1 files changed, 126 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 8b18f3506..c272f8fc8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,129 @@
+openssh (1:8.0p1-1) UNRELEASED; urgency=medium
+  * New upstream release (https://www.openssh.com/txt/release-8.0, closes:
+    #927792):
+    - ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
+      PKCS#11 tokens (LP: #1665695).
+    - ssh(1), sshd(8): Add experimental quantum-computing resistant key
+      exchange method, based on a combination of Streamlined NTRU Prime
+      4591^761 and X25519.
+    - ssh-keygen(1): Increase the default RSA key size to 3072 bits,
+      following NIST Special Publication 800-57's guidance for a 128-bit
+      equivalent symmetric security level (LP: #1445625).
+    - ssh(1): Allow "PKCS11Provider=none" to override later instances of the
+      PKCS11Provider directive in ssh_config.
+    - sshd(8): Add a log message for situations where a connection is
+      dropped for attempting to run a command but a sshd_config
+      ForceCommand=internal-sftp restriction is in effect.
+    - ssh(1): When prompting whether to record a new host key, accept the
+      key fingerprint as a synonym for "yes".  This allows the user to paste
+      a fingerprint obtained out of band at the prompt and have the client
+      do the comparison for you.
+    - ssh-keygen(1): When signing multiple certificates on a single
+      command-line invocation, allow automatically incrementing the
+      certificate serial number.
+    - scp(1), sftp(1): Accept -J option as an alias to ProxyJump on the scp
+      and sftp command-lines.
+    - ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
+      command-line flags to increase the verbosity of output; pass verbose
+      flags though to subprocesses, such as ssh-pkcs11-helper started from
+      ssh-agent.
+    - ssh-add(1): Add a "-T" option to allowing testing whether keys in an
+      agent are usable by performing a signature and a verification.
+    - sftp-server(8): Add a "lsetstat@openssh.com" protocol extension that
+      replicates the functionality of the existing SSH2_FXP_SETSTAT
+      operation but does not follow symlinks.
+    - sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request they
+      do not follow symlinks.
+    - sshd(8): Expose $SSH_CONNECTION in the PAM environment.  This makes
+      the connection 4-tuple available to PAM modules that wish to use it in
+      decision-making.
+    - sshd(8): Add a ssh_config "Match final" predicate.  Matches in same
+      pass as "Match canonical" but doesn't require hostname
+      canonicalisation be enabled.
+    - sftp(1): Support a prefix of '@' to suppress echo of sftp batch
+      commands.
+    - ssh-keygen(1): When printing certificate contents using "ssh-keygen
+      -Lf /path/certificate", include the algorithm that the CA used to sign
+      the cert.
+    - sshd(8): Fix authentication failures when sshd_config contains
+      "AuthenticationMethods any" inside a Match block that overrides a more
+      restrictive default.
+    - sshd(8): Avoid sending duplicate keepalives when ClientAliveCount is
+      enabled.
+    - sshd(8): Fix two race conditions related to SIGHUP daemon restart.
+      Remnant file descriptors in recently-forked child processes could
+      block the parent sshd's attempt to listen(2) to the configured
+      addresses.  Also, the restarting parent sshd could exit before any
+      child processes that were awaiting their re-execution state had
+      completed reading it, leaving them in a fallback path.
+    - ssh(1): Fix stdout potentially being redirected to /dev/null when
+      ProxyCommand=- was in use.
+    - sshd(8): Avoid sending SIGPIPE to child processes if they attempt to
+      write to stderr after their parent processes have exited.
+    - ssh(1): Fix bad interaction between the ssh_config ConnectTimeout and
+      ConnectionAttempts directives - connection attempts after the first
+      were ignoring the requested timeout (LP: #1798049).
+    - ssh-keyscan(1): Return a non-zero exit status if no keys were found
+      (closes: #374980, LP: #1661745).
+    - scp(1): Sanitize scp filenames to allow UTF-8 characters without
+      terminal control sequences.
+    - sshd(8): Fix confusion between ClientAliveInterval and time-based
+      RekeyLimit that could cause connections to be incorrectly closed.
+    - ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN handling at
+      initial token login.  The attempt to read the PIN could be skipped in
+      some cases, particularly on devices with integrated PIN readers.  This
+      would lead to an inability to retrieve keys from these tokens.
+    - ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the
+      CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the
+      C_SignInit operation.
+    - ssh(1): Improve documentation for ProxyJump/-J, clarifying that local
+      configuration does not apply to jump hosts.
+    - ssh-keygen(1): Clarify manual - ssh-keygen -e only writes public keys,
+      not private.
+    - ssh(1), sshd(8): be more strict in processing protocol banners,
+      allowing \r characters only immediately before \n.
+    - Various: fix a number of memory leaks.
+    - scp(1), sftp(1): fix calculation of initial bandwidth limits.  Account
+      for bytes written before the timer starts and adjust the schedule on
+      which recalculations are performed.  Avoids an initial burst of
+      traffic and yields more accurate bandwidth limits.
+    - sshd(8): Only consider the ext-info-c extension during the initial key
+      eschange.  It shouldn't be sent in subsequent ones, but if it is
+      present we should ignore it.  This prevents sshd from sending a
+      SSH_MSG_EXT_INFO for REKEX for these buggy clients.
+    - ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in
+      authorized_keys) and -R (remove host from authorized_keys) options may
+      accept either a bare hostname or a [hostname]:port combo.
+    - ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK.
+    - sshd(8): Silence error messages when sshd fails to load some of the
+      default host keys.  Failure to load an explicitly-configured hostkey
+      is still an error, and failure to load any host key is still fatal.
+    - ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
+      started with ControlPersist; prevents random ProxyCommand output from
+      interfering with session output.
+    - ssh(1): The ssh client was keeping a redundant ssh-agent socket
+      (leftover from authentication) around for the life of the connection.
+    - sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
+      PubkeyAcceptedKeyTypes options.  If only RSA-SHA2 signature types were
+      specified, then authentication would always fail for RSA keys as the
+      monitor checks only the base key (not the signature algorithm) type
+      against *AcceptedKeyTypes.
+    - ssh(1): Request correct signature types from ssh-agent when
+      certificate keys and RSA-SHA2 signatures are in use.
+    - sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies the
+      user environment if it's enabled (closes: #189920, #532754).
+  * Mostly resynced GSSAPI key exchange patch with Fedora.  Major changes:
+    - Support selection of GSSAPI key exchange algorithms.
+    - Support GSSAPI key exchange methods with DH and SHA2.
+    - Support GSSAPI key exchange using ECDH and SHA2.
+    - Make sure the Kerberos tickets are cleaned up with the user context.
+    - Enable gssapi-keyex authentication without gssapi-with-mic.
+    - Allow querying for GSSAPI key exchange algorithms from ssh (-Q
+      kex-gss).
+ -- Colin Watson <cjwatson@debian.org>  Wed, 05 Jun 2019 07:09:47 +0100
 openssh (1:7.9p1-10) unstable; urgency=medium
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with

diff --git a/debian/changelog b/debian/changelog index 8b18f3506..c272f8fc8 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,129 @@
		1	openssh (1:8.0p1-1) UNRELEASED; urgency=medium
		2
		3	* New upstream release (https://www.openssh.com/txt/release-8.0, closes:
		4	#927792):
		5	- ssh(1), ssh-agent(1), ssh-add(1): Add support for ECDSA keys in
		6	PKCS#11 tokens (LP: #1665695).
		7	- ssh(1), sshd(8): Add experimental quantum-computing resistant key
		8	exchange method, based on a combination of Streamlined NTRU Prime
		9	4591^761 and X25519.
		10	- ssh-keygen(1): Increase the default RSA key size to 3072 bits,
		11	following NIST Special Publication 800-57's guidance for a 128-bit
		12	equivalent symmetric security level (LP: #1445625).
		13	- ssh(1): Allow "PKCS11Provider=none" to override later instances of the
		14	PKCS11Provider directive in ssh_config.
		15	- sshd(8): Add a log message for situations where a connection is
		16	dropped for attempting to run a command but a sshd_config
		17	ForceCommand=internal-sftp restriction is in effect.
		18	- ssh(1): When prompting whether to record a new host key, accept the
		19	key fingerprint as a synonym for "yes". This allows the user to paste
		20	a fingerprint obtained out of band at the prompt and have the client
		21	do the comparison for you.
		22	- ssh-keygen(1): When signing multiple certificates on a single
		23	command-line invocation, allow automatically incrementing the
		24	certificate serial number.
		25	- scp(1), sftp(1): Accept -J option as an alias to ProxyJump on the scp
		26	and sftp command-lines.
		27	- ssh-agent(1), ssh-pkcs11-helper(8), ssh-add(1): Accept "-v"
		28	command-line flags to increase the verbosity of output; pass verbose
		29	flags though to subprocesses, such as ssh-pkcs11-helper started from
		30	ssh-agent.
		31	- ssh-add(1): Add a "-T" option to allowing testing whether keys in an
		32	agent are usable by performing a signature and a verification.
		33	- sftp-server(8): Add a "lsetstat@openssh.com" protocol extension that
		34	replicates the functionality of the existing SSH2_FXP_SETSTAT
		35	operation but does not follow symlinks.
		36	- sftp(1): Add "-h" flag to chown/chgrp/chmod commands to request they
		37	do not follow symlinks.
		38	- sshd(8): Expose $SSH_CONNECTION in the PAM environment. This makes
		39	the connection 4-tuple available to PAM modules that wish to use it in
		40	decision-making.
		41	- sshd(8): Add a ssh_config "Match final" predicate. Matches in same
		42	pass as "Match canonical" but doesn't require hostname
		43	canonicalisation be enabled.
		44	- sftp(1): Support a prefix of '@' to suppress echo of sftp batch
		45	commands.
		46	- ssh-keygen(1): When printing certificate contents using "ssh-keygen
		47	-Lf /path/certificate", include the algorithm that the CA used to sign
		48	the cert.
		49	- sshd(8): Fix authentication failures when sshd_config contains
		50	"AuthenticationMethods any" inside a Match block that overrides a more
		51	restrictive default.
		52	- sshd(8): Avoid sending duplicate keepalives when ClientAliveCount is
		53	enabled.
		54	- sshd(8): Fix two race conditions related to SIGHUP daemon restart.
		55	Remnant file descriptors in recently-forked child processes could
		56	block the parent sshd's attempt to listen(2) to the configured
		57	addresses. Also, the restarting parent sshd could exit before any
		58	child processes that were awaiting their re-execution state had
		59	completed reading it, leaving them in a fallback path.
		60	- ssh(1): Fix stdout potentially being redirected to /dev/null when
		61	ProxyCommand=- was in use.
		62	- sshd(8): Avoid sending SIGPIPE to child processes if they attempt to
		63	write to stderr after their parent processes have exited.
		64	- ssh(1): Fix bad interaction between the ssh_config ConnectTimeout and
		65	ConnectionAttempts directives - connection attempts after the first
		66	were ignoring the requested timeout (LP: #1798049).
		67	- ssh-keyscan(1): Return a non-zero exit status if no keys were found
		68	(closes: #374980, LP: #1661745).
		69	- scp(1): Sanitize scp filenames to allow UTF-8 characters without
		70	terminal control sequences.
		71	- sshd(8): Fix confusion between ClientAliveInterval and time-based
		72	RekeyLimit that could cause connections to be incorrectly closed.
		73	- ssh(1), ssh-add(1): Correct some bugs in PKCS#11 token PIN handling at
		74	initial token login. The attempt to read the PIN could be skipped in
		75	some cases, particularly on devices with integrated PIN readers. This
		76	would lead to an inability to retrieve keys from these tokens.
		77	- ssh(1), ssh-add(1): Support keys on PKCS#11 tokens that set the
		78	CKA_ALWAYS_AUTHENTICATE flag by requring a fresh login after the
		79	C_SignInit operation.
		80	- ssh(1): Improve documentation for ProxyJump/-J, clarifying that local
		81	configuration does not apply to jump hosts.
		82	- ssh-keygen(1): Clarify manual - ssh-keygen -e only writes public keys,
		83	not private.
		84	- ssh(1), sshd(8): be more strict in processing protocol banners,
		85	allowing \r characters only immediately before \n.
		86	- Various: fix a number of memory leaks.
		87	- scp(1), sftp(1): fix calculation of initial bandwidth limits. Account
		88	for bytes written before the timer starts and adjust the schedule on
		89	which recalculations are performed. Avoids an initial burst of
		90	traffic and yields more accurate bandwidth limits.
		91	- sshd(8): Only consider the ext-info-c extension during the initial key
		92	eschange. It shouldn't be sent in subsequent ones, but if it is
		93	present we should ignore it. This prevents sshd from sending a
		94	SSH_MSG_EXT_INFO for REKEX for these buggy clients.
		95	- ssh-keygen(1): Clarify manual that ssh-keygen -F (find host in
		96	authorized_keys) and -R (remove host from authorized_keys) options may
		97	accept either a bare hostname or a [hostname]:port combo.
		98	- ssh(1): Don't attempt to connect to empty SSH_AUTH_SOCK.
		99	- sshd(8): Silence error messages when sshd fails to load some of the
		100	default host keys. Failure to load an explicitly-configured hostkey
		101	is still an error, and failure to load any host key is still fatal.
		102	- ssh(1): Redirect stderr of ProxyCommands to /dev/null when ssh is
		103	started with ControlPersist; prevents random ProxyCommand output from
		104	interfering with session output.
		105	- ssh(1): The ssh client was keeping a redundant ssh-agent socket
		106	(leftover from authentication) around for the life of the connection.
		107	- sshd(8): Fix bug in HostbasedAcceptedKeyTypes and
		108	PubkeyAcceptedKeyTypes options. If only RSA-SHA2 signature types were
		109	specified, then authentication would always fail for RSA keys as the
		110	monitor checks only the base key (not the signature algorithm) type
		111	against *AcceptedKeyTypes.
		112	- ssh(1): Request correct signature types from ssh-agent when
		113	certificate keys and RSA-SHA2 signatures are in use.
		114	- sshd(8): Don't set $MAIL if UsePAM=yes as PAM typically specifies the
		115	user environment if it's enabled (closes: #189920, #532754).
		116	* Mostly resynced GSSAPI key exchange patch with Fedora. Major changes:
		117	- Support selection of GSSAPI key exchange algorithms.
		118	- Support GSSAPI key exchange methods with DH and SHA2.
		119	- Support GSSAPI key exchange using ECDH and SHA2.
		120	- Make sure the Kerberos tickets are cleaned up with the user context.
		121	- Enable gssapi-keyex authentication without gssapi-with-mic.
		122	- Allow querying for GSSAPI key exchange algorithms from ssh (-Q
		123	kex-gss).
		124
		125	-- Colin Watson <cjwatson@debian.org> Wed, 05 Jun 2019 07:09:47 +0100
		126
1	openssh (1:7.9p1-10) unstable; urgency=medium	127	openssh (1:7.9p1-10) unstable; urgency=medium
2		128
3	* Temporarily revert IPQoS defaults to pre-7.8 values until issues with	129	* Temporarily revert IPQoS defaults to pre-7.8 values until issues with