-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 09 Oct 2014 14:05:56 +0100 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source i386 all Version: 1:6.7p1-1 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-...@lists.debian.org> Changed-By: Colin Watson <cjwat...@debian.org> Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh - secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Closes: 236718 734553 Changes: openssh (1:6.7p1-1) unstable; urgency=medium . * New upstream release (http://www.openssh.com/txt/release-6.7): - sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. - ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket (closes: #236718). - ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. - sftp(1): Allow resumption of interrupted uploads. - ssh(1): When rekeying, skip file/DNS lookups of the hostkey if it is the same as the one sent during initial key exchange. - sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind addresses when GatewayPorts=no; allows client to choose address family. - sshd(8): Add a sshd_config PermitUserRC option to control whether ~/.ssh/rc is executed, mirroring the no-user-rc authorized_keys option. - ssh(1): Add a %C escape sequence for LocalCommand and ControlPath that expands to a unique identifer based on a hash of the tuple of (local host, remote user, hostname, port). Helps avoid exceeding miserly pathname limits for Unix domain sockets in multiplexing control paths. - sshd(8): Make the "Too many authentication failures" message include the user, source address, port and protocol in a format similar to the authentication success / failure messages. - Use CLOCK_BOOTTIME in preference to CLOCK_MONOTONIC when it is available. It considers time spent suspended, thereby ensuring timeouts (e.g. for expiring agent keys) fire correctly (closes: #734553). - Use prctl() to prevent sftp-server from accessing /proc/self/{mem,maps}. * Restore TCP wrappers support, removed upstream in 6.7. It is true that dropping this reduces preauth attack surface in sshd. On the other hand, this support seems to be quite widely used, and abruptly dropping it (from the perspective of users who don't read openssh-unix-dev) could easily cause more serious problems in practice. It's not entirely clear what the right long-term answer for Debian is, but it at least probably doesn't involve dropping this feature shortly before a freeze. * Replace patch to disable OpenSSL version check with an updated version of Kurt Roeckx's patch from #732940 to just avoid checking the status field. * Build-depend on a new enough dpkg-dev for dpkg-buildflags, rather than simply a new enough dpkg. * Simplify debian/rules using /usr/share/dpkg/buildflags.mk. * Use Package-Type rather than XC-Package-Type, now that it is an official field. * Run a subset of the upstream regression test suite at package build time, and the rest of it under autopkgtest. Checksums-Sha1: 432b4f60be0d6689db6d729a242832949f1736e1 2737 openssh_6.7p1-1.dsc 14e5fbed710ade334d65925e080d1aaeb9c85bf6 1351367 openssh_6.7p1.orig.tar.gz 0c2a6f1890418afec40e77574c4ab36bbc5c6636 146236 openssh_6.7p1-1.debian.tar.xz c4b5841fc93fff6e980b16ed62e02b771ae8ae85 748150 openssh-client_6.7p1-1_i386.deb fa2be96c67a06e2fb784c8bbc03acd14c40efee9 368586 openssh-server_6.7p1-1_i386.deb e553223a27503101fabe29db196254e6a1781a71 42744 openssh-sftp-server_6.7p1-1_i386.deb dcc3995c353b6212139a36fde77352a47e787e65 118890 ssh_6.7p1-1_all.deb 0ae5b8674b11717dd1fd3eab6274248a46004965 118708 ssh-krb5_6.7p1-1_all.deb 8e2dbb5afa2af97e4910d296c05e86456036a387 126526 ssh-askpass-gnome_6.7p1-1_i386.deb 06259df5aa27a3f159c3a82c68fd4e0c0b607eb5 265248 openssh-client-udeb_6.7p1-1_i386.udeb 5f655b93386f6b49fa5e040b4f70739d94160835 292376 openssh-server-udeb_6.7p1-1_i386.udeb Checksums-Sha256: 43bf6648c00aafbe3d435957977b6438bcfc01847fe4225822f85f29db55f565 2737 openssh_6.7p1-1.dsc b2f8394eae858dabbdef7dac10b99aec00c95462753e80342e530bbb6f725507 1351367 openssh_6.7p1.orig.tar.gz a88f23aa65eb504a6e27dbf68a24ee99d7402b736982f93dba636d31198cc62d 146236 openssh_6.7p1-1.debian.tar.xz a5a92bbe55e6f2bc47f2d7485efa31c7e8fc3e92e0929625cea7958b33895728 748150 openssh-client_6.7p1-1_i386.deb 7f80665b507ddb7466706a14efdae31e38f46dfd9a681bcd5f737db194ca4875 368586 openssh-server_6.7p1-1_i386.deb 975066291f0e31357b2ee6e490d922bdbf3ff550ac29eae770ec8fdce72af53a 42744 openssh-sftp-server_6.7p1-1_i386.deb 4416339947c551ae7358d0583dc0c85031de12ece8d9c5ca636891323b089d5e 118890 ssh_6.7p1-1_all.deb 041c859808016cfd2d626b9f8ec011643bd5a5655dd2dd3873b990ea036cc153 118708 ssh-krb5_6.7p1-1_all.deb 3f991cd5a7220fe8b4d2c335b4a14230ae8582fa35420f2704ab04ede51b8c3f 126526 ssh-askpass-gnome_6.7p1-1_i386.deb 1c1ebcb572d56b75fd44bf50d3e232f061c7cd30ed8a6536338f7bd43b3613ef 265248 openssh-client-udeb_6.7p1-1_i386.udeb c71b44a848bb7f08982af1ca18d06255a75b43efd45c04cad6c826f5d59db736 292376 openssh-server-udeb_6.7p1-1_i386.udeb Files: e867bfe76227ac6bdad2308a0f54e0b7 2737 net standard openssh_6.7p1-1.dsc 3246aa79317b1d23cae783a3bf8275d6 1351367 net standard openssh_6.7p1.orig.tar.gz 26ee6aaddc210157a822cc7bb65f79dd 146236 net standard openssh_6.7p1-1.debian.tar.xz 7709323e0c5ee8e514eacf4c65e47797 748150 net standard openssh-client_6.7p1-1_i386.deb ca6ad627a00b3ce0c0caf3e168a33f3f 368586 net optional openssh-server_6.7p1-1_i386.deb c4fcb98f5fd50a52d4581fa45e4770be 42744 net optional openssh-sftp-server_6.7p1-1_i386.deb b3b7c40c3492a975fb85b766ef3fba93 118890 net extra ssh_6.7p1-1_all.deb 6ba982c5a81d8a5edfe6834f52553749 118708 oldlibs extra ssh-krb5_6.7p1-1_all.deb 8d243dcea350afef2d0f76f89118d5ca 126526 gnome optional ssh-askpass-gnome_6.7p1-1_i386.deb 36899d041f2462cb9f6706f68b8c3a3d 265248 debian-installer optional openssh-client-udeb_6.7p1-1_i386.udeb d13ee9f17fee08edcbe6c48473c0f84c 292376 debian-installer optional openssh-server-udeb_6.7p1-1_i386.udeb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Colin Watson <cjwat...@debian.org> -- Debian developer iQIVAwUBVDaYGjk1h9l9hlALAQhn6g/8DdqwDCLrFMttxSrIasisWksZo1Im6W7L 6Xsz1UVb8necgl0ERd3oDozrrWGHNBEDv2jjVOM4W87NLxbP8+90PRWue/cD4O8n XGeMXoshBxiknBWKeTvaNPQdm3bT3/sYUi9Xg886QY+nbmGstiVr5ygLlmM+wY0A 29e9N7iQ/hRh564wGFZ1SEe8POEP0AqODWx8rUUpgugSRFRKbGsI51/R3eEoy+FW BKmIy5MKU+ynw8y59r9ROQbNFKGoSG4sauqpWNDrIuujVArZapDe/ecrxgEkFMqq tHKsOc9e6xRarvIPJuwCpMqshsEJnbgJMSsVOwQBj/DMP9XGXEBcael5So0jxeuZ pKZKN+YLNTwfvHnptyaGbR3chP2lX94mxZZJzVquefFI2GqWB0JCTS0QQxeNcV2P Y+2K6ZsE57KUprV6cAvHKftoxGKoXMxrEkNhsYXSr1h0DihC9gMbvqrifntR6YUh yzTAiVhbty23qzw5NruOsnovhk/xJbYui6cMdo/CJoM/OppxNLx4OVgi3Li77ZB4 0IeIs3WNdhMpF7oKkW/GpD/bLeVNoo7c9/RZgNu+t7qGw0MN1tw+V/4OPCAmw47q HZ+VWEm6Tny5xFtVjxQJWj2zFyW+z7NVifQewurN1AuOsgkoPAAyYA8GXlTSgVTc jBt0yObMzSk= =FUhx -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1xcg2p-0002fu...@franck.debian.org