Accepted openssh 1:4.3p2-2ubuntu1 (source)
Colin Watson
cjwatson at ubuntu.com
Wed Jun 28 11:30:09 BST 2006
Accepted:
OK: openssh_4.3p2-2ubuntu1.dsc
-> Component: main Section: net
OK: openssh_4.3p2.orig.tar.gz
OK: openssh_4.3p2-2ubuntu1.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 28 Jun 2006 11:24:47 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source
Version: 1:4.3p2-2ubuntu1
Distribution: edgy
Urgency: low
Maintainer: Matthew Vernon <matthew at debian.org>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description:
openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - Secure shell client for the Debian installer
openssh-server - Secure shell server, an rshd replacement
openssh-server-udeb - Secure shell server for the Debian installer
ssh - Secure shell client and server (transitional package)
ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 114894 259865 349645 349896 352042 360068 360348 361032 361220 367143 367161 367186 367318 367971
Changes:
openssh (1:4.3p2-2ubuntu1) edgy; urgency=low
.
* Resynchronise with Debian.
* Drop direct upgrade compatibility from the Warty preview release.
* Drop patch to use /usr/bin/xauth instead of /usr/bin/X11/xauth; the
/usr/bin/X11 symlink should always exist, and using it makes the package
easier to backport.
.
openssh (1:4.3p2-2) unstable; urgency=low
.
* Include commented-out pam_access example in /etc/pam.d/ssh.
* On '/etc/init.d/ssh restart', create /var/run/sshd before checking the
server configuration, as otherwise 'sshd -t' will complain about the
lack of /var/run/sshd (closes: https://launchpad.net/bugs/45234).
* debconf template translations:
- Update Russian (thanks, Yuriy Talakan'; closes: #367143).
- Update Czech (thanks, Miroslav Kure; closes: #367161).
- Update Italian (thanks, Luca Monducci; closes: #367186).
- Update Galician (thanks, Jacobo Tarrio; closes: #367318).
- Update Swedish (thanks, Daniel Nylander; closes: #367971).
.
openssh (1:4.3p2-1) unstable; urgency=low
.
* New upstream release (closes: #361032).
- CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
subshell to perform local to local, and remote to remote copy
operations. This subshell exposed filenames to shell expansion twice;
allowing a local attacker to create filenames containing shell
metacharacters that, if matched by a wildcard, could lead to execution
of attacker-specified commands with the privilege of the user running
scp (closes: #349645).
- Add support for tunneling arbitrary network packets over a connection
between an OpenSSH client and server via tun(4) virtual network
interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN
between the client and server providing real network connectivity at
layer 2 or 3. This feature is experimental.
- Reduce default key length for new DSA keys generated by ssh-keygen
back to 1024 bits. DSA is not specified for longer lengths and does
not fully benefit from simply making keys longer. As per FIPS 186-2
Change Notice 1, ssh-keygen will refuse to generate a new DSA key
smaller or larger than 1024 bits.
- Fixed X forwarding failing to start when the X11 client is executed in
background at the time of session exit.
- Change ssh-keygen to generate a protocol 2 RSA key when invoked
without arguments (closes: #114894).
- Fix timing variance for valid vs. invalid accounts when attempting
Kerberos authentication.
- Ensure that ssh always returns code 255 on internal error
(closes: #259865).
- Cleanup wtmp files on SIGTERM when not using privsep.
- Set SO_REUSEADDR on X11 listeners to avoid problems caused by
lingering sockets from previous session (X11 applications can
sometimes not connect to 127.0.0.1:60xx) (closes:
https://launchpad.net/bugs/25528).
- Ensure that fds 0, 1 and 2 are always attached in all programs, by
duping /dev/null to them if necessary.
- Xauth list invocation had bogus "." argument.
- Remove internal assumptions on key exchange hash algorithm and output
length, preparing OpenSSH for KEX methods with alternate hashes.
- Ignore junk sent by a server before it sends the "SSH-" banner.
- Many manual page improvements.
- Lots of cleanups, including fixes to memory leaks on error paths and
possible crashes.
* Update to current GSSAPI patch from
http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch
(closes: #352042).
* debian/rules: Resynchronise CFLAGS with that generated by configure.
* Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself
when PAM is enabled, but relies on PAM to do it.
* Rename KeepAlive to TCPKeepAlive in default sshd_config
(closes: #349896).
* Rephrase ssh/new_config and ssh/encrypted_host_key_but_no_keygen debconf
templates to make boolean short descriptions end with a question mark
and to avoid use of the first person.
* Ship README.tun.
* Policy version 3.7.2: no changes required.
* debconf template translations:
- Update Italian (thanks, Luca Monducci; closes: #360348).
- Add Galician (thanks, Jacobo Tarrio; closes: #361220).
.
openssh (1:4.2p1-8) unstable; urgency=low
.
[ Frans Pop ]
* Use udeb support introduced in debhelper 4.2.0 (available in sarge)
rather than constructing udebs by steam.
* Require debhelper 5.0.22, which generates correct shared library
dependencies for udebs (closes: #360068). This build-dependency can be
ignored if building on sarge.
.
[ Colin Watson ]
* Switch to debhelper compatibility level 4, since we now require
debhelper 4 even on sarge anyway for udeb support.
Files:
8b18ce31cf9060aab80a0ba260687729 1004 net standard openssh_4.3p2-2ubuntu1.dsc
239fc801443acaffd4c1f111948ee69c 920186 net standard openssh_4.3p2.orig.tar.gz
2e2db7ec90d38621f0d0dbc5ca959401 163712 net standard openssh_4.3p2-2ubuntu1.diff.gz
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEollH9t0zAhD6TNERAhy5AJ97QYOnbloHPy/9rFGL0IuUlp5PRwCePefh
E7IVaYf/g5ayrqzE3wh7DA8=
=hUNI
-----END PGP SIGNATURE-----
More information about the edgy-changes
mailing list