Accepted openssh 1:7.4p1-1 (source) into unstable

[Colin Watson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Dec 2016 18:01:46 +0000
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server 
ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.4p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-...@lists.debian.org>
Changed-By: Colin Watson <cjwat...@debian.org>
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 147201 419574 765630 848089 848714 848715 848716 848717
Changes:
 openssh (1:7.4p1-1) unstable; urgency=medium
 .
   * New upstream release (http://www.openssh.com/txt/release-7.4):
     - ssh(1): Remove 3des-cbc from the client's default proposal.  64-bit
       block ciphers are not safe in 2016 and we don't want to wait until
       attacks like SWEET32 are extended to SSH.  As 3des-cbc was the only
       mandatory cipher in the SSH RFCs, this may cause problems connecting
       to older devices using the default configuration, but it's highly
       likely that such devices already need explicit configuration for key
       exchange and hostkey algorithms already anyway.
     - sshd(8): When a forced-command appears in both a certificate and an
       authorized keys/principals command= restriction, sshd will now refuse
       to accept the certificate unless they are identical.  The previous
       (documented) behaviour of having the certificate forced-command
       override the other could be a bit confusing and error-prone.
     - sshd(8): Remove the UseLogin configuration directive and support for
       having /bin/login manage login sessions.
     - CVE-2016-10009: ssh-agent(1): Will now refuse to load PKCS#11 modules
       from paths outside a trusted whitelist (run-time configurable).
       Requests to load modules could be passed via agent forwarding and an
       attacker could attempt to load a hostile PKCS#11 module across the
       forwarded agent channel: PKCS#11 modules are shared libraries, so this
       would result in code execution on the system running the ssh-agent if
       the attacker has control of the forwarded agent-socket (on the host
       running the sshd server) and the ability to write to the filesystem of
       the host running ssh-agent (usually the host running the ssh client)
       (closes: #848714).
     - CVE-2016-10010: sshd(8): When privilege separation is disabled,
       forwarded Unix-domain sockets would be created by sshd(8) with the
       privileges of 'root' instead of the authenticated user.  This release
       refuses Unix-domain socket forwarding when privilege separation is
       disabled (Privilege separation has been enabled by default for 14
       years) (closes: #848715).
     - CVE-2016-10011: sshd(8): Avoid theoretical leak of host private key
       material to privilege-separated child processes via realloc() when
       reading keys.  No such leak was observed in practice for normal-sized
       keys, nor does a leak to the child processes directly expose key
       material to unprivileged users (closes: #848716).
     - CVE-2016-10012: sshd(8): The shared memory manager used by
       pre-authentication compression support had a bounds checks that could
       be elided by some optimising compilers.  Additionally, this memory
       manager was incorrectly accessible when pre-authentication compression
       was disabled.  This could potentially allow attacks against the
       privileged monitor process from the sandboxed privilege-separation
       process (a compromise of the latter would be required first).  This
       release removes support for pre-authentication compression from
       sshd(8) (closes: #848717).
     - SECURITY: sshd(8): Validate address ranges for AllowUser and DenyUsers
       directives at configuration load time and refuse to accept invalid
       ones.  It was previously possible to specify invalid CIDR address
       ranges (e.g. user@127.1.2.3/55) and these would always match, possibly
       resulting in granting access where it was not intended.
     - ssh(1): Add a proxy multiplexing mode to ssh(1) inspired by the
       version in PuTTY by Simon Tatham.  This allows a multiplexing client
       to communicate with the master process using a subset of the SSH
       packet and channels protocol over a Unix-domain socket, with the main
       process acting as a proxy that translates channel IDs, etc.  This
       allows multiplexing mode to run on systems that lack file-descriptor
       passing (used by current multiplexing code) and potentially, in
       conjunction with Unix-domain socket forwarding, with the client and
       multiplexing master process on different machines.  Multiplexing proxy
       mode may be invoked using "ssh -O proxy ...".
     - sshd(8): Add a sshd_config DisableForwarding option that disables X11,
       agent, TCP, tunnel and Unix domain socket forwarding, as well as
       anything else we might implement in the future.  Like the 'restrict'
       authorized_keys flag, this is intended to be a simple and future-proof
       way of restricting an account.
     - sshd(8), ssh(1): Support the "curve25519-sha256" key exchange method.
       This is identical to the currently-supported method named
       "curve25519-sha...@libssh.org".
     - sshd(8): Improve handling of SIGHUP by checking to see if sshd is
       already daemonised at startup and skipping the call to daemon(3) if it
       is.  This ensures that a SIGHUP restart of sshd(8) will retain the
       same process-ID as the initial execution.  sshd(8) will also now
       unlink the PidFile prior to SIGHUP restart and re-create it after a
       successful restart, rather than leaving a stale file in the case of a
       configuration error.
     - sshd(8): Allow ClientAliveInterval and ClientAliveCountMax directives
       to appear in sshd_config Match blocks.
     - sshd(8): Add %-escapes to AuthorizedPrincipalsCommand to match those
       supported by AuthorizedKeysCommand (key, key type, fingerprint, etc.)
       and a few more to provide access to the contents of the certificate
       being offered.
     - ssh(1): Allow IdentityFile to successfully load and use certificates
       that have no corresponding bare public key.
     - ssh(1): Fix public key authentication when multiple authentication is
       in use and publickey is not just the first method attempted.
     - ssh(1): Improve reporting when attempting to load keys from PKCS#11
       tokens with fewer useless log messages and more detail in debug
       messages.
     - ssh(1): When tearing down ControlMaster connections, don't pollute
       stderr when LogLevel=quiet.
     - sftp(1): On ^Z wait for underlying ssh(1) to suspend before suspending
       sftp(1) to ensure that ssh(1) restores the terminal mode correctly if
       suspended during a password prompt.
     - ssh(1): Avoid busy-wait when ssh(1) is suspended during a password
       prompt (LP: #1646813).
     - ssh(1), sshd(8): Correctly report errors during sending of ext-info
       messages.
     - sshd(8): Fix NULL-deref crash if sshd(8) received an out-of-sequence
       NEWKEYS message.
     - sshd(8): Correct list of supported signature algorithms sent in the
       server-sig-algs extension.
     - sshd(8): Fix sending ext_info message if privsep is disabled.
     - sshd(8): More strictly enforce the expected ordering of privilege
       separation monitor calls used for authentication and allow them only
       when their respective authentication methods are enabled in the
       configuration.
     - sshd_config(5): Use 2001:db8::/32, the official IPv6 subnet for
       configuration examples.
     - On environments configured with Turkish locales, fall back to the
       C/POSIX locale to avoid errors in configuration parsing caused by that
       locale's unique handling of the letters 'i' and 'I' (LP: #1638338).
     - contrib: Add a gnome-ssh-askpass3 with GTK+3 support.
     - sshd(8): Improve PRNG reseeding across privilege separation and force
       libcrypto to obtain a high-quality seed before chroot or sandboxing.
   * Apply "wrap-and-sort -at -f debian/control -f debian/tests/control".
   * Remove entries related to protocol 1 from the default sshd_config
     generated on new installations.
   * Remove some advice related to protocol 1 from README.Debian.
   * Start handling /etc/ssh/sshd_config using ucf.  The immediate motivation
     for this is to deal with deprecations of options related to protocol 1,
     but something like this has been needed for a long time (closes:
     #419574, #848089):
     - sshd_config is now a slightly-patched version of upstream's, and only
       contains non-default settings (closes: #147201).
     - I've included as many historical md5sums of default versions of
       sshd_config as I could reconstruct from version control, but I'm sure
       I've missed some.
     - Explicitly synchronise the debconf database with the current
       configuration file state in openssh-server.config, to ensure that the
       PermitRootLogin setting is properly preserved.
     - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
       than "yes", per upstream.
   * Remove redundant "GSSAPIDelegateCredentials no" from ssh_config (already
     the upstream default), and document that setting ServerAliveInterval to
     300 by default if BatchMode is set is Debian-specific (closes: #765630).
   * Build gnome-ssh-askpass with GTK+ 3 (LP: #801187).
   * When running regression tests under autopkgtest, use a non-root user
     with passwordless sudo.
Checksums-Sha1:
 c26aadec70b3c4babde0ce5f9e0a67977f94448d 2944 openssh_7.4p1-1.dsc
 2330bbf82ed08cf3ac70e0acf00186ef3eeb97e0 1511780 openssh_7.4p1.orig.tar.gz
 e2db107122dd929ac5f58654fbf9d574cc7410c6 154012 openssh_7.4p1-1.debian.tar.xz
Checksums-Sha256:
 d352e9b3ab5db509ee02260cd5cf6be64cef6e991b8d0a33fc2e971d77a9c0d8 2944 
openssh_7.4p1-1.dsc
 1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1 1511780 
openssh_7.4p1.orig.tar.gz
 a910e0eab89f886a0144819a3298e70c5ba0aa1ab3e05d1ac130a9479dd96fa9 154012 
openssh_7.4p1-1.debian.tar.xz
Files:
 bed2f83755abfe6c92039c20a4fff05d 2944 net standard openssh_7.4p1-1.dsc
 b2db2a83caf66a208bb78d6d287cdaa3 1511780 net standard openssh_7.4p1.orig.tar.gz
 a3cd7786136599d77d174197db551595 154012 net standard 
openssh_7.4p1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Comment: Colin Watson <cjwat...@debian.org> -- Debian developer

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAlhirNsACgkQOTWH2X2G
UAtJCA/+J/650u/zsWJ010q2xXYZtikw5Ns/Fyqmi3j5qtYKno6gD3g5Vv18F2ZB
A4wy64s1p6Zzx0GftxCRHEz0ITb3LEgbJLYXNrywFE2qsa9D/aQUAN1O7R12kTlf
QviJ4tRxD8MZs4VRPvHr36BhHgzbT69IX7oHsAxrXIHVfhTw+tBJKTohVBOhy3fA
IQd8A08Lyc8HJsvX5NJ7HAb+h9IxmDW2Cn/xX/rYLefFlkrIobGupfHPRnBFHxuQ
+QD/C4gnQYIAE1GNTX89id2D6/kCUwY7V3JrALfHQkVB+gRhUv9yrqB+lQchwUf0
31Ac5O2Fiufsks8ImCOwCIn3eevvNJzs/paVlDU3MWlT/GkR+idguxsdsYAwl0yB
OZ3t8IIIunJrWfPs90U8twHl0u8KgzxwhGBjiYV92dquLn/DuSoByeYGgPCfmdrd
K9r4WbaisxeucQMHIf1kTkjqoQe1z8l/Osi9BBvxJugjXtQ9ef6DknKAliQ4EbpN
+kAdQcwWCEBSBcf5d83qldIWk8yJypu1LfrO0YZQRRbXoDu838lQ8lCbhpMKWU/z
g/s4OVGIG0WzsCqTES4JZFe9JzQ+Lev4aAtP3U7UIYO+3/Xtb9OCz9yZDK40PqX4
B4D41u703Edk+qnCZ/GqiA6DkVFDi0hhgLmAdfd2bFVTjv/3iQs=
=sJWw
-----END PGP SIGNATURE-----