--- Begin Message ---
Package: openssh-client
Version: 1:9.0p1-1+b2
Severity: minor
X-Debbugs-Cc: jesse@mbuki-mvuki.org
Dear Maintainer,
I needed to rcp a file to a legacy system, to my surprise it at first
appeared that rcp was installed, but my invocation failed. After some
investigation I found that scp was symlinked as an alternative to rcp.
>From reading the manpage I was unable to discern a way to have scp
perform a classic rcp transfer. If scp cannot perform an rcp transfer,
should it be symlinked to /etc/alternatives/rcp?
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.0.0-1-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-client depends on:
ii adduser 3.129
ii dpkg 1.21.9+b1
ii libc6 2.36-4
ii libedit2 3.1-20221030-1
ii libfido2-1 1.12.0-1
ii libgssapi-krb5-2 1.20-1+b1
ii libselinux1 3.4-1+b2
ii libssl3 3.0.7-1
ii passwd 1:4.12.3+dfsg1-3
ii zlib1g 1:1.2.13.dfsg-1
Versions of packages openssh-client recommends:
ii xauth 1:1.1.1-1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
pn ssh-askpass <none>
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:9.1p1-1
Done: Colin Watson <cjwatson@debian.org>
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 197037@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 14 Nov 2022 16:25:45 +0000
Source: openssh
Architecture: source
Version: 1:9.1p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 197037 1016340 1021585
Changes:
openssh (1:9.1p1-1) unstable; urgency=medium
.
[ Markus Teich ]
* Delete obsolete upstart configuration override.
.
[ Colin Watson ]
* Work around apparent dh-exec regressions (closes: #1016340).
* Don't install unnecessary *.lo files in openssh-tests.
* Update Lintian overrides to current syntax.
* Pass on compiler/linker flags when building debian/keygen-test.
* Remove obsolete and misleading rcp/rlogin/rsh alternatives, and stop
providing rsh-client (closes: #197037).
* Add sshd_config checksums for 1:8.2p1-1 and 1:8.7p1-1 to ucf reference
file.
* New upstream release (https://www.openssh.com/releasenotes.html#9.1p1,
closes: #1021585):
- ssh-keyscan(1): fix a one-byte overflow in SSH- banner processing.
- ssh-keygen(1): double free() in error path of file hashing step in
signing/verify code.
- ssh-keysign(8): double-free in error path introduced in openssh-8.9.
- ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config are
now first-match-wins to match other directives. Previously if an
environment variable was multiply specified the last set value would
have been used.
- ssh-keygen(8): ssh-keygen -A (generate all default host key types)
will no longer generate DSA keys, as these are insecure and have not
been used by default for some years.
- ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum RSA
key length. Keys below this length will be ignored for user
authentication and for host authentication in sshd(8). ssh(1) will
terminate a connection if the server offers an RSA key that falls
below this limit, as the SSH protocol does not include the ability to
retry a failed key exchange.
- sftp-server(8): add a "users-groups-by-id@openssh.com" extension
request that allows the client to obtain user/group names that
correspond to a set of uids/gids.
- sftp(1): use "users-groups-by-id@openssh.com" sftp-server extension
(when available) to fill in user/group names for directory listings.
- sftp-server(8): support the "home-directory" extension request defined
in draft-ietf-secsh-filexfer-extensions-00. This overlaps a bit with
the existing "expand-path@openssh.com", but some other clients support
it.
- ssh-keygen(1), sshd(8): allow certificate validity intervals, sshsig
verification times and authorized_keys expiry-time options to accept
dates in the UTC time zone in addition to the default of interpreting
them in the system time zone. YYYYMMDD and YYMMDDHHMM[SS] dates/times
will be interpreted as UTC if suffixed with a 'Z' character. Also
allow certificate validity intervals to be specified in raw
seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This is
intended for use by regress tests and other tools that call ssh-keygen
as part of a CA workflow.
- sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
"/usr/libexec/sftp-server -el debug3".
- ssh-keygen(1): allow the existing -U (use agent) flag to work with "-Y
sign" operations, where it will be interpreted to require that the
private keys is hosted in an agent.
- ssh-keygen(1): implement the "verify-required" certificate option.
This was already documented when support for user-verified FIDO keys
was added, but the ssh-keygen(1) code was missing.
- ssh-agent(1): hook up the restrict_websafe command-line flag;
previously the flag was accepted but never actually used.
- sftp(1): improve filename tab completions: never try to complete names
to non-existent commands, and better match the completion type (local
or remote filename) against the argument position being completed.
- ssh-keygen(1), ssh(1), ssh-agent(1): several fixes to FIDO key
handling, especially relating to keys that request user-verification.
These should reduce the number of unnecessary PIN prompts for keys
that support intrinsic user verification.
- ssh-keygen(1): when enrolling a FIDO resident key, check if a
credential with matching application and user ID strings already
exists and, if so, prompt the user for confirmation before overwriting
the credential.
- sshd(8): improve logging of errors when opening authorized_keys files.
- ssh(1): avoid multiplexing operations that could cause SIGPIPE from
causing the client to exit early.
- ssh_config(5), sshd_config(5): clarify that the RekeyLimit directive
applies to both transmitted and received data.
- ssh-keygen(1): avoid double fclose() in error path.
- sshd(8): log an error if pipe() fails while accepting a connection.
- ssh-keyscan(1): add missing *-sk types to ssh-keyscan manpage.
- sshd(8): ensure that authentication passwords are cleared from memory
in error paths.
- ssh(1), ssh-agent(1): avoid possibility of notifier code executing
kill(-1).
- ssh_config(5): note that the ProxyJump directive also accepts the same
tokens as ProxyCommand.
- scp(1): do not ftruncate(3) files early when in sftp mode. The
previous behaviour of unconditionally truncating the destination file
would cause "scp ~/foo localhost:foo" and the reverse "scp
localhost:foo ~/foo" to delete all the contents of their destination.
- ssh-keygen(1): improve error message when 'ssh-keygen -Y sign' is
unable to load a private key.
- sftp(1), scp(1): when performing operations that glob(3) a remote
path, ensure that the implicit working directory used to construct
that path escapes glob(3) characters. This prevents glob characters
from being processed in places they shouldn't, e.g. "cd /tmp/a*/",
"get *.txt" should have the get operation treat the path "/tmp/a*"
literally and not attempt to expand it (LP: #1483751).
- ssh(1), sshd(8): be stricter in which characters will be accepted in
specifying a mask length; allow only 0-9.
- ssh-keygen(1): avoid printing hash algorithm twice when dumping a KRL.
- ssh(1), sshd(8): continue running local I/O for open channels during
SSH transport rekeying. This should make ~-escapes work in the client
(e.g. to exit) if the connection happened to have stalled during a
rekey event.
- ssh(1), sshd(8): avoid potential poll() spin during rekeying.
- Further hardening for sshbuf internals: disallow "reparenting" a
hierarchical sshbuf and zero the entire buffer if reallocation fails.
- sshd(8): add AUDIT_ARCH_PPC to supported seccomp sandbox
architectures.
* Drop patch to work around https://twistedmatrix.com/trac/ticket/9765,
since the fix for that is in Debian testing.
* Rewrite gnome-ssh-askpass(1) manual page using mdoc macros, and flesh it
out a bit more.
.
[ Steve Langasek ]
* Support systemd socket activation. Migrate any existing inetd-style
socket activation to systemd socket activation.
.
[ Gioele Barabucci ]
* Remove ancient version constraints.
* d/openssh-server.{postinst,config}: get_config_option: Replace perl with
sed.
Checksums-Sha1:
3d09519333c37fc37e447ab2211f880099db487a 3311 openssh_9.1p1-1.dsc
15545440268967511d3194ebf20bcd0c7ff3fcc9 1838747 openssh_9.1p1.orig.tar.gz
739873beca6afe4163d79a2168dbe7d313dbce39 833 openssh_9.1p1.orig.tar.gz.asc
e04988d8ebc3e51dd57438359123cfaec4ebb505 179584 openssh_9.1p1-1.debian.tar.xz
Checksums-Sha256:
66cecc01833154ecc84909a16b947e66b800935b58d33c11c45fe84a3026e8af 3311 openssh_9.1p1-1.dsc
19f85009c7e3e23787f0236fbb1578392ab4d4bf9f8ec5fe6bc1cd7e8bfdd288 1838747 openssh_9.1p1.orig.tar.gz
abac4673e0862604ab1f69a4597d191940c0cf58679dc5fc81fbdbd8b28ca267 833 openssh_9.1p1.orig.tar.gz.asc
a6ffc0939c91d636ef4fe6514295de63ac57280a1c2fd207e9914c5618648d0d 179584 openssh_9.1p1-1.debian.tar.xz
Files:
8bdfe7169b837f30f4a27d44e9bc6086 3311 net standard openssh_9.1p1-1.dsc
471912038124285c96918882ee190a22 1838747 net standard openssh_9.1p1.orig.tar.gz
e7e81a9eb2de83e00509ad97aa71f36c 833 net standard openssh_9.1p1.orig.tar.gz.asc
092d3782dab1f39ef4b668a263b70e48 179584 net standard openssh_9.1p1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmNybs0ACgkQOTWH2X2G
UAualw//ZCjlVdmo1lWSXrd81sRy8iGBZq0/eUL9cOOriwuBfpXGmAH3eK7I8kEo
JanY1P5oNmyFE/cpprBq5/fZprL/U/OHSoihMuNDIsWQljP9sIXtlKrSlAPcw4w8
M1WRtXcLCJMjefJV4NeKkmgnrJ7eqQUDDvNFtm/v5jAQsqZ583DNWncgBQn6F+kz
QQ15kWL9AsOn1Ok1LEz93h3Gai2TanbXQDKrbPKEv1CN7PWP12afU/cH3FPwqseO
j1oM+HyV9ABJZVupxwZDSzehdE/7462t1vKc58ZpO5ppFkxPkC3+ADY81PtWzZBN
l3gHB5QA+ROfTXJFLZ0GFRgcHGmxJJTOwlm9B93cEGSVOvXvwYwz7HwpBGfrT2As
XWlPf/Rqj7Je/VZh79Aqdd8rz3mPTEO2tQDEgT78qduAkj+CPDuan6yavoarYoi5
Pl/z1p5HXJIpEips0sqcMgSRjyFg/XFGjtQ/hsGy1z1rVzod9CdD8O9Du6NZeC8L
KJLPJeDihoOj5ktzO+WgCMbV7D8cRJEspznHai+eBnKaIKpZkoi9BC/iXqfMc3/V
XUdI33xzv33Iv2w2z6nyYZTpWVLt/QNRN8WeZx7TO7aWGJ7OF8XIRmEw6QWmvzzq
LXXHJQt/N8vcpYVjBqBw5mU2AC2i28qWb+jmnjuObx+8VzKEYHE=
=ol9e
-----END PGP SIGNATURE-----
--- End Message ---