Accepted openssh 1:4.7p1-1 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 24 Dec 2007 16:43:02 +0000
Source: openssh
Binary: ssh-askpass-gnome ssh-krb5 openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source i386 all
Version: 1:4.7p1-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell server, an rshd replacement
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 123013 246774 303453 327886 345628 365541 390699 405041 433181 444738 453285 453367
Changes:
openssh (1:4.7p1-1) unstable; urgency=low
.
* New upstream release (closes: #453367).
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if
creation of an untrusted cookie fails; found and fixed by Jan Pechanec
(closes: #444738).
- sshd(8) in new installations defaults to SSH Protocol 2 only. Existing
installations are unchanged.
- The SSH channel window size has been increased, and both ssh(1)
sshd(8) now send window updates more aggressively. These improves
performance on high-BDP (Bandwidth Delay Product) networks.
- ssh(1) and sshd(8) now preserve MAC contexts between packets, which
saves 2 hash calls per packet and results in 12-16% speedup for
arcfour256/hmac-md5.
- A new MAC algorithm has been added, UMAC-64 (RFC4418) as
"umac-64@openssh.com". UMAC-64 has been measured to be approximately
20% faster than HMAC-MD5.
- Failure to establish a ssh(1) TunnelForward is now treated as a fatal
error when the ExitOnForwardFailure option is set.
- ssh(1) returns a sensible exit status if the control master goes away
without passing the full exit status.
- When using a ProxyCommand in ssh(1), set the outgoing hostname with
gethostname(2), allowing hostbased authentication to work.
- Make scp(1) skip FIFOs rather than hanging (closes: #246774).
- Encode non-printing characters in scp(1) filenames. These could cause
copies to be aborted with a "protocol error".
- Handle SIGINT in sshd(8) privilege separation child process to ensure
that wtmp and lastlog records are correctly updated.
- Report GSSAPI mechanism in errors, for libraries that support multiple
mechanisms.
- Improve documentation for ssh-add(1)'s -d option.
- Rearrange and tidy GSSAPI code, removing server-only code being linked
into the client.
- Delay execution of ssh(1)'s LocalCommand until after all forwardings
have been established.
- In scp(1), do not truncate non-regular files.
- Improve exit message from ControlMaster clients.
- Prevent sftp-server(8) from reading until it runs out of buffer space,
whereupon it would exit with a fatal error (closes: #365541).
- pam_end() was not being called if authentication failed
(closes: #405041).
- Manual page datestamps updated (closes: #433181).
* Install the OpenSSH FAQ in /usr/share/doc/openssh-client.
- Includes documentation on copying files with colons using scp
(closes: #303453).
* Create /var/run/sshd on start even if /etc/ssh/sshd_not_to_be_run exists
(closes: #453285).
* Fix "overriden" typo in ssh(1) (thanks, A. Costa; closes: #390699).
* Refactor debian/rules configure and make invocations to make development
easier.
* Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013).
* Update moduli(5) to revision 1.11 from OpenBSD CVS.
* Document the non-default options we set as standard in ssh_config(5) and
sshd_config(5) (closes: #327886, #345628).
* Recode LICENCE to UTF-8 when concatenating it to debian/copyright.
* Override desktop-file-but-no-dh_desktop-call lintian warning; the
.desktop file is intentionally not installed (see 1:3.8.1p1-10).
* Update copyright dates for Kerberos patch in debian/copyright.head.
* Policy version 3.7.3: no changes required.
Files:
e4be8bf0d8eeb50aced09e83b971ee1b 1132 net standard openssh_4.7p1-1.dsc
bea83d2e0f9ac7b3d4393d693e68b5c1 1009361 net standard openssh_4.7p1.orig.tar.gz
8dbea4ef533097fe69f373be3391884e 201822 net standard openssh_4.7p1-1.diff.gz
05d181f3d6ded8352216fd2c5334f5a1 1044 net extra ssh_4.7p1-1_all.deb
c0b77420c1144e9c546b89522dbad3a7 86892 net extra ssh-krb5_4.7p1-1_all.deb
9681446b5860a92b931f48b33c2bde09 661682 net standard openssh-client_4.7p1-1_i386.deb
04c0b2d9d2c6658fa91ba5cc2208f1fe 244302 net optional openssh-server_4.7p1-1_i386.deb
150374216e2494558e6657bf11474e4e 94468 gnome optional ssh-askpass-gnome_4.7p1-1_i386.deb
2ddb6b74912130c019f6874d9fda20e6 158566 debian-installer optional openssh-client-udeb_4.7p1-1_i386.udeb
56e6ed3cdd943b9dac92830004a82d8f 169090 debian-installer optional openssh-server-udeb_4.7p1-1_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iD8DBQFHb+Vx9t0zAhD6TNERAvdSAJ9pCqLCB8vG2v0gIO/PClsJWlJp/QCdGs4U
IKqTDQgKydVQv435xVHnYD8=
=k6Bk
-----END PGP SIGNATURE-----
Accepted:
openssh-client-udeb_4.7p1-1_i386.udeb
to pool/main/o/openssh/openssh-client-udeb_4.7p1-1_i386.udeb
openssh-client_4.7p1-1_i386.deb
to pool/main/o/openssh/openssh-client_4.7p1-1_i386.deb
openssh-server-udeb_4.7p1-1_i386.udeb
to pool/main/o/openssh/openssh-server-udeb_4.7p1-1_i386.udeb
openssh-server_4.7p1-1_i386.deb
to pool/main/o/openssh/openssh-server_4.7p1-1_i386.deb
openssh_4.7p1-1.diff.gz
to pool/main/o/openssh/openssh_4.7p1-1.diff.gz
openssh_4.7p1-1.dsc
to pool/main/o/openssh/openssh_4.7p1-1.dsc
openssh_4.7p1.orig.tar.gz
to pool/main/o/openssh/openssh_4.7p1.orig.tar.gz
ssh-askpass-gnome_4.7p1-1_i386.deb
to pool/main/o/openssh/ssh-askpass-gnome_4.7p1-1_i386.deb
ssh-krb5_4.7p1-1_all.deb
to pool/main/o/openssh/ssh-krb5_4.7p1-1_all.deb
ssh_4.7p1-1_all.deb
to pool/main/o/openssh/ssh_4.7p1-1_all.deb
Reply to: