-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 18 Dec 2023 22:35:25 +0000 Source: openssh Architecture: source Version: 1:9.6p1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Closes: 1049995 1057835 Changes: openssh (1:9.6p1-1) unstable; urgency=medium . * Use single quotes in suggested ssh-keygen commands (closes: #1057835). * Debconf translations: - Catalan (thanks, Pablo Huguet; closes: #1049995). * New upstream release (https://www.openssh.com/releasenotes.html#9.6p1): - [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to thwart the so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a limited break of the integrity of the early encrypted SSH transport protocol by sending extra messages prior to the commencement of encryption, and deleting an equal number of consecutive messages immediately after encryption starts. A peer SSH client/server would not be able to detect that messages were deleted. - [SECURITY] ssh-agent(1): when adding PKCS#11-hosted private keys while specifying destination constraints, if the PKCS#11 token returned multiple keys then only the first key had the constraints applied. Use of regular private keys, FIDO tokens and unconstrained keys are unaffected. - [SECURITY] ssh(1): if an invalid user or hostname that contained shell metacharacters was passed to ssh(1), and a ProxyCommand, LocalCommand directive or "match exec" predicate referenced the user or hostname via %u, %h or similar expansion token, then an attacker who could supply arbitrary user/hostnames to ssh(1) could potentially perform command injection depending on what quoting was present in the user-supplied ssh_config(5) directive. OpenSSH 9.6 now bans most shell metacharacters from user and hostnames supplied via the command-line. - ssh(1), sshd(8): the RFC4254 connection/channels protocol provides a TCP-like window mechanism that limits the amount of data that can be sent without acceptance from the peer. In cases where this limit was exceeded by a non-conforming peer SSH implementation, ssh(1)/sshd(8) previously discarded the extra data. From OpenSSH 9.6, ssh(1)/sshd(8) will now terminate the connection if a peer exceeds the window limit by more than a small grace factor. This change should have no effect of SSH implementations that follow the specification. - ssh(1): add a %j token that expands to the configured ProxyJump hostname (or the empty string if this option is not being used) that can be used in a number of ssh_config(5) keywords. - ssh(1): add ChannelTimeout support to the client, mirroring the same option in the server and allowing ssh(1) to terminate quiescent channels. - ssh(1), sshd(8), ssh-add(1), ssh-keygen(1): add support for reading ED25519 private keys in PEM PKCS8 format. Previously only the OpenSSH private key format was supported. - ssh(1), sshd(8): introduce a protocol extension to allow renegotiation of acceptable signature algorithms for public key authentication after the server has learned the username being used for authentication. This allows varying sshd_config(5) PubkeyAcceptedAlgorithms in a "Match user" block. - ssh-add(1), ssh-agent(1): add an agent protocol extension to allow specifying certificates when loading PKCS#11 keys. This allows the use of certificates backed by PKCS#11 private keys in all OpenSSH tools that support ssh-agent(1). Previously only ssh(1) supported this use-case. - ssh(1): when deciding whether to enable the keystroke timing obfuscation, enable it only if a channel with a TTY is active. - ssh(1): switch mainloop from poll(3) to ppoll(3) and mask signals before checking flags set in signal handler. Avoids potential race condition between signaling ssh to exit and polling. - ssh(1): when connecting to a destination with both the AddressFamily and CanonicalizeHostname directives in use, the AddressFamily directive could be ignored. - sftp(1): correct handling of the limits@openssh.com option when the server returned an unexpected message. - ssh(1): release GSS OIDs only at end of authentication, avoiding unnecessary init/cleanup cycles. - ssh_config(5): mention "none" is a valid argument to IdentityFile in the manual. - scp(1): improved debugging for paths from the server rejected for not matching the client's glob(3) pattern in old SCP/RCP protocol mode. - ssh-agent(1): refuse signing operations on destination-constrained keys if a previous session-bind operation has failed. This may prevent a fail-open situation in future if a user uses a mismatched ssh(1) client and ssh-agent(1) where the client supports a key type that the agent does not support. * debian/run-tests: Supply absolute paths to tools. * debian/run-tests: Enable interop tests for Dropbear. Checksums-Sha1: d3eace8dce5cdf66c48c04524170261e07e1c363 3344 openssh_9.6p1-1.dsc de300d09ec79fdbf37de4e6672cce4161439f2c3 1857862 openssh_9.6p1.orig.tar.gz 63c241035c665da9284965575cd96e0467bf09c1 833 openssh_9.6p1.orig.tar.gz.asc 4e9091137627c3499d4752959c72151302c1edfd 187648 openssh_9.6p1-1.debian.tar.xz Checksums-Sha256: a41c76ab7a4a9859911a9544649dbff4d2e2f488ebdda4d716e20b0fbd5f3208 3344 openssh_9.6p1-1.dsc 910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c 1857862 openssh_9.6p1.orig.tar.gz 9b1e931cbc811f02e91f7eacd55f8211cc45dade11975462f4b0dcdad29927aa 833 openssh_9.6p1.orig.tar.gz.asc 4acec5879df194b4ff45d821a32a97a3bcfc1df70cb6bfa5cc82b41487d94dc9 187648 openssh_9.6p1-1.debian.tar.xz Files: 5437c48184621f81eb013447ea535a10 3344 net standard openssh_9.6p1-1.dsc 5e90def5af3ffb27e149ca6fff12bef3 1857862 net standard openssh_9.6p1.orig.tar.gz a9aaf09b36b23327431072ed804d7094 833 net standard openssh_9.6p1.orig.tar.gz.asc a5b8ac5913fb44b1bbb64146e8d1e2f6 187648 net standard openssh_9.6p1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmWAybkACgkQOTWH2X2G UAvJoxAAm5xDxAmsWRPQP2tVdlLmk0uq9vqgsqQXmUnZb3qMNXVikkNMbilm/s6X QicZSpZUq5ldOaKt1176NH0FbMbi+72TgM+d8xSaBbaU4U73gFHXIzb0qH+lI9vr rv0kpM8lhyhmGa1vC39O1Hv1/BFQYENmf3rLpYwS/vkqR+kHyDiOORqMyYobBlXX sq+bz1tWvgGzJjeEVoWzzov66WZ5MvbE/Se5jlem1+8zLcIfvtPTkcKEVHxpnsyV Io0bnrAcoGfnpF389oxdgh6FZRYxZxV+rGme1OfbL16Dt4h4Z8p0PGEUI94Kzhxv ou8fg2HgmHB2RbaaskdMlBRPZWQtE3Hv0/RXGFGzqh43tKiKUhg4kAIgrczuu4nE u4J1UrmUbIOeyedss1SyxqAC87cyAOCjPXB3Nz8hASZG/9PL3ClFKLM6xYyyL7CT p/ehPG/fxdYGJk2ySAJPqZeaueQpdeYTEtGu4pnCFXI9RvvEvpa4dTbHArSO1ajp 7QDbdadvP+KL42BGRyChBvKZem0Rpu3YDj6lmnuwEALSomZcbtnFc0PE0kYaibae NYgXh9hJDTaU6qZlcuuHbpr4F8r7kW9+9fWF7fcWjstt87c281rD0kAwpTdTLnlS Vyyj5OFB7AePLOUDUDj521Esmy/F4mc2mLvA4Eod3tkIad2yMwA= =fI/z -----END PGP SIGNATURE-----