[ubuntu/precise] openssh 1:5.9p1-1ubuntu1 (Accepted)

Colin Watson cjwatson at ubuntu.com
Mon Oct 17 21:30:21 UTC 2011 

openssh (1:5.9p1-1ubuntu1) precise; urgency=low

  * Resynchronise with Debian.  Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart.  The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

openssh (1:5.9p1-1) unstable; urgency=low

  * New upstream release (http://www.openssh.org/txt/release-5.9).
    - Introduce sandboxing of the pre-auth privsep child using an optional
      sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
      mandatory restrictions on the syscalls the privsep child can perform.
    - Add new SHA256-based HMAC transport integrity modes from
      http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
    - The pre-authentication sshd(8) privilege separation slave process now
      logs via a socket shared with the master process, avoiding the need to
      maintain /dev/log inside the chroot (closes: #75043, #429243,
      #599240).
    - ssh(1) now warns when a server refuses X11 forwarding (closes:
      #504757).
    - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
      separated by whitespace (closes: #76312).  The authorized_keys2
      fallback is deprecated but documented (closes: #560156).
    - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
      ToS/DSCP (closes: #498297).
    - ssh-add(1) now accepts keys piped from standard input.  E.g. "ssh-add
      - < /path/to/key" (closes: #229124).
    - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
    - Say "required" rather than "recommended" in unprotected-private-key
      warning (LP: #663455).
  * Update OpenSSH FAQ to revision 1.112.

Date: Mon, 17 Oct 2011 16:04:47 +0100
Changed-By: Colin Watson <cjwatson at ubuntu.com>
https://launchpad.net/ubuntu/precise/+source/openssh/1:5.9p1-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Oct 2011 16:04:47 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:5.9p1-1ubuntu1
Distribution: precise
Urgency: low
Maintainer: Colin Watson <cjwatson at ubuntu.com>
Changed-By: Colin Watson <cjwatson at ubuntu.com>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 75043 76312 229124 429243 444691 498297 504757 560156 599240
Launchpad-Bugs-Fixed: 663455
Changes: 
 openssh (1:5.9p1-1ubuntu1) precise; urgency=low
 .
   * Resynchronise with Debian.  Remaining changes:
     - Add support for registering ConsoleKit sessions on login.
     - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
     - Convert to Upstart.  The init script is still here for the benefit of
       people running sshd in chroots.
     - Install apport hook.
     - Add mention of ssh-keygen in ssh connect warning.
 .
 openssh (1:5.9p1-1) unstable; urgency=low
 .
   * New upstream release (http://www.openssh.org/txt/release-5.9).
     - Introduce sandboxing of the pre-auth privsep child using an optional
       sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
       mandatory restrictions on the syscalls the privsep child can perform.
     - Add new SHA256-based HMAC transport integrity modes from
       http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
     - The pre-authentication sshd(8) privilege separation slave process now
       logs via a socket shared with the master process, avoiding the need to
       maintain /dev/log inside the chroot (closes: #75043, #429243,
       #599240).
     - ssh(1) now warns when a server refuses X11 forwarding (closes:
       #504757).
     - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
       separated by whitespace (closes: #76312).  The authorized_keys2
       fallback is deprecated but documented (closes: #560156).
     - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
       ToS/DSCP (closes: #498297).
     - ssh-add(1) now accepts keys piped from standard input.  E.g. "ssh-add
       - < /path/to/key" (closes: #229124).
     - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
     - Say "required" rather than "recommended" in unprotected-private-key
       warning (LP: #663455).
   * Update OpenSSH FAQ to revision 1.112.
Checksums-Sha1: 
 90e27130ac1c4eb1fc4d966915b161f6e0ae6d52 2378 openssh_5.9p1-1ubuntu1.dsc
 ac4e0055421e9543f0af5da607a72cf5922dcc56 1110014 openssh_5.9p1.orig.tar.gz
 22b5586dae3134071c8d24e050319243e0020084 253005 openssh_5.9p1-1ubuntu1.debian.tar.gz
Checksums-Sha256: 
 df8ebfa5116e20e82b471acb4f920e3dd7e41c0fe0809c8a38efac9b0d56a3e9 2378 openssh_5.9p1-1ubuntu1.dsc
 8d3e8b6b6ff04b525a6dfa6fdeb6a99043ccf6c3310cc32eba84c939b07777d5 1110014 openssh_5.9p1.orig.tar.gz
 577ec9dbf785facf2362211d552b23e2c3095d088e62e3c5d0ec4a1980745bc1 253005 openssh_5.9p1-1ubuntu1.debian.tar.gz
Files: 
 0a7eceb29cd83137700aca60cb4893fe 2378 net standard openssh_5.9p1-1ubuntu1.dsc
 afe17eee7e98d3b8550cc349834a85d0 1110014 net standard openssh_5.9p1.orig.tar.gz
 7c1e6fbe22685682c9bb3affafec5779 253005 net standard openssh_5.9p1-1ubuntu1.debian.tar.gz
Original-Maintainer: Debian OpenSSH Maintainers <debian-ssh at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Colin Watson <cjwatson at debian.org> -- Debian developer

iQIVAwUBTpxHsTk1h9l9hlALAQgXqA/+KK+m9XQ4ksuF+rXLQR68nilbH4AiEj1n
MROLDgx7t76Mb42U+SMsQymyVvYkeQF2iwmGKOIqDdK6GOnkWY7XKO5JXiDSW6h3
NJENtusF/aGXt1SQVJQgp0/TMB2YnjI75iP3Xxd3LaHCEZKDt6JSqon9ssiVZpVk
j09zBSAbZ/aLD+UeZRxbcbloICXEVDpE4moTadPknibJL7lVwSre3b6b/Jqf9vBz
8uB7uvz3fIK0+uAeYRfqtdEIsMV4r9ySyg48s5nro2MUytCtQZQccjX/40jk06mM
vA94rgt1/eiNtOc3G9zlUnpub6ve1ph12UyY8KYlXysgf39xgyZTsYCc7UFQ7XTe
nNaFraKzoj3uMo/E2aKteqglEeMVPSw7rNZOz/K4txqp3650JMTZQQZCdjEFPBn5
3tLnKMbcS6XFVDpNk36M0ybCOVLgLj5KwKAOL++xHTdONlPRteKZ1DG2J6yV0BBV
j9oIITa7TDPYXNt00g+no64rWwUiXiZDXaY73s2cmErDEfxr6rnzXQ9losBEaJoh
QfkGhOGX56ikU820e2XOOrs6MG8L0hEq9UPGBMMZvRVOK3nktw/Ixp8PRhrtZ9l7
iQ0M8uIr95ZkvItSf+6HVfo1YsMY7AWQ51a2TtG2QDOYs2entcHOTsyM0RaVg5lB
vef6FD9zW5M=
=2QyX
-----END PGP SIGNATURE-----

More information about the Precise-changes mailing list