Last commit made on 2019-03-04
Get this branch:
git clone -b ubuntu/xenial-updates https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

58f3f5b... by Marc Deslauriers on 2019-03-04

Import patches-unapplied version 1:7.2p2-4ubuntu2.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2badf1faa74781b21d9f164a4617041f51502fa5

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous

2badf1f... by Marc Deslauriers on 2019-01-31

Import patches-unapplied version 1:7.2p2-4ubuntu2.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 0ae169d3140b5cd023a5b4fd0c9a24a1bd8fd528

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

0ae169d... by Leonidas S. Barbosa on 2018-11-01

Import patches-unapplied version 1:7.2p2-4ubuntu2.6 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 319503be3fb9d49139251a6cacac6082f90ae1e1

New changelog entries:
  [ Ryan Finnie ]
  * SECURITY UPDATE: OpenSSH User Enumeration Vulnerability (LP: #1794629)
    - debian/patches/CVE-2018-15473.patch: delay bailout for invalid
      authenticating user until after the packet containing the request
      has been fully parsed.
    - CVE-2018-15473
  * SECURITY UPDATE: Privsep process chrashing via an out-of-sequence
    - debian/patches/CVE-2016-10708.patch: fix in kex.c,
    - CVE-2016-10708

319503b... by Karl Stenerud on 2018-08-21

Import patches-unapplied version 1:7.2p2-4ubuntu2.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Upload parent: 5c1b475e48084fa29210e93681329901fcbc9186

5c1b475... by Karl Stenerud on 2018-08-21


4248756... by Karl Stenerud on 2018-08-21

        * debian/systemd/ssh.service: Test configuration before starting or
          reloading sshd (LP: #1771340)

6279644... by Marc Deslauriers on 2018-01-15

Import patches-unapplied version 1:7.2p2-4ubuntu2.4 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2b85b955d24dcb5b06ecc205e3685dc2098b65a1

New changelog entries:
  * SECURITY UPDATE: untrusted search path when loading PKCS#11 modules
    - debian/patches/CVE-2016-10009.patch: add a whitelist of paths from
      which ssh-agent will load a PKCS#11 module in ssh-agent.1,
    - debian/patches/CVE-2016-10009-2.patch: fix deletion of PKCS#11 keys
      in ssh-agent.c.
    - debian/patches/CVE-2016-10009-3.patch: relax whitelist in
    - debian/patches/CVE-2016-10009-4.patch: add missing label in
    - CVE-2016-10009
  * SECURITY UPDATE: local privilege escalation via socket permissions when
    privilege separation is disabled
    - debian/patches/CVE-2016-10010.patch: disable Unix-domain socket
      forwarding when privsep is disabled in serverloop.c.
    - debian/patches/CVE-2016-10010-2.patch: unbreak Unix domain socket
      forwarding for root in serverloop.c.
    - CVE-2016-10010
  * SECURITY UPDATE: local information disclosure via effects of realloc on
    buffer contents
    - debian/patches/CVE-2016-10011-pre.patch: split allocation out of
      sshbuf_reserve() in sshbuf.c, sshbuf.h.
    - debian/patches/CVE-2016-10011.patch: pre-allocate the buffer used for
      loading keys in authfile.c.
    - CVE-2016-10011
  * SECURITY UPDATE: local privilege escalation via incorrect bounds check
    in shared memory manager
    - debian/patches/CVE-2016-10012-1.patch: remove support for
      pre-authentication compression in Makefile.in, monitor.c, monitor.h,
      monitor_mm.c, monitor_mm.h, monitor_wrap.h, myproposal.h, opacket.h,
      packet.c, packet.h, servconf.c, sshconnect2.c, sshd.c.
    - debian/patches/CVE-2016-10012-2.patch: restore pre-auth compression
      support in the client in kex.c, kex.h, packet.c, servconf.c,
      sshconnect2.c, sshd_config.5.
    - debian/patches/CVE-2016-10012-3.patch: put back some pre-auth zlib
      bits in kex.c, kex.h, packet.c.
    - CVE-2016-10012
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

2b85b95... by Christian Ehrhardt  on 2017-03-15

Import patches-unapplied version 1:7.2p2-4ubuntu2.2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: f681394e4814811c8fcd883209c0895012e264b1

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

f681394... by Marc Deslauriers on 2016-08-11

Import patches-unapplied version 1:7.2p2-4ubuntu2.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 1e769a346ac1551137f07f1dfaa17b97b8c610cb

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

1e769a3... by Martin Pitt on 2016-07-31

Import patches-unapplied version 1:7.2p2-4ubuntu2 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 10f708de3e0ad3db5ea94906d99f2e168e9e40af

New changelog entries:
  * debian/openssh-server.if-up: Don't block on a finished reload of
    openssh.service, to avoid deadlocking with restarting networking.
    (Closes: #832557, LP: #1584393)