diff options
Diffstat (limited to 'debian/changelog')
-rw-r--r-- | debian/changelog | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 95c88c634..03d7a0af4 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,133 @@ | |||
1 | openssh (1:8.4p1-1) UNRELEASED; urgency=medium | ||
2 | |||
3 | * New upstream release (https://www.openssh.com/txt/release-8.4): | ||
4 | - [SECURITY] ssh-agent(1): restrict ssh-agent from signing web | ||
5 | challenges for FIDO/U2F keys. | ||
6 | - [SECURITY] ssh-keygen(1): Enable FIDO 2.1 credProtect extension when | ||
7 | generating a FIDO resident key. | ||
8 | - ssh-keygen(1): the format of the attestation information optionally | ||
9 | recorded when a FIDO key is generated has changed. It now includes the | ||
10 | authenticator data needed to validate attestation signatures. | ||
11 | - The API between OpenSSH and the FIDO token middleware has changed and | ||
12 | the SSH_SK_VERSION_MAJOR version has been incremented as a result. | ||
13 | Third-party middleware libraries must support the current API version | ||
14 | (7) to work with OpenSSH 8.4. | ||
15 | - ssh(1), ssh-keygen(1): support for FIDO keys that require a PIN for | ||
16 | each use. These keys may be generated using ssh-keygen using a new | ||
17 | "verify-required" option. When a PIN-required key is used, the user | ||
18 | will be prompted for a PIN to complete the signature operation. | ||
19 | - sshd(8): authorized_keys now supports a new "verify-required" option | ||
20 | to require FIDO signatures assert that the token verified that the | ||
21 | user was present before making the signature. The FIDO protocol | ||
22 | supports multiple methods for user-verification, but currently OpenSSH | ||
23 | only supports PIN verification. | ||
24 | - sshd(8), ssh-keygen(1): add support for verifying FIDO webauthn | ||
25 | signatures. Webauthn is a standard for using FIDO keys in web | ||
26 | browsers. These signatures are a slightly different format to plain | ||
27 | FIDO signatures and thus require explicit support. | ||
28 | - ssh(1): allow some keywords to expand shell-style ${ENV} environment | ||
29 | variables. The supported keywords are CertificateFile, ControlPath, | ||
30 | IdentityAgent and IdentityFile, plus LocalForward and RemoteForward | ||
31 | when used for Unix domain socket paths. | ||
32 | - ssh(1), ssh-agent(1): allow some additional control over the use of | ||
33 | ssh-askpass via a new $SSH_ASKPASS_REQUIRE environment variable, | ||
34 | including forcibly enabling and disabling its use (closes: #368657). | ||
35 | - ssh(1): allow ssh_config(5)'s AddKeysToAgent keyword accept a time | ||
36 | limit for keys in addition to its current flag options. Time-limited | ||
37 | keys will automatically be removed from ssh-agent after their expiry | ||
38 | time has passed. | ||
39 | - scp(1), sftp(1): allow the -A flag to explicitly enable agent | ||
40 | forwarding in scp and sftp. The default remains to not forward an | ||
41 | agent, even when ssh_config enables it. | ||
42 | - ssh(1): add a '%k' TOKEN that expands to the effective HostKey of the | ||
43 | destination. This allows, e.g., keeping host keys in individual files | ||
44 | using "UserKnownHostsFile ~/.ssh/known_hosts.d/%k" (closes: #481250). | ||
45 | - ssh(1): add %-TOKEN, environment variable and tilde expansion to the | ||
46 | UserKnownHostsFile directive, allowing the path to be completed by the | ||
47 | configuration. | ||
48 | - ssh-keygen(1): allow "ssh-add -d -" to read keys to be deleted from | ||
49 | stdin. | ||
50 | - sshd(8): improve logging for MaxStartups connection throttling. sshd | ||
51 | will now log when it starts and stops throttling and periodically | ||
52 | while in this state. | ||
53 | - ssh(1), ssh-keygen(1): better support for multiple attached FIDO | ||
54 | tokens. In cases where OpenSSH cannot unambiguously determine which | ||
55 | token to direct a request to, the user is now required to select a | ||
56 | token by touching it. In cases of operations that require a PIN to be | ||
57 | verified, this avoids sending the wrong PIN to the wrong token and | ||
58 | incrementing the token's PIN failure counter (tokens effectively erase | ||
59 | their keys after too many PIN failures). | ||
60 | - sshd(8): fix Include before Match in sshd_config (LP: #1885990). | ||
61 | - ssh(1): close stdin/out/error when forking after authentication | ||
62 | completes ("ssh -f ..."). | ||
63 | - ssh(1), sshd(8): limit the amount of channel input data buffered, | ||
64 | avoiding peers that advertise large windows but are slow to read from | ||
65 | causing high memory consumption. | ||
66 | - ssh-agent(1): handle multiple requests sent in a single write() to the | ||
67 | agent. | ||
68 | - sshd(8): allow sshd_config longer than 256k. | ||
69 | - sshd(8): avoid spurious "Unable to load host key" message when sshd | ||
70 | load a private key but no public counterpart. | ||
71 | - ssh(1): prefer the default hostkey algorithm list whenever we have a | ||
72 | hostkey that matches its best-preference algorithm. | ||
73 | - sshd(1): when ordering the hostkey algorithms to request from a | ||
74 | server, prefer certificate types if the known_hosts files contain a | ||
75 | key marked as a @cert-authority. | ||
76 | - ssh(1): perform host key fingerprint comparisons for the "Are you sure | ||
77 | you want to continue connecting (yes/no/[fingerprint])?" prompt with | ||
78 | case sensitivity. | ||
79 | - sshd(8): ensure that address/masklen mismatches in sshd_config yield | ||
80 | fatal errors at daemon start time rather than later when they are | ||
81 | evaluated. | ||
82 | - ssh-keygen(1): ensure that certificate extensions are lexically | ||
83 | sorted. Previously if the user specified a custom extension then the | ||
84 | everything would be in order except the custom ones. | ||
85 | - ssh(1): also compare username when checking for JumpHost loops. | ||
86 | - ssh-keygen(1): preserve group/world read permission on known_hosts | ||
87 | files across runs of "ssh-keygen -Rf /path". The old behaviour was to | ||
88 | remove all rights for group/other. | ||
89 | - ssh-keygen(1): Mention the [-a rounds] flag in the ssh-keygen manual | ||
90 | page and usage(). | ||
91 | - sshd(8): explicitly construct path to ~/.ssh/rc rather than relying on | ||
92 | it being relative to the current directory, so that it can still be | ||
93 | found if the shell startup changes its directory. | ||
94 | - sshd(8): when redirecting sshd's log output to a file, undo this | ||
95 | redirection after the session child process is forked(). Fixes missing | ||
96 | log messages when using this feature under some circumstances. | ||
97 | - sshd(8): start ClientAliveInterval bookkeeping before first pass | ||
98 | through select() loop; fixed theoretical case where busy sshd may | ||
99 | ignore timeouts from client. | ||
100 | - ssh(1): only reset the ServerAliveInterval check when we receive | ||
101 | traffic from the server and ignore traffic from a port forwarding | ||
102 | client, preventing a client from keeping a connection alive when it | ||
103 | should be terminated. | ||
104 | - ssh-keygen(1): avoid spurious error message when ssh-keygen creates | ||
105 | files outside ~/.ssh. | ||
106 | - sftp-client(1): fix off-by-one error that caused sftp downloads to | ||
107 | make one more concurrent request that desired. This prevented using | ||
108 | sftp(1) in unpipelined request/response mode, which is useful when | ||
109 | debugging. | ||
110 | - ssh(1), sshd(8): handle EINTR in waitfd() and timeout_connect() | ||
111 | helpers. | ||
112 | - ssh(1), ssh-keygen(1): defer creation of ~/.ssh until we attempt to | ||
113 | write to it so we don't leave an empty .ssh directory when it's not | ||
114 | needed. | ||
115 | - ssh(1), sshd(8): fix multiplier when parsing time specifications when | ||
116 | handling seconds after other units. | ||
117 | - sshd(8): always send any PAM account messages. If the PAM account | ||
118 | stack returns any messages, always send them to the user and not just | ||
119 | if the check succeeds. | ||
120 | - gnome-ssh-askpass3: ensure the "close" button is not focused by | ||
121 | default for SSH_ASKPASS_PROMPT=none prompts. Avoids space/enter | ||
122 | accidentally dismissing FIDO touch notifications. | ||
123 | - gnome-ssh-askpass3: allow some control over textarea colour via | ||
124 | $GNOME_SSH_ASKPASS_FG_COLOR and $GNOME_SSH_ASKPASS_BG_COLOR | ||
125 | environment variables. | ||
126 | - Detect the Frankenstein monster of Linux/X32 and allow the sandbox to | ||
127 | function there. | ||
128 | |||
129 | -- Colin Watson <cjwatson@debian.org> Sun, 18 Oct 2020 12:07:48 +0100 | ||
130 | |||
1 | openssh (1:8.3p1-1) unstable; urgency=medium | 131 | openssh (1:8.3p1-1) unstable; urgency=medium |
2 | 132 | ||
3 | * New upstream release (https://www.openssh.com/txt/release-8.3): | 133 | * New upstream release (https://www.openssh.com/txt/release-8.3): |