ubuntu/+source/openssh:ubuntu/artful-proposed

Last commit made on 2017-09-01
Get this branch:
git clone -b ubuntu/artful-proposed https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/artful-proposed
Repository:
lp:ubuntu/+source/openssh

Recent commits

c931f60... by Colin Watson on 2017-09-01

Import patches-unapplied version 1:7.5p1-10 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b1b5c75268ff4438e33357c24800d1b0d0ecb731

New changelog entries:
  * Tell haveged to create the pid file we expect.
  * Give up and use systemctl to start haveged if running under systemd;
    this shouldn't be necessary, but I can't seem to get things working in
    the Ubuntu autopkgtest environment otherwise.

b1b5c75... by Colin Watson on 2017-08-31

Import patches-unapplied version 1:7.5p1-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9ddc3c0fdaec4a3053cea97a23183386bea43f94

New changelog entries:
  * Run debian/tests/regress with "set -x".
  * Run haveged without "-w 1024", as setting the low water mark doesn't
    seem possible in all autopkgtest virtualisation environments.

9ddc3c0... by Colin Watson on 2017-08-28

Import patches-unapplied version 1:7.5p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9179f1e1ff1644216c75f109699e442babaa2e09

New changelog entries:
  * Drop openssh-client-ssh1, now built by a separate source package.
  * Run haveged during autopkgtests to ensure that they have enough entropy
    for key generation (LP: #1712921).
  * Apply patches from https://bugzilla.mindrot.org/show_bug.cgi?id=2752 to
    allow some extra syscalls for crypto cards on s390x (LP: #1686618).

9179f1e... by Colin Watson on 2017-08-23

Import patches-unapplied version 1:7.5p1-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7f06034b1c4ba72dac028ed7879c89b6ee073293

New changelog entries:
  * Fix spelling of RuntimeDirectoryMode (closes: #872976).
  * Add RuntimeDirectory and RuntimeDirectoryMode to ssh@.service as well as
    ssh.service (closes: #872978).

7f06034... by Colin Watson on 2017-08-23

Import patches-unapplied version 1:7.5p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ff8921c5d749b778bdedef3a73fe9fbf7145be0a

New changelog entries:
  [ Colin Watson ]
  * Test configuration before starting or reloading sshd under systemd
    (closes: #865770).
  * Create /run/sshd under systemd using RuntimeDirectory rather than
    tmpfiles.d (thanks, Dmitry Smirnov; closes: #864190).
  [ Dimitri John Ledkov ]
  * Drop upstart system and user jobs (closes: #872851).
  [ Chris Lamb ]
  * Quote IP address in suggested "ssh-keygen -f" calls (closes: #872643).

ff8921c... by Colin Watson on 2017-06-18

Import patches-unapplied version 1:7.5p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: e7c9fd6a7c70fea03fae7d51d1688a286859f016

New changelog entries:
  * Upload to unstable.
  * Fix syntax error in debian/copyright.

e7c9fd6... by Colin Watson on 2017-06-06

Import patches-unapplied version 1:7.5p1-4 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 1601afa223bc935cee4688c481d60c99e3e90a28

New changelog entries:
  * Drop README.Debian section on privilege separation, as it's no longer
    optional.
  * Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
    (LP: #1689299).
  * Fix incoming compression statistics (thanks, Russell Coker; closes:
    #797964).
  * Relicense debian/* under a two-clause BSD licence for bidirectional
    compatibility with upstream, with permission from Matthew Vernon and
    others.

1601afa... by Colin Watson on 2017-05-02

Import patches-unapplied version 1:7.5p1-3 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: f733ac73e291d0c2ded570132cf7f5ecbf948c22

New changelog entries:
  * Fix debian/adjust-openssl-dependencies to account for preferring
    libssl1.0-dev.
  * Adjust OpenSSL dependencies for openssh-client-ssh1 too.
  * Fix purge failure when /etc/ssh has already somehow been removed
    (LP: #1682817).
  * Ensure that /etc/ssh exists before trying to create /etc/ssh/sshd_config
    (LP: #1685022).

f733ac7... by Colin Watson on 2017-04-02

Import patches-unapplied version 1:7.5p1-2 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 15663217edcca1156b584fc75564bebccf4cdd33

New changelog entries:
  * Add missing header on Linux/s390.
  * Fix syntax error on Linux/X32.

1566321... by Colin Watson on 2017-04-02

Import patches-unapplied version 1:7.5p1-1 to debian/experimental

Imported using git-ubuntu import.

Changelog parent: 2d6a7b7a356d897d168dc051cab091e02ee05f47

New changelog entries:
  * New upstream release (https://www.openssh.com/txt/release-7.5):
    - SECURITY: ssh(1), sshd(8): Fix weakness in CBC padding oracle
      countermeasures that allowed a variant of the attack fixed in OpenSSH
      7.3 to proceed. Note that the OpenSSH client disables CBC ciphers by
      default, sshd offers them as lowest-preference options and will remove
      them by default entirely in the next release.
    - This release deprecates the sshd_config UsePrivilegeSeparation option,
      thereby making privilege separation mandatory (closes: #407754).
    - The format of several log messages emitted by the packet code has
      changed to include additional information about the user and their
      authentication state. Software that monitors ssh/sshd logs may need
      to account for these changes.
    - ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
      algorithm lists, e.g. Ciphers=-*cbc.
    - sshd(1): Fix NULL dereference crash when key exchange start messages
      are sent out of sequence.
    - ssh(1), sshd(8): Allow form-feed characters to appear in configuration
      files.
    - sshd(8): Fix regression in OpenSSH 7.4 support for the server-sig-algs
      extension, where SHA2 RSA signature methods were not being correctly
      advertised.
    - ssh(1), ssh-keygen(1): Fix a number of case-sensitivity bugs in
      known_hosts processing.
    - ssh(1): Allow ssh to use certificates accompanied by a private key
      file but no corresponding plain *.pub public key.
    - ssh(1): When updating hostkeys using the UpdateHostKeys option, accept
      RSA keys if HostkeyAlgorithms contains any RSA keytype. Previously,
      ssh could ignore RSA keys when only the ssh-rsa-sha2-* methods were
      enabled in HostkeyAlgorithms and not the old ssh-rsa method.
    - ssh(1): Detect and report excessively long configuration file lines.
    - Merge a number of fixes found by Coverity and reported via Redhat and
      FreeBSD. Includes fixes for some memory and file descriptor leaks in
      error paths.
    - ssh(1), sshd(8): When logging long messages to stderr, don't truncate
      "\r\n" if the length of the message exceeds the buffer.
    - ssh(1): Fully quote [host]:port in generated ProxyJump/-J command-
      line; avoid confusion over IPv6 addresses and shells that treat square
      bracket characters specially.
    - Fix various fallout and sharp edges caused by removing SSH protocol 1
      support from the server, including the server banner string being
      incorrectly terminated with only \n (instead of \r\n), confusing error
      messages from ssh-keyscan, and a segfault in sshd if protocol v.1 was
      enabled for the client and sshd_config contained references to legacy
      keys.
    - ssh(1), sshd(8): Free fd_set on connection timeout.
    - sftp(1): Fix division by zero crash in "df" output when server returns
      zero total filesystem blocks/inodes.
    - ssh(1), ssh-add(1), ssh-keygen(1), sshd(8): Translate OpenSSL errors
      encountered during key loading to more meaningful error codes.
    - ssh-keygen(1): Sanitise escape sequences in key comments sent to
      printf but preserve valid UTF-8 when the locale supports it.
    - ssh(1), sshd(8): Return reason for port forwarding failures where
      feasible rather than always "administratively prohibited".
    - sshd(8): Fix deadlock when AuthorizedKeysCommand or
      AuthorizedPrincipalsCommand produces a lot of output and a key is
      matched early.
    - ssh(1): Fix typo in ~C error message for bad port forward
      cancellation.
    - ssh(1): Show a useful error message when included config files can't
      be opened.
    - sshd_config(5): Repair accidentally-deleted mention of %k token in
      AuthorizedKeysCommand.
    - sshd(8): Remove vestiges of previously removed LOGIN_PROGRAM.
    - ssh-agent(1): Relax PKCS#11 whitelist to include libexec and common
      32-bit compatibility library directories.
    - sftp-client(1): Fix non-exploitable integer overflow in SSH2_FXP_NAME
      response handling.
    - ssh-agent(1): Fix regression in 7.4 of deleting PKCS#11-hosted keys.
      It was not possible to delete them except by specifying their full
      physical path.
    - sshd(8): Avoid sandbox errors for Linux S390 systems using an ICA
      crypto coprocessor.
    - sshd(8): Fix non-exploitable weakness in seccomp-bpf sandbox arg
      inspection.
    - ssh-keygen(1), ssh(1), sftp(1): Fix output truncation for various that
      contain non-printable characters where the codeset in use is ASCII.