Author: Colin Watson
Revision Date: 2012-10-31 10:36:14 UTC

releasing version 1:6.1p1-1ubuntu1

Author: Colin Watson
Revision Date: 2012-10-31 10:36:14 UTC

releasing version 1:6.1p1-1ubuntu1

Author: Colin Watson
Revision Date: 2012-10-31 10:36:14 UTC

releasing version 1:6.1p1-1ubuntu1

Author: Colin Watson
Revision Date: 2012-10-31 10:36:14 UTC

releasing version 1:6.1p1-1ubuntu1

Author: Colin Watson
Revision Date: 2012-10-31 10:36:14 UTC

releasing version 1:6.1p1-1ubuntu1

Author: Colin Watson
Revision Date: 2013-03-26 14:16:36 UTC

releasing version 1:5.9p1-5ubuntu1.1

Author: Colin Watson
Revision Date: 2012-10-31 10:36:14 UTC

releasing version 1:6.1p1-1ubuntu1

Author: Colin Watson
Revision Date: 2012-08-30 23:48:27 UTC

releasing version 1:6.0p1-3ubuntu1

Author: Colin Watson
Revision Date: 2012-04-02 11:40:36 UTC

releasing version 1:5.9p1-5ubuntu1

Author: Colin Watson
Revision Date: 2011-07-29 15:59:14 UTC

releasing version 1:5.8p1-7ubuntu1

Author: Colin Watson
Revision Date: 2011-04-02 10:06:44 UTC

merge lp:~clint-fewbar/ubuntu/natty/openssh/runlevel-fix

Author: Clint Byrum
Revision Date: 2011-04-01 23:08:15 UTC

Start on runlevel [2345] so that switching back to runlevel 2
from single user mode starts ssh again. (LP: #747756)

Author: Clint Byrum
Revision Date: 2011-03-09 13:35:08 UTC

* debian/openssh-server.ssh.init: Adding upstart awareness that will
  call /lib/init/upstart-job when script is run outside of a chroot.
  While this fixes LP: #531912, the change should be reverted when
  upstart gains chroot session support.
* Only do the above if /etc/init/ssh.conf still exists, since apparently
  some people have been removing it.

Author: Clint Byrum
Revision Date: 2011-03-09 13:16:13 UTC

* debian/openssh-server.ssh.init: Adding upstart awareness that will
  call /lib/init/upstart-job when script is run outside of a chroot.
  While this fixes LP: #531912, the change should be reverted when
  upstart gains chroot session support.
* Only do the above if /etc/init/ssh.conf still exists, since apparently
  some people have been removing it.

Author: Colin Watson
Revision Date: 2011-01-07 10:24:38 UTC

releasing version 1:5.5p1-4ubuntu5

Author: Colin Watson
Revision Date: 2011-01-07 10:20:56 UTC

releasing version 1:5.3p1-3ubuntu5

Author: Clint Byrum
Revision Date: 2010-12-13 22:06:37 UTC

debian/openssh-server.ssh.upstart: drop 'expect fork' and run sshd
with -D to avoid losing track on reload (LP: #687535)

Author: Scott Moser
Revision Date: 2010-12-10 14:27:24 UTC

add options to ssh-import-id for writing to specified file,
being silent, and not attempting key validation (LP: #688574)

Author: Scott Moser
Revision Date: 2010-12-07 16:00:19 UTC

add mention of ssh-keygen in ssh connect warning (LP: #686607)

Author: Colin Watson
Revision Date: 2010-09-14 17:52:08 UTC

releasing version 1:5.5p1-4ubuntu4

Author: Gary van der Merwe
Revision Date: 2010-07-15 13:13:24 UTC

Merge LDAP Public Key support.

Author: Colin Watson
Revision Date: 2010-03-08 15:24:44 UTC

Fix syntax error in openssh-server apport hook (LP: #534365).

Author: Colin Watson
Revision Date: 2010-03-08 15:26:00 UTC

releasing version 1:5.3p1-3ubuntu3

Author: Soren Hansen
Revision Date: 2010-02-23 21:41:56 UTC

* Move get_config_key, host_keys_needed, create_keys, and create_key from
  openssh-server.postinst into /usr/share/openssh/config-library.sh.
* Regenerate host keys from init script if they're missing.

Author: Chuck Short
Revision Date: 2010-02-08 21:17:49 UTC

debian/openssh-server.dirs, debian/openssh-client.dirs, debian/rules,
debian/apport/openssh-server.py, debian/apport/openssh-client.py:
Install apport hook, apart of the server-lucid-apport-hooks specification.

Author: Loïc Minier
Revision Date: 2009-10-21 14:48:08 UTC

No change rebuild to fix misbuilt binaries on armel.

Author: Colin Watson
Revision Date: 2009-01-28 14:34:21 UTC

* Resynchronise with Debian. Remaining changes:
  - Add support for registering ConsoleKit sessions on login.
  - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they
    take up a lot of CD space, and I suspect that rolling them out in
    security updates has covered most affected systems now.
  - Add ufw integration.

Author: Colin Watson
Revision Date: 2008-10-13 19:40:53 UTC

* Resynchronise with Debian. Remaining changes:
  - Add support for registering ConsoleKit sessions on login.
  - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they
    take up a lot of CD space, and I suspect that rolling them out in
    security updates has covered most affected systems now.
  - Add ufw integration.

Author: Jamie Strandboge
Revision Date: 2008-05-14 08:32:08 UTC

* Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
* ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
  # as introducing a comment even if it is preceded by whitespace (thanks
  Colin Watson)

Author: Kees Cook
Revision Date: 2008-09-29 11:29:08 UTC

* SECURITY UPDATE: block .ssh/rc processing when running ForceCommand.
* References
  CVE-2008-1657

Author: Jamie Strandboge
Revision Date: 2008-05-14 08:32:08 UTC

* Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
* ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
  # as introducing a comment even if it is preceded by whitespace (thanks
  Colin Watson)

Author: Colin Watson
Revision Date: 2008-04-06 12:44:11 UTC

* Resynchronise with Debian. Remaining changes:
  - Add support for registering ConsoleKit sessions on login.

Author: Kees Cook
Revision Date: 2008-09-29 11:29:08 UTC

* SECURITY UPDATE: block .ssh/rc processing when running ForceCommand.
* References
  CVE-2008-1657

Author: Kees Cook
Revision Date: 2008-09-29 11:20:12 UTC

* SECURITY UPDATE: block signal handler crash DoS.
* log.c: backport upstream corrections, thanks to Florian Weimer.
* References
  CVE-2008-4109

Author: Kees Cook
Revision Date: 2008-04-01 10:31:42 UTC

* SECURITY UPDATE: X11 forward hijacking via alternate address families.
* channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel
  (LP: #210175).
* References
  CVE-2008-1483

Author: LaMont Jones
Revision Date: 2007-10-04 12:17:05 UTC

Trigger rebuild for hppa

Author: Kees Cook
Revision Date: 2008-09-29 11:20:12 UTC

* SECURITY UPDATE: block signal handler crash DoS.
* log.c: backport upstream corrections, thanks to Florian Weimer.
* References
  CVE-2008-4109

Author: Kees Cook
Revision Date: 2008-09-29 11:22:43 UTC

* SECURITY UPDATE: block signal handler crash DoS.
* log.c: backport upstream corrections, thanks to Florian Weimer.
* References
  CVE-2008-4109

Author: Colin Watson
Revision Date: 2007-02-19 11:18:12 UTC

* Resynchronise with Debian. Remaining changes:
  - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
  - Use LSB init script functions.
  - Increase MAX_SESSIONS to 64.
  - Remove stop links from rc0 and rc6.
* Build position-independent executables (only for debs, not for udebs) to
  take advantage of address space layout randomisation (thanks, Kees
  Cook).
* Set Maintainer to me.

Author: Kees Cook
Revision Date: 2008-04-01 10:31:42 UTC

* SECURITY UPDATE: X11 forward hijacking via alternate address families.
* channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel
  (LP: #210175).
* References
  CVE-2008-1483

Author: Colin Watson
Revision Date: 2006-10-05 09:20:53 UTC

Resynchronise with Debian.

Author: Kees Cook
Revision Date: 2008-09-29 11:22:43 UTC

* SECURITY UPDATE: block signal handler crash DoS.
* log.c: backport upstream corrections, thanks to Florian Weimer.
* References
  CVE-2008-4109

Author: Colin Watson
Revision Date: 2006-05-17 23:24:18 UTC

On '/etc/init.d/ssh restart', create /var/run/sshd before checking the
server configuration, as otherwise 'sshd -t' will complain about the
lack of /var/run/sshd (closes: Malone #45234).

Author: Martin Pitt
Revision Date: 2006-10-02 10:07:27 UTC

* SECURITY UPDATE: Remote DoS.
* CVE-2006-4924: Fix a pre-authentication denial of service found by
  Tavis Ormandy, that would cause sshd(8) to spin until the login grace
  time expired.
  Upstream fixes:
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
* Fix an unsafe signal hander reported by Mark Dowd. The
  signal handler was vulnerable to a race condition that could be
  exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
  On portable OpenSSH, this vulnerability could theoretically lead to
  pre-authentication remote code execution if GSSAPI authentication is
  enabled, but the likelihood of successful exploitation appears remote.
  [CVE-2006-5052]
* Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
  for backporting them from 4.4p1.

Author: Colin Watson
Revision Date: 2005-10-10 20:10:01 UTC

* Add /usr/games to the default $PATH for non-privileged users.
* Explicitly tell po2debconf to use the 'popular' output encoding, to
  avoid huge automatic changes to debian/po/*.po with po-debconf 0.9.0.

Author: Martin Pitt
Revision Date: 2006-10-02 10:17:53 UTC

* SECURITY UPDATE: Remote DoS.
* CVE-2006-4924: Fix a pre-authentication denial of service found by
  Tavis Ormandy, that would cause sshd(8) to spin until the login grace
  time expired.
  Upstream fixes:
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
  http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
* Fix an unsafe signal hander reported by Mark Dowd. The
  signal handler was vulnerable to a race condition that could be
  exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
  On portable OpenSSH, this vulnerability could theoretically lead to
  pre-authentication remote code execution if GSSAPI authentication is
  enabled, but the likelihood of successful exploitation appears remote.
  [CVE-2006-5052]
* Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
  for backporting them from 4.4p1.

Author: Colin Watson
Revision Date: 2005-03-15 12:46:54 UTC

Don't ask unnecessary and misplaced ssh/forward_warning debconf note
(closes: Ubuntu #7363).

Author: Martin Pitt
Revision Date: 2006-02-20 14:47:35 UTC

* SECURITY UPDATE: Shell code injection with crafted file names in scp.
* Ported upstream patch from 4.3p2 to replace system() call with a proper
  exec() call; this avoids expanding shell metacharacters in local-to-local
  or remote-to-remote copies.
* CVE-2006-0225

Author: Colin Watson
Revision Date: 2004-10-07 18:03:06 UTC

* Nathaniel McCallum:
  - debian/openssh-server.init: pretty initscript
  - debian/control: versioned depend on lsb-base