ubuntu/+source/openssh:ubuntu/gutsy-security

Last commit made on 2008-10-01
Get this branch:
git clone -b ubuntu/gutsy-security https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/gutsy-security
Repository:
lp:ubuntu/+source/openssh

Recent commits

b02dee8... by Kees Cook on 2008-09-29

Import patches-unapplied version 1:4.6p1-5ubuntu0.6 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: fcc605c55f59a261f0af96237f9834136114a639

New changelog entries:
  * SECURITY UPDATE: block .ssh/rc processing when running ForceCommand.
  * References
    CVE-2008-1657

fcc605c... by Jamie Strandboge on 2008-05-14

Import patches-unapplied version 1:4.6p1-5ubuntu0.5 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 4db1e8c31e95abf2d42367791a025461fa55cca0

New changelog entries:
  * Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).
  * ssh-vulnkey handles options in authorized_keys (LP: #230029), and treats
    # as introducing a comment even if it is preceded by whitespace (thanks
    Colin Watson)

4db1e8c... by Jamie Strandboge on 2008-05-13

Import patches-unapplied version 1:4.6p1-5ubuntu0.4 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 371d5ea54f36dc22b93caac525015a24717c5c75

New changelog entries:
  * fix error in Template file

371d5ea... by Jamie Strandboge on 2008-05-13

Import patches-unapplied version 1:4.6p1-5ubuntu0.3 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: 4dc4d9f19439ee7531497fe77f70ae0e5d59070d

New changelog entries:
  * Mitigate OpenSSL security vulnerability thank to Colin Watson:
    - Add key blacklisting support. Keys listed in
      /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
      sshd, unless "PermitBlacklistedKeys yes" is set in
      /etc/ssh/sshd_config.
    - Add a new program, ssh-vulnkey, which can be used to check keys
      against these blacklists.
    - Depend on openssh-blacklist.
    - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
      0.9.8c-4ubuntu0.3.
    - Automatically regenerate known-compromised host keys, with a
      critical-priority debconf note. (I regret that there was no time to
      gather translations.)
  * added README.compromised-keys thanks to Colin Watson
  * References
    CVE-2008-0166
    http://www.ubuntu.com/usn/usn-612-1

4dc4d9f... by Kees Cook on 2008-04-01

Import patches-unapplied version 1:4.6p1-5ubuntu0.2 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: cc0e26efe5897f84184fc6799f15d6b89d22c5b6

New changelog entries:
  * SECURITY UPDATE: X11 forward hijacking via alternate address families.
  * channels.c: upstream fixes, patched inline. Thanks to Nicolas Valcarcel
    (LP: #210175).
  * References
    CVE-2008-1483

cc0e26e... by Kees Cook on 2008-01-09

Import patches-unapplied version 1:4.6p1-5ubuntu0.1 to ubuntu/gutsy-security

Imported using git-ubuntu import.

Changelog parent: f36e1021f30854843f040454dbfccaf577cf7294

New changelog entries:
  * SECURITY UPDATE: trusted cookie leak when untrusted cookie cannot be
    generated.
  * debian/control: Updated Maintainer Field to follow Ubuntu Maintainer Policy
  * clientloop.c: Applied patch according to openssh upstream (LP: #162171),
    thanks to Stephan Hermann.
  * References:
    CVE-2007-4752
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444738
    http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/clientloop.c.diff?r1=1.180&r2=1.181

f36e102... by LaMont Jones on 2007-10-04

Import patches-unapplied version 1:4.6p1-5build1 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: 458aacd73bdb5cd6cbf2e4ab980e826385e3d23e

New changelog entries:
  * Trigger rebuild for hppa

458aacd... by Colin Watson on 2007-07-30

Import patches-unapplied version 1:4.6p1-5 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: e048dfdd3933d3d304bd01bd7517c49b51bddd1c

New changelog entries:
  * Identify ssh as a metapackage rather than a transitional package. It's
    still useful as a quick way to install both the client and the server.
  * ssh-copy-id now checks the exit status of ssh-add -L (thanks, Adeodato
    Simó; closes: #221675).
  * ssh-copy-id no longer prints the output of expr (thanks, Peter
    Eisentraut; closes: #291534).
  * ssh-copy-id defaults to ~/.ssh/id_rsa.pub rather than
    ~/.ssh/identity.pub, in line with ssh-keygen (thanks, Greg Norris;
    closes: #234627).
  * Build-depend on libselinux1-dev on lpia.
  * openssh-client Suggests: keychain.
  * debconf template translations:
    - Update Catalan (thanks, Jordà Polo; closes: #431970).
  * Don't build PIE executables on hppa, as they crash.
  * Only build PIE executables on Linux and NetBSD (closes: #430455).
  * Fix broken switch fallthrough when SELinux is running in permissive mode
    (closes: #430838).
  * Document that HashKnownHosts may break tab-completion (closes: #430154).

e048dfd... by Colin Watson on 2007-06-20

Import patches-unapplied version 1:4.6p1-2 to ubuntu/gutsy

Imported using git-ubuntu import.

Changelog parent: ad347d6bf28708b855ccd518909d41e3198cd0be

New changelog entries:
  * Fix ordering of SYSLOG_LEVEL_QUIET and SYSLOG_LEVEL_FATAL.
  * Clarify that 'ssh -q -q' still prints errors caused by bad arguments
    (i.e. before the logging system is initialised).
  * Suppress "Connection to <host> closed" and "Connection to master closed"
    messages at loglevel SILENT (thanks, Jaap Eldering; closes: #409788).
  * Suppress "Pseudo-terminal will not be allocated because stdin is not a
    terminal" message at loglevels QUIET and SILENT (closes: #366814).
  * Document the SILENT loglevel in sftp-server(8), ssh_config(5), and
    sshd_config(5).
  * Add try-restart action to init script.
  * Add /etc/network/if-up.d/openssh-server to restart sshd when new
    interfaces appear (LP: #103436).
  * Backport from upstream:
    - Move C/R -> kbdint special case to after the defaults have been
      loaded, which makes ChallengeResponse default to yes again. This was
      broken by the Match changes and not fixed properly subsequently
      (closes: #428968).
    - Silence spurious error messages from hang-on-exit fix
      (http://bugzilla.mindrot.org/show_bug.cgi?id=1306, closes: #429531).

ad347d6... by Colin Watson on 2007-06-12

Import patches-unapplied version 1:4.6p1-1 to ubuntu/gutsy

Imported using git-ubuntu import.