-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 12 May 2006 12:48:24 +0100 Source: openssh Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb Architecture: source powerpc all Version: 1:4.3p2-1 Distribution: unstable Urgency: low Maintainer: Matthew Vernon <matthew@debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Description: openssh-client - Secure shell client, an rlogin/rsh/rcp replacement openssh-client-udeb - Secure shell client for the Debian installer (udeb) openssh-server - Secure shell server, an rshd replacement openssh-server-udeb - Secure shell server for the Debian installer (udeb) ssh - Secure shell client and server (transitional package) ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add Closes: 114894 259865 349645 349896 352042 360348 361032 361220 Changes: openssh (1:4.3p2-1) unstable; urgency=low . * New upstream release (closes: #361032). - CVE-2006-0225: scp (as does rcp, on which it is based) invoked a subshell to perform local to local, and remote to remote copy operations. This subshell exposed filenames to shell expansion twice; allowing a local attacker to create filenames containing shell metacharacters that, if matched by a wildcard, could lead to execution of attacker-specified commands with the privilege of the user running scp (closes: #349645). - Add support for tunneling arbitrary network packets over a connection between an OpenSSH client and server via tun(4) virtual network interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN between the client and server providing real network connectivity at layer 2 or 3. This feature is experimental. - Reduce default key length for new DSA keys generated by ssh-keygen back to 1024 bits. DSA is not specified for longer lengths and does not fully benefit from simply making keys longer. As per FIPS 186-2 Change Notice 1, ssh-keygen will refuse to generate a new DSA key smaller or larger than 1024 bits. - Fixed X forwarding failing to start when the X11 client is executed in background at the time of session exit. - Change ssh-keygen to generate a protocol 2 RSA key when invoked without arguments (closes: #114894). - Fix timing variance for valid vs. invalid accounts when attempting Kerberos authentication. - Ensure that ssh always returns code 255 on internal error (closes: #259865). - Cleanup wtmp files on SIGTERM when not using privsep. - Set SO_REUSEADDR on X11 listeners to avoid problems caused by lingering sockets from previous session (X11 applications can sometimes not connect to 127.0.0.1:60xx) (closes: https://launchpad.net/bugs/25528). - Ensure that fds 0, 1 and 2 are always attached in all programs, by duping /dev/null to them if necessary. - Xauth list invocation had bogus "." argument. - Remove internal assumptions on key exchange hash algorithm and output length, preparing OpenSSH for KEX methods with alternate hashes. - Ignore junk sent by a server before it sends the "SSH-" banner. - Many manual page improvements. - Lots of cleanups, including fixes to memory leaks on error paths and possible crashes. * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch (closes: #352042). * debian/rules: Resynchronise CFLAGS with that generated by configure. * Restore pam_nologin to /etc/pam.d/ssh; sshd no longer checks this itself when PAM is enabled, but relies on PAM to do it. * Rename KeepAlive to TCPKeepAlive in default sshd_config (closes: #349896). * Rephrase ssh/new_config and ssh/encrypted_host_key_but_no_keygen debconf templates to make boolean short descriptions end with a question mark and to avoid use of the first person. * Ship README.tun. * Policy version 3.7.2: no changes required. * debconf template translations: - Update Italian (thanks, Luca Monducci; closes: #360348). - Add Galician (thanks, Jacobo Tarrio; closes: #361220). Files: 8d1f58e7d3b425bd1ef12e3371ffc68f 990 net standard openssh_4.3p2-1.dsc 239fc801443acaffd4c1f111948ee69c 920186 net standard openssh_4.3p2.orig.tar.gz a8c086845a068a536ca0dc3321bd521a 162625 net standard openssh_4.3p2-1.diff.gz a22fdf533137fa2d03a61dde4d4f580f 1052 net extra ssh_4.3p2-1_all.deb d9ceadbb42d05c28581275e87038e6ec 623544 net standard openssh-client_4.3p2-1_powerpc.deb bd5163ae4860b2cbbe89eaaad7ad0a63 223824 net optional openssh-server_4.3p2-1_powerpc.deb c0f609fd7ba81691924e44da1c23106d 98662 gnome optional ssh-askpass-gnome_4.3p2-1_powerpc.deb 9c37157b73710391a8e893b735732d68 165182 debian-installer optional openssh-client-udeb_4.3p2-1_powerpc.udeb b74fff399f1586d316f284454abef7a0 168630 debian-installer optional openssh-server-udeb_4.3p2-1_powerpc.udeb Package-Type: udeb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEZHrp9t0zAhD6TNERAvREAJ4gTdqtZk4gQ48u/NGy97U0Dku7QQCfZJSI ODLtJHsGi9NB/39+0FQVU/E= =1Fuo -----END PGP SIGNATURE----- Accepted: openssh-client-udeb_4.3p2-1_powerpc.udeb to pool/main/o/openssh/openssh-client-udeb_4.3p2-1_powerpc.udeb openssh-client_4.3p2-1_powerpc.deb to pool/main/o/openssh/openssh-client_4.3p2-1_powerpc.deb openssh-server-udeb_4.3p2-1_powerpc.udeb to pool/main/o/openssh/openssh-server-udeb_4.3p2-1_powerpc.udeb openssh-server_4.3p2-1_powerpc.deb to pool/main/o/openssh/openssh-server_4.3p2-1_powerpc.deb openssh_4.3p2-1.diff.gz to pool/main/o/openssh/openssh_4.3p2-1.diff.gz openssh_4.3p2-1.dsc to pool/main/o/openssh/openssh_4.3p2-1.dsc openssh_4.3p2.orig.tar.gz to pool/main/o/openssh/openssh_4.3p2.orig.tar.gz ssh-askpass-gnome_4.3p2-1_powerpc.deb to pool/main/o/openssh/ssh-askpass-gnome_4.3p2-1_powerpc.deb ssh_4.3p2-1_all.deb to pool/main/o/openssh/ssh_4.3p2-1_all.deb