ubuntu/+source/openssh:ubuntu/wily-security

Last commit made on 2016-05-09
Get this branch:
git clone -b ubuntu/wily-security https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/wily-security
Repository:
lp:ubuntu/+source/openssh

Recent commits

cf9a5d6... by Marc Deslauriers on 2016-05-05

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

af04046... by Marc Deslauriers on 2016-01-13

Import patches-unapplied version 1:6.9p1-2ubuntu0.1 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 0de8ba0e66ae32a766621578e73e7560447021fe

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

0de8ba0... by Colin Watson on 2015-09-10

Import patches-unapplied version 1:6.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6420725be6749fe2f8b0eed37cbd862f3aff6a6

New changelog entries:
  [ Colin Watson ]
  * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
    invocation onto a separate line to make it easier to copy and paste
    (LP: #1491532).
  [ Tyler Hicks ]
  * Build with audit support on Linux (closes: #797727, LP: #1478087).

d642072... by Colin Watson on 2015-08-20

Import patches-unapplied version 1:6.9p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7e2cfb24a623b69859ae50a8ab2bb6641f76e716

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-6.8):
    - sshd(8): UseDNS now defaults to 'no'. Configurations that match
      against the client host name (via sshd_config or authorized_keys) may
      need to re-enable it or convert to matching against addresses.
    - Add FingerprintHash option to ssh(1) and sshd(8), and equivalent
      command-line flags to the other tools to control algorithm used for
      key fingerprints. The default changes from MD5 to SHA256 and format
      from hex to base64.
      Fingerprints now have the hash algorithm prepended. An example of the
      new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE
      Please note that visual host keys will also be different.
    - ssh(1), sshd(8): Experimental host key rotation support. Add a
      protocol extension for a server to inform a client of all its
      available host keys after authentication has completed. The client
      may record the keys in known_hosts, allowing it to upgrade to better
      host key algorithms and a server to gracefully rotate its keys.
      The client side of this is controlled by a UpdateHostkeys config
      option (default off).
    - ssh(1): Add a ssh_config HostbasedKeyType option to control which host
      public key types are tried during host-based authentication.
    - ssh(1), sshd(8): Fix connection-killing host key mismatch errors when
      sshd offers multiple ECDSA keys of different lengths.
    - ssh(1): When host name canonicalisation is enabled, try to parse host
      names as addresses before looking them up for canonicalisation. Fixes
      bz#2074 and avoids needless DNS lookups in some cases.
    - ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
      authentication.
    - sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
      Bleichenbacher Side Channel Attack. Fake up a bignum key before RSA
      decryption.
    - sshd(8): Remember which public keys have been used for authentication
      and refuse to accept previously-used keys. This allows
      AuthenticationMethods=publickey,publickey to require that users
      authenticate using two _different_ public keys.
    - sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
      PubkeyAcceptedKeyTypes options to allow sshd to control what public
      key types will be accepted (closes: #481133). Currently defaults to
      all.
    - sshd(8): Don't count partial authentication success as a failure
      against MaxAuthTries.
    - ssh(1): Add RevokedHostKeys option for the client to allow text-file
      or KRL-based revocation of host keys.
    - ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates by serial
      number or key ID without scoping to a particular CA.
    - ssh(1): Add a "Match canonical" criteria that allows ssh_config Match
      blocks to trigger only in the second config pass.
    - ssh(1): Add a -G option to ssh that causes it to parse its
      configuration and dump the result to stdout, similar to "sshd -T".
    - ssh(1): Allow Match criteria to be negated. E.g. "Match !host".
    - ssh-keyscan(1): ssh-keyscan has been made much more robust against
      servers that hang or violate the SSH protocol (closes: #241119).
    - ssh(1), ssh-keygen(1): Fix regression bz#2306: Key path names were
      being lost as comment fields (closes: #787776).
    - ssh(1): Allow ssh_config Port options set in the second config parse
      phase to be applied (they were being ignored; closes: #774369).
    - ssh(1): Tweak config re-parsing with host canonicalisation - make the
      second pass through the config files always run when host name
      canonicalisation is enabled (and not whenever the host name changes)
    - ssh(1): Fix passing of wildcard forward bind addresses when connection
      multiplexing is in use.
    - ssh-keygen(1): Fix broken private key conversion from non-OpenSSH
      formats.
    - ssh-keygen(1): Fix KRL generation bug when multiple CAs are in use.
  * New upstream release (http://www.openssh.com/txt/release-6.9):
    - CVE-2015-5352: ssh(1): When forwarding X11 connections with
      ForwardX11Trusted=no, connections made after ForwardX11Timeout expired
      could be permitted and no longer subject to XSECURITY restrictions
      because of an ineffective timeout check in ssh(1) coupled with "fail
      open" behaviour in the X11 server when clients attempted connections
      with expired credentials (closes: #790798). This problem was reported
      by Jann Horn.
    - SECURITY: ssh-agent(1): Fix weakness of agent locking (ssh-add -x) to
      password guessing by implementing an increasing failure delay, storing
      a salted hash of the password rather than the password itself and
      using a timing-safe comparison function for verifying unlock attempts.
      This problem was reported by Ryan Castellucci.
    - sshd(8): Support admin-specified arguments to AuthorizedKeysCommand
      (closes: #740494).
    - sshd(8): Add AuthorizedPrincipalsCommand that allows retrieving
      authorized principals information from a subprocess rather than a
      file.
    - ssh(1), ssh-add(1): Support PKCS#11 devices with external PIN entry
      devices.
    - ssh-keygen(1): Support "ssh-keygen -lF hostname" to search known_hosts
      and print key hashes rather than full keys.
    - ssh-agent(1): Add -D flag to leave ssh-agent in foreground without
      enabling debug mode.
    - ssh(1), sshd(8): Deprecate legacy SSH2_MSG_KEX_DH_GEX_REQUEST_OLD
      message and do not try to use it against some 3rd-party SSH
      implementations that use it (older PuTTY, WinSCP).
    - ssh(1), sshd(8): Cap DH-GEX group size at 4Kbits for Cisco
      implementations as some would fail when attempting to use group sizes
      >4K (closes: #740307, LP: #1287222).
    - ssh(1): Fix out-of-bound read in EscapeChar configuration option
      parsing.
    - sshd(8): Fix application of PermitTunnel, LoginGraceTime,
      AuthenticationMethods and StreamLocalBindMask options in Match blocks.
    - ssh(1), sshd(8): Improve disconnection message on TCP reset.
    - ssh(1): Remove failed remote forwards established by multiplexing from
      the list of active forwards.
    - sshd(8): Make parsing of authorized_keys "environment=" options
      independent of PermitUserEnv being enabled.
    - sshd(8): Fix post-auth crash with permitopen=none (closes: #778807).
    - ssh(1), ssh-add(1), ssh-keygen(1): Allow new-format private keys to be
      encrypted with AEAD ciphers.
    - ssh(1): Allow ListenAddress, Port and AddressFamily configuration
      options to appear in any order.
    - sshd(8): Check for and reject missing arguments for VersionAddendum
      and ForceCommand.
    - ssh(1), sshd(8): Don't treat unknown certificate extensions as fatal.
    - ssh-keygen(1): Make stdout and stderr output consistent.
    - ssh(1): Mention missing DISPLAY environment in debug log when X11
      forwarding requested.
    - sshd(8): Correctly record login when UseLogin is set.
    - sshd(8): Add some missing options to sshd -T output and fix output of
      VersionAddendum and HostCertificate.
    - Document and improve consistency of options that accept a "none"
      argument: TrustedUserCAKeys, RevokedKeys, AuthorizedPrincipalsFile.
    - ssh(1): Include remote username in debug output.
    - sshd(8): Avoid compatibility problem with some versions of Tera Term,
      which would crash when they received the hostkeys notification message
      (<email address hidden>).
    - sshd(8): Mention ssh-keygen -E as useful when comparing legacy MD5
      host key fingerprints.
    - ssh(1): Clarify pseudo-terminal request behaviour and make manual
      language consistent.
    - ssh(1): Document that the TERM environment variable is not subject to
      SendEnv and AcceptEnv; bz#2386
    - sshd(8): Format UsePAM setting when using sshd -T (closes: #767648).
    - moduli(5): Update DH-GEX moduli (closes: #787037).
  * There are some things I want to fix before upgrading to 7.0p1, though I
    intend to do that soon. In the meantime, backport some patches, mainly
    to fix security issues:
    - SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
      world-writable. Local attackers may be able to write arbitrary
      messages to logged-in users, including terminal escape sequences.
      Reported by Nikolay Edigaryev.
    - SECURITY: sshd(8): Fixed a privilege separation weakness related to
      PAM support. Attackers who could successfully compromise the
      pre-authentication process for remote code execution and who had valid
      credentials on the host could impersonate other users. Reported by
      Moritz Jodeit.
    - SECURITY: sshd(8): Fixed a use-after-free bug related to PAM support
      that was reachable by attackers who could compromise the
      pre-authentication process for remote code execution (closes:
      #795711). Also reported by Moritz Jodeit.
    - CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using
      keyboard-interactive authentication (closes: #793616). By specifying
      a long, repeating keyboard-interactive "devices" string, an attacker
      could request the same authentication method be tried thousands of
      times in a single pass. The LoginGraceTime timeout in sshd(8) and any
      authentication failure delays implemented by the authentication
      mechanism itself were still applied. Found by Kingcope.
    - Let principals-command.sh work for noexec /var/run.
  * Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the
    GSSAPI key exchange patch.
  * Document the Debian-specific change to the default value of
    ForwardX11Trusted in ssh(1) (closes: #781469).

7e2cfb2... by Colin Watson on 2015-04-19

Import patches-unapplied version 1:6.7p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  [ Martin Pitt ]
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments
    to not apply to fresh installs.

05f02a8... by Colin Watson on 2015-03-22

Import patches-unapplied version 1:6.7p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b36aac0040cc4639ecad0701395076a3aacc6967

New changelog entries:
  * Revert change from previous upload, which causes far more trouble than
    it is worth (closes: #780797):
    - Send/accept only specific known LC_* variables, rather than using a
      wildcard.
  * Add a NEWS.Debian entry documenting this reversion, as it is too
    difficult to undo the sshd_config change automatically without
    compounding the problem of (arguably) overwriting user configuration.

b36aac0... by Colin Watson on 2015-03-18

Import patches-unapplied version 1:6.7p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 74206475ba89b331fc857eaa47ab92b37c7b6651

New changelog entries:
  * Send/accept only specific known LC_* variables, rather than using a
    wildcard (closes: #765633).
  * Document interactions between ListenAddress/Port and ssh.socket in
    README.Debian (closes: #764842).
  * Debconf translations:
    - Brazilian Portuguese (thanks, José de Figueiredo; closes: #771859).

7420647... by Colin Watson on 2014-11-03

Import patches-unapplied version 1:6.7p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6343ce920759ee85035f8c883a872cb0633d2aaf

New changelog entries:
  * Debconf translations:
    - Dutch (thanks, Frans Spiesschaert; closes: #765851).
  * Assume that dpkg-statoverride exists and drop the test for an obsolete
    compatibility path.

6343ce9... by Colin Watson on 2014-10-10

Import patches-unapplied version 1:6.7p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ad72db5881f704dfbc1d6518b8aabe4df7187ffe

New changelog entries:
  * debian/tests/control: Drop isolation-container, since the tests run on a
    high port. They're still not guaranteed to run correctly in an schroot,
    but may manage to work, so this lets the tests at least try to run on
    ci.debian.net.

ad72db5... by Colin Watson on 2014-10-09

Import patches-unapplied version 1:6.7p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a94068afc4b1d22ad58528df20c0f370e4eb4657

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-6.7):
    - sshd(8): The default set of ciphers and MACs has been altered to
      remove unsafe algorithms. In particular, CBC ciphers and arcfour* are
      disabled by default. The full set of algorithms remains available if
      configured explicitly via the Ciphers and MACs sshd_config options.
    - ssh(1), sshd(8): Add support for Unix domain socket forwarding. A
      remote TCP port may be forwarded to a local Unix domain socket and
      vice versa or both ends may be a Unix domain socket (closes: #236718).
    - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519
      key types.
    - sftp(1): Allow resumption of interrupted uploads.
    - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is
      the same as the one sent during initial key exchange.
    - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses
      when GatewayPorts=no; allows client to choose address family.
    - sshd(8): Add a sshd_config PermitUserRC option to control whether
      ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys
      option.
    - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that
      expands to a unique identifer based on a hash of the tuple of (local
      host, remote user, hostname, port). Helps avoid exceeding miserly
      pathname limits for Unix domain sockets in multiplexing control paths.
    - sshd(8): Make the "Too many authentication failures" message include
      the user, source address, port and protocol in a format similar to the
      authentication success / failure messages.
    - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is
      available. It considers time spent suspended, thereby ensuring
      timeouts (e.g. for expiring agent keys) fire correctly (closes:
      #734553).
    - Use prctl() to prevent sftp-server from accessing
      /proc/self/{mem,maps}.
  * Restore TCP wrappers support, removed upstream in 6.7. It is true that
    dropping this reduces preauth attack surface in sshd. On the other
    hand, this support seems to be quite widely used, and abruptly dropping
    it (from the perspective of users who don't read openssh-unix-dev) could
    easily cause more serious problems in practice. It's not entirely clear
    what the right long-term answer for Debian is, but it at least probably
    doesn't involve dropping this feature shortly before a freeze.
  * Replace patch to disable OpenSSL version check with an updated version
    of Kurt Roeckx's patch from #732940 to just avoid checking the status
    field.
  * Build-depend on a new enough dpkg-dev for dpkg-buildflags, rather than
    simply a new enough dpkg.
  * Simplify debian/rules using /usr/share/dpkg/buildflags.mk.
  * Use Package-Type rather than XC-Package-Type, now that it is an official
    field.
  * Run a subset of the upstream regression test suite at package build
    time, and the rest of it under autopkgtest.