ubuntu/+source/openssh:ubuntu/precise-proposed

Last commit made on 2014-04-30
Get this branch:
git clone -b ubuntu/precise-proposed https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-proposed
Repository:
lp:ubuntu/+source/openssh

Recent commits

39a4bef... by Louis Bouchard on 2014-04-22

Import patches-unapplied version 1:5.9p1-5ubuntu1.4 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 7f37ffb759821df55913da5781887e7ee02ec61f

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

7f37ffb... by Marc Deslauriers on 2014-04-07

Import patches-unapplied version 1:5.9p1-5ubuntu1.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 803828d79edc0f6c3ec027d0e29b6fbca041f65e

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

803828d... by Marc Deslauriers on 2014-03-21

Import patches-unapplied version 1:5.9p1-5ubuntu1.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f166e6c7de4ebfee0d1046d8cc05156aac1f7fb8

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

f166e6c... by Colin Watson on 2013-03-26

Import patches-unapplied version 1:5.9p1-5ubuntu1.1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 1df33335f63703d5f182453ac1f371806e64414d

New changelog entries:
  [ Gunnar Hjalmarsson ]
  * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
    should be read, and move the pam_env calls from "auth" to "session" so
    that it's also read when $HOME is encrypted (LP: #952185).

1df3333... by Colin Watson on 2012-04-02

Import patches-unapplied version 1:5.9p1-5ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: a7ab0a248f719c14aeb65ada89a2459ff11a74af

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.
  * Sync up pkg-config variable used in configure's ConsoleKit test with
    that used for libedit.

a7ab0a2... by Colin Watson on 2012-04-02

Import patches-unapplied version 1:5.9p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 8d25441f86a7594bf6ebf41e13971538f34c27f8

New changelog entries:
  * Use dpkg-buildflags, including for hardening support; drop use of
    hardening-includes.
  * Fix cross-building:
    - Allow using a cross-architecture pkg-config.
    - Pass default LDFLAGS to contrib/Makefile.
    - Allow dh_strip to strip gnome-ssh-askpass, rather than calling
      'install -s'.

8d25441... by Colin Watson on 2012-03-19

Import patches-unapplied version 1:5.9p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 2866bed0df0cdd96a302ced62494437e59a4ca5f

New changelog entries:
  * Disable OpenSSL version check again, as its SONAME is sufficient
    nowadays (closes: #664383).

2866bed... by Colin Watson on 2012-02-24

Import patches-unapplied version 1:5.9p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9d86f109c4c2c9706389c358e1c431bfbfba3062

New changelog entries:
  * debconf template translations:
    - Update Polish (thanks, Michał Kułach; closes: #659829).
  * Ignore errors writing to console in init script (closes: #546743).
  * Move ssh-krb5 to Section: oldlibs.

9d86f10... by Colin Watson on 2011-11-09

Import patches-unapplied version 1:5.9p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7c2379601a360515b3e99832e5cc00131675314c

New changelog entries:
  * Mark openssh-client and openssh-server as Multi-Arch: foreign.

7c23796... by Colin Watson on 2011-09-07

Import patches-unapplied version 1:5.9p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 82899b2a78e280972a4ae664909700a9ee013814

New changelog entries:
  * New upstream release (http://www.openssh.org/txt/release-5.9).
    - Introduce sandboxing of the pre-auth privsep child using an optional
      sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
      mandatory restrictions on the syscalls the privsep child can perform.
    - Add new SHA256-based HMAC transport integrity modes from
      http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
    - The pre-authentication sshd(8) privilege separation slave process now
      logs via a socket shared with the master process, avoiding the need to
      maintain /dev/log inside the chroot (closes: #75043, #429243,
      #599240).
    - ssh(1) now warns when a server refuses X11 forwarding (closes:
      #504757).
    - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
      separated by whitespace (closes: #76312). The authorized_keys2
      fallback is deprecated but documented (closes: #560156).
    - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
      ToS/DSCP (closes: #498297).
    - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
      - < /path/to/key" (closes: #229124).
    - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
    - Say "required" rather than "recommended" in unprotected-private-key
      warning (LP: #663455).
  * Update OpenSSH FAQ to revision 1.112.