-
openssh (1:6.2p2-6ubuntu0.5) saucy; urgency=medium
* Force ssh-agent Upstart job to use sh syntax regardless of the user's
shell (thanks, Steffen Stempel; LP: #1312928).
-- Colin Watson <email address hidden> Fri, 02 May 2014 09:53:07 +0100
-
openssh (1:6.2p2-6ubuntu0.4) saucy; urgency=medium
* Re-enable btmp logging, as its permissions were fixed a long time ago.
Backport from Debian and Trusty. (LP: #743858)
-- Louis Bouchard <email address hidden> Tue, 22 Apr 2014 09:52:59 -0500
-
openssh (1:6.2p2-6ubuntu0.3) saucy-security; urgency=medium
* SECURITY UPDATE: failure to check SSHFP records if server presents a
certificate
- debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
- CVE-2014-2653
-- Marc Deslauriers <email address hidden> Mon, 07 Apr 2014 09:32:06 -0400
-
openssh (1:6.2p2-6ubuntu0.2) saucy-security; urgency=medium
* SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
- debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
session.c.
- CVE-2014-2532
-- Marc Deslauriers <email address hidden> Fri, 21 Mar 2014 10:58:07 -0400
-
openssh (1:6.2p2-6ubuntu0.1) saucy-security; urgency=low
* SECURITY UPDATE: code execution via memory corruption when using an
AES-GCM cipher
- debian/patches/CVE-2013-4548.patch: properly initialize MAC context
in monitor_wrap.c.
- CVE-2013-4548
-- Marc Deslauriers <email address hidden> Fri, 08 Nov 2013 07:55:17 -0500
-
openssh (1:6.2p2-6) unstable; urgency=low
* Update config.guess and config.sub automatically at build time.
dh_autoreconf does not take care of that by default because openssh does
not use automake.
-- Colin Watson <email address hidden> Tue, 02 Jul 2013 22:54:49 +0100
-
openssh (1:6.2p2-5) unstable; urgency=low
[ Colin Watson ]
* Document consequences of ssh-agent being setgid in ssh-agent(1); see
#711623.
* Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts and
ssh-argv0.
[ Yolanda Robla ]
* debian/rules: Include real distribution in SSH_EXTRAVERSION instead of
hardcoding Debian (LP: #1195342).
-- Colin Watson <email address hidden> Thu, 27 Jun 2013 15:24:14 +0100
-
openssh (1:6.2p2-4) unstable; urgency=low
* Fix non-portable shell in ssh-copy-id (closes: #711162).
* Rebuild against debhelper 9.20130604 with fixed dependencies for
invoke-rc.d and Upstart jobs (closes: #711159, #711364).
* Set SELinux context on private host keys as well as public host keys
(closes: #687436).
-- Colin Watson <email address hidden> Thu, 06 Jun 2013 17:06:31 +0100
-
openssh (1:6.2p2-3) unstable; urgency=low
* If the running init daemon is Upstart, then, on the first upgrade to
this version, check whether sysvinit is still managing sshd; if so,
manually stop it so that it can be restarted under upstart. We do this
near the end of the postinst, so it shouldn't result in any appreciable
extra window where sshd is not running during upgrade.
-- Colin Watson <email address hidden> Wed, 22 May 2013 17:42:10 +0100
-
openssh (1:6.2p2-1) unstable; urgency=low
* New upstream release (http://www.openssh.com/txt/release-6.2p2):
- Only warn for missing identity files that were explicitly specified
(closes: #708275).
- Fix bug in contributed contrib/ssh-copy-id script that could result in
"rm *" being called on mktemp failure (closes: #708419).
-- Colin Watson <email address hidden> Thu, 16 May 2013 14:05:06 +0100
-
openssh (1:6.2p1-3) unstable; urgency=low
* Renumber Debian-specific additions to enum monitor_reqtype so that they
fit within a single byte (thanks, Jason Conti; LP: #1179202).
-- Colin Watson <email address hidden> Mon, 13 May 2013 10:56:04 +0100
-
openssh (1:6.2p1-2) unstable; urgency=low
* Fix build failure on Ubuntu:
- Include openbsd-compat/sys-queue.h from consolekit.c.
- Fix consolekit mismerges in monitor.c and monitor_wrap.c.
-- Colin Watson <email address hidden> Thu, 09 May 2013 09:45:57 +0100
-
openssh (1:6.2p1-1) unstable; urgency=low
* New upstream release (http://www.openssh.com/txt/release-6.2).
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
* Use dh-autoreconf.
-- Colin Watson <email address hidden> Tue, 07 May 2013 11:48:16 +0100
-
openssh (1:6.1p1-4) experimental; urgency=low
[ Gunnar Hjalmarsson ]
* debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
should be read, and move the pam_env calls from "auth" to "session" so
that it's also read when $HOME is encrypted (LP: #952185).
[ Stéphane Graber ]
* Add ssh-agent upstart user job. This implements something similar to
the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent
and set the appropriate environment variables (closes: #703906).
-- Colin Watson <email address hidden> Mon, 25 Mar 2013 16:58:04 +0000