Last commit made on 2019-03-04
Get this branch:
git clone -b ubuntu/cosmic-security https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

fddb12c... by Marc Deslauriers on 2019-03-04

Import patches-unapplied version 1:7.7p1-4ubuntu0.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4dd05ffa0728664f1698c61ab4999e853909b395

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous

4dd05ff... by Marc Deslauriers on 2019-01-31

Import patches-unapplied version 1:7.7p1-4ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 504956393df5eaa1b1547af1993db23bf6955180

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

5049563... by Karl Stenerud on 2018-11-07

Import patches-unapplied version 1:7.7p1-4ubuntu0.1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 917f739deb27c6440777c8330cfeeb46307775ec

917f739... by Karl Stenerud on 2018-11-08


5f40f38... by Karl Stenerud on 2018-11-08

  * debian/patches/fix-broken-tunnel-forwarding.patch: Fix tunnel forwarding
    broken in 7.7p1. Thanks to Damien Miller <email address hidden>. (LP: #1801128)

8eb0683... by Colin Watson on 2018-08-17

Import patches-unapplied version 1:7.7p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ae80699317094c1deba08dfc4c3b21322b9567e6

New changelog entries:
  * Apply upstream patch to delay bailout for invalid authenticating user
    until after the packet containing the request has been fully parsed
    (closes: #906236).

ae80699... by Colin Watson on 2018-07-10

Import patches-unapplied version 1:7.7p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5e7893cb0e858fee98bcc5e9fde82c5ab60edf34

New changelog entries:
  [ Colin Watson ]
  * Adjust git-dpm tagging configuration.
  * Remove no-longer-used Lintian overrides from openssh-server and ssh.
  * Add Documentation keys to ssh-agent.service, ssh.service, and
  [ Juri Grabowski ]
  * Add rescue.target with ssh support.
  [ Christian Ehrhardt ]
  * Fix unintentional restriction of authorized keys environment options
    to be alphanumeric (closes: #903474, LP: #1771011).

5e7893c... by Colin Watson on 2018-04-03

Import patches-unapplied version 1:7.7p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1b4ea33f07c69a000ae0cd423b152caa95dbe965

New changelog entries:
  * Fix parsing of DebianBanner option (closes: #894730).

1b4ea33... by Colin Watson on 2018-04-03

Import patches-unapplied version 1:7.7p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a2553f9afcc1c96e1ac72bf09c510e41fee40f2b

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-7.7):
    - ssh(1)/sshd(8): Drop compatibility support for some very old SSH
      implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
      versions were all released in or before 2001 and predate the final SSH
      RFCs. The support in question isn't necessary for RFC-compliant SSH
    - Add experimental support for PQC XMSS keys (Extended Hash-Based
    - sshd(8): Add an "rdomain" criterion for the sshd_config Match keyword
      to allow conditional configuration that depends on which routing
      domain a connection was received on.
    - sshd_config(5): Add an optional rdomain qualifier to the ListenAddress
      directive to allow listening on different routing domains.
    - sshd(8): Add "expiry-time" option for authorized_keys files to allow
      for expiring keys.
    - ssh(1): Add a BindInterface option to allow binding the outgoing
      connection to an interface's address (basically a more usable
      BindAddress; closes: #289592).
    - ssh(1): Expose device allocated for tun/tap forwarding via a new %T
      expansion for LocalCommand. This allows LocalCommand to be used to
      prepare the interface.
    - sshd(8): Expose the device allocated for tun/tap forwarding via a new
      SSH_TUNNEL environment variable. This allows automatic setup of the
      interface and surrounding network configuration automatically on the
    - ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
      ssh://user@host or sftp://user@host/path. Additional connection
      parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
      implemented since the ssh fingerprint format in the draft uses the
      deprecated MD5 hash with no way to specify any other algorithm.
    - ssh-keygen(1): Allow certificate validity intervals that specify only
      a start or stop time (instead of both or neither).
    - sftp(1): Allow "cd" and "lcd" commands with no explicit path argument.
      lcd will change to the local user's home directory as usual. cd will
      change to the starting directory for session (because the protocol
      offers no way to obtain the remote user's home directory).
    - sshd(8): When doing a config test with sshd -T, only require the
      attributes that are actually used in Match criteria rather than (an
      incomplete list of) all criteria.
    - ssh(1)/sshd(8): More strictly check signature types during key
      exchange against what was negotiated. Prevents downgrade of RSA
      signatures made with SHA-256/512 to SHA-1.
    - sshd(8): Fix support for client that advertise a protocol version of
      "1.99" (indicating that they are prepared to accept both SSHv1 and
      SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
    - ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when a
      rsa-sha2-256/512 signature was requested. This condition is possible
      when an old or non-OpenSSH agent is in use.
    - ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
      to fatally exit if presented an invalid signature request message.
    - sshd_config(5): Accept yes/no flag options case-insensitively, as has
      been the case in ssh_config(5) for a long time (LP: #1656557).
    - ssh(1): Improve error reporting for failures during connection. Under
      some circumstances misleading errors were being shown.
    - ssh-keyscan(1): Add -D option to allow printing of results directly in
      SSHFP format.
    - ssh(1): Compatibility fix for some servers that erroneously drop the
      connection when the IUTF8 (RFC8160) option is sent.
    - scp(1): Disable RemoteCommand and RequestTTY in the ssh session
      started by scp (sftp was already doing this).
    - ssh-keygen(1): Refuse to create a certificate with an unusable number
      of principals.
    - ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
      public key during key generation. Previously it would silently ignore
      errors writing the comment and terminating newline.
    - ssh(1): Do not modify hostname arguments that are addresses by
      automatically forcing them to lower-case. Instead canonicalise them
      jo resolve ambiguities (e.g. ::0001 => ::1) before they are matched
      against known_hosts.
    - ssh(1): Don't accept junk after "yes" or "no" responses to hostkey
    - sftp(1): Have sftp print a warning about shell cleanliness when
      decoding the first packet fails, which is usually caused by shells
      polluting stdout of non-interactive startups.
    - ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
      time to monotonic time, allowing the packet layer to better function
      over a clock step and avoiding possible integer overflows during
    - sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
      sandbox violations on some environments.
    - Build and link with "retpoline" flags when available to mitigate the
      "branch target injection" style (variant 2) of the Spectre
      branch-prediction vulnerability.

a2553f9... by Colin Watson on 2018-04-01

Import patches-unapplied version 1:7.6p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7534b10e32e17a4d01859dbda72f282ded065700

New changelog entries:
  * Explicitly build-depend on pkg-config, rather than implicitly
    build-depending on it via libgtk-3-dev (thanks, Aurelien Jarno; closes: