[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted openssh 1:4.3p2-1bpo1 (source i386 all)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 24 May 2006 01:09:25 +0200
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source i386 all
Version: 1:4.3p2-1bpo1
Distribution: sarge-backports
Urgency: low
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Norbert Tretkowski <nobse@backports.org>
Description: 
 openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - Secure shell client for the Debian installer (udeb)
 openssh-server - Secure shell server, an rshd replacement
 openssh-server-udeb - Secure shell server for the Debian installer (udeb)
 ssh        - Secure shell client and server (transitional package)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 114894 259865 349645 349896 352042 360068 360348 361032 361220 367143 367161 367186 367318 367971
Changes: 
 openssh (1:4.3p2-1bpo1) sarge-backports; urgency=low
 .
   * Rebuild for sarge
   * Remove versioned Build-Dependency on libssl-dev, as the maintainer says it
     can be safely ignored.
   * Pass --without-zlib-version-check to configure as zlib has already been
     fixed in sarge by DSA-763-1.
   * Removed -Wno-pointer-sign.
 .
 openssh (1:4.3p2-2) unstable; urgency=low
 .
   * Include commented-out pam_access example in /etc/pam.d/ssh.
   * On '/etc/init.d/ssh restart', create /var/run/sshd before checking the
     server configuration, as otherwise 'sshd -t' will complain about the
     lack of /var/run/sshd (closes: https://launchpad.net/bugs/45234).
   * debconf template translations:
     - Update Russian (thanks, Yuriy Talakan'; closes: #367143).
     - Update Czech (thanks, Miroslav Kure; closes: #367161).
     - Update Italian (thanks, Luca Monducci; closes: #367186).
     - Update Galician (thanks, Jacobo Tarrio; closes: #367318).
     - Update Swedish (thanks, Daniel Nylander; closes: #367971).
 .
 openssh (1:4.3p2-1) unstable; urgency=low
 .
   * New upstream release (closes: #361032).
     - CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
       subshell to perform local to local, and remote to remote copy
       operations. This subshell exposed filenames to shell expansion twice;
       allowing a local attacker to create filenames containing shell
       metacharacters that, if matched by a wildcard, could lead to execution
       of attacker-specified commands with the privilege of the user running
       scp (closes: #349645).
     - Add support for tunneling arbitrary network packets over a connection
       between an OpenSSH client and server via tun(4) virtual network
       interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN
       between the client and server providing real network connectivity at
       layer 2 or 3. This feature is experimental.
     - Reduce default key length for new DSA keys generated by ssh-keygen
       back to 1024 bits. DSA is not specified for longer lengths and does
       not fully benefit from simply making keys longer. As per FIPS 186-2
       Change Notice 1, ssh-keygen will refuse to generate a new DSA key
       smaller or larger than 1024 bits.
     - Fixed X forwarding failing to start when the X11 client is executed in
       background at the time of session exit.
     - Change ssh-keygen to generate a protocol 2 RSA key when invoked
       without arguments (closes: #114894).
     - Fix timing variance for valid vs. invalid accounts when attempting
       Kerberos authentication.
     - Ensure that ssh always returns code 255 on internal error
       (closes: #259865).
     - Cleanup wtmp files on SIGTERM when not using privsep.
     - Set SO_REUSEADDR on X11 listeners to avoid problems caused by
       lingering sockets from previous session (X11 applications can
       sometimes not connect to 127.0.0.1:60xx) (closes:
       https://launchpad.net/bugs/25528).
     - Ensure that fds 0, 1 and 2 are always attached in all programs, by
       duping /dev/null to them if necessary.
     - Xauth list invocation had bogus "." argument.
     - Remove internal assumptions on key exchange hash algorithm and output
       length, preparing OpenSSH for KEX methods with alternate hashes.
     - Ignore junk sent by a server before it sends the "SSH-" banner.
     - Many manual page improvements.
     - Lots of cleanups, including fixes to memory leaks on error paths and
       possible crashes.
   * Update to current GSSAPI patch from
     http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch
     (closes: #352042).
   * debian/rules: Resynchronise CFLAGS with that generated by configure.
   * Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself
     when PAM is enabled, but relies on PAM to do it.
   * Rename KeepAlive to TCPKeepAlive in default sshd_config
     (closes: #349896).
   * Rephrase ssh/new_config and ssh/encrypted_host_key_but_no_keygen debconf
     templates to make boolean short descriptions end with a question mark
     and to avoid use of the first person.
   * Ship README.tun.
   * Policy version 3.7.2: no changes required.
   * debconf template translations:
     - Update Italian (thanks, Luca Monducci; closes: #360348).
     - Add Galician (thanks, Jacobo Tarrio; closes: #361220).
 .
 openssh (1:4.2p1-8) unstable; urgency=low
 .
   [ Frans Pop ]
   * Use udeb support introduced in debhelper 4.2.0 (available in sarge)
     rather than constructing udebs by steam.
   * Require debhelper 5.0.22, which generates correct shared library
     dependencies for udebs (closes: #360068). This build-dependency can be
     ignored if building on sarge.
 .
   [ Colin Watson ]
   * Switch to debhelper compatibility level 4, since we now require
     debhelper 4 even on sarge anyway for udeb support.
Files: 
 24e3b016ddaf681c3a993ff026e4407e 1029 net standard openssh_4.3p2-1bpo1.dsc
 239fc801443acaffd4c1f111948ee69c 920186 net standard openssh_4.3p2.orig.tar.gz
 f9b8c27bb9ae90ad6d5a3c1b855a722c 164064 net standard openssh_4.3p2-1bpo1.diff.gz
 4e0c48cb8f6a1b9697aa02f575d51204 1052 net extra ssh_4.3p2-1bpo1_all.deb
 6131bb824787ebc52ebabb6387495d80 590070 net standard openssh-client_4.3p2-1bpo1_i386.deb
 4b4cf454fe5855d2c1c700408e3ea5f4 215804 net optional openssh-server_4.3p2-1bpo1_i386.deb
 fb2ebce06991330b730edc6180a98f08 97646 gnome optional ssh-askpass-gnome_4.3p2-1bpo1_i386.deb
 fe1ffa2eb3df20e5b55650137b79da45 153526 debian-installer optional openssh-client-udeb_4.3p2-1bpo1_i386.udeb
 80502c0bcc41bb03bb0682654ee582b5 161586 debian-installer optional openssh-server-udeb_4.3p2-1bpo1_i386.udeb
package-type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEpnusr/RnCw96jQERAuLZAKCaUdyzgJzlC1KvlMPfLhlez1I8oACfdKr8
WXav/yi6uEae+vGKyCT9g/M=
=p0iy
-----END PGP SIGNATURE-----


Accepted:
openssh-client-udeb_4.3p2-1bpo1_i386.udeb
  to pool/main/o/openssh/openssh-client-udeb_4.3p2-1bpo1_i386.udeb
openssh-client_4.3p2-1bpo1_i386.deb
  to pool/main/o/openssh/openssh-client_4.3p2-1bpo1_i386.deb
openssh-server-udeb_4.3p2-1bpo1_i386.udeb
  to pool/main/o/openssh/openssh-server-udeb_4.3p2-1bpo1_i386.udeb
openssh-server_4.3p2-1bpo1_i386.deb
  to pool/main/o/openssh/openssh-server_4.3p2-1bpo1_i386.deb
openssh_4.3p2-1bpo1.diff.gz
  to pool/main/o/openssh/openssh_4.3p2-1bpo1.diff.gz
openssh_4.3p2-1bpo1.dsc
  to pool/main/o/openssh/openssh_4.3p2-1bpo1.dsc
openssh_4.3p2.orig.tar.gz
  to pool/main/o/openssh/openssh_4.3p2.orig.tar.gz
ssh-askpass-gnome_4.3p2-1bpo1_i386.deb
  to pool/main/o/openssh/ssh-askpass-gnome_4.3p2-1bpo1_i386.deb
ssh_4.3p2-1bpo1_all.deb
  to pool/main/o/openssh/ssh_4.3p2-1bpo1_all.deb
Reply to: