openssh 1:8.9p1-1 source package in Ubuntu

Changelog

openssh (1:8.9p1-1) unstable; urgency=medium

  * New upstream release (https://www.openssh.com/releasenotes.html#8.9p1):
    - sshd(8): fix an integer overflow in the user authentication path that,
      in conjunction with other logic errors, could have yielded
      unauthenticated access under difficult to exploit conditions.
    - sshd(8), portable OpenSSH only: this release removes in-built support
      for MD5-hashed passwords.
    - ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
      restricting forwarding and use of keys added to ssh-agent(1).
    - ssh(1), sshd(8): add the <email address hidden> hybrid
      ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the default
      KEXAlgorithms list (after the ECDH methods but before the prime-group
      DH ones). The next release of OpenSSH is likely to make this key
      exchange the default method.
    - ssh-keygen(1): when downloading resident keys from a FIDO token, pass
      back the user ID that was used when the key was created and append it
      to the filename the key is written to (if it is not the default).
      Avoids keys being clobbered if the user created multiple resident keys
      with the same application string but different user IDs.
    - ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys on
      tokens that provide user verification (UV) on the device itself,
      including biometric keys, avoiding unnecessary PIN prompts.
    - ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
      perform matching of principals names against an allowed signers file.
      To be used towards a TOFU model for SSH signatures in git.
    - ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added to
      ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
      authentication time.
    - ssh-keygen(1): allow selection of hash at sshsig signing time (either
      sha512 (default) or sha256).
    - ssh(1), sshd(8): read network data directly to the packet input buffer
      instead indirectly via a small stack buffer. Provides a modest
      performance improvement.
    - ssh(1), sshd(8): read data directly to the channel input buffer,
      providing a similar modest performance improvement.
    - ssh(1): extend the PubkeyAuthentication configuration directive to
      accept yes|no|unbound|host-bound to allow control over one of the
      protocol extensions used to implement agent-restricted keys.
    - sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
      PubkeyAuthOptions can be used in a Match block.
    - sshd(8): fix possible string truncation when constructing paths to
      .rhosts/.shosts files with very long user home directory names.
    - ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
      exchange hashes.
    - ssh(1): don't put the TTY into raw mode when SessionType=none, avoids
      ^C being unable to kill such a session.
    - scp(1): fix some corner-case bugs in SFTP-mode handling of ~-prefixed
      paths.
    - ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to select
      RSA keys when only RSA/SHA2 signature algorithms are configured (this
      is the default case). Previously RSA keys were not being considered in
      the default case.
    - ssh-keysign(1): make ssh-keysign use the requested signature algorithm
      and not the default for the key type. Part of unbreaking hostbased
      auth for RSA/SHA2 keys.
    - ssh(1): stricter UpdateHostkey signature verification logic on the
      client-side. Require RSA/SHA2 signatures for RSA hostkeys except when
      RSA/SHA1 was explicitly negotiated during initial KEX.
    - ssh(1), sshd(8): fix signature algorithm selection logic for
      UpdateHostkeys on the server side. The previous code tried to prefer
      RSA/SHA2 for hostkey proofs of RSA keys, but missed some cases. This
      will use RSA/SHA2 signatures for RSA keys if the client proposed these
      algorithms in initial KEX.
    - All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
      This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1) and
      sftp-server(8), as well as the sshd(8) listen loop and all other FD
      read/writability checks. On platforms with missing or broken
      poll(2)/ppoll(2) syscalls a select(2)-based compat shim is available.
    - ssh-keygen(1): the "-Y find-principals" command was verifying key
      validity when using ca certs but not with simple key lifetimes within
      the allowed signers file.
    - ssh-keygen(1): make sshsig verify-time argument parsing optional.
    - sshd(8): fix truncation in rhosts/shosts path construction.
    - ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
      keys (we already did this for RSA keys). Avoids fatal errors for
      PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
      "cryptoauthlib".
    - ssh(1), ssh-agent(1): improve the testing of credentials against
      inserted FIDO: ask the token whether a particular key belongs to it in
      cases where the token supports on-token user-verification (e.g.
      biometrics) rather than just assuming that it will accept it. Will
      reduce spurious "Confirm user presence" notifications for key handles
      that relate to FIDO keys that are not currently inserted in at least
      some cases.
    - ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to allow
      for the preceding two ECN bits.
    - ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
      option.
    - ssh-keygen(1): fix a NULL deref when using the find-principals
      function, when matching an allowed_signers line that contains a
      namespace restriction, but no restriction specified on the
      command-line
    - ssh-agent(1): fix memleak in process_extension().
    - ssh(1): suppress "Connection to xxx closed" messages when LogLevel is
      set to "error" or above.
    - ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing compressed
      packet data.
    - scp(1): when recursively transferring files in SFTP mode, create the
      destination directory if it doesn't already exist to match scp(1) in
      legacy RCP mode behaviour.
    - scp(1): many improvements in error message consistency between scp(1)
      in SFTP mode vs legacy RCP mode.
    - sshd(8): fix potential race in SIGTERM handling.
    - ssh(1), ssh(8): since DSA keys are deprecated, move them to the end of
      the default list of public keys so that they will be tried last.
    - ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match wildcard
      principals in allowed_signers files.
    - ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
      implementation does not work in a chroot when the kernel does not have
      close_range(2). It tries to read from /proc/self/fd and when that
      fails dies with an assertion of sorts. Instead, call close_range(2)
      directly from our compat code and fall back if that fails.
    - Correct handling of exceptfds/POLLPRI in our select(2)-based
      poll(2)/ppoll(2) compat implementation.
  * Drop patch to work around https://twistedmatrix.com/trac/ticket/9515,
    since the fix for that is in Debian stable.

 -- Colin Watson <email address hidden>  Thu, 24 Feb 2022 11:06:15 +0000