-
openssh (1:6.0p1-3ubuntu1.2) quantal-security; urgency=medium
* SECURITY UPDATE: failure to check SSHFP records if server presents a
certificate
- debian/patches/CVE-2014-2653.patch: fix logic in sshconnect.c.
- CVE-2014-2653
-- Marc Deslauriers <email address hidden> Mon, 07 Apr 2014 09:35:55 -0400
-
openssh (1:6.0p1-3ubuntu1.1) quantal-security; urgency=medium
* SECURITY UPDATE: AcceptEnv wildcard environment restrictions bypass
- debian/patches/CVE-2014-2532.patch: don't allow invalid chars in
session.c.
- CVE-2014-2532
-- Marc Deslauriers <email address hidden> Fri, 21 Mar 2014 11:05:15 -0400
-
openssh (1:6.0p1-3ubuntu1) quantal; urgency=low
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
- Convert to Upstart. The init script is still here for the benefit of
people running sshd in chroots.
- Install apport hook.
- Add mention of ssh-keygen in ssh connect warning.
openssh (1:6.0p1-3) unstable; urgency=low
* debconf template translations:
- Add Indonesian (thanks, Andika Triwidada; closes: #681670).
* Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
SELinux policies require this (closes: #658675).
* Add ncurses-term to openssh-server's Recommends, since it's often needed
to support unusual terminal emulators on clients (closes: #675362).
-- Colin Watson <email address hidden> Fri, 31 Aug 2012 00:46:54 +0100
-
openssh (1:6.0p1-2ubuntu1) quantal; urgency=low
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
- Convert to Upstart. The init script is still here for the benefit of
people running sshd in chroots.
- Install apport hook.
- Add mention of ssh-keygen in ssh connect warning.
openssh (1:6.0p1-2) unstable; urgency=low
* Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
"fix" version at build time (closes: #678661).
-- Colin Watson <email address hidden> Tue, 03 Jul 2012 10:52:22 +0100
-
openssh (1:6.0p1-1ubuntu1) quantal; urgency=low
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
- Convert to Upstart. The init script is still here for the benefit of
people running sshd in chroots.
- Install apport hook.
- Add mention of ssh-keygen in ssh connect warning.
openssh (1:6.0p1-1) unstable; urgency=low
[ Roger Leigh ]
* Display dynamic part of MOTD from /run/motd.dynamic, if it exists
(closes: #669699).
[ Colin Watson ]
* Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes:
#669667).
* New upstream release (closes: #671010,
http://www.openssh.org/txt/release-6.0).
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
(closes: #643312, #650512, #671075).
- Add a new privilege separation sandbox implementation for Linux's new
seccomp sandbox, automatically enabled on platforms that support it.
(Note: privilege separation sandboxing is still experimental.)
* Fix a bashism in configure's seccomp_filter check.
* Add a sandbox fallback mechanism, so that behaviour on Linux depends on
whether the running system's kernel has seccomp_filter support, not the
build system's kernel (forwarded upstream as
https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
-- Colin Watson <email address hidden> Sun, 27 May 2012 00:06:02 +0100
-
openssh (1:5.9p1-5ubuntu1) precise; urgency=low
* Resynchronise with Debian. Remaining changes:
- Add support for registering ConsoleKit sessions on login.
- Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
- Convert to Upstart. The init script is still here for the benefit of
people running sshd in chroots.
- Install apport hook.
- Add mention of ssh-keygen in ssh connect warning.
* Sync up pkg-config variable used in configure's ConsoleKit test with
that used for libedit.
openssh (1:5.9p1-5) unstable; urgency=low
* Use dpkg-buildflags, including for hardening support; drop use of
hardening-includes.
* Fix cross-building:
- Allow using a cross-architecture pkg-config.
- Pass default LDFLAGS to contrib/Makefile.
- Allow dh_strip to strip gnome-ssh-askpass, rather than calling
'install -s'.
-- Colin Watson <email address hidden> Mon, 02 Apr 2012 11:43:31 +0100