Last commit made on 2019-03-04
Get this branch:
git clone -b ubuntu/bionic-updates https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

9843383... by Marc Deslauriers on 2019-03-04

Import patches-unapplied version 1:7.6p1-4ubuntu0.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d33d1e6b1fb50bab7d7458acb8105bcd529ed7c1

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous

d33d1e6... by Marc Deslauriers on 2019-01-31

Import patches-unapplied version 1:7.6p1-4ubuntu0.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a68214c9e9469639c28d396ff88f6b1471772077

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

a68214c... by Leonidas S. Barbosa on 2018-11-05

Import patches-unapplied version 1:7.6p1-4ubuntu0.1 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: 7534b10e32e17a4d01859dbda72f282ded065700

New changelog entries:
  [ Ryan Finnie ]
  * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
    - debian/patches/CVE-2018-15473.patch: delay bailout for invalid
      authenticating user until after the packet containing the request
      has been fully parsed.
    - CVE-2018-15473

7534b10... by Colin Watson on 2018-02-10

Import patches-unapplied version 1:7.6p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2c6c36a53248355c46609e8c5cbb431c83542d9

New changelog entries:
  * Move VCS to salsa.debian.org.
  * Add a preseeding-only openssh-server/password-authentication debconf
    template that can be used to disable password authentication (closes:

f2c6c36... by Colin Watson on 2018-01-16

Import patches-unapplied version 1:7.6p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cd4c51854e4ddae4296398eadca6f712435f57a8

New changelog entries:
  [ Colin Watson ]
  * Remove the decade-old ssh-krb5 transitional package; upgrades of
    openssh-server will preserve existing configuration, and new
    installations should just enable GSSAPIAuthentication and
    GSSAPIKeyExchange in sshd_config (closes: #878626).
  * Support the "noudeb" build profile.
  * Fix putty-transfer regression test.
  [ Anders Kaseorg ]
  * debian/systemd/ssh-agent.service: Add missing dbus dependency.
  [ Jason Duerstock ]
  * Add a "pkg.openssh.nognome" build profile, which disables building the
    ssh-askpass-gnome binary package and avoids the build-dependency on
    libgtk-3-dev (closes: #883819).

cd4c518... by Colin Watson on 2017-10-07

Import patches-unapplied version 1:7.6p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6a1228094f396edcdfd9cc2ff8dad19a1bd634d

New changelog entries:
  * Apply upstream patch to fix PermitOpen argument handling.

d6a1228... by Colin Watson on 2017-10-06

Import patches-unapplied version 1:7.6p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-7.6):
    - SECURITY: sftp-server(8): In read-only mode, sftp-server was
      incorrectly permitting creation of zero-length files. Reported by
      Michal Zalewski.
    - ssh(1): Delete SSH protocol version 1 support, associated
      configuration options and documentation (LP: #1584321).
    - ssh(1)/sshd(8): Remove support for the hmac-ripemd160 MAC.
    - ssh(1)/sshd(8): Remove support for the arcfour, blowfish and CAST
    - Refuse RSA keys <1024 bits in length and improve reporting for keys
      that do not meet this requirement.
    - ssh(1): Do not offer CBC ciphers by default.
    - ssh(1): Add RemoteCommand option to specify a command in the ssh
      config file instead of giving it on the client's command line. This
      allows the configuration file to specify the command that will be
      executed on the remote host.
    - sshd(8): Add ExposeAuthInfo option that enables writing details of the
      authentication methods used (including public keys where applicable)
      to a file that is exposed via a $SSH_USER_AUTH environment variable in
      the subsequent session.
    - ssh(1): Add support for reverse dynamic forwarding. In this mode, ssh
      will act as a SOCKS4/5 proxy and forward connections to destinations
      requested by the remote SOCKS client. This mode is requested using
      extended syntax for the -R and RemoteForward options and, because it
      is implemented solely at the client, does not require the server be
      updated to be supported.
    - sshd(8): Allow LogLevel directive in sshd_config Match blocks.
    - ssh-keygen(1): Allow inclusion of arbitrary string or flag certificate
      extensions and critical options.
    - ssh-keygen(1): Allow ssh-keygen to use a key held in ssh-agent as a CA
      when signing certificates.
    - ssh(1)/sshd(8): Allow IPQoS=none in ssh/sshd to not set an explicit
      ToS/DSCP value and just use the operating system default.
    - ssh-add(1): Add -q option to make ssh-add quiet on success.
    - ssh(1): Expand the StrictHostKeyChecking option with two new settings.
      The first "accept-new" will automatically accept hitherto-unseen keys
      but will refuse connections for changed or invalid hostkeys. This is
      a safer subset of the current behaviour of StrictHostKeyChecking=no.
      The second setting "off", is a synonym for the current behaviour of
      StrictHostKeyChecking=no: accept new host keys, and continue
      connection for hosts with incorrect hostkeys. A future release will
      change the meaning of StrictHostKeyChecking=no to the behaviour of
    - ssh(1): Add SyslogFacility option to ssh(1) matching the equivalent
      option in sshd(8).
    - ssh(1): Use HostKeyAlias if specified instead of hostname for matching
      host certificate principal names.
    - sftp(1): Implement sorting for globbed ls.
    - ssh(1): Add a user@host prefix to client's "Permission denied"
      messages, useful in particular when using "stacked" connections (e.g.
      ssh -J) where it's not clear which host is denying.
    - ssh(1): Accept unknown EXT_INFO extension values that contain \0
      characters. These are legal, but would previously cause fatal
      connection errors if received.
    - sftp(1): Print '?' instead of incorrect link count (that the protocol
      doesn't provide) for remote listings.
    - ssh(1): Return failure rather than fatal() for more cases during
      session multiplexing negotiations. Causes the session to fall back to
      a non-mux connection if they occur.
    - ssh(1): Mention that the server may send debug messages to explain
      public key authentication problems under some circumstances.
    - Translate OpenSSL error codes to better report incorrect passphrase
      errors when loading private keys.
    - sshd(8): Adjust compatibility patterns for WinSCP to correctly
      identify versions that implement only the legacy DH group exchange
      scheme (closes: #877800).
    - ssh(1): Print the "Killed by signal 1" message only at LogLevel
      verbose so that it is not shown at the default level; prevents it from
      appearing during ssh -J and equivalent ProxyCommand configs.
    - ssh-keygen(1): When generating all hostkeys (ssh-keygen -A), clobber
      existing keys if they exist but are zero length. Zero-length keys
      could previously be made if ssh-keygen failed or was interrupted part
      way through generating them.
    - ssh-keyscan(1): Avoid double-close() on file descriptors.
    - sshd(8): Avoid reliance on shared use of pointers shared between
      monitor and child sshd processes.
    - sshd_config(8): Document available AuthenticationMethods.
    - ssh(1): Avoid truncation in some login prompts.
    - ssh(1): Make "--" before the hostname terminate argument processing
      after the hostname too (closes: #873201).
    - ssh-keygen(1): Switch from aes256-cbc to aes256-ctr for encrypting
      new-style private keys.
    - ssh(1): Warn and do not attempt to use keys when the public and
      private halves do not match.
    - sftp(1): Don't print verbose error message when ssh disconnects from
      under sftp.
    - sshd(8): Fix keepalive scheduling problem: prevent activity on a
      forwarded port from preventing the keepalive from being sent.
    - sshd(8): When started without root privileges, don't require the
      privilege separation user or path to exist.
    - ssh(1)/sshd(8): Correctness fix for channels implementation: accept
      channel IDs greater than 0x7FFFFFFF.
    - sshd(8): Expose list of completed authentication methods to PAM via
      the SSH_AUTH_INFO_0 PAM environment variable.
    - ssh(1)/sshd(8): Fix several problems in the tun/tap forwarding code,
      mostly to do with host/network byte order confusion.
    - sshd(8): Avoid Linux seccomp violations on ppc64le over the socketcall
  * Build-depend on debhelper (>= 9.20160709~) rather than dh-systemd.
  * Change priorities of ssh and ssh-krb5 binary packages to optional, since
    "Priority: extra" is now deprecated.
  * Use HTTPS form of copyright-format URL.
  * Adjust "Running sshd from inittab" instructions in README.Debian to
    recommend using service(8) rather than calling the init script directly.
  * Policy version 4.1.0.
  * Adjust "Per-connection sshd instances with systemd" instructions in
    README.Debian to recommend using a drop-in file rather than copying and
    modifying the ssh.socket unit file.

c931f60... by Colin Watson on 2017-09-01

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

b1b5c75... by Colin Watson on 2017-08-31

Import patches-unapplied version 1:7.5p1-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9ddc3c0fdaec4a3053cea97a23183386bea43f94

New changelog entries:
  * Run debian/tests/regress with "set -x".
  * Run haveged without "-w 1024", as setting the low water mark doesn't
    seem possible in all autopkgtest virtualisation environments.

9ddc3c0... by Colin Watson on 2017-08-28

Import patches-unapplied version 1:7.5p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9179f1e1ff1644216c75f109699e442babaa2e09

New changelog entries:
  * Drop openssh-client-ssh1, now built by a separate source package.
  * Run haveged during autopkgtests to ensure that they have enough entropy
    for key generation (LP: #1712921).
  * Apply patches from https://bugzilla.mindrot.org/show_bug.cgi?id=2752 to
    allow some extra syscalls for crypto cards on s390x (LP: #1686618).