Bug#294148: marked as done (wishlist: forwarding of general unix-domain sockets)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 09 Oct 2014 15:53:58 +0000
with message-id <E1XcG2Q-0002G0-22@franck.debian.org>
and subject line Bug#236718: fixed in openssh 1:6.7p1-1
has caused the Debian Bug report #236718,
regarding wishlist: forwarding of general unix-domain sockets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
236718: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=236718
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <maintonly@bugs.debian.org>
• Subject: wishlist: forwarding of general unix-domain sockets
• From: Alexander Zangerl <az@debian.org>
• Date: Tue, 08 Feb 2005 16:49:32 +1000
• Message-id: <200502080649.j186nWCs027829@cluon.it.bond.edu.au>

Package: ssh
Version: 1:3.4p1-1.woody.3
Severity: wishlist

ssh as of today forwards X11 and ssh-agent sockets just fine,
so there is no technical reason why not to allow other unix domain sockets
to be forwarded.

intended use would be to forward a gpg-agent socket, very similar
to how ssh-agent works. gpg-agent lives on the box with the private key,
and services requests from gpg clients. gpg-agent does not listen
on a network socket for very much the same reasons as ssh-agent.

at the moment gpg-agent is available only in the development versions
of gnugp, so this issue is not very urgent and
for now i'm working around this limitation using a horrible mess 
involving socat (unix-domain socket -- socat -- tcp port forward  -- socat -- socket), but i'd very much like to get rid of that...

regards
az

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux cluon 2.4.28 #1 Thu Dec 9 12:52:20 EST 2004 i686
Locale: LANG=C, LC_CTYPE=de_AT

Versions of packages ssh depends on:
ii  adduser                 3.47             Add and remove users and groups
ii  debconf                 1.4.30.11        Debian configuration management sy
ii  libc6                   2.3.2.ds1-20     GNU C Library: Shared libraries an
ii  libpam-modules          0.72-35          Pluggable Authentication Modules f
ii  libpam0g                0.76-22          Pluggable Authentication Modules l
ii  libssl0.9.6             0.9.6c-2.woody.7 SSL shared libraries
ii  libwrap0                7.6-9            Wietse Venema's TCP wrappers libra
ii  zlib1g                  1:1.2.2-3        compression library - runtime

--- End Message ---

--- Begin Message ---

• To: 236718-close@bugs.debian.org
• Subject: Bug#236718: fixed in openssh 1:6.7p1-1
• From: Colin Watson <cjwatson@debian.org>
• Date: Thu, 09 Oct 2014 15:53:58 +0000
• Message-id: <E1XcG2Q-0002G0-22@franck.debian.org>

Source: openssh
Source-Version: 1:6.7p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 236718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 09 Oct 2014 14:05:56 +0100
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.7p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 236718 734553
Changes:
 openssh (1:6.7p1-1) unstable; urgency=medium
 .
   * New upstream release (http://www.openssh.com/txt/release-6.7):
     - sshd(8): The default set of ciphers and MACs has been altered to
       remove unsafe algorithms.  In particular, CBC ciphers and arcfour* are
       disabled by default.  The full set of algorithms remains available if
       configured explicitly via the Ciphers and MACs sshd_config options.
     - ssh(1), sshd(8): Add support for Unix domain socket forwarding.  A
       remote TCP port may be forwarded to a local Unix domain socket and
       vice versa or both ends may be a Unix domain socket (closes: #236718).
     - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519
       key types.
     - sftp(1): Allow resumption of interrupted uploads.
     - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is
       the same as the one sent during initial key exchange.
     - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses
       when GatewayPorts=no; allows client to choose address family.
     - sshd(8): Add a sshd_config PermitUserRC option to control whether
       ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys
       option.
     - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that
       expands to a unique identifer based on a hash of the tuple of (local
       host, remote user, hostname, port).  Helps avoid exceeding miserly
       pathname limits for Unix domain sockets in multiplexing control paths.
     - sshd(8): Make the "Too many authentication failures" message include
       the user, source address, port and protocol in a format similar to the
       authentication success / failure messages.
     - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is
       available. It considers time spent suspended, thereby ensuring
       timeouts (e.g. for expiring agent keys) fire correctly (closes:
       #734553).
     - Use prctl() to prevent sftp-server from accessing
       /proc/self/{mem,maps}.
   * Restore TCP wrappers support, removed upstream in 6.7.  It is true that
     dropping this reduces preauth attack surface in sshd.  On the other
     hand, this support seems to be quite widely used, and abruptly dropping
     it (from the perspective of users who don't read openssh-unix-dev) could
     easily cause more serious problems in practice.  It's not entirely clear
     what the right long-term answer for Debian is, but it at least probably
     doesn't involve dropping this feature shortly before a freeze.
   * Replace patch to disable OpenSSL version check with an updated version
     of Kurt Roeckx's patch from #732940 to just avoid checking the status
     field.
   * Build-depend on a new enough dpkg-dev for dpkg-buildflags, rather than
     simply a new enough dpkg.
   * Simplify debian/rules using /usr/share/dpkg/buildflags.mk.
   * Use Package-Type rather than XC-Package-Type, now that it is an official
     field.
   * Run a subset of the upstream regression test suite at package build
     time, and the rest of it under autopkgtest.
Checksums-Sha1:
 432b4f60be0d6689db6d729a242832949f1736e1 2737 openssh_6.7p1-1.dsc
 14e5fbed710ade334d65925e080d1aaeb9c85bf6 1351367 openssh_6.7p1.orig.tar.gz
 0c2a6f1890418afec40e77574c4ab36bbc5c6636 146236 openssh_6.7p1-1.debian.tar.xz
 c4b5841fc93fff6e980b16ed62e02b771ae8ae85 748150 openssh-client_6.7p1-1_i386.deb
 fa2be96c67a06e2fb784c8bbc03acd14c40efee9 368586 openssh-server_6.7p1-1_i386.deb
 e553223a27503101fabe29db196254e6a1781a71 42744 openssh-sftp-server_6.7p1-1_i386.deb
 dcc3995c353b6212139a36fde77352a47e787e65 118890 ssh_6.7p1-1_all.deb
 0ae5b8674b11717dd1fd3eab6274248a46004965 118708 ssh-krb5_6.7p1-1_all.deb
 8e2dbb5afa2af97e4910d296c05e86456036a387 126526 ssh-askpass-gnome_6.7p1-1_i386.deb
 06259df5aa27a3f159c3a82c68fd4e0c0b607eb5 265248 openssh-client-udeb_6.7p1-1_i386.udeb
 5f655b93386f6b49fa5e040b4f70739d94160835 292376 openssh-server-udeb_6.7p1-1_i386.udeb
Checksums-Sha256:
 43bf6648c00aafbe3d435957977b6438bcfc01847fe4225822f85f29db55f565 2737 openssh_6.7p1-1.dsc
 b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 1351367 openssh_6.7p1.orig.tar.gz
 a88f23aa65eb504a6e27dbf68a24ee99d7402b736982f93dba636d31198cc62d 146236 openssh_6.7p1-1.debian.tar.xz
 a5a92bbe55e6f2bc47f2d7485efa31c7e8fc3e92e0929625cea7958b33895728 748150 openssh-client_6.7p1-1_i386.deb
 7f80665b507ddb7466706a14efdae31e38f46dfd9a681bcd5f737db194ca4875 368586 openssh-server_6.7p1-1_i386.deb
 975066291f0e31357b2ee6e490d922bdbf3ff550ac29eae770ec8fdce72af53a 42744 openssh-sftp-server_6.7p1-1_i386.deb
 4416339947c551ae7358d0583dc0c85031de12ece8d9c5ca636891323b089d5e 118890 ssh_6.7p1-1_all.deb
 041c859808016cfd2d626b9f8ec011643bd5a5655dd2dd3873b990ea036cc153 118708 ssh-krb5_6.7p1-1_all.deb
 3f991cd5a7220fe8b4d2c335b4a14230ae8582fa35420f2704ab04ede51b8c3f 126526 ssh-askpass-gnome_6.7p1-1_i386.deb
 1c1ebcb572d56b75fd44bf50d3e232f061c7cd30ed8a6536338f7bd43b3613ef 265248 openssh-client-udeb_6.7p1-1_i386.udeb
 c71b44a848bb7f08982af1ca18d06255a75b43efd45c04cad6c826f5d59db736 292376 openssh-server-udeb_6.7p1-1_i386.udeb
Files:
 e867bfe76227ac6bdad2308a0f54e0b7 2737 net standard openssh_6.7p1-1.dsc
 3246aa79317b1d23cae783a3bf8275d6 1351367 net standard openssh_6.7p1.orig.tar.gz
 26ee6aaddc210157a822cc7bb65f79dd 146236 net standard openssh_6.7p1-1.debian.tar.xz
 7709323e0c5ee8e514eacf4c65e47797 748150 net standard openssh-client_6.7p1-1_i386.deb
 ca6ad627a00b3ce0c0caf3e168a33f3f 368586 net optional openssh-server_6.7p1-1_i386.deb
 c4fcb98f5fd50a52d4581fa45e4770be 42744 net optional openssh-sftp-server_6.7p1-1_i386.deb
 b3b7c40c3492a975fb85b766ef3fba93 118890 net extra ssh_6.7p1-1_all.deb
 6ba982c5a81d8a5edfe6834f52553749 118708 oldlibs extra ssh-krb5_6.7p1-1_all.deb
 8d243dcea350afef2d0f76f89118d5ca 126526 gnome optional ssh-askpass-gnome_6.7p1-1_i386.deb
 36899d041f2462cb9f6706f68b8c3a3d 265248 debian-installer optional openssh-client-udeb_6.7p1-1_i386.udeb
 d13ee9f17fee08edcbe6c48473c0f84c 292376 debian-installer optional openssh-server-udeb_6.7p1-1_i386.udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBVDaYGjk1h9l9hlALAQhn6g/8DdqwDCLrFMttxSrIasisWksZo1Im6W7L
6Xsz1UVb8necgl0ERd3oDozrrWGHNBEDv2jjVOM4W87NLxbP8+90PRWue/cD4O8n
XGeMXoshBxiknBWKeTvaNPQdm3bT3/sYUi9Xg886QY+nbmGstiVr5ygLlmM+wY0A
29e9N7iQ/hRh564wGFZ1SEe8POEP0AqODWx8rUUpgugSRFRKbGsI51/R3eEoy+FW
BKmIy5MKU+ynw8y59r9ROQbNFKGoSG4sauqpWNDrIuujVArZapDe/ecrxgEkFMqq
tHKsOc9e6xRarvIPJuwCpMqshsEJnbgJMSsVOwQBj/DMP9XGXEBcael5So0jxeuZ
pKZKN+YLNTwfvHnptyaGbR3chP2lX94mxZZJzVquefFI2GqWB0JCTS0QQxeNcV2P
Y+2K6ZsE57KUprV6cAvHKftoxGKoXMxrEkNhsYXSr1h0DihC9gMbvqrifntR6YUh
yzTAiVhbty23qzw5NruOsnovhk/xJbYui6cMdo/CJoM/OppxNLx4OVgi3Li77ZB4
0IeIs3WNdhMpF7oKkW/GpD/bLeVNoo7c9/RZgNu+t7qGw0MN1tw+V/4OPCAmw47q
HZ+VWEm6Tny5xFtVjxQJWj2zFyW+z7NVifQewurN1AuOsgkoPAAyYA8GXlTSgVTc
jBt0yObMzSk=
=FUhx
-----END PGP SIGNATURE-----

--- End Message ---