[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted openssh 1:7.1p1-1 (source) into unstable

Hash: SHA256

Format: 1.8
Date: Wed, 02 Dec 2015 20:18:35 +0000
Source: openssh
Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.1p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 779068 785190
 openssh (1:7.1p1-1) unstable; urgency=medium
   * New upstream release (http://www.openssh.com/txt/release-7.0, closes:
     - Support for the legacy SSH version 1 protocol is disabled by default
       at compile time.
     - Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
       disabled by default at run-time.  It may be re-enabled using the
       instructions at http://www.openssh.com/legacy.html
     - Support for ssh-dss, ssh-dss-cert-* host and user keys is disabled by
       default at run-time.  These may be re-enabled using the instructions
       at http://www.openssh.com/legacy.html
     - Support for the legacy v00 cert format has been removed.
     - The default for the sshd_config(5) PermitRootLogin option has changed
       from "yes" to "prohibit-password".
     - PermitRootLogin=without-password/prohibit-password now bans all
       interactive authentication methods, allowing only public-key,
       hostbased and GSSAPI authentication (previously it permitted
       keyboard-interactive and password-less authentication if those were
     - ssh_config(5): Add PubkeyAcceptedKeyTypes option to control which
       public key types are available for user authentication.
     - sshd_config(5): Add HostKeyAlgorithms option to control which public
       key types are offered for host authentications.
     - ssh(1), sshd(8): Extend Ciphers, MACs, KexAlgorithms,
       HostKeyAlgorithms, PubkeyAcceptedKeyTypes and HostbasedKeyTypes
       options to allow appending to the default set of algorithms instead of
       replacing it.  Options may now be prefixed with a '+' to append to the
       default, e.g. "HostKeyAlgorithms=+ssh-dss".
     - sshd_config(5): PermitRootLogin now accepts an argument of
       'prohibit-password' as a less-ambiguous synonym of 'without-
     - ssh(1), sshd(8): Add compatability workarounds for Cisco and more
       PuTTY versions.
     - Fix some omissions and errors in the PROTOCOL and PROTOCOL.mux
       documentation relating to Unix domain socket forwarding.
     - ssh(1): Improve the ssh(1) manual page to include a better description
       of Unix domain socket forwarding (closes: #779068).
     - ssh(1), ssh-agent(1): Skip uninitialised PKCS#11 slots, fixing
       failures to load keys when they are present.
     - ssh(1), ssh-agent(1): Do not ignore PKCS#11 hosted keys that wth empty
     - sshd(8): Clarify documentation for UseDNS option.
     - Check realpath(3) behaviour matches what sftp-server requires and use
       a replacement if necessary.
   * New upstream release (http://www.openssh.com/txt/release-7.1):
     - sshd(8): OpenSSH 7.0 contained a logic error in PermitRootLogin=
       prohibit-password/without-password that could, depending on
       compile-time configuration, permit password authentication to root
       while preventing other forms of authentication.  This problem was
       reported by Mantas Mikulenas.
     - ssh(1), sshd(8): Add compatibility workarounds for FuTTY.
     - ssh(1), sshd(8): Refine compatibility workarounds for WinSCP.
     - Fix a number of memory faults (double-free, free of uninitialised
       memory, etc) in ssh(1) and ssh-keygen(1).  Reported by Mateusz
   * Change "PermitRootLogin without-password" to the new preferred spelling
     of "PermitRootLogin prohibit-password" in sshd_config, and update
     documentation to reflect the new upstream default.
   * Enable conch interoperability tests under autopkgtest.
 74404353cf0d1b0c4881ebe43638a8658a4221be 2742 openssh_7.1p1-1.dsc
 ed22af19f962262c493fcc6ed8c8826b2761d9b6 1493170 openssh_7.1p1.orig.tar.gz
 f64451f488184fa814bc3691fdfa3ac5ea595dd5 147284 openssh_7.1p1-1.debian.tar.xz
 fe30647a6b3c8a709003dd1075ca58b7ecd99f376a7dd8bbe49e3247a6671231 2742 openssh_7.1p1-1.dsc
 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 1493170 openssh_7.1p1.orig.tar.gz
 c9b9c5c01037164203ddb00c093861d4a81dd97ba1b9ab5fc6377e64507aab8b 147284 openssh_7.1p1-1.debian.tar.xz
 89e07dcdc4c82810a38f4abe6ed97371 2742 net standard openssh_7.1p1-1.dsc
 8709736bc8a8c253bc4eeb4829888ca5 1493170 net standard openssh_7.1p1.orig.tar.gz
 ef12210fd2c534eb50891e25e2c48e4c 147284 net standard openssh_7.1p1-1.debian.tar.xz

Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer


Reply to: