ubuntu/+source/openssh:ubuntu/vivid-proposed

Last commit made on 2015-04-09
Get this branch:
git clone -b ubuntu/vivid-proposed https://git.launchpad.net/ubuntu/+source/openssh
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/vivid-proposed
Repository:
lp:ubuntu/+source/openssh

Recent commits

ae5f25d... by Martin Pitt on 2015-04-09

Import patches-unapplied version 1:6.7p1-5ubuntu1 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 05f02a8a3fd0f86043560cd2ad422a5af1f733c6

New changelog entries:
  * openssh-server.postinst: Quiesce "Unable to connect to Upstart" error
    message from initctl if upstart is installed, but not the current init
    system. (LP: #1440070)
  * openssh-server.postinst: Fix version comparisons of upgrade adjustments to
    not apply to fresh installs.

05f02a8... by Colin Watson on 2015-03-22

Import patches-unapplied version 1:6.7p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: b36aac0040cc4639ecad0701395076a3aacc6967

New changelog entries:
  * Revert change from previous upload, which causes far more trouble than
    it is worth (closes: #780797):
    - Send/accept only specific known LC_* variables, rather than using a
      wildcard.
  * Add a NEWS.Debian entry documenting this reversion, as it is too
    difficult to undo the sshd_config change automatically without
    compounding the problem of (arguably) overwriting user configuration.

b36aac0... by Colin Watson on 2015-03-18

Import patches-unapplied version 1:6.7p1-4 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 74206475ba89b331fc857eaa47ab92b37c7b6651

New changelog entries:
  * Send/accept only specific known LC_* variables, rather than using a
    wildcard (closes: #765633).
  * Document interactions between ListenAddress/Port and ssh.socket in
    README.Debian (closes: #764842).
  * Debconf translations:
    - Brazilian Portuguese (thanks, José de Figueiredo; closes: #771859).

7420647... by Colin Watson on 2014-11-03

Import patches-unapplied version 1:6.7p1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6343ce920759ee85035f8c883a872cb0633d2aaf

New changelog entries:
  * Debconf translations:
    - Dutch (thanks, Frans Spiesschaert; closes: #765851).
  * Assume that dpkg-statoverride exists and drop the test for an obsolete
    compatibility path.

6343ce9... by Colin Watson on 2014-10-10

Import patches-unapplied version 1:6.7p1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ad72db5881f704dfbc1d6518b8aabe4df7187ffe

New changelog entries:
  * debian/tests/control: Drop isolation-container, since the tests run on a
    high port. They're still not guaranteed to run correctly in an schroot,
    but may manage to work, so this lets the tests at least try to run on
    ci.debian.net.

ad72db5... by Colin Watson on 2014-10-09

Import patches-unapplied version 1:6.7p1-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: a94068afc4b1d22ad58528df20c0f370e4eb4657

New changelog entries:
  * New upstream release (http://www.openssh.com/txt/release-6.7):
    - sshd(8): The default set of ciphers and MACs has been altered to
      remove unsafe algorithms. In particular, CBC ciphers and arcfour* are
      disabled by default. The full set of algorithms remains available if
      configured explicitly via the Ciphers and MACs sshd_config options.
    - ssh(1), sshd(8): Add support for Unix domain socket forwarding. A
      remote TCP port may be forwarded to a local Unix domain socket and
      vice versa or both ends may be a Unix domain socket (closes: #236718).
    - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519
      key types.
    - sftp(1): Allow resumption of interrupted uploads.
    - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is
      the same as the one sent during initial key exchange.
    - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses
      when GatewayPorts=no; allows client to choose address family.
    - sshd(8): Add a sshd_config PermitUserRC option to control whether
      ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys
      option.
    - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that
      expands to a unique identifer based on a hash of the tuple of (local
      host, remote user, hostname, port). Helps avoid exceeding miserly
      pathname limits for Unix domain sockets in multiplexing control paths.
    - sshd(8): Make the "Too many authentication failures" message include
      the user, source address, port and protocol in a format similar to the
      authentication success / failure messages.
    - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is
      available. It considers time spent suspended, thereby ensuring
      timeouts (e.g. for expiring agent keys) fire correctly (closes:
      #734553).
    - Use prctl() to prevent sftp-server from accessing
      /proc/self/{mem,maps}.
  * Restore TCP wrappers support, removed upstream in 6.7. It is true that
    dropping this reduces preauth attack surface in sshd. On the other
    hand, this support seems to be quite widely used, and abruptly dropping
    it (from the perspective of users who don't read openssh-unix-dev) could
    easily cause more serious problems in practice. It's not entirely clear
    what the right long-term answer for Debian is, but it at least probably
    doesn't involve dropping this feature shortly before a freeze.
  * Replace patch to disable OpenSSL version check with an updated version
    of Kurt Roeckx's patch from #732940 to just avoid checking the status
    field.
  * Build-depend on a new enough dpkg-dev for dpkg-buildflags, rather than
    simply a new enough dpkg.
  * Simplify debian/rules using /usr/share/dpkg/buildflags.mk.
  * Use Package-Type rather than XC-Package-Type, now that it is an official
    field.
  * Run a subset of the upstream regression test suite at package build
    time, and the rest of it under autopkgtest.

a94068a... by Colin Watson on 2014-10-03

Import patches-unapplied version 1:6.6p1-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9024265b5ca71bce46a376cca92fa3ecb7bb44fd

New changelog entries:
  * Make the if-up hook use "reload" rather than "restart" if the system was
    booted using systemd (closes: #756547).
  * Show fingerprints of new keys after creating them in the postinst
    (closes: #762128).
  * Policy version 3.9.6: no changes required.
  * Don't link /usr/share/doc/ssh to openssh-client, as this is not safe
    between Architecture: all and Architecture: any binary packages (closes:
    #763375).

9024265... by Colin Watson on 2014-08-05

Import patches-unapplied version 1:6.6p1-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6db5b05dc6161b77f1755b459959377eb66a6ffa

New changelog entries:
  * Make sure that DEB_HOST_ARCH is set, even when invoking debian/rules
    directly.
  * Use dh-exec to simplify override_dh_install target.
  * Remove several unnecessary entries in debian/*.dirs.
  * Pass noupdate to the second call to pam_motd, not the first (thanks, Ken
    T Takusagawa; closes: #757059).
  * Debconf translations:
    - Turkish (thanks, Mert Dirik; closes: #756757).

6db5b05... by Colin Watson on 2014-06-28

Import patches-unapplied version 1:6.6p1-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 4c6ff4822903c349ae363d14aaad544edb59de4f

New changelog entries:
  * Upgrade to debhelper v9.
  * Only use pam_keyinit on Linux architectures (closes: #747245).
  * Make get_config_option more robust against trailing whitespace (thanks,
    LaMont Jones).
  * Debconf translations:
    - Czech (thanks, Michal Šimůnek; closes: #751419).

4c6ff48... by Colin Watson on 2014-05-01

Import patches-unapplied version 1:6.6p1-5 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d16d623d2f1f58056d53c3f994b4b6d9c6fd58c3

New changelog entries:
  * Force ssh-agent Upstart job to use sh syntax regardless of the user's
    shell (thanks, Steffen Stempel; LP: #1312928).