ChangeLog.gssapi | 103 103 + 0 - 0 !
Makefile.in | 4 2 + 2 - 0 !
auth-krb5.c | 17 15 + 2 - 0 !
auth.h | 1 1 + 0 - 0 !
auth2-gss.c | 50 47 + 3 - 0 !
auth2.c | 6 5 + 1 - 0 !
clientloop.c | 13 13 + 0 - 0 !
configure.ac | 24 24 + 0 - 0 !
gss-genr.c | 276 272 + 4 - 0 !
gss-serv-krb5.c | 84 78 + 6 - 0 !
gss-serv.c | 220 192 + 28 - 0 !
kex.c | 18 18 + 0 - 0 !
kex.h | 14 14 + 0 - 0 !
kexgssc.c | 334 334 + 0 - 0 !
kexgsss.c | 288 288 + 0 - 0 !
key.c | 2 2 + 0 - 0 !
key.h | 1 1 + 0 - 0 !
monitor.c | 108 107 + 1 - 0 !
monitor.h | 2 2 + 0 - 0 !
monitor_wrap.c | 47 46 + 1 - 0 !
monitor_wrap.h | 4 3 + 1 - 0 !
readconf.c | 35 35 + 0 - 0 !
readconf.h | 4 4 + 0 - 0 !
servconf.c | 31 30 + 1 - 0 !
servconf.h | 3 3 + 0 - 0 !
ssh-gss.h | 39 35 + 4 - 0 !
ssh_config | 2 2 + 0 - 0 !
ssh_config.5 | 29 28 + 1 - 0 !
sshconnect2.c | 118 114 + 4 - 0 !
sshd.c | 110 110 + 0 - 0 !
sshd_config | 2 2 + 0 - 0 !
sshd_config.5 | 28 28 + 0 - 0 !
32 files changed, 1958 insertions(+), 59 deletions(-)

 gssapi key exchange support
 This patch has been rejected upstream: "None of the OpenSSH developers are
 in favour of adding this, and this situation has not changed for several
 years.  This is not a slight on Simon's patch, which is of fine quality,
 but just that a) we don't trust GSSAPI implementations that much and b) we
 don't like adding new KEX since they are pre-auth attack surface.  This one
 is particularly scary, since it requires hooks out to typically root-owned
 system resources."
 .
 However, quite a lot of people rely on this in Debian, and it's better to
 have it merged into the main openssh package rather than having separate
 -krb5 packages (as we used to have).  It seems to have a generally good
 security history.

config.h.in | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 update config.h.in following gssapi patch

servconf.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 compatibility with old gssapi option names
 These options were supported by the old ssh-krb5 package in Debian.
 .
 Forwarded to Simon Wilkinson for inclusion in the GSSAPI patch.

servconf.c | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 gssapi configuration dump fixes
 Add GSSAPIKeyExchange, GSSAPIStrictAcceptorCheck, and
 GSSAPIStoreCredentialsOnRekey to sshd -T configuration dump.
 .
 Forwarded to Simon Wilkinson for inclusion in the GSSAPI patch.

auth.h | 1 1 + 0 - 0 !
auth1.c | 8 7 + 1 - 0 !
auth2.c | 10 8 + 2 - 0 !
monitor.c | 30 28 + 2 - 0 !
monitor.h | 2 1 + 1 - 0 !
monitor_wrap.c | 22 20 + 2 - 0 !
monitor_wrap.h | 3 2 + 1 - 0 !
openbsd-compat/port-linux.c | 25 21 + 4 - 0 !
8 files changed, 88 insertions(+), 13 deletions(-)

 handle selinux authorisation roles
 Rejected upstream due to discomfort with magic usernames; a better approach
 will need an SSH protocol change.  In the meantime, this came from Debian's
 SELinux maintainer, so we'll keep it until we have something better.

Makefile.in | 17 13 + 4 - 0 !
auth-rh-rsa.c | 2 1 + 1 - 0 !
auth-rsa.c | 2 1 + 1 - 0 !
auth.c | 27 26 + 1 - 0 !
auth.h | 2 1 + 1 - 0 !
auth2-hostbased.c | 2 1 + 1 - 0 !
auth2-pubkey.c | 5 3 + 2 - 0 !
authfile.c | 138 138 + 0 - 0 !
authfile.h | 2 2 + 0 - 0 !
pathnames.h | 7 7 + 0 - 0 !
readconf.c | 9 9 + 0 - 0 !
readconf.h | 1 1 + 0 - 0 !
servconf.c | 11 10 + 1 - 0 !
servconf.h | 1 1 + 0 - 0 !
ssh-add.1 | 5 5 + 0 - 0 !
ssh-add.c | 10 9 + 1 - 0 !
ssh-keygen.1 | 1 1 + 0 - 0 !
ssh-vulnkey.1 | 242 242 + 0 - 0 !
ssh-vulnkey.c | 388 388 + 0 - 0 !
ssh.1 | 1 1 + 0 - 0 !
ssh.c | 18 17 + 1 - 0 !
ssh_config.5 | 17 17 + 0 - 0 !
sshconnect2.c | 4 3 + 1 - 0 !
sshd.8 | 1 1 + 0 - 0 !
sshd.c | 5 5 + 0 - 0 !
sshd_config.5 | 14 14 + 0 - 0 !
26 files changed, 917 insertions(+), 15 deletions(-)

 reject vulnerable keys to mitigate debian openssl flaw
 In 2008, Debian (and derived distributions such as Ubuntu) shipped an
 OpenSSL package with a flawed random number generator, causing OpenSSH to
 generate only a very limited set of keys which were subject to private half
 precomputation.  To mitigate this, this patch checks key authentications
 against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey
 program which can be used to explicitly check keys against that blacklist.
 See CVE-2008-0166.

clientloop.c | 27 16 + 11 - 0 !
ssh_config.5 | 5 4 + 1 - 0 !
2 files changed, 20 insertions(+), 12 deletions(-)

 partial server keep-alive implementation for ssh1

readconf.c | 14 12 + 2 - 0 !
ssh_config.5 | 21 19 + 2 - 0 !
sshd_config.5 | 3 3 + 0 - 0 !
3 files changed, 34 insertions(+), 4 deletions(-)

 various keepalive extensions
 Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut,
 supported in previous versions of Debian's OpenSSH package but since
 superseded by ServerAliveInterval.  (We're probably stuck with this bit for
 compatibility.)
 .
 In batch mode, default ServerAliveInterval to five minutes.
 .
 Adjust documentation to match and to give some more advice on use of
 keepalives.

log.c | 1 1 + 0 - 0 !
ssh.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 1 deletion(-)

 "loglevel silent" compatibility
 "LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to
 match the behaviour of non-free SSH, in which -q does not suppress fatal
 errors.  However, this was unintentionally broken in 1:4.6p1-2 and nobody
 complained, so we've dropped most of it.  The parts that remain are basic
 configuration file compatibility, and an adjustment to "Pseudo-terminal
 will not be allocated ..." which should be split out into a separate patch.

clientloop.c | 6 4 + 2 - 0 !
1 file changed, 4 insertions(+), 2 deletions(-)

 reduce severity of "killed by signal %d"
 This produces irritating messages when using ProxyCommand or other programs
 that use ssh under the covers (e.g. Subversion).  These messages are more
 normally printed by the calling program, such as the shell.
 .
 According to the upstream bug, the right way to avoid this is to use the -q
 option, so we may drop this patch after further investigation into whether
 any software in Debian is still relying on it.

serverloop.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 mention ~& when waiting for forwarded connections to terminate

auth-rhosts.c | 6 2 + 4 - 0 !
auth.c | 9 3 + 6 - 0 !
misc.c | 52 51 + 1 - 0 !
misc.h | 2 2 + 0 - 0 !
readconf.c | 5 3 + 2 - 0 !
ssh.1 | 2 2 + 0 - 0 !
ssh_config.5 | 2 2 + 0 - 0 !
7 files changed, 65 insertions(+), 13 deletions(-)

 allow harmless group-writability
 Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be
 group-writable, provided that the group in question contains only the
 file's owner.  Rejected upstream for IMO incorrect reasons (e.g. a
 misunderstanding about the contents of gr->gr_mem).  Given that
 per-user groups and umask 002 are the default setup in Debian (for good
 reasons - this makes operating in setgid directories with other groups
 much easier), we need to permit this by default.

scp.c | 12 10 + 2 - 0 !
1 file changed, 10 insertions(+), 2 deletions(-)

 adjust scp quoting in verbose mode
 Tweak scp's reporting of filenames in verbose mode to be a bit less
 confusing with spaces.
 .
 This should be revised to mimic real shell quoting.

sshconnect.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 look for $shell on the path for proxycommand/localcommand
 There's some debate on the upstream bug about whether POSIX requires this.
 I (Colin Watson) agree with Vincent and think it does.

contrib/ssh-copy-id | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 ssh-copy-id: strip trailing colons from hostname

dns.c | 14 13 + 1 - 0 !
openbsd-compat/getrrsetbyname.c | 10 5 + 5 - 0 !
openbsd-compat/getrrsetbyname.h | 3 3 + 0 - 0 !
3 files changed, 21 insertions(+), 6 deletions(-)

 force use of dnssec even if "options edns0" isn't in resolv.conf
 This allows SSHFP DNS records to be verified if glibc 2.11 is installed.

auth-options.c | 33 25 + 8 - 0 !
auth-options.h | 1 1 + 0 - 0 !
auth-rsa.c | 2 2 + 0 - 0 !
auth2-pubkey.c | 3 3 + 0 - 0 !
4 files changed, 31 insertions(+), 8 deletions(-)

 quieten logs when multiple from= restrictions are used

auth-options.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 don't send the actual forced command in a debug message

servconf.c | 6 3 + 3 - 0 !
sshd_config | 2 1 + 1 - 0 !
sshd_config.5 | 2 1 + 1 - 0 !
3 files changed, 5 insertions(+), 5 deletions(-)

 change default of maxstartups to 10:30:100
 This causes sshd to start doing random early drop at 10 connections up to
 100 connections.  This will make it harder to DoS as CPUs have come a long
 way since the original value was set back in 2000.

gss-serv.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 fix potential int overflow when using gssapi-with-mac auth

sshconnect.c | 2 1 + 1 - 0 !
sshd.c | 2 1 + 1 - 0 !
version.h | 7 6 + 1 - 0 !
3 files changed, 8 insertions(+), 3 deletions(-)

 include the debian version in our identification
 This makes it easier to audit networks for versions patched against
 security vulnerabilities.  It has little detrimental effect, as attackers
 will generally just try attacks rather than bothering to scan for
 vulnerable-looking version strings.  (However, see debian-banner.patch.)

servconf.c | 9 9 + 0 - 0 !
servconf.h | 2 2 + 0 - 0 !
sshd.c | 3 2 + 1 - 0 !
sshd_config.5 | 5 5 + 0 - 0 !
4 files changed, 18 insertions(+), 1 deletion(-)

 add debianbanner server configuration option
 Setting this to "no" causes sshd to omit the Debian revision from its
 initial protocol handshake, for those scared by package-versioning.patch.

Makefile.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 install authorized_keys(5) as a symlink to sshd(8)

Makefile.in | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 fix picky lintian errors about slogin symlinks
 Apparently this breaks some SVR4 packaging systems, so upstream can't win
 either way and opted to keep the status quo.  We need this patch anyway.

moduli.5 | 4 2 + 2 - 0 !
ssh-keygen.1 | 8 2 + 6 - 0 !
ssh.1 | 4 4 + 0 - 0 !
sshd.8 | 5 2 + 3 - 0 !
sshd_config.5 | 3 1 + 2 - 0 !
5 files changed, 11 insertions(+), 13 deletions(-)

 adjust various openbsd-specific references in manual pages
 No single bug reference for this patch, but history includes:
  http://bugs.debian.org/154434 (login.conf(5))
  http://bugs.debian.org/513417 (/etc/rc)
  http://bugs.debian.org/530692 (ssl(8))
  https://bugs.launchpad.net/bugs/456660 (ssl(8))

ssh.1 | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 ssh(1): refer to ssh-argv0(1)
 Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating
 symlinks to ssh with the name of the host you want to connect to.  Debian
 ships an ssh-argv0 script restoring this feature; this patch refers to its
 manual page from ssh(1).
Bug-Debian: http://bugs.debian.org/111341

ssh_config.5 | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 document that hashknownhosts may break tab-completion

contrib/gnome-ssh-askpass2.c | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 give the ssh-askpass-gnome window a default icon

readconf.c | 2 1 + 1 - 0 !
ssh_config | 7 6 + 1 - 0 !
ssh_config.5 | 19 18 + 1 - 0 !
sshd_config | 1 1 + 0 - 0 !
sshd_config.5 | 27 27 + 0 - 0 !
5 files changed, 53 insertions(+), 3 deletions(-)

 various debian-specific configuration changes
 ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
 fewer problems with existing setups (http://bugs.debian.org/237021).
 .
 ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
 .
 ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
 worms.
 .
 ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
 default.
 .
 sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
 PermitRootLogin default.
 .
 Document all of this, along with several sshd defaults set in
 debian/openssh-server.postinst.

bufaux.c | 33 33 + 0 - 0 !
buffer.h | 2 2 + 0 - 0 !
packet.c | 7 7 + 0 - 0 !
packet.h | 1 1 + 0 - 0 !
session.c | 9 7 + 2 - 0 !
5 files changed, 50 insertions(+), 2 deletions(-)

 disallow invalid characters in environment variable names
 This prevents bypassing AcceptEnv wildcard restrictions (CVE-2014-2532).

sshconnect.c | 43 26 + 17 - 0 !
1 file changed, 26 insertions(+), 17 deletions(-)

 attempt sshfp lookup even if server presents a certificate
 If an ssh server presents a certificate to the client, then the client does
 not check the DNS for SSHFP records. This means that a malicious server can
 essentially disable DNS-host-key-checking, which means the client will fall
 back to asking the user (who will just say "yes" to the fingerprint,
 sadly).
 .
 This is CVE-2014-2653.