ubuntu/+source/openssh:ubuntu/trusty-proposed

Last commit made on 2016-01-27
Get this branch:
git clone -b ubuntu/trusty-proposed https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-proposed
Repository:
lp:ubuntu/+source/openssh

Recent commits

9cab392... by Mathieu Trudel-Lapierre on 2016-01-26

Import patches-unapplied version 1:6.6p1-2ubuntu2.6 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: f9c816c12b5b33107203e4f8ec2ea7910b3f6543

New changelog entries:
  * debian/control, debian/rules: enable libaudit support. (LP: #1478087)

f9c816c... by Kees Cook on 2016-01-14

Import patches-unapplied version 1:6.6p1-2ubuntu2.5 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 481d0204ec710bd12660ba14199e52da7c00cc08

New changelog entries:
  * Backport upstream reporting of max auth attempts, so that fail2bail
    and similar tools can learn the IP address of brute forcers.
    (LP: #1534340)
    - debian/patches/report-max-auth.patch

481d020... by Marc Deslauriers on 2016-01-13

Import patches-unapplied version 1:6.6p1-2ubuntu2.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7f4569cee16987dddeccddeefe499973cf1ae314

New changelog entries:
  * SECURITY UPDATE: information leak and overflow in roaming support
    - debian/patches/CVE-2016-077x.patch: completely disable roaming option
      in readconf.c.
    - CVE-2016-0777
    - CVE-2016-0778

7f4569c... by Marc Deslauriers on 2015-08-18

Import patches-unapplied version 1:6.6p1-2ubuntu2.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: d74206146877ab23923243850d6f76b44191e9f6

New changelog entries:
  * SECURITY REGRESSION: random auth failures because of uninitialized
    struct field (LP: #1485719)
    - debian/patches/CVE-2015-5600-2.patch:

d742061... by Marc Deslauriers on 2015-08-14

Import patches-unapplied version 1:6.6p1-2ubuntu2.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fbb996b72dbabb934e90c4f0eea24ea41ec1327b

New changelog entries:
  * SECURITY UPDATE: possible user impersonation via PAM support
    - debian/patches/pam-security-1.patch: don't resend username to PAM in
      monitor.c, monitor_wrap.c.
    - CVE number pending
  * SECURITY UPDATE: use-after-free in PAM support
    - debian/patches/pam-security-2.patch: fix use after free in monitor.c.
    - CVE number pending
  * SECURITY UPDATE:
    - debian/patches/CVE-2015-5600.patch: only query each
      keyboard-interactive device once per authentication request in
      auth2-chall.c.
    - CVE-2015-5600
  * SECURITY UPDATE: X connections access restriction bypass
    - debian/patches/CVE-2015-5352.patch: refuse ForwardX11Trusted=no
      connections attempted after ForwardX11Timeout expires in channels.c,
      channels.h, clientloop.c.
    - CVE-2015-5352

fbb996b... by Colin Watson on 2014-05-02

Import patches-unapplied version 1:6.6p1-2ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: a663f3d8fe8e2ddb57b6326cd729d235280e4ba9

New changelog entries:
  * Apply upstream-recommended patch to fix bignum encoding for
    <email address hidden>, fixing occasional key exchange failures
    (LP: #1310781).
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).

a663f3d... by Colin Watson on 2014-04-14

Import patches-unapplied version 1:6.6p1-2ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 1de88f18ffa2120cdf2e0825f4f081910c57d26e

New changelog entries:
  * Upload from Debian git repository to fix a release-critical bug.
  * Debconf translations:
    - French (thanks, Étienne Gilli; closes: #743242).
  * Never signal the service supervisor with SIGSTOP more than once, to
    prevent a hang on re-exec (thanks, Robie Basak; LP: #1306877).

1de88f1... by Colin Watson on 2014-03-31

Import patches-unapplied version 1:6.6p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 330db3335c84c6d1ece1a32826c303c3c1a85353

New changelog entries:
  * If no root password is set, then switch to "PermitRootLogin
    without-password" without asking (LP: #1300127).

330db33... by Colin Watson on 2014-03-28

Import patches-unapplied version 1:6.6p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6fcb8ca7b2f36e7cff1d9be2a2dc170dec309342

New changelog entries:
  [ Colin Watson ]
  * Apply various warning-suppression and regression-test fixes to
    gssapi.patch from Damien Miller.
  * New upstream release (http://www.openssh.com/txt/release-6.6,
    LP: #1298280):
    - CVE-2014-2532: sshd(8): when using environment passing with an
      sshd_config(5) AcceptEnv pattern with a wildcard, OpenSSH prior to 6.6
      could be tricked into accepting any environment variable that contains
      the characters before the wildcard character.
  * Re-enable btmp logging, as its permissions were fixed a long time ago in
    response to #370050 (closes: #341883).
  * Change to "PermitRootLogin without-password" for new installations, and
    ask a debconf question when upgrading systems with "PermitRootLogin yes"
    from previous versions (closes: #298138).
  * Debconf translations:
    - Danish (thanks, Joe Hansen).
    - Portuguese (thanks, Américo Monteiro).
    - Russian (thanks, Yuri Kozlov; closes: #742308).
    - Swedish (thanks, Andreas Rönnquist).
    - Japanese (thanks, victory).
    - German (thanks, Stephan Beck; closes: #742541).
    - Italian (thanks, Beatrice Torracca).
  * Don't start ssh-agent from the Upstart user session job if something
    like Xsession has already done so (based on work by Bruno Vasselle;
    LP: #1244736).
  [ Matthew Vernon ]
  * CVE-2014-2653: Fix failure to check SSHFP records if server presents a
    certificate (bug reported by me, patch by upstream's Damien Miller;
    thanks also to Mark Wooding for his help in fixing this) (Closes:
    #742513)

6fcb8ca... by Colin Watson on 2014-03-06

Import patches-unapplied version 1:6.5p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 232847bfb90ef85efadc9de312a8bd955854d608

New changelog entries:
  * Fix Breaks/Replaces versions of openssh-sftp-server on openssh-server
    (thanks, Axel Beckert).