ubuntu/+source/openssh:debian/squeeze

Last commit made on 2014-07-19
Get this branch:
git clone -b debian/squeeze https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
debian/squeeze
Repository:
lp:ubuntu/+source/openssh

Recent commits

a74b9f3... by Colin Watson on 2014-04-03

Import patches-unapplied version 1:5.5p1-6+squeeze5 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 5d2b040428a7af04a8f6518caaadb47112fd3168

New changelog entries:
  * CVE-2014-2532: Disallow invalid characters in environment variable names
    to prevent bypassing AcceptEnv wildcard restrictions.
  * CVE-2014-2653: Attempt SSHFP lookup even if server presents a
    certificate (closes: #742513).

5d2b040... by Colin Watson on 2013-03-03

Import patches-unapplied version 1:5.5p1-6+squeeze4 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 69e7bc1198f34501570cc2f65f2a0ced54230120

New changelog entries:
  * CVE-2011-5000: Fix potential int overflow when using gssapi-with-mac
    authentation.

69e7bc1... by Colin Watson on 2013-02-08

Import patches-unapplied version 1:5.5p1-6+squeeze3 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: b410375a5733cc0bf22c326fe3604866d4e6cf49

New changelog entries:
  * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
    to 10:30:100 (closes: #700102).

b410375... by Colin Watson on 2012-02-20

Import patches-unapplied version 1:5.5p1-6+squeeze2 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 0b2d23415d9130bc3b0f356fbc45c04a62704f86

New changelog entries:
  * CVE-2012-0814: Don't send the actual forced command in a debug message,
    which allowed remote authenticated users to obtain potentially sensitive
    information by reading these messages (closes: #657445).

0b2d234... by Colin Watson on 2011-07-28

Import patches-unapplied version 1:5.5p1-6+squeeze1 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: e618b16baf6896af5d52d8896dde35409afec69b

New changelog entries:
  * Quieten logs when multiple from= restrictions are used in different
    authorized_keys lines for the same key; it's still not ideal, but at
    least you'll only get one log entry per key (closes: #630606).

e618b16... by Colin Watson on 2010-12-26

Import patches-unapplied version 1:5.5p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a2793f0d402b49f385a77ccb45ce688c1747fce6

New changelog entries:
  * Touch /var/run/sshd/.placeholder in the preinst so that /var/run/sshd,
    which is intentionally no longer shipped in the openssh-server package
    due to /var/run often being a temporary directory, is not removed on
    upgrade (closes: #575582).

a2793f0... by Colin Watson on 2010-08-23

Import patches-unapplied version 1:5.5p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9adc09845b0da7943da87a1557d1de606b9ceefd

New changelog entries:
  * Use an architecture wildcard for libselinux1-dev (closes: #591740).
  * debconf template translations:
    - Update Danish (thanks, Joe Hansen; closes: #592800).

9adc098... by Colin Watson on 2010-05-22

Import patches-unapplied version 1:5.5p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e4497c171d8bdc103b97f975f46ca5b3fbf997c3

New changelog entries:
  [ Sebastian Andrzej Siewior ]
  * Add powerpcspe to architecture list for libselinux1-dev build-dependency
    (closes: #579843).
  [ Colin Watson ]
  * Allow ~/.ssh/authorized_keys and other secure files to be
    group-writable, provided that the group in question contains only the
    file's owner; this extends a patch previously applied to ~/.ssh/config
    (closes: #581919).
  * Check primary group memberships as well as supplementary group
    memberships, and only allow group-writability by groups with exactly one
    member, as zero-member groups are typically used by setgid binaries
    rather than being user-private groups (closes: #581697).

e4497c1... by Colin Watson on 2010-04-28

Import patches-unapplied version 1:5.5p1-3 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 7bdadd4fa071e0dfca1a4ec4512a30da8f2961ea

New changelog entries:
  * Discard error messages while checking whether rsh, rlogin, and rcp
    alternatives exist (closes: #579285).
  * Drop IDEA key check; I don't think it works properly any more due to
    textual changes in error output, it's only relevant for direct upgrades
    from truly ancient versions, and it breaks upgrades if
    /etc/ssh/ssh_host_key can't be loaded (closes: #579570).
  * Use dh_installinit -n, since our maintainer scripts already handle this
    more carefully (thanks, Julien Cristau).
  * New upstream release:
    - Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative
      paths.
    - Include a language tag when sending a protocol 2 disconnection
      message.
    - Make logging of certificates used for user authentication more clear
      and consistent between CAs specified using TrustedUserCAKeys and
      authorized_keys.

7bdadd4... by Colin Watson on 2010-04-10

Import patches-unapplied version 1:5.4p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 59671bbcf5c2c40a1dd11fa17d96f46702ae8c50

New changelog entries:
  * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is
    installed, the host key is published in an SSHFP RR secured with DNSSEC,
    and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key
    verification (closes: #572049).
  * Convert to dh(1), and use dh_installdocs --link-doc.
  * Drop lpia support, since Ubuntu no longer supports this architecture.
  * Use dh_install more effectively.
  * Add a NEWS.Debian entry about changes in smartcard support relative to
    previous unofficial builds (closes: #231472).