Accepted openssh 1:7.1p1-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 02 Dec 2015 20:18:35 +0000
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.1p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 779068 785190
Changes:
openssh (1:7.1p1-1) unstable; urgency=medium
.
* New upstream release (http://www.openssh.com/txt/release-7.0, closes:
#785190):
- Support for the legacy SSH version 1 protocol is disabled by default
at compile time.
- Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
disabled by default at run-time. It may be re-enabled using the
instructions at http://www.openssh.com/legacy.html
- Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
default at run-time. These may be re-enabled using the instructions
at http://www.openssh.com/legacy.html
- Support for the legacy v00 cert format has been removed.
- The default for the sshd_config(5) PermitRootLogin option has changed
from "yes" to "prohibit-password".
- PermitRootLogin=without-password/prohibit-password now bans all
interactive authentication methods, allowing only public-key,
hostbased and GSSAPI authentication (previously it permitted
keyboard-interactive and password-less authentication if those were
enabled).
- ssh_config(5): Add PubkeyAcceptedKeyTypes option to control which
public key types are available for user authentication.
- sshd_config(5): Add HostKeyAlgorithms option to control which public
key types are offered for host authentications.
- ssh(1), sshd(8): Extend Ciphers, MACs, KexAlgorithms,
HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes
options to allow appending to the default set of algorithms instead of
replacing it. Options may now be prefixed with a '+' to append to the
default, e.g. "HostKeyAlgorithms=+ssh-dss".
- sshd_config(5): PermitRootLogin now accepts an argument of
'prohibit-password' as a less-ambiguous synonym of 'without-
password'.
- ssh(1), sshd(8): Add compatability workarounds for Cisco and more
PuTTY versions.
- Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux
documentation relating to Unix domain socket forwarding.
- ssh(1): Improve the ssh(1) manual page to include a better description
of Unix domain socket forwarding (closes: #779068).
- ssh(1), ssh-agent(1): Skip uninitialised PKCS#11 slots, fixing
failures to load keys when they are present.
- ssh(1), ssh-agent(1): Do not ignore PKCS#11 hosted keys that wth empty
CKA_ID.
- sshd(8): Clarify documentation for UseDNS option.
- Check realpath(3) behaviour matches what sftp-server requires and use
a replacement if necessary.
* New upstream release (http://www.openssh.com/txt/release-7.1):
- sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
prohibit-password/without-password that could, depending on
compile-time configuration, permit password authentication to root
while preventing other forms of authentication. This problem was
reported by Mantas Mikulenas.
- ssh(1), sshd(8): Add compatibility workarounds for FuTTY.
- ssh(1), sshd(8): Refine compatibility workarounds for WinSCP.
- Fix a number of memory faults (double-free, free of uninitialised
memory, etc) in ssh(1) and ssh-keygen(1). Reported by Mateusz
Kocielski.
* Change "PermitRootLogin without-password" to the new preferred spelling
of "PermitRootLogin prohibit-password" in sshd_config, and update
documentation to reflect the new upstream default.
* Enable conch interoperability tests under autopkgtest.
Checksums-Sha1:
74404353cf0d1b0c4881ebe43638a8658a4221be 2742 openssh_7.1p1-1.dsc
ed22af19f962262c493fcc6ed8c8826b2761d9b6 1493170 openssh_7.1p1.orig.tar.gz
f64451f488184fa814bc3691fdfa3ac5ea595dd5 147284 openssh_7.1p1-1.debian.tar.xz
Checksums-Sha256:
fe30647a6b3c8a709003dd1075ca58b7ecd99f376a7dd8bbe49e3247a6671231 2742 openssh_7.1p1-1.dsc
fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 1493170 openssh_7.1p1.orig.tar.gz
c9b9c5c01037164203ddb00c093861d4a81dd97ba1b9ab5fc6377e64507aab8b 147284 openssh_7.1p1-1.debian.tar.xz
Files:
89e07dcdc4c82810a38f4abe6ed97371 2742 net standard openssh_7.1p1-1.dsc
8709736bc8a8c253bc4eeb4829888ca5 1493170 net standard openssh_7.1p1.orig.tar.gz
ef12210fd2c534eb50891e25e2c48e4c 147284 net standard openssh_7.1p1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBVl9SLTk1h9l9hlALAQjijQ/+NM9UV0fX7kdNtsEo87RfXkExk29gYJCA
ldY2Dli6nSC+8FRX/yipnj2XU7U+L28Euv0Z6QgRPLEQJUx5tF3UUxprmSabld3p
M4IS5udmZDdjUuYmnxEtNLvfEgPJP1HUdIMBumB246RLQvtMN3EROFC+CjXAGLgU
fF9VnQkjdnycfRLr9obuwdDCQxWFfqpcL0Ihs4bc4qs7yEeqFbOSt0OuiZSSMbLd
0Lo+4j9KKD4PpQNIiLYYzpfIZAXYCDw0sv2MMXbFEQTIoACraWBxdRep62t+6VNM
z6vk2ieos9ubipBs5nEu2KV1qDEogj4PImCTkjkay46+Xg63rJjnq6GJWLTwzKGo
U0Sh1znMH+fLcwRz2sU/83dTUYTAfne1kZNXpYCZwsj9E3APD2fNNrYWNm/UdtJ0
MMga7gXylwaVzAmvC0JNH/eBMv5QkAc9MCypBrnLx7JRCp6IdrwIQrX+jqdsUqou
KPKEbe/+BMNjSQz/qrgTIZJ3pTwPGYrjgOUca/YnZ5CQD3Z6ohQPG7RggaJOAXOD
MQoM+9cYTLIU9eS3Sll83K38B5Vpu4AUMSORGT5R9WJKb8CX+Zn8qkAtdNb0bqmK
m8iM9vqoCNR0V3g7H8/O+6ySijeYbnnSFQ+jBcZMGMUeqz6VYoBa+RWmD4qU4qer
J28+CdBCN3g=
=3VGo
-----END PGP SIGNATURE-----
Reply to: