openssh_7.5p1-5_source.changes ACCEPTED into unstable
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 18 Jun 2017 12:08:42 +0100
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.5p1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 407754 797964
Changes:
openssh (1:7.5p1-5) unstable; urgency=medium
.
* Upload to unstable.
* Fix syntax error in debian/copyright.
.
openssh (1:7.5p1-4) experimental; urgency=medium
.
* Drop README.Debian section on privilege separation, as it's no longer
optional.
* Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
(LP: #1689299).
* Fix incoming compression statistics (thanks, Russell Coker; closes:
#797964).
* Relicense debian/* under a two-clause BSD licence for bidirectional
compatibility with upstream, with permission from Matthew Vernon and
others.
.
openssh (1:7.5p1-3) experimental; urgency=medium
.
* Fix debian/adjust-openssl-dependencies to account for preferring
libssl1.0-dev.
* Adjust OpenSSL dependencies for openssh-client-ssh1 too.
* Fix purge failure when /etc/ssh has already somehow been removed
(LP: #1682817).
* Ensure that /etc/ssh exists before trying to create /etc/ssh/sshd_config
(LP: #1685022).
.
openssh (1:7.5p1-2) experimental; urgency=medium
.
* Add missing header on Linux/s390.
* Fix syntax error on Linux/X32.
.
openssh (1:7.5p1-1) experimental; urgency=medium
.
* New upstream release (https://www.openssh.com/txt/release-7.5):
- SECURITY: ssh(1), sshd(8): Fix weakness in CBC padding oracle
countermeasures that allowed a variant of the attack fixed in OpenSSH
7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by
default, sshd offers them as lowest-preference options and will remove
them by default entirely in the next release.
- This release deprecates the sshd_config UsePrivilegeSeparation option,
thereby making privilege separation mandatory (closes: #407754).
- The format of several log messages emitted by the packet code has
changed to include additional information about the user and their
authentication state. Software that monitors ssh/sshd logs may need
to account for these changes.
- ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
algorithm lists, e.g. Ciphers=-*cbc.
- sshd(1): Fix NULL dereference crash when key exchange start messages
are sent out of sequence.
- ssh(1), sshd(8): Allow form-feed characters to appear in configuration
files.
- sshd(8): Fix regression in OpenSSH 7.4 support for the server-sig-algs
extension, where SHA2 RSA signature methods were not being correctly
advertised.
- ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
known_hosts processing.
- ssh(1): Allow ssh to use certificates accompanied by a private key
file but no corresponding plain *.pub public key.
- ssh(1): When updating hostkeys using the UpdateHostKeys option, accept
RSA keys if HostkeyAlgorithms contains any RSA keytype. Previously,
ssh could ignore RSA keys when only the ssh-rsa-sha2-* methods were
enabled in HostkeyAlgorithms and not the old ssh-rsa method.
- ssh(1): Detect and report excessively long configuration file lines.
- Merge a number of fixes found by Coverity and reported via Redhat and
FreeBSD. Includes fixes for some memory and file descriptor leaks in
error paths.
- ssh(1), sshd(8): When logging long messages to stderr, don't truncate
"\r\n" if the length of the message exceeds the buffer.
- ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
line; avoid confusion over IPv6 addresses and shells that treat square
bracket characters specially.
- Fix various fallout and sharp edges caused by removing SSH protocol 1
support from the server, including the server banner string being
incorrectly terminated with only \n (instead of \r\n), confusing error
messages from ssh-keyscan, and a segfault in sshd if protocol v.1 was
enabled for the client and sshd_config contained references to legacy
keys.
- ssh(1), sshd(8): Free fd_set on connection timeout.
- sftp(1): Fix division by zero crash in "df" output when server returns
zero total filesystem blocks/inodes.
- ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
encountered during key loading to more meaningful error codes.
- ssh-keygen(1): Sanitise escape sequences in key comments sent to
printf but preserve valid UTF-8 when the locale supports it.
- ssh(1), sshd(8): Return reason for port forwarding failures where
feasible rather than always "administratively prohibited".
- sshd(8): Fix deadlock when AuthorizedKeysCommand or
AuthorizedPrincipalsCommand produces a lot of output and a key is
matched early.
- ssh(1): Fix typo in ~C error message for bad port forward
cancellation.
- ssh(1): Show a useful error message when included config files can't
be opened.
- sshd_config(5): Repair accidentally-deleted mention of %k token in
AuthorizedKeysCommand.
- sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM.
- ssh-agent(1): Relax PKCS#11 whitelist to include libexec and common
32-bit compatibility library directories.
- sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
response handling.
- ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted keys.
It was not possible to delete them except by specifying their full
physical path.
- sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA
crypto coprocessor.
- sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg
inspection.
- ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that
contain non-printable characters where the codeset in use is ASCII.
Checksums-Sha1:
b04a282b907cc0626636d085cbaed106cb029ee3 2892 openssh_7.5p1-5.dsc
a840646cc73e2a944059cdaae613f8b9549678a8 158776 openssh_7.5p1-5.debian.tar.xz
a3ca5ffc61a4619c4c017bef919b9c72df884fce 13528 openssh_7.5p1-5_source.buildinfo
Checksums-Sha256:
f39775e585cb084eb5f477b5d34d143635f03398491a220513c9879b8d87a92b 2892 openssh_7.5p1-5.dsc
f23a12c7e5f2d8dabfa55e310ef7dfcbe94d15464470681ea114f022cdd842c3 158776 openssh_7.5p1-5.debian.tar.xz
656411e101d1586354ac9726d95cff5c4743c4f5f3e0a71d9fa607278d87e000 13528 openssh_7.5p1-5_source.buildinfo
Files:
a991857086599a0c65b2697e5f73ed58 2892 net standard openssh_7.5p1-5.dsc
be3034e764fb9c648fbb2023954e4878 158776 net standard openssh_7.5p1-5.debian.tar.xz
017713a31ab70964adc457d439d03106 13528 net standard openssh_7.5p1-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAllGX2EACgkQOTWH2X2G
UAsGPw//WLQOsu6QuiFCJMCzZ5m6ur4dNoDDFSobCpPeYfYcGBe6Ejb1eXKsrI1q
d9ftmP8qWfKTtUMwGyEfhfL+VGDjlY+wMYu++O6X+AvJmW/NQLg9gChcXqGjlSt9
PYlm7G/ejEMVOkm12Ay+m86Yjx5/PdMecmrBecg0e/irtprjNOVD1U1m9sb+vVOd
3Z/flmBhsq891LH7M3URTFRtk80C1jpz+EwI4jg2Hz+1eIItAf47MTi4rkRAOZbq
jz/EC4fnCCSZuIPClofhVkYiEJD25NDDMQ3lylHSyQJoNF/RNMZaUoFxsxDEBWXP
WumdQZKYX6YhDNzijQvM3C7aEBjkYNbN/XMOjq5fAG3Jdhrj28jmzM7mrfQdcREV
fgda7q1YxEoLYy+buew9kn38xGvCT4TQArWx27jv2LUX0nDqI2DieMoS0YLwHy7k
4pKgGZxznz/8vfSwNaEzhreDJTCeNTMsamqcEsQRCCrpY+gS/3pGjNY2WcCcWHyd
vsR8xjvU+tY2TrxuSDUwX6riHdO+l56U3lhzlcsiMrq3aqHJSdTifTx9OnbgN6fy
bb0zBVj1Tdr4pSwUYDZ3dJLmhVUJdyb+DTkrNfch8ns4NcY6UgRbVHIXldMe0mX/
Etv1eq0vopT+XSat6dKxqwY7dJIXkRT3ClluwN0q69ZJX8XYQj8=
=/Z34
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
Reply to: