openssh 1:4.3p2-2ubuntu1 source package in Ubuntu

Changelog

openssh (1:4.3p2-2ubuntu1) edgy; urgency=low

  * Resynchronise with Debian.
  * Drop direct upgrade compatibility from the Warty preview release.
  * Drop patch to use /usr/bin/xauth instead of /usr/bin/X11/xauth; the
    /usr/bin/X11 symlink should always exist, and using it makes the package
    easier to backport.

openssh (1:4.3p2-2) unstable; urgency=low

  * Include commented-out pam_access example in /etc/pam.d/ssh.
  * On '/etc/init.d/ssh restart', create /var/run/sshd before checking the
    server configuration, as otherwise 'sshd -t' will complain about the
    lack of /var/run/sshd (closes: https://launchpad.net/bugs/45234).
  * debconf template translations:
    - Update Russian (thanks, Yuriy Talakan'; closes: #367143).
    - Update Czech (thanks, Miroslav Kure; closes: #367161).
    - Update Italian (thanks, Luca Monducci; closes: #367186).
    - Update Galician (thanks, Jacobo Tarrio; closes: #367318).
    - Update Swedish (thanks, Daniel Nylander; closes: #367971).

openssh (1:4.3p2-1) unstable; urgency=low

  * New upstream release (closes: #361032).
    - CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
      subshell to perform local to local, and remote to remote copy
      operations. This subshell exposed filenames to shell expansion twice;
      allowing a local attacker to create filenames containing shell
      metacharacters that, if matched by a wildcard, could lead to execution
      of attacker-specified commands with the privilege of the user running
      scp (closes: #349645).
    - Add support for tunneling arbitrary network packets over a connection
      between an OpenSSH client and server via tun(4) virtual network
      interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN
      between the client and server providing real network connectivity at
      layer 2 or 3. This feature is experimental.
    - Reduce default key length for new DSA keys generated by ssh-keygen
      back to 1024 bits. DSA is not specified for longer lengths and does
      not fully benefit from simply making keys longer. As per FIPS 186-2
      Change Notice 1, ssh-keygen will refuse to generate a new DSA key
      smaller or larger than 1024 bits.
    - Fixed X forwarding failing to start when the X11 client is executed in
      background at the time of session exit.
    - Change ssh-keygen to generate a protocol 2 RSA key when invoked
      without arguments (closes: #114894).
    - Fix timing variance for valid vs. invalid accounts when attempting
      Kerberos authentication.
    - Ensure that ssh always returns code 255 on internal error
      (closes: #259865).
    - Cleanup wtmp files on SIGTERM when not using privsep.
    - Set SO_REUSEADDR on X11 listeners to avoid problems caused by
      lingering sockets from previous session (X11 applications can
      sometimes not connect to 127.0.0.1:60xx) (closes:
      https://launchpad.net/bugs/25528).
    - Ensure that fds 0, 1 and 2 are always attached in all programs, by
      duping /dev/null to them if necessary.
    - Xauth list invocation had bogus "." argument.
    - Remove internal assumptions on key exchange hash algorithm and output
      length, preparing OpenSSH for KEX methods with alternate hashes.
    - Ignore junk sent by a server before it sends the "SSH-" banner.
    - Many manual page improvements.
    - Lots of cleanups, including fixes to memory leaks on error paths and
      possible crashes.
  * Update to current GSSAPI patch from
    http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch
    (closes: #352042).
  * debian/rules: Resynchronise CFLAGS with that generated by configure.
  * Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself
    when PAM is enabled, but relies on PAM to do it.
  * Rename KeepAlive to TCPKeepAlive in default sshd_config
    (closes: #349896).
  * Rephrase ssh/new_config and ssh/encrypted_host_key_but_no_keygen debconf
    templates to make boolean short descriptions end with a question mark
    and to avoid use of the first person.
  * Ship README.tun.
  * Policy version 3.7.2: no changes required.
  * debconf template translations:
    - Update Italian (thanks, Luca Monducci; closes: #360348).
    - Add Galician (thanks, Jacobo Tarrio; closes: #361220).

openssh (1:4.2p1-8) unstable; urgency=low

  [ Frans Pop ]
  * Use udeb support introduced in debhelper 4.2.0 (available in sarge)
    rather than constructing udebs by steam.
  * Require debhelper 5.0.22, which generates correct shared library
    dependencies for udebs (closes: #360068). This build-dependency can be
    ignored if building on sarge.

  [ Colin Watson ]
  * Switch to debhelper compatibility level 4, since we now require
    debhelper 4 even on sarge anyway for udeb support.

 -- Colin Watson <email address hidden>   Wed, 28 Jun 2006 11:24:47 +0100