Last commit made on 2019-04-08
Get this branch:
git clone -b ubuntu/disco-proposed https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

16757f8... by Colin Watson on 2019-04-08

Import patches-unapplied version 1:7.9p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8505d87e9de6b7ca25aee09fb94e7e44774fbcca

New changelog entries:
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
    "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
    LP: #1822370).

8505d87... by Colin Watson on 2019-03-01

Import patches-unapplied version 1:7.9p1-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 303b4f94fc255bcc5b1347ff3865af2e21418de0

New changelog entries:
  * Apply upstream patch to make scp handle shell-style brace expansions
    when checking that filenames sent by the server match what the client
    requested (closes: #923486).

303b4f9... by Colin Watson on 2019-02-28

Import patches-unapplied version 1:7.9p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7dd2e8340d2033bc5e48bee7f2c34f747b02572f

New changelog entries:
  [ Colin Watson ]
  * Apply upstream patch to fix bug in HostbasedAcceptedKeyTypes and
    PubkeyAcceptedKeyTypes options in the case where only RSA-SHA2 signature
    types were specified.
  * Apply upstream patch to request RSA-SHA2 signatures for
    rsa-sha2-{256|512}-<email address hidden> cert algorithms (closes:
  * Move moduli(5) manual page to openssh-server to go with /etc/ssh/moduli;
    forgotten in 1:7.9p1-5.
  [ Dominik George ]
  * Correctly handle conffile move to openssh-server (closes: #919344).

7dd2e83... by Colin Watson on 2019-02-26

Import patches-unapplied version 1:7.9p1-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b9e8c32db9b4845573d00cdbf12874fa2946b52c

New changelog entries:
  * Recommend "default-logind | logind | libpam-systemd" rather than just
    libpam-systemd (closes: #923199). (I've retained libpam-systemd as an
    alternative for a while to avoid backporting accidents, although it can
    be removed later.)
  * Pass "--exec /usr/sbin/sshd" to start-stop-daemon on stop as well as
    start and pass "--chuid 0:0" on start, to avoid problems with non-root
    groups leaking into the ownership of /run/sshd.pid (closes: #922365).

b9e8c32... by Colin Watson on 2019-02-08

Import patches-unapplied version 1:7.9p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7a993f6773bbf479168711bb4741cf03ef47ebb8

New changelog entries:
  * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
    snmprintf (closes: #793412).
  * CVE-2019-6111: Apply upstream patch to check in scp client that
    filenames sent during remote->local directory copies satisfy the
    wildcard specified by the user.

7a993f6... by Colin Watson on 2019-01-13

Import patches-unapplied version 1:7.9p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 0e3e68fc18496818a71306bcc41f31e7c78e7e1d

New changelog entries:
  * Move /etc/ssh/moduli to openssh-server, since it's reasonably large and
    only used by sshd (closes: #858050).
  * Drop obsolete alternate build-dependency on libssl1.0-dev (closes:
  * CVE-2018-20685: Apply upstream scp patch to disallow empty incoming
    filename or ones that refer to the current directory (closes: #919101).

0e3e68f... by Colin Watson on 2018-11-16

Import patches-unapplied version 1:7.9p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e3c55943fd149900d80148a175d611ab60ecf553

New changelog entries:
  * Fix Ubuntu detection in debian/rules, since the documentation comment
    for dpkg_vendor_derives_from is wrong (thanks, Jeremy Bicha; see

e3c5594... by Colin Watson on 2018-11-15

Import patches-unapplied version 1:7.9p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 952a6eedc615d883a5ce9d415026645be0a4c972

New changelog entries:
  * Be more specific about what files to install in openssh-tests, to avoid
    installing a symlink into the build tree.
  * Re-export debian/upstream/signing-key.asc without extra signatures.
  * Restore direct test dependencies on openssl, putty-tools, and
    python-twisted-conch; these are really only indirect dependencies via
    openssh-tests, but including them means that this package will be
    retested when they change.
  * Add GitLab CI configuration.
  * Make the autopkgtest create /run/sshd if it doesn't already exist.
  * Drop "set -x" verbosity from the autopkgtest; I think we can do without
    this in most cases nowadays.
  * Add an openssh-tests binary package containing enough files to run the
    upstream regression tests. This allows autopkgtest to run more
    efficiently, as it doesn't have to build part of the source tree again.

952a6ee... by Colin Watson on 2018-10-21

Import patches-unapplied version 1:7.9p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 968b76cadad24c8d1ec49e2fceced3e53c9fe31b

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-7.9):
    - ssh(1), sshd(8): allow most port numbers to be specified using service
      names from getservbyname(3) (typically /etc/services; closes:
    - ssh(1): allow the IdentityAgent configuration directive to accept
      environment variable names. This supports the use of multiple agent
      sockets without needing to use fixed paths.
    - sshd(8): support signalling sessions via the SSH protocol. A limited
      subset of signals is supported and only for login or command sessions
      (i.e. not subsystems) that were not subject to a forced command via
      authorized_keys or sshd_config.
    - ssh(1): support "ssh -Q sig" to list supported signature options.
      Also "ssh -Q help" to show the full set of supported queries.
    - ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and
      server configs to allow control over which signature formats are
      allowed for CAs to sign certificates. For example, this allows
      banning CAs that sign certificates using the RSA-SHA1 signature
    - sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke
      keys specified by SHA256 hash.
    - ssh-keygen(1): allow creation of key revocation lists directly from
      base64-encoded SHA256 fingerprints. This supports revoking keys using
      only the information contained in sshd(8) authentication log messages.
    - ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
      attempting to load PEM private keys while using an incorrect
    - sshd(8): when a channel closed message is received from a client,
      close the stderr file descriptor at the same time stdout is closed.
      This avoids stuck processes if they were waiting for stderr to close
      and were insensitive to stdin/out closing (closes: #844494).
    - ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
      forwarding timeout and support X11 forwarding indefinitely.
      Previously the behaviour of ForwardX11Timeout=0 was undefined.
    - sshd(8): when compiled with GSSAPI support, cache supported method
      OIDs regardless of whether GSSAPI authentication is enabled in the
      main section of sshd_config. This avoids sandbox violations if GSSAPI
      authentication was later enabled in a Match block.
    - sshd(8): do not fail closed when configured with a text key revocation
      list that contains a too-short key.
    - ssh(1): treat connections with ProxyJump specified the same as ones
      with a ProxyCommand set with regards to hostname canonicalisation
      (i.e. don't try to canonicalise the hostname unless
      CanonicalizeHostname is set to 'always').
    - ssh(1): fix regression in OpenSSH 7.8 that could prevent public-key
      authentication using certificates hosted in a ssh-agent(1) or against
      sshd(8) from OpenSSH <7.8 (LP: #1790963).
    - All: support building against the openssl-1.1 API (releases 1.1.0g and
      later). The openssl-1.0 API will remain supported at least until
      OpenSSL terminates security patch support for that API version
      (closes: #828475).
    - sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
      apparently required by some glibc/OpenSSL combinations.
  * Remove dh_builddeb override to use xz compression; this has been the
    default since dpkg 1.17.0.
  * Simplify debian/rules using /usr/share/dpkg/default.mk.
  * Remove /etc/network/if-up.d/openssh-server, as it causes more problems
    than it solves (thanks, Christian Ehrhardt, Andreas Hasenack, and David
    Britton; closes: #789532, LP: #1037738, #1674330, #1718227). Add an
    "if-up hook removed" section to README.Debian documenting the corner
    case that may need configuration adjustments.

968b76c... by Colin Watson on 2018-08-30

Import patches-unapplied version 1:7.8p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8eb0683ac4352aae1f74630d1c3887d58882ec79

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-7.8, closes:
    - ssh-keygen(1): Write OpenSSH format private keys by default instead of
      using OpenSSL's PEM format (closes: #905407). The OpenSSH format,
      supported in OpenSSH releases since 2014 and described in the
      PROTOCOL.key file in the source distribution, offers substantially
      better protection against offline password guessing and supports key
      comments in private keys. If necessary, it is possible to write old
      PEM-style keys by adding "-m PEM" to ssh-keygen's arguments when
      generating or updating a key.
    - sshd(8): Remove internal support for S/Key multiple factor
      authentication. S/Key may still be used via PAM or BSD auth.
    - ssh(1): Remove vestigial support for running ssh(1) as setuid. This
      used to be required for hostbased authentication and the (long gone)
      rhosts-style authentication, but has not been necessary for a long
      time. Attempting to execute ssh as a setuid binary, or with uid !=
      effective uid will now yield a fatal error at runtime.
    - sshd(8): The semantics of PubkeyAcceptedKeyTypes and the similar
      HostbasedAcceptedKeyTypes options have changed. These now specify
      signature algorithms that are accepted for their respective
      authentication mechanism, where previously they specified accepted key
      types. This distinction matters when using the RSA/SHA2 signature
      algorithms "rsa-sha2-256", "rsa-sha2-512" and their certificate
      counterparts. Configurations that override these options but omit
      these algorithm names may cause unexpected authentication failures (no
      action is required for configurations that accept the default for
      these options).
    - sshd(8): The precedence of session environment variables has changed.
      ~/.ssh/environment and environment="..." options in authorized_keys
      files can no longer override SSH_* variables set implicitly by sshd.
    - ssh(1)/sshd(8): The default IPQoS used by ssh/sshd has changed. They
      will now use DSCP AF21 for interactive traffic and CS1 for bulk. For
      a detailed rationale, please see the commit message:
    - ssh(1)/sshd(8): Add new signature algorithms "rsa-sha2-256-cert-
      <email address hidden>" and "<email address hidden>" to explicitly
      force use of RSA/SHA2 signatures in authentication.
    - sshd(8): Extend the PermitUserEnvironment option to accept a whitelist
      of environment variable names in addition to global "yes" or "no"
    - sshd(8): Add a PermitListen directive to sshd_config(5) and a
      corresponding permitlisten= authorized_keys option that control which
      listen addresses and port numbers may be used by remote forwarding
      (ssh -R ...).
    - sshd(8): Add some countermeasures against timing attacks used for
      account validation/enumeration. sshd will enforce a minimum time or
      each failed authentication attempt consisting of a global 5ms minimum
      plus an additional per-user 0-4ms delay derived from a host secret.
    - sshd(8): Add a SetEnv directive to allow an administrator to
      explicitly specify environment variables in sshd_config. Variables
      set by SetEnv override the default and client-specified environment.
    - ssh(1): Add a SetEnv directive to request that the server sets an
      environment variable in the session. Similar to the existing SendEnv
      option, these variables are set subject to server configuration.
    - ssh(1): Allow "SendEnv -PATTERN" to clear environment variables
      previously marked for sending to the server (closes: #573316).
    - ssh(1)/sshd(8): Make UID available as a %-expansion everywhere that
      the username is available currently.
    - ssh(1): Allow setting ProxyJump=none to disable ProxyJump
    - sshd(8): Avoid observable differences in request parsing that could be
      used to determine whether a target user is valid.
    - ssh(1)/sshd(8): Fix some memory leaks.
    - ssh(1): Fix a pwent clobber (introduced in openssh-7.7) that could
      occur during key loading, manifesting as crash on some platforms.
    - sshd_config(5): Clarify documentation for AuthenticationMethods
    - ssh(1): Ensure that the public key algorithm sent in a public key
      SSH_MSG_USERAUTH_REQUEST matches the content of the signature blob.
      Previously, these could be inconsistent when a legacy or non-OpenSSH
      ssh-agent returned a RSA/SHA1 signature when asked to make a RSA/SHA2
    - sshd(8): Fix failures to read authorized_keys caused by faulty
      supplemental group caching.
    - scp(1): Apply umask to directories, fixing potential mkdir/chmod race
      when copying directory trees.
    - ssh-keygen(1): Return correct exit code when searching for and hashing
      known_hosts entries in a single operation.
    - ssh(1): Prefer the ssh binary pointed to via argv[0] to $PATH when
      re-executing ssh for ProxyJump.
    - sshd(8): Do not ban PTY allocation when a sshd session is restricted
      because the user password is expired as it breaks password change
    - ssh(1)/sshd(8): Fix error reporting from select() failures.
    - ssh(1): Improve documentation for -w (tunnel) flag, emphasising that
      -w implicitly sets Tunnel=point-to-point.
    - ssh-agent(1): Implement EMFILE mitigation for ssh-agent. ssh-agent
      will no longer spin when its file descriptor limit is exceeded.
    - ssh(1)/sshd(8): Disable SSH2_MSG_DEBUG messages for Twisted Conch
      clients. Twisted Conch versions that lack a version number in their
      identification strings will mishandle these messages when running on
      Python 2.x (https://twistedmatrix.com/trac/ticket/9422).
    - sftp(1): Notify user immediately when underlying ssh process dies
    - ssh(1)/sshd(8): Fix tunnel forwarding; regression in 7.7 release.
    - ssh-agent(1): Don't kill ssh-agent's listening socket entirely if it
      fails to accept(2) a connection.
    - ssh(1): Add some missing options in the configuration dump output (ssh
    - sshd(8): Expose details of completed authentication to PAM auth
      modules via SSH_AUTH_INFO_0 in the PAM environment.
  * Switch debian/watch to HTTPS.
  * Temporarily work around https://twistedmatrix.com/trac/ticket/9515 in
    regression tests.