* New upstream release (LP: #535029).

  - After a transition period of about 10 years, this release disables SSH
    protocol 1 by default.  Clients and servers that need to use the
    legacy protocol must explicitly enable it in ssh_config / sshd_config
    or on the command-line.
  - Remove the libsectok/OpenSC-based smartcard code and add support for
    PKCS#11 tokens.  This support is enabled by default in the Debian
    packaging, since it now doesn't involve additional library
    dependencies (closes: #231472, LP: #16918).
  - Add support for certificate authentication of users and hosts using a
    new, minimal OpenSSH certificate format (closes: #482806).
  - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
  - Add the ability to revoke keys in sshd(8) and ssh(1).  (For the Debian
    package, this overlaps with the key blacklisting facility added in
    openssh 1:4.7p1-9, but with different file formats and slightly
    different scopes; for the moment, I've roughly merged the two.)
  - Various multiplexing improvements, including support for requesting
    port-forwardings via the multiplex protocol (closes: #360151).
  - Allow setting an explicit umask on the sftp-server(8) commandline to
    override whatever default the user has (closes: #496843).
  - Many sftp client improvements, including tab-completion, more options,
    and recursive transfer support for get/put (LP: #33378).  The old
    mget/mput commands never worked properly and have been removed
    (closes: #270399, #428082).
  - Do not prompt for a passphrase if we fail to open a keyfile, and log
    the reason why the open failed to debug (closes: #431538).
  - Prevent sftp from crashing when given a "-" without a command.  Also,
    allow whitespace to follow a "-" (closes: #531561).

1 files changed, 11 insertions, 10 deletions

diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
index c82563033..ccd9a668e 100644
--- a/debian/patches/ssh1-keepalive.patch
+++ b/debian/patches/ssh1-keepalive.patch
@@ -7,13 +7,20 @@ Index: b/clientloop.c
 ===================================================================
 --- a/clientloop.c
 +++ b/clientloop.c
-@@ -502,16 +502,21 @@
+@@ -507,16 +507,21 @@
  static void
  server_alive_check(void)
  {
 -       if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
 -               logit("Timeout, server not responding.");
 -               cleanup_exit(255);
+-       }
+-       packet_start(SSH2_MSG_GLOBAL_REQUEST);
+-       packet_put_cstring("keepalive@openssh.com");
+-       packet_put_char(1);     /* boolean: want reply */
+-       packet_send();
+-       /* Insert an empty placeholder to maintain ordering */
+-       client_register_global_confirm(NULL, NULL);
 +       if (compat20) {
 +               if (packet_inc_alive_timeouts() > options.server_alive_count_max) {
 +                       logit("Timeout, server not responding.");
@@ -28,17 +35,11 @@ Index: b/clientloop.c
 +       } else {
 +               packet_send_ignore(0);
 +               packet_send();
-        }
--       packet_start(SSH2_MSG_GLOBAL_REQUEST);
--       packet_put_cstring("keepalive@openssh.com");
--       packet_put_char(1);     /* boolean: want reply */
--       packet_send();
--       /* Insert an empty placeholder to maintain ordering */
--       client_register_global_confirm(NULL, NULL);
++       }
  }
  
  /*
-@@ -572,7 +577,7 @@
+@@ -574,7 +579,7 @@
          * event pending.
          */
  
@@ -51,7 +52,7 @@ Index: b/ssh_config.5
 ===================================================================
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -935,7 +935,10 @@
+@@ -956,7 +956,10 @@
  .Cm ServerAliveCountMax
  is left at the default, if the server becomes unresponsive,
  ssh will disconnect after approximately 45 seconds.