View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
ubuntu/hardy-proposed 2011-03-08 09:08:45 UTC 2011-03-08
Import patches-unapplied version 1:4.7p1-8ubuntu3 to ubuntu/hardy-proposed

Author: Colin Watson
Author Date: 2011-03-02 10:53:07 UTC

Import patches-unapplied version 1:4.7p1-8ubuntu3 to ubuntu/hardy-proposed

Imported using git-ubuntu import.

Changelog parent: 212e8d7bcfb933f9410b93bb5f4fb7a152778e19

New changelog entries:
  * Merge 1:4.7p1-8ubuntu1.1 and 1:4.7p1-8ubuntu1.2 from hardy-security.

ubuntu/maverick 2010-09-14 18:05:35 UTC 2010-09-14
Import patches-unapplied version 1:5.5p1-4ubuntu4 to ubuntu/maverick

Author: Colin Watson
Author Date: 2010-09-14 17:50:57 UTC

Import patches-unapplied version 1:5.5p1-4ubuntu4 to ubuntu/maverick

Imported using git-ubuntu import.

Changelog parent: b4dce181fd26df4cd944e8c9e3e864b5ac350afe

New changelog entries:
  * Fix stray hyphen in the title of ssh-import-id(1).

ubuntu/lucid 2010-03-08 16:05:27 UTC 2010-03-08
Import patches-unapplied version 1:5.3p1-3ubuntu3 to ubuntu/lucid

Author: Colin Watson
Author Date: 2010-03-08 15:24:44 UTC

Import patches-unapplied version 1:5.3p1-3ubuntu3 to ubuntu/lucid

Imported using git-ubuntu import.

Changelog parent: 138dde9fa10f4213498a59654f0add82161514c5

New changelog entries:
  * Fix syntax error in openssh-server apport hook (LP: #534365).

ubuntu/karmic 2009-10-22 20:09:26 UTC 2009-10-22
Import patches-unapplied version 1:5.1p1-6ubuntu2 to ubuntu/karmic

Author: Loïc Minier
Author Date: 2009-10-21 12:48:08 UTC

Import patches-unapplied version 1:5.1p1-6ubuntu2 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 2fe1ab23d7e0bc61fc4c62df15a28dc8ca152fc9

New changelog entries:
  * No change rebuild to fix misbuilt binaries on armel.

ubuntu/karmic-devel 2009-10-22 20:09:26 UTC 2009-10-22
Import patches-unapplied version 1:5.1p1-6ubuntu2 to ubuntu/karmic

Author: Loïc Minier
Author Date: 2009-10-21 12:48:08 UTC

Import patches-unapplied version 1:5.1p1-6ubuntu2 to ubuntu/karmic

Imported using git-ubuntu import.

Changelog parent: 2fe1ab23d7e0bc61fc4c62df15a28dc8ca152fc9

New changelog entries:
  * No change rebuild to fix misbuilt binaries on armel.

ubuntu/jaunty-devel 2009-01-28 23:09:44 UTC 2009-01-28
Import patches-unapplied version 1:5.1p1-5ubuntu1 to ubuntu/jaunty

Author: Colin Watson
Author Date: 2009-01-28 14:34:21 UTC

Import patches-unapplied version 1:5.1p1-5ubuntu1 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 1965acc334acc3b9f7ad07c1f3351683bcdb72ee

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they
      take up a lot of CD space, and I suspect that rolling them out in
      security updates has covered most affected systems now.
    - Add ufw integration.

ubuntu/jaunty 2009-01-28 23:09:44 UTC 2009-01-28
Import patches-unapplied version 1:5.1p1-5ubuntu1 to ubuntu/jaunty

Author: Colin Watson
Author Date: 2009-01-28 14:34:21 UTC

Import patches-unapplied version 1:5.1p1-5ubuntu1 to ubuntu/jaunty

Imported using git-ubuntu import.

Changelog parent: 1965acc334acc3b9f7ad07c1f3351683bcdb72ee

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they
      take up a lot of CD space, and I suspect that rolling them out in
      security updates has covered most affected systems now.
    - Add ufw integration.

applied/debian/lenny 2009-01-14 14:12:18 UTC 2009-01-14
Import patches-applied version 1:5.1p1-5 to applied/debian/sid

Author: Colin Watson
Author Date: 2009-01-14 00:34:08 UTC

Import patches-applied version 1:5.1p1-5 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 76608748d9c1a6ad0b95732c54f20dfae877a2a1
Unapplied parent: 1965acc334acc3b9f7ad07c1f3351683bcdb72ee

New changelog entries:
  * Backport from upstream CVS (Markus Friedl):
    - packet_disconnect() on padding error, too. Should reduce the success
      probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
  * Check that /var/run/sshd.pid exists and that the process ID listed there
    corresponds to sshd before running '/etc/init.d/ssh reload' from if-up
    script; SIGHUP is racy if called at boot before sshd has a chance to
    install its signal handler, but fortunately the pid file is written
    after that which lets us avoid the race (closes: #502444).
  * While the above is a valuable sanity-check, it turns out that it doesn't
    really fix the bug (thanks to Kevin Price for testing), so for the
    meantime we'll just use '/etc/init.d/ssh restart', even though it is
    unfortunately heavyweight.

debian/lenny 2009-01-14 14:12:18 UTC 2009-01-14
Import patches-unapplied version 1:5.1p1-5 to debian/sid

Author: Colin Watson
Author Date: 2009-01-14 00:34:08 UTC

Import patches-unapplied version 1:5.1p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 62d764b487833e122207945cd32b7d7afab81bb4

New changelog entries:
  * Backport from upstream CVS (Markus Friedl):
    - packet_disconnect() on padding error, too. Should reduce the success
      probability for the CPNI-957037 Plaintext Recovery Attack to 2^-18.
  * Check that /var/run/sshd.pid exists and that the process ID listed there
    corresponds to sshd before running '/etc/init.d/ssh reload' from if-up
    script; SIGHUP is racy if called at boot before sshd has a chance to
    install its signal handler, but fortunately the pid file is written
    after that which lets us avoid the race (closes: #502444).
  * While the above is a valuable sanity-check, it turns out that it doesn't
    really fix the bug (thanks to Kevin Price for testing), so for the
    meantime we'll just use '/etc/init.d/ssh restart', even though it is
    unfortunately heavyweight.

ubuntu/intrepid 2008-10-13 19:04:43 UTC 2008-10-13
Import patches-unapplied version 1:5.1p1-3ubuntu1 to ubuntu/intrepid

Author: Colin Watson
Author Date: 2008-10-13 18:40:53 UTC

Import patches-unapplied version 1:5.1p1-3ubuntu1 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: aef3bb03ecf2557aa0ddcbfec2a0a9b2574c0848

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they
      take up a lot of CD space, and I suspect that rolling them out in
      security updates has covered most affected systems now.
    - Add ufw integration.

ubuntu/intrepid-devel 2008-10-13 19:04:43 UTC 2008-10-13
Import patches-unapplied version 1:5.1p1-3ubuntu1 to ubuntu/intrepid

Author: Colin Watson
Author Date: 2008-10-13 18:40:53 UTC

Import patches-unapplied version 1:5.1p1-3ubuntu1 to ubuntu/intrepid

Imported using git-ubuntu import.

Changelog parent: aef3bb03ecf2557aa0ddcbfec2a0a9b2574c0848

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests; they
      take up a lot of CD space, and I suspect that rolling them out in
      security updates has covered most affected systems now.
    - Add ufw integration.

ubuntu/dapper-updates 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.2p1-7ubuntu3.5 to ubuntu/dapper-security

Author: Kees Cook
Author Date: 2008-09-29 18:22:43 UTC

Import patches-unapplied version 1:4.2p1-7ubuntu3.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 349331f12cfd95d664f19fe1c5b91fee3f7e5c22

New changelog entries:
  * SECURITY UPDATE: block signal handler crash DoS.
  * log.c: backport upstream corrections, thanks to Florian Weimer.
  * References
    CVE-2008-4109

ubuntu/feisty-devel 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.3p2-8ubuntu1.5 to ubuntu/feisty-security

Author: Kees Cook
Author Date: 2008-09-29 18:20:12 UTC

Import patches-unapplied version 1:4.3p2-8ubuntu1.5 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: a7b71ee019e766cb29aef25e5116ef1508ff09a6

New changelog entries:
  * SECURITY UPDATE: block signal handler crash DoS.
  * log.c: backport upstream corrections, thanks to Florian Weimer.
  * References
    CVE-2008-4109

ubuntu/gutsy-updates 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.6p1-5ubuntu0.6 to ubuntu/gutsy-security

Author: Kees Cook
Author Date: 2008-09-29 18:29:08 UTC

Import patches-unapplied version 1:4.6p1-5ubuntu0.6 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: fcc605c55f59a261f0af96237f9834136114a639

New changelog entries:
  * SECURITY UPDATE: block .ssh/rc processing when running ForceCommand.
  * References
    CVE-2008-1657

ubuntu/gutsy-security 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.6p1-5ubuntu0.6 to ubuntu/gutsy-security

Author: Kees Cook
Author Date: 2008-09-29 18:29:08 UTC

Import patches-unapplied version 1:4.6p1-5ubuntu0.6 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: fcc605c55f59a261f0af96237f9834136114a639

New changelog entries:
  * SECURITY UPDATE: block .ssh/rc processing when running ForceCommand.
  * References
    CVE-2008-1657

ubuntu/gutsy-devel 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.6p1-5ubuntu0.6 to ubuntu/gutsy-security

Author: Kees Cook
Author Date: 2008-09-29 18:29:08 UTC

Import patches-unapplied version 1:4.6p1-5ubuntu0.6 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: fcc605c55f59a261f0af96237f9834136114a639

New changelog entries:
  * SECURITY UPDATE: block .ssh/rc processing when running ForceCommand.
  * References
    CVE-2008-1657

ubuntu/dapper-devel 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.2p1-7ubuntu3.5 to ubuntu/dapper-security

Author: Kees Cook
Author Date: 2008-09-29 18:22:43 UTC

Import patches-unapplied version 1:4.2p1-7ubuntu3.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 349331f12cfd95d664f19fe1c5b91fee3f7e5c22

New changelog entries:
  * SECURITY UPDATE: block signal handler crash DoS.
  * log.c: backport upstream corrections, thanks to Florian Weimer.
  * References
    CVE-2008-4109

ubuntu/dapper-security 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.2p1-7ubuntu3.5 to ubuntu/dapper-security

Author: Kees Cook
Author Date: 2008-09-29 18:22:43 UTC

Import patches-unapplied version 1:4.2p1-7ubuntu3.5 to ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: 349331f12cfd95d664f19fe1c5b91fee3f7e5c22

New changelog entries:
  * SECURITY UPDATE: block signal handler crash DoS.
  * log.c: backport upstream corrections, thanks to Florian Weimer.
  * References
    CVE-2008-4109

ubuntu/feisty-updates 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.3p2-8ubuntu1.5 to ubuntu/feisty-security

Author: Kees Cook
Author Date: 2008-09-29 18:20:12 UTC

Import patches-unapplied version 1:4.3p2-8ubuntu1.5 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: a7b71ee019e766cb29aef25e5116ef1508ff09a6

New changelog entries:
  * SECURITY UPDATE: block signal handler crash DoS.
  * log.c: backport upstream corrections, thanks to Florian Weimer.
  * References
    CVE-2008-4109

ubuntu/feisty-security 2008-10-01 22:04:38 UTC 2008-10-01
Import patches-unapplied version 1:4.3p2-8ubuntu1.5 to ubuntu/feisty-security

Author: Kees Cook
Author Date: 2008-09-29 18:20:12 UTC

Import patches-unapplied version 1:4.3p2-8ubuntu1.5 to ubuntu/feisty-security

Imported using git-ubuntu import.

Changelog parent: a7b71ee019e766cb29aef25e5116ef1508ff09a6

New changelog entries:
  * SECURITY UPDATE: block signal handler crash DoS.
  * log.c: backport upstream corrections, thanks to Florian Weimer.
  * References
    CVE-2008-4109

ubuntu/hardy-security 2008-05-14 16:04:31 UTC 2008-05-14
Import patches-unapplied version 1:4.7p1-8ubuntu1.2 to ubuntu/hardy-security

Author: Jamie Strandboge
Author Date: 2008-05-14 12:32:08 UTC

Import patches-unapplied version 1:4.7p1-8ubuntu1.2 to ubuntu/hardy-security

Imported using git-ubuntu import.

Changelog parent: 9251c51db43607e30ec41ed441d3987dd02c2543

New changelog entries:
  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson)

ubuntu/hardy 2008-04-06 12:03:37 UTC 2008-04-06
Import patches-unapplied version 1:4.7p1-8ubuntu1 to ubuntu/hardy

Author: Colin Watson
Author Date: 2008-04-06 11:44:11 UTC

Import patches-unapplied version 1:4.7p1-8ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 23ca25118817d79ae647e2a2be375759ad97bdb7

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
  * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5.
  * Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from old
    configurations (LP: #211400).
  * Tweak scp's reporting of filenames in verbose mode to be a bit less
    confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
  * Backport from 4.9p1:
    - Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified (see
      http://www.securityfocus.com/bid/28531/info).
    - Add no-user-rc authorized_keys option to disable execution of
      ~/.ssh/rc.
  * Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1:
    - Add code to actually implement GSSAPIStrictAcceptorCheck, which had
      somehow been omitted from a previous version of this patch (closes:
      #474246).

ubuntu/edgy-updates 2008-04-01 23:05:35 UTC 2008-04-01
Import patches-unapplied version 1:4.3p2-5ubuntu1.2 to ubuntu/edgy-security

Author: Kees Cook
Author Date: 2008-04-01 17:31:42 UTC

Import patches-unapplied version 1:4.3p2-5ubuntu1.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 2144a46c507b70d19754fb1fa0f5980ea12c7946

New changelog entries:
  * SECURITY UPDATE: X11 forward hijacking via alternate address families.
  * channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel
    (LP: #210175).
  * References
    CVE-2008-1483

ubuntu/edgy-security 2008-04-01 23:05:35 UTC 2008-04-01
Import patches-unapplied version 1:4.3p2-5ubuntu1.2 to ubuntu/edgy-security

Author: Kees Cook
Author Date: 2008-04-01 17:31:42 UTC

Import patches-unapplied version 1:4.3p2-5ubuntu1.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 2144a46c507b70d19754fb1fa0f5980ea12c7946

New changelog entries:
  * SECURITY UPDATE: X11 forward hijacking via alternate address families.
  * channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel
    (LP: #210175).
  * References
    CVE-2008-1483

ubuntu/edgy-devel 2008-04-01 23:05:35 UTC 2008-04-01
Import patches-unapplied version 1:4.3p2-5ubuntu1.2 to ubuntu/edgy-security

Author: Kees Cook
Author Date: 2008-04-01 17:31:42 UTC

Import patches-unapplied version 1:4.3p2-5ubuntu1.2 to ubuntu/edgy-security

Imported using git-ubuntu import.

Changelog parent: 2144a46c507b70d19754fb1fa0f5980ea12c7946

New changelog entries:
  * SECURITY UPDATE: X11 forward hijacking via alternate address families.
  * channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel
    (LP: #210175).
  * References
    CVE-2008-1483

ubuntu/gutsy 2007-10-04 23:05:35 UTC 2007-10-04
Import patches-unapplied version 1:4.6p1-5build1 to ubuntu/gutsy

Author: LaMont Jones
Author Date: 2007-10-04 18:17:05 UTC

Import patches-unapplied version 1:4.6p1-5build1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 458aacd73bdb5cd6cbf2e4ab980e826385e3d23e

New changelog entries:
  * Trigger rebuild for hppa

applied/ubuntu/devel 2007-04-27 14:03:48 UTC 2007-04-27
Import patches-applied version 1:4.3p2-10ubuntu1 to applied/ubuntu/gutsy

Author: Colin Watson
Author Date: 2007-04-27 13:11:48 UTC

Import patches-applied version 1:4.3p2-10ubuntu1 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 873541352c91a48a021c085987f086aac08732c9
Unapplied parent: 55e63f540da7d7e9ead6df0faf90755ba5abeff6

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Remove stop links from rc0 and rc6.
    - Build position-independent executables (only for debs, not for udebs)
      to take advantage of address space layout randomisation.
  * Multiply openssh-client-udeb's Installer-Menu-Item by 100.
  * Increase MAX_SESSIONS to 64.
  [ Russ Allbery ]
  * Fix GSSAPIKeyExchange configuration file handling logic in ssh-krb5
    (closes: #404863).
  * Fix uncommenting of GSSAPI options by ssh-krb5 (closes: #407766).
  [ Colin Watson ]
  * debconf template translations:
    - Add Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #412330).

applied/ubuntu/gutsy 2007-04-27 14:03:48 UTC 2007-04-27
Import patches-applied version 1:4.3p2-10ubuntu1 to applied/ubuntu/gutsy

Author: Colin Watson
Author Date: 2007-04-27 13:11:48 UTC

Import patches-applied version 1:4.3p2-10ubuntu1 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 873541352c91a48a021c085987f086aac08732c9
Unapplied parent: 55e63f540da7d7e9ead6df0faf90755ba5abeff6

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Remove stop links from rc0 and rc6.
    - Build position-independent executables (only for debs, not for udebs)
      to take advantage of address space layout randomisation.
  * Multiply openssh-client-udeb's Installer-Menu-Item by 100.
  * Increase MAX_SESSIONS to 64.
  [ Russ Allbery ]
  * Fix GSSAPIKeyExchange configuration file handling logic in ssh-krb5
    (closes: #404863).
  * Fix uncommenting of GSSAPI options by ssh-krb5 (closes: #407766).
  [ Colin Watson ]
  * debconf template translations:
    - Add Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #412330).

applied/ubuntu/gutsy-devel 2007-04-27 14:03:48 UTC 2007-04-27
Import patches-applied version 1:4.3p2-10ubuntu1 to applied/ubuntu/gutsy

Author: Colin Watson
Author Date: 2007-04-27 13:11:48 UTC

Import patches-applied version 1:4.3p2-10ubuntu1 to applied/ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 873541352c91a48a021c085987f086aac08732c9
Unapplied parent: 55e63f540da7d7e9ead6df0faf90755ba5abeff6

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Remove stop links from rc0 and rc6.
    - Build position-independent executables (only for debs, not for udebs)
      to take advantage of address space layout randomisation.
  * Multiply openssh-client-udeb's Installer-Menu-Item by 100.
  * Increase MAX_SESSIONS to 64.
  [ Russ Allbery ]
  * Fix GSSAPIKeyExchange configuration file handling logic in ssh-krb5
    (closes: #404863).
  * Fix uncommenting of GSSAPI options by ssh-krb5 (closes: #407766).
  [ Colin Watson ]
  * debconf template translations:
    - Add Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #412330).

applied/ubuntu/feisty 2007-02-19 12:03:22 UTC 2007-02-19
Import patches-applied version 1:4.3p2-8ubuntu1 to applied/ubuntu/feisty

Author: Colin Watson
Author Date: 2007-02-19 11:18:12 UTC

Import patches-applied version 1:4.3p2-8ubuntu1 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 4d152eb2d613ad04265588bf75fe51e3b8cac7e1
Unapplied parent: 6acddbaea60ba8a1ef4e1306c217b9adbfb3e7be

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  * Build position-independent executables (only for debs, not for udebs) to
    take advantage of address space layout randomisation (thanks, Kees
    Cook).
  * Set Maintainer to me.
  [ Vincent Untz ]
  * Give the ssh-askpass-gnome window a default icon; remove unnecessary
    icon extension from .desktop file (closes:
    https://launchpad.net/bugs/27152).
  [ Colin Watson ]
  * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't
    sufficient to replace conffiles (closes: #402804).
  * Make GSSAPICleanupCreds a compatibility alias for
    GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
    GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
    away from them on upgrade.
  * It turns out that the people who told me that removing a conffile in the
    preinst was sufficient to have dpkg replace it without prompting when
    moving a conffile between packages were very much mistaken. As far as I
    can tell, the only way to do this reliably is to write out the desired
    new text of the conffile in the preinst. This is gross, and requires
    shipping the text of all conffiles in the preinst too, but there's
    nothing for it. Fortunately this nonsense is only required for smooth
    upgrades from sarge.
  * debconf template translations:
    - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).

ubuntu/feisty 2007-02-19 12:03:22 UTC 2007-02-19
Import patches-unapplied version 1:4.3p2-8ubuntu1 to ubuntu/feisty

Author: Colin Watson
Author Date: 2007-02-19 11:18:12 UTC

Import patches-unapplied version 1:4.3p2-8ubuntu1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: e7b80c3001a890710cda652c8446234a9a617421

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  * Build position-independent executables (only for debs, not for udebs) to
    take advantage of address space layout randomisation (thanks, Kees
    Cook).
  * Set Maintainer to me.
  [ Vincent Untz ]
  * Give the ssh-askpass-gnome window a default icon; remove unnecessary
    icon extension from .desktop file (closes:
    https://launchpad.net/bugs/27152).
  [ Colin Watson ]
  * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't
    sufficient to replace conffiles (closes: #402804).
  * Make GSSAPICleanupCreds a compatibility alias for
    GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
    GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
    away from them on upgrade.
  * It turns out that the people who told me that removing a conffile in the
    preinst was sufficient to have dpkg replace it without prompting when
    moving a conffile between packages were very much mistaken. As far as I
    can tell, the only way to do this reliably is to write out the desired
    new text of the conffile in the preinst. This is gross, and requires
    shipping the text of all conffiles in the preinst too, but there's
    nothing for it. Fortunately this nonsense is only required for smooth
    upgrades from sarge.
  * debconf template translations:
    - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).

applied/ubuntu/feisty-devel 2007-02-19 12:03:22 UTC 2007-02-19
Import patches-applied version 1:4.3p2-8ubuntu1 to applied/ubuntu/feisty

Author: Colin Watson
Author Date: 2007-02-19 11:18:12 UTC

Import patches-applied version 1:4.3p2-8ubuntu1 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 4d152eb2d613ad04265588bf75fe51e3b8cac7e1
Unapplied parent: 6acddbaea60ba8a1ef4e1306c217b9adbfb3e7be

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  * Build position-independent executables (only for debs, not for udebs) to
    take advantage of address space layout randomisation (thanks, Kees
    Cook).
  * Set Maintainer to me.
  [ Vincent Untz ]
  * Give the ssh-askpass-gnome window a default icon; remove unnecessary
    icon extension from .desktop file (closes:
    https://launchpad.net/bugs/27152).
  [ Colin Watson ]
  * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't
    sufficient to replace conffiles (closes: #402804).
  * Make GSSAPICleanupCreds a compatibility alias for
    GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
    GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
    away from them on upgrade.
  * It turns out that the people who told me that removing a conffile in the
    preinst was sufficient to have dpkg replace it without prompting when
    moving a conffile between packages were very much mistaken. As far as I
    can tell, the only way to do this reliably is to write out the desired
    new text of the conffile in the preinst. This is gross, and requires
    shipping the text of all conffiles in the preinst too, but there's
    nothing for it. Fortunately this nonsense is only required for smooth
    upgrades from sarge.
  * debconf template translations:
    - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).

applied/ubuntu/edgy 2006-10-05 09:03:17 UTC 2006-10-05
Import patches-applied version 1:4.3p2-5ubuntu1 to applied/ubuntu/edgy

Author: Colin Watson
Author Date: 2006-10-05 08:20:53 UTC

Import patches-applied version 1:4.3p2-5ubuntu1 to applied/ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: ba5f65daaba0b32b2732fecfd59a759b70675b20
Unapplied parent: 891bef0d2423a8437ec00b46138b99307e0f67dc

New changelog entries:
  * Resynchronise with Debian.
  * Remove ssh/insecure_telnetd check altogether (closes: #391081).
  * debconf template translations:
    - Update Danish (thanks, Claus Hindsgaul; closes: #390612).

applied/ubuntu/edgy-devel 2006-10-05 09:03:17 UTC 2006-10-05
Import patches-applied version 1:4.3p2-5ubuntu1 to applied/ubuntu/edgy

Author: Colin Watson
Author Date: 2006-10-05 08:20:53 UTC

Import patches-applied version 1:4.3p2-5ubuntu1 to applied/ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: ba5f65daaba0b32b2732fecfd59a759b70675b20
Unapplied parent: 891bef0d2423a8437ec00b46138b99307e0f67dc

New changelog entries:
  * Resynchronise with Debian.
  * Remove ssh/insecure_telnetd check altogether (closes: #391081).
  * debconf template translations:
    - Update Danish (thanks, Claus Hindsgaul; closes: #390612).

ubuntu/edgy 2006-10-05 09:03:17 UTC 2006-10-05
Import patches-unapplied version 1:4.3p2-5ubuntu1 to ubuntu/edgy

Author: Colin Watson
Author Date: 2006-10-05 08:20:53 UTC

Import patches-unapplied version 1:4.3p2-5ubuntu1 to ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: 1d4fb0d11110722933dbd74235de63e134c8ddd2

New changelog entries:
  * Resynchronise with Debian.
  * Remove ssh/insecure_telnetd check altogether (closes: #391081).
  * debconf template translations:
    - Update Danish (thanks, Claus Hindsgaul; closes: #390612).

ubuntu/hoary-security 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-unapplied version 1:3.9p1-1ubuntu2.3 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2006-10-02 10:17:53 UTC

Import patches-unapplied version 1:3.9p1-1ubuntu2.3 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 517594eae2e4eff6a340e53292a7a1f42748ba10

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

ubuntu/breezy-security 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-unapplied version 1:4.1p1-7ubuntu4.2 to ubuntu/breezy-security

Author: Martin Pitt
Author Date: 2006-10-02 10:07:27 UTC

Import patches-unapplied version 1:4.1p1-7ubuntu4.2 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: cd71f031ae9489d04c479cfc13b763603e1be3f8

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

ubuntu/breezy-devel 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-unapplied version 1:4.1p1-7ubuntu4.2 to ubuntu/breezy-security

Author: Martin Pitt
Author Date: 2006-10-02 10:07:27 UTC

Import patches-unapplied version 1:4.1p1-7ubuntu4.2 to ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: cd71f031ae9489d04c479cfc13b763603e1be3f8

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

applied/ubuntu/hoary-security 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-applied version 1:3.9p1-1ubuntu2.3 to applied/ubuntu/hoary-sec...

Author: Martin Pitt
Author Date: 2006-10-02 10:17:53 UTC

Import patches-applied version 1:3.9p1-1ubuntu2.3 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 3c76cd129aeaf05612fb3a4eea86f7be6cc38c0e
Unapplied parent: 01b2218cc48aed933f5cfed77da0a7d7e61855d5

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

applied/ubuntu/hoary-devel 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-applied version 1:3.9p1-1ubuntu2.3 to applied/ubuntu/hoary-sec...

Author: Martin Pitt
Author Date: 2006-10-02 10:17:53 UTC

Import patches-applied version 1:3.9p1-1ubuntu2.3 to applied/ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 3c76cd129aeaf05612fb3a4eea86f7be6cc38c0e
Unapplied parent: 01b2218cc48aed933f5cfed77da0a7d7e61855d5

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

applied/ubuntu/dapper-security 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-applied version 1:4.2p1-7ubuntu3.1 to applied/ubuntu/dapper-se...

Author: Martin Pitt
Author Date: 2006-10-02 09:38:59 UTC

Import patches-applied version 1:4.2p1-7ubuntu3.1 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: f66fbe8eb678023f89a5e71fea297579de5b2cb3
Unapplied parent: 872b45f6aac7fcd7ce5817b1cbeeb319142ea06e

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.
  * packet.c: Fix a NULL dereference crash so that an appropriate error
    message is printed on a protocol error. This is not actually a
    vulnerability, but has been assigned CVE-2006-4925, so let's fix it for
    completeness' sake.
    Taken from upstream CVS:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?sortby=date&r2=1.145&r1=1.144&f=h

applied/ubuntu/dapper-devel 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-applied version 1:4.2p1-7ubuntu3.1 to applied/ubuntu/dapper-se...

Author: Martin Pitt
Author Date: 2006-10-02 09:38:59 UTC

Import patches-applied version 1:4.2p1-7ubuntu3.1 to applied/ubuntu/dapper-security

Imported using git-ubuntu import.

Changelog parent: f66fbe8eb678023f89a5e71fea297579de5b2cb3
Unapplied parent: 872b45f6aac7fcd7ce5817b1cbeeb319142ea06e

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.
  * packet.c: Fix a NULL dereference crash so that an appropriate error
    message is printed on a protocol error. This is not actually a
    vulnerability, but has been assigned CVE-2006-4925, so let's fix it for
    completeness' sake.
    Taken from upstream CVS:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?sortby=date&r2=1.145&r1=1.144&f=h

applied/ubuntu/breezy-security 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-applied version 1:4.1p1-7ubuntu4.2 to applied/ubuntu/breezy-se...

Author: Martin Pitt
Author Date: 2006-10-02 10:07:27 UTC

Import patches-applied version 1:4.1p1-7ubuntu4.2 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 2fbf321d03d1a098c9b652bceca569bc2a9f0da3
Unapplied parent: 71a296bc0a999a092dc87b22d27a9b0fa802029e

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

applied/ubuntu/breezy-devel 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-applied version 1:4.1p1-7ubuntu4.2 to applied/ubuntu/breezy-se...

Author: Martin Pitt
Author Date: 2006-10-02 10:07:27 UTC

Import patches-applied version 1:4.1p1-7ubuntu4.2 to applied/ubuntu/breezy-security

Imported using git-ubuntu import.

Changelog parent: 2fbf321d03d1a098c9b652bceca569bc2a9f0da3
Unapplied parent: 71a296bc0a999a092dc87b22d27a9b0fa802029e

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

ubuntu/hoary-devel 2006-10-02 13:03:24 UTC 2006-10-02
Import patches-unapplied version 1:3.9p1-1ubuntu2.3 to ubuntu/hoary-security

Author: Martin Pitt
Author Date: 2006-10-02 10:17:53 UTC

Import patches-unapplied version 1:3.9p1-1ubuntu2.3 to ubuntu/hoary-security

Imported using git-ubuntu import.

Changelog parent: 517594eae2e4eff6a340e53292a7a1f42748ba10

New changelog entries:
  * SECURITY UPDATE: Remote DoS.
  * CVE-2006-4924: Fix a pre-authentication denial of service found by
    Tavis Ormandy, that would cause sshd(8) to spin until the login grace
    time expired.
    Upstream fixes:
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.c.diff?r1=1.29&r2=1.30&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/packet.c.diff?r1=1.143&r2=1.144&sortby=date&f=h
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/deattack.h.diff?r1=1.9&r2=1.10&sortby=date&f=h
  * Fix an unsafe signal hander reported by Mark Dowd. The
    signal handler was vulnerable to a race condition that could be
    exploited to perform a pre-authentication denial of service. [CVE-2006-5051]
    On portable OpenSSH, this vulnerability could theoretically lead to
    pre-authentication remote code execution if GSSAPI authentication is
    enabled, but the likelihood of successful exploitation appears remote.
    [CVE-2006-5052]
  * Above patches taken from Debian's 4.3p2-4 version, thanks to Colin Watson
    for backporting them from 4.4p1.

applied/ubuntu/dapper 2006-05-18 00:06:59 UTC 2006-05-18
Import patches-applied version 1:4.2p1-7ubuntu3 to applied/ubuntu/dapper

Author: Colin Watson
Author Date: 2006-05-17 22:24:18 UTC

Import patches-applied version 1:4.2p1-7ubuntu3 to applied/ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: bc05d8376b18f4805aa6d6e235d80a331f031dac
Unapplied parent: 7e6667783f6328fff22531b339d6e1bb4fe8ed3b

New changelog entries:
  * On '/etc/init.d/ssh restart', create /var/run/sshd before checking the
    server configuration, as otherwise 'sshd -t' will complain about the
    lack of /var/run/sshd (closes: Malone #45234).

ubuntu/dapper 2006-05-18 00:06:59 UTC 2006-05-18
Import patches-unapplied version 1:4.2p1-7ubuntu3 to ubuntu/dapper

Author: Colin Watson
Author Date: 2006-05-17 22:24:18 UTC

Import patches-unapplied version 1:4.2p1-7ubuntu3 to ubuntu/dapper

Imported using git-ubuntu import.

Changelog parent: 8b11a29ade34b074fc04f6275cc1d8817de56015

New changelog entries:
  * On '/etc/init.d/ssh restart', create /var/run/sshd before checking the
    server configuration, as otherwise 'sshd -t' will complain about the
    lack of /var/run/sshd (closes: Malone #45234).

applied/ubuntu/warty-devel 2006-02-21 13:08:20 UTC 2006-02-21
Import patches-applied version 1:3.8.1p1-11ubuntu3.3 to applied/ubuntu/warty-...

Author: Martin Pitt
Author Date: 2006-02-20 14:47:35 UTC

Import patches-applied version 1:3.8.1p1-11ubuntu3.3 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: c046986784e1d06c11300543b6ea35cbbe6e2f51
Unapplied parent: b1e1c7a37f09c6b299f67c295ec48a139064ea72

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

applied/ubuntu/warty-security 2006-02-21 13:08:20 UTC 2006-02-21
Import patches-applied version 1:3.8.1p1-11ubuntu3.3 to applied/ubuntu/warty-...

Author: Martin Pitt
Author Date: 2006-02-20 14:47:35 UTC

Import patches-applied version 1:3.8.1p1-11ubuntu3.3 to applied/ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: c046986784e1d06c11300543b6ea35cbbe6e2f51
Unapplied parent: b1e1c7a37f09c6b299f67c295ec48a139064ea72

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

ubuntu/warty-devel 2006-02-21 13:08:20 UTC 2006-02-21
Import patches-unapplied version 1:3.8.1p1-11ubuntu3.3 to ubuntu/warty-security

Author: Martin Pitt
Author Date: 2006-02-20 14:47:35 UTC

Import patches-unapplied version 1:3.8.1p1-11ubuntu3.3 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 4df9e6b585b6676ad6548ebcd329893e78477f1a

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

ubuntu/warty-security 2006-02-21 13:08:20 UTC 2006-02-21
Import patches-unapplied version 1:3.8.1p1-11ubuntu3.3 to ubuntu/warty-security

Author: Martin Pitt
Author Date: 2006-02-20 14:47:35 UTC

Import patches-unapplied version 1:3.8.1p1-11ubuntu3.3 to ubuntu/warty-security

Imported using git-ubuntu import.

Changelog parent: 4df9e6b585b6676ad6548ebcd329893e78477f1a

New changelog entries:
  * SECURITY UPDATE: Shell code injection with crafted file names in scp.
  * Ported upstream patch from 4.3p2 to replace system() call with a proper
    exec() call; this avoids expanding shell metacharacters in local-to-local
    or remote-to-remote copies.
  * CVE-2006-0225

applied/ubuntu/breezy 2005-12-21 05:45:19 UTC 2005-12-21
Import patches-applied version 1:4.1p1-7ubuntu4 to applied/ubuntu/breezy

Author: Colin Watson
Author Date: 2005-10-10 19:10:01 UTC

Import patches-applied version 1:4.1p1-7ubuntu4 to applied/ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 4b4b5b9c86ea9a1140b819dc672c7ba0fd2c6a74
Unapplied parent: fbef8cdcb6187bd382103833c21da8513f795c8a

New changelog entries:
  * Add /usr/games to the default $PATH for non-privileged users.
  * Explicitly tell po2debconf to use the 'popular' output encoding, to
    avoid huge automatic changes to debian/po/*.po with po-debconf 0.9.0.
  * Increase MAX_SESSIONS to 64.
  * Backport from OpenSSH 4.2p1:
    - SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that
      caused GatewayPorts to be incorrectly activated for dynamic ("-D")
      port forwardings when no listen address was explicitly specified.
    - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI
      credentials. This code is only built in openssh-krb5, not openssh, but
      I include the fix here anyway in case anyone is building this package
      themselves with Kerberos support.
  * Resynchronise with Debian.
  * Do the IDEA host key check on a temporary file to avoid altering
    /etc/ssh/ssh_host_key itself (closes: #312312).
  * Work around the ssh-askpass alternative somehow ending up in manual mode
    pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass.
  * Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113).
  * Fix XSIish uses of 'test' in openssh-server.preinst.
  * Policy version 3.6.2: no changes required.
  * Resynchronise with Debian.
  * Fix one-character typo that meant the binaries in openssh-client and
    openssh-server got recompiled with the wrong options during
    'debian/rules install' (closes: #317088, #317238, #317241).
  * Build-depend on libselinux1-dev on ppc64 too (closes: #314625).
  * Drop priority of ssh to extra to match the override file.
  * Make /usr/share/doc/openssh-server and /usr/share/doc/ssh symlinks to
    /usr/share/doc/openssh-client (closes: #314745).
  * Ship README.dns (closes: #284874).
  * Disable btmp logging, since Debian's /var/log/btmp has inappropriate
    permissions (closes: #314956).
  * Allow ~/.ssh/config to be group-writable, provided that the group in
    question contains only the file's owner (closes: #314347).
  * debconf template translations:
    - Update Brazilian Portuguese (thanks, André Luís Lopes;
      closes: #315477).
    - Add Vietnamese (thanks, Clytie Siddall; closes: #316636).
  * Resynchronise with Debian.
  * openssh-client and openssh-server conflict with ssh-krb5, as ssh-krb5
    only conflicts with ssh (closes: #312475).
  * SELinux support (thanks, Manoj Srivastava; closes: #308555):
    - Added SELinux capability, and turned it on be default. Added
      restorecon calls in preinst and postinst (should not matter if the
      machine is not SELinux aware). By and large, the changes made should
      have no effect unless the rules file calls --with-selinux; and even
      then there should be no performance hit for machines not actively
      running SELinux.
    - Modified the preinst and postinst to call restorecon to set the
      security context for the generated public key files.
    - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system
      may want to also include pam_selinux.so.
  * Re-enable ssh-askpass-gnome on the Hurd, now that its build-dependencies
    are available.
  * Restore /usr/lib/sftp-server temporarily, as a symlink to
    /usr/lib/openssh/sftp-server (closes: #312891).
  * Switch to debhelper compatibility level 3, since 2 is deprecated.
  * debconf template translations:
    - Update German (thanks, Jens Seidel; closes: #313949).
  * Upload to unstable.
  * Set path of xauth to /usr/bin/xauth instead of /usr/bin/X11/auth.
  * Resynchronise with Debian.
  * Drop debconf support for allowing SSH protocol 1, which is discouraged
    and has not been the default since openssh 1:3.0.1p1-1. Users who need
    this should edit sshd_config instead (closes: #147212).
  * Since ssh-keysign isn't used by default (you need to set
    EnableSSHKeysign to "yes" in /etc/ssh/ssh_config), having a debconf
    question to ask whether it should be setuid is overkill, and the
    question text had got out of date anyway. Remove this question, ship
    ssh-keysign setuid in openssh-client.deb, and set a statoverride if the
    debconf question was previously set to false.
  * Add lintian overrides for the above (setuid-binary,
    no-debconf-templates).
  * Fix picky lintian errors about slogin symlinks.
  * Fix DEB_HOST_ARCH_OS/DEB_HOST_GNU_SYSTEM compatibility handling.
  * Apply Linux 2.2 workaround (see #239999) only on Linux.
  * New upstream release.
    - Normalise socket addresses returned by get_remote_hostname(), fixing
      4-in-6 mapping issues with AllowUsers et al (closes: #192234).
  * Take upstream's hint and disable the unsupported USE_POSIX_THREADS
    (closes: #295757, #308868, and possibly others; may open other bugs).
    Use PAM password authentication to avoid #278394. In future I may
    provide two sets of binaries built with and without this option, since
    it seems I can't win.
  * Disable ChallengeResponseAuthentication in new installations, returning
    to PasswordAuthentication by default, since it now supports PAM and
    apparently works better with a non-threaded sshd (closes: #247521).
  * openssh-server Suggests: rssh (closes: #233012).
  * Change libexecdir to /usr/lib/openssh, and fix up various alternatives
    and configuration files to match (closes: #87900, #151321).
  * Fix up very old sshd_config files that refer to /usr/libexec/sftp-server
    (closes: #141979).
  * Resynchronise with Debian.
  * New upstream release.
    - Port-forwarding specifications now take optional bind addresses, and
      the server allows client-specified bind addresses for remote port
      forwardings when configured with "GatewayPorts clientspecified"
      (closes: #87253, #192206).
    - ssh and ssh-keyscan now support hashing of known_hosts files for
      improved privacy. ssh-keygen has new options for managing known_hosts
      files, which understand hashing.
    - sftp supports command history and editing support using libedit
      (closes: #287013).
    - Have scp and sftp wait for the spawned ssh to exit before they exit
      themselves, allowing ssh to restore terminal modes (closes: #257130).
    - Improved the handling of bad data in authorized_keys files,
      eliminating fatal errors on corrupt or very large keys; e.g. linefeeds
      in keys only produce errors in auth.log now (closes: #220726).
    - Add "command mode" to ssh connection multiplexing (closes: #303452).
    - Mention $HOME/.hushlogin in sshd(8) FILES section (closes: #163933).
  * Make gnome-ssh-askpass stay above other windows (thanks, Liyang HU;
    closes: #296487).
  * Remove obsolete and unnecessary ssh/forward_warning debconf note.
  * Hurd build fixes (although sshd still doesn't work):
    - Restore X forwarding fix from #102991, lost somewhere along the way.
    - Link with -lcrypt.
    - Link with -lpthread rather than -pthread.
    - Don't build ssh-askpass-gnome on the Hurd, until GNOME is available to
      satisfy build-dependencies.
  * Drop workaround for #242462 on amd64; it's been fixed properly upstream.
  * Enable HashKnownHosts by default. This only affects new entries; use
    'ssh-keygen -H' to convert an entire known_hosts file to hashed format.
  * Note in ssh_config(5) that the SetupTimeOut option is Debian-specific
    (closes: #307069).
  * debconf template translations:
    - Update Czech (thanks, Miroslav Kure; closes: #298744).
    - Update Finnish (thanks, Matti Pöllä; closes: #303787).
    - Synchronise Spanish with sarge branch (thanks, Javier
      Fernández-Sanguino Peña; closes: #298536).
    - Add Ukrainian (thanks, Eugeniy Meshcheryakov; closes: #301852).
  * Explain how to run sshd from inittab in README.Debian (closes: #147360).
  * Add debian/watch file.
  * Remove pam_nologin from /etc/pam.d/ssh, as sshd's built-in support
    appears to be sufficient and more useful (closes: #162996).
  * Depend on debconf | debconf-2.0.
  * Drop LoginGraceTime back to the upstream default of two minutes on new
    installs (closes: #289573).
  * debconf template translations from Ubuntu bug #1232:
    - Update Greek (thanks, Logiotatidis George).
    - Update Spanish (thanks, Santiago Erquicia).

ubuntu/breezy 2005-12-21 05:45:19 UTC 2005-12-21
Import patches-unapplied version 1:4.1p1-7ubuntu4 to ubuntu/breezy

Author: Colin Watson
Author Date: 2005-10-10 19:10:01 UTC

Import patches-unapplied version 1:4.1p1-7ubuntu4 to ubuntu/breezy

Imported using git-ubuntu import.

Changelog parent: 6ac1c57981395deee16b5535f8d13c89417c0829

New changelog entries:
  * Add /usr/games to the default $PATH for non-privileged users.
  * Explicitly tell po2debconf to use the 'popular' output encoding, to
    avoid huge automatic changes to debian/po/*.po with po-debconf 0.9.0.
  * Increase MAX_SESSIONS to 64.
  * Backport from OpenSSH 4.2p1:
    - SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that
      caused GatewayPorts to be incorrectly activated for dynamic ("-D")
      port forwardings when no listen address was explicitly specified.
    - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI
      credentials. This code is only built in openssh-krb5, not openssh, but
      I include the fix here anyway in case anyone is building this package
      themselves with Kerberos support.
  * Resynchronise with Debian.
  * Do the IDEA host key check on a temporary file to avoid altering
    /etc/ssh/ssh_host_key itself (closes: #312312).
  * Work around the ssh-askpass alternative somehow ending up in manual mode
    pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass.
  * Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113).
  * Fix XSIish uses of 'test' in openssh-server.preinst.
  * Policy version 3.6.2: no changes required.
  * Resynchronise with Debian.
  * Fix one-character typo that meant the binaries in openssh-client and
    openssh-server got recompiled with the wrong options during
    'debian/rules install' (closes: #317088, #317238, #317241).
  * Build-depend on libselinux1-dev on ppc64 too (closes: #314625).
  * Drop priority of ssh to extra to match the override file.
  * Make /usr/share/doc/openssh-server and /usr/share/doc/ssh symlinks to
    /usr/share/doc/openssh-client (closes: #314745).
  * Ship README.dns (closes: #284874).
  * Disable btmp logging, since Debian's /var/log/btmp has inappropriate
    permissions (closes: #314956).
  * Allow ~/.ssh/config to be group-writable, provided that the group in
    question contains only the file's owner (closes: #314347).
  * debconf template translations:
    - Update Brazilian Portuguese (thanks, André Luís Lopes;
      closes: #315477).
    - Add Vietnamese (thanks, Clytie Siddall; closes: #316636).
  * Resynchronise with Debian.
  * openssh-client and openssh-server conflict with ssh-krb5, as ssh-krb5
    only conflicts with ssh (closes: #312475).
  * SELinux support (thanks, Manoj Srivastava; closes: #308555):
    - Added SELinux capability, and turned it on be default. Added
      restorecon calls in preinst and postinst (should not matter if the
      machine is not SELinux aware). By and large, the changes made should
      have no effect unless the rules file calls --with-selinux; and even
      then there should be no performance hit for machines not actively
      running SELinux.
    - Modified the preinst and postinst to call restorecon to set the
      security context for the generated public key files.
    - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system
      may want to also include pam_selinux.so.
  * Re-enable ssh-askpass-gnome on the Hurd, now that its build-dependencies
    are available.
  * Restore /usr/lib/sftp-server temporarily, as a symlink to
    /usr/lib/openssh/sftp-server (closes: #312891).
  * Switch to debhelper compatibility level 3, since 2 is deprecated.
  * debconf template translations:
    - Update German (thanks, Jens Seidel; closes: #313949).
  * Upload to unstable.
  * Set path of xauth to /usr/bin/xauth instead of /usr/bin/X11/auth.
  * Resynchronise with Debian.
  * Drop debconf support for allowing SSH protocol 1, which is discouraged
    and has not been the default since openssh 1:3.0.1p1-1. Users who need
    this should edit sshd_config instead (closes: #147212).
  * Since ssh-keysign isn't used by default (you need to set
    EnableSSHKeysign to "yes" in /etc/ssh/ssh_config), having a debconf
    question to ask whether it should be setuid is overkill, and the
    question text had got out of date anyway. Remove this question, ship
    ssh-keysign setuid in openssh-client.deb, and set a statoverride if the
    debconf question was previously set to false.
  * Add lintian overrides for the above (setuid-binary,
    no-debconf-templates).
  * Fix picky lintian errors about slogin symlinks.
  * Fix DEB_HOST_ARCH_OS/DEB_HOST_GNU_SYSTEM compatibility handling.
  * Apply Linux 2.2 workaround (see #239999) only on Linux.
  * New upstream release.
    - Normalise socket addresses returned by get_remote_hostname(), fixing
      4-in-6 mapping issues with AllowUsers et al (closes: #192234).
  * Take upstream's hint and disable the unsupported USE_POSIX_THREADS
    (closes: #295757, #308868, and possibly others; may open other bugs).
    Use PAM password authentication to avoid #278394. In future I may
    provide two sets of binaries built with and without this option, since
    it seems I can't win.
  * Disable ChallengeResponseAuthentication in new installations, returning
    to PasswordAuthentication by default, since it now supports PAM and
    apparently works better with a non-threaded sshd (closes: #247521).
  * openssh-server Suggests: rssh (closes: #233012).
  * Change libexecdir to /usr/lib/openssh, and fix up various alternatives
    and configuration files to match (closes: #87900, #151321).
  * Fix up very old sshd_config files that refer to /usr/libexec/sftp-server
    (closes: #141979).
  * Resynchronise with Debian.
  * New upstream release.
    - Port-forwarding specifications now take optional bind addresses, and
      the server allows client-specified bind addresses for remote port
      forwardings when configured with "GatewayPorts clientspecified"
      (closes: #87253, #192206).
    - ssh and ssh-keyscan now support hashing of known_hosts files for
      improved privacy. ssh-keygen has new options for managing known_hosts
      files, which understand hashing.
    - sftp supports command history and editing support using libedit
      (closes: #287013).
    - Have scp and sftp wait for the spawned ssh to exit before they exit
      themselves, allowing ssh to restore terminal modes (closes: #257130).
    - Improved the handling of bad data in authorized_keys files,
      eliminating fatal errors on corrupt or very large keys; e.g. linefeeds
      in keys only produce errors in auth.log now (closes: #220726).
    - Add "command mode" to ssh connection multiplexing (closes: #303452).
    - Mention $HOME/.hushlogin in sshd(8) FILES section (closes: #163933).
  * Make gnome-ssh-askpass stay above other windows (thanks, Liyang HU;
    closes: #296487).
  * Remove obsolete and unnecessary ssh/forward_warning debconf note.
  * Hurd build fixes (although sshd still doesn't work):
    - Restore X forwarding fix from #102991, lost somewhere along the way.
    - Link with -lcrypt.
    - Link with -lpthread rather than -pthread.
    - Don't build ssh-askpass-gnome on the Hurd, until GNOME is available to
      satisfy build-dependencies.
  * Drop workaround for #242462 on amd64; it's been fixed properly upstream.
  * Enable HashKnownHosts by default. This only affects new entries; use
    'ssh-keygen -H' to convert an entire known_hosts file to hashed format.
  * Note in ssh_config(5) that the SetupTimeOut option is Debian-specific
    (closes: #307069).
  * debconf template translations:
    - Update Czech (thanks, Miroslav Kure; closes: #298744).
    - Update Finnish (thanks, Matti Pöllä; closes: #303787).
    - Synchronise Spanish with sarge branch (thanks, Javier
      Fernández-Sanguino Peña; closes: #298536).
    - Add Ukrainian (thanks, Eugeniy Meshcheryakov; closes: #301852).
  * Explain how to run sshd from inittab in README.Debian (closes: #147360).
  * Add debian/watch file.
  * Remove pam_nologin from /etc/pam.d/ssh, as sshd's built-in support
    appears to be sufficient and more useful (closes: #162996).
  * Depend on debconf | debconf-2.0.
  * Drop LoginGraceTime back to the upstream default of two minutes on new
    installs (closes: #289573).
  * debconf template translations from Ubuntu bug #1232:
    - Update Greek (thanks, Logiotatidis George).
    - Update Spanish (thanks, Santiago Erquicia).

ubuntu/hoary 2005-12-20 21:37:18 UTC 2005-12-20
Import patches-unapplied version 1:3.9p1-1ubuntu2 to ubuntu/hoary

Author: Colin Watson
Author Date: 2005-03-15 12:46:54 UTC

Import patches-unapplied version 1:3.9p1-1ubuntu2 to ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: 3053cc0aa054e1edab75b86126dd2c87a66d3316

New changelog entries:
  * Don't ask unnecessary and misplaced ssh/forward_warning debconf note
    (closes: Ubuntu #7363).
  * Resynchronise with Debian.
  * New upstream release.
    - PAM password authentication implemented again (closes: #238699,
      #242119).
    - Implemented the ability to pass selected environment variables between
      the client and the server.
    - Fix ssh-keyscan breakage when remote server doesn't speak SSH protocol
      (closes: #228828).
    - Fix res_query detection (closes: #242462).
    - 'ssh -c' documentation improved (closes: #265627).
  * Pass LANG and LC_* environment variables from the client by default, and
    accept them to the server by default in new installs, although not on
    upgrade (closes: #264024).
  * Build ssh in binary-indep, not binary-arch (thanks, LaMont Jones).
  * Expand on openssh-client package description (closes: #273831).
  * Resynchronise with Debian.
  * We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
  * Fix timing information leak allowing discovery of invalid usernames in
    PAM keyboard-interactive authentication (backported from a patch by
    Darren Tucker; closes: #281595).
  * Make sure that there's a delay in PAM keyboard-interactive
    authentication when PermitRootLogin is not set to yes and the correct
    root password is entered (closes: #248747).
  * Resynchronise with Debian.
  * Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
  * debconf template translations:
    - Update Dutch (thanks, cobaco; closes: #278715).
  * Correct README.Debian's ForwardX11Trusted description (closes: #280190).
  * Resynchronise with Debian.
  * Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
  * Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
    1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
    implementations apparently have problems with the long version string.
    This is of course a bug in those implementations, but since the extent
    of the problem is unknown it's best to play safe (closes: #275731).
  * debconf template translations:
    - Add Finnish (thanks, Matti Pöllä; closes: #265339).
    - Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
    - Update French (thanks, Denis Barbier; closes: #276703).
    - Update Japanese (thanks, Kenshi Muto; closes: #277438).

applied/ubuntu/hoary 2005-12-20 21:37:18 UTC 2005-12-20
Import patches-applied version 1:3.9p1-1ubuntu2 to applied/ubuntu/hoary

Author: Colin Watson
Author Date: 2005-03-15 12:46:54 UTC

Import patches-applied version 1:3.9p1-1ubuntu2 to applied/ubuntu/hoary

Imported using git-ubuntu import.

Changelog parent: 1b47c8f1a006223b0fce36e5282eeaa8ae2fce68
Unapplied parent: 6ac1c57981395deee16b5535f8d13c89417c0829

New changelog entries:
  * Don't ask unnecessary and misplaced ssh/forward_warning debconf note
    (closes: Ubuntu #7363).
  * Resynchronise with Debian.
  * New upstream release.
    - PAM password authentication implemented again (closes: #238699,
      #242119).
    - Implemented the ability to pass selected environment variables between
      the client and the server.
    - Fix ssh-keyscan breakage when remote server doesn't speak SSH protocol
      (closes: #228828).
    - Fix res_query detection (closes: #242462).
    - 'ssh -c' documentation improved (closes: #265627).
  * Pass LANG and LC_* environment variables from the client by default, and
    accept them to the server by default in new installs, although not on
    upgrade (closes: #264024).
  * Build ssh in binary-indep, not binary-arch (thanks, LaMont Jones).
  * Expand on openssh-client package description (closes: #273831).
  * Resynchronise with Debian.
  * We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
  * Fix timing information leak allowing discovery of invalid usernames in
    PAM keyboard-interactive authentication (backported from a patch by
    Darren Tucker; closes: #281595).
  * Make sure that there's a delay in PAM keyboard-interactive
    authentication when PermitRootLogin is not set to yes and the correct
    root password is entered (closes: #248747).
  * Resynchronise with Debian.
  * Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
  * debconf template translations:
    - Update Dutch (thanks, cobaco; closes: #278715).
  * Correct README.Debian's ForwardX11Trusted description (closes: #280190).
  * Resynchronise with Debian.
  * Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
  * Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
    1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
    implementations apparently have problems with the long version string.
    This is of course a bug in those implementations, but since the extent
    of the problem is unknown it's best to play safe (closes: #275731).
  * debconf template translations:
    - Add Finnish (thanks, Matti Pöllä; closes: #265339).
    - Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
    - Update French (thanks, Denis Barbier; closes: #276703).
    - Update Japanese (thanks, Kenshi Muto; closes: #277438).

applied/ubuntu/warty 2005-12-20 15:34:39 UTC 2005-12-20
Import patches-applied version 1:3.8.1p1-11ubuntu3 to applied/ubuntu/warty

Author: Colin Watson
Author Date: 2004-10-07 17:03:06 UTC

Import patches-applied version 1:3.8.1p1-11ubuntu3 to applied/ubuntu/warty

Imported using git-ubuntu import.

Unapplied parent: 3053cc0aa054e1edab75b86126dd2c87a66d3316

ubuntu/warty 2005-12-20 15:34:39 UTC 2005-12-20
Import patches-unapplied version 1:3.8.1p1-11ubuntu3 to ubuntu/warty

Author: Colin Watson
Author Date: 2004-10-07 17:03:06 UTC

Import patches-unapplied version 1:3.8.1p1-11ubuntu3 to ubuntu/warty

Imported using git-ubuntu import.

101157 of 157 results

Other repositories

Name Last Modified
lp:ubuntu/+source/openssh 19 hours ago
lp:~paelzer/ubuntu/+source/openssh 2019-04-02
lp:~kstenerud/ubuntu/+source/openssh 2018-11-08
lp:~ahasenack/ubuntu/+source/openssh 2018-10-29
14 of 4 results
You can't create new repositories for openssh in Ubuntu.