[ubuntu/precise] openssh 1:5.9p1-1ubuntu1 (Accepted)
Colin Watson
cjwatson at ubuntu.com
Mon Oct 17 21:30:21 UTC 2011
openssh (1:5.9p1-1ubuntu1) precise; urgency=low
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
- Convert to Upstart. The init script is still here for the benefit of
people running sshd in chroots.
- Install apport hook.
- Add mention of ssh-keygen in ssh connect warning.
openssh (1:5.9p1-1) unstable; urgency=low
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
* Update OpenSSH FAQ to revision 1.112.
Date: Mon, 17 Oct 2011 16:04:47 +0100
Changed-By: Colin Watson <cjwatson at ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/openssh/1:5.9p1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Oct 2011 16:04:47 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:5.9p1-1ubuntu1
Distribution: precise
Urgency: low
Maintainer: Colin Watson <cjwatson at ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 75043 76312 229124 429243 444691 498297 504757 560156 599240
Launchpad-Bugs-Fixed: 663455
Changes:
openssh (1:5.9p1-1ubuntu1) precise; urgency=low
.
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
- Convert to Upstart. The init script is still here for the benefit of
people running sshd in chroots.
- Install apport hook.
- Add mention of ssh-keygen in ssh connect warning.
.
openssh (1:5.9p1-1) unstable; urgency=low
.
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
* Update OpenSSH FAQ to revision 1.112.
Checksums-Sha1:
90e27130ac1c4eb1fc4d966915b161f6e0ae6d52 2378 openssh_5.9p1-1ubuntu1.dsc
ac4e0055421e9543f0af5da607a72cf5922dcc56 1110014 openssh_5.9p1.orig.tar.gz
22b5586dae3134071c8d24e050319243e0020084 253005 openssh_5.9p1-1ubuntu1.debian.tar.gz
Checksums-Sha256:
df8ebfa5116e20e82b471acb4f920e3dd7e41c0fe0809c8a38efac9b0d56a3e9 2378 openssh_5.9p1-1ubuntu1.dsc
8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 1110014 openssh_5.9p1.orig.tar.gz
577ec9dbf785facf2362211d552b23e2c3095d088e62e3c5d0ec4a1980745bc1 253005 openssh_5.9p1-1ubuntu1.debian.tar.gz
Files:
0a7eceb29cd83137700aca60cb4893fe 2378 net standard openssh_5.9p1-1ubuntu1.dsc
afe17eee7e98d3b8550cc349834a85d0 1110014 net standard openssh_5.9p1.orig.tar.gz
7c1e6fbe22685682c9bb3affafec5779 253005 net standard openssh_5.9p1-1ubuntu1.debian.tar.gz
Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson at debian.org> -- Debian developer
iQIVAwUBTpxHsTk1h9l9hlALAQgXqA/+KK+m9XQ4ksuF+rXLQR68nilbH4AiEj1n
MROLDgx7t76Mb42U+SMsQymyVvYkeQF2iwmGKOIqDdK6GOnkWY7XKO5JXiDSW6h3
NJENtusF/aGXt1SQVJQgp0/TMB2YnjI75iP3Xxd3LaHCEZKDt6JSqon9ssiVZpVk
j09zBSAbZ/aLD+UeZRxbcbloICXEVDpE4moTadPknibJL7lVwSre3b6b/Jqf9vBz
8uB7uvz3fIK0+uAeYRfqtdEIsMV4r9ySyg48s5nro2MUytCtQZQccjX/40jk06mM
vA94rgt1/eiNtOc3G9zlUnpub6ve1ph12UyY8KYlXysgf39xgyZTsYCc7UFQ7XTe
nNaFraKzoj3uMo/E2aKteqglEeMVPSw7rNZOz/K4txqp3650JMTZQQZCdjEFPBn5
3tLnKMbcS6XFVDpNk36M0ybCOVLgLj5KwKAOL++xHTdONlPRteKZ1DG2J6yV0BBV
j9oIITa7TDPYXNt00g+no64rWwUiXiZDXaY73s2cmErDEfxr6rnzXQ9losBEaJoh
QfkGhOGX56ikU820e2XOOrs6MG8L0hEq9UPGBMMZvRVOK3nktw/Ixp8PRhrtZ9l7
iQ0M8uIr95ZkvItSf+6HVfo1YsMY7AWQ51a2TtG2QDOYs2entcHOTsyM0RaVg5lB
vef6FD9zW5M=
=2QyX
-----END PGP SIGNATURE-----
More information about the Precise-changes
mailing list