Accepted openssh 1:7.2p1-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 08 Mar 2016 11:47:20 +0000
Source: openssh
Binary: openssh-client openssh-client-ssh1 openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source
Version: 1:7.2p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - secure shell (SSH) client, for secure access to remote machines
openssh-client-ssh1 - secure shell (SSH) client for legacy SSH1 protocol
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell (SSH) server, for secure access from remote machines
openssh-server-udeb - secure shell server for the Debian installer (udeb)
openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot
ssh - secure shell client and server (metapackage)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 509058 811125
Changes:
openssh (1:7.2p1-1) unstable; urgency=medium
.
* New upstream release (http://www.openssh.com/txt/release-7.2):
- This release disables a number of legacy cryptographic algorithms by
default in ssh:
+ Several ciphers blowfish-cbc, cast128-cbc, all arcfour variants and
the rijndael-cbc aliases for AES.
+ MD5-based and truncated HMAC algorithms.
These algorithms are already disabled by default in sshd.
- ssh(1), sshd(8): Remove unfinished and unused roaming code (was
already forcibly disabled in OpenSSH 7.1p2).
- ssh(1): Eliminate fallback from untrusted X11 forwarding to trusted
forwarding when the X server disables the SECURITY extension.
- ssh(1), sshd(8): Increase the minimum modulus size supported for
diffie-hellman-group-exchange to 2048 bits.
- sshd(8): Pre-auth sandboxing is now enabled by default (previous
releases enabled it for new installations via sshd_config).
- all: Add support for RSA signatures using SHA-256/512 hash algorithms
based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt.
- ssh(1): Add an AddKeysToAgent client option which can be set to 'yes',
'no', 'ask', or 'confirm', and defaults to 'no'. When enabled, a
private key that is used during authentication will be added to
ssh-agent if it is running (with confirmation enabled if set to
'confirm').
- sshd(8): Add a new authorized_keys option "restrict" that includes all
current and future key restrictions (no-*-forwarding, etc.). Also add
permissive versions of the existing restrictions, e.g. "no-pty" ->
"pty". This simplifies the task of setting up restricted keys and
ensures they are maximally-restricted, regardless of any permissions
we might implement in the future.
- ssh(1): Add ssh_config CertificateFile option to explicitly list
certificates.
- ssh-keygen(1): Allow ssh-keygen to change the key comment for all
supported formats (closes: #811125).
- ssh-keygen(1): Allow fingerprinting from standard input, e.g.
"ssh-keygen -lf -" (closes: #509058).
- ssh-keygen(1): Allow fingerprinting multiple public keys in a file,
e.g. "ssh-keygen -lf ~/.ssh/authorized_keys".
- sshd(8): Support "none" as an argument for sshd_config Foreground and
ChrootDirectory. Useful inside Match blocks to override a global
default.
- ssh-keygen(1): Support multiple certificates (one per line) and
reading from standard input (using "-f -") for "ssh-keygen -L"
- ssh-keyscan(1): Add "ssh-keyscan -c ..." flag to allow fetching
certificates instead of plain keys.
- ssh(1): Better handle anchored FQDNs (e.g. 'cvs.openbsd.org.') in
hostname canonicalisation - treat them as already canonical and remove
the trailing '.' before matching ssh_config.
- sftp(1): Existing destination directories should not terminate
recursive uploads (regression in OpenSSH 6.8; LP: #1553378).
* Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.
* Restore slogin symlinks for compatibility, although they were removed
upstream.
Checksums-Sha1:
cf84d64c03d2125fe8afde34d41a9eb611998b58 2837 openssh_7.2p1-1.dsc
d30a6fd472199ab5838a7668c0c5fd885fb8d371 1499707 openssh_7.2p1.orig.tar.gz
4f1748ebf771840951a950a2f9f30f4770cb7b4e 149096 openssh_7.2p1-1.debian.tar.xz
Checksums-Sha256:
bf48023b9dc6ef343deceb641075ceb9d3c883dc2310f9c793355bdd8732692e 2837 openssh_7.2p1-1.dsc
973cc37b2f3597e4cf599b09e604e79c0fe5d9b6f595a24e91ed0662860b4ac3 1499707 openssh_7.2p1.orig.tar.gz
126f2caf91d9137e4b0a5d665ffa2d3c1a3ca2d8e91337bba92522ea103d2d00 149096 openssh_7.2p1-1.debian.tar.xz
Files:
eb5050ee831c1f34d5890a542af783d5 2837 net standard openssh_7.2p1-1.dsc
b984775f0cfff1f7ff18b8797fce8a28 1499707 net standard openssh_7.2p1.orig.tar.gz
fbac966761c2977d3a8e25f7832c8fbe 149096 net standard openssh_7.2p1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iQIVAwUBVt68yjk1h9l9hlALAQgYRA/+PAMNeJ9qiC+olkTrsmwB5djEiZFCvDV7
dsjhrq+g0vmz1Yxtn6/3Yyp4iEjsjRiCGnm3HPgwzqv9CrUNAV2Z0HhoXfzC1Xbv
1s7R/qnBsrLFjcy1d0+ntCVljUnjx1Tcipw1JItlUGrWm7KFIblFro2lO6tA8wEu
Hbn1UJ9EdM9SKjficvwZokUKy/zMutIJtZFXRIo6Hft1V0wbFyRoQbMbVK/TD5z/
M1MgivJRyMKR71asA9yQlW1bO+wPYLT99N8Kqcsw6rPMvaLlt6us45K8fQC9Og5p
eEGkfMODd4XB10W2UzTxuhoLzRJxI4M1KLf9MfHow0u4qWcNEWd71Zg7Gr58hCCn
z9ISV+9LOyzUl++8DW5IwV2yMsc7CYSwhaOErLNIl6waQmLEB9Nfmp962pSENIly
6E+19wYYZja1RVKfpg39iqersl374Fduhj6M48I6TsamuTbv+9tm7kPM6P6bV+qm
7GvZ207Dyig3qWb51HNhjUEfDpkS7RXppzwqexVZJmTssLMl5zbD91M1z/aQMUJd
Klc0C5SdFcVSU82HjxSHQK9sqdgLKXs+/PlOo6es3D53pA0NwlwSJbSRFUYviOg9
GRUSKRe1xJU3f1Nr5oUS+JWx8C+NgFs4uJZ0rx2ZBZ8EKHMWMawaVbycuWiQxjTQ
Z8xrAWmd0kQ=
=IAsD
-----END PGP SIGNATURE-----