Back to openssh PTS page

Accepted openssh 1:9.5p1-2 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted openssh 1:9.5p1-2 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 25 Nov 2023 16:34:50 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: openssh_9.5p1-2_source.changes
Debian-source: openssh
Debian-suite: unstable
Debian-version: 1:9.5p1-2
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=PymXVTaqVwfBQrHgFcsF/jgEnNU+gDU51c2PDhfpU50=; b=NZ8/8vWlqGaE07xH8DQXUvUEAF w4Zo/o95I1ukqkZbr9R2LA57DmGDO33i028+lQeq2PP3Wx1tZGfK7QjQZRErgkkKr+RWg8OrClate QmXNFzZBegMvW8tj+ER0A7uyMcLvhcVVks5Jl40VLApVia2YVaI3m60t4I+kxfoeGf9+/JZIBG0mt TH/mGXMeEQJwfillQ4BLr8D5brCRW/BRsKnT9UZPHO+f4UqbV39LvDK1QpRWEuXzldcqM0io+ahHz BG7KxDqnMtdtDbM8LBcaI2FXv5lQHoazYedtPKIA06+vvzbnTm6l9JQG5iLQL9snjxbFnSK0L1Ogp SEk+Bx1Q==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1r6vcI-00HZf6-CI@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 25 Nov 2023 16:16:04 +0000
Source: openssh
Architecture: source
Version: 1:9.5p1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1053555
Changes:
 openssh (1:9.5p1-2) unstable; urgency=medium
 .
   * Upload to unstable.
 .
 openssh (1:9.5p1-1) experimental; urgency=medium
 .
   * New upstream release (https://www.openssh.com/releasenotes.html#9.5p1):
     - ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
       are very convenient due to their small size. Ed25519 keys are
       specified in RFC 8709 and OpenSSH has supported them since version 6.5
       (January 2014).
     - sshd(8): the Subsystem directive now accurately preserves quoting of
       subsystem commands and arguments. This may change behaviour for exotic
       configurations, but the most common subsystem configuration
       (sftp-server) is unlikely to be affected.
     - ssh(1): add keystroke timing obfuscation to the client. This attempts
       to hide inter-keystroke timings by sending interactive traffic at
       fixed intervals (default: every 20ms) when there is only a small
       amount of data being sent. It also sends fake "chaff" keystrokes for a
       random interval after the last real keystroke. These are controlled by
       a new ssh_config ObscureKeystrokeTiming keyword.
     - ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
       a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
       implement a ping capability. These messages use numbers in the "local
       extensions" number space and are advertised using a "ping@openssh.com"
       ext-info message with a string version number of "0".
     - sshd(8): allow override of Subsystem directives in sshd Match blocks.
     - scp(1): fix scp in SFTP mode recursive upload and download of
       directories that contain symlinks to other directories. In scp mode,
       the links would be followed, but in SFTP mode they were not.
     - ssh-keygen(1): handle cr+lf (instead of just cr) line endings in
       sshsig signature files.
     - ssh(1): interactive mode for ControlPersist sessions if they
       originally requested a tty.
     - sshd(8): make PerSourceMaxStartups first-match-wins.
     - sshd(8): limit artificial login delay to a reasonable maximum (5s) and
       don't delay at all for the "none" authentication mechanism.
     - sshd(8): Log errors in kex_exchange_identification() with level
       verbose instead of error to reduce preauth log spam. All of those get
       logged with a more generic error message by sshpkt_fatal().
     - sshd(8): correct math for ClientAliveInterval that caused the probes
       to be sent less frequently than configured.
     - ssh(1): fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
       multiplexed sessions to ignore SIGINT under some circumstances.
   * Build-depend on dh-sequence-movetousr.
   * Report DebianBanner setting in "sshd -G/-T" output (thanks, Rasmus
     Villemoes; closes: #1053555).
Checksums-Sha1:
 0a8c125ad9499e1cfccc338184d7554d08507722 3334 openssh_9.5p1-2.dsc
 c9ff00d546af542e56e8157fd35ab4c50946f96d 185912 openssh_9.5p1-2.debian.tar.xz
Checksums-Sha256:
 88241cd09d4f734153e747f37d6b1c771e128427d7a30af5c5ee7b00baf7a864 3334 openssh_9.5p1-2.dsc
 3eb368a5795fa7b0b28acc567aa6aeeff565466eff9178434cd3692a7699525a 185912 openssh_9.5p1-2.debian.tar.xz
Files:
 24aefb75756b0db12308a2bbba3a932f 3334 net standard openssh_9.5p1-2.dsc
 81fb1cfc05f0dad05f933aa640fc8224 185912 net standard openssh_9.5p1-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmViHncACgkQOTWH2X2G
UAvZcQ//dUIcMVEyzz6VEVDS0e7Or2ugWMHbWInOgKh/cWCgdYPans/GBQszZC5e
ai3HjwyN/p0x4y71ksFX5qDSTkzt1YxMhGyJ3MeCliT6wMm8Q8/ytSarj2gDidsc
POYCDi80VLnYvi0KTWr1xc6lqJRoRKq0ByN/mj9gbcL9rDb3e7wGtuE0LxzJjvKc
Q2a6DI1IN2CpFD3wt00eoBNiVMpnz1CHvzOGeP3ULH2ZRjORLzphShTe16SMBalG
laSos5odF5aclUkWMAL+Zvg2FYT0QRrC22RiByjWnulGxsscMBnUPhaJWoo4xSD3
Vs6TMWuv4gzpgmbyfwvISBOyzKayw5quI5NoqgS/1/oL3VAp6HCPjKY1rh9q9xSz
YQSYprxfiUgSYNfPLPbZdStWeUbiPCc3yfRbWbhlK8+tkYqjhC658WY9eo6+4a7F
SkgUtjL2i46P9Zlr+sGfuUqKnQrW8e49gUvvvPygRhCJdvDqKLxn6fPmydi3v9wL
+r71lCwNHTpa42Jv49X9gskEWkiaPt9EYkKHX+EzCV3hxPvRJUdd5Akm7hA/wKqj
s5lDNbc5JeU2kXXAQXfz4BfkXfiwjo5C7BxlOUVuTtSavtWoDtKhOyjEeRyfSgFB
bPYEmMKQoZlAIjpZ1LIWUXi1ffbyPBPkfQ7PE+2ojryGZCH/pFo=
=pcXd
-----END PGP SIGNATURE-----