Last commit made on 2014-05-15
Get this branch:
git clone -b ubuntu/saucy-devel https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

022af82... by Colin Watson on 2014-05-02

Import patches-unapplied version 1:6.2p2-6ubuntu0.5 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: b22b989400911aec4cb50cd30e135617a5582d2e

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

b22b989... by Louis Bouchard on 2014-04-22

Import patches-unapplied version 1:6.2p2-6ubuntu0.4 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 24d9eea4a7ee1c02394ae190ed3cc5a3ebe3a4eb

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

24d9eea... by Marc Deslauriers on 2014-04-07

Import patches-unapplied version 1:6.2p2-6ubuntu0.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 6c14194051147ea65a08bb435675ed53a31a3b6a

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

6c14194... by Marc Deslauriers on 2014-03-21

Import patches-unapplied version 1:6.2p2-6ubuntu0.2 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: ee14cf72edc08ce177bcf69853ec0d6a1dd08fa5

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
    - CVE-2014-2532

ee14cf7... by Marc Deslauriers on 2013-11-08

Import patches-unapplied version 1:6.2p2-6ubuntu0.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: c4d3b1b568ad6360341f9f638975aed734a28ca5

New changelog entries:
  * SECURITY UPDATE: code execution via memory corruption when using an
    AES-GCM cipher
    - debian/patches/CVE-2013-4548.patch: properly initialize MAC context
      in monitor_wrap.c.
    - CVE-2013-4548

c4d3b1b... by Colin Watson on 2013-07-02

Import patches-unapplied version 1:6.2p2-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85a198a5d21103ae85a6346421c07fcb114480ea

New changelog entries:
  * Update config.guess and config.sub automatically at build time.
    dh_autoreconf does not take care of that by default because openssh does
    not use automake.

85a198a... by Colin Watson on 2013-06-27

Import patches-unapplied version 1:6.2p2-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ac9ac46d7615532eccd312494524e802e8ee94ab

New changelog entries:
  [ Colin Watson ]
  * Document consequences of ssh-agent being setgid in ssh-agent(1); see
  * Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts and
  [ Yolanda Robla ]
  * debian/rules: Include real distribution in SSH_EXTRAVERSION instead of
    hardcoding Debian (LP: #1195342).

ac9ac46... by Colin Watson on 2013-06-06

Import patches-unapplied version 1:6.2p2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5346a14a3f9ce45121cf037a57057d8c25ae2c86

New changelog entries:
  * Fix non-portable shell in ssh-copy-id (closes: #711162).
  * Rebuild against debhelper 9.20130604 with fixed dependencies for
    invoke-rc.d and Upstart jobs (closes: #711159, #711364).
  * Set SELinux context on private host keys as well as public host keys
    (closes: #687436).

5346a14... by Colin Watson on 2013-05-22

Import patches-unapplied version 1:6.2p2-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 174558cfefdecf62d35c022b46a828f24b61e92d

New changelog entries:
  * If the running init daemon is Upstart, then, on the first upgrade to
    this version, check whether sysvinit is still managing sshd; if so,
    manually stop it so that it can be restarted under upstart. We do this
    near the end of the postinst, so it shouldn't result in any appreciable
    extra window where sshd is not running during upgrade.
  * Change start condition of Upstart job to be just the standard "runlevel
    [2345]", rather than "filesystem or runlevel [2345]"; the latter makes
    it unreasonably difficult to ensure that urandom starts before ssh, and
    is not really necessary since one of static-network-up and failsafe-boot
    is guaranteed to happen and will trigger entry to the default runlevel,
    and we don't care about ssh starting before the network (LP: #1098299).
  * Drop conffile handling for direct upgrades from pre-split ssh package;
    this was originally added in 1:4.3p2-7 / 1:4.3p2-8, and contained a
    truly ghastly hack around a misbehaviour in sarge's dpkg. Since this is
    now four Debian releases ago, we can afford to drop this and simplify
    the packaging.
  * Remove ssh/use_old_init_script, which was a workaround for a very old
    bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then
    they aren't going to be convinced now (closes: #214182).
  * Remove support for upgrading directly from ssh-nonfree.
  * Remove lots of maintainer script support for direct upgrades from
    pre-etch (three releases before current stable).
  * Add #DEBHELPER# tokens to openssh-client.postinst and
  * Replace old manual conffile handling code with dpkg-maintscript-helper,
    via dh_installdeb.
  * Switch to new unified layout for Upstart jobs as documented in
    https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script
    checks for a running Upstart, and we now let dh_installinit handle most
    of the heavy lifting in maintainer scripts. Ubuntu users should be
    essentially unaffected except that sshd may no longer start
    automatically in chroots if the running Upstart predates 0.9.0; but the
    main goal is simply not to break when openssh-server is installed in a
  * Remove the check for vulnerable host keys; this was first added five
    years ago, and everyone should have upgraded through a version that
    applied these checks by now. The ssh-vulnkey tool and the blacklisting
    support in sshd are still here, at least for the moment.
  * This removes the last of our uses of debconf (closes: #221531).
  * Use the pam_loginuid session module (thanks, Laurent Bigonville; closes:
    #677440, LP: #1067779).
  * Bracket our session stack with calls to pam_selinux close/open (thanks,
    Laurent Bigonville; closes: #679458).
  * Fix dh_builddeb invocation so that we really use xz compression for
    binary packages, as intended since 1:6.1p1-2.

174558c... by Colin Watson on 2013-05-16

Import patches-unapplied version 1:6.2p2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 23950d72b2c379908c0d6c8377c0e3e46defd0fa

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-6.2p2):
    - Only warn for missing identity files that were explicitly specified
      (closes: #708275).
    - Fix bug in contributed contrib/ssh-copy-id script that could result in
      "rm *" being called on mktemp failure (closes: #708419).