Accepted openssh 1:6.2p2-6~bpo70+1 (source i386 all)

[Colin Watson <cjwatson@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 16 Sep 2013 16:15:53 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:6.2p2-6~bpo70+1
Distribution: wheezy-backports
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 99785 195716 214182 221531 322228 543683 620428 677440 679458 687436 694282 698612 700102 703906 708275 708419 711159 711162 711364
Changes: 
 openssh (1:6.2p2-6~bpo70+1) wheezy-backports; urgency=low
 .
   * Rebuild for wheezy-backports.
 .
 openssh (1:6.2p2-6) unstable; urgency=low
 .
   * Update config.guess and config.sub automatically at build time.
     dh_autoreconf does not take care of that by default because openssh does
     not use automake.
 .
 openssh (1:6.2p2-5) unstable; urgency=low
 .
   [ Colin Watson ]
   * Document consequences of ssh-agent being setgid in ssh-agent(1); see
     #711623.
   * Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts and
     ssh-argv0.
 .
   [ Yolanda Robla ]
   * debian/rules: Include real distribution in SSH_EXTRAVERSION instead of
     hardcoding Debian (LP: #1195342).
 .
 openssh (1:6.2p2-4) unstable; urgency=low
 .
   * Fix non-portable shell in ssh-copy-id (closes: #711162).
   * Rebuild against debhelper 9.20130604 with fixed dependencies for
     invoke-rc.d and Upstart jobs (closes: #711159, #711364).
   * Set SELinux context on private host keys as well as public host keys
     (closes: #687436).
 .
 openssh (1:6.2p2-3) unstable; urgency=low
 .
   * If the running init daemon is Upstart, then, on the first upgrade to
     this version, check whether sysvinit is still managing sshd; if so,
     manually stop it so that it can be restarted under upstart.  We do this
     near the end of the postinst, so it shouldn't result in any appreciable
     extra window where sshd is not running during upgrade.
 .
 openssh (1:6.2p2-2) unstable; urgency=low
 .
   * Change start condition of Upstart job to be just the standard "runlevel
     [2345]", rather than "filesystem or runlevel [2345]"; the latter makes
     it unreasonably difficult to ensure that urandom starts before ssh, and
     is not really necessary since one of static-network-up and failsafe-boot
     is guaranteed to happen and will trigger entry to the default runlevel,
     and we don't care about ssh starting before the network (LP: #1098299).
   * Drop conffile handling for direct upgrades from pre-split ssh package;
     this was originally added in 1:4.3p2-7 / 1:4.3p2-8, and contained a
     truly ghastly hack around a misbehaviour in sarge's dpkg.  Since this is
     now four Debian releases ago, we can afford to drop this and simplify
     the packaging.
   * Remove ssh/use_old_init_script, which was a workaround for a very old
     bug in /etc/init.d/ssh.  If anyone has ignored this for >10 years then
     they aren't going to be convinced now (closes: #214182).
   * Remove support for upgrading directly from ssh-nonfree.
   * Remove lots of maintainer script support for direct upgrades from
     pre-etch (three releases before current stable).
   * Add #DEBHELPER# tokens to openssh-client.postinst and
     openssh-server.postinst.
   * Replace old manual conffile handling code with dpkg-maintscript-helper,
     via dh_installdeb.
   * Switch to new unified layout for Upstart jobs as documented in
     https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script
     checks for a running Upstart, and we now let dh_installinit handle most
     of the heavy lifting in maintainer scripts.  Ubuntu users should be
     essentially unaffected except that sshd may no longer start
     automatically in chroots if the running Upstart predates 0.9.0; but the
     main goal is simply not to break when openssh-server is installed in a
     chroot.
   * Remove the check for vulnerable host keys; this was first added five
     years ago, and everyone should have upgraded through a version that
     applied these checks by now.  The ssh-vulnkey tool and the blacklisting
     support in sshd are still here, at least for the moment.
   * This removes the last of our uses of debconf (closes: #221531).
   * Use the pam_loginuid session module (thanks, Laurent Bigonville; closes:
     #677440, LP: #1067779).
   * Bracket our session stack with calls to pam_selinux close/open (thanks,
     Laurent Bigonville; closes: #679458).
   * Fix dh_builddeb invocation so that we really use xz compression for
     binary packages, as intended since 1:6.1p1-2.
 .
 openssh (1:6.2p2-1) unstable; urgency=low
 .
   * New upstream release (http://www.openssh.com/txt/release-6.2p2):
     - Only warn for missing identity files that were explicitly specified
       (closes: #708275).
     - Fix bug in contributed contrib/ssh-copy-id script that could result in
       "rm *" being called on mktemp failure (closes: #708419).
 .
 openssh (1:6.2p1-3) unstable; urgency=low
 .
   * Renumber Debian-specific additions to enum monitor_reqtype so that they
     fit within a single byte (thanks, Jason Conti; LP: #1179202).
 .
 openssh (1:6.2p1-2) unstable; urgency=low
 .
   * Fix build failure on Ubuntu:
     - Include openbsd-compat/sys-queue.h from consolekit.c.
     - Fix consolekit mismerges in monitor.c and monitor_wrap.c.
 .
 openssh (1:6.2p1-1) unstable; urgency=low
 .
   * New upstream release (http://www.openssh.com/txt/release-6.2).
     - Add support for multiple required authentication in SSH protocol 2 via
       an AuthenticationMethods option (closes: #195716).
     - Fix Sophie Germain formula in moduli(5) (closes: #698612).
     - Update ssh-copy-id to Phil Hands' greatly revised version (closes:
       #99785, #322228, #620428; LP: #518883, #835901, #1074798).
   * Use dh-autoreconf.
 .
 openssh (1:6.1p1-4) experimental; urgency=low
 .
   [ Gunnar Hjalmarsson ]
   * debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environment
     should be read, and move the pam_env calls from "auth" to "session" so
     that it's also read when $HOME is encrypted (LP: #952185).
 .
   [ Stéphane Graber ]
   * Add ssh-agent upstart user job.  This implements something similar to
     the 90x11-common_ssh-agent Xsession script.  That is, start ssh-agent
     and set the appropriate environment variables (closes: #703906).
 .
 openssh (1:6.1p1-3) experimental; urgency=low
 .
   * Give ssh and ssh-krb5 versioned dependencies on openssh-client and
     openssh-server, to try to reduce confusion when people run 'apt-get
     install ssh' or similar and expect that to upgrade everything relevant.
   * CVE-2010-5107: Improve DoS resistance by changing default of MaxStartups
     to 10:30:100 (closes: #700102).
 .
 openssh (1:6.1p1-2) experimental; urgency=low
 .
   * Use xz compression for binary packages.
   * Merge from Ubuntu:
     - Add support for registering ConsoleKit sessions on login.  (This is
       currently enabled only when building for Ubuntu.)
     - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.  It's
       been long enough since the relevant vulnerability that we shouldn't
       need these installed by default nowadays.
     - Add an Upstart job (not currently used by default in Debian).
     - Add mention of ssh-keygen in ssh connect warning (Scott Moser).
     - Install apport hooks.
   * Only build with -j if DEB_BUILD_OPTIONS=parallel=* is used (closes:
     #694282).
 .
 openssh (1:6.1p1-1) experimental; urgency=low
 .
   * New upstream release (http://www.openssh.com/txt/release-6.1).
     - Enable pre-auth sandboxing by default for new installs.
     - Allow "PermitOpen none" to refuse all port-forwarding requests
       (closes: #543683).
Checksums-Sha1: 
 11ec1110703b316caea4907fc97bf719aa38f9f0 2618 openssh_6.2p2-6~bpo70+1.dsc
 6c60ea245fc98986edd869c22017bff81c2ef4c2 170754 openssh_6.2p2-6~bpo70+1.debian.tar.gz
 bf0c43469bfc28c14a61b74ca265a352b7ed9a82 594320 openssh-client_6.2p2-6~bpo70+1_i386.deb
 e502efe0acbf05c635e913e97b38fde1b5fb3e3f 261856 openssh-server_6.2p2-6~bpo70+1_i386.deb
 c9274f738f7291c0c3c49b84a29b99e1cf7b8548 1066 ssh_6.2p2-6~bpo70+1_all.deb
 8132c35ba9410bfea4f61d8eb24d7d066743a533 103638 ssh-krb5_6.2p2-6~bpo70+1_all.deb
 a32aeba1c7c5291753095544f5c16083622aaff7 111426 ssh-askpass-gnome_6.2p2-6~bpo70+1_i386.deb
 670129596982d727f235a4b9eef9086c2dd76151 183538 openssh-client-udeb_6.2p2-6~bpo70+1_i386.udeb
 b0d8ffd122177d504ad405782de7ef5ef01e652b 208920 openssh-server-udeb_6.2p2-6~bpo70+1_i386.udeb
Checksums-Sha256: 
 511c00cd3915310cdf4837ae97043a7dead72cf9a65c4be9b053293a70ba3389 2618 openssh_6.2p2-6~bpo70+1.dsc
 4de8c7f8a59df915e27568b1d5b0735a758ffe3427407eed9d27e4df4f3c2eb6 170754 openssh_6.2p2-6~bpo70+1.debian.tar.gz
 dddab40885513b39411bd0adf870bd5dacae44e336a836d18e5c2e8c45c5cf98 594320 openssh-client_6.2p2-6~bpo70+1_i386.deb
 b845f9a1655f4dca316eee72e27ab5b27c1bbdaf65ffe9bcb5be5b0632a6d433 261856 openssh-server_6.2p2-6~bpo70+1_i386.deb
 c932445972d6719d865e4c102a6c49629cd70f25faeea575d30297a328cf02fd 1066 ssh_6.2p2-6~bpo70+1_all.deb
 389765335eff75161793e910b5dd6365fbcf356f5f8ed380d04bd9059ab1b93d 103638 ssh-krb5_6.2p2-6~bpo70+1_all.deb
 d1edc0505730d76f6522f03e7f21e48d7863622fcc47c817a2767408d6d407b3 111426 ssh-askpass-gnome_6.2p2-6~bpo70+1_i386.deb
 c18e03c16c0337bafc15ac158471b5d12e238a23c135a284368a0d9fcb2ce522 183538 openssh-client-udeb_6.2p2-6~bpo70+1_i386.udeb
 109fa02311f2a1ca358dd199937b8493349081f5a058d972535e13e61d7447bd 208920 openssh-server-udeb_6.2p2-6~bpo70+1_i386.udeb
Files: 
 5f88b3a13e21f608ba88c66effad6c83 2618 net standard openssh_6.2p2-6~bpo70+1.dsc
 0137113cab7b45f2760eda666b6acad0 170754 net standard openssh_6.2p2-6~bpo70+1.debian.tar.gz
 285a7f965397ff956ce01d6a045e40ba 594320 net standard openssh-client_6.2p2-6~bpo70+1_i386.deb
 a4c57310ba3fdd6d69fc7cdb2c2eecce 261856 net optional openssh-server_6.2p2-6~bpo70+1_i386.deb
 4dd088b05bb7ebd1589c9ba986eea9f8 1066 net extra ssh_6.2p2-6~bpo70+1_all.deb
 830934a6bcc19a99d69bae18f003b457 103638 oldlibs extra ssh-krb5_6.2p2-6~bpo70+1_all.deb
 0feb315be00e5a818642ed78b5617779 111426 gnome optional ssh-askpass-gnome_6.2p2-6~bpo70+1_i386.deb
 a0433233a4dd3b6a336ec89a85693b6b 183538 debian-installer optional openssh-client-udeb_6.2p2-6~bpo70+1_i386.udeb
 46e70b3368a415c7ebc1cff8e2a3609f 208920 debian-installer optional openssh-server-udeb_6.2p2-6~bpo70+1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iQIVAwUBUjcy0jk1h9l9hlALAQgWcBAAnN6Irr9//DcMiNFud0KfpY5Q41wOUwNI
2Qsv98wxUPXUZSjrsijeOca76dUCU56RyX3FaQSKZR71C4AyV6I63brjUH7kgu70
rI3DD53D2dfHc2J9n1z0B/zbLcpohxJICYga5mYDwkvAjBKi468qrgfgOrMacxhp
F5fsmHOVis5IJ+toGnDsCPsdnqiLGKhnjACQSb8tUwskMbo2HtCVIn7qwX0eyKdb
tT3aB/dcfJSNg7xlHmLMtQVmruGucK/MGgjoFkt+Dz8n/SSgaGeYhUJZ/im8Kzs6
IvvegwnJPt5QGwqnesmA1HdGiTNABN97o9FliD9pYmqbC20x7Bv6/W1xxBUsOmfL
6w7fUDICcNLYVII5VKOgngaLUG8KRY5i+k8KpgrYGiJu+AE/akq6UQ7V9+8D0um0
1EDCVRYgDdKF6A+VojzAjmP4Ptx4zkXJfMAJcl4ZaQoPm2emWN/C+CcZNtfYIDqS
ZJI6IaMaTR6hrEI8CiwFioJuPyfaRA1ASmJmbyq7dDGrYpaQEE/MMrLws6M/ijex
jKtBmTTBhaK6sBYFysCtOYPtuffaHbUngezqH0ww6qx/ZOikz8lc8bWqsmO5V9y+
yrcdrDSu7jjjdJMlk/aWduLF4T9prLNkJyZl6x6lvMg+TYU+YhMESJXyHi3kgJvF
TvTU/CG9J0k=
=zd3H
-----END PGP SIGNATURE-----