-
openssh (1:7.5p1-10ubuntu0.1) artful-security; urgency=medium
* SECURITY UPDATE: DoS via zero-length file creation in readonly mode
- debian/patches/CVE-2017-15906.patch: disallow creation of empty files
in sftp-server.c.
- CVE-2017-15906
-- Marc Deslauriers <email address hidden> Tue, 16 Jan 2018 08:28:47 -0500
-
openssh (1:7.5p1-10) unstable; urgency=medium
* Tell haveged to create the pid file we expect.
* Give up and use systemctl to start haveged if running under systemd;
this shouldn't be necessary, but I can't seem to get things working in
the Ubuntu autopkgtest environment otherwise.
-- Colin Watson <email address hidden> Fri, 01 Sep 2017 11:17:19 +0100
-
openssh (1:7.5p1-9) unstable; urgency=medium
* Run debian/tests/regress with "set -x".
* Run haveged without "-w 1024", as setting the low water mark doesn't
seem possible in all autopkgtest virtualisation environments.
-- Colin Watson <email address hidden> Thu, 31 Aug 2017 13:23:04 +0100
-
openssh (1:7.5p1-8) unstable; urgency=medium
* Drop openssh-client-ssh1, now built by a separate source package.
* Run haveged during autopkgtests to ensure that they have enough entropy
for key generation (LP: #1712921).
* Apply patches from https://bugzilla.mindrot.org/show_bug.cgi?id=2752 to
allow some extra syscalls for crypto cards on s390x (LP: #1686618).
-- Colin Watson <email address hidden> Mon, 28 Aug 2017 12:16:35 +0100
-
openssh (1:7.5p1-7ubuntu2) artful; urgency=medium
* Enable haveged during autopkgtest, as virtual machines appear to run
out of entropy when networkd is enabled in the instance at the same
time. This will be further investigated, as it is not reasonable for
networkd to eat up all the previously available entropy. LP: #1712921
-- Dimitri John Ledkov <email address hidden> Thu, 24 Aug 2017 22:55:53 +0100
-
openssh (1:7.5p1-7ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Cherrypick updated patchset to open up sandbox, when openssl engine calls
into OpenCryptoki for hardware accelerated encryption. LP: #1686618
openssh (1:7.5p1-7) unstable; urgency=medium
* Fix spelling of RuntimeDirectoryMode (closes: #872976).
* Add RuntimeDirectory and RuntimeDirectoryMode to ssh@.service as well as
ssh.service (closes: #872978).
openssh (1:7.5p1-6) unstable; urgency=medium
[ Colin Watson ]
* Test configuration before starting or reloading sshd under systemd
(closes: #865770).
* Create /run/sshd under systemd using RuntimeDirectory rather than
tmpfiles.d (thanks, Dmitry Smirnov; closes: #864190).
[ Dimitri John Ledkov ]
* Drop upstart system and user jobs (closes: #872851).
[ Chris Lamb ]
* Quote IP address in suggested "ssh-keygen -f" calls (closes: #872643).
-- Dimitri John Ledkov <email address hidden> Wed, 23 Aug 2017 14:02:54 +0100
-
openssh (1:7.5p1-6ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Cherrypick updated patchset to open up sandbox, when openssl engine calls
into OpenCryptoki for hardware accelerated encryption. LP: #1686618
openssh (1:7.5p1-6) unstable; urgency=medium
[ Colin Watson ]
* Test configuration before starting or reloading sshd under systemd
(closes: #865770).
* Create /run/sshd under systemd using RuntimeDirectory rather than
tmpfiles.d (thanks, Dmitry Smirnov; closes: #864190).
[ Dimitri John Ledkov ]
* Drop upstart system and user jobs (closes: #872851).
[ Chris Lamb ]
* Quote IP address in suggested "ssh-keygen -f" calls (closes: #872643).
-- Dimitri John Ledkov <email address hidden> Wed, 23 Aug 2017 14:02:54 +0100
-
openssh (1:7.5p1-5ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
- Cherrypick updated patchset to open up sandbox, when openssl engine calls
into OpenCryptoki for hardware accelerated encryption. LP: #1686618
openssh (1:7.5p1-5) unstable; urgency=medium
* Upload to unstable.
* Fix syntax error in debian/copyright.
openssh (1:7.5p1-4) experimental; urgency=medium
* Drop README.Debian section on privilege separation, as it's no longer
optional.
* Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set
(LP: #1689299).
* Fix incoming compression statistics (thanks, Russell Coker; closes:
#797964).
* Relicense debian/* under a two-clause BSD licence for bidirectional
compatibility with upstream, with permission from Matthew Vernon and
others.
-- Dimitri John Ledkov <email address hidden> Fri, 28 Jul 2017 14:13:11 +0100
-
openssh (1:7.5p1-3ubuntu1) artful; urgency=medium
* On s390x, allow geteuid syscall in the sandbox, to allow openssh
connections to work when hw accelerated cryptography is enabled. This
patch is to be replaced by the one accepted upstream, when
reviewed. LP: #1686618
-- Dimitri John Ledkov <email address hidden> Mon, 22 May 2017 13:13:59 +0100
-
openssh (1:7.5p1-3) experimental; urgency=medium
* Fix debian/adjust-openssl-dependencies to account for preferring
libssl1.0-dev.
* Adjust OpenSSL dependencies for openssh-client-ssh1 too.
* Fix purge failure when /etc/ssh has already somehow been removed
(LP: #1682817).
* Ensure that /etc/ssh exists before trying to create /etc/ssh/sshd_config
(LP: #1685022).
-- Colin Watson <email address hidden> Tue, 02 May 2017 13:51:27 +0100
-
openssh (1:7.5p1-2) experimental; urgency=medium
* Add missing header on Linux/s390.
* Fix syntax error on Linux/X32.
-- Colin Watson <email address hidden> Sun, 02 Apr 2017 13:20:11 +0100
-
openssh (1:7.4p1-10) unstable; urgency=medium
* Move privilege separation directory and PID file from /var/run/ to /run/
(closes: #760422, #856825).
* Unbreak Unix domain socket forwarding for root (closes: #858252).
-- Colin Watson <email address hidden> Thu, 30 Mar 2017 11:19:04 +0100