Merge openssh 1:9.3p1-1 from Debian unstable
Bug #2025664 reported by
Nick Rosbrook
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssh (Ubuntu) |
Fix Released
|
Undecided
|
Nick Rosbrook |
Bug Description
Tracking bug.
Related branches
~enr0n/ubuntu/+source/openssh:merge-mantic-lp2025664
Ready for review
for merging
into
ubuntu/+source/openssh:debian/sid
- Simon Chopin (community): Approve
- git-ubuntu import: Pending requested
-
Diff: 1733 lines (+1122/-112)31 files modifieddebian/README.Debian (+10/-17)
debian/changelog (+190/-0)
debian/control (+2/-1)
debian/openssh-server.postinst (+205/-6)
debian/openssh-server.postrm (+4/-0)
debian/openssh-server.templates (+12/-0)
debian/openssh-server.tmpfile (+2/-0)
debian/openssh-server.ucf-md5sum (+24/-0)
debian/patches/series (+2/-0)
debian/patches/socket-activation-documentation.patch (+50/-0)
debian/patches/systemd-socket-activation.patch (+141/-49)
debian/patches/test-set-UsePAM-no-on-some-tests.patch (+41/-0)
debian/po/cs.po (+26/-1)
debian/po/da.po (+26/-1)
debian/po/de.po (+26/-1)
debian/po/es.po (+26/-1)
debian/po/fr.po (+26/-1)
debian/po/it.po (+26/-1)
debian/po/ja.po (+26/-1)
debian/po/nl.po (+26/-1)
debian/po/pt.po (+26/-1)
debian/po/pt_BR.po (+26/-1)
debian/po/ru.po (+28/-3)
debian/po/sv.po (+26/-1)
debian/po/templates.pot (+27/-2)
debian/po/tr.po (+27/-2)
debian/rules (+3/-2)
debian/systemd/ssh.service (+0/-2)
debian/tests/control (+6/-0)
debian/tests/systemd-socket-activation (+62/-0)
dev/null (+0/-17)
CVE References
Changed in openssh (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Nick Rosbrook (enr0n) |
To post a comment you must log in.
This bug was fixed in the package openssh - 1:9.3p1-1ubuntu1
---------------
openssh (1:9.3p1-1ubuntu1) mantic; urgency=medium
* Merge with Debian unstable (LP: #2025664). Remaining changes: activated sshd openssh- server. postinst: handle migration of sshd_config options README. Debian: document systemd socket activation. patches/ socket- activation- documentation. patch: Document in config( 5) that ListenAddress and Port no longer work. openssh- server. templates: include debconf prompt explaining openssh- server. postrm: remove systemd drop-ins for activated sshd on purge openssh- server. ucf-md5sum: update for Ubuntu delta openssh- server. tmpfile, debian/ systemd/ ssh.service: Move patches/ systemd- socket- activation. patch: Fix sshd tests/systemd- socket- activation: Add autopkgtest for systemd socket set-UsePAM- no-on-some- tests.patch: set UsePAM=no for some tests openssh- server. postint: do not try to restart systemd units, tests/systemd- socket- activation: Reboot the testbed before starting the test
- debian/rules: modify dh_installsystemd invocations for
socket-
- debian/
to systemd socket options on upgrade.
- debian/
- debian/
sshd_
- debian/
when migration cannot happen due to multiple ListenAddress values
- debian/.gitignore: drop file
- debian/
socket-
- debian/
- debian/
/run/sshd creation out of the systemd unit to a tmpfile config so
that sshd can be run manually if necessary without having to create
this directory by hand.
- debian/
re-execution behavior when socket activation is used
- debian/
activation functionality.
- d/p/test-
- Ensure smooth upgrade path from versions affected by LP: #2020474:
+ debian/
and instead indicate that a reboot is required
+ debian/
+ debian/rules: Do not stop ssh.socket on upgrade
openssh (1:9.3p1-1) unstable; urgency=medium
* Debconf translations: /www.openssh. com/releasenote s.html# 9.3p1): yname(3) function if the standard library does not provide sha1|sha256 when
- Romanian (thanks, Remus-Gabriel Chelu; closes: #1033178).
* Properly fix date of 1:3.0.2p1-2 changelog entry (closes: #1034425).
* New upstream release (https:/
- [CVE-2023-28531] ssh-add(1): when adding smartcard keys to
ssh-agent(1) with the per-hop destination constraints (ssh-add -h ...)
added in OpenSSH 8.9, a logic error prevented the constraints from
being communicated to the agent. This resulted in the keys being added
without constraints. The common cases of non-smartcard keys and keys
without destination constraints are unaffected. This problem was
reported by Luci Stanescu (closes: #1033166).
- [SECURITY] ssh(1): Portable OpenSSH provides an implementation of the
getrrsetb
it, for use by the VerifyHostKeyDNS feature. A specifically crafted
DNS response could cause this function to perform an out-of-bounds
read of adjacent stack data, but this condition does not appear to be
exploitable beyond denial-of-service to the ssh(1) client.
- ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=
outputting SSHFP fingerprints to allow algorit...