Author: Ubuntu Git Importer
Author Date: 2019-02-16 16:57:09 UTC

DSC file for 1:7.4p1-10+deb9u5

Author: Yves-Alexis Perez
Author Date: 2019-02-08 14:25:55 UTC

Import patches-applied version 1:7.4p1-10+deb9u5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c810f440ab7ca850d954dcdc5f0255d583eb97fc
Unapplied parent: dae35817e2b75c448cde7d8480bf70f210cd98b5

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2018-20685: disallow empty filenames or ones that refer to the current
    directory (Closes: #919101)
  * CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412)
  * CVE-2019-6111: check in scp client that filenames sent during
    remote->local directory copies satisfy the wildcards specified by the user

Author: Yves-Alexis Perez
Author Date: 2019-02-08 14:25:55 UTC

Import patches-unapplied version 1:7.4p1-10+deb9u5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1ced64b7383f6f7235c564e65ad9606a4f2ca4a5

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2018-20685: disallow empty filenames or ones that refer to the current
    directory (Closes: #919101)
  * CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412)
  * CVE-2019-6111: check in scp client that filenames sent during
    remote->local directory copies satisfy the wildcards specified by the user

Author: Yves-Alexis Perez
Author Date: 2019-02-08 14:25:55 UTC

Import patches-applied version 1:7.4p1-10+deb9u5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: c810f440ab7ca850d954dcdc5f0255d583eb97fc
Unapplied parent: dae35817e2b75c448cde7d8480bf70f210cd98b5

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2018-20685: disallow empty filenames or ones that refer to the current
    directory (Closes: #919101)
  * CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412)
  * CVE-2019-6111: check in scp client that filenames sent during
    remote->local directory copies satisfy the wildcards specified by the user

Author: Yves-Alexis Perez
Author Date: 2019-02-08 14:25:55 UTC

Import patches-unapplied version 1:7.4p1-10+deb9u5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 1ced64b7383f6f7235c564e65ad9606a4f2ca4a5

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2018-20685: disallow empty filenames or ones that refer to the current
    directory (Closes: #919101)
  * CVE-2019-6109: sanitize scp filenames via snmprintf (Closes: #793412)
  * CVE-2019-6111: check in scp client that filenames sent during
    remote->local directory copies satisfy the wildcards specified by the user

Author: Ubuntu Git Importer
Author Date: 2019-02-08 23:22:56 UTC

DSC file for 1:7.9p1-6

Author: Colin Watson
Author Date: 2019-02-08 16:26:35 UTC

Import patches-unapplied version 1:7.9p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7a993f6773bbf479168711bb4741cf03ef47ebb8

New changelog entries:
  * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
    snmprintf (closes: #793412).
  * CVE-2019-6111: Apply upstream patch to check in scp client that
    filenames sent during remote->local directory copies satisfy the
    wildcard specified by the user.

Author: Colin Watson
Author Date: 2019-02-08 16:26:35 UTC

Import patches-applied version 1:7.9p1-6 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 60f41472dc5c25414ec8918521172795d31fd483
Unapplied parent: 9a20119703d60c884004a8494b601834939acd75

New changelog entries:
  * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
    snmprintf (closes: #793412).
  * CVE-2019-6111: Apply upstream patch to check in scp client that
    filenames sent during remote->local directory copies satisfy the
    wildcard specified by the user.

Author: Colin Watson
Author Date: 2019-02-08 16:26:35 UTC

Import patches-unapplied version 1:7.9p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7a993f6773bbf479168711bb4741cf03ef47ebb8

New changelog entries:
  * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
    snmprintf (closes: #793412).
  * CVE-2019-6111: Apply upstream patch to check in scp client that
    filenames sent during remote->local directory copies satisfy the
    wildcard specified by the user.

Author: Colin Watson
Author Date: 2019-02-08 16:26:35 UTC

Import patches-unapplied version 1:7.9p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7a993f6773bbf479168711bb4741cf03ef47ebb8

New changelog entries:
  * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
    snmprintf (closes: #793412).
  * CVE-2019-6111: Apply upstream patch to check in scp client that
    filenames sent during remote->local directory copies satisfy the
    wildcard specified by the user.

Author: Colin Watson
Author Date: 2019-02-08 16:26:35 UTC

Import patches-unapplied version 1:7.9p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7a993f6773bbf479168711bb4741cf03ef47ebb8

New changelog entries:
  * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
    snmprintf (closes: #793412).
  * CVE-2019-6111: Apply upstream patch to check in scp client that
    filenames sent during remote->local directory copies satisfy the
    wildcard specified by the user.

Author: Colin Watson
Author Date: 2019-02-08 16:26:35 UTC

Import patches-unapplied version 1:7.9p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7a993f6773bbf479168711bb4741cf03ef47ebb8

New changelog entries:
  * CVE-2019-6109: Apply upstream patches to sanitize scp filenames via
    snmprintf (closes: #793412).
  * CVE-2019-6111: Apply upstream patch to check in scp client that
    filenames sent during remote->local directory copies satisfy the
    wildcard specified by the user.

Author: Marc Deslauriers
Author Date: 2019-01-31 13:35:48 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 504956393df5eaa1b1547af1993db23bf6955180

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 13:35:48 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 504956393df5eaa1b1547af1993db23bf6955180

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 14:03:12 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 0ae169d3140b5cd023a5b4fd0c9a24a1bd8fd528

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 14:03:12 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 0ae169d3140b5cd023a5b4fd0c9a24a1bd8fd528

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 14:03:12 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.7 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 0ae169d3140b5cd023a5b4fd0c9a24a1bd8fd528

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 16:18:29 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.12 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1fb1ec9df8260d00ce12d988fb544cb6c0297b6f

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 16:18:29 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.12 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1fb1ec9df8260d00ce12d988fb544cb6c0297b6f

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 13:58:34 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a68214c9e9469639c28d396ff88f6b1471772077

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 13:58:34 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a68214c9e9469639c28d396ff88f6b1471772077

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 13:58:34 UTC

Import patches-unapplied version 1:7.6p1-4ubuntu0.2 to ubuntu/bionic-security

Imported using git-ubuntu import.

Changelog parent: a68214c9e9469639c28d396ff88f6b1471772077

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 16:18:29 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.12 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 1fb1ec9df8260d00ce12d988fb544cb6c0297b6f

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-pre1.patch: backport snmprintf from
      newer OpenSSH in Makefile.in, utf8.c, utf8.h, configure.ac.
    - debian/patches/CVE-2019-6111-pre2.patch: update vis.h and vis.c from
      newer OpenSSH.
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Marc Deslauriers
Author Date: 2019-01-31 13:35:48 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.2 to ubuntu/cosmic-security

Imported using git-ubuntu import.

Changelog parent: 504956393df5eaa1b1547af1993db23bf6955180

New changelog entries:
  * SECURITY UPDATE: access restrictions bypass in scp
    - debian/patches/CVE-2018-20685.patch: disallow empty filenames
      or ones that refer to the current directory in scp.c.
    - CVE-2018-20685
  * SECURITY UPDATE: scp client spoofing via object name
    - debian/patches/CVE-2019-6109.patch: make sure the filenames match
      the wildcard specified by the user, and add new flag to relax the new
      restrictions in scp.c, scp.1.
    - CVE-2019-6109
  * SECURITY UPDATE: scp client missing received object name validation
    - debian/patches/CVE-2019-6111-1.patch: sanitize scp filenames via
      snmprintf in atomicio.c, progressmeter.c, progressmeter.h,
      scp.c, sftp-client.c.
    - debian/patches/CVE-2019-6111-2.patch: force progressmeter updates in
      progressmeter.c, progressmeter.h, scp.c, sftp-client.c.
    - CVE-2019-6111

Author: Karl Stenerud
Author Date: 2018-11-07 13:52:49 UTC

Import patches-unapplied version 1:7.7p1-4ubuntu0.1 to ubuntu/cosmic-proposed

Imported using git-ubuntu import.

Upload parent: 917f739deb27c6440777c8330cfeeb46307775ec

Author: Karl Stenerud
Author Date: 2018-08-21 17:45:26 UTC

Import patches-unapplied version 1:7.2p2-4ubuntu2.5 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Upload parent: 5c1b475e48084fa29210e93681329901fcbc9186

Author: Colin Watson
Author Date: 2018-08-17 13:09:32 UTC

Import patches-unapplied version 1:7.7p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ae80699317094c1deba08dfc4c3b21322b9567e6

New changelog entries:
  * Apply upstream patch to delay bailout for invalid authenticating user
    until after the packet containing the request has been fully parsed
    (closes: #906236).

Author: Ubuntu Git Importer
Author Date: 2018-04-07 16:03:10 UTC

pristine-tar data for openssh_7.7p1.orig.tar.gz

Author: Ubuntu Git Importer
Author Date: 2018-03-07 13:44:20 UTC

pristine-tar data for openssh_7.6p1.orig.tar.gz

Author: Colin Watson
Author Date: 2018-02-10 02:31:46 UTC

Import patches-unapplied version 1:7.6p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2c6c36a53248355c46609e8c5cbb431c83542d9

New changelog entries:
  * Move VCS to salsa.debian.org.
  * Add a preseeding-only openssh-server/password-authentication debconf
    template that can be used to disable password authentication (closes:
    #878945).

Author: Colin Watson
Author Date: 2018-02-10 02:31:46 UTC

Import patches-unapplied version 1:7.6p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f2c6c36a53248355c46609e8c5cbb431c83542d9

New changelog entries:
  * Move VCS to salsa.debian.org.
  * Add a preseeding-only openssh-server/password-authentication debconf
    template that can be used to disable password authentication (closes:
    #878945).

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Marc Deslauriers
Author Date: 2018-01-16 13:28:47 UTC

Import patches-unapplied version 1:7.5p1-10ubuntu0.1 to ubuntu/artful-security

Imported using git-ubuntu import.

Changelog parent: c931f6058b13a610b1e16d3734d1070f262e6383

New changelog entries:
  * SECURITY UPDATE: DoS via zero-length file creation in readonly mode
    - debian/patches/CVE-2017-15906.patch: disallow creation of empty files
      in sftp-server.c.
    - CVE-2017-15906

Author: Colin Watson
Author Date: 2017-11-18 10:56:29 UTC

Import patches-unapplied version 1:6.7p1-5+deb8u4 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: d993ca8d18840e83906a039d8e21899bfe301faf

New changelog entries:
  * Test configuration before starting or reloading sshd under systemd
    (closes: #865770).
  * Make "--" before the hostname terminate argument processing after the
    hostname too (closes: #873201).

Author: Colin Watson
Author Date: 2017-11-18 10:56:29 UTC

Import patches-applied version 1:6.7p1-5+deb8u4 to applied/debian/jessie

Imported using git-ubuntu import.

Changelog parent: 6837b65d638f49f7169ecb1d24dcb54d4fd5712b
Unapplied parent: 4f46b69ded18ce196025a25e2064a5a10cf12794

New changelog entries:
  * Test configuration before starting or reloading sshd under systemd
    (closes: #865770).
  * Make "--" before the hostname terminate argument processing after the
    hostname too (closes: #873201).

Author: Colin Watson
Author Date: 2017-09-01 10:17:19 UTC

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

Author: Colin Watson
Author Date: 2017-09-01 10:17:19 UTC

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

Author: Colin Watson
Author Date: 2017-06-06 14:17:58 UTC

Import patches-unapplied version 1:7.5p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 1601afa223bc935cee4688c481d60c99e3e90a28

New changelog entries:
  * Drop README.Debian section on privilege separation, as it's no longer
    optional.
  * Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
    (LP: #1689299).
  * Fix incoming compression statistics (thanks, Russell Coker; closes:
    #797964).
  * Relicense debian/* under a two-clause BSD licence for bidirectional
    compatibility with upstream, with permission from Matthew Vernon and
    others.

Author: Colin Watson
Author Date: 2017-06-06 14:17:58 UTC

Import patches-applied version 1:7.5p1-4 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 43ca0c5b69c3fa3e5a18e4cc51544e368c313235
Unapplied parent: edb0b57886219246524fd714e2a0bc94dfe6f242

New changelog entries:
  * Drop README.Debian section on privilege separation, as it's no longer
    optional.
  * Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
    (LP: #1689299).
  * Fix incoming compression statistics (thanks, Russell Coker; closes:
    #797964).
  * Relicense debian/* under a two-clause BSD licence for bidirectional
    compatibility with upstream, with permission from Matthew Vernon and
    others.

Author: Dimitri John Ledkov
Author Date: 2017-05-03 15:29:20 UTC

Import patches-unapplied version 1:7.4p1-10ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 2d6a7b7a356d897d168dc051cab091e02ee05f47

New changelog entries:
  * s390x: Fix failing to connect to systems that enable ICA crypto
    coprocessor. Cherrypick upstream fixes to big endian sanboxing code,
    and allow hw acceleration in the sandbox. This fixes sandbox errors
    when system is enabled to use ICA crypto coprocessor. LP: #1686618

Author: Dimitri John Ledkov
Author Date: 2017-05-03 15:29:20 UTC

Import patches-unapplied version 1:7.4p1-10ubuntu0.1 to ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 2d6a7b7a356d897d168dc051cab091e02ee05f47

New changelog entries:
  * s390x: Fix failing to connect to systems that enable ICA crypto
    coprocessor. Cherrypick upstream fixes to big endian sanboxing code,
    and allow hw acceleration in the sandbox. This fixes sandbox errors
    when system is enabled to use ICA crypto coprocessor. LP: #1686618

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Christian Ehrhardt 
Author Date: 2017-03-15 13:25:22 UTC

Import patches-unapplied version 1:7.3p1-1ubuntu0.1 to ubuntu/yakkety-proposed

Imported using git-ubuntu import.

Changelog parent: 226f77ba212482d0ed31bfd38da81801fcd7ca87

New changelog entries:
  * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
    already-hashed entries (LP: #1668093).
  * Fix ssh-keyscan to correctly hash hosts with a port number (LP: #1670745).

Author: Colin Watson
Author Date: 2017-03-30 10:19:04 UTC

Import patches-unapplied version 1:7.4p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 94a006df0dee470be9fb627968eaa05377579243

New changelog entries:
  * Move privilege separation directory and PID file from /var/run/ to /run/
    (closes: #760422, #856825).
  * Unbreak Unix domain socket forwarding for root (closes: #858252).

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Marc Deslauriers
Author Date: 2016-08-11 12:44:39 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.10 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 0d8db84deca89c690a603a7f6f5904ede638d7e8

New changelog entries:
  * SECURITY UPDATE: user enumeration via covert timing channel
    - debian/patches/CVE-2016-6210-1.patch: determine appropriate salt for
      invalid users in auth-passwd.c, openbsd-compat/xcrypt.c.
    - debian/patches/CVE-2016-6210-2.patch: mitigate timing of disallowed
      users PAM logins in auth-pam.c.
    - debian/patches/CVE-2016-6210-3.patch: search users for one with a
      valid salt in openbsd-compat/xcrypt.c.
    - CVE-2016-6210
  * SECURITY UPDATE: denial of service via long passwords
    - debian/patches/CVE-2016-6515.patch: skip passwords longer than 1k in
      length in auth-passwd.c.
    - CVE-2016-6515

Author: Colin Watson
Author Date: 2016-08-07 21:45:26 UTC

Import patches-unapplied version 1:7.3p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 500332226cc5dd797169826a715b044d77b16fc8

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-7.3):
    - SECURITY: sshd(8): Mitigate a potential denial-of-service attack
      against the system's crypt(3) function via sshd(8). An attacker could
      send very long passwords that would cause excessive CPU use in
      crypt(3). sshd(8) now refuses to accept password authentication
      requests of length greater than 1024 characters.
    - SECURITY: ssh(1), sshd(8): Fix observable timing weakness in the CBC
      padding oracle countermeasures. Note that CBC ciphers are disabled by
      default and only included for legacy compatibility.
    - SECURITY: ssh(1), sshd(8): Improve operation ordering of MAC
      verification for Encrypt-then-MAC (EtM) mode transport MAC algorithms
      to verify the MAC before decrypting any ciphertext. This removes the
      possibility of timing differences leaking facts about the plaintext,
      though no such leakage has been observed.
    - ssh(1): Add a ProxyJump option and corresponding -J command-line flag
      to allow simplified indirection through a one or more SSH bastions or
      "jump hosts".
    - ssh(1): Add an IdentityAgent option to allow specifying specific agent
      sockets instead of accepting one from the environment.
    - ssh(1): Allow ExitOnForwardFailure and ClearAllForwardings to be
      optionally overridden when using ssh -W.
    - ssh(1), sshd(8): Implement support for the IUTF8 terminal mode as per
      draft-sgtatham-secsh-iutf8-00 (closes: #337041, LP: #394570).
    - ssh(1), sshd(8): Add support for additional fixed Diffie-Hellman 2K,
      4K and 8K groups from draft-ietf-curdle-ssh-kex-sha2-03.
    - ssh-keygen(1), ssh(1), sshd(8): Support SHA256 and SHA512 RSA
      signatures in certificates.
    - ssh(1): Add an Include directive for ssh_config(5) files (closes:
      #536031).
    - ssh(1): Permit UTF-8 characters in pre-authentication banners sent
      from the server.
    - ssh(1), sshd(8): Reduce the syslog level of some relatively common
      protocol events from LOG_CRIT.
    - sshd(8): Refuse AuthenticationMethods="" in configurations and accept
      AuthenticationMethods=any for the default behaviour of not requiring
      multiple authentication.
    - sshd(8): Remove obsolete and misleading "POSSIBLE BREAK-IN ATTEMPT!"
      message when forward and reverse DNS don't match.
    - ssh(1): Deduplicate LocalForward and RemoteForward entries to fix
      failures when both ExitOnForwardFailure and hostname canonicalisation
      are enabled.
    - sshd(8): Remove fallback from moduli to obsolete "primes" file that
      was deprecated in 2001 (LP: #1528251).
    - sshd_config(5): Correct description of UseDNS: it affects ssh hostname
      processing for authorized_keys, not known_hosts.
    - sshd(8): Send ClientAliveInterval pings when a time-based RekeyLimit
      is set; previously keepalive packets were not being sent.
    - sshd(8): Whitelist more architectures to enable the seccomp-bpf
      sandbox.
    - scp(1): Respect the local user's LC_CTYPE locale (closes: #396295).
    - Take character display widths into account for the progressmeter
      (closes: #407088).

Author: Salvatore Bonaccorso
Author Date: 2016-04-14 07:39:14 UTC

Import patches-applied version 1:6.0p1-4+deb7u4 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 6aa89eab95a8f49213952d8a2c3487c66fe88f98
Unapplied parent: 6dcab59711f77dffe3f00c8825747c7eed51d40c

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes

Author: Salvatore Bonaccorso
Author Date: 2016-04-14 07:39:14 UTC

Import patches-unapplied version 1:6.0p1-4+deb7u4 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: e9a8f23e7053a2f886cf8ed43ca87cde9b44f710

New changelog entries:
  * Non-maintainer upload by the Security Team.
  * CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Marc Deslauriers
Author Date: 2016-05-05 11:54:01 UTC

Import patches-unapplied version 1:6.9p1-2ubuntu0.2 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: af0404663af0762cd28b204ba97227cefa303bd1

New changelog entries:
  * SECURITY UPDATE: privilege escalation via environment files when
    UseLogin is configured
    - debian/patches/CVE-2015-8325.patch: ignore PAM environment vars when
      UseLogin is enabled in session.c.
    - CVE-2015-8325
  * SECURITY UPDATE: denial of service via cradted network traffic
    - debian/patches/CVE-2016-1907.patch: fix OOB read in packet code in
      packet.c.
    - CVE-2016-1907
  * SECURITY UPDATE: fallback from untrusted X11-forwarding to trusted
    - debian/patches/CVE-2016-1908-1.patch: use stack memory in
      clientloop.c.
    - debian/patches/CVE-2016-1908-2.patch: eliminate fallback in
      clientloop.c, clientloop.h, mux.c, ssh.c.
    - CVE-2016-1908
  * SECURITY UPDATE: shell-command restrictions bypass via crafted X11
    forwarding data
    - debian/patches/CVE-2016-3115.patch: sanitise characters destined for
      xauth in session.c.
    - CVE-2016-3115

Author: Colin Watson
Author Date: 2016-04-15 15:40:07 UTC

Import patches-unapplied version 1:7.2p2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f1922cb23326618db9ab52158d24fd1a07db52de

New changelog entries:
  * Drop dependency on libnss-files-udeb (closes: #819686).
  * Policy version 3.9.7: no changes required.

Author: Mathieu Trudel-Lapierre
Author Date: 2016-01-26 15:38:35 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu2.6 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f9c816c12b5b33107203e4f8ec2ea7910b3f6543

New changelog entries:
  * debian/control, debian/rules: enable libaudit support. (LP: #1478087)

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Marc Deslauriers
Author Date: 2016-01-13 15:47:46 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 014b4a3ff90ed457cfc5bafeec140f17779cda91

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

Author: Colin Watson
Author Date: 2015-09-10 11:26:11 UTC

Import patches-unapplied version 1:6.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6420725be6749fe2f8b0eed37cbd862f3aff6a6

New changelog entries:
  [ Colin Watson ]
  * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
    invocation onto a separate line to make it easier to copy and paste
    (LP: #1491532).
  [ Tyler Hicks ]
  * Build with audit support on Linux (closes: #797727, LP: #1478087).

Author: Colin Watson
Author Date: 2015-09-10 11:26:11 UTC

Import patches-unapplied version 1:6.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d6420725be6749fe2f8b0eed37cbd862f3aff6a6

New changelog entries:
  [ Colin Watson ]
  * mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen
    invocation onto a separate line to make it easier to copy and paste
    (LP: #1491532).
  [ Tyler Hicks ]
  * Build with audit support on Linux (closes: #797727, LP: #1478087).

Author: Martin Pitt
Author Date: 2015-04-09 07:20:36 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments to
    not apply to fresh installs.

Author: Martin Pitt
Author Date: 2015-04-09 07:20:36 UTC

Import patches-unapplied version 1:6.7p1-5ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments to
    not apply to fresh installs.

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-10-03 11:23:57 UTC

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

Author: Colin Watson
Author Date: 2014-04-03 00:05:27 UTC

Import patches-unapplied version 1:5.5p1-6+squeeze5 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 5d2b040428a7af04a8f6518caaadb47112fd3168

New changelog entries:
  * CVE-2014-2532: Disallow invalid characters in environment variable names
    to prevent bypassing AcceptEnv wildcard restrictions.
  * CVE-2014-2653: Attempt SSHFP lookup even if server presents a
    certificate (closes: #742513).

Author: Colin Watson
Author Date: 2014-04-03 00:05:27 UTC

Import patches-applied version 1:5.5p1-6+squeeze5 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 71dc730097933fc3a9c39dfe94b6f76593b12bca
Unapplied parent: 619cc926af608777df93d1d14451a6cdfc8465bb

New changelog entries:
  * CVE-2014-2532: Disallow invalid characters in environment variable names
    to prevent bypassing AcceptEnv wildcard restrictions.
  * CVE-2014-2653: Attempt SSHFP lookup even if server presents a
    certificate (closes: #742513).

Author: Colin Watson
Author Date: 2014-05-02 08:53:07 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.5 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b22b989400911aec4cb50cd30e135617a5582d2e

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

Author: Colin Watson
Author Date: 2014-05-02 08:53:07 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.5 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b22b989400911aec4cb50cd30e135617a5582d2e

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

Author: Louis Bouchard
Author Date: 2014-04-22 13:28:40 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1.4 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 7f37ffb759821df55913da5781887e7ee02ec61f

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

Author: Louis Bouchard
Author Date: 2014-04-22 14:52:59 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.4 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 24d9eea4a7ee1c02394ae190ed3cc5a3ebe3a4eb

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

Author: Colin Watson
Author Date: 2014-04-14 11:20:48 UTC

Import patches-unapplied version 1:6.6p1-2ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1de88f18ffa2120cdf2e0825f4f081910c57d26e

New changelog entries:
  * Upload from Debian git repository to fix a release-critical bug.
  * Debconf translations:
    - French (thanks, Étienne Gilli; closes: #743242).
  * Never signal the service supervisor with SIGSTOP more than once, to
    prevent a hang on re-exec (thanks, Robie Basak; LP: #1306877).

Author: Marc Deslauriers
Author Date: 2014-04-07 13:32:06 UTC

Import patches-unapplied version 1:6.2p2-6ubuntu0.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 6c14194051147ea65a08bb435675ed53a31a3b6a

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-04-07 13:35:55 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1.2 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: d551d6a14bf146dad78310342784e6734009221c

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Marc Deslauriers
Author Date: 2014-03-21 15:07:31 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7.1 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 7b05a0bf78223073c4de3210e2965d161f1e3b0d

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

Author: Colin Watson
Author Date: 2013-07-02 21:54:49 UTC

Import patches-unapplied version 1:6.2p2-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85a198a5d21103ae85a6346421c07fcb114480ea

New changelog entries:
  * Update config.guess and config.sub automatically at build time.
    dh_autoreconf does not take care of that by default because openssh does
    not use automake.

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2013-03-25 16:58:04 UTC

Import patches-unapplied version 1:6.1p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: b0cb85fb9c4ebf1d98655f871ce454db10320051

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).
  [ Stéphane Graber ]
  * Add ssh-agent upstart user job. This implements something similar to
    the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
    and set the appropriate environment variables (closes: #703906).

Author: Colin Watson
Author Date: 2012-08-30 23:46:54 UTC

Import patches-unapplied version 1:6.0p1-3ubuntu1 to ubuntu/quantal

Imported using git-ubuntu import.

Changelog parent: 70f1cb2b6a1d11110e0ef2cd259a6445eaf0a829

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Colin Watson
Author Date: 2012-04-02 10:43:31 UTC

Import patches-unapplied version 1:5.9p1-5ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: a7ab0a248f719c14aeb65ada89a2459ff11a74af

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.
  * Sync up pkg-config variable used in configure's ConsoleKit test with
    that used for libedit.

Author: Colin Watson
Author Date: 2011-07-29 15:56:27 UTC

Import patches-unapplied version 1:5.8p1-7ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 82899b2a78e280972a4ae664909700a9ee013814

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Colin Watson
Author Date: 2011-07-29 15:56:27 UTC

Import patches-unapplied version 1:5.8p1-7ubuntu1 to ubuntu/oneiric

Imported using git-ubuntu import.

Changelog parent: 82899b2a78e280972a4ae664909700a9ee013814

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 15:06:02 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu6 to ubuntu/maverick-proposed

Imported using git-ubuntu import.

Changelog parent: d1eae4b6ff15a0514a73f1cbdd8ddcf9baf565bb

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-06-11 05:46:07 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu7 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 7bd95092480267a8f2bae97184c0225dea5f2cd6

New changelog entries:
  [ Clint Byrum ]
  * debian/openssh-server.ssh.init: Adding upstart awareness that will
    call /lib/init/upstart-job when script is run outside of a chroot.
    While this fixes LP: #531912, the change should be reverted when
    upstart gains chroot session support.
  [ Colin Watson ]
  * Only do the above if /etc/init/ssh.conf still exists, since apparently
    some people have been removing it.

Author: Clint Byrum
Author Date: 2011-04-01 23:05:43 UTC

Import patches-unapplied version 1:5.8p1-1ubuntu3 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 9cd08ca94527ef262c1a9362052d4c498a1fd089

New changelog entries:
  * Start on runlevel [2345] so that switching back to runlevel 2
    from single user mode starts ssh again. (LP: #747756)

Author: Clint Byrum
Author Date: 2011-04-01 23:05:43 UTC

Import patches-unapplied version 1:5.8p1-1ubuntu3 to ubuntu/natty

Imported using git-ubuntu import.

Changelog parent: 9cd08ca94527ef262c1a9362052d4c498a1fd089

New changelog entries:
  * Start on runlevel [2345] so that switching back to runlevel 2
    from single user mode starts ssh again. (LP: #747756)

Author: Colin Watson
Author Date: 2011-03-02 10:53:07 UTC

Import patches-unapplied version 1:4.7p1-8ubuntu3 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 212e8d7bcfb933f9410b93bb5f4fb7a152778e19

New changelog entries:
  * Merge 1:4.7p1-8ubuntu1.1 and 1:4.7p1-8ubuntu1.2 from hardy-security.

Author: Colin Watson
Author Date: 2011-03-02 10:53:07 UTC

Import patches-unapplied version 1:4.7p1-8ubuntu3 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 212e8d7bcfb933f9410b93bb5f4fb7a152778e19

New changelog entries:
  * Merge 1:4.7p1-8ubuntu1.1 and 1:4.7p1-8ubuntu1.2 from hardy-security.

Author: Colin Watson
Author Date: 2011-03-02 10:53:07 UTC

Import patches-unapplied version 1:4.7p1-8ubuntu3 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 212e8d7bcfb933f9410b93bb5f4fb7a152778e19

New changelog entries:
  * Merge 1:4.7p1-8ubuntu1.1 and 1:4.7p1-8ubuntu1.2 from hardy-security.

Author: Colin Watson
Author Date: 2010-09-14 17:50:57 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu4 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: b4dce181fd26df4cd944e8c9e3e864b5ac350afe

New changelog entries:
  * Fix stray hyphen in the title of ssh-import-id(1).

Author: Colin Watson
Author Date: 2010-03-08 15:24:44 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu3 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 138dde9fa10f4213498a59654f0add82161514c5

New changelog entries:
  * Fix syntax error in openssh-server apport hook (LP: #534365).