diff options
| author | Colin Watson <cjwatson@debian.org> | 2006-05-12 08:53:37 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2006-05-12 08:53:37 +0000 |
| commit | 2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (patch) | |
| tree | f64a4ace625514e94759878c0b94ab0a79805bbd /debian | |
| parent | 3c190ec8e469477ea65fbf4cc83062c65c281434 (diff) | |
| parent | 3e2e0ac10674d77618c4c7339e18b83ced247492 (diff) | |
Merge 4.3p2 to the trunk.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog index 0d0363119..98e6ed73a 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,5 +1,45 @@ | |||
| 1 | openssh (1:4.2p1-9) UNRELEASED; urgency=low | 1 | openssh (1:4.3p2-1) UNRELEASED; urgency=low |
| 2 | 2 | ||
| 3 | * New upstream release (closes: #361032). | ||
| 4 | - CVE-2006-0225: scp (as does rcp, on which it is based) invoked a | ||
| 5 | subshell to perform local to local, and remote to remote copy | ||
| 6 | operations. This subshell exposed filenames to shell expansion twice; | ||
| 7 | allowing a local attacker to create filenames containing shell | ||
| 8 | metacharacters that, if matched by a wildcard, could lead to execution | ||
| 9 | of attacker-specified commands with the privilege of the user running | ||
| 10 | scp (closes: #349645). | ||
| 11 | - Add support for tunneling arbitrary network packets over a connection | ||
| 12 | between an OpenSSH client and server via tun(4) virtual network | ||
| 13 | interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN | ||
| 14 | between the client and server providing real network connectivity at | ||
| 15 | layer 2 or 3. This feature is experimental. | ||
| 16 | - Reduce default key length for new DSA keys generated by ssh-keygen | ||
| 17 | back to 1024 bits. DSA is not specified for longer lengths and does | ||
| 18 | not fully benefit from simply making keys longer. As per FIPS 186-2 | ||
| 19 | Change Notice 1, ssh-keygen will refuse to generate a new DSA key | ||
| 20 | smaller or larger than 1024 bits. | ||
| 21 | - Fixed X forwarding failing to start when the X11 client is executed in | ||
| 22 | background at the time of session exit. | ||
| 23 | - Change ssh-keygen to generate a protocol 2 RSA key when invoked | ||
| 24 | without arguments (closes: #114894). | ||
| 25 | - Fix timing variance for valid vs. invalid accounts when attempting | ||
| 26 | Kerberos authentication. | ||
| 27 | - Ensure that ssh always returns code 255 on internal error | ||
| 28 | (closes: #259865). | ||
| 29 | - Cleanup wtmp files on SIGTERM when not using privsep. | ||
| 30 | - Set SO_REUSEADDR on X11 listeners to avoid problems caused by | ||
| 31 | lingering sockets from previous session (X11 applications can | ||
| 32 | sometimes not connect to 127.0.0.1:60xx) (closes: | ||
| 33 | https://launchpad.net/bugs/25528). | ||
| 34 | - Ensure that fds 0, 1 and 2 are always attached in all programs, by | ||
| 35 | duping /dev/null to them if necessary. | ||
| 36 | - Xauth list invocation had bogus "." argument. | ||
| 37 | - Remove internal assumptions on key exchange hash algorithm and output | ||
| 38 | length, preparing OpenSSH for KEX methods with alternate hashes. | ||
| 39 | - Ignore junk sent by a server before it sends the "SSH-" banner. | ||
| 40 | - Many manual page improvements. | ||
| 41 | - Lots of cleanups, including fixes to memory leaks on error paths and | ||
| 42 | possible crashes. | ||
| 3 | * Rename KeepAlive to TCPKeepAlive in default sshd_config | 43 | * Rename KeepAlive to TCPKeepAlive in default sshd_config |
| 4 | (closes: #349896). | 44 | (closes: #349896). |
| 5 | * debconf template translations: | 45 | * debconf template translations: |