New upstream release (8.0p1)

1 files changed, 126 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 8b18f3506..c272f8fc8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,129 @@
+openssh (1:8.0p1-1) UNRELEASED; urgency=medium
+
+  * New upstream release (https://www.openssh.com/txt/release-8.0, closes:
+    #927792):
+    - ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
+      PKCS#11 tokens (LP: #1665695).
+    - ssh(1), sshd(8): Add experimental quantum-computing resistant key
+      exchange method, based on a combination of Streamlined NTRU Prime
+      4591^761 and X25519.
+    - ssh-keygen(1): Increase the default RSA key size to 3072 bits,
+      following NIST Special Publication 800-57's guidance for a 128-bit
+      equivalent symmetric security level (LP: #1445625).
+    - ssh(1): Allow "PKCS11Provider=none" to override later instances of the
+      PKCS11Provider directive in ssh_config.
+    - sshd(8): Add a log message for situations where a connection is
+      dropped for attempting to run a command but a sshd_config
+      ForceCommand=internal-sftp restriction is in effect.
+    - ssh(1): When prompting whether to record a new host key, accept the
+      key fingerprint as a synonym for "yes".  This allows the user to paste
+      a fingerprint obtained out of band at the prompt and have the client
+      do the comparison for you.
+    - ssh-keygen(1): When signing multiple certificates on a single
+      command-line invocation, allow automatically incrementing the
+      certificate serial number.
+    - scp(1), sftp(1): Accept -J option as an alias to ProxyJump on the scp
+      and sftp command-lines.
+    - ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
+      command-line flags to increase the verbosity of output; pass verbose
+      flags though to subprocesses, such as ssh-pkcs11-helper started from
+      ssh-agent.
+    - ssh-add(1): Add a "-T" option to allowing testing whether keys in an
+      agent are usable by performing a signature and a verification.
+    - sftp-server(8): Add a "lsetstat@openssh.com" protocol extension that
+      replicates the functionality of the existing SSH2_FXP_SETSTAT
+      operation but does not follow symlinks.
+    - sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request they
+      do not follow symlinks.
+    - sshd(8): Expose $SSH_CONNECTION in the PAM environment.  This makes
+      the connection 4-tuple available to PAM modules that wish to use it in
+      decision-making.
+    - sshd(8): Add a ssh_config "Match final" predicate.  Matches in same
+      pass as "Match canonical" but doesn't require hostname
+      canonicalisation be enabled.
+    - sftp(1): Support a prefix of '@' to suppress echo of sftp batch
+      commands.
+    - ssh-keygen(1): When printing certificate contents using "ssh-keygen
+      -Lf /path/certificate", include the algorithm that the CA used to sign
+      the cert.
+    - sshd(8): Fix authentication failures when sshd_config contains
+      "AuthenticationMethods any" inside a Match block that overrides a more
+      restrictive default.
+    - sshd(8): Avoid sending duplicate keepalives when ClientAliveCount is
+      enabled.
+    - sshd(8): Fix two race conditions related to SIGHUP daemon restart.
+      Remnant file descriptors in recently-forked child processes could
+      block the parent sshd's attempt to listen(2) to the configured
+      addresses.  Also, the restarting parent sshd could exit before any
+      child processes that were awaiting their re-execution state had
+      completed reading it, leaving them in a fallback path.
+    - ssh(1): Fix stdout potentially being redirected to /dev/null when
+      ProxyCommand=- was in use.
+    - sshd(8): Avoid sending SIGPIPE to child processes if they attempt to
+      write to stderr after their parent processes have exited.
+    - ssh(1): Fix bad interaction between the ssh_config ConnectTimeout and
+      ConnectionAttempts directives - connection attempts after the first
+      were ignoring the requested timeout (LP: #1798049).
+    - ssh-keyscan(1): Return a non-zero exit status if no keys were found
+      (closes: #374980, LP: #1661745).
+    - scp(1): Sanitize scp filenames to allow UTF-8 characters without
+      terminal control sequences.
+    - sshd(8): Fix confusion between ClientAliveInterval and time-based
+      RekeyLimit that could cause connections to be incorrectly closed.
+    - ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN handling at
+      initial token login.  The attempt to read the PIN could be skipped in
+      some cases, particularly on devices with integrated PIN readers.  This
+      would lead to an inability to retrieve keys from these tokens.
+    - ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the
+      CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the
+      C_SignInit operation.
+    - ssh(1): Improve documentation for ProxyJump/-J, clarifying that local
+      configuration does not apply to jump hosts.
+    - ssh-keygen(1): Clarify manual - ssh-keygen -e only writes public keys,
+      not private.
+    - ssh(1), sshd(8): be more strict in processing protocol banners,
+      allowing \r characters only immediately before \n.
+    - Various: fix a number of memory leaks.
+    - scp(1), sftp(1): fix calculation of initial bandwidth limits.  Account
+      for bytes written before the timer starts and adjust the schedule on
+      which recalculations are performed.  Avoids an initial burst of
+      traffic and yields more accurate bandwidth limits.
+    - sshd(8): Only consider the ext-info-c extension during the initial key
+      eschange.  It shouldn't be sent in subsequent ones, but if it is
+      present we should ignore it.  This prevents sshd from sending a
+      SSH_MSG_EXT_INFO for REKEX for these buggy clients.
+    - ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in
+      authorized_keys) and -R (remove host from authorized_keys) options may
+      accept either a bare hostname or a [hostname]:port combo.
+    - ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK.
+    - sshd(8): Silence error messages when sshd fails to load some of the
+      default host keys.  Failure to load an explicitly-configured hostkey
+      is still an error, and failure to load any host key is still fatal.
+    - ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
+      started with ControlPersist; prevents random ProxyCommand output from
+      interfering with session output.
+    - ssh(1): The ssh client was keeping a redundant ssh-agent socket
+      (leftover from authentication) around for the life of the connection.
+    - sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
+      PubkeyAcceptedKeyTypes options.  If only RSA-SHA2 signature types were
+      specified, then authentication would always fail for RSA keys as the
+      monitor checks only the base key (not the signature algorithm) type
+      against *AcceptedKeyTypes.
+    - ssh(1): Request correct signature types from ssh-agent when
+      certificate keys and RSA-SHA2 signatures are in use.
+    - sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies the
+      user environment if it's enabled (closes: #189920, #532754).
+  * Mostly resynced GSSAPI key exchange patch with Fedora.  Major changes:
+    - Support selection of GSSAPI key exchange algorithms.
+    - Support GSSAPI key exchange methods with DH and SHA2.
+    - Support GSSAPI key exchange using ECDH and SHA2.
+    - Make sure the Kerberos tickets are cleaned up with the user context.
+    - Enable gssapi-keyex authentication without gssapi-with-mic.
+    - Allow querying for GSSAPI key exchange algorithms from ssh (-Q
+      kex-gss).
+
+ -- Colin Watson <cjwatson@debian.org>  Wed, 05 Jun 2019 07:09:47 +0100
+
 openssh (1:7.9p1-10) unstable; urgency=medium
 
   * Temporarily revert IPQoS defaults to pre-7.8 values until issues with