summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2006-05-12 08:53:37 +0000
committerColin Watson <cjwatson@debian.org>2006-05-12 08:53:37 +0000
commit2ee73b36b9a35daeaa4b065046882dc1f5f551b6 (patch)
treef64a4ace625514e94759878c0b94ab0a79805bbd /debian
parent3c190ec8e469477ea65fbf4cc83062c65c281434 (diff)
parent3e2e0ac10674d77618c4c7339e18b83ced247492 (diff)
Merge 4.3p2 to the trunk.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog44
1 files changed, 42 insertions, 2 deletions
diff --git a/debian/changelog b/debian/changelog
index 0d0363119..98e6ed73a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,45 @@
1openssh (1:4.2p1-9) UNRELEASED; urgency=low 1openssh (1:4.3p2-1) UNRELEASED; urgency=low
2 2
3 * New upstream release (closes: #361032).
4 - CVE-2006-0225: scp (as does rcp, on which it is based) invoked a
5 subshell to perform local to local, and remote to remote copy
6 operations. This subshell exposed filenames to shell expansion twice;
7 allowing a local attacker to create filenames containing shell
8 metacharacters that, if matched by a wildcard, could lead to execution
9 of attacker-specified commands with the privilege of the user running
10 scp (closes: #349645).
11 - Add support for tunneling arbitrary network packets over a connection
12 between an OpenSSH client and server via tun(4) virtual network
13 interfaces. This allows the use of OpenSSH (4.3+) to create a true VPN
14 between the client and server providing real network connectivity at
15 layer 2 or 3. This feature is experimental.
16 - Reduce default key length for new DSA keys generated by ssh-keygen
17 back to 1024 bits. DSA is not specified for longer lengths and does
18 not fully benefit from simply making keys longer. As per FIPS 186-2
19 Change Notice 1, ssh-keygen will refuse to generate a new DSA key
20 smaller or larger than 1024 bits.
21 - Fixed X forwarding failing to start when the X11 client is executed in
22 background at the time of session exit.
23 - Change ssh-keygen to generate a protocol 2 RSA key when invoked
24 without arguments (closes: #114894).
25 - Fix timing variance for valid vs. invalid accounts when attempting
26 Kerberos authentication.
27 - Ensure that ssh always returns code 255 on internal error
28 (closes: #259865).
29 - Cleanup wtmp files on SIGTERM when not using privsep.
30 - Set SO_REUSEADDR on X11 listeners to avoid problems caused by
31 lingering sockets from previous session (X11 applications can
32 sometimes not connect to 127.0.0.1:60xx) (closes:
33 https://launchpad.net/bugs/25528).
34 - Ensure that fds 0, 1 and 2 are always attached in all programs, by
35 duping /dev/null to them if necessary.
36 - Xauth list invocation had bogus "." argument.
37 - Remove internal assumptions on key exchange hash algorithm and output
38 length, preparing OpenSSH for KEX methods with alternate hashes.
39 - Ignore junk sent by a server before it sends the "SSH-" banner.
40 - Many manual page improvements.
41 - Lots of cleanups, including fixes to memory leaks on error paths and
42 possible crashes.
3 * Rename KeepAlive to TCPKeepAlive in default sshd_config 43 * Rename KeepAlive to TCPKeepAlive in default sshd_config
4 (closes: #349896). 44 (closes: #349896).
5 * debconf template translations: 45 * debconf template translations: