ubuntu/+source/openssh:ubuntu/saucy-updates

Last commit made on 2014-04-29
Get this branch:
git clone -b ubuntu/saucy-updates https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/saucy-updates
Repository:
lp:ubuntu/+source/openssh

Recent commits

b22b989... by Louis Bouchard on 2014-04-22

Import patches-unapplied version 1:6.2p2-6ubuntu0.4 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 24d9eea4a7ee1c02394ae190ed3cc5a3ebe3a4eb

New changelog entries:
  * Re-enable btmp logging, as its permissions were fixed a long time ago.
    Backport from Debian and Trusty. (LP: #743858)

24d9eea... by Marc Deslauriers on 2014-04-07

Import patches-unapplied version 1:6.2p2-6ubuntu0.3 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 6c14194051147ea65a08bb435675ed53a31a3b6a

New changelog entries:
  * SECURITY UPDATE: failure to check SSHFP records if server presents a
    certificate
    - debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
    - CVE-2014-2653

6c14194... by Marc Deslauriers on 2014-03-21

Import patches-unapplied version 1:6.2p2-6ubuntu0.2 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: ee14cf72edc08ce177bcf69853ec0d6a1dd08fa5

New changelog entries:
  * SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
    - debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
      session.c.
    - CVE-2014-2532

ee14cf7... by Marc Deslauriers on 2013-11-08

Import patches-unapplied version 1:6.2p2-6ubuntu0.1 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: c4d3b1b568ad6360341f9f638975aed734a28ca5

New changelog entries:
  * SECURITY UPDATE: code execution via memory corruption when using an
    AES-GCM cipher
    - debian/patches/CVE-2013-4548.patch: properly initialize MAC context
      in monitor_wrap.c.
    - CVE-2013-4548

c4d3b1b... by Colin Watson on 2013-07-02

Import patches-unapplied version 1:6.2p2-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 85a198a5d21103ae85a6346421c07fcb114480ea

New changelog entries:
  * Update config.guess and config.sub automatically at build time.
    dh_autoreconf does not take care of that by default because openssh does
    not use automake.

85a198a... by Colin Watson on 2013-06-27

Import patches-unapplied version 1:6.2p2-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ac9ac46d7615532eccd312494524e802e8ee94ab

New changelog entries:
  [ Colin Watson ]
  * Document consequences of ssh-agent being setgid in ssh-agent(1); see
    #711623.
  * Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts and
    ssh-argv0.
  [ Yolanda Robla ]
  * debian/rules: Include real distribution in SSH_EXTRAVERSION instead of
    hardcoding Debian (LP: #1195342).

ac9ac46... by Colin Watson on 2013-06-06

Import patches-unapplied version 1:6.2p2-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 5346a14a3f9ce45121cf037a57057d8c25ae2c86

New changelog entries:
  * Fix non-portable shell in ssh-copy-id (closes: #711162).
  * Rebuild against debhelper 9.20130604 with fixed dependencies for
    invoke-rc.d and Upstart jobs (closes: #711159, #711364).
  * Set SELinux context on private host keys as well as public host keys
    (closes: #687436).

5346a14... by Colin Watson on 2013-05-22

Import patches-unapplied version 1:6.2p2-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 174558cfefdecf62d35c022b46a828f24b61e92d

New changelog entries:
  * If the running init daemon is Upstart, then, on the first upgrade to
    this version, check whether sysvinit is still managing sshd; if so,
    manually stop it so that it can be restarted under upstart. We do this
    near the end of the postinst, so it shouldn't result in any appreciable
    extra window where sshd is not running during upgrade.
  * Change start condition of Upstart job to be just the standard "runlevel
    [2345]", rather than "filesystem or runlevel [2345]"; the latter makes
    it unreasonably difficult to ensure that urandom starts before ssh, and
    is not really necessary since one of static-network-up and failsafe-boot
    is guaranteed to happen and will trigger entry to the default runlevel,
    and we don't care about ssh starting before the network (LP: #1098299).
  * Drop conffile handling for direct upgrades from pre-split ssh package;
    this was originally added in 1:4.3p2-7 / 1:4.3p2-8, and contained a
    truly ghastly hack around a misbehaviour in sarge's dpkg. Since this is
    now four Debian releases ago, we can afford to drop this and simplify
    the packaging.
  * Remove ssh/use_old_init_script, which was a workaround for a very old
    bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then
    they aren't going to be convinced now (closes: #214182).
  * Remove support for upgrading directly from ssh-nonfree.
  * Remove lots of maintainer script support for direct upgrades from
    pre-etch (three releases before current stable).
  * Add #DEBHELPER# tokens to openssh-client.postinst and
    openssh-server.postinst.
  * Replace old manual conffile handling code with dpkg-maintscript-helper,
    via dh_installdeb.
  * Switch to new unified layout for Upstart jobs as documented in
    https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script
    checks for a running Upstart, and we now let dh_installinit handle most
    of the heavy lifting in maintainer scripts. Ubuntu users should be
    essentially unaffected except that sshd may no longer start
    automatically in chroots if the running Upstart predates 0.9.0; but the
    main goal is simply not to break when openssh-server is installed in a
    chroot.
  * Remove the check for vulnerable host keys; this was first added five
    years ago, and everyone should have upgraded through a version that
    applied these checks by now. The ssh-vulnkey tool and the blacklisting
    support in sshd are still here, at least for the moment.
  * This removes the last of our uses of debconf (closes: #221531).
  * Use the pam_loginuid session module (thanks, Laurent Bigonville; closes:
    #677440, LP: #1067779).
  * Bracket our session stack with calls to pam_selinux close/open (thanks,
    Laurent Bigonville; closes: #679458).
  * Fix dh_builddeb invocation so that we really use xz compression for
    binary packages, as intended since 1:6.1p1-2.

174558c... by Colin Watson on 2013-05-16

Import patches-unapplied version 1:6.2p2-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 23950d72b2c379908c0d6c8377c0e3e46defd0fa

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-6.2p2):
    - Only warn for missing identity files that were explicitly specified
      (closes: #708275).
    - Fix bug in contributed contrib/ssh-copy-id script that could result in
      "rm *" being called on mktemp failure (closes: #708419).

23950d7... by Colin Watson on 2013-05-13

Import patches-unapplied version 1:6.2p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 41426ab8dd98138af64c404e1268e070cfa62dc0

New changelog entries:
  * Renumber Debian-specific additions to enum monitor_reqtype so that they
    fit within a single byte (thanks, Jason Conti; LP: #1179202).