Bug#1053555: marked as done (openssh-server: DebianBanner setting not shown in configuration dump)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Thu, 23 Nov 2023 18:10:07 +0000
with message-id <E1r6E9P-007mah-0m@fasolo.debian.org>
and subject line Bug#1053555: fixed in openssh 1:9.5p1-1
has caused the Debian Bug report #1053555,
regarding openssh-server: DebianBanner setting not shown in configuration dump
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1053555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053555
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: openssh-server: DebianBanner setting not shown in configuration dump
• From: Rasmus Villemoes <rv@rasmusvillemoes.dk>
• Date: Fri, 6 Oct 2023 10:45:59 +0200
• Message-id: <3c718d0e-3624-c429-f5d7-c169b43cfd95@rasmusvillemoes.dk>

Package: openssh-server
Version: 1:8.4p1-5+deb11u1
Severity: minor

Dear Maintainer,

'sshd -T', and since v9.3 also 'sshd -G', is supposed to print the
full, effective configuration. However, debian-banner.patch neglects
to update dump_config(), so there's no line showing the effective
value of the debianbanner setting.

I think the fix is as simple as adding

  dump_cfg_fmtint(sDebianBanner, o->debian_banner);

somewhere appropriate in dump_config().

IOW,

  sshd -T | grep ^debianbanner

produces nothing, but I'd expect it (in the default Debian
configuration) to print

  debianbanner yes

-- System Information:
Debian Release: 11.7
  APT prefers oldstable-updates
  APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'),
(500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-25-amd64 (SMP w/2 CPU threads)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8), LANGUAGE
not set
Shell: /bin/sh linked to /usr/bin/bash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                3.118
ii  debconf [debconf-2.0]  1.5.77
ii  dpkg                   1.20.12
ii  libaudit1              1:3.0-2
ii  libc6                  2.31-13+deb11u7
ii  libcom-err2            1.46.2-2
ii  libcrypt1              1:4.4.18-4
ii  libgssapi-krb5-2       1.18.3-6+deb11u3
ii  libkrb5-3              1.18.3-6+deb11u3
ii  libpam-modules         1.4.0-9+deb11u1
ii  libpam-runtime         1.4.0-9+deb11u1
ii  libpam0g               1.4.0-9+deb11u1
ii  libselinux1            3.1-3
ii  libssl1.1              1.1.1n-0+deb11u5
ii  libsystemd0            247.3-7+deb11u4
ii  libwrap0               7.6.q-31
ii  lsb-base               11.1.0
ii  openssh-client         1:8.4p1-5+deb11u1
ii  openssh-sftp-server    1:8.4p1-5+deb11u1
ii  procps                 2:3.3.17-5
ii  runit-helper           2.10.3
ii  ucf                    3.0043
ii  zlib1g                 1:1.2.11.dfsg-2+deb11u2

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  247.3-7+deb11u4
ii  ncurses-term             6.2+20201114-2+deb11u1
pn  xauth                    <none>

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>
pn  ufw           <none>

-- debconf information excluded

--- End Message ---

--- Begin Message ---

• To: 1053555-close@bugs.debian.org
• Subject: Bug#1053555: fixed in openssh 1:9.5p1-1
• From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
• Date: Thu, 23 Nov 2023 18:10:07 +0000
• Message-id: <E1r6E9P-007mah-0m@fasolo.debian.org>
• Reply-to: Colin Watson <cjwatson@debian.org>

Source: openssh
Source-Version: 1:9.5p1-1
Done: Colin Watson <cjwatson@debian.org>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1053555@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 23 Nov 2023 17:38:07 +0000
Source: openssh
Architecture: source
Version: 1:9.5p1-1
Distribution: experimental
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Closes: 1053555
Changes:
 openssh (1:9.5p1-1) experimental; urgency=medium
 .
   * New upstream release (https://www.openssh.com/releasenotes.html#9.5p1):
     - ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
       are very convenient due to their small size. Ed25519 keys are
       specified in RFC 8709 and OpenSSH has supported them since version 6.5
       (January 2014).
     - sshd(8): the Subsystem directive now accurately preserves quoting of
       subsystem commands and arguments. This may change behaviour for exotic
       configurations, but the most common subsystem configuration
       (sftp-server) is unlikely to be affected.
     - ssh(1): add keystroke timing obfuscation to the client. This attempts
       to hide inter-keystroke timings by sending interactive traffic at
       fixed intervals (default: every 20ms) when there is only a small
       amount of data being sent. It also sends fake "chaff" keystrokes for a
       random interval after the last real keystroke. These are controlled by
       a new ssh_config ObscureKeystrokeTiming keyword.
     - ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
       a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
       implement a ping capability. These messages use numbers in the "local
       extensions" number space and are advertised using a "ping@openssh.com"
       ext-info message with a string version number of "0".
     - sshd(8): allow override of Subsystem directives in sshd Match blocks.
     - scp(1): fix scp in SFTP mode recursive upload and download of
       directories that contain symlinks to other directories. In scp mode,
       the links would be followed, but in SFTP mode they were not.
     - ssh-keygen(1): handle cr+lf (instead of just cr) line endings in
       sshsig signature files.
     - ssh(1): interactive mode for ControlPersist sessions if they
       originally requested a tty.
     - sshd(8): make PerSourceMaxStartups first-match-wins.
     - sshd(8): limit artificial login delay to a reasonable maximum (5s) and
       don't delay at all for the "none" authentication mechanism.
     - sshd(8): Log errors in kex_exchange_identification() with level
       verbose instead of error to reduce preauth log spam. All of those get
       logged with a more generic error message by sshpkt_fatal().
     - sshd(8): correct math for ClientAliveInterval that caused the probes
       to be sent less frequently than configured.
     - ssh(1): fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
       multiplexed sessions to ignore SIGINT under some circumstances.
   * Build-depend on dh-sequence-movetousr.
   * Report DebianBanner setting in "sshd -G/-T" output (thanks, Rasmus
     Villemoes; closes: #1053555).
Checksums-Sha1:
 b4db26545e8c1d77ed809a84ebd9a1d8d5b45fcb 3334 openssh_9.5p1-1.dsc
 35c16dcc6e7d0a9465faa241476ef24f76b196cc 1843001 openssh_9.5p1.orig.tar.gz
 7a43b493367f71588c74e1a14fb67da688612610 833 openssh_9.5p1.orig.tar.gz.asc
 f8555b8a9150eca7d130cacca572fb3a63a25994 185952 openssh_9.5p1-1.debian.tar.xz
Checksums-Sha256:
 c7981077c5ff3d577873c0fb4a9f8658584fa112cc2a64b448120c741f40f535 3334 openssh_9.5p1-1.dsc
 f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b 1843001 openssh_9.5p1.orig.tar.gz
 88d3935af9dc82fcb34f5c7c7f226e6b750c0859452b691166be0d626d471d31 833 openssh_9.5p1.orig.tar.gz.asc
 1a01c3b9fb6c827f84625f4b778ed8c30415f3ef5e6543bf644b57df51e17010 185952 openssh_9.5p1-1.debian.tar.xz
Files:
 8f7222005ddb966194ef7635140e6667 3334 net standard openssh_9.5p1-1.dsc
 3d29a7394816deeb57186899d7f7662c 1843001 net standard openssh_9.5p1.orig.tar.gz
 e1697498667c0115fb3f85306e760e98 833 net standard openssh_9.5p1.orig.tar.gz.asc
 5ebe0736cb84647e759335f2cd458e1a 185952 net standard openssh_9.5p1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmVfjlMACgkQOTWH2X2G
UAusNxAArLubjFFB2Y44EmrMkPf6Lj2DXnxlxv13QVSBvoStvg1OCzGTY5Sirw0P
yHVB7xav15WjkRVFeSoKP+Rqyy8OAWTuHM2u134rrV5WKSNN0BoN19FaU5ue6wmG
4KBSl+zhv7Dgrgp4JKXmHJgQCtL9xfef482eFDYAm/CSrj8gynPfWbPRiwHJ2EEa
rLZwfpqN0rlOFnqF1bn+lq4Bih+g/rjIIF7KPJRqYuXzX+BzbZMUIqTZxqRB5rNv
1pyLT8U+EueGaGed+pRQiu4i21HEJXXgd7uF7fhUGGDQ82c/lV74ObGpoWfMkJAa
wBSTPJkN1SksqVg3IK1n8YCL5viMFYmN0DwDBip2l1/+DNhEtNpv27b7c7saoiik
kM22YaU2X6RA45JiNpIKEEQrlik7Y7+GN+VgcYAbCJ7ChdmRQW5VepV/Z6Q410sv
Y+Qkpy7m0uSPYzgR9i6cMWOTvgzXpFE84KYwJH4k092/qkDyhl2bMsvjWoZle3Me
W8Iup3r6JCj3orVhHnDR+g50GJ2ThcppdMYi6qEsZt5HGU+RJ3J7NN5wS+HyoR/C
sKLVeN7v4EWitpwzTy3pFkh9eqg8NERQt+A2iHySZVeMYXwztMSX4kgcVAz0Jn7m
IhEW/aKzzJj81+/w5AWiSYDzupe8KkVQm3VrZOooGGXqM3fyQRI=
=B9qb
-----END PGP SIGNATURE-----

--- End Message ---