Author: Ubuntu Git Importer
Author Date: 2019-11-16 11:33:48 UTC

DSC file for 1:7.9p1-10+deb10u1

Author: Colin Watson
Author Date: 2019-10-06 18:18:07 UTC

Import patches-applied version 1:7.9p1-10+deb10u1 to applied/debian/buster

Imported using git-ubuntu import.

Changelog parent: de4b717c842955ef7ea8ae488cbc68bb165f9b32
Unapplied parent: c95f04c6d491a86ccaa5ffaf08d9b6a1c4b4a1d6

New changelog entries:
  * Apply upstream patch to deny (non-fatally) shmget/shmat/shmdt in preauth
    privsep child, coping with changes in OpenSSL 1.1.1d that broke OpenSSH
    on Linux kernels before 3.19 (closes: #941663).

Author: Colin Watson
Author Date: 2019-10-06 18:18:07 UTC

Import patches-applied version 1:7.9p1-10+deb10u1 to applied/debian/buster

Imported using git-ubuntu import.

Changelog parent: de4b717c842955ef7ea8ae488cbc68bb165f9b32
Unapplied parent: c95f04c6d491a86ccaa5ffaf08d9b6a1c4b4a1d6

New changelog entries:
  * Apply upstream patch to deny (non-fatally) shmget/shmat/shmdt in preauth
    privsep child, coping with changes in OpenSSL 1.1.1d that broke OpenSSH
    on Linux kernels before 3.19 (closes: #941663).

Author: Colin Watson
Author Date: 2019-10-06 18:18:07 UTC

Import patches-unapplied version 1:7.9p1-10+deb10u1 to debian/buster

Imported using git-ubuntu import.

Changelog parent: 16757f8f36f33d6d3ff0aa7e675b6ff19e92b96d

New changelog entries:
  * Apply upstream patch to deny (non-fatally) shmget/shmat/shmdt in preauth
    privsep child, coping with changes in OpenSSL 1.1.1d that broke OpenSSH
    on Linux kernels before 3.19 (closes: #941663).

Author: Colin Watson
Author Date: 2019-10-06 18:18:07 UTC

Import patches-unapplied version 1:7.9p1-10+deb10u1 to debian/buster

Imported using git-ubuntu import.

Changelog parent: 16757f8f36f33d6d3ff0aa7e675b6ff19e92b96d

New changelog entries:
  * Apply upstream patch to deny (non-fatally) shmget/shmat/shmdt in preauth
    privsep child, coping with changes in OpenSSL 1.1.1d that broke OpenSSH
    on Linux kernels before 3.19 (closes: #941663).

Author: Ubuntu Git Importer
Author Date: 2019-10-25 23:12:23 UTC

DSC file for 1:8.1p1-1

Author: Colin Watson
Author Date: 2019-10-10 09:23:19 UTC

Import patches-unapplied version 1:8.1p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a6daf79f7a01a74df521518125b429cf64dd4fbd

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-8.1):
    - ssh(1), sshd(8), ssh-agent(1): Add protection for private keys at rest
      in RAM against speculation and memory side-channel attacks like
      Spectre, Meltdown and Rambleed. This release encrypts private keys
      when they are not in use with a symmetric key that is derived from a
      relatively large "prekey" consisting of random data (currently 16KB).
    - ssh(1): Allow %n to be expanded in ProxyCommand strings.
    - ssh(1), sshd(8): Allow prepending a list of algorithms to the default
      set by starting the list with the '^' character, e.g.
      "HostKeyAlgorithms ^ssh-ed25519".
    - ssh-keygen(1): Add an experimental lightweight signature and
      verification ability. Signatures may be made using regular ssh keys
      held on disk or stored in a ssh-agent and verified against an
      authorized_keys-like list of allowed keys. Signatures embed a
      namespace that prevents confusion and attacks between different usage
      domains (e.g. files vs email).
    - ssh-keygen(1): Print key comment when extracting public key from a
      private key.
    - ssh-keygen(1): Accept the verbose flag when searching for host keys in
      known hosts (i.e. "ssh-keygen -vF host") to print the matching host's
      random-art signature too.
    - All: Support PKCS8 as an optional format for storage of private keys
      to disk. The OpenSSH native key format remains the default, but PKCS8
      is a superior format to PEM if interoperability with non-OpenSSH
      software is required, as it may use a less insecure key derivation
      function than PEM's.
    - ssh(1): If a PKCS#11 token returns no keys then try to login and
      refetch them.
    - ssh(1): Produce a useful error message if the user's shell is set
      incorrectly during "match exec" processing.
    - sftp(1): Allow the maximum uint32 value for the argument passed to -b
      which allows better error messages from later validation.
    - ssh-keyscan(1): Include SHA2-variant RSA key algorithms in KEX
      proposal; allows ssh-keyscan to harvest keys from servers that disable
      old SHA1 ssh-rsa.
    - sftp(1): Print explicit "not modified" message if a file was requested
      for resumed download but was considered already complete.
    - sftp(1): Fix a typo and make <esc><right> move right to the closest
      end of a word just like <esc><left> moves left to the closest
      beginning of a word.
    - sshd(8): Cap the number of permitopen/permitlisten directives allowed
      to appear on a single authorized_keys line.
    - All: Fix a number of memory leaks (one-off or on exit paths).
    - ssh(1), sshd(8): Check for convtime() refusing to accept times that
      resolve to LONG_MAX.
    - ssh(1): Slightly more instructive error message when the user
      specifies multiple -J options on the command-line (closes: #929669).
    - ssh-agent(1): Process agent requests for RSA certificate private keys
      using correct signature algorithm when requested.
    - sftp(1): Check for user@host when parsing sftp target. This allows
      user@[1.2.3.4] to work without a path.
    - sshd(8): Enlarge format buffer size for certificate serial number so
      the log message can record any 64-bit integer without truncation.
    - sshd(8): For PermitOpen violations add the remote host and port to be
      able to more easily ascertain the source of the request. Add the same
      logging for PermitListen violations which were not previously logged
      at all.
    - scp(1), sftp(1): Use the correct POSIX format style for left
      justification for the transfer progress meter.
    - sshd(8): When examining a configuration using sshd -T, assume any
      attribute not provided by -C does not match, which allows it to work
      when sshd_config contains a Match directive with or without -C.
    - ssh(1), ssh-keygen(1): Downgrade PKCS#11 "provider returned no slots"
      warning from log level error to debug. This is common when attempting
      to enumerate keys on smartcard readers with no cards plugged in.
    - ssh(1), ssh-keygen(1): Do not unconditionally log in to PKCS#11
      tokens. Avoids spurious PIN prompts for keys not selected for
      authentication in ssh(1) and when listing public keys available in a
      token using ssh-keygen(1).
    - ssh(1), sshd(8): Fix typo that prevented detection of Linux VRF.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow mprotect(2) with
      PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
      heap allocators.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow the s390-specific
      ioctl for ECC hardware support.
  * Re-enable hardening on hppa, since the corresponding GCC bug is
    apparently fixed.

Author: Colin Watson
Author Date: 2019-10-10 09:23:19 UTC

Import patches-unapplied version 1:8.1p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a6daf79f7a01a74df521518125b429cf64dd4fbd

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-8.1):
    - ssh(1), sshd(8), ssh-agent(1): Add protection for private keys at rest
      in RAM against speculation and memory side-channel attacks like
      Spectre, Meltdown and Rambleed. This release encrypts private keys
      when they are not in use with a symmetric key that is derived from a
      relatively large "prekey" consisting of random data (currently 16KB).
    - ssh(1): Allow %n to be expanded in ProxyCommand strings.
    - ssh(1), sshd(8): Allow prepending a list of algorithms to the default
      set by starting the list with the '^' character, e.g.
      "HostKeyAlgorithms ^ssh-ed25519".
    - ssh-keygen(1): Add an experimental lightweight signature and
      verification ability. Signatures may be made using regular ssh keys
      held on disk or stored in a ssh-agent and verified against an
      authorized_keys-like list of allowed keys. Signatures embed a
      namespace that prevents confusion and attacks between different usage
      domains (e.g. files vs email).
    - ssh-keygen(1): Print key comment when extracting public key from a
      private key.
    - ssh-keygen(1): Accept the verbose flag when searching for host keys in
      known hosts (i.e. "ssh-keygen -vF host") to print the matching host's
      random-art signature too.
    - All: Support PKCS8 as an optional format for storage of private keys
      to disk. The OpenSSH native key format remains the default, but PKCS8
      is a superior format to PEM if interoperability with non-OpenSSH
      software is required, as it may use a less insecure key derivation
      function than PEM's.
    - ssh(1): If a PKCS#11 token returns no keys then try to login and
      refetch them.
    - ssh(1): Produce a useful error message if the user's shell is set
      incorrectly during "match exec" processing.
    - sftp(1): Allow the maximum uint32 value for the argument passed to -b
      which allows better error messages from later validation.
    - ssh-keyscan(1): Include SHA2-variant RSA key algorithms in KEX
      proposal; allows ssh-keyscan to harvest keys from servers that disable
      old SHA1 ssh-rsa.
    - sftp(1): Print explicit "not modified" message if a file was requested
      for resumed download but was considered already complete.
    - sftp(1): Fix a typo and make <esc><right> move right to the closest
      end of a word just like <esc><left> moves left to the closest
      beginning of a word.
    - sshd(8): Cap the number of permitopen/permitlisten directives allowed
      to appear on a single authorized_keys line.
    - All: Fix a number of memory leaks (one-off or on exit paths).
    - ssh(1), sshd(8): Check for convtime() refusing to accept times that
      resolve to LONG_MAX.
    - ssh(1): Slightly more instructive error message when the user
      specifies multiple -J options on the command-line (closes: #929669).
    - ssh-agent(1): Process agent requests for RSA certificate private keys
      using correct signature algorithm when requested.
    - sftp(1): Check for user@host when parsing sftp target. This allows
      user@[1.2.3.4] to work without a path.
    - sshd(8): Enlarge format buffer size for certificate serial number so
      the log message can record any 64-bit integer without truncation.
    - sshd(8): For PermitOpen violations add the remote host and port to be
      able to more easily ascertain the source of the request. Add the same
      logging for PermitListen violations which were not previously logged
      at all.
    - scp(1), sftp(1): Use the correct POSIX format style for left
      justification for the transfer progress meter.
    - sshd(8): When examining a configuration using sshd -T, assume any
      attribute not provided by -C does not match, which allows it to work
      when sshd_config contains a Match directive with or without -C.
    - ssh(1), ssh-keygen(1): Downgrade PKCS#11 "provider returned no slots"
      warning from log level error to debug. This is common when attempting
      to enumerate keys on smartcard readers with no cards plugged in.
    - ssh(1), ssh-keygen(1): Do not unconditionally log in to PKCS#11
      tokens. Avoids spurious PIN prompts for keys not selected for
      authentication in ssh(1) and when listing public keys available in a
      token using ssh-keygen(1).
    - ssh(1), sshd(8): Fix typo that prevented detection of Linux VRF.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow mprotect(2) with
      PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
      heap allocators.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow the s390-specific
      ioctl for ECC hardware support.
  * Re-enable hardening on hppa, since the corresponding GCC bug is
    apparently fixed.

Author: Colin Watson
Author Date: 2019-10-10 09:23:19 UTC

Import patches-unapplied version 1:8.1p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a6daf79f7a01a74df521518125b429cf64dd4fbd

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-8.1):
    - ssh(1), sshd(8), ssh-agent(1): Add protection for private keys at rest
      in RAM against speculation and memory side-channel attacks like
      Spectre, Meltdown and Rambleed. This release encrypts private keys
      when they are not in use with a symmetric key that is derived from a
      relatively large "prekey" consisting of random data (currently 16KB).
    - ssh(1): Allow %n to be expanded in ProxyCommand strings.
    - ssh(1), sshd(8): Allow prepending a list of algorithms to the default
      set by starting the list with the '^' character, e.g.
      "HostKeyAlgorithms ^ssh-ed25519".
    - ssh-keygen(1): Add an experimental lightweight signature and
      verification ability. Signatures may be made using regular ssh keys
      held on disk or stored in a ssh-agent and verified against an
      authorized_keys-like list of allowed keys. Signatures embed a
      namespace that prevents confusion and attacks between different usage
      domains (e.g. files vs email).
    - ssh-keygen(1): Print key comment when extracting public key from a
      private key.
    - ssh-keygen(1): Accept the verbose flag when searching for host keys in
      known hosts (i.e. "ssh-keygen -vF host") to print the matching host's
      random-art signature too.
    - All: Support PKCS8 as an optional format for storage of private keys
      to disk. The OpenSSH native key format remains the default, but PKCS8
      is a superior format to PEM if interoperability with non-OpenSSH
      software is required, as it may use a less insecure key derivation
      function than PEM's.
    - ssh(1): If a PKCS#11 token returns no keys then try to login and
      refetch them.
    - ssh(1): Produce a useful error message if the user's shell is set
      incorrectly during "match exec" processing.
    - sftp(1): Allow the maximum uint32 value for the argument passed to -b
      which allows better error messages from later validation.
    - ssh-keyscan(1): Include SHA2-variant RSA key algorithms in KEX
      proposal; allows ssh-keyscan to harvest keys from servers that disable
      old SHA1 ssh-rsa.
    - sftp(1): Print explicit "not modified" message if a file was requested
      for resumed download but was considered already complete.
    - sftp(1): Fix a typo and make <esc><right> move right to the closest
      end of a word just like <esc><left> moves left to the closest
      beginning of a word.
    - sshd(8): Cap the number of permitopen/permitlisten directives allowed
      to appear on a single authorized_keys line.
    - All: Fix a number of memory leaks (one-off or on exit paths).
    - ssh(1), sshd(8): Check for convtime() refusing to accept times that
      resolve to LONG_MAX.
    - ssh(1): Slightly more instructive error message when the user
      specifies multiple -J options on the command-line (closes: #929669).
    - ssh-agent(1): Process agent requests for RSA certificate private keys
      using correct signature algorithm when requested.
    - sftp(1): Check for user@host when parsing sftp target. This allows
      user@[1.2.3.4] to work without a path.
    - sshd(8): Enlarge format buffer size for certificate serial number so
      the log message can record any 64-bit integer without truncation.
    - sshd(8): For PermitOpen violations add the remote host and port to be
      able to more easily ascertain the source of the request. Add the same
      logging for PermitListen violations which were not previously logged
      at all.
    - scp(1), sftp(1): Use the correct POSIX format style for left
      justification for the transfer progress meter.
    - sshd(8): When examining a configuration using sshd -T, assume any
      attribute not provided by -C does not match, which allows it to work
      when sshd_config contains a Match directive with or without -C.
    - ssh(1), ssh-keygen(1): Downgrade PKCS#11 "provider returned no slots"
      warning from log level error to debug. This is common when attempting
      to enumerate keys on smartcard readers with no cards plugged in.
    - ssh(1), ssh-keygen(1): Do not unconditionally log in to PKCS#11
      tokens. Avoids spurious PIN prompts for keys not selected for
      authentication in ssh(1) and when listing public keys available in a
      token using ssh-keygen(1).
    - ssh(1), sshd(8): Fix typo that prevented detection of Linux VRF.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow mprotect(2) with
      PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
      heap allocators.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow the s390-specific
      ioctl for ECC hardware support.
  * Re-enable hardening on hppa, since the corresponding GCC bug is
    apparently fixed.

Author: Colin Watson
Author Date: 2019-10-10 09:23:19 UTC

Import patches-unapplied version 1:8.1p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a6daf79f7a01a74df521518125b429cf64dd4fbd

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-8.1):
    - ssh(1), sshd(8), ssh-agent(1): Add protection for private keys at rest
      in RAM against speculation and memory side-channel attacks like
      Spectre, Meltdown and Rambleed. This release encrypts private keys
      when they are not in use with a symmetric key that is derived from a
      relatively large "prekey" consisting of random data (currently 16KB).
    - ssh(1): Allow %n to be expanded in ProxyCommand strings.
    - ssh(1), sshd(8): Allow prepending a list of algorithms to the default
      set by starting the list with the '^' character, e.g.
      "HostKeyAlgorithms ^ssh-ed25519".
    - ssh-keygen(1): Add an experimental lightweight signature and
      verification ability. Signatures may be made using regular ssh keys
      held on disk or stored in a ssh-agent and verified against an
      authorized_keys-like list of allowed keys. Signatures embed a
      namespace that prevents confusion and attacks between different usage
      domains (e.g. files vs email).
    - ssh-keygen(1): Print key comment when extracting public key from a
      private key.
    - ssh-keygen(1): Accept the verbose flag when searching for host keys in
      known hosts (i.e. "ssh-keygen -vF host") to print the matching host's
      random-art signature too.
    - All: Support PKCS8 as an optional format for storage of private keys
      to disk. The OpenSSH native key format remains the default, but PKCS8
      is a superior format to PEM if interoperability with non-OpenSSH
      software is required, as it may use a less insecure key derivation
      function than PEM's.
    - ssh(1): If a PKCS#11 token returns no keys then try to login and
      refetch them.
    - ssh(1): Produce a useful error message if the user's shell is set
      incorrectly during "match exec" processing.
    - sftp(1): Allow the maximum uint32 value for the argument passed to -b
      which allows better error messages from later validation.
    - ssh-keyscan(1): Include SHA2-variant RSA key algorithms in KEX
      proposal; allows ssh-keyscan to harvest keys from servers that disable
      old SHA1 ssh-rsa.
    - sftp(1): Print explicit "not modified" message if a file was requested
      for resumed download but was considered already complete.
    - sftp(1): Fix a typo and make <esc><right> move right to the closest
      end of a word just like <esc><left> moves left to the closest
      beginning of a word.
    - sshd(8): Cap the number of permitopen/permitlisten directives allowed
      to appear on a single authorized_keys line.
    - All: Fix a number of memory leaks (one-off or on exit paths).
    - ssh(1), sshd(8): Check for convtime() refusing to accept times that
      resolve to LONG_MAX.
    - ssh(1): Slightly more instructive error message when the user
      specifies multiple -J options on the command-line (closes: #929669).
    - ssh-agent(1): Process agent requests for RSA certificate private keys
      using correct signature algorithm when requested.
    - sftp(1): Check for user@host when parsing sftp target. This allows
      user@[1.2.3.4] to work without a path.
    - sshd(8): Enlarge format buffer size for certificate serial number so
      the log message can record any 64-bit integer without truncation.
    - sshd(8): For PermitOpen violations add the remote host and port to be
      able to more easily ascertain the source of the request. Add the same
      logging for PermitListen violations which were not previously logged
      at all.
    - scp(1), sftp(1): Use the correct POSIX format style for left
      justification for the transfer progress meter.
    - sshd(8): When examining a configuration using sshd -T, assume any
      attribute not provided by -C does not match, which allows it to work
      when sshd_config contains a Match directive with or without -C.
    - ssh(1), ssh-keygen(1): Downgrade PKCS#11 "provider returned no slots"
      warning from log level error to debug. This is common when attempting
      to enumerate keys on smartcard readers with no cards plugged in.
    - ssh(1), ssh-keygen(1): Do not unconditionally log in to PKCS#11
      tokens. Avoids spurious PIN prompts for keys not selected for
      authentication in ssh(1) and when listing public keys available in a
      token using ssh-keygen(1).
    - ssh(1), sshd(8): Fix typo that prevented detection of Linux VRF.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow mprotect(2) with
      PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened
      heap allocators.
    - sshd(8): In the Linux seccomp-bpf sandbox, allow the s390-specific
      ioctl for ECC hardware support.
  * Re-enable hardening on hppa, since the corresponding GCC bug is
    apparently fixed.

Author: Steve Langasek
Author Date: 2019-09-12 18:53:16 UTC

Import patches-unapplied version 1:8.0p1-6build1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 9ef8c469a12e6e28fe032b664138d0970111e14e

New changelog entries:
  * No-change rebuild to drop runit dependency

Author: Steve Langasek
Author Date: 2019-09-12 18:53:16 UTC

Import patches-unapplied version 1:8.0p1-6build1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 9ef8c469a12e6e28fe032b664138d0970111e14e

New changelog entries:
  * No-change rebuild to drop runit dependency

Author: Steve Langasek
Author Date: 2019-09-12 18:53:16 UTC

Import patches-unapplied version 1:8.0p1-6build1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 9ef8c469a12e6e28fe032b664138d0970111e14e

New changelog entries:
  * No-change rebuild to drop runit dependency

Author: Moritz Mühlenhoff
Author Date: 2019-07-15 13:32:09 UTC

Import patches-applied version 1:7.4p1-10+deb9u7 to applied/debian/stretch

Imported using git-ubuntu import.

Changelog parent: 9d23450054e12d8ec89e3ab77832af0fb677dd15
Unapplied parent: e9593fb325eec211f0c21a0baac976379362e106

New changelog entries:
  * Fix deadlock when the keys/principals command produces a lot of
    output and a key is matched early (upstream commit
    ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2). (Closes: #905226)

Author: Moritz Mühlenhoff
Author Date: 2019-07-15 13:32:09 UTC

Import patches-unapplied version 1:7.4p1-10+deb9u7 to debian/stretch

Imported using git-ubuntu import.

Changelog parent: 351abd2dedbbae78bd4be284347f8cd32cf1b224

New changelog entries:
  * Fix deadlock when the keys/principals command produces a lot of
    output and a key is matched early (upstream commit
    ddd3d34e5c7979ca6f4a3a98a7d219a4ed3d98c2). (Closes: #905226)

Author: Colin Watson
Author Date: 2019-06-14 13:32:12 UTC

Import patches-unapplied version 1:8.0p1-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b8798708f603f6479336174a476ff5fa4f3ddfa0

New changelog entries:
  * Fix interop tests for recent regress changes.

Author: Colin Watson
Author Date: 2019-06-14 13:32:12 UTC

Import patches-applied version 1:8.0p1-2 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 9bda313d9b937f049fb833fdf2a15bf3a450dde9
Unapplied parent: f4a15c03f1d233ec0b13e89034d5b83915779763

New changelog entries:
  * Fix interop tests for recent regress changes.

Author: Colin Watson
Author Date: 2019-04-08 10:13:04 UTC

Import patches-unapplied version 1:7.9p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8505d87e9de6b7ca25aee09fb94e7e44774fbcca

New changelog entries:
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
    "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
    LP: #1822370).

Author: Colin Watson
Author Date: 2019-04-08 10:13:04 UTC

Import patches-unapplied version 1:7.9p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8505d87e9de6b7ca25aee09fb94e7e44774fbcca

New changelog entries:
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
    "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
    LP: #1822370).

Author: Colin Watson
Author Date: 2019-04-08 10:13:04 UTC

Import patches-unapplied version 1:7.9p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8505d87e9de6b7ca25aee09fb94e7e44774fbcca

New changelog entries:
  * Temporarily revert IPQoS defaults to pre-7.8 values until issues with
    "iptables -m tos" and VMware have been fixed (closes: #923879, #926229;
    LP: #1822370).

Author: Marc Deslauriers
Author Date: 2019-03-04 12:50:38 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2badf1faa74781b21d9f164a4617041f51502fa5

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:50:38 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2badf1faa74781b21d9f164a4617041f51502fa5

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:50:38 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.8 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 2badf1faa74781b21d9f164a4617041f51502fa5

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:52:28 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3c2e5adf20c1c2b01e8336a44e705c4ec593147f

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:52:28 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3c2e5adf20c1c2b01e8336a44e705c4ec593147f

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:52:28 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.13 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 3c2e5adf20c1c2b01e8336a44e705c4ec593147f

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-pre1.patch: add reallocarray to
      openbsd-compat/Makefile.in, openbsd-compat/openbsd-compat.h,
      openbsd-compat/reallocarray.c.
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:17:51 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d33d1e6b1fb50bab7d7458acb8105bcd529ed7c1

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:17:51 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d33d1e6b1fb50bab7d7458acb8105bcd529ed7c1

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:17:51 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.3 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: d33d1e6b1fb50bab7d7458acb8105bcd529ed7c1

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:38:06 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4dd05ffa0728664f1698c61ab4999e853909b395

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:38:06 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4dd05ffa0728664f1698c61ab4999e853909b395

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Marc Deslauriers
Author Date: 2019-03-04 12:38:06 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.3 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 4dd05ffa0728664f1698c61ab4999e853909b395

New changelog entries:
  * SECURITY UPDATE: Incomplete fix for CVE-2019-6111
    - debian/patches/CVE-2019-6111-2.patch: add another fix to the filename
      check in scp.c.
    - CVE-2019-6111
  * Fixed inverted CVE numbers in patch filenames and in previous
    changelog.

Author: Karl Stenerud
Author Date: 2018-11-07 13:52:49 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 917f739deb27c6440777c8330cfeeb46307775ec

Author: Karl Stenerud
Author Date: 2018-08-21 17:45:26 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Upload parent: 5c1b475e48084fa29210e93681329901fcbc9186

Author: Colin Watson
Author Date: 2018-08-17 13:09:32 UTC

Import patches-unapplied version 1:7.7p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ae80699317094c1deba08dfc4c3b21322b9567e6

New changelog entries:
  * Apply upstream patch to delay bailout for invalid authenticating user
    until after the packet containing the request has been fully parsed
    (closes: #906236).

Author: Ubuntu Git Importer
Author Date: 2018-04-07 16:03:10 UTC

pristine-tar data for openssh_7.7p1.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 13:44:20 UTC

pristine-tar data for openssh_7.6p1.orig.tar.gz

Author: Colin Watson
Author Date: 2018-02-10 02:31:46 UTC

Import patches-unapplied version 1:7.6p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2c6c36a53248355c46609e8c5cbb431c83542d9

New changelog entries:
  * Move VCS to salsa.debian.org.
  * Add a preseeding-only openssh-server/password-authentication debconf
    template that can be used to disable password authentication (closes:
    #878945).

Author: Colin Watson
Author Date: 2018-02-10 02:31:46 UTC

Import patches-unapplied version 1:7.6p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2c6c36a53248355c46609e8c5cbb431c83542d9

New changelog entries:
  * Move VCS to salsa.debian.org.
  * Add a preseeding-only openssh-server/password-authentication debconf
    template that can be used to disable password authentication (closes:
    #878945).

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Colin Watson
Author Date: 2017-11-18 10:56:29 UTC

Import patches-applied version 1:6.7p1-5+deb8u4 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 6837b65d638f49f7169ecb1d24dcb54d4fd5712b
Unapplied parent: 4f46b69ded18ce196025a25e2064a5a10cf12794

New changelog entries:
  * Test configuration before starting or reloading sshd under systemd
    (closes: #865770).
  * Make "--" before the hostname terminate argument processing after the
    hostname too (closes: #873201).

Author: Colin Watson
Author Date: 2017-11-18 10:56:29 UTC

Import patches-unapplied version 1:6.7p1-5+deb8u4 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d993ca8d18840e83906a039d8e21899bfe301faf

New changelog entries:
  * Test configuration before starting or reloading sshd under systemd
    (closes: #865770).
  * Make "--" before the hostname terminate argument processing after the
    hostname too (closes: #873201).

Author: Colin Watson
Author Date: 2017-09-01 10:17:19 UTC

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

Author: Colin Watson
Author Date: 2017-09-01 10:17:19 UTC

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

Author: Dimitri John Ledkov
Author Date: 2017-05-03 15:29:20 UTC

Import patches-unapplied version 1:7.4p1-10ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 2d6a7b7a356d897d168dc051cab091e02ee05f47

New changelog entries:
  * s390x: Fix failing to connect to systems that enable ICA crypto
    coprocessor. Cherrypick upstream fixes to big endian sanboxing code,
    and allow hw acceleration in the sandbox. This fixes sandbox errors
    when system is enabled to use ICA crypto coprocessor. LP: #1686618

Author: Dimitri John Ledkov
Author Date: 2017-05-03 15:29:20 UTC

Import patches-unapplied version 1:7.4p1-10ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 2d6a7b7a356d897d168dc051cab091e02ee05f47

New changelog entries:
  * s390x: Fix failing to connect to systems that enable ICA crypto
    coprocessor. Cherrypick upstream fixes to big endian sanboxing code,
    and allow hw acceleration in the sandbox. This fixes sandbox errors
    when system is enabled to use ICA crypto coprocessor. LP: #1686618

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Colin Watson
Author Date: 2017-03-30 10:19:04 UTC

Import patches-unapplied version 1:7.4p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 94a006df0dee470be9fb627968eaa05377579243

New changelog entries:
  * Move privilege separation directory and PID file from /var/run/ to /run/
    (closes: #760422, #856825).
  * Unbreak Unix domain socket forwarding for root (closes: #858252).

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Colin Watson
Author Date: 2016-08-07 21:45:26 UTC

Import patches-unapplied version 1:7.3p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 500332226cc5dd797169826a715b044d77b16fc8

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-7.3):
    - SECURITY: sshd(8): Mitigate a potential denial-of-service attack
      against the system's crypt(3) function via sshd(8). An attacker could
      send very long passwords that would cause excessive CPU use in
      crypt(3). sshd(8) now refuses to accept password authentication
      requests of length greater than 1024 characters.
    - SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC
      padding oracle countermeasures. Note that CBC ciphers are disabled by
      default and only included for legacy compatibility.
    - SECURITY: ssh(1), sshd(8): Improve operation ordering of MAC
      verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms
      to verify the MAC before decrypting any ciphertext. This removes the
      possibility of timing differences leaking facts about the plaintext,
      though no such leakage has been observed.
    - ssh(1): Add a ProxyJump option and corresponding -J command-line flag
      to allow simplified indirection through a one or more SSH bastions or
      "jump hosts".
    - ssh(1): Add an IdentityAgent option to allow specifying specific agent
      sockets instead of accepting one from the environment.
    - ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
      optionally overridden when using ssh -W.
    - ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per
      draft-sgtatham-secsh-iutf8-00 (closes: #337041, LP: #394570).
    - ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K,
      4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
    - ssh-keygen(1), ssh(1), sshd(8): Support SHA256 and SHA512 RSA
      signatures in certificates.
    - ssh(1): Add an Include directive for ssh_config(5) files (closes:
      #536031).
    - ssh(1): Permit UTF-8 characters in pre-authentication banners sent
      from the server.
    - ssh(1), sshd(8): Reduce the syslog level of some relatively common
      protocol events from LOG_CRIT.
    - sshd(8): Refuse AuthenticationMethods="" in configurations and accept
      AuthenticationMethods=any for the default behaviour of not requiring
      multiple authentication.
    - sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!"
      message when forward and reverse DNS don't match.
    - ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
      failures when both ExitOnForwardFailure and hostname canonicalisation
      are enabled.
    - sshd(8): Remove fallback from moduli to obsolete "primes" file that
      was deprecated in 2001 (LP: #1528251).
    - sshd_config(5): Correct description of UseDNS: it affects ssh hostname
      processing for authorized_keys, not known_hosts.
    - sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit
      is set; previously keepalive packets were not being sent.
    - sshd(8): Whitelist more architectures to enable the seccomp-bpf
      sandbox.
    - scp(1): Respect the local user's LC_CTYPE locale (closes: #396295).
    - Take character display widths into account for the progressmeter
      (closes: #407088).

Author: Salvatore Bonaccorso
Author Date: 2016-04-14 07:39:14 UTC

Import patches-applied version 1:6.0p1-4+deb7u4 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 6aa89eab95a8f49213952d8a2c3487c66fe88f98
Unapplied parent: 6dcab59711f77dffe3f00c8825747c7eed51d40c

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes

Author: Salvatore Bonaccorso
Author Date: 2016-04-14 07:39:14 UTC

Import patches-unapplied version 1:6.0p1-4+deb7u4 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: e9a8f23e7053a2f886cf8ed43ca87cde9b44f710

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Colin Watson
Author Date: 2016-04-15 15:40:07 UTC

Import patches-unapplied version 1:7.2p2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f1922cb23326618db9ab52158d24fd1a07db52de

New changelog entries:
  * Drop dependency on libnss-files-udeb (closes: #819686).
  * Policy version 3.9.7: no changes required.

Author: Mathieu Trudel-Lapierre
Author Date: 2016-01-26 15:38:35 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.6 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f9c816c12b5b33107203e4f8ec2ea7910b3f6543

New changelog entries:
  * debian/control, debian/rules: enable libaudit support. (LP: #1478087)

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Colin Watson
Author Date: 2015-09-10 11:26:11 UTC

Import patches-unapplied version 1:6.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6420725be6749fe2f8b0eed37cbd862f3aff6a6

New changelog entries:
  [ Colin Watson ]
  * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
    invocation onto a separate line to make it easier to copy and paste
    (LP: #1491532).
  [ Tyler Hicks ]
  * Build with audit support on Linux (closes: #797727, LP: #1478087).

Author: Colin Watson
Author Date: 2015-09-10 11:26:11 UTC

Import patches-unapplied version 1:6.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6420725be6749fe2f8b0eed37cbd862f3aff6a6

New changelog entries:
  [ Colin Watson ]
  * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
    invocation onto a separate line to make it easier to copy and paste
    (LP: #1491532).
  [ Tyler Hicks ]
  * Build with audit support on Linux (closes: #797727, LP: #1478087).

Author: Martin Pitt
Author Date: 2015-04-09 07:20:36 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments to
    not apply to fresh installs.

Author: Martin Pitt
Author Date: 2015-04-09 07:20:36 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments to
    not apply to fresh installs.

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-04-03 00:05:27 UTC

Import patches-unapplied version 1:5.5p1-6+squeeze5 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 5d2b040428a7af04a8f6518caaadb47112fd3168

New changelog entries:
  * CVE-2014-2532: Disallow invalid characters in environment variable names
    to prevent bypassing AcceptEnv wildcard restrictions.
  * CVE-2014-2653: Attempt SSHFP lookup even if server presents a
    certificate (closes: #742513).

Author: Colin Watson
Author Date: 2014-04-03 00:05:27 UTC

Import patches-applied version 1:5.5p1-6+squeeze5 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 71dc730097933fc3a9c39dfe94b6f76593b12bca
Unapplied parent: 619cc926af608777df93d1d14451a6cdfc8465bb

New changelog entries:
  * CVE-2014-2532: Disallow invalid characters in environment variable names
    to prevent bypassing AcceptEnv wildcard restrictions.
  * CVE-2014-2653: Attempt SSHFP lookup even if server presents a
    certificate (closes: #742513).

Author: Colin Watson
Author Date: 2014-05-02 08:53:07 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.5 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b22b989400911aec4cb50cd30e135617a5582d2e

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

Author: Colin Watson
Author Date: 2014-05-02 08:53:07 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.5 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b22b989400911aec4cb50cd30e135617a5582d2e

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

Author: Louis Bouchard
Author Date: 2014-04-22 13:28:40 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.4 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 7f37ffb759821df55913da5781887e7ee02ec61f

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

Author: Louis Bouchard
Author Date: 2014-04-22 14:52:59 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.4 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 24d9eea4a7ee1c02394ae190ed3cc5a3ebe3a4eb

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

Author: Colin Watson
Author Date: 2014-04-14 11:20:48 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1de88f18ffa2120cdf2e0825f4f081910c57d26e

New changelog entries:
  * Upload from Debian git repository to fix a release-critical bug.
  * Debconf translations:
    - French (thanks, Étienne Gilli; closes: #743242).
  * Never signal the service supervisor with SIGSTOP more than once, to
    prevent a hang on re-exec (thanks, Robie Basak; LP: #1306877).

Author: Marc Deslauriers
Author Date: 2014-04-07 13:32:06 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 6c14194051147ea65a08bb435675ed53a31a3b6a

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Colin Watson
Author Date: 2013-07-02 21:54:49 UTC

Import patches-unapplied version 1:6.2p2-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85a198a5d21103ae85a6346421c07fcb114480ea

New changelog entries:
  * Update config.guess and config.sub automatically at build time.
    dh_autoreconf does not take care of that by default because openssh does
    not use automake.

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2012-08-30 23:46:54 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 70f1cb2b6a1d11110e0ef2cd259a6445eaf0a829

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Colin Watson
Author Date: 2012-04-02 10:43:31 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: a7ab0a248f719c14aeb65ada89a2459ff11a74af

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.
  * Sync up pkg-config variable used in configure's ConsoleKit test with
    that used for libedit.

Author: Colin Watson
Author Date: 2011-07-29 15:56:27 UTC

Import patches-unapplied version 1:5.8p1-7ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 82899b2a78e280972a4ae664909700a9ee013814

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Colin Watson
Author Date: 2011-07-29 15:56:27 UTC

Import patches-unapplied version 1:5.8p1-7ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 82899b2a78e280972a4ae664909700a9ee013814

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 05:46:07 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 7bd95092480267a8f2bae97184c0225dea5f2cd6

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-04-01 23:05:43 UTC

Import patches-unapplied version 1:5.8p1-1ubuntu3 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 9cd08ca94527ef262c1a9362052d4c498a1fd089

New changelog entries:
  * Start on runlevel [2345] so that switching back to runlevel 2
    from single user mode starts ssh again. (LP: #747756)