[Bug 2085261] [NEW] Merge openssh from Debian unstable for jammy
Bryce Harrington
2085261 at bugs.launchpad.net
Tue Oct 22 03:22:18 UTC 2024
Public bug reported:
Scheduled-For: Backlog
Upstream: tbd
Debian: 1:9.9p1-2
Ubuntu: 1:9.7p1-7ubuntu4
foundations team has maintained this package's merge in the past.
If it turns out this needs a sync rather than a merge, please change the
tag 'needs-merge' to 'needs-sync', and (optionally) update the title as
desired.
If this merge pulls in a new upstream version, also consider adding an
entry to the Jammy Release Notes:
https://discourse.ubuntu.com/c/release/38
### New Debian Changes ###
openssh (1:9.9p1-2) unstable; urgency=medium
* Don't prefer host-bound public key signatures if there was no initial
host key, as is the case when using GSS-API key exchange (closes:
#1041521).
* Use runuser rather than sudo in autopkgtests where possible, avoiding a
dependency.
-- Colin Watson <cjwatson at debian.org> Mon, 21 Oct 2024 18:24:07 +0100
openssh (1:9.9p1-1) unstable; urgency=medium
* Alias the old Debian-specific SetupTimeOut client option to
ConnectTimeout rather than to ServerAliveInterval.
* New upstream release (https://www.openssh.com/releasenotes.html#9.9p1):
- ssh(1): remove support for pre-authentication compression.
- ssh(1), sshd(8): processing of the arguments to the 'Match'
configuration directive now follows more shell-like rules for quoted
strings, including allowing nested quotes and /-escaped characters.
- ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm 'mlkem768x25519-sha256' is available by default.
- ssh(1): the ssh_config 'Include' directive can now expand environment
as well as the same set of %-tokens 'Match Exec' supports.
- sshd(8): add a sshd_config 'RefuseConnection' option that, if set will
terminate the connection at the first authentication request.
- sshd(8): add a 'refuseconnection' penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped by the
new RefuseConnection keyword.
- sshd(8): add a 'Match invalid-user' predicate to sshd_config Match
options that matches when the target username is not valid on the
server.
- ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
- ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange
algorithm now has an IANA-assigned name in addition to the
'@openssh.com' vendor extension name. This algorithm is now also
available under this name 'sntrup761x25519-sha512'
- ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is in
addition to pre-existing controls in ssh-agent(1) and sshd(8) that
prevented coredumps.
- All: convert key handling to use the libcrypto EVP_PKEY API, with the
exception of DSA.
- sshd(8): add a random amount of jitter (up to 4 seconds) to the grace
login time to make its expiry unpredictable.
- sshd(8): fix regression introduced in openssh-9.8 that swapped the
order of source and destination addresses in some sshd log messages.
- sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
- ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools.
- ssh(1), ssh-add(1): make parsing user at host consistently look for the
last '@' in the string rather than the first. This makes it possible
to more consistently use usernames that contain '@' characters.
- ssh(1), sshd(8): be more strict in parsing key type names. Only allow
short names (e.g 'rsa') in user-interface code and require full SSH
protocol names (e.g. 'ssh-rsa') everywhere else.
- regress: many performance and correctness improvements to the
re-keying regression test.
- ssh-keygen(1): clarify that ed25519 is the default key type generated
and clarify that rsa-sha2-512 is the default signature scheme when RSA
is in use.
- sshd(8): fix minor memory leak in Subsystem option parsing.
- All: additional hardening and consistency checks for the sshbuf code.
- sshd(8): reduce default logingrace penalty to ensure that a single
forgotten login that times out will be below the penalty threshold.
- ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
ControlPersist then later has a forwarding added using mux proxy
connection and the forwarding was used, then when the mux proxy
session terminated, the mux master process would issue a bad message
that terminated the connection.
- Sync contrib/ssh-copy-id to the latest upstream version.
- sshd(8): restore audit call before exit that regressed in openssh-9.8.
Fixes an issue where the SSH_CONNECTION_ABANDON event was not
recorded.
- Fix detection of setres*id on GNU/Hurd.
-- Colin Watson <cjwatson at debian.org> Mon, 23 Sep 2024 21:09:59 -0700
openssh (1:9.8p1-8) unstable; urgency=medium
* Source-only reupload.
-- Colin Watson <cjwatson at debian.org> Fri, 30 Aug 2024 00:38:26 +0100
openssh (1:9.8p1-7) unstable; urgency=medium
* Adjust description line-wrapping so that lintian recognizes that
openssh-client-gssapi is an intentionally empty package.
-- Colin Watson <cjwatson at debian.org> Thu, 29 Aug 2024 14:17:13 +0100
openssh (1:9.8p1-6) unstable; urgency=medium
* Upload with binaries to satisfy Debian archive NEW checks.
### Old Ubuntu Delta ###
openssh (1:9.7p1-7ubuntu4) oracular; urgency=medium
* Explicitly listen on IPv4 by default, with socket-activated sshd
(LP: #2080216)
- d/systemd/ssh.socket: explicitly listen on ipv4 by default
- d/t/sshd-socket-generator: update for new defaults and AddressFamily
- sshd-socket-generator: handle new ssh.socket default settings
* d/p/systemd-socket-activation.patch: always close newsock fd before re-exec
-- Nick Rosbrook <enr0n at ubuntu.com> Tue, 01 Oct 2024 14:45:28 -0400
openssh (1:9.7p1-7ubuntu3) oracular; urgency=medium
* sshd-socket-generator: do not parse server match config (LP:
#2076023)
-- Nick Rosbrook <enr0n at ubuntu.com> Tue, 27 Aug 2024 15:54:41 -0400
openssh (1:9.7p1-7ubuntu2) oracular; urgency=medium
* d/p/test-set-UsePAM-no-on-some-tests.patch: restore patch
This was mistakenly dropped in the merge from Debian after
testing locally only.
-- Nick Rosbrook <enr0n at ubuntu.com> Wed, 31 Jul 2024 10:20:23 -0400
openssh (1:9.7p1-7ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2064435). Remaining changes:
- Make systemd socket activation the default:
+ debian/rules: modify dh_installsystemd invocations for
socket-activated sshd
+ debian/README.Debian: document systemd socket activation.
+ debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used
+ debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
+ debian/control: Build-Depends: systemd-dev
+ d/p/sshd-socket-generator.patch: add generator for socket activation
+ debian/openssh-server.install: install sshd-socket-generator
+ debian/openssh-server.postinst: handle migration to sshd-socket-generator
+ d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
+ ssh.socket: adjust unit for socket activation by default
+ debian/rules: explicitly enable LTO
- debian/.gitignore: drop file
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/patches: Immediately report interactive instructions to PAM clients
- debian/patches: sshconnect2: Write kbd-interactive messages as utf-8
- d/t/ssh-gssapi: disable -e in cleanup()
- SECURITY UPDATE: timing attack against echo-off password entry
+ debian/patches/CVE-2024-39894.patch: don't rely on
channel_did_enqueue in clientloop.c
+ CVE-2024-39894
* Dropped changes, included in Debian:
- debian/patches: only set PAM_RHOST if remote host is not 'UNKNOWN'
- Remove deprecated user_readenv=1 setting (LP #2059859):
+ d/openssh-server.sshd.pam.in: drop user_readenv=1, which was
deprecated by pam_env upstream. Openssh has the SendEnv and AcceptEnv
configuration options that can be used to replace this feature, and
are in the default config already
+ d/NEWS: update about this change in behavior
- debian: Remove dependency on libsystemd
- d/p/gssapi.patch: fix method_gsskeyex structure and
userauth_gsskeyex function regarding changes introduced in upstream
commit dbb339f015c33d63484261d140c84ad875a9e548 ('prepare for
multiple names for authmethods') (LP #2053146)
- d/t/{ssh-gssapi,util}: ssh-gssapi DEP8 test for gssapi-with-mic
and gssapi-keyex authentication methods
- SECURITY UPDATE: remote code execution via signal handler race
condition (LP #2070497)
+ debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.
+ CVE-2024-6387
* Dropped changes, no longer needed:
- debian/openssh-server.postinst: ucf workaround for LP #1968873
[affected upgrade path not supported]
- d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no
for some tests.
-- Nick Rosbrook <enr0n at ubuntu.com> Mon, 29 Jul 2024 15:19:02 -0400
** Affects: openssh (Ubuntu)
Importance: Undecided
Status: New
** Tags: needs-merge upgrade-software-version
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2085261
Title:
Merge openssh from Debian unstable for jammy
Status in openssh package in Ubuntu:
New
Bug description:
Scheduled-For: Backlog
Upstream: tbd
Debian: 1:9.9p1-2
Ubuntu: 1:9.7p1-7ubuntu4
foundations team has maintained this package's merge in the past.
If it turns out this needs a sync rather than a merge, please change
the tag 'needs-merge' to 'needs-sync', and (optionally) update the
title as desired.
If this merge pulls in a new upstream version, also consider adding an
entry to the Jammy Release Notes:
https://discourse.ubuntu.com/c/release/38
### New Debian Changes ###
openssh (1:9.9p1-2) unstable; urgency=medium
* Don't prefer host-bound public key signatures if there was no initial
host key, as is the case when using GSS-API key exchange (closes:
#1041521).
* Use runuser rather than sudo in autopkgtests where possible, avoiding a
dependency.
-- Colin Watson <cjwatson at debian.org> Mon, 21 Oct 2024 18:24:07
+0100
openssh (1:9.9p1-1) unstable; urgency=medium
* Alias the old Debian-specific SetupTimeOut client option to
ConnectTimeout rather than to ServerAliveInterval.
* New upstream release (https://www.openssh.com/releasenotes.html#9.9p1):
- ssh(1): remove support for pre-authentication compression.
- ssh(1), sshd(8): processing of the arguments to the 'Match'
configuration directive now follows more shell-like rules for quoted
strings, including allowing nested quotes and /-escaped characters.
- ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm 'mlkem768x25519-sha256' is available by default.
- ssh(1): the ssh_config 'Include' directive can now expand environment
as well as the same set of %-tokens 'Match Exec' supports.
- sshd(8): add a sshd_config 'RefuseConnection' option that, if set will
terminate the connection at the first authentication request.
- sshd(8): add a 'refuseconnection' penalty class to sshd_config
PerSourcePenalties that is applied when a connection is dropped by the
new RefuseConnection keyword.
- sshd(8): add a 'Match invalid-user' predicate to sshd_config Match
options that matches when the target username is not valid on the
server.
- ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
substantially faster implementation.
- ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange
algorithm now has an IANA-assigned name in addition to the
'@openssh.com' vendor extension name. This algorithm is now also
available under this name 'sntrup761x25519-sha512'
- ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is in
addition to pre-existing controls in ssh-agent(1) and sshd(8) that
prevented coredumps.
- All: convert key handling to use the libcrypto EVP_PKEY API, with the
exception of DSA.
- sshd(8): add a random amount of jitter (up to 4 seconds) to the grace
login time to make its expiry unpredictable.
- sshd(8): fix regression introduced in openssh-9.8 that swapped the
order of source and destination addresses in some sshd log messages.
- sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys.
- ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools.
- ssh(1), ssh-add(1): make parsing user at host consistently look for the
last '@' in the string rather than the first. This makes it possible
to more consistently use usernames that contain '@' characters.
- ssh(1), sshd(8): be more strict in parsing key type names. Only allow
short names (e.g 'rsa') in user-interface code and require full SSH
protocol names (e.g. 'ssh-rsa') everywhere else.
- regress: many performance and correctness improvements to the
re-keying regression test.
- ssh-keygen(1): clarify that ed25519 is the default key type generated
and clarify that rsa-sha2-512 is the default signature scheme when RSA
is in use.
- sshd(8): fix minor memory leak in Subsystem option parsing.
- All: additional hardening and consistency checks for the sshbuf code.
- sshd(8): reduce default logingrace penalty to ensure that a single
forgotten login that times out will be below the penalty threshold.
- ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
ControlPersist then later has a forwarding added using mux proxy
connection and the forwarding was used, then when the mux proxy
session terminated, the mux master process would issue a bad message
that terminated the connection.
- Sync contrib/ssh-copy-id to the latest upstream version.
- sshd(8): restore audit call before exit that regressed in openssh-9.8.
Fixes an issue where the SSH_CONNECTION_ABANDON event was not
recorded.
- Fix detection of setres*id on GNU/Hurd.
-- Colin Watson <cjwatson at debian.org> Mon, 23 Sep 2024 21:09:59
-0700
openssh (1:9.8p1-8) unstable; urgency=medium
* Source-only reupload.
-- Colin Watson <cjwatson at debian.org> Fri, 30 Aug 2024 00:38:26
+0100
openssh (1:9.8p1-7) unstable; urgency=medium
* Adjust description line-wrapping so that lintian recognizes that
openssh-client-gssapi is an intentionally empty package.
-- Colin Watson <cjwatson at debian.org> Thu, 29 Aug 2024 14:17:13
+0100
openssh (1:9.8p1-6) unstable; urgency=medium
* Upload with binaries to satisfy Debian archive NEW checks.
### Old Ubuntu Delta ###
openssh (1:9.7p1-7ubuntu4) oracular; urgency=medium
* Explicitly listen on IPv4 by default, with socket-activated sshd
(LP: #2080216)
- d/systemd/ssh.socket: explicitly listen on ipv4 by default
- d/t/sshd-socket-generator: update for new defaults and AddressFamily
- sshd-socket-generator: handle new ssh.socket default settings
* d/p/systemd-socket-activation.patch: always close newsock fd before re-exec
-- Nick Rosbrook <enr0n at ubuntu.com> Tue, 01 Oct 2024 14:45:28 -0400
openssh (1:9.7p1-7ubuntu3) oracular; urgency=medium
* sshd-socket-generator: do not parse server match config (LP:
#2076023)
-- Nick Rosbrook <enr0n at ubuntu.com> Tue, 27 Aug 2024 15:54:41 -0400
openssh (1:9.7p1-7ubuntu2) oracular; urgency=medium
* d/p/test-set-UsePAM-no-on-some-tests.patch: restore patch
This was mistakenly dropped in the merge from Debian after
testing locally only.
-- Nick Rosbrook <enr0n at ubuntu.com> Wed, 31 Jul 2024 10:20:23 -0400
openssh (1:9.7p1-7ubuntu1) oracular; urgency=medium
* Merge with Debian unstable (LP: #2064435). Remaining changes:
- Make systemd socket activation the default:
+ debian/rules: modify dh_installsystemd invocations for
socket-activated sshd
+ debian/README.Debian: document systemd socket activation.
+ debian/patches/systemd-socket-activation.patch: Fix sshd
re-execution behavior when socket activation is used
+ debian/tests/systemd-socket-activation: Add autopkgtest for systemd socket
activation functionality.
+ debian/control: Build-Depends: systemd-dev
+ d/p/sshd-socket-generator.patch: add generator for socket activation
+ debian/openssh-server.install: install sshd-socket-generator
+ debian/openssh-server.postinst: handle migration to sshd-socket-generator
+ d/t/sshd-socket-generator: add dep8 test for sshd-socket-generator
+ ssh.socket: adjust unit for socket activation by default
+ debian/rules: explicitly enable LTO
- debian/.gitignore: drop file
- debian/openssh-server.ucf-md5sum: update for Ubuntu delta
- debian/patches: Immediately report interactive instructions to PAM clients
- debian/patches: sshconnect2: Write kbd-interactive messages as utf-8
- d/t/ssh-gssapi: disable -e in cleanup()
- SECURITY UPDATE: timing attack against echo-off password entry
+ debian/patches/CVE-2024-39894.patch: don't rely on
channel_did_enqueue in clientloop.c
+ CVE-2024-39894
* Dropped changes, included in Debian:
- debian/patches: only set PAM_RHOST if remote host is not 'UNKNOWN'
- Remove deprecated user_readenv=1 setting (LP #2059859):
+ d/openssh-server.sshd.pam.in: drop user_readenv=1, which was
deprecated by pam_env upstream. Openssh has the SendEnv and AcceptEnv
configuration options that can be used to replace this feature, and
are in the default config already
+ d/NEWS: update about this change in behavior
- debian: Remove dependency on libsystemd
- d/p/gssapi.patch: fix method_gsskeyex structure and
userauth_gsskeyex function regarding changes introduced in upstream
commit dbb339f015c33d63484261d140c84ad875a9e548 ('prepare for
multiple names for authmethods') (LP #2053146)
- d/t/{ssh-gssapi,util}: ssh-gssapi DEP8 test for gssapi-with-mic
and gssapi-keyex authentication methods
- SECURITY UPDATE: remote code execution via signal handler race
condition (LP #2070497)
+ debian/patches/CVE-2024-6387.patch: don't log in sshsigdie() in log.c.
+ CVE-2024-6387
* Dropped changes, no longer needed:
- debian/openssh-server.postinst: ucf workaround for LP #1968873
[affected upgrade path not supported]
- d/p/test-set-UsePAM-no-on-some-tests.patch: set UsePAM=no
for some tests.
-- Nick Rosbrook <enr0n at ubuntu.com> Mon, 29 Jul 2024 15:19:02 -0400
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2085261/+subscriptions
More information about the foundations-bugs
mailing list