Last commit made on 2014-04-14
Get this branch:
git clone -b ubuntu/trusty https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information


Recent commits

a663f3d... by Colin Watson on 2014-04-14

Import patches-unapplied version 1:6.6p1-2ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1de88f18ffa2120cdf2e0825f4f081910c57d26e

New changelog entries:
  * Upload from Debian git repository to fix a release-critical bug.
  * Debconf translations:
    - French (thanks, Étienne Gilli; closes: #743242).
  * Never signal the service supervisor with SIGSTOP more than once, to
    prevent a hang on re-exec (thanks, Robie Basak; LP: #1306877).

1de88f1... by Colin Watson on 2014-03-31

Import patches-unapplied version 1:6.6p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 330db3335c84c6d1ece1a32826c303c3c1a85353

New changelog entries:
  * If no root password is set, then switch to "PermitRootLogin
    without-password" without asking (LP: #1300127).

330db33... by Colin Watson on 2014-03-28

Import patches-unapplied version 1:6.6p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6fcb8ca7b2f36e7cff1d9be2a2dc170dec309342

New changelog entries:
  [ Colin Watson ]
  * Apply various warning-suppression and regression-test fixes to
    gssapi.patch from Damien Miller.
  * New upstream release (http://www.openssh.com/txt/release-6.6,
    LP: #1298280):
    - CVE-2014-2532: sshd(8): when using environment passing with an
      sshd_config(5) AcceptEnv pattern with a wildcard, OpenSSH prior to 6.6
      could be tricked into accepting any environment variable that contains
      the characters before the wildcard character.
  * Re-enable btmp logging, as its permissions were fixed a long time ago in
    response to #370050 (closes: #341883).
  * Change to "PermitRootLogin without-password" for new installations, and
    ask a debconf question when upgrading systems with "PermitRootLogin yes"
    from previous versions (closes: #298138).
  * Debconf translations:
    - Danish (thanks, Joe Hansen).
    - Portuguese (thanks, Américo Monteiro).
    - Russian (thanks, Yuri Kozlov; closes: #742308).
    - Swedish (thanks, Andreas Rönnquist).
    - Japanese (thanks, victory).
    - German (thanks, Stephan Beck; closes: #742541).
    - Italian (thanks, Beatrice Torracca).
  * Don't start ssh-agent from the Upstart user session job if something
    like Xsession has already done so (based on work by Bruno Vasselle;
    LP: #1244736).
  [ Matthew Vernon ]
  * CVE-2014-2653: Fix failure to check SSHFP records if server presents a
    certificate (bug reported by me, patch by upstream's Damien Miller;
    thanks also to Mark Wooding for his help in fixing this) (Closes:

6fcb8ca... by Colin Watson on 2014-03-06

Import patches-unapplied version 1:6.5p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 232847bfb90ef85efadc9de312a8bd955854d608

New changelog entries:
  * Fix Breaks/Replaces versions of openssh-sftp-server on openssh-server
    (thanks, Axel Beckert).

232847b... by Colin Watson on 2014-03-05

Import patches-unapplied version 1:6.5p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: fc3cd5702b16acb800e7ffa2ed03f7961640c713

New changelog entries:
  [ Colin Watson ]
  * Add Alias=sshd.service to systemd ssh.service file, to match "Provides:
    sshd" in the sysvinit script (thanks, Michael Biebl).
  * Add Before=ssh.service to systemd ssh.socket file, since otherwise
    nothing guarantees that ssh.service has stopped before ssh.socket starts
    (thanks, Uoti Urpala).
  [ Axel Beckert ]
  * Split sftp-server into its own package to allow it to also be used by
    other SSH server implementations like dropbear (closes: #504290).

fc3cd57... by Colin Watson on 2014-02-15

Import patches-unapplied version 1:6.5p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 565ca7223b80e911e39704f10de4a2966a81a4bd

New changelog entries:
  * Configure --without-hardening on hppa, to work around
    http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
  * Amend "Running sshd from inittab" instructions in README.Debian to
    recommend 'update-rc.d ssh disable', rather than manual removal of rc*.d
    symlinks that won't work with dependency-based sysv-rc.
  * Remove code related to non-dependency-based sysv-rc ordering, since that
    is no longer supported.
  * Apply patch from https://bugzilla.mindrot.org/show_bug.cgi?id=2200 to
    fix getsockname errors when using "ssh -W" (closes: #738693).

565ca72... by Colin Watson on 2014-02-12

Import patches-unapplied version 1:6.5p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 95cdb20d8d22b0e5ed786662a26ec7b063fc0081

New changelog entries:
  * Clarify socket activation mode in README.Debian, as suggested by Uoti
  * Stop claiming that "Protocol 2" is a Debian-specific default; this has
    been upstream's default since 5.4p1.
  * Avoid stdout noise from which(1) on purge of openssh-client.
  * Fix sysvinit->systemd transition code to cope with still-running
    sysvinit jobs being considered active by systemd (thanks, Uoti Urpala
    and Michael Biebl).
  * Bump guard version for sysvinit->systemd transition to 1:6.5p1-3; we may
    have got it wrong before, and it's fairly harmless to repeat it.
  * Remove tests for whether /dev/null is a character device from the
    Upstart job and the systemd service files; it's there to avoid a
    confusing failure mode in daemon(), but with modern init systems we use
    the -D option to suppress daemonisation anyway.
  * Refer to /usr/share/common-licenses/GPL-2 in debian/copyright (for the
    Debian patch) rather than plain GPL.
  * Drop some very old Conflicts and Replaces (ssh (<< 1:3.8.1p1-9),
    rsh-client (<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-nonfree (<< 2),
    and openssh-client (<< 1:3.8.1p1-11)). These all relate to pre-etch
    versions, for which we no longer have maintainer script code, and per
    policy they would have to become Breaks nowadays anyway.
  * Policy version 3.9.5.
  * Drop unnecessary -1 in zlib1g Build-Depends version.
  * Tweak dh_systemd_enable invocations to avoid lots of error noise.

95cdb20... by Colin Watson on 2014-02-11

Import patches-unapplied version 1:6.5p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: bdf0b18e1b57c1ed30915c1cc0f2a20c12d3470a

New changelog entries:
  * Only enable ssh.service for systemd, not both ssh.service and
    ssh.socket. Thanks to Michael Biebl for spotting this.
  * Backport upstream patch to unbreak case-sensitive matching of ssh_config
    (closes: #738619).

bdf0b18... by Colin Watson on 2014-02-10

Import patches-unapplied version 1:6.5p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 80604ac76d963abee3456e043d8fb50471c73bc1

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-6.5,
    LP: #1275068):
    - ssh(1): Add support for client-side hostname canonicalisation using a
      set of DNS suffixes and rules in ssh_config(5). This allows
      unqualified names to be canonicalised to fully-qualified domain names
      to eliminate ambiguity when looking up keys in known_hosts or checking
      host certificate names (closes: #115286).
  * Switch to git; adjust Vcs-* fields.
  * Convert to git-dpm, and drop source package documentation associated
    with the old bzr/quilt patch handling workflow.
  * Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code,
    leaving only basic configuration file compatibility, since it has been
    nearly six years since the original vulnerability and this code is not
    likely to be of much value any more (closes: #481853, #570651). See
    https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full
  * Add OpenPGP signature checking configuration to watch file (thanks,
    Daniel Kahn Gillmor; closes: #732441).
  * Add the pam_keyinit session module, to create a new session keyring on
    login (closes: #734816).
  * Incorporate default path changes from shadow 1:, removing
    /usr/bin/X11 (closes: #644521).
  * Generate ED25519 host keys on fresh installations. Upgraders who wish
    to add such host keys should manually add 'HostKey
    /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run
    'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
  * Drop long-obsolete "SSH now uses protocol 2 by default" section from
  * Add systemd support (thanks, Sven Joachim; closes: #676830).

80604ac... by Colin Watson on 2013-12-23

Import patches-unapplied version 1:6.4p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 174d488906a112b90d1637689f7fe98a5fea10c5

New changelog entries:
  * Increase ServerKeyBits value in package-generated sshd_config to 1024
    (closes: #727622, LP: #1244272).
  * Restore patch to disable OpenSSL version check (closes: #732940).