Processed: tagging 809695

2016-01-04 Thread Debian Bug Tracking System 
Processing commands for cont...@bugs.debian.org:

> tags 809695 + pending
Bug #809695 [openssh-server] openssh-server: Setting PermitRootLogin 
without-password disables GSSAPI Auth
Added tag(s) pending.
> thanks
Stopping processing here.

Please contact me if you need assistance.
-- 
809695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Processed: Re: Bug#809035: ssh.service notification warning in syslog

2016-01-04 Thread Debian Bug Tracking System 
Processing control commands:

> tag -1 pending
Bug #809035 [openssh-server] ssh.service notification warning in syslog
Added tag(s) pending.

-- 
809035: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809035
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#809035: ssh.service notification warning in syslog

2016-01-04 Thread Colin Watson 
Control: tag -1 pending

On Sun, Dec 27, 2015 at 04:00:50PM +0100, Michael Biebl wrote:
> Am 26.12.2015 um 17:27 schrieb Colin Watson:
> > Michael, this looks like a regression from your readiness notification
> > changes that I applied recently.  Please could you have a look?
> 
> Attached is a patch on top of the existing one, which fixes the issue by
> running the sd_notify() call only in the main process and not the
> spawned off children.
> It moves it right next to the existing SIGSTOP readiness-signal.

> From 60aab01587f4974261882b7c4066750f34522ea4 Mon Sep 17 00:00:00 2001
> From: Michael Biebl 
> Date: Sun, 27 Dec 2015 15:58:03 +0100
> Subject: [PATCH] Call sd_notify() only for the main process
> 
> Move the sd_notify() call next to the existing SIGSTOP readiness
> notification so it is only run in the main process and not for the
> spawned off children.

It's not actually due to per-login child processes, which come rather
later; the true reason is that when sshd is re-execed it sets
inetd_flag.  But your patch does the job either way and I'll just merge
it into your previous patch.

Thanks,

-- 
Colin Watson   [cjwat...@debian.org]

Processing of openssh_7.1p1-6_source.changes

2016-01-04 Thread Debian FTP Masters 
openssh_7.1p1-6_source.changes uploaded successfully to localhost
along with the files:
  openssh_7.1p1-6.dsc
  openssh_7.1p1-6.debian.tar.xz

Greetings,

Your Debian queue daemon (running on host franck.debian.org)

Accepted openssh 1:7.1p1-6 (source) into unstable

2016-01-04 Thread Colin Watson 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 04 Jan 2016 15:09:10 +
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server 
ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.1p1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Colin Watson 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 809035 809695 809696
Changes:
 openssh (1:7.1p1-6) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Remove explicit "XS-Testsuite: autopkgtest" from debian/control;
 dpkg-source now figures that out automatically based on the existence of
 debian/tests/control.
   * Allow authenticating as root using gssapi-keyex even with
 "PermitRootLogin prohibit-password" (closes: #809695).
   * Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little
 later in ssh_kex2 so that it's actually effective (closes: #809696).
 .
   [ Michael Biebl ]
   * Don't call sd_notify when sshd is re-execed (closes: #809035).
Checksums-Sha1:
 254c98fc4fa99eb2b7ba7eb39e1c70def48aa70c 2835 openssh_7.1p1-6.dsc
 f6a86ead13a5535f4e0ef3c2f46c85ef1422b6eb 148788 openssh_7.1p1-6.debian.tar.xz
Checksums-Sha256:
 3300bb7d57d1744b29c36ac1095d81fe345ef388d4e4447a3e4719fe31a054cf 2835 
openssh_7.1p1-6.dsc
 31239f540911a21d337f72e40a88ef81c5bf1a49aed54a3806b98148281f2be5 148788 
openssh_7.1p1-6.debian.tar.xz
Files:
 2e76218f302f8e24a9857b8d83b80fcc 2835 net standard openssh_7.1p1-6.dsc
 db7e7b7194e09f4ff7a462303eb14b71 148788 net standard 
openssh_7.1p1-6.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Colin Watson  -- Debian developer

iQIVAwUBVoqNLDk1h9l9hlALAQhaxA/+JaIByj9CmnWVHs5XYkWXxijYzKih2FbR
f/bMbwkavHx2mV+FimFM9tYm7M8OHUG/W3XtFQyB4SuQl8EMHagbqzzH0BAmG6nK
snZy6MEoqL1/MkysYNxwLfB09C9Xo+uw6nPsF8wHHaRybOtfpDXCNkZrgrfC4Rc3
4VFXeqlNP0TqXusEt1GDNhDz+wHJ4hz36OM76qQuE836MqYfR8bV1nu7Z2yGyK2f
dNegixCuAGzKoIDmHgsQyzWa8xgn6w8cRZkfL1T2GxGPTfXnWoSsE0oVs15zVKn4
aZxtBePl7uW2WwSxztLuxMOZDZhjNUSGLK7qIvt64ojMcXtUcLlfYiKwkS1SDr/O
2/jYQIXIWvoWVah1OzVhzpcnYB1ibORMDFK8EJFQkT9Idb6ERvD2pQDKVjUZ7A+d
88M93xgKOhyDcAzzRi4baqzNtBmcOa121gUVsXg6m1uKYc8VrumZrZBKZtt9gTGy
xGjp3ZD4r7j7/eM13R3k/AiLCac17LJdZ/MNHtvqHln63y5QTqamaRQykG+fPb1s
D3N9tPtTgygMXv/JGbXMXFLmJEMeesr8reHY2y6/iq86qQ3CslbJy4yInAmZh4Jy
T5QrnzRVu8vdBGpjTnmW1QLEccIUcuYo/axz6dPMOdYi2Mn2sbptBIs9g7FKxb9z
UOiUowxk398=
=McOD
-END PGP SIGNATURE-

Bug#809696: marked as done (Regression: GSSAPIKeyExchange yes stops working after 6.9p1-3)

2016-01-04 Thread Debian Bug Tracking System 
Your message dated Mon, 04 Jan 2016 16:23:50 +
with message-id 
and subject line Bug#809696: fixed in openssh 1:7.1p1-6
has caused the Debian Bug report #809696,
regarding Regression: GSSAPIKeyExchange yes stops working after 6.9p1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
809696: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809696
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-client
Version: 1:6.9p1-3
Severity: important

Dear Maintainers,

The version 6.9p1-3 is the last one where GSSAPIKeyExchange can succeed,
that is the version at 

http://snapshot.debian.org/archive/debian/20151202T154902Z/pool/main/o/openssh/openssh-client_6.9p1-3_amd64.deb

All newer versions fail.

What I expect to see is (ssh -vv foo@bar):

...
debug1: Offering GSSAPI proposal: 
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: 
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-gex-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group1-sha1-A/vxljAEU54gt9a48EiANQ==,gss-group14-sha1-A/vxljAEU54gt9a48EiANQ==,gss-gex-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group1-sha1-bontcUwnM6aGfWCP21alxQ==,gss-group14-sha1-bontcUwnM6aGfWCP21alxQ==,gss-gex-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group1-sha1-eipGX3TCiQSrx573bT1o1Q==,gss-group14-sha1-eipGX3TCiQSrx573bT1o1Q==,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: 
ecdsa-sha2-nistp256-cert-...@openssh.com,ecdsa-sha2-nistp384-cert-...@openssh.com,ecdsa-sha2-nistp521-cert-...@openssh.com,ssh-ed25519-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ssh-rsa-cert-...@openssh.com,ssh-dss-cert-...@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,ssh-rsa,ssh-dss,null
debug2: kex_parse_kexinit: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
debug2: kex_parse_kexinit: 
chacha20-poly1...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-...@openssh.com,aes256-...@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-...@lysator.liu.se
debug2: kex_parse_kexinit: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: 
umac-64-...@openssh.com,umac-128-...@openssh.com,hmac-sha2-256-...@openssh.com,hmac-sha2-512-...@openssh.com,hmac-sha1-...@openssh.com,umac...@openssh.com,umac-...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5-...@openssh.com,hmac-ripemd160-...@openssh.com,hmac-sha1-96-...@openssh.com,hmac-md5-96-...@openssh.com,hmac-md5,hmac-ripemd160,hmac-ripemd...@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
debug2: kex_parse_kexinit: none,z...@openssh.com,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit: 
gss-gex-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,gss-group14-sha1-toWM5Slw5Ew8Mqkay+al2g==,curve25519-sha...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: kex_parse_kexinit: ecdsa-sha2-nistp521,ssh-rsa
debug2: kex_parse_kexinit:

Bug#809695: marked as done (openssh-server: Setting PermitRootLogin without-password disables GSSAPI Auth)

2016-01-04 Thread Debian Bug Tracking System 
Your message dated Mon, 04 Jan 2016 16:23:50 +
with message-id 
and subject line Bug#809695: fixed in openssh 1:7.1p1-6
has caused the Debian Bug report #809695,
regarding openssh-server: Setting PermitRootLogin without-password disables 
GSSAPI Auth
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
809695: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809695
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:7.1p1-5
Severity: important

Dear Maintainer,

Using ssh/SSAPI auth should work even if root login with password are disabled,
however, it looks like the new 7.0 setting of "without-password" and
prohibit-password inadvertently prevent GSSAPI auth to root, too.

Please see 

http://lists.mindrot.org/pipermail/openssh-bugs/2015-September/015366.html

for more details.

Cheers,
Juha

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openssh-server depends on:
ii  adduser3.113+nmu3
ii  debconf [debconf-2.0]  1.5.58
ii  dpkg   1.18.3
ii  init-system-helpers1.24
ii  libaudit1  1:2.4.4-4
ii  libc6  2.21-4
ii  libcomerr2 1.42.13-1
ii  libgssapi-krb5-2   1.13.2+dfsg-4
ii  libkrb5-3  1.13.2+dfsg-4
ii  libpam-modules 1.1.8-3.1
ii  libpam-runtime 1.1.8-3.1
ii  libpam0g   1.1.8-3.1
ii  libselinux12.4-3
ii  libssl1.0.21.0.2e-1
ii  libsystemd0228-2
ii  libwrap0   7.6.q-25
ii  lsb-base   9.20150917
ii  openssh-client 1:7.1p1-5
ii  openssh-sftp-server1:7.1p1-5
ii  procps 2:3.3.10-4+b1
ii  zlib1g 1:1.2.8.dfsg-2+b1

Versions of packages openssh-server recommends:
ii  ncurses-term  6.0+20151024-2
ii  xauth 1:1.0.9-1

Versions of packages openssh-server suggests:
ii  ksshaskpass [ssh-askpass]  4:5.4.3-1
ii  kwalletcli [ssh-askpass]   2.12-5
pn  molly-guard
pn  monkeysphere   
pn  rssh   
pn  ufw

-- debconf information excluded
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.1p1-6

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 809...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson  (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 04 Jan 2016 15:09:10 +
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server 
ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.1p1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Colin Watson 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 809035 809695 809696
Changes:
 openssh (1:7.1p1-6) unstable; urgency=medium
 .
   [ Colin

Bug#809035: marked as done (ssh.service notification warning in syslog)

2016-01-04 Thread Debian Bug Tracking System 
Your message dated Mon, 04 Jan 2016 16:23:50 +
with message-id 
and subject line Bug#809035: fixed in openssh 1:7.1p1-6
has caused the Debian Bug report #809035,
regarding ssh.service notification warning in syslog
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
809035: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809035
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: openssh-server
Version: 1:7.1p1-5
Severity: minor

I started to see the following messages in syslog recently:

Dec 22 18:12:36 e systemd[1]: ssh.service: Got notification message from PID 
6719, but reception only permitted for main PID 31374
Dec 22 18:32:55 e systemd[1]: ssh.service: Got notification message from PID 
6783, but reception only permitted for main PID 31374


Is this an useless warning, or a real problem in the ssh service, or ...?
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:7.1p1-6

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 809...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson  (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 04 Jan 2016 15:09:10 +
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server 
ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.1p1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Colin Watson 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 809035 809695 809696
Changes:
 openssh (1:7.1p1-6) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Remove explicit "XS-Testsuite: autopkgtest" from debian/control;
 dpkg-source now figures that out automatically based on the existence of
 debian/tests/control.
   * Allow authenticating as root using gssapi-keyex even with
 "PermitRootLogin prohibit-password" (closes: #809695).
   * Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little
 later in ssh_kex2 so that it's actually effective (closes: #809696).
 .
   [ Michael Biebl ]
   * Don't call sd_notify when sshd is re-execed (closes: #809035).
Checksums-Sha1:
 254c98fc4fa99eb2b7ba7eb39e1c70def48aa70c 2835 openssh_7.1p1-6.dsc
 f6a86ead13a5535f4e0ef3c2f46c85ef1422b6eb 148788 openssh_7.1p1-6.debian.tar.xz
Checksums-Sha256:
 3300bb7d57d1744b29c36ac1095d81fe345ef388d4e4447a3e4719fe31a054cf 2835 
openssh_7.1p1-6.dsc
 31239f540911a21d337f72e40a88ef81c5bf1a49aed54a3806b98148281f2be5 148788 
openssh_7.1p1-6.debian.tar.xz
Files:
 2e76218f302f8e24a9857b8d83b80fcc 2835 net standard openssh_7.1p1-6.dsc
 db7e7b7194e09f4ff7a462303eb14b71 148788 net standard 
openssh_7.1p1-6.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Colin Watson  -- Debian developer

iQIVAwUBVoqNLDk1h9l9hlALAQhaxA/+JaIByj9CmnWVHs5XYkWXxijYzKih2FbR
f/bMbwkavHx2mV+FimFM9tYm7M8OHUG/W3XtFQyB4SuQl8EMHagbqzzH0BAmG6nK
snZy6MEoqL1/MkysYNxwLfB09C9Xo+uw6nPsF8wHHaRybOtfpDXCNkZrgrfC4Rc3
4VFXeqlNP0TqXusEt1GDNhDz+wHJ4hz36OM76qQuE836MqYfR8bV1nu7Z2yGyK2f
dNegixCuAGzKoIDmHgsQyzWa8xgn6w8cRZkfL1T2GxGPTfXnWoSsE0oVs15zVKn4
aZxtBePl7uW2WwSxztLuxMOZDZhjNUSGLK7qIvt64ojMcXtUcLlfYiKwkS1SDr/O

openssh_7.1p1-6_source.changes ACCEPTED into unstable

2016-01-04 Thread Debian FTP Masters 


Accepted:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Mon, 04 Jan 2016 15:09:10 +
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server 
ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.1p1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers 
Changed-By: Colin Watson 
Description:
 openssh-client - secure shell (SSH) client, for secure access to remote 
machines
 openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote 
machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access 
from remot
 ssh- secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for 
ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 809035 809695 809696
Changes:
 openssh (1:7.1p1-6) unstable; urgency=medium
 .
   [ Colin Watson ]
   * Remove explicit "XS-Testsuite: autopkgtest" from debian/control;
 dpkg-source now figures that out automatically based on the existence of
 debian/tests/control.
   * Allow authenticating as root using gssapi-keyex even with
 "PermitRootLogin prohibit-password" (closes: #809695).
   * Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little
 later in ssh_kex2 so that it's actually effective (closes: #809696).
 .
   [ Michael Biebl ]
   * Don't call sd_notify when sshd is re-execed (closes: #809035).
Checksums-Sha1:
 254c98fc4fa99eb2b7ba7eb39e1c70def48aa70c 2835 openssh_7.1p1-6.dsc
 f6a86ead13a5535f4e0ef3c2f46c85ef1422b6eb 148788 openssh_7.1p1-6.debian.tar.xz
Checksums-Sha256:
 3300bb7d57d1744b29c36ac1095d81fe345ef388d4e4447a3e4719fe31a054cf 2835 
openssh_7.1p1-6.dsc
 31239f540911a21d337f72e40a88ef81c5bf1a49aed54a3806b98148281f2be5 148788 
openssh_7.1p1-6.debian.tar.xz
Files:
 2e76218f302f8e24a9857b8d83b80fcc 2835 net standard openssh_7.1p1-6.dsc
 db7e7b7194e09f4ff7a462303eb14b71 148788 net standard 
openssh_7.1p1-6.debian.tar.xz

-BEGIN PGP SIGNATURE-
Version: GnuPG v1
Comment: Colin Watson  -- Debian developer

iQIVAwUBVoqNLDk1h9l9hlALAQhaxA/+JaIByj9CmnWVHs5XYkWXxijYzKih2FbR
f/bMbwkavHx2mV+FimFM9tYm7M8OHUG/W3XtFQyB4SuQl8EMHagbqzzH0BAmG6nK
snZy6MEoqL1/MkysYNxwLfB09C9Xo+uw6nPsF8wHHaRybOtfpDXCNkZrgrfC4Rc3
4VFXeqlNP0TqXusEt1GDNhDz+wHJ4hz36OM76qQuE836MqYfR8bV1nu7Z2yGyK2f
dNegixCuAGzKoIDmHgsQyzWa8xgn6w8cRZkfL1T2GxGPTfXnWoSsE0oVs15zVKn4
aZxtBePl7uW2WwSxztLuxMOZDZhjNUSGLK7qIvt64ojMcXtUcLlfYiKwkS1SDr/O
2/jYQIXIWvoWVah1OzVhzpcnYB1ibORMDFK8EJFQkT9Idb6ERvD2pQDKVjUZ7A+d
88M93xgKOhyDcAzzRi4baqzNtBmcOa121gUVsXg6m1uKYc8VrumZrZBKZtt9gTGy
xGjp3ZD4r7j7/eM13R3k/AiLCac17LJdZ/MNHtvqHln63y5QTqamaRQykG+fPb1s
D3N9tPtTgygMXv/JGbXMXFLmJEMeesr8reHY2y6/iq86qQ3CslbJy4yInAmZh4Jy
T5QrnzRVu8vdBGpjTnmW1QLEccIUcuYo/axz6dPMOdYi2Mn2sbptBIs9g7FKxb9z
UOiUowxk398=
=McOD
-END PGP SIGNATURE-


Thank you for your contribution to Debian.