-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: openssh Binary: openssh-client, openssh-server, openssh-sftp-server, ssh, ssh-krb5, ssh-askpass-gnome, openssh-client-udeb, openssh-server-udeb Architecture: any all Version: 1:6.9p1-1 Maintainer: Debian OpenSSH Maintainers <[email protected]> Uploaders: Colin Watson <[email protected]>, Matthew Vernon <[email protected]> Homepage: http://www.openssh.org/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-ssh/openssh.git Vcs-Git: git://anonscm.debian.org/pkg-ssh/openssh.git Testsuite: autopkgtest Build-Depends: libwrap0-dev | libwrap-dev, zlib1g-dev (>= 1:1.2.3), libssl-dev (>= 0.9.8g), libpam0g-dev | libpam-dev, libgtk2.0-dev, libedit-dev, debhelper (>= 9~), dh-exec, libselinux1-dev [linux-any], libkrb5-dev | heimdal-dev, dpkg-dev (>= 1.16.1~), libck-connector-dev, dh-autoreconf, autotools-dev, dh-systemd (>= 1.4) Package-List: openssh-client deb net standard arch=any openssh-client-udeb udeb debian-installer optional arch=any openssh-server deb net optional arch=any openssh-server-udeb udeb debian-installer optional arch=any openssh-sftp-server deb net optional arch=any ssh deb net extra arch=all ssh-askpass-gnome deb gnome optional arch=any ssh-krb5 deb oldlibs extra arch=all Checksums-Sha1: 86ab57f00d0fd9bf302760f2f6deac1b6e9df265 1487617 openssh_6.9p1.orig.tar.gz 2750a007db7992180da53a9ad7c350c6945b36e3 152088 openssh_6.9p1-1.debian.tar.xz Checksums-Sha256: 6e074df538f357d440be6cf93dc581a21f22d39e236f217fcd8eacbb6c896cfe 1487617 openssh_6.9p1.orig.tar.gz 60f1ad506db206af12746adbe2e8f0b089f12062f4ae48ae1d7557dda431e72b 152088 openssh_6.9p1-1.debian.tar.xz Files: 0b161c44fc31fbc6b76a6f8ae639f16f 1487617 openssh_6.9p1.orig.tar.gz 5b2a9b8a8af3e970b4ed6bc4d4d5fb1c 152088 openssh_6.9p1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Colin Watson <[email protected]> -- Debian developer iQIVAwUBVdWiKjk1h9l9hlALAQgnzw//du2/FXdAxYIvcgJKiRhA9AEMbbpxvWrh bmOiC8IXl1E5jadz/upHsonBJ8mG9/KHilgfANKBU+iPAv4Kt6QzGcZQRconC4p2 jP/Kf8KdLWuyQbNLg6K/55/SVdRZN71tw0HzthlASEnSb2c9ApW1FO4/oQkEokq1 kZFN5BjjsoDRLu79UWOdmKZZ6ED9MZFIJTTvwJt89f/JuofHkJSuptQE36Zc7Yrg JmHbDmczkwb+MLjLWV5L30RNdlIzSoTyAwCYxrXC8iMn8T9rS/h0Wr/jLEIJyEgM 6RZxkNxTQDJBKxyjqJymrHEGdX6bw1r4lPgGT0YOZd2up/e/zBrkBzfW3vYy8xs+ 6fsQ2jASnCEo+ahRw8M8G/CRpYxVrHV/Pj8Eh2CnD+vHujzCPW7iiE8B4BRZq0FA 2X6R2++sGljG6CjLF1koGUU+RYiX7jj99a26nRPJqY99D4HUjx32V5HuQn3Xda+u zeexvkGCZSws+hFyi+QXmjOoYive8gYPzCAhJDCuHWTnkFR5Iuf7Z5HCdQoWK8ur e/T4QaHJjqQDtTwAa6XQ7g788SBdb/mRS67/koGbVjFQsGa9a242A6xjqNiyPaUB DCtAqibd+v9ZP9aVrvuBjye88N7dWQcZEoFQJv+aCL7G8FPGLEojA1ekLROnz5uh XDNUpt0mwog= =1Tdm -----END PGP SIGNATURE----- Changes: openssh (1:6.9p1-1) unstable; urgency=medium * New upstream release (http://www.openssh.com/txt/release-6.8): - sshd(8): UseDNS now defaults to 'no'. Configurations that match against the client host name (via sshd_config or authorized_keys) may need to re-enable it or convert to matching against addresses. - Add FingerprintHash option to ssh(1) and sshd(8), and equivalent command-line flags to the other tools to control algorithm used for key fingerprints. The default changes from MD5 to SHA256 and format from hex to base64. Fingerprints now have the hash algorithm prepended. An example of the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE Please note that visual host keys will also be different. - ssh(1), sshd(8): Experimental host key rotation support. Add a protocol extension for a server to inform a client of all its available host keys after authentication has completed. The client may record the keys in known_hosts, allowing it to upgrade to better host key algorithms and a server to gracefully rotate its keys. The client side of this is controlled by a UpdateHostkeys config option (default off). - ssh(1): Add a ssh_config HostbasedKeyType option to control which host public key types are tried during host-based authentication. - ssh(1), sshd(8): Fix connection-killing host key mismatch errors when sshd offers multiple ECDSA keys of different lengths. - ssh(1): When host name canonicalisation is enabled, try to parse host names as addresses before looking them up for canonicalisation. Fixes bz#2074 and avoids needless DNS lookups in some cases. - ssh(1), ssh-keysign(8): Make ed25519 keys work for host based authentication. - sshd(8): SSH protocol v.1 workaround for the Meyer, et al, Bleichenbacher Side Channel Attack. Fake up a bignum key before RSA decryption. - sshd(8): Remember which public keys have been used for authentication and refuse to accept previously-used keys. This allows AuthenticationMethods=publickey,publickey to require that users authenticate using two _different_ public keys. - sshd(8): add sshd_config HostbasedAcceptedKeyTypes and PubkeyAcceptedKeyTypes options to allow sshd to control what public key types will be accepted (closes: #481133). Currently defaults to all. - sshd(8): Don't count partial authentication success as a failure against MaxAuthTries. - ssh(1): Add RevokedHostKeys option for the client to allow text-file or KRL-based revocation of host keys. - ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial number or key ID without scoping to a particular CA. - ssh(1): Add a "Match canonical" criteria that allows ssh_config Match blocks to trigger only in the second config pass. - ssh(1): Add a -G option to ssh that causes it to parse its configuration and dump the result to stdout, similar to "sshd -T". - ssh(1): Allow Match criteria to be negated. E.g. "Match !host". - ssh-keyscan(1): ssh-keyscan has been made much more robust against servers that hang or violate the SSH protocol (closes: #241119). - ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were being lost as comment fields (closes: #787776). - ssh(1): Allow ssh_config Port options set in the second config parse phase to be applied (they were being ignored; closes: #774369). - ssh(1): Tweak config re-parsing with host canonicalisation - make the second pass through the config files always run when host name canonicalisation is enabled (and not whenever the host name changes) - ssh(1): Fix passing of wildcard forward bind addresses when connection multiplexing is in use. - ssh-keygen(1): Fix broken private key conversion from non-OpenSSH formats. - ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use. * New upstream release (http://www.openssh.com/txt/release-6.9): - CVE-2015-5352: ssh(1): When forwarding X11 connections with ForwardX11Trusted=no, connections made after ForwardX11Timeout expired could be permitted and no longer subject to XSECURITY restrictions because of an ineffective timeout check in ssh(1) coupled with "fail open" behaviour in the X11 server when clients attempted connections with expired credentials (closes: #790798). This problem was reported by Jann Horn. - SECURITY: ssh-agent(1): Fix weakness of agent locking (ssh-add -x) to password guessing by implementing an increasing failure delay, storing a salted hash of the password rather than the password itself and using a timing-safe comparison function for verifying unlock attempts. This problem was reported by Ryan Castellucci. - sshd(8): Support admin-specified arguments to AuthorizedKeysCommand (closes: #740494). - sshd(8): Add AuthorizedPrincipalsCommand that allows retrieving authorized principals information from a subprocess rather than a file. - ssh(1), ssh-add(1): Support PKCS#11 devices with external PIN entry devices. - ssh-keygen(1): Support "ssh-keygen -lF hostname" to search known_hosts and print key hashes rather than full keys. - ssh-agent(1): Add -D flag to leave ssh-agent in foreground without enabling debug mode. - ssh(1), sshd(8): Deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use it against some 3rd-party SSH implementations that use it (older PuTTY, WinSCP). - ssh(1), sshd(8): Cap DH-GEX group size at 4Kbits for Cisco implementations as some would fail when attempting to use group sizes >4K (closes: #740307, LP: #1287222). - ssh(1): Fix out-of-bound read in EscapeChar configuration option parsing. - sshd(8): Fix application of PermitTunnel, LoginGraceTime, AuthenticationMethods and StreamLocalBindMask options in Match blocks. - ssh(1), sshd(8): Improve disconnection message on TCP reset. - ssh(1): Remove failed remote forwards established by multiplexing from the list of active forwards. - sshd(8): Make parsing of authorized_keys "environment=" options independent of PermitUserEnv being enabled. - sshd(8): Fix post-auth crash with permitopen=none (closes: #778807). - ssh(1), ssh-add(1), ssh-keygen(1): Allow new-format private keys to be encrypted with AEAD ciphers. - ssh(1): Allow ListenAddress, Port and AddressFamily configuration options to appear in any order. - sshd(8): Check for and reject missing arguments for VersionAddendum and ForceCommand. - ssh(1), sshd(8): Don't treat unknown certificate extensions as fatal. - ssh-keygen(1): Make stdout and stderr output consistent. - ssh(1): Mention missing DISPLAY environment in debug log when X11 forwarding requested. - sshd(8): Correctly record login when UseLogin is set. - sshd(8): Add some missing options to sshd -T output and fix output of VersionAddendum and HostCertificate. - Document and improve consistency of options that accept a "none" argument: TrustedUserCAKeys, RevokedKeys, AuthorizedPrincipalsFile. - ssh(1): Include remote username in debug output. - sshd(8): Avoid compatibility problem with some versions of Tera Term, which would crash when they received the hostkeys notification message ([email protected]). - sshd(8): Mention ssh-keygen -E as useful when comparing legacy MD5 host key fingerprints. - ssh(1): Clarify pseudo-terminal request behaviour and make manual language consistent. - ssh(1): Document that the TERM environment variable is not subject to SendEnv and AcceptEnv; bz#2386 - sshd(8): Format UsePAM setting when using sshd -T (closes: #767648). - moduli(5): Update DH-GEX moduli (closes: #787037). * There are some things I want to fix before upgrading to 7.0p1, though I intend to do that soon. In the meantime, backport some patches, mainly to fix security issues: - SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev. - SECURITY: sshd(8): Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. - SECURITY: sshd(8): Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution (closes: #795711). Also reported by Moritz Jodeit. - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using keyboard-interactive authentication (closes: #793616). By specifying a long, repeating keyboard-interactive "devices" string, an attacker could request the same authentication method be tried thousands of times in a single pass. The LoginGraceTime timeout in sshd(8) and any authentication failure delays implemented by the authentication mechanism itself were still applied. Found by Kingcope. - Let principals-command.sh work for noexec /var/run. * Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the GSSAPI key exchange patch. * Document the Debian-specific change to the default value of ForwardX11Trusted in ssh(1) (closes: #781469). -- Colin Watson <[email protected]> Thu, 20 Aug 2015 10:38:58 +0100
