ubuntu/+source/openssh:applied/ubuntu/feisty-devel

Last commit made on 2007-02-19
Get this branch:
git clone -b applied/ubuntu/feisty-devel https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/feisty-devel
Repository:
lp:ubuntu/+source/openssh

Recent commits

8735413... by Colin Watson on 2007-02-19

Import patches-applied version 1:4.3p2-8ubuntu1 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 4d152eb2d613ad04265588bf75fe51e3b8cac7e1
Unapplied parent: 6acddbaea60ba8a1ef4e1306c217b9adbfb3e7be

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  * Build position-independent executables (only for debs, not for udebs) to
    take advantage of address space layout randomisation (thanks, Kees
    Cook).
  * Set Maintainer to me.
  [ Vincent Untz ]
  * Give the ssh-askpass-gnome window a default icon; remove unnecessary
    icon extension from .desktop file (closes:
    https://launchpad.net/bugs/27152).
  [ Colin Watson ]
  * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't
    sufficient to replace conffiles (closes: #402804).
  * Make GSSAPICleanupCreds a compatibility alias for
    GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
    GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
    away from them on upgrade.
  * It turns out that the people who told me that removing a conffile in the
    preinst was sufficient to have dpkg replace it without prompting when
    moving a conffile between packages were very much mistaken. As far as I
    can tell, the only way to do this reliably is to write out the desired
    new text of the conffile in the preinst. This is gross, and requires
    shipping the text of all conffiles in the preinst too, but there's
    nothing for it. Fortunately this nonsense is only required for smooth
    upgrades from sarge.
  * debconf template translations:
    - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).

6acddba... by Colin Watson on 2007-02-19

Import patches-unapplied version 1:4.3p2-8ubuntu1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: e7b80c3001a890710cda652c8446234a9a617421

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  * Build position-independent executables (only for debs, not for udebs) to
    take advantage of address space layout randomisation (thanks, Kees
    Cook).
  * Set Maintainer to me.
  [ Vincent Untz ]
  * Give the ssh-askpass-gnome window a default icon; remove unnecessary
    icon extension from .desktop file (closes:
    https://launchpad.net/bugs/27152).
  [ Colin Watson ]
  * Drop versioning on ssh/ssh-krb5 Replaces, as otherwise it isn't
    sufficient to replace conffiles (closes: #402804).
  * Make GSSAPICleanupCreds a compatibility alias for
    GSSAPICleanupCredentials. Mark GSSUseSessionCCache and
    GSSAPIUseSessionCredCache as known-but-unsupported options, and migrate
    away from them on upgrade.
  * It turns out that the people who told me that removing a conffile in the
    preinst was sufficient to have dpkg replace it without prompting when
    moving a conffile between packages were very much mistaken. As far as I
    can tell, the only way to do this reliably is to write out the desired
    new text of the conffile in the preinst. This is gross, and requires
    shipping the text of all conffiles in the preinst too, but there's
    nothing for it. Fortunately this nonsense is only required for smooth
    upgrades from sarge.
  * debconf template translations:
    - Add Romanian (thanks, Stan Ioan-Eugen; closes: #403528).

4d152eb... by Colin Watson on 2006-12-11

Import patches-applied version 1:4.3p2-7ubuntu1 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 160559fa022d439ca1b8594a0addb8a183515788
Unapplied parent: e7b80c3001a890710cda652c8446234a9a617421

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  [ Colin Watson ]
  * Ignore errors from usermod when changing sshd's shell, since it will
    fail if the sshd user is not local (closes: #398436).
  * Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_config
    to avoid unnecessary conffile resolution steps for administrators
    (thanks, Jari Aalto; closes: #335259).
  * Fix quoting error in configure.ac and regenerate configure (thanks, Ben
    Pfaff; closes: #391248).
  * When installing openssh-client or openssh-server from scratch, remove
    any unchanged conffiles from the pre-split ssh package to work around a
    bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
  [ Russ Allbery ]
  * Create transitional ssh-krb5 package which enables GSSAPI configuration
    in sshd_config (closes: #390986).
  * Default client to attempting GSSAPI authentication.
  * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
    found.
  * Add ssh -K option, the converse of -k, to enable GSSAPI credential
    delegation (closes: #401483).

e7b80c3... by Colin Watson on 2006-12-11

Import patches-unapplied version 1:4.3p2-7ubuntu1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 72139b168c8252a92d59034c5c63f8753b4da1be

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  [ Colin Watson ]
  * Ignore errors from usermod when changing sshd's shell, since it will
    fail if the sshd user is not local (closes: #398436).
  * Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_config
    to avoid unnecessary conffile resolution steps for administrators
    (thanks, Jari Aalto; closes: #335259).
  * Fix quoting error in configure.ac and regenerate configure (thanks, Ben
    Pfaff; closes: #391248).
  * When installing openssh-client or openssh-server from scratch, remove
    any unchanged conffiles from the pre-split ssh package to work around a
    bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
  [ Russ Allbery ]
  * Create transitional ssh-krb5 package which enables GSSAPI configuration
    in sshd_config (closes: #390986).
  * Default client to attempting GSSAPI authentication.
  * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
    found.
  * Add ssh -K option, the converse of -k, to enable GSSAPI credential
    delegation (closes: #401483).

160559f... by Colin Watson on 2006-11-27

Import patches-applied version 1:4.3p2-6ubuntu1 to applied/ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 794fa966524db415315a7b3f1f92ea53ba271194
Unapplied parent: 72139b168c8252a92d59034c5c63f8753b4da1be

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  * Acknowledge NMU (thanks, Manoj; closes: #394795).
  * Backport from 4.5p1:
    - Fix a bug in the sshd privilege separation monitor that weakened its
      verification of successful authentication. This bug is not known to be
      exploitable in the absence of additional vulnerabilities.
  * openssh-server Suggests: molly-guard (closes: #395473).
  * debconf template translations:
    - Update German (thanks, Helge Kreutzmann; closes: #395947).
  * NMU to update SELinux patch, bringing it in line with current selinux
    releases. The patch for this NMU is simply the Bug#394795 patch,
    and no other changes. (closes: #394795)

72139b1... by Colin Watson on 2006-11-27

Import patches-unapplied version 1:4.3p2-6ubuntu1 to ubuntu/feisty

Imported using git-ubuntu import.

Changelog parent: 891bef0d2423a8437ec00b46138b99307e0f67dc

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add /sbin, /usr/sbin, and /usr/local/sbin to the default path.
    - Use LSB init script functions.
    - Increase MAX_SESSIONS to 64.
    - Remove stop links from rc0 and rc6.
  * Acknowledge NMU (thanks, Manoj; closes: #394795).
  * Backport from 4.5p1:
    - Fix a bug in the sshd privilege separation monitor that weakened its
      verification of successful authentication. This bug is not known to be
      exploitable in the absence of additional vulnerabilities.
  * openssh-server Suggests: molly-guard (closes: #395473).
  * debconf template translations:
    - Update German (thanks, Helge Kreutzmann; closes: #395947).
  * NMU to update SELinux patch, bringing it in line with current selinux
    releases. The patch for this NMU is simply the Bug#394795 patch,
    and no other changes. (closes: #394795)

794fa96... by Colin Watson on 2006-10-05

Import patches-applied version 1:4.3p2-5ubuntu1 to applied/ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: ba5f65daaba0b32b2732fecfd59a759b70675b20
Unapplied parent: 891bef0d2423a8437ec00b46138b99307e0f67dc

New changelog entries:
  * Resynchronise with Debian.
  * Remove ssh/insecure_telnetd check altogether (closes: #391081).
  * debconf template translations:
    - Update Danish (thanks, Claus Hindsgaul; closes: #390612).

891bef0... by Colin Watson on 2006-10-05

Import patches-unapplied version 1:4.3p2-5ubuntu1 to ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: 1d4fb0d11110722933dbd74235de63e134c8ddd2

New changelog entries:
  * Resynchronise with Debian.
  * Remove ssh/insecure_telnetd check altogether (closes: #391081).
  * debconf template translations:
    - Update Danish (thanks, Claus Hindsgaul; closes: #390612).

ba5f65d... by Colin Watson on 2006-09-29

Import patches-applied version 1:4.3p2-4ubuntu1 to applied/ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: be10b218363f82e1bdf914367fa9273bcbec6d90
Unapplied parent: 1d4fb0d11110722933dbd74235de63e134c8ddd2

New changelog entries:
  * Resynchronise with Debian.
  * Backport from 4.4p1 (since I don't have an updated version of the GSSAPI
    patch yet):
    - CVE-2006-4924: Fix a pre-authentication denial of service found by
      Tavis Ormandy, that would cause sshd(8) to spin until the login grace
      time expired (closes: #389995).
    - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The
      signal handler was vulnerable to a race condition that could be
      exploited to perform a pre-authentication denial of service. On
      portable OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication is
      enabled, but the likelihood of successful exploitation appears remote.
  * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël
    Hertzog; closes: #369395).
  * Remove no-longer-used ssh/insecure_rshd debconf template.
  * Make ssh/insecure_telnetd Type: error (closes: #388946).
  * debconf template translations:
    - Update Portuguese (thanks, Rui Branco; closes: #381942).
    - Update Spanish (thanks, Javier Fernández-Sanguino Peña;
      closes: #382966).
  * Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes:
    https://launchpad.net/bugs/50702).
  * Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
    Introduces dependency on passwd for usermod.
  * debconf template translations:
    - Update French (thanks, Denis Barbier; closes: #368503).
    - Update Dutch (thanks, Bart Cornelis; closes: #375100).
    - Update Japanese (thanks, Kenshi Muto; closes: #379950).

1d4fb0d... by Colin Watson on 2006-09-29

Import patches-unapplied version 1:4.3p2-4ubuntu1 to ubuntu/edgy

Imported using git-ubuntu import.

Changelog parent: 2efa7c85c7f44957cbc499aa3f17cc45073e0909

New changelog entries:
  * Resynchronise with Debian.
  * Backport from 4.4p1 (since I don't have an updated version of the GSSAPI
    patch yet):
    - CVE-2006-4924: Fix a pre-authentication denial of service found by
      Tavis Ormandy, that would cause sshd(8) to spin until the login grace
      time expired (closes: #389995).
    - CVE-2006-5051: Fix an unsafe signal hander reported by Mark Dowd. The
      signal handler was vulnerable to a race condition that could be
      exploited to perform a pre-authentication denial of service. On
      portable OpenSSH, this vulnerability could theoretically lead to
      pre-authentication remote code execution if GSSAPI authentication is
      enabled, but the likelihood of successful exploitation appears remote.
  * Read /etc/default/locale as well as /etc/environment (thanks, Raphaël
    Hertzog; closes: #369395).
  * Remove no-longer-used ssh/insecure_rshd debconf template.
  * Make ssh/insecure_telnetd Type: error (closes: #388946).
  * debconf template translations:
    - Update Portuguese (thanks, Rui Branco; closes: #381942).
    - Update Spanish (thanks, Javier Fernández-Sanguino Peña;
      closes: #382966).
  * Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes:
    https://launchpad.net/bugs/50702).
  * Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
    Introduces dependency on passwd for usermod.
  * debconf template translations:
    - Update French (thanks, Denis Barbier; closes: #368503).
    - Update Dutch (thanks, Bart Cornelis; closes: #375100).
    - Update Japanese (thanks, Kenshi Muto; closes: #379950).