Format: 1.8 Date: Wed, 02 Dec 2015 20:18:35 +0000 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: arm64 arm64_translations Version: 1:7.1p1-1 Distribution: xenial-proposed Urgency: medium Maintainer: Launchpad Build Daemon <buildd@twombly.buildd> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 779068 785190 Changes: openssh (1:7.1p1-1) unstable; urgency=medium . * New upstream release (http://www.openssh.com/txt/release-7.0, closes: #785190): - Support for the legacy SSH version 1 protocol is disabled by default at compile time. - Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is disabled by default at run-time. It may be re-enabled using the instructions at http://www.openssh.com/legacy.html - Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by default at run-time. These may be re-enabled using the instructions at http://www.openssh.com/legacy.html - Support for the legacy v00 cert format has been removed. - The default for the sshd_config(5) PermitRootLogin option has changed from "yes" to "prohibit-password". - PermitRootLogin=without-password/prohibit-password now bans all interactive authentication methods, allowing only public-key, hostbased and GSSAPI authentication (previously it permitted keyboard-interactive and password-less authentication if those were enabled). - ssh_config(5): Add PubkeyAcceptedKeyTypes option to control which public key types are available for user authentication. - sshd_config(5): Add HostKeyAlgorithms option to control which public key types are offered for host authentications. - ssh(1), sshd(8): Extend Ciphers, MACs, KexAlgorithms, HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes options to allow appending to the default set of algorithms instead of replacing it. Options may now be prefixed with a '+' to append to the default, e.g. "HostKeyAlgorithms=+ssh-dss". - sshd_config(5): PermitRootLogin now accepts an argument of 'prohibit-password' as a less-ambiguous synonym of 'without- password'. - ssh(1), sshd(8): Add compatability workarounds for Cisco and more PuTTY versions. - Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux documentation relating to Unix domain socket forwarding. - ssh(1): Improve the ssh(1) manual page to include a better description of Unix domain socket forwarding (closes: #779068). - ssh(1), ssh-agent(1): Skip uninitialised PKCS#11 slots, fixing failures to load keys when they are present. - ssh(1), ssh-agent(1): Do not ignore PKCS#11 hosted keys that wth empty CKA_ID. - sshd(8): Clarify documentation for UseDNS option. - Check realpath(3) behaviour matches what sftp-server requires and use a replacement if necessary. * New upstream release (http://www.openssh.com/txt/release-7.1): - sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin= prohibit-password/without-password that could, depending on compile-time configuration, permit password authentication to root while preventing other forms of authentication. This problem was reported by Mantas Mikulenas. - ssh(1), sshd(8): Add compatibility workarounds for FuTTY. - ssh(1), sshd(8): Refine compatibility workarounds for WinSCP. - Fix a number of memory faults (double-free, free of uninitialised memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz Kocielski. * Change "PermitRootLogin without-password" to the new preferred spelling of "PermitRootLogin prohibit-password" in sshd_config, and update documentation to reflect the new upstream default. * Enable conch interoperability tests under autopkgtest. Checksums-Sha1: 57f4bbb4f6dbfec8220621d30097c8ee7cf1d1bb 1081120 openssh-client-dbgsym_7.1p1-1_arm64.ddeb 36a412298122546845adb165da53bcef671ff221 517232 openssh-client-udeb-dbgsym_7.1p1-1_arm64.ddeb 83035d7c7ab6ca68db691bc542a8cbfd9d674487 231540 openssh-client-udeb_7.1p1-1_arm64.udeb 0c16d8ccbae6fd99e1fa4b229174159288789e35 498132 openssh-client_7.1p1-1_arm64.deb 555caa703280450be4b57ebf53832d90b8a83005 589336 openssh-server-dbgsym_7.1p1-1_arm64.ddeb 05472de5ef7674afe7f9a963aa3cde64a649ba5d 579132 openssh-server-udeb-dbgsym_7.1p1-1_arm64.ddeb 74f3bf13b68a4f50f6a7ee76318c17a5bdbc1d0b 244998 openssh-server-udeb_7.1p1-1_arm64.udeb c3c96b24860d9c0c68b894bfce6228d73d2c1887 290012 openssh-server_7.1p1-1_arm64.deb 3bf3b658fe9a6a8d4f4498f003bf262acd151341 79310 openssh-sftp-server-dbgsym_7.1p1-1_arm64.ddeb 1a7d5e0324fbcd224a2fd7317fbd9e3f51948ed0 33162 openssh-sftp-server_7.1p1-1_arm64.deb 3b7a3908c15993590be20c99e51108f2f33bd479 8478 openssh_7.1p1-1_arm64_translations.tar.gz 8756fffaa1478c9bb7e3a1618c25534bdd0804c9 11716 ssh-askpass-gnome-dbgsym_7.1p1-1_arm64.ddeb d33c0632a3fd74f35e38a2c02d38d00a15acba51 14038 ssh-askpass-gnome_7.1p1-1_arm64.deb Checksums-Sha256: cd1fb141dad98c03df829f27f83b8952dde9f469e6eccdaadee5fe0729988895 1081120 openssh-client-dbgsym_7.1p1-1_arm64.ddeb ea715077ab96d5741b469e472b3a896f28481bff633ba7a39b534eec97151ef0 517232 openssh-client-udeb-dbgsym_7.1p1-1_arm64.ddeb c53f9c7d8b2d03196a39c911fa28f33441c9a89f74b03244d8c94ae410bcd87e 231540 openssh-client-udeb_7.1p1-1_arm64.udeb 5514c390ee8073bc134e0ac38d320310dd3f516c133cf61c857e729903738767 498132 openssh-client_7.1p1-1_arm64.deb aad921b1c3d97054754838cc21c31127d768eca71816594319f48220a4e9cff9 589336 openssh-server-dbgsym_7.1p1-1_arm64.ddeb 3cfe8cb92ee61401d3d82443c6eaf52096aaa04924fe6b47dd28023ceddbc3b3 579132 openssh-server-udeb-dbgsym_7.1p1-1_arm64.ddeb 59c8538ec0bb005d3567f92e934dd00bb737e86214d08b5fb146c1a65c9de3aa 244998 openssh-server-udeb_7.1p1-1_arm64.udeb 95ac820c196847de84cece3b8d13b127d1ad7ebf4474ff19ca29d13fccade7f1 290012 openssh-server_7.1p1-1_arm64.deb f58e1ba690ba1f9d78bbb681fa7f485a483d8648f4e2412e75d4e264e6f1dae6 79310 openssh-sftp-server-dbgsym_7.1p1-1_arm64.ddeb f65c8655de6779c32234cc5b3cf2f0167dea5c466391563fe45e584d22301a54 33162 openssh-sftp-server_7.1p1-1_arm64.deb fe3382e7c159d1e5b379abe6bcbc61bd765b7fe19055f803266ea231fa3377fe 8478 openssh_7.1p1-1_arm64_translations.tar.gz 9e2397572ab09639c0d21ebcfbe21c9dfa53164c9b35a975edcc6de6cbd1df18 11716 ssh-askpass-gnome-dbgsym_7.1p1-1_arm64.ddeb 80dcb8583f1455f279a8e1e91994c93121ba56a89086340782ae33c37bdc3415 14038 ssh-askpass-gnome_7.1p1-1_arm64.deb Files: 212f30e0a5a5f87f04965cf0857ce252 1081120 net extra openssh-client-dbgsym_7.1p1-1_arm64.ddeb 577abaf8bf4621546fa8e6f934ea392d 517232 debian-installer extra openssh-client-udeb-dbgsym_7.1p1-1_arm64.ddeb 6b7beb81a2449a7b4e934f98a8009256 231540 debian-installer optional openssh-client-udeb_7.1p1-1_arm64.udeb f3587f73c62711ea49d03a41c7891cad 498132 net standard openssh-client_7.1p1-1_arm64.deb 197fbc9e4485d752b35b43bf986caaeb 589336 net extra openssh-server-dbgsym_7.1p1-1_arm64.ddeb 0174adcd338971e336726f4400df9a2a 579132 debian-installer extra openssh-server-udeb-dbgsym_7.1p1-1_arm64.ddeb d750aff52d45c56bd9cea8a457fdcede 244998 debian-installer optional openssh-server-udeb_7.1p1-1_arm64.udeb fb874f919667d3ce5f8630681f158e06 290012 net optional openssh-server_7.1p1-1_arm64.deb c2eb241a66b0849a650b9a5d70dcc543 79310 net extra openssh-sftp-server-dbgsym_7.1p1-1_arm64.ddeb 841967c517a74b4053e6f06aff93ea34 33162 net optional openssh-sftp-server_7.1p1-1_arm64.deb 6d59afb76644a3e649742674eac17698 8478 raw-translations - openssh_7.1p1-1_arm64_translations.tar.gz 128df3c885750890615fe0efa06de3fa 11716 gnome extra ssh-askpass-gnome-dbgsym_7.1p1-1_arm64.ddeb fa5ebc665e6994e05ee336ddc2409ac1 14038 gnome optional ssh-askpass-gnome_7.1p1-1_arm64.deb