Author: Ubuntu Git Importer
Author Date: 2020-02-24 05:32:06 UTC

DSC file for 1:8.2p1-3

Author: Ubuntu Git Importer
Author Date: 2020-02-24 04:45:31 UTC

DSC file for 1:8.2p1-3

Author: Colin Watson
Author Date: 2020-02-23 13:30:01 UTC

Import patches-unapplied version 1:8.2p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c357ef7569a771d6c9006611e1bdf8ec5e058b47

New changelog entries:
  * Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW.
  * Move ssh-sk-helper into openssh-client rather than shipping it in a
    separate package. The extra library dependencies are pretty small, so
    it doesn't seem worth bloating the Packages file. Suggested by Bastian
    Blank.

Author: Colin Watson
Author Date: 2020-02-23 13:30:01 UTC

Import patches-unapplied version 1:8.2p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c357ef7569a771d6c9006611e1bdf8ec5e058b47

New changelog entries:
  * Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW.
  * Move ssh-sk-helper into openssh-client rather than shipping it in a
    separate package. The extra library dependencies are pretty small, so
    it doesn't seem worth bloating the Packages file. Suggested by Bastian
    Blank.

Author: Colin Watson
Author Date: 2020-02-23 13:30:01 UTC

Import patches-applied version 1:8.2p1-3 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 03ce2605cc6c3b59c694dab110778b3eb7a8396c
Unapplied parent: 182da7e86360814b0be726ec53f00ce582284315

New changelog entries:
  * Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW.
  * Move ssh-sk-helper into openssh-client rather than shipping it in a
    separate package. The extra library dependencies are pretty small, so
    it doesn't seem worth bloating the Packages file. Suggested by Bastian
    Blank.

Author: Colin Watson
Author Date: 2020-02-23 13:30:01 UTC

Import patches-unapplied version 1:8.2p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c357ef7569a771d6c9006611e1bdf8ec5e058b47

New changelog entries:
  * Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW.
  * Move ssh-sk-helper into openssh-client rather than shipping it in a
    separate package. The extra library dependencies are pretty small, so
    it doesn't seem worth bloating the Packages file. Suggested by Bastian
    Blank.

Author: Colin Watson
Author Date: 2020-02-23 13:30:01 UTC

Import patches-unapplied version 1:8.2p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: c357ef7569a771d6c9006611e1bdf8ec5e058b47

New changelog entries:
  * Reupload with -sa to work around confusion with 1:8.2p1-1 being in NEW.
  * Move ssh-sk-helper into openssh-client rather than shipping it in a
    separate package. The extra library dependencies are pretty small, so
    it doesn't seem worth bloating the Packages file. Suggested by Bastian
    Blank.

Author: Colin Watson
Author Date: 2020-01-31 20:55:34 UTC

Import patches-applied version 1:7.9p1-10+deb10u2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 55b788f6e65dbbadba67c4c3fd6a3045a386cf42
Unapplied parent: c93d59bb22ee66c06e552d667d5d98974d18f6da

New changelog entries:
  * Apply upstream patch to deny (non-fatally) ipc in the seccomp sandbox,
    fixing failures with OpenSSL 1.1.1d and Linux < 3.19 on some
    architectures (closes: #946242). Note that this also drops the previous
    change to allow ipc on s390, since upstream has security concerns with
    that and it doesn't currently seem to be needed.

Author: Colin Watson
Author Date: 2020-01-31 20:55:34 UTC

Import patches-unapplied version 1:7.9p1-10+deb10u2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a4c6b30f16123e414411561ee25ac3eb43214053

New changelog entries:
  * Apply upstream patch to deny (non-fatally) ipc in the seccomp sandbox,
    fixing failures with OpenSSL 1.1.1d and Linux < 3.19 on some
    architectures (closes: #946242). Note that this also drops the previous
    change to allow ipc on s390, since upstream has security concerns with
    that and it doesn't currently seem to be needed.

Author: Dimitri John Ledkov
Author Date: 2020-01-10 00:01:33 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 58f3f5b4119fab63962cc17a41cf9c4b431933ad

New changelog entries:
  * Apply upstream patch to stop using 2020 as a future date in regress
    tests. LP: #1859013

Author: Dimitri John Ledkov
Author Date: 2020-01-10 00:01:33 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.9 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 58f3f5b4119fab63962cc17a41cf9c4b431933ad

New changelog entries:
  * Apply upstream patch to stop using 2020 as a future date in regress
    tests. LP: #1859013

Author: Dimitri John Ledkov
Author Date: 2020-01-10 00:00:50 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9843383c54ff366e6ebf7a700e1a640a6cc00cbf

New changelog entries:
  * Apply upstream patch to stop using 2020 as a future date in regress
    tests. LP: #1859013

Author: Dimitri John Ledkov
Author Date: 2020-01-10 00:00:50 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.4 to ubuntu/bionic-proposed

Imported using git-ubuntu import.

Changelog parent: 9843383c54ff366e6ebf7a700e1a640a6cc00cbf

New changelog entries:
  * Apply upstream patch to stop using 2020 as a future date in regress
    tests. LP: #1859013

Author: Dimitri John Ledkov
Author Date: 2020-01-09 23:53:27 UTC

Import patches-unapplied version 1:8.0p1-6ubuntu0.1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: e26977d79936c4e1df9873d58e9ed8d83b280fe0

New changelog entries:
  * Apply upstream patch to stop using 2020 as a future date in regress
    tests. LP: #1859013

Author: Dimitri John Ledkov
Author Date: 2020-01-09 23:53:27 UTC

Import patches-unapplied version 1:8.0p1-6ubuntu0.1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: e26977d79936c4e1df9873d58e9ed8d83b280fe0

New changelog entries:
  * Apply upstream patch to stop using 2020 as a future date in regress
    tests. LP: #1859013

Author: Colin Watson
Author Date: 2020-01-11 23:55:03 UTC

Import patches-unapplied version 1:8.1p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 681eda78463cf913ea5462eccb7d4576e5473d45

New changelog entries:
  * Apply upstream patches to allow clock_nanosleep() and variants in the
    seccomp sandbox, fixing failures with glibc 2.31.
  * Apply upstream patch to deny (non-fatally) ipc in the seccomp sandbox,
    fixing failures with OpenSSL 1.1.1d and Linux < 3.19 on some
    architectures (closes: #946242).

Author: Steve Langasek
Author Date: 2019-09-12 18:53:16 UTC

Import patches-unapplied version 1:8.0p1-6build1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 9ef8c469a12e6e28fe032b664138d0970111e14e

New changelog entries:
  * No-change rebuild to drop runit dependency

Author: Moritz Mühlenhoff
Author Date: 2019-07-15 13:32:09 UTC

Import patches-unapplied version 1:7.4p1-10+deb9u7 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 351abd2dedbbae78bd4be284347f8cd32cf1b224

New changelog entries:
  * Fix deadlock when the keys/principals command produces a lot of
    output and a key is matched early (upstream commit
    ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2). (Closes: #905226)

Author: Moritz Mühlenhoff
Author Date: 2019-07-15 13:32:09 UTC

Import patches-applied version 1:7.4p1-10+deb9u7 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 9d23450054e12d8ec89e3ab77832af0fb677dd15
Unapplied parent: e9593fb325eec211f0c21a0baac976379362e106

New changelog entries:
  * Fix deadlock when the keys/principals command produces a lot of
    output and a key is matched early (upstream commit
    ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2). (Closes: #905226)

Author: Colin Watson
Author Date: 2019-06-14 13:32:12 UTC

Import patches-unapplied version 1:8.0p1-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b8798708f603f6479336174a476ff5fa4f3ddfa0

New changelog entries:
  * Fix interop tests for recent regress changes.

Author: Colin Watson
Author Date: 2019-06-14 13:32:12 UTC

Import patches-applied version 1:8.0p1-2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 9bda313d9b937f049fb833fdf2a15bf3a450dde9
Unapplied parent: f4a15c03f1d233ec0b13e89034d5b83915779763

New changelog entries:
  * Fix interop tests for recent regress changes.

Author: Colin Watson
Author Date: 2019-04-08 10:13:04 UTC

Import patches-unapplied version 1:7.9p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8505d87e9de6b7ca25aee09fb94e7e44774fbcca

New changelog entries:
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
    "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
    LP: #1822370).

Author: Colin Watson
Author Date: 2019-04-08 10:13:04 UTC

Import patches-unapplied version 1:7.9p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8505d87e9de6b7ca25aee09fb94e7e44774fbcca

New changelog entries:
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
    "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
    LP: #1822370).

Author: Colin Watson
Author Date: 2019-04-08 10:13:04 UTC

Import patches-unapplied version 1:7.9p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8505d87e9de6b7ca25aee09fb94e7e44774fbcca

New changelog entries:
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
    "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
    LP: #1822370).

Author: Marc Deslauriers
Author Date: 2019-03-04 12:50:38 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2badf1faa74781b21d9f164a4617041f51502fa5

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:50:38 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2badf1faa74781b21d9f164a4617041f51502fa5

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:52:28 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3c2e5adf20c1c2b01e8336a44e705c4ec593147f

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:52:28 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3c2e5adf20c1c2b01e8336a44e705c4ec593147f

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:52:28 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3c2e5adf20c1c2b01e8336a44e705c4ec593147f

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:17:51 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d33d1e6b1fb50bab7d7458acb8105bcd529ed7c1

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:17:51 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d33d1e6b1fb50bab7d7458acb8105bcd529ed7c1

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:38:06 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4dd05ffa0728664f1698c61ab4999e853909b395

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:38:06 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4dd05ffa0728664f1698c61ab4999e853909b395

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:38:06 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4dd05ffa0728664f1698c61ab4999e853909b395

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Karl Stenerud
Author Date: 2018-11-07 13:52:49 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 917f739deb27c6440777c8330cfeeb46307775ec

Author: Colin Watson
Author Date: 2018-08-17 13:09:32 UTC

Import patches-unapplied version 1:7.7p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ae80699317094c1deba08dfc4c3b21322b9567e6

New changelog entries:
  * Apply upstream patch to delay bailout for invalid authenticating user
    until after the packet containing the request has been fully parsed
    (closes: #906236).

Author: Ubuntu Git Importer
Author Date: 2018-04-07 16:03:10 UTC

pristine-tar data for openssh_7.7p1.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 13:44:20 UTC

pristine-tar data for openssh_7.6p1.orig.tar.gz

Author: Colin Watson
Author Date: 2018-02-10 02:31:46 UTC

Import patches-unapplied version 1:7.6p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2c6c36a53248355c46609e8c5cbb431c83542d9

New changelog entries:
  * Move VCS to salsa.debian.org.
  * Add a preseeding-only openssh-server/password-authentication debconf
    template that can be used to disable password authentication (closes:
    #878945).

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Colin Watson
Author Date: 2017-11-18 10:56:29 UTC

Import patches-applied version 1:6.7p1-5+deb8u4 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 6837b65d638f49f7169ecb1d24dcb54d4fd5712b
Unapplied parent: 4f46b69ded18ce196025a25e2064a5a10cf12794

New changelog entries:
  * Test configuration before starting or reloading sshd under systemd
    (closes: #865770).
  * Make "--" before the hostname terminate argument processing after the
    hostname too (closes: #873201).

Author: Colin Watson
Author Date: 2017-11-18 10:56:29 UTC

Import patches-unapplied version 1:6.7p1-5+deb8u4 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d993ca8d18840e83906a039d8e21899bfe301faf

New changelog entries:
  * Test configuration before starting or reloading sshd under systemd
    (closes: #865770).
  * Make "--" before the hostname terminate argument processing after the
    hostname too (closes: #873201).

Author: Colin Watson
Author Date: 2017-09-01 10:17:19 UTC

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

Author: Colin Watson
Author Date: 2017-09-01 10:17:19 UTC

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

Author: Dimitri John Ledkov
Author Date: 2017-05-03 15:29:20 UTC

Import patches-unapplied version 1:7.4p1-10ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 2d6a7b7a356d897d168dc051cab091e02ee05f47

New changelog entries:
  * s390x: Fix failing to connect to systems that enable ICA crypto
    coprocessor. Cherrypick upstream fixes to big endian sanboxing code,
    and allow hw acceleration in the sandbox. This fixes sandbox errors
    when system is enabled to use ICA crypto coprocessor. LP: #1686618

Author: Dimitri John Ledkov
Author Date: 2017-05-03 15:29:20 UTC

Import patches-unapplied version 1:7.4p1-10ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 2d6a7b7a356d897d168dc051cab091e02ee05f47

New changelog entries:
  * s390x: Fix failing to connect to systems that enable ICA crypto
    coprocessor. Cherrypick upstream fixes to big endian sanboxing code,
    and allow hw acceleration in the sandbox. This fixes sandbox errors
    when system is enabled to use ICA crypto coprocessor. LP: #1686618

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Colin Watson
Author Date: 2017-03-30 10:19:04 UTC

Import patches-unapplied version 1:7.4p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 94a006df0dee470be9fb627968eaa05377579243

New changelog entries:
  * Move privilege separation directory and PID file from /var/run/ to /run/
    (closes: #760422, #856825).
  * Unbreak Unix domain socket forwarding for root (closes: #858252).

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Colin Watson
Author Date: 2016-08-07 21:45:26 UTC

Import patches-unapplied version 1:7.3p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 500332226cc5dd797169826a715b044d77b16fc8

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-7.3):
    - SECURITY: sshd(8): Mitigate a potential denial-of-service attack
      against the system's crypt(3) function via sshd(8). An attacker could
      send very long passwords that would cause excessive CPU use in
      crypt(3). sshd(8) now refuses to accept password authentication
      requests of length greater than 1024 characters.
    - SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC
      padding oracle countermeasures. Note that CBC ciphers are disabled by
      default and only included for legacy compatibility.
    - SECURITY: ssh(1), sshd(8): Improve operation ordering of MAC
      verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms
      to verify the MAC before decrypting any ciphertext. This removes the
      possibility of timing differences leaking facts about the plaintext,
      though no such leakage has been observed.
    - ssh(1): Add a ProxyJump option and corresponding -J command-line flag
      to allow simplified indirection through a one or more SSH bastions or
      "jump hosts".
    - ssh(1): Add an IdentityAgent option to allow specifying specific agent
      sockets instead of accepting one from the environment.
    - ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
      optionally overridden when using ssh -W.
    - ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per
      draft-sgtatham-secsh-iutf8-00 (closes: #337041, LP: #394570).
    - ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K,
      4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
    - ssh-keygen(1), ssh(1), sshd(8): Support SHA256 and SHA512 RSA
      signatures in certificates.
    - ssh(1): Add an Include directive for ssh_config(5) files (closes:
      #536031).
    - ssh(1): Permit UTF-8 characters in pre-authentication banners sent
      from the server.
    - ssh(1), sshd(8): Reduce the syslog level of some relatively common
      protocol events from LOG_CRIT.
    - sshd(8): Refuse AuthenticationMethods="" in configurations and accept
      AuthenticationMethods=any for the default behaviour of not requiring
      multiple authentication.
    - sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!"
      message when forward and reverse DNS don't match.
    - ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
      failures when both ExitOnForwardFailure and hostname canonicalisation
      are enabled.
    - sshd(8): Remove fallback from moduli to obsolete "primes" file that
      was deprecated in 2001 (LP: #1528251).
    - sshd_config(5): Correct description of UseDNS: it affects ssh hostname
      processing for authorized_keys, not known_hosts.
    - sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit
      is set; previously keepalive packets were not being sent.
    - sshd(8): Whitelist more architectures to enable the seccomp-bpf
      sandbox.
    - scp(1): Respect the local user's LC_CTYPE locale (closes: #396295).
    - Take character display widths into account for the progressmeter
      (closes: #407088).

Author: Salvatore Bonaccorso
Author Date: 2016-04-14 07:39:14 UTC

Import patches-unapplied version 1:6.0p1-4+deb7u4 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: e9a8f23e7053a2f886cf8ed43ca87cde9b44f710

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes

Author: Salvatore Bonaccorso
Author Date: 2016-04-14 07:39:14 UTC

Import patches-applied version 1:6.0p1-4+deb7u4 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 6aa89eab95a8f49213952d8a2c3487c66fe88f98
Unapplied parent: 6dcab59711f77dffe3f00c8825747c7eed51d40c

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Colin Watson
Author Date: 2016-04-15 15:40:07 UTC

Import patches-unapplied version 1:7.2p2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f1922cb23326618db9ab52158d24fd1a07db52de

New changelog entries:
  * Drop dependency on libnss-files-udeb (closes: #819686).
  * Policy version 3.9.7: no changes required.

Author: Mathieu Trudel-Lapierre
Author Date: 2016-01-26 15:38:35 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.6 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f9c816c12b5b33107203e4f8ec2ea7910b3f6543

New changelog entries:
  * debian/control, debian/rules: enable libaudit support. (LP: #1478087)

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Colin Watson
Author Date: 2015-09-10 11:26:11 UTC

Import patches-unapplied version 1:6.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6420725be6749fe2f8b0eed37cbd862f3aff6a6

New changelog entries:
  [ Colin Watson ]
  * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
    invocation onto a separate line to make it easier to copy and paste
    (LP: #1491532).
  [ Tyler Hicks ]
  * Build with audit support on Linux (closes: #797727, LP: #1478087).

Author: Colin Watson
Author Date: 2015-09-10 11:26:11 UTC

Import patches-unapplied version 1:6.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6420725be6749fe2f8b0eed37cbd862f3aff6a6

New changelog entries:
  [ Colin Watson ]
  * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
    invocation onto a separate line to make it easier to copy and paste
    (LP: #1491532).
  [ Tyler Hicks ]
  * Build with audit support on Linux (closes: #797727, LP: #1478087).

Author: Martin Pitt
Author Date: 2015-04-09 07:20:36 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments to
    not apply to fresh installs.

Author: Martin Pitt
Author Date: 2015-04-09 07:20:36 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments to
    not apply to fresh installs.

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-04-03 00:05:27 UTC

Import patches-unapplied version 1:5.5p1-6+squeeze5 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 5d2b040428a7af04a8f6518caaadb47112fd3168

New changelog entries:
  * CVE-2014-2532: Disallow invalid characters in environment variable names
    to prevent bypassing AcceptEnv wildcard restrictions.
  * CVE-2014-2653: Attempt SSHFP lookup even if server presents a
    certificate (closes: #742513).

Author: Colin Watson
Author Date: 2014-04-03 00:05:27 UTC

Import patches-applied version 1:5.5p1-6+squeeze5 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 71dc730097933fc3a9c39dfe94b6f76593b12bca
Unapplied parent: 619cc926af608777df93d1d14451a6cdfc8465bb

New changelog entries:
  * CVE-2014-2532: Disallow invalid characters in environment variable names
    to prevent bypassing AcceptEnv wildcard restrictions.
  * CVE-2014-2653: Attempt SSHFP lookup even if server presents a
    certificate (closes: #742513).

Author: Colin Watson
Author Date: 2014-05-02 08:53:07 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.5 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b22b989400911aec4cb50cd30e135617a5582d2e

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

Author: Colin Watson
Author Date: 2014-05-02 08:53:07 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.5 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b22b989400911aec4cb50cd30e135617a5582d2e

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

Author: Louis Bouchard
Author Date: 2014-04-22 13:28:40 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.4 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 7f37ffb759821df55913da5781887e7ee02ec61f

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

Author: Louis Bouchard
Author Date: 2014-04-22 14:52:59 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.4 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 24d9eea4a7ee1c02394ae190ed3cc5a3ebe3a4eb

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

Author: Colin Watson
Author Date: 2014-04-14 11:20:48 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1de88f18ffa2120cdf2e0825f4f081910c57d26e

New changelog entries:
  * Upload from Debian git repository to fix a release-critical bug.
  * Debconf translations:
    - French (thanks, Étienne Gilli; closes: #743242).
  * Never signal the service supervisor with SIGSTOP more than once, to
    prevent a hang on re-exec (thanks, Robie Basak; LP: #1306877).

Author: Marc Deslauriers
Author Date: 2014-04-07 13:32:06 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 6c14194051147ea65a08bb435675ed53a31a3b6a

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Colin Watson
Author Date: 2013-07-02 21:54:49 UTC

Import patches-unapplied version 1:6.2p2-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85a198a5d21103ae85a6346421c07fcb114480ea

New changelog entries:
  * Update config.guess and config.sub automatically at build time.
    dh_autoreconf does not take care of that by default because openssh does
    not use automake.

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2012-08-30 23:46:54 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 70f1cb2b6a1d11110e0ef2cd259a6445eaf0a829

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Colin Watson
Author Date: 2012-04-02 10:43:31 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: a7ab0a248f719c14aeb65ada89a2459ff11a74af

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.
  * Sync up pkg-config variable used in configure's ConsoleKit test with
    that used for libedit.

Author: Colin Watson
Author Date: 2011-07-29 15:56:27 UTC

Import patches-unapplied version 1:5.8p1-7ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 82899b2a78e280972a4ae664909700a9ee013814

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Colin Watson
Author Date: 2011-07-29 15:56:27 UTC

Import patches-unapplied version 1:5.8p1-7ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 82899b2a78e280972a4ae664909700a9ee013814

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 05:46:07 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 7bd95092480267a8f2bae97184c0225dea5f2cd6

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-04-01 23:05:43 UTC

Import patches-unapplied version 1:5.8p1-1ubuntu3 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 9cd08ca94527ef262c1a9362052d4c498a1fd089

New changelog entries:
  * Start on runlevel [2345] so that switching back to runlevel 2
    from single user mode starts ssh again. (LP: #747756)