1 files changed, 130 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 95c88c634..03d7a0af4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,133 @@
+openssh (1:8.4p1-1) UNRELEASED; urgency=medium
+  * New upstream release (https://www.openssh.com/txt/release-8.4):
+    - [SECURITY] ssh-agent(1): restrict ssh-agent from signing web
+      challenges for FIDO/U2F keys.
+    - [SECURITY] ssh-keygen(1): Enable FIDO 2.1 credProtect extension when
+      generating a FIDO resident key.
+    - ssh-keygen(1): the format of the attestation information optionally
+      recorded when a FIDO key is generated has changed. It now includes the
+      authenticator data needed to validate attestation signatures. 
+    - The API between OpenSSH and the FIDO token middleware has changed and
+      the SSH_SK_VERSION_MAJOR version has been incremented as a result.
+      Third-party middleware libraries must support the current API version
+      (7) to work with OpenSSH 8.4.
+    - ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for
+      each use. These keys may be generated using ssh-keygen using a new
+      "verify-required" option. When a PIN-required key is used, the user
+      will be prompted for a PIN to complete the signature operation.
+    - sshd(8): authorized_keys now supports a new "verify-required" option
+      to require FIDO signatures assert that the token verified that the
+      user was present before making the signature. The FIDO protocol
+      supports multiple methods for user-verification, but currently OpenSSH
+      only supports PIN verification.
+    - sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn
+      signatures. Webauthn is a standard for using FIDO keys in web
+      browsers. These signatures are a slightly different format to plain
+      FIDO signatures and thus require explicit support.
+    - ssh(1): allow some keywords to expand shell-style ${ENV} environment
+      variables. The supported keywords are CertificateFile, ControlPath,
+      IdentityAgent and IdentityFile, plus LocalForward and RemoteForward
+      when used for Unix domain socket paths.
+    - ssh(1), ssh-agent(1): allow some additional control over the use of
+      ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable,
+      including forcibly enabling and disabling its use (closes: #368657).
+    - ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time
+      limit for keys in addition to its current flag options. Time-limited
+      keys will automatically be removed from ssh-agent after their expiry
+      time has passed.
+    - scp(1), sftp(1): allow the -A flag to explicitly enable agent
+      forwarding in scp and sftp. The default remains to not forward an
+      agent, even when ssh_config enables it.
+    - ssh(1): add a '%k' TOKEN that expands to the effective HostKey of the
+      destination. This allows, e.g., keeping host keys in individual files
+      using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k" (closes: #481250).
+    - ssh(1): add %-TOKEN, environment variable and tilde expansion to the
+      UserKnownHostsFile directive, allowing the path to be completed by the
+      configuration.
+    - ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted from
+      stdin.
+    - sshd(8): improve logging for MaxStartups connection throttling.  sshd
+      will now log when it starts and stops throttling and periodically
+      while in this state.
+    - ssh(1), ssh-keygen(1): better support for multiple attached FIDO
+      tokens. In cases where OpenSSH cannot unambiguously determine which
+      token to direct a request to, the user is now required to select a
+      token by touching it. In cases of operations that require a PIN to be
+      verified, this avoids sending the wrong PIN to the wrong token and
+      incrementing the token's PIN failure counter (tokens effectively erase
+      their keys after too many PIN failures).
+    - sshd(8): fix Include before Match in sshd_config (LP: #1885990).
+    - ssh(1): close stdin/out/error when forking after authentication
+      completes ("ssh -f ...").
+    - ssh(1), sshd(8): limit the amount of channel input data buffered,
+      avoiding peers that advertise large windows but are slow to read from
+      causing high memory consumption.
+    - ssh-agent(1): handle multiple requests sent in a single write() to the
+      agent.
+    - sshd(8): allow sshd_config longer than 256k.
+    - sshd(8): avoid spurious "Unable to load host key" message when sshd
+      load a private key but no public counterpart.
+    - ssh(1): prefer the default hostkey algorithm list whenever we have a
+      hostkey that matches its best-preference algorithm.
+    - sshd(1): when ordering the hostkey algorithms to request from a
+      server, prefer certificate types if the known_hosts files contain a
+      key marked as a @cert-authority.
+    - ssh(1): perform host key fingerprint comparisons for the "Are you sure
+      you want to continue connecting (yes/no/[fingerprint])?" prompt with
+      case sensitivity.
+    - sshd(8): ensure that address/masklen mismatches in sshd_config yield
+      fatal errors at daemon start time rather than later when they are
+      evaluated.
+    - ssh-keygen(1): ensure that certificate extensions are lexically
+      sorted. Previously if the user specified a custom extension then the
+      everything would be in order except the custom ones.
+    - ssh(1): also compare username when checking for JumpHost loops.
+    - ssh-keygen(1): preserve group/world read permission on known_hosts
+      files across runs of "ssh-keygen -Rf /path". The old behaviour was to
+      remove all rights for group/other.
+    - ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen manual
+      page and usage().
+    - sshd(8): explicitly construct path to ~/.ssh/rc rather than relying on
+      it being relative to the current directory, so that it can still be
+      found if the shell startup changes its directory.
+    - sshd(8): when redirecting sshd's log output to a file, undo this
+      redirection after the session child process is forked(). Fixes missing
+      log messages when using this feature under some circumstances.
+    - sshd(8): start ClientAliveInterval bookkeeping before first pass
+      through select() loop; fixed theoretical case where busy sshd may
+      ignore timeouts from client.
+    - ssh(1): only reset the ServerAliveInterval check when we receive
+      traffic from the server and ignore traffic from a port forwarding
+      client, preventing a client from keeping a connection alive when it
+      should be terminated.
+    - ssh-keygen(1): avoid spurious error message when ssh-keygen creates
+      files outside ~/.ssh.
+    - sftp-client(1): fix off-by-one error that caused sftp downloads to
+      make one more concurrent request that desired. This prevented using
+      sftp(1) in unpipelined request/response mode, which is useful when
+      debugging.
+    - ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect()
+      helpers.
+    - ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to
+      write to it so we don't leave an empty .ssh directory when it's not
+      needed.
+    - ssh(1), sshd(8): fix multiplier when parsing time specifications when
+      handling seconds after other units.
+    - sshd(8): always send any PAM account messages. If the PAM account
+      stack returns any messages, always send them to the user and not just
+      if the check succeeds.
+    - gnome-ssh-askpass3: ensure the "close" button is not focused by
+      default for SSH_ASKPASS_PROMPT=none prompts. Avoids space/enter
+      accidentally dismissing FIDO touch notifications.
+    - gnome-ssh-askpass3: allow some control over textarea colour via
+      $GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR
+      environment variables.
+    - Detect the Frankenstein monster of Linux/X32 and allow the sandbox to
+      function there.
+ -- Colin Watson <cjwatson@debian.org>  Sun, 18 Oct 2020 12:07:48 +0100
 openssh (1:8.3p1-1) unstable; urgency=medium
  * New upstream release (https://www.openssh.com/txt/release-8.3):

diff --git a/debian/changelog b/debian/changelog index 95c88c634..03d7a0af4 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,133 @@
		1	openssh (1:8.4p1-1) UNRELEASED; urgency=medium
		2
		3	* New upstream release (https://www.openssh.com/txt/release-8.4):
		4	- [SECURITY] ssh-agent(1): restrict ssh-agent from signing web
		5	challenges for FIDO/U2F keys.
		6	- [SECURITY] ssh-keygen(1): Enable FIDO 2.1 credProtect extension when
		7	generating a FIDO resident key.
		8	- ssh-keygen(1): the format of the attestation information optionally
		9	recorded when a FIDO key is generated has changed. It now includes the
		10	authenticator data needed to validate attestation signatures.
		11	- The API between OpenSSH and the FIDO token middleware has changed and
		12	the SSH_SK_VERSION_MAJOR version has been incremented as a result.
		13	Third-party middleware libraries must support the current API version
		14	(7) to work with OpenSSH 8.4.
		15	- ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for
		16	each use. These keys may be generated using ssh-keygen using a new
		17	"verify-required" option. When a PIN-required key is used, the user
		18	will be prompted for a PIN to complete the signature operation.
		19	- sshd(8): authorized_keys now supports a new "verify-required" option
		20	to require FIDO signatures assert that the token verified that the
		21	user was present before making the signature. The FIDO protocol
		22	supports multiple methods for user-verification, but currently OpenSSH
		23	only supports PIN verification.
		24	- sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn
		25	signatures. Webauthn is a standard for using FIDO keys in web
		26	browsers. These signatures are a slightly different format to plain
		27	FIDO signatures and thus require explicit support.
		28	- ssh(1): allow some keywords to expand shell-style ${ENV} environment
		29	variables. The supported keywords are CertificateFile, ControlPath,
		30	IdentityAgent and IdentityFile, plus LocalForward and RemoteForward
		31	when used for Unix domain socket paths.
		32	- ssh(1), ssh-agent(1): allow some additional control over the use of
		33	ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable,
		34	including forcibly enabling and disabling its use (closes: #368657).
		35	- ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time
		36	limit for keys in addition to its current flag options. Time-limited
		37	keys will automatically be removed from ssh-agent after their expiry
		38	time has passed.
		39	- scp(1), sftp(1): allow the -A flag to explicitly enable agent
		40	forwarding in scp and sftp. The default remains to not forward an
		41	agent, even when ssh_config enables it.
		42	- ssh(1): add a '%k' TOKEN that expands to the effective HostKey of the
		43	destination. This allows, e.g., keeping host keys in individual files
		44	using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k" (closes: #481250).
		45	- ssh(1): add %-TOKEN, environment variable and tilde expansion to the
		46	UserKnownHostsFile directive, allowing the path to be completed by the
		47	configuration.
		48	- ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted from
		49	stdin.
		50	- sshd(8): improve logging for MaxStartups connection throttling. sshd
		51	will now log when it starts and stops throttling and periodically
		52	while in this state.
		53	- ssh(1), ssh-keygen(1): better support for multiple attached FIDO
		54	tokens. In cases where OpenSSH cannot unambiguously determine which
		55	token to direct a request to, the user is now required to select a
		56	token by touching it. In cases of operations that require a PIN to be
		57	verified, this avoids sending the wrong PIN to the wrong token and
		58	incrementing the token's PIN failure counter (tokens effectively erase
		59	their keys after too many PIN failures).
		60	- sshd(8): fix Include before Match in sshd_config (LP: #1885990).
		61	- ssh(1): close stdin/out/error when forking after authentication
		62	completes ("ssh -f ...").
		63	- ssh(1), sshd(8): limit the amount of channel input data buffered,
		64	avoiding peers that advertise large windows but are slow to read from
		65	causing high memory consumption.
		66	- ssh-agent(1): handle multiple requests sent in a single write() to the
		67	agent.
		68	- sshd(8): allow sshd_config longer than 256k.
		69	- sshd(8): avoid spurious "Unable to load host key" message when sshd
		70	load a private key but no public counterpart.
		71	- ssh(1): prefer the default hostkey algorithm list whenever we have a
		72	hostkey that matches its best-preference algorithm.
		73	- sshd(1): when ordering the hostkey algorithms to request from a
		74	server, prefer certificate types if the known_hosts files contain a
		75	key marked as a @cert-authority.
		76	- ssh(1): perform host key fingerprint comparisons for the "Are you sure
		77	you want to continue connecting (yes/no/[fingerprint])?" prompt with
		78	case sensitivity.
		79	- sshd(8): ensure that address/masklen mismatches in sshd_config yield
		80	fatal errors at daemon start time rather than later when they are
		81	evaluated.
		82	- ssh-keygen(1): ensure that certificate extensions are lexically
		83	sorted. Previously if the user specified a custom extension then the
		84	everything would be in order except the custom ones.
		85	- ssh(1): also compare username when checking for JumpHost loops.
		86	- ssh-keygen(1): preserve group/world read permission on known_hosts
		87	files across runs of "ssh-keygen -Rf /path". The old behaviour was to
		88	remove all rights for group/other.
		89	- ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen manual
		90	page and usage().
		91	- sshd(8): explicitly construct path to ~/.ssh/rc rather than relying on
		92	it being relative to the current directory, so that it can still be
		93	found if the shell startup changes its directory.
		94	- sshd(8): when redirecting sshd's log output to a file, undo this
		95	redirection after the session child process is forked(). Fixes missing
		96	log messages when using this feature under some circumstances.
		97	- sshd(8): start ClientAliveInterval bookkeeping before first pass
		98	through select() loop; fixed theoretical case where busy sshd may
		99	ignore timeouts from client.
		100	- ssh(1): only reset the ServerAliveInterval check when we receive
		101	traffic from the server and ignore traffic from a port forwarding
		102	client, preventing a client from keeping a connection alive when it
		103	should be terminated.
		104	- ssh-keygen(1): avoid spurious error message when ssh-keygen creates
		105	files outside ~/.ssh.
		106	- sftp-client(1): fix off-by-one error that caused sftp downloads to
		107	make one more concurrent request that desired. This prevented using
		108	sftp(1) in unpipelined request/response mode, which is useful when
		109	debugging.
		110	- ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect()
		111	helpers.
		112	- ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to
		113	write to it so we don't leave an empty .ssh directory when it's not
		114	needed.
		115	- ssh(1), sshd(8): fix multiplier when parsing time specifications when
		116	handling seconds after other units.
		117	- sshd(8): always send any PAM account messages. If the PAM account
		118	stack returns any messages, always send them to the user and not just
		119	if the check succeeds.
		120	- gnome-ssh-askpass3: ensure the "close" button is not focused by
		121	default for SSH_ASKPASS_PROMPT=none prompts. Avoids space/enter
		122	accidentally dismissing FIDO touch notifications.
		123	- gnome-ssh-askpass3: allow some control over textarea colour via
		124	$GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR
		125	environment variables.
		126	- Detect the Frankenstein monster of Linux/X32 and allow the sandbox to
		127	function there.
		128
		129	-- Colin Watson <cjwatson@debian.org> Sun, 18 Oct 2020 12:07:48 +0100
		130
1	openssh (1:8.3p1-1) unstable; urgency=medium	131	openssh (1:8.3p1-1) unstable; urgency=medium
2		132
3	* New upstream release (https://www.openssh.com/txt/release-8.3):	133	* New upstream release (https://www.openssh.com/txt/release-8.3):