastructure support for KRL
extensions. This defines wire formats for optional KRL extensions and
implements parsing of the new submessages. No actual extensions are
supported at this point.
- sshd(8): AuthorizedPrincipalsCommand and AuthorizedKeysCommand now
accept two additional %-expansion sequences: %D which expands to the
routing domain of the connected session and %C which expands to the
addresses and port numbers for the source and destination of the
connection.
- ssh-keygen(1): increase the default work factor (rounds) for the
bcrypt KDF used to derive symmetric encryption keys for passphrase
protected key files by 50%.
- ssh-agent(1): improve isolation between loaded PKCS#11 modules by
running separate ssh-pkcs11-helpers for each loaded provider.
- ssh(1): make -f (fork after authentication) work correctly with
multiplexed connections, including ControlPersist (closes: #348741).
- ssh(1): make ConnectTimeout apply to multiplexing sockets and not just
to network connections.
- ssh-agent(1), ssh(1): improve defences against invalid PKCS#11 modules
being loaded by checking that the requested module contains the
required symbol before loading it.
- sshd(8): fix AuthorizedPrincipalsCommand when AuthorizedKeysCommand
appears before it in sshd_config. Since OpenSSH 8.7 the
AuthorizedPrincipalsCommand directive was incorrectly ignored in this
situation.
- sshd(8), ssh(1), ssh-keygen(1): remove vestigial support for KRL
signatures. When the KRL format was originally defined, it included
support for signing of KRL objects. However, the code to sign KRLs and
verify KRL signatues was never completed in OpenSSH. This release
removes the partially-implemented code to verify KRLs. All OpenSSH
tools now ignore KRL_SECTION_SIGNATURE sections in KRL files.
- All: fix a number of memory leaks and unreachable/harmless integer
overflows.
- ssh-agent(1), ssh(1): don't truncate strings logged from PKCS#11
modules.
- sshd(8), ssh(1): better validate CASignatureAlgorithms in ssh_config
and sshd_config. Previously this directive would accept certificate
algorithm names, but these were unusable in practice as OpenSSH does
not support CA chains.
- ssh(1): make `ssh -Q CASignatureAlgorithms` only list signature
algorithms that are valid for CA signing. Previous behaviour was to
list all signing algorithms, including certificate algorithms.
- ssh-keyscan(1): gracefully handle systems where rlimits or the maximum
number of open files is larger than INT_MAX.
- ssh-keygen(1): fix "no comment" not showing on when running
`ssh-keygen -l` on multiple keys where one has a comment and other
following keys do not. bz3580
- scp(1), sftp(1): adjust ftruncate() logic to handle servers that
reorder requests. Previously, if the server reordered requests then
the resultant file would be erroneously truncated.
- ssh(1): don't incorrectly disable hostname canonicalization when
CanonicalizeHostname=yes and ProxyJump was explicitly set to "none".
- scp(1): when copying local->remote, check that the source file exists
before opening an SFTP connection to the server (closes: #59255).
- sshd(8): provide a replacement for the SELinux matchpathcon()
function, which is deprecated.
- All: relax libcrypto version checks for OpenSSL >=3 (closes:
#1035623). Beyond OpenSSL 3.0, the ABI compatibility guarantees are
wider (only the library major must match instead of major and minor in
earlier versions).
- ssh-copy-id(1): Special case OpenWrt instead of Dropbear
(LP: #1966886).
openssh (1:9.3p2-1) unstable; urgency=high
* New upstream release (https://www.openssh.com/releasenotes.html#9.3p2):
- [CVE-2023-38408] Fix a condition where specific libraries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket.
-- Nick Rosbrook <email address hidden> Mon, 13 Nov 2023 12:47:29 -0500
-
openssh (1:9.3p1-1ubuntu3) mantic; urgency=medium
* d/p/fix-authorized-principals-command.patch: Fix the situation where
sshd ignores AuthorizedPrincipalsCommand if AuthorizedKeysCommand
is also set by checking if the value pointed to by the pointer
'charptr' is NULL. (LP: #2031942)
-- Michal Maloszewski <email address hidden> Thu, 24 Aug 2023 15:20:27 +0200