ubuntu/+source/openssh:ubuntu/hardy

Last commit made on 2008-04-06
Get this branch:
git clone -b ubuntu/hardy https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/hardy
Repository:
lp:ubuntu/+source/openssh

Recent commits

cace3e3... by Colin Watson on 2008-04-06

Import patches-unapplied version 1:4.7p1-8ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 23ca25118817d79ae647e2a2be375759ad97bdb7

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
  * Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5.
  * Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from old
    configurations (LP: #211400).
  * Tweak scp's reporting of filenames in verbose mode to be a bit less
    confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
  * Backport from 4.9p1:
    - Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified (see
      http://www.securityfocus.com/bid/28531/info).
    - Add no-user-rc authorized_keys option to disable execution of
      ~/.ssh/rc.
  * Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1:
    - Add code to actually implement GSSAPIStrictAcceptorCheck, which had
      somehow been omitted from a previous version of this patch (closes:
      #474246).

23ca251... by Colin Watson on 2008-03-31

Import patches-unapplied version 1:4.7p1-7ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 2def97e3be286b7bb395c521995186f0ed3dc6c2

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
  * Ignore errors writing to oom_adj (closes: #473573).

2def97e... by Colin Watson on 2008-03-30

Import patches-unapplied version 1:4.7p1-6ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: f5a81c0e600907533e089cffe992623d5e7a840e

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
  * Disable the Linux kernel's OOM-killer for the sshd parent; tweak
    SSHD_OOM_ADJUST in /etc/default/ssh to change this (closes: #341767).

f5a81c0... by Colin Watson on 2008-03-22

Import patches-unapplied version 1:4.7p1-5ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: aa6447a63669f962d7029a5b5b9a9bb6a74f8395

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
  * Recommends: xauth rather than Suggests: xbase-clients.
  * Document in ssh(1) that '-S none' disables connection sharing
    (closes: #471437).
  * Patch from Red Hat / Fedora:
    - SECURITY: Don't use X11 forwarding port which can't be bound on all
      address families, preventing hijacking of X11 forwarding by
      unprivileged users when both IPv4 and IPv6 are configured (closes:
      #463011).
  * Use printf rather than echo -en (a bashism) in openssh-server.config and
    openssh-server.preinst.
  * debconf template translations:
    - Update Finnish (thanks, Esko Arajärvi; closes: #468563).

aa6447a... by Colin Watson on 2008-02-13

Import patches-unapplied version 1:4.7p1-4ubuntu1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: c1b2b9ed0026dd635fabc8607d488ee1e00d122f

New changelog entries:
  * Add support for registering ConsoleKit sessions on login.
  [ Caleb Case ]
  * Fix configure detection of getseuserbyname and
    get_default_context_with_level (closes: #465614, LP: #188136).
  [ Colin Watson ]
  * Include the autogenerated debian/copyright in the source package.
  * Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop defining
    SSHD_PAM_SERVICE (closes: #255870).

c1b2b9e... by Colin Watson on 2008-02-01

Import patches-unapplied version 1:4.7p1-3 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 3a2f57400ec12b259c42c17a4f49e0b5c8d6ddfa

New changelog entries:
  * Improve grammar of ssh-askpass-gnome description.
  * Backport from upstream:
    - Use the correct packet maximum sizes for remote port and agent
      forwarding. Prevents the server from killing the connection if too
      much data is queued and an excessively large packet gets sent
      (https://bugzilla.mindrot.org/show_bug.cgi?id=1360).
  * Allow passing temporary daemon parameters on the init script's command
    line, e.g. '/etc/init.d/ssh start "-o PermitRootLogin=yes"' (thanks,
    Marc Haber; closes: #458547).

3a2f574... by Colin Watson on 2008-01-11

Import patches-unapplied version 1:4.7p1-2 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 9c38ab9ffb2a4d763eb1303ebf941e867d06e10d

New changelog entries:
  * Adjust many relative links in faq.html to point to
    http://www.openssh.org/ (thanks, Dan Jacobson; mentioned in #459807).
  * Pass --with-mantype=doc to configure rather than build-depending on
    groff (closes: #460121).
  * Add armel to architecture list for libselinux1-dev build-dependency
    (closes: #460136).
  * Drop source-compatibility with Debian 3.0:
    - Remove support for building with GNOME 1. This allows simplification
      of our GNOME build-dependencies (see #460136).
    - Remove hacks to support the old PAM configuration scheme.
    - Remove compatibility for building without po-debconf.
  * Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I
    can see, the GTK2 version of ssh-askpass-gnome has never required
    libgnomeui-dev.

9c38ab9... by Colin Watson on 2007-12-24

Import patches-unapplied version 1:4.7p1-1 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 69a064ee959689f6396a6e5506ddc6243356ba45

New changelog entries:
  * New upstream release (closes: #453367).
    - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
      creation of an untrusted cookie fails; found and fixed by Jan Pechanec
      (closes: #444738).
    - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
      installations are unchanged.
    - The SSH channel window size has been increased, and both ssh(1)
      sshd(8) now send window updates more aggressively. These improves
      performance on high-BDP (Bandwidth Delay Product) networks.
    - ssh(1) and sshd(8) now preserve MAC contexts between packets, which
      saves 2 hash calls per packet and results in 12-16% speedup for
      arcfour256/hmac-md5.
    - A new MAC algorithm has been added, UMAC-64 (RFC4418) as
      "<email address hidden>". UMAC-64 has been measured to be approximately
      20% faster than HMAC-MD5.
    - Failure to establish a ssh(1) TunnelForward is now treated as a fatal
      error when the ExitOnForwardFailure option is set.
    - ssh(1) returns a sensible exit status if the control master goes away
      without passing the full exit status.
    - When using a ProxyCommand in ssh(1), set the outgoing hostname with
      gethostname(2), allowing hostbased authentication to work.
    - Make scp(1) skip FIFOs rather than hanging (closes: #246774).
    - Encode non-printing characters in scp(1) filenames. These could cause
      copies to be aborted with a "protocol error".
    - Handle SIGINT in sshd(8) privilege separation child process to ensure
      that wtmp and lastlog records are correctly updated.
    - Report GSSAPI mechanism in errors, for libraries that support multiple
      mechanisms.
    - Improve documentation for ssh-add(1)'s -d option.
    - Rearrange and tidy GSSAPI code, removing server-only code being linked
      into the client.
    - Delay execution of ssh(1)'s LocalCommand until after all forwardings
      have been established.
    - In scp(1), do not truncate non-regular files.
    - Improve exit message from ControlMaster clients.
    - Prevent sftp-server(8) from reading until it runs out of buffer space,
      whereupon it would exit with a fatal error (closes: #365541).
    - pam_end() was not being called if authentication failed
      (closes: #405041).
    - Manual page datestamps updated (closes: #433181).
  * Install the OpenSSH FAQ in /usr/share/doc/openssh-client.
    - Includes documentation on copying files with colons using scp
      (closes: #303453).
  * Create /var/run/sshd on start even if /etc/ssh/sshd_not_to_be_run exists
    (closes: #453285).
  * Fix "overriden" typo in ssh(1) (thanks, A. Costa; closes: #390699).
  * Refactor debian/rules configure and make invocations to make development
    easier.
  * Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013).
  * Update moduli(5) to revision 1.11 from OpenBSD CVS.
  * Document the non-default options we set as standard in ssh_config(5) and
    sshd_config(5) (closes: #327886, #345628).
  * Recode LICENCE to UTF-8 when concatenating it to debian/copyright.
  * Override desktop-file-but-no-dh_desktop-call lintian warning; the
    .desktop file is intentionally not installed (see 1:3.8.1p1-10).
  * Update copyright dates for Kerberos patch in debian/copyright.head.
  * Policy version 3.7.3: no changes required.

69a064e... by Colin Watson on 2007-12-03

Import patches-unapplied version 1:4.6p1-7 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 2bef53f95553f5b7a996415eaebd8e799ef1f61a

New changelog entries:
  * Don't build PIE executables on m68k (closes: #451192).
  * Use autotools-dev's recommended configure --build and --host options.
  * Adjust README.Debian to suggest mailing <email address hidden>
    rather than Matthew.
  * Check whether deluser exists in postrm (closes: #454085).

2bef53f... by Colin Watson on 2007-11-12

Import patches-unapplied version 1:4.6p1-6 to ubuntu/hardy

Imported using git-ubuntu import.

Changelog parent: 458aacd73bdb5cd6cbf2e4ab980e826385e3d23e

New changelog entries:
  * Remove blank line between head comment and first template in
    debian/openssh-server.templates.master; apparently it confuses some
    versions of debconf.
  * Install authorized_keys(5) as a symlink to sshd(8) (thanks, Tomas
    Pospisek; closes: #441817).
  * Discard error output from dpkg-query in preinsts, in case the ssh
    metapackage is not installed.
  * Fix sshd/inittab advice in README.Debian to account for rc.d movement
    (closes: #450632).
  * Suppress error from debian/rules if lsb-release is not installed.
  * Don't ignore errors from 'make -C contrib clean'.
  * Adjust categories in ssh-askpass-gnome.desktop to comply with the
    Desktop Menu Specification.
  * debconf template translations:
    - Add Slovak (thanks, Ivan Masár; closes: #441690).
    - Update Brazilian Portuguese (thanks, Eder L. Marques;
      closes: #447145).