[Bug 2085261] Re: Merge openssh from Debian unstable for plucky
Launchpad Bug Tracker
2085261 at bugs.launchpad.net
Tue Nov 19 16:33:07 UTC 2024
This bug was fixed in the package openssh - 1:9.9p1-3ubuntu1
---------------
openssh (1:9.9p1-3ubuntu1) plucky; urgency=medium
* Merge with Debian unstable (LP: #2085261). Remaining changes:
- Make systemd socket activation the default:
+ debian/rules: modify dh_installsystemd invocations for
socket-activated sshd
+ debian/README.Debian: document systemd socket activation.
+ debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used
+ debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
+ debian/control: Build-Depends: systemd-dev
+ d/p/sshd-socket-generator.patch: add generator for socket activation
+ debian/openssh-server.install: install sshd-socket-generator
+ debian/openssh-server.postinst: handle migration to sshd-socket-generator
+ d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
+ ssh.socket: adjust unit for socket activation by default
+ debian/rules: explicitly enable LTO
- debian/.gitignore: drop file
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/patches: Immediately report interactive instructions to PAM clients
- debian/patches: sshconnect2: Write kbd-interactive messages as utf-8
- d/t/ssh-gssapi: disable -e in cleanup()
* Dropped changes, included in Debian:
- SECURITY UPDATE: timing attack against echo-off password entry
+ debian/patches/CVE-2024-39894.patch: don't rely on
channel_did_enqueue in clientloop.c
+ CVE-2024-39894
* New changes:
- d/p/systemd-socket-activation.patch: refresh and adapt for sshd-session
- d/openssh-server.links: add full sshd.service -> ssh.service alias
(LP: #2087949)
openssh (1:9.9p1-3) unstable; urgency=medium
* Fix mlkem768x25519-sha256 key exchange algorithm on big-endian
architectures.
* Drop patch to define MAXHOSTNAMELEN on GNU/Hurd (no longer needed).
openssh (1:9.9p1-2) unstable; urgency=medium
* Don't prefer host-bound public key signatures if there was no initial
host key, as is the case when using GSS-API key exchange (closes:
#1041521).
* Use runuser rather than sudo in autopkgtests where possible, avoiding a
dependency.
openssh (1:9.9p1-1) unstable; urgency=medium
* Alias the old Debian-specific SetupTimeOut client option to
ConnectTimeout rather than to ServerAliveInterval.
* New upstream release (https://www.openssh.com/releasenotes.html#9.9p1):
- ssh(1): remove support for pre-authentication compression.
- ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for quoted
strings, including allowing nested quotes and \-escaped characters.
- ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.
- ssh(1): the ssh_config "Include" directive can now expand environment
as well as the same set of %-tokens "Match Exec" supports.
- sshd(8): add a sshd_config "RefuseConnection" option that, if set will
terminate the connection at the first authentication request.
- sshd(8): add a "refuseconnection" penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped by the
new RefuseConnection keyword.
- sshd(8): add a "Match invalid-user" predicate to sshd_config Match
options that matches when the target username is not valid on the
server.
- ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
- ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange
algorithm now has an IANA-assigned name in addition to the
"@openssh.com" vendor extension name. This algorithm is now also
available under this name "sntrup761x25519-sha512"
- ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is in
addition to pre-existing controls in ssh-agent(1) and sshd(8) that
prevented coredumps.
- All: convert key handling to use the libcrypto EVP_PKEY API, with the
exception of DSA.
- sshd(8): add a random amount of jitter (up to 4 seconds) to the grace
login time to make its expiry unpredictable.
- sshd(8): fix regression introduced in openssh-9.8 that swapped the
order of source and destination addresses in some sshd log messages.
- sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
- ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools.
- ssh(1), ssh-add(1): make parsing user at host consistently look for the
last '@' in the string rather than the first. This makes it possible
to more consistently use usernames that contain '@' characters.
- ssh(1), sshd(8): be more strict in parsing key type names. Only allow
short names (e.g "rsa") in user-interface code and require full SSH
protocol names (e.g. "ssh-rsa") everywhere else.
- regress: many performance and correctness improvements to the
re-keying regression test.
- ssh-keygen(1): clarify that ed25519 is the default key type generated
and clarify that rsa-sha2-512 is the default signature scheme when RSA
is in use.
- sshd(8): fix minor memory leak in Subsystem option parsing.
- All: additional hardening and consistency checks for the sshbuf code.
- sshd(8): reduce default logingrace penalty to ensure that a single
forgotten login that times out will be below the penalty threshold.
- ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
ControlPersist then later has a forwarding added using mux proxy
connection and the forwarding was used, then when the mux proxy
session terminated, the mux master process would issue a bad message
that terminated the connection.
- Sync contrib/ssh-copy-id to the latest upstream version.
- sshd(8): restore audit call before exit that regressed in openssh-9.8.
Fixes an issue where the SSH_CONNECTION_ABANDON event was not
recorded.
- Fix detection of setres*id on GNU/Hurd.
openssh (1:9.8p1-8) unstable; urgency=medium
* Source-only reupload.
openssh (1:9.8p1-7) unstable; urgency=medium
* Adjust description line-wrapping so that lintian recognizes that
openssh-client-gssapi is an intentionally empty package.
openssh (1:9.8p1-6) unstable; urgency=medium
* Upload with binaries to satisfy Debian archive NEW checks.
openssh (1:9.8p1-5) unstable; urgency=medium
* Add openssh-client-gssapi and openssh-server-gssapi packages; these
currently just depend on their non-gssapi counterparts, but will become
different in future. See
https://lists.debian.org/debian-devel/2024/04/msg00044.html.
openssh (1:9.8p1-4) unstable; urgency=medium
[ Grzegorz Szymaszek ]
* Disable listening on 22 in the port change example in README.Debian.
[ Colin Watson ]
* sshd: Allow exec without absolute path in inetd mode (closes: #1078429).
* Add an autopkgtest for running sshd from xinetd.
openssh (1:9.8p1-3) unstable; urgency=medium
[ Dirk Van Haerenborgh ]
* Add sshd-session to openssh-server-udeb.
openssh (1:9.8p1-2) unstable; urgency=medium
* Don't close sockets passed by systemd socket activation (closes:
#1077765).
* Add an autopkgtest for socket activation.
* Consult /etc/hosts.{allow,deny} as "sshd", not "sshd-session" (closes:
#1077799).
openssh (1:9.8p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/releasenotes.html#9.8p1):
- CVE-2024-39894: Fix Logic error in ssh(1) ObscureKeystrokeTiming that
made the feature ineffective.
- The DSA signature algorithm is now disabled at compile-time.
- sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
- sshd(8): several log messages have changed. In particular, some log
messages will be tagged with as originating from a process named
"sshd-session" rather than "sshd".
- ssh-keyscan(1): this tool previously emitted comment lines containing
the hostname and SSH protocol banner to standard error. This release
now emits them to standard output, but adds a new "-q" flag to silence
them altogether.
- sshd(8): sshd will no longer use argv[0] as the PAM service name. A
new "PAMServiceName" sshd_config(5) directive allows selecting the
service name at runtime. This defaults to "sshd".
- sshd(8): penalise client addresses that, for various reasons, do not
successfully complete authentication. This feature is controlled by a
new sshd_config(5) PerSourcePenalties option and is on by default.
- ssh(8): allow the HostkeyAlgorithms directive to disable the implicit
fallback from certificate host key to plain host keys.
- misc: fix a number of inaccuracies in the PROTOCOL.* documentation
files.
- all: switch to strtonum(3) for more robust integer parsing in most
places.
- ssh(1), sshd(8): correctly restore sigprocmask around ppoll().
- ssh-keysign(8): stricter validation of messaging socket fd.
- sftp(1): flush stdout after writing "sftp>" prompt when not using
editline.
- sftp-server(8): fix home-directory extension implementation, it
previously always returned the current user's home directory contrary
to the spec.
- ssh-keyscan(1): do not close stdin to prevent error messages when
stdin is read multiple times.
- regression tests: fix rekey test that was testing the same KEX
algorithm repeatedly instead of testing all of them.
- ssh_config(5), sshd_config(5): clarify the KEXAlgorithms directive
documentation, especially around what is supported vs available
(closes: #1073065).
- sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.
- build: fix OpenSSL ED25519 support detection. An incorrect function
signature in configure.ac previously prevented enabling the recently
added support for ED25519 private keys in PEM PKCS8 format.
- ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable (closes: #1037515, #1068044).
* Stop generating DSA host key.
* Apply X-Style: black.
-- Nick Rosbrook <enr0n at ubuntu.com> Tue, 12 Nov 2024 16:28:26 -0500
** Changed in: openssh (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-39894
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2085261
Title:
Merge openssh from Debian unstable for plucky
Status in openssh package in Ubuntu:
Fix Released
Bug description:
Scheduled-For: Backlog
Upstream: tbd
Debian: 1:9.9p1-2
Ubuntu: 1:9.7p1-7ubuntu4
foundations team has maintained this package's merge in the past.
If it turns out this needs a sync rather than a merge, please change
the tag 'needs-merge' to 'needs-sync', and (optionally) update the
title as desired.
If this merge pulls in a new upstream version, also consider adding an
entry to the Jammy Release Notes:
https://discourse.ubuntu.com/c/release/38
### New Debian Changes ###
openssh (1:9.9p1-2) unstable; urgency=medium
* Don't prefer host-bound public key signatures if there was no initial
host key, as is the case when using GSS-API key exchange (closes:
#1041521).
* Use runuser rather than sudo in autopkgtests where possible, avoiding a
dependency.
-- Colin Watson <cjwatson at debian.org> Mon, 21 Oct 2024 18:24:07
+0100
openssh (1:9.9p1-1) unstable; urgency=medium
* Alias the old Debian-specific SetupTimeOut client option to
ConnectTimeout rather than to ServerAliveInterval.
* New upstream release (https://www.openssh.com/releasenotes.html#9.9p1):
- ssh(1): remove support for pre-authentication compression.
- ssh(1), sshd(8): processing of the arguments to the 'Match'
configuration directive now follows more shell-like rules for quoted
strings, including allowing nested quotes and /-escaped characters.
- ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm 'mlkem768x25519-sha256' is available by default.
- ssh(1): the ssh_config 'Include' directive can now expand environment
as well as the same set of %-tokens 'Match Exec' supports.
- sshd(8): add a sshd_config 'RefuseConnection' option that, if set will
terminate the connection at the first authentication request.
- sshd(8): add a 'refuseconnection' penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped by the
new RefuseConnection keyword.
- sshd(8): add a 'Match invalid-user' predicate to sshd_config Match
options that matches when the target username is not valid on the
server.
- ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
- ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange
algorithm now has an IANA-assigned name in addition to the
'@openssh.com' vendor extension name. This algorithm is now also
available under this name 'sntrup761x25519-sha512'
- ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is in
addition to pre-existing controls in ssh-agent(1) and sshd(8) that
prevented coredumps.
- All: convert key handling to use the libcrypto EVP_PKEY API, with the
exception of DSA.
- sshd(8): add a random amount of jitter (up to 4 seconds) to the grace
login time to make its expiry unpredictable.
- sshd(8): fix regression introduced in openssh-9.8 that swapped the
order of source and destination addresses in some sshd log messages.
- sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
- ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools.
- ssh(1), ssh-add(1): make parsing user at host consistently look for the
last '@' in the string rather than the first. This makes it possible
to more consistently use usernames that contain '@' characters.
- ssh(1), sshd(8): be more strict in parsing key type names. Only allow
short names (e.g 'rsa') in user-interface code and require full SSH
protocol names (e.g. 'ssh-rsa') everywhere else.
- regress: many performance and correctness improvements to the
re-keying regression test.
- ssh-keygen(1): clarify that ed25519 is the default key type generated
and clarify that rsa-sha2-512 is the default signature scheme when RSA
is in use.
- sshd(8): fix minor memory leak in Subsystem option parsing.
- All: additional hardening and consistency checks for the sshbuf code.
- sshd(8): reduce default logingrace penalty to ensure that a single
forgotten login that times out will be below the penalty threshold.
- ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
ControlPersist then later has a forwarding added using mux proxy
connection and the forwarding was used, then when the mux proxy
session terminated, the mux master process would issue a bad message
that terminated the connection.
- Sync contrib/ssh-copy-id to the latest upstream version.
- sshd(8): restore audit call before exit that regressed in openssh-9.8.
Fixes an issue where the SSH_CONNECTION_ABANDON event was not
recorded.
- Fix detection of setres*id on GNU/Hurd.
-- Colin Watson <cjwatson at debian.org> Mon, 23 Sep 2024 21:09:59
-0700
openssh (1:9.8p1-8) unstable; urgency=medium
* Source-only reupload.
-- Colin Watson <cjwatson at debian.org> Fri, 30 Aug 2024 00:38:26
+0100
openssh (1:9.8p1-7) unstable; urgency=medium
* Adjust description line-wrapping so that lintian recognizes that
openssh-client-gssapi is an intentionally empty package.
-- Colin Watson <cjwatson at debian.org> Thu, 29 Aug 2024 14:17:13
+0100
openssh (1:9.8p1-6) unstable; urgency=medium
* Upload with binaries to satisfy Debian archive NEW checks.
### Old Ubuntu Delta ###
openssh (1:9.7p1-7ubuntu4) oracular; urgency=medium
* Explicitly listen on IPv4 by default, with socket-activated sshd
(LP: #2080216)
- d/systemd/ssh.socket: explicitly listen on ipv4 by default
- d/t/sshd-socket-generator: update for new defaults and AddressFamily
- sshd-socket-generator: handle new ssh.socket default settings
* d/p/systemd-socket-activation.patch: always close newsock fd before re-exec
-- Nick Rosbrook <enr0n at ubuntu.com> Tue, 01 Oct 2024 14:45:28 -0400
openssh (1:9.7p1-7ubuntu3) oracular; urgency=medium
* sshd-socket-generator: do not parse server match config (LP:
#2076023)
-- Nick Rosbrook <enr0n at ubuntu.com> Tue, 27 Aug 2024 15:54:41 -0400
openssh (1:9.7p1-7ubuntu2) oracular; urgency=medium
* d/p/test-set-UsePAM-no-on-some-tests.patch: restore patch
This was mistakenly dropped in the merge from Debian after
testing locally only.
-- Nick Rosbrook <enr0n at ubuntu.com> Wed, 31 Jul 2024 10:20:23 -0400
openssh (1:9.7p1-7ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2064435). Remaining changes:
- Make systemd socket activation the default:
+ debian/rules: modify dh_installsystemd invocations for
socket-activated sshd
+ debian/README.Debian: document systemd socket activation.
+ debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used
+ debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
+ debian/control: Build-Depends: systemd-dev
+ d/p/sshd-socket-generator.patch: add generator for socket activation
+ debian/openssh-server.install: install sshd-socket-generator
+ debian/openssh-server.postinst: handle migration to sshd-socket-generator
+ d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
+ ssh.socket: adjust unit for socket activation by default
+ debian/rules: explicitly enable LTO
- debian/.gitignore: drop file
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/patches: Immediately report interactive instructions to PAM clients
- debian/patches: sshconnect2: Write kbd-interactive messages as utf-8
- d/t/ssh-gssapi: disable -e in cleanup()
- SECURITY UPDATE: timing attack against echo-off password entry
+ debian/patches/CVE-2024-39894.patch: don't rely on
channel_did_enqueue in clientloop.c
+ CVE-2024-39894
* Dropped changes, included in Debian:
- debian/patches: only set PAM_RHOST if remote host is not 'UNKNOWN'
- Remove deprecated user_readenv=1 setting (LP #2059859):
+ d/openssh-server.sshd.pam.in: drop user_readenv=1, which was
deprecated by pam_env upstream. Openssh has the SendEnv and AcceptEnv
configuration options that can be used to replace this feature, and
are in the default config already
+ d/NEWS: update about this change in behavior
- debian: Remove dependency on libsystemd
- d/p/gssapi.patch: fix method_gsskeyex structure and
userauth_gsskeyex function regarding changes introduced in upstream
commit dbb339f015c33d63484261d140c84ad875a9e548 ('prepare for
multiple names for authmethods') (LP #2053146)
- d/t/{ssh-gssapi,util}: ssh-gssapi DEP8 test for gssapi-with-mic
and gssapi-keyex authentication methods
- SECURITY UPDATE: remote code execution via signal handler race
condition (LP #2070497)
+ debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.
+ CVE-2024-6387
* Dropped changes, no longer needed:
- debian/openssh-server.postinst: ucf workaround for LP #1968873
[affected upgrade path not supported]
- d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no
for some tests.
-- Nick Rosbrook <enr0n at ubuntu.com> Mon, 29 Jul 2024 15:19:02 -0400
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2085261/+subscriptions
More information about the foundations-bugs
mailing list