./security/openssh, Open Source Secure shell client and server (remote login program)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 7.9.1, Package name: openssh-7.9.1, Maintainer: pkgsrc-users

OpenSSH is based on the last free version of Tatu Ylonen's SSH with
all patent-encumbered algorithms removed (to external libraries), all
known security bugs fixed, new features reintroduced and many other
clean-ups. More information about SSH itself can be found in the file
README.Ylonen. OpenSSH has been created by Aaron Campbell, Bob Beck,
Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.

This port consists of the re-introduction of autoconf support, PAM
support (for Linux and Solaris), EGD[1] support, SOCKS support (using
the Dante [6] libraries and replacements for OpenBSD library functions
that are (regrettably) absent from other unices. This port has been
best tested on Linux, Solaris, HPUX, NetBSD and Irix. Support for AIX,
SCO, NeXT and other Unices is underway. This version actively tracks
changes in the OpenBSD CVS repository.

MESSAGE.Interix [+/-]
MESSAGE.pam [+/-]
MESSAGE.urandom [+/-]

Required to build:
[pkgtools/cwrappers]

Package options: openssl, pam

Master sites: (Expand)

SHA1: 993aceedea8ecabb1d0dd7293508a361891c4eaa
RMD160: 236617fb9c04dcca12f9d56b5975efda4e798f53
Filesize: 1528.695 KB

Version history: (Expand)


CVS history: (Expand)


   2019-01-18 21:13:37 by Tobias Nygren | Files touched by this commit (12)
Log message:
OpenSSH 7.9

Potentially-incompatible changes
================================
 * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
   option (see below) bans the use of DSA keys as certificate
   authorities.
 * sshd(8): the authentication success/failure log message has
   changed format slightly. It now includes the certificate
   fingerprint (previously it included only key ID and CA key
   fingerprint).

New Features
------------
 * ssh(1), sshd(8): allow most port numbers to be specified using
   service names from getservbyname(3) (typically /etc/services).
 * ssh(1): allow the IdentityAgent configuration directive to accept
   environment variable names. This supports the use of multiple
   agent sockets without needing to use fixed paths.
 * sshd(8): support signalling sessions via the SSH protocol.
   A limited subset of signals is supported and only for login or
   command sessions (i.e. not subsystems) that were not subject to
   a forced command via authorized_keys or sshd_config. bz#1424
 * ssh(1): support "ssh -Q sig" to list supported signature options.
   Also "ssh -Q help" to show the full set of supported queries.
 * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
   client and server configs to allow control over which signature
   formats are allowed for CAs to sign certificates. For example,
   this allows banning CAs that sign certificates using the RSA-SHA1
   signature algorithm.
 * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
   revoke keys specified by SHA256 hash.
 * ssh-keygen(1): allow creation of key revocation lists directly
   from base64-encoded SHA256 fingerprints. This supports revoking
   keys using only the information contained in sshd(8)
   authentication log messages.

Bugfixes
--------
 * ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when
   attempting to load PEM private keys while using an incorrect
   passphrase. bz#2901
 * sshd(8): when a channel closed message is received from a client,
   close the stderr file descriptor at the same time stdout is
   closed. This avoids stuck processes if they were waiting for
   stderr to close and were insensitive to stdin/out closing. bz#2863
 * ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11
   forwarding timeout and support X11 forwarding indefinitely.
   Previously the behaviour of ForwardX11Timeout=0 was undefined.
 * sshd(8): when compiled with GSSAPI support, cache supported method
   OIDs regardless of whether GSSAPI authentication is enabled in the
   main section of sshd_config. This avoids sandbox violations if
   GSSAPI authentication was later enabled in a Match block. bz#2107
 * sshd(8): do not fail closed when configured with a text key
   revocation list that contains a too-short key. bz#2897
 * ssh(1): treat connections with ProxyJump specified the same as
   ones with a ProxyCommand set with regards to hostname
   canonicalisation (i.e. don't try to canonicalise the hostname
   unless CanonicalizeHostname is set to 'always'). bz#2896
 * ssh(1): fix regression in OpenSSH 7.8 that could prevent public-
   key authentication using certificates hosted in a ssh-agent(1)
   or against sshd(8) from OpenSSH <7.8.

Portability
-----------
 * All: support building against the openssl-1.1 API (releases 1.1.0g
   and later). The openssl-1.0 API will remain supported at least
   until OpenSSL terminates security patch support for that API version.
 * sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox;
   apparently required by some glibc/OpenSSL combinations.
 * sshd(8): handle getgrouplist(3) returning more than
   _SC_NGROUPS_MAX groups. Some platforms consider this limit more
   as a guideline.

OpenSSH 7.8:

Potentially-incompatible changes
================================
 * ssh-keygen(1): write OpenSSH format private keys by default
   instead of using OpenSSL's PEM format. The OpenSSH format,
   supported in OpenSSH releases since 2014 and described in the
   PROTOCOL.key file in the source distribution, offers substantially
   better protection against offline password guessing and supports
   key comments in private keys. If necessary, it is possible to write
   old PEM-style keys by adding "-m PEM" to ssh-keygen's arguments
   when generating or updating a key.
 * sshd(8): remove internal support for S/Key multiple factor
   authentication. S/Key may still be used via PAM or BSD auth.
 * ssh(1): remove vestigal support for running ssh(1) as setuid. This
   used to be required for hostbased authentication and the (long
   gone) rhosts-style authentication, but has not been necessary for
   a long time. Attempting to execute ssh as a setuid binary, or with
   uid != effective uid will now yield a fatal error at runtime.
 * sshd(8): the semantics of PubkeyAcceptedKeyTypes and the similar
   HostbasedAcceptedKeyTypes options have changed. These now specify
   signature algorithms that are accepted for their respective
   authentication mechanism, where previously they specified accepted
   key types. This distinction matters when using the RSA/SHA2
   signature algorithms "rsa-sha2-256", "rsa-sha2-512" and their
   certificate counterparts. Configurations that override these
   options but omit these algorithm names may cause unexpected
   authentication failures (no action is required for configurations
   that accept the default for these options).
 * sshd(8): the precedence of session environment variables has
   changed. ~/.ssh/environment and environment="..." options in
   authorized_keys files can no longer override SSH_* variables set
   implicitly by sshd.
 * ssh(1)/sshd(8): the default IPQoS used by ssh/sshd has changed.
   They will now use DSCP AF21 for interactive traffic and CS1 for
   bulk.  For a detailed rationale, please see the commit message:
   https://cvsweb.openbsd.org/src/usr.bin/ … c#rev1.284

New Features
------------
 * ssh(1)/sshd(8): add new signature algorithms "rsa-sha2-256-cert-
   v01@openssh.com" and "rsa-sha2-512-cert-v01@openssh.com" to
   explicitly force use of RSA/SHA2 signatures in authentication.
 * sshd(8): extend the PermitUserEnvironment option to accept a
   whitelist of environment variable names in addition to global
   "yes" or "no" settings.
 * sshd(8): add a PermitListen directive to sshd_config(5) and a
   corresponding permitlisten= authorized_keys option that control
   which listen addresses and port numbers may be used by remote
   forwarding (ssh -R ...).
 * sshd(8): add some countermeasures against timing attacks used for
   account validation/enumeration. sshd will enforce a minimum time
   or each failed authentication attempt consisting of a global 5ms
   minimum plus an additional per-user 0-4ms delay derived from a
   host secret.
 * sshd(8): add a SetEnv directive to allow an administrator to
   explicitly specify environment variables in sshd_config.
   Variables set by SetEnv override the default and client-specified
   environment.
 * ssh(1): add a SetEnv directive to request that the server sets
   an environment variable in the session. Similar to the existing
   SendEnv option, these variables are set subject to server
   configuration.
 * ssh(1): allow "SendEnv -PATTERN" to clear environment variables
   previously marked for sending to the server. bz#1285
 * ssh(1)/sshd(8): make UID available as a %-expansion everywhere
   that the username is available currently. bz#2870
 * ssh(1): allow setting ProxyJump=none to disable ProxyJump
   functionality. bz#2869

Bugfixes
--------
 * sshd(8): avoid observable differences in request parsing that could
   be used to determine whether a target user is valid.
 * all: substantial internal refactoring
 * ssh(1)/sshd(8): fix some memory leaks; bz#2366
 * ssh(1): fix a pwent clobber (introduced in openssh-7.7) that could
   occur during key loading, manifesting as crash on some platforms.
 * sshd_config(5): clarify documentation for AuthenticationMethods
   option; bz#2663
 * ssh(1): ensure that the public key algorithm sent in a
   public key SSH_MSG_USERAUTH_REQUEST matches the content of the
   signature blob. Previously, these could be inconsistent when a
   legacy or non-OpenSSH ssh-agent returned a RSA/SHA1 signature
   when asked to make a RSA/SHA2 signature.
 * sshd(8): fix failures to read authorized_keys caused by faulty
   supplemental group caching. bz#2873
 * scp(1): apply umask to directories, fixing potential mkdir/chmod
   race when copying directory trees bz#2839
 * ssh-keygen(1): return correct exit code when searching for and
   hashing known_hosts entries in a single operation; bz#2772
 * ssh(1): prefer the ssh binary pointed to via argv[0] to $PATH when
   re-executing ssh for ProxyJump. bz#2831
 * sshd(8): do not ban PTY allocation when a sshd session is
   restricted because the user password is expired as it breaks
   password change dialog. (regression in openssh-7.7).
 * ssh(1)/sshd(8): fix error reporting from select() failures.
 * ssh(1): improve documentation for -w (tunnel) flag, emphasising
   that -w implicitly sets Tunnel=point-to-point. bz#2365
 * ssh-agent(1): implement EMFILE mitigation for ssh-agent. ssh-agent
   will no longer spin when its file descriptor limit is exceeded.
   bz#2576
 * ssh(1)/sshd(8): disable SSH2_MSG_DEBUG messages for Twisted Conch
   clients. Twisted Conch versions that lack a version number in
   their identification strings will mishandle these messages when
   running on Python 2.x (https://twistedmatrix.com/trac/ticket/9422)
 * sftp(1): notify user immediately when underlying ssh process dies
   expectedly. bz#2719
 * ssh(1)/sshd(8): fix tunnel forwarding; regression in 7.7 release.
   bz#2855
 * ssh-agent(1): don't kill ssh-agent's listening socket entirely if
   it fails to accept(2) a connection. bz#2837
 * sshd(8): relax checking of authorized_keys environment="..."
   options to allow underscores in variable names (regression
   introduced in 7.7). bz#2851
 * ssh(1): add some missing options in the configuration dump output
   (ssh -G). bz#2835

Portability
-----------
 * sshd(8): Expose details of completed authentication to PAM auth
   modules via SSH_AUTH_INFO_0 in the PAM environment. bz#2408
 * Fix compilation problems caused by fights between zlib and OpenSSL
   colliding uses of "free_func"
 * Improve detection of unsupported compiler options. Recently these
   may have manifested as "unsupported -Wl,-z,retpoline" warnings
   during linking.
 * sshd(8): some sandbox support for Linux/s390 bz#2752.
 * regress tests: unbreak key-options.sh test on platforms without
   openpty(3). bz#2856
 * use getrandom(2) for PRNG seeding when built without OpenSSL.

OpenSSH 7.7:

Potentially-incompatible changes
================================
 * ssh(1)/sshd(8): Drop compatibility support for some very old SSH
   implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These
   versions were all released in or before 2001 and predate the final
   SSH RFCs. The support in question isn't necessary for RFC-compliant
   SSH implementations.

New Features
------------
 * All: Add experimental support for PQC XMSS keys (Extended Hash-
   Based Signatures) based on the algorithm described in
   https://tools.ietf.org/html/draft-irtf- … natures-12
   The XMSS signature code is experimental and not compiled in by
   default.
 * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword
   to allow conditional configuration that depends on which routing
   domain a connection was received on (currently supported on OpenBSD
   and Linux).
 * sshd_config(5): Add an optional rdomain qualifier to the
   ListenAddress directive to allow listening on different routing
   domains. This is supported only on OpenBSD and Linux at present.
 * sshd_config(5): Add RDomain directive to allow the authenticated
   session to be placed in an explicit routing domain. This is only
   supported on OpenBSD at present.
 * sshd(8): Add "expiry-time" option for authorized_keys files to
   allow for expiring keys.
 * ssh(1): Add a BindInterface option to allow binding the outgoing
   connection to an interface's address (basically a more usable
   BindAddress)
 * ssh(1): Expose device allocated for tun/tap forwarding via a new
   %T expansion for LocalCommand. This allows LocalCommand to be used
   to prepare the interface.
 * sshd(8): Expose the device allocated for tun/tap forwarding via a
   new SSH_TUNNEL environment variable. This allows automatic setup of
   the interface and surrounding network configuration automatically on
   the server.
 * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, e.g.
   ssh://user@host or sftp://user@host/path.  Additional connection
   parameters described in draft-ietf-secsh-scp-sftp-ssh-uri-04 are not
   implemented since the ssh fingerprint format in the draft uses the
   deprecated MD5 hash with no way to specify the any other algorithm.
 * ssh-keygen(1): Allow certificate validity intervals that specify
   only a start or stop time (instead of both or neither).
 * sftp(1): Allow "cd" and "lcd" commands with no explicit path
   argument. lcd will change to the local user's home directory as
   usual. cd will change to the starting directory for session (because
   the protocol offers no way to obtain the remote user's home
   directory). bz#2760
 * sshd(8): When doing a config test with sshd -T, only require the
   attributes that are actually used in Match criteria rather than (an
   incomplete list of) all criteria.

Bugfixes
--------

 * ssh(1)/sshd(8): More strictly check signature types during key
   exchange against what was negotiated. Prevents downgrade of RSA
   signatures made with SHA-256/512 to SHA-1.
 * sshd(8): Fix support for client that advertise a protocol version
   of "1.99" (indicating that they are prepared to accept both SSHv1 and
   SSHv2). This was broken in OpenSSH 7.6 during the removal of SSHv1
   support. bz#2810
 * ssh(1): Warn when the agent returns a ssh-rsa (SHA1) signature when
   a rsa-sha2-256/512 signature was requested. This condition is possible
   when an old or non-OpenSSH agent is in use. bz#2799
 * ssh-agent(1): Fix regression introduced in 7.6 that caused ssh-agent
   to fatally exit if presented an invalid signature request message.
 * sshd_config(5): Accept yes/no flag options case-insensitively, as
   has been the case in ssh_config(5) for a long time. bz#2664
 * ssh(1): Improve error reporting for failures during connection.
   Under some circumstances misleading errors were being shown. bz#2814
 * ssh-keyscan(1): Add -D option to allow printing of results directly
   in SSHFP format. bz#2821
 * regress tests: fix PuTTY interop test broken in last release's SSHv1
   removal. bz#2823
 * ssh(1): Compatibility fix for some servers that erroneously drop the
   connection when the IUTF8 (RFC8160) option is sent.
 * scp(1): Disable RemoteCommand and RequestTTY in the ssh session
   started by scp (sftp was already doing this.)
 * ssh-keygen(1): Refuse to create a certificate with an unusable
   number of principals.
 * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write all the
   public key during key generation. Previously it would silently
   ignore errors writing the comment and terminating newline.
 * ssh(1): Do not modify hostname arguments that are addresses by
   automatically forcing them to lower-case. Instead canonicalise them
   to resolve ambiguities (e.g. ::0001 => ::1) before they are matched
   against known_hosts. bz#2763
 * ssh(1): Don't accept junk after "yes" or "no" responses \ 
to hostkey
   prompts. bz#2803
 * sftp(1): Have sftp print a warning about shell cleanliness when
   decoding the first packet fails, which is usually caused by shells
   polluting stdout of non-interactive startups. bz#2800
 * ssh(1)/sshd(8): Switch timers in packet code from using wall-clock
   time to monotonic time, allowing the packet layer to better function
   over a clock step and avoiding possible integer overflows during
   steps.
 * Numerous manual page fixes and improvements.

Portability
-----------
 * sshd(8): Correctly detect MIPS ABI in use at configure time. Fixes
   sandbox violations on some environments.
 * sshd(8): Remove UNICOS support. The hardware and software are literal
   museum pieces and support in sshd is too intrusive to justify
   maintaining.
 * All: Build and link with "retpoline" flags when available to mitigate
   the "branch target injection" style (variant 2) of the Spectre
   branch-prediction vulnerability.
 * All: Add auto-generated dependency information to Makefile.
 * Numerous fixed to the RPM spec files.
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-01-02 06:37:24 by Maya Rashish | Files touched by this commit (25)
Log message:
Remove traces of crypto restrictions from packages.

ok for idea riastradh.
   2017-10-04 13:44:14 by Thomas Klausner | Files touched by this commit (3) | Package updated
Log message:
openssh: update to 7.6.1.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1): delete SSH protocol version 1 support, associated
   configuration options and documentation.

 * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

 * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
   ciphers.

 * Refuse RSA keys <1024 bits in length and improve reporting for keys
   that do not meet this requirement.

 * ssh(1): do not offer CBC ciphers by default.

Changes since OpenSSH 7.5
=========================

This is primarily a bugfix release. It also contains substantial
internal refactoring.

Security
--------

 * sftp-server(8): in read-only mode, sftp-server was incorrectly
   permitting creation of zero-length files. Reported by Michal
   Zalewski.

New Features
------------

 * ssh(1): add RemoteCommand option to specify a command in the ssh
   config file instead of giving it on the client's command line. This
   allows the configuration file to specify the command that will be
   executed on the remote host.

 * sshd(8): add ExposeAuthInfo option that enables writing details of
   the authentication methods used (including public keys where
   applicable) to a file that is exposed via a $SSH_USER_AUTH
   environment variable in the subsequent session.

 * ssh(1): add support for reverse dynamic forwarding. In this mode,
   ssh will act as a SOCKS4/5 proxy and forward connections
   to destinations requested by the remote SOCKS client. This mode
   is requested using extended syntax for the -R and RemoteForward
   options and, because it is implemented solely at the client,
   does not require the server be updated to be supported.

 * sshd(8): allow LogLevel directive in sshd_config Match blocks;
   bz#2717

 * ssh-keygen(1): allow inclusion of arbitrary string or flag
   certificate extensions and critical options.

 * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
   a CA when signing certificates. bz#2377

 * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
   ToS/DSCP value and just use the operating system default.

 * ssh-add(1): added -q option to make ssh-add quiet on success.

 * ssh(1): expand the StrictHostKeyChecking option with two new
   settings. The first "accept-new" will automatically accept
   hitherto-unseen keys but will refuse connections for changed or
   invalid hostkeys. This is a safer subset of the current behaviour
   of StrictHostKeyChecking=no. The second setting "off", is a synonym
   for the current behaviour of StrictHostKeyChecking=no: accept new
   host keys, and continue connection for hosts with incorrect
   hostkeys. A future release will change the meaning of
   StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

 * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
   option in sshd(8). bz#2705

Bugfixes
--------

 * ssh(1): use HostKeyAlias if specified instead of hostname for
   matching host certificate principal names; bz#2728

 * sftp(1): implement sorting for globbed ls; bz#2649

 * ssh(1): add a user@host prefix to client's "Permission denied"
   messages, useful in particular when using "stacked" connections
   (e.g. ssh -J) where it's not clear which host is denying. bz#2720

 * ssh(1): accept unknown EXT_INFO extension values that contain \0
   characters. These are legal, but would previously cause fatal
   connection errors if received.

 * ssh(1)/sshd(8): repair compression statistics printed at
   connection exit

 * sftp(1): print '?' instead of incorrect link count (that the
   protocol doesn't provide) for remote listings. bz#2710

 * ssh(1): return failure rather than fatal() for more cases during
   session multiplexing negotiations. Causes the session to fall back
   to a non-mux connection if they occur. bz#2707

 * ssh(1): mention that the server may send debug messages to explain
   public key authentication problems under some circumstances; bz#2709

 * Translate OpenSSL error codes to better report incorrect passphrase
   errors when loading private keys; bz#2699

 * sshd(8): adjust compatibility patterns for WinSCP to correctly
   identify versions that implement only the legacy DH group exchange
   scheme. bz#2748

 * ssh(1): print the "Killed by signal 1" message only at LogLevel
   verbose so that it is not shown at the default level; prevents it
   from appearing during ssh -J and equivalent ProxyCommand configs.
   bz#1906, bz#2744

 * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
   existing keys if they exist but are zero length. zero-length keys
   could previously be made if ssh-keygen failed or was interrupted part
   way through generating them. bz#2561

 * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
   place the current session in the background.

 * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734

 * sshd(8): avoid reliance on shared use of pointers shared between
   monitor and child sshd processes. bz#2704

 * sshd_config(8): document available AuthenticationMethods; bz#2453

 * ssh(1): avoid truncation in some login prompts; bz#2768

 * sshd(8): Fix various compilations failures, inc bz#2767

 * ssh(1): make "--" before the hostname terminate argument processing
   after the hostname too.

 * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
   new-style private keys. Fixes problems related to private key
   handling for no-OpenSSL builds. bz#2754

 * ssh(1): warn and do not attempt to use keys when the public and
   private halves do not match. bz#2737

 * sftp(1): don't print verbose error message when ssh disconnects
   from under sftp. bz#2750

 * sshd(8): fix keepalive scheduling problem: activity on a forwarded
   port from preventing the keepalive from being sent; bz#2756

 * sshd(8): when started without root privileges, don't require the
   privilege separation user or path to exist. Makes running the
   regression tests easier without touching the filesystem.

 * Make integrity.sh regression tests more robust against timeouts.
   bz#2658

 * ssh(1)/sshd(8): correctness fix for channels implementation: accept
   channel IDs greater than 0x7FFFFFFF.

Portability
-----------

 * sshd(9): drop two more privileges in the Solaris sandbox:
   PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723

 * sshd(8): expose list of completed authentication methods to PAM
   via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408

 * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
   mostly to do with host/network byte order confusion. bz#2735

 * Add --with-cflags-after and --with-ldflags-after configure flags to
   allow setting CFLAGS/LDFLAGS after configure has completed. These
   are useful for setting sanitiser/fuzzing options that may interfere
   with configure's operation.

 * sshd(8): avoid Linux seccomp violations on ppc64le over the
   socketcall syscall.

 * Fix use of ldns when using ldns-config; bz#2697

 * configure: set cache variables when cross-compiling. The cross-
   compiling fallback message was saying it assumed the test passed,
   but it wasn't actually set the cache variables and this would
   cause later tests to fail.

 * Add clang libFuzzer harnesses for public key parsing and signature
   verification.
   2017-07-24 18:33:22 by Havard Eidnes | Files touched by this commit (2) | Package updated
Log message:
Include 'pam' in the suggested/default list of options on NetBSD.
Add LICENSE setting, near as I can tell "modified-bsd".
Bump PKGREVISION.
   2017-05-31 11:30:22 by Jonathan Perkin | Files touched by this commit (4) | Package updated
Log message:
Update security/openssh to 7.5p1.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * This release deprecates the sshd_config UsePrivilegeSeparation
   option, thereby making privilege separation mandatory. Privilege
   separation has been on by default for almost 15 years and
   sandboxing has been on by default for almost the last five.

 * The format of several log messages emitted by the packet code has
   changed to include additional information about the user and
   their authentication state. Software that monitors ssh/sshd logs
   may need to account for these changes. For example:

   Connection closed by user x 1.1.1.1 port 1234 [preauth]
   Connection closed by authenticating user x 10.1.1.1 port 1234 [preauth]
   Connection closed by invalid user x 1.1.1.1 port 1234 [preauth]

   Affected messages include connection closure, timeout, remote
   disconnection, negotiation failure and some other fatal messages
   generated by the packet code.

 * [Portable OpenSSH only] This version removes support for building
   against OpenSSL versions prior to 1.0.1. OpenSSL stopped supporting
   versions prior to 1.0.1 over 12 months ago (i.e. they no longer
   receive fixes for security bugs).

Changes since OpenSSH 7.4
=========================

This is a bugfix release.

Security
--------

 * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
   that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
   Note that the OpenSSH client disables CBC ciphers by default, sshd
   offers them as lowest-preference options and will remove them by
   default entriely in the next release. Reported by Jean Paul
   Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
   Royal Holloway, University of London.

 * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
   a recursive file transfer could be maniuplated by a hostile server to
   perform a path-traversal attack. creating or modifying files outside
   of the intended target directory. Reported by Jann Horn of Google
   Project Zero.

New Features
------------

 * ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
   algorithm lists, e.g. Ciphers=-*cbc. bz#2671

Bugfixes
--------

 * sshd(1): Fix NULL dereference crash when key exchange start
   messages are sent out of sequence.

 * ssh(1), sshd(8): Allow form-feed characters to appear in
   configuration files.

 * sshd(8): Fix regression in OpenSSH 7.4 support for the
   server-sig-algs extension, where SHA2 RSA signature methods were
   not being correctly advertised. bz#2680

 * ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
   known_hosts processing. bz#2591 bz#2685

 * ssh(1): Allow ssh to use certificates accompanied by a private key
   file but no corresponding plain *.pub public key. bz#2617

 * ssh(1): When updating hostkeys using the UpdateHostKeys option,
   accept RSA keys if HostkeyAlgorithms contains any RSA keytype.
   Previously, ssh could ignore RSA keys when only the ssh-rsa-sha2-*
   methods were enabled in HostkeyAlgorithms and not the old ssh-rsa
   method. bz#2650

 * ssh(1): Detect and report excessively long configuration file
   lines. bz#2651

 * Merge a number of fixes found by Coverity and reported via Redhat
   and FreeBSD. Includes fixes for some memory and file descriptor
   leaks in error paths. bz#2687

 * ssh-keyscan(1): Correctly hash hosts with a port number. bz#2692

 * ssh(1), sshd(8): When logging long messages to stderr, don't truncate
   "\r\n" if the length of the message exceeds the buffer. bz#2688

 * ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
   line; avoid confusion over IPv6 addresses and shells that treat
   square bracket characters specially.

 * ssh-keygen(1): Fix corruption of known_hosts when running
   "ssh-keygen -H" on a known_hosts containing already-hashed entries.

 * Fix various fallout and sharp edges caused by removing SSH protocol
   1 support from the server, including the server banner string being
   incorrectly terminated with only \n (instead of \r\n), confusing
   error messages from ssh-keyscan bz#2583 and a segfault in sshd
   if protocol v.1 was enabled for the client and sshd_config
   contained references to legacy keys bz#2686.

 * ssh(1), sshd(8): Free fd_set on connection timeout. bz#2683

 * sshd(8): Fix Unix domain socket forwarding for root (regression in
   OpenSSH 7.4).

 * sftp(1): Fix division by zero crash in "df" output when server
   returns zero total filesystem blocks/inodes.

 * ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
   encountered during key loading to more meaningful error codes.
   bz#2522 bz#2523

 * ssh-keygen(1): Sanitise escape sequences in key comments sent to
   printf but preserve valid UTF-8 when the locale supports it;
   bz#2520

 * ssh(1), sshd(8): Return reason for port forwarding failures where
   feasible rather than always "administratively prohibited". bz#2674

 * sshd(8): Fix deadlock when AuthorizedKeysCommand or
   AuthorizedPrincipalsCommand produces a lot of output and a key is
   matched early. bz#2655

 * Regression tests: several reliability fixes. bz#2654 bz#2658 bz#2659

 * ssh(1): Fix typo in ~C error message for bad port forward
   cancellation. bz#2672

 * ssh(1): Show a useful error message when included config files
   can't be opened; bz#2653

 * sshd(8): Make sshd set GSSAPIStrictAcceptorCheck=yes as the manual page
   (previously incorrectly) advertised. bz#2637

 * sshd_config(5): Repair accidentally-deleted mention of %k token
   in AuthorizedKeysCommand; bz#2656

 * sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM; bz#2665

 * ssh-agent(1): Relax PKCS#11 whitelist to include libexec and
   common 32-bit compatibility library directories.

 * sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
   response handling.

 * ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted
   keys. It was not possible to delete them except by specifying
   their full physical path. bz#2682

Portability
-----------

 * sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA
   crypto coprocessor.

 * sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg
   inspection.

 * ssh(1): Fix X11 forwarding on OSX where X11 was being started by
   launchd. bz#2341

 * ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that
   contain non-printable characters where the codeset in use is ASCII.

 * build: Fix builds that attempt to link a kerberised libldns. bz#2603

 * build: Fix compilation problems caused by unconditionally defining
   _XOPEN_SOURCE in wide character detection.

 * sshd(8): Fix sandbox violations for clock_gettime VSDO syscall
   fallback on some Linux/X32 kernels. bz#2142
   2017-01-19 04:50:53 by Maya Rashish | Files touched by this commit (3)
Log message:
GC deprecated logic for openssh without /dev/urandom. This option is no longer
supported by OpenSSH.
   2016-12-30 05:43:16 by Takahiro Kambe | Files touched by this commit (8) | Package updated
Log message:
Update openssh to 7.4.1 (7.4p1), including security fixes.

For full changes, please refer ChangeLog file.

Future deprecation notice
=========================

We plan on retiring more legacy cryptography in future releases,
specifically:

 * In approximately August 2017, removing remaining support for the
   SSH v.1 protocol (client-only and currently compile-time disabled).

 * In the same release, removing support for Blowfish and RC4 ciphers
   and the RIPE-MD160 HMAC. (These are currently run-time disabled).

 * Refusing all RSA keys smaller than 1024 bits (the current minimum
   is 768 bits)

 * The next release of OpenSSH will remove support for running sshd(8)
   with privilege separation disabled.

 * The next release of portable OpenSSH will remove support for
   OpenSSL version prior to 1.0.1.

This list reflects our current intentions, but please check the final
release notes for future releases.

Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * This release removes server support for the SSH v.1 protocol.

 * ssh(1): Remove 3des-cbc from the client's default proposal. 64-bit
   block ciphers are not safe in 2016 and we don't want to wait until
   attacks like SWEET32 are extended to SSH. As 3des-cbc was the
   only mandatory cipher in the SSH RFCs, this may cause problems
   connecting to older devices using the default configuration,
   but it's highly likely that such devices already need explicit
   configuration for key exchange and hostkey algorithms already
   anyway.

 * sshd(8): Remove support for pre-authentication compression.
   Doing compression early in the protocol probably seemed reasonable
   in the 1990s, but today it's clearly a bad idea in terms of both
   cryptography (cf. multiple compression oracle attacks in TLS) and
   attack surface. Pre-auth compression support has been disabled by
   default for >10 years. Support remains in the client.

 * ssh-agent will refuse to load PKCS#11 modules outside a whitelist
   of trusted paths by default. The path whitelist may be specified
   at run-time.

 * sshd(8): When a forced-command appears in both a certificate and
   an authorized keys/principals command= restriction, sshd will now
   refuse to accept the certificate unless they are identical.
   The previous (documented) behaviour of having the certificate
   forced-command override the other could be a bit confusing and
   error-prone.

 * sshd(8): Remove the UseLogin configuration directive and support
   for having /bin/login manage login sessions.

Changes since OpenSSH 7.3
=========================

This is primarily a bugfix release.

Security
--------

 * ssh-agent(1): Will now refuse to load PKCS#11 modules from paths
   outside a trusted whitelist (run-time configurable). Requests to
   load modules could be passed via agent forwarding and an attacker
   could attempt to load a hostile PKCS#11 module across the forwarded
   agent channel: PKCS#11 modules are shared libraries, so this would
   result in code execution on the system running the ssh-agent if the
   attacker has control of the forwarded agent-socket (on the host
   running the sshd server) and the ability to write to the filesystem
   of the host running ssh-agent (usually the host running the ssh
   client). Reported by Jann Horn of Project Zero.

 * sshd(8): When privilege separation is disabled, forwarded Unix-
   domain sockets would be created by sshd(8) with the privileges of
   'root' instead of the authenticated user. This release refuses
   Unix-domain socket forwarding when privilege separation is disabled
   (Privilege separation has been enabled by default for 14 years).
   Reported by Jann Horn of Project Zero.

 * sshd(8): Avoid theoretical leak of host private key material to
   privilege-separated child processes via realloc() when reading
   keys. No such leak was observed in practice for normal-sized keys,
   nor does a leak to the child processes directly expose key material
   to unprivileged users. Reported by Jann Horn of Project Zero.

 * sshd(8): The shared memory manager used by pre-authentication
   compression support had a bounds checks that could be elided by
   some optimising compilers. Additionally, this memory manager was
   incorrectly accessible when pre-authentication compression was
   disabled. This could potentially allow attacks against the
   privileged monitor process from the sandboxed privilege-separation
   process (a compromise of the latter would be required first).
   This release removes support for pre-authentication compression
   from sshd(8). Reported by Guido Vranken using the Stack unstable
   optimisation identification tool (http://css.csail.mit.edu/stack/)

 * sshd(8): Fix denial-of-service condition where an attacker who
   sends multiple KEXINIT messages may consume up to 128MB per
   connection. Reported by Shi Lei of Gear Team, Qihoo 360.

 * sshd(8): Validate address ranges for AllowUser and DenyUsers
   directives at configuration load time and refuse to accept invalid
   ones. It was previously possible to specify invalid CIDR address
   ranges (e.g. user@127.1.2.3/55) and these would always match,
   possibly resulting in granting access where it was not intended.
   Reported by Laurence Parry.