This bug was fixed in the package openssh - 1:7.9p1-1 --------------- openssh (1:7.9p1-1) unstable; urgency=medium
* New upstream release (https://www.openssh.com/txt/release-7.9): - ssh(1), sshd(8): allow most port numbers to be specified using service names from getservbyname(3) (typically /etc/services; closes: #177406). - ssh(1): allow the IdentityAgent configuration directive to accept environment variable names. This supports the use of multiple agent sockets without needing to use fixed paths. - sshd(8): support signalling sessions via the SSH protocol. A limited subset of signals is supported and only for login or command sessions (i.e. not subsystems) that were not subject to a forced command via authorized_keys or sshd_config. - ssh(1): support "ssh -Q sig" to list supported signature options. Also "ssh -Q help" to show the full set of supported queries. - ssh(1), sshd(8): add a CASignatureAlgorithms option for the client and server configs to allow control over which signature formats are allowed for CAs to sign certificates. For example, this allows banning CAs that sign certificates using the RSA-SHA1 signature algorithm. - sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to revoke keys specified by SHA256 hash. - ssh-keygen(1): allow creation of key revocation lists directly from base64-encoded SHA256 fingerprints. This supports revoking keys using only the information contained in sshd(8) authentication log messages. - ssh(1), ssh-keygen(1): avoid spurious "invalid format" errors when attempting to load PEM private keys while using an incorrect passphrase. - sshd(8): when a channel closed message is received from a client, close the stderr file descriptor at the same time stdout is closed. This avoids stuck processes if they were waiting for stderr to close and were insensitive to stdin/out closing (closes: #844494). - ssh(1): allow ForwardX11Timeout=0 to disable the untrusted X11 forwarding timeout and support X11 forwarding indefinitely. Previously the behaviour of ForwardX11Timeout=0 was undefined. - sshd(8): when compiled with GSSAPI support, cache supported method OIDs regardless of whether GSSAPI authentication is enabled in the main section of sshd_config. This avoids sandbox violations if GSSAPI authentication was later enabled in a Match block. - sshd(8): do not fail closed when configured with a text key revocation list that contains a too-short key. - ssh(1): treat connections with ProxyJump specified the same as ones with a ProxyCommand set with regards to hostname canonicalisation (i.e. don't try to canonicalise the hostname unless CanonicalizeHostname is set to 'always'). - ssh(1): fix regression in OpenSSH 7.8 that could prevent public-key authentication using certificates hosted in a ssh-agent(1) or against sshd(8) from OpenSSH <7.8 (LP: #1790963). - All: support building against the openssl-1.1 API (releases 1.1.0g and later). The openssl-1.0 API will remain supported at least until OpenSSL terminates security patch support for that API version (closes: #828475). - sshd(8): allow the futex(2) syscall in the Linux seccomp sandbox; apparently required by some glibc/OpenSSL combinations. * Remove dh_builddeb override to use xz compression; this has been the default since dpkg 1.17.0. * Simplify debian/rules using /usr/share/dpkg/default.mk. * Remove /etc/network/if-up.d/openssh-server, as it causes more problems than it solves (thanks, Christian Ehrhardt, Andreas Hasenack, and David Britton; closes: #789532, LP: #1037738, #1674330, #1718227). Add an "if-up hook removed" section to README.Debian documenting the corner case that may need configuration adjustments. -- Colin Watson <cjwat...@debian.org> Sun, 21 Oct 2018 10:39:24 +0100 ** Changed in: openssh (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to ubuntu-fan in Ubuntu. https://bugs.launchpad.net/bugs/1718227 Title: replacement of ifupdown with netplan needs integration for /etc/network/if{up,down}.d scripts Status in aiccu package in Ubuntu: Invalid Status in aoetools package in Ubuntu: New Status in avahi package in Ubuntu: New Status in bind9 package in Ubuntu: Invalid Status in chrony package in Ubuntu: Fix Released Status in clamav package in Ubuntu: Triaged Status in controlaula package in Ubuntu: Invalid Status in epoptes package in Ubuntu: New Status in ethtool package in Ubuntu: Triaged Status in guidedog package in Ubuntu: New Status in htpdate package in Ubuntu: New Status in ifenslave package in Ubuntu: Won't Fix Status in ifmetric package in Ubuntu: Won't Fix Status in ifupdown-multi package in Ubuntu: New Status in ifupdown-scripts-zg2 package in Ubuntu: Invalid Status in isatapd package in Ubuntu: New Status in lprng package in Ubuntu: New Status in miredo package in Ubuntu: New Status in mythtv package in Ubuntu: New Status in nplan package in Ubuntu: New Status in nss-pam-ldapd package in Ubuntu: New Status in ntp package in Ubuntu: Triaged Status in openntpd package in Ubuntu: New Status in openresolv package in Ubuntu: Won't Fix Status in openssh package in Ubuntu: Fix Released Status in openvpn package in Ubuntu: New Status in openvswitch package in Ubuntu: Triaged Status in postfix package in Ubuntu: New Status in quicktun package in Ubuntu: New Status in resolvconf package in Ubuntu: New Status in sendmail package in Ubuntu: New Status in shorewall-init package in Ubuntu: New Status in sidedoor package in Ubuntu: New Status in slrn package in Ubuntu: New Status in tinc package in Ubuntu: New Status in ubuntu-fan package in Ubuntu: Fix Released Status in ucarp package in Ubuntu: New Status in uml-utilities package in Ubuntu: New Status in uruk package in Ubuntu: New Status in vlan package in Ubuntu: Won't Fix Status in vzctl package in Ubuntu: Triaged Status in wide-dhcpv6 package in Ubuntu: New Status in wpa package in Ubuntu: New Bug description: when network is configured with ifupdown, scripts in /etc/network/ifup.d/ were called on network being brought up and /etc/network/ifdown.d were called on network being brought down. Any packages that shipped these hooks need to be verified to have the same functionality under a netplan configured system. # binpkgs=$(apt-file search /etc/network/if-up | sed 's,: .*,,' | sort -u) # for i in $binpkgs; do src=$(apt-cache show $i | awk '$1 == "Source:" { print $2; exit(0); }'); [ -z "$src" ] && src="$i"; echo $src; done | sort -u aiccu aoetools avahi bind9 chrony clamav controlaula epoptes ethtool guidedog htpdate ifenslave ifmetric ifupdown-extra ifupdown-multi ifupdown-scripts-zg2 isatapd lprng miredo mythtv-backend nss-pam-ldapd ntp openntpd openresolv openssh openvpn postfix quicktun resolvconf sendmail shorewall-init sidedoor slrn tinc ubuntu-fan ucarp uml-utilities uruk vlan vzctl wide-dhcpv6 wpa Related bugs: * bug 1718227: replacement of ifupdown with netplan needs integration for /etc/network/if{up,down}.d scripts * bug 1713803: replacement of resolvconf with systemd needs integration * bug 1717983: replacement of isc-dhcp-client with with systemd-networkd for dhclient needs integration ProblemType: Bug DistroRelease: Ubuntu 17.10 Package: netplan (not installed) ProcVersionSignature: Ubuntu 4.12.0-11.12-generic 4.12.5 Uname: Linux 4.12.0-11-generic x86_64 NonfreeKernelModules: zfs zunicode zavl zcommon znvpair ApportVersion: 2.20.7-0ubuntu1 Architecture: amd64 CurrentDesktop: GNOME Date: Tue Sep 19 10:53:08 2017 EcryptfsInUse: Yes InstallationDate: Installed on 2015-07-23 (789 days ago) InstallationMedia: Ubuntu 15.10 "Wily Werewolf" - Alpha amd64 (20150722.1) ProcEnviron: TERM=xterm-256color PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: plan UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aiccu/+bug/1718227/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
