1 files changed, 212 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index dc2c017..4db166e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,215 @@
+openssh (1:9.9p1-1~progress7.99u1) graograman-backports; urgency=medium
+
+  * Uploading to graograman-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Enabling pam_access.so.
+    - Disabling pam_motd.so.
+    - Setting default RSA size in ssh-keygen to 4096.
+    - Setting default ECDSA size in ssh-keygen to 521.
+    - Removing small diffie-hellman moduli.
+    - Updating options in ssh_config.
+    - Including openssh-client configuration files for Progress Linux.
+    - Setting CASignatureAlgorithms in ssh_config to ED25519.
+    - Setting Ciphers in ssh_config to ChaCha20.
+    - Setting HostbasedKeyTypes in ssh_config to ED25519.
+    - Setting HostKeyAlgorithms in ssh_config to ED25519.
+    - Setting KexAlgorithms in ssh_config to
+      sntrup761x25519-sha512@openssh.com and Curve25519.
+    - Setting MACs in ssh_config to UMAC and HMAC.
+    - Setting PubkeyAcceptedKeyTypes in ssh_config to ED25519.
+    - Setting IdentityFile in ssh_config to ED25519.
+    - Setting openssh-server/permit-root-login to false.
+    - Setting openssh-server/password-authentication to false.
+    - Including openssh-server configuration files for Progress Linux.
+    - Setting CASignatureAlgorithms in ssh_config to ED25519.
+    - Setting Ciphers in sshd_config to ChaCha20.
+    - Setting HostbasedAcceptedKeyTypes in sshd_config to ED25519.
+    - Setting HostKeyAlgorithms in sshd_config to ED25519.
+    - Setting KexAlgorithms in sshd_config to
+      sntrup761x25519-sha512@openssh.com and Curve25519.
+    - Setting MACs in sshd_config to UMAC and HMAC.
+    - Setting PubkeyAcceptedKeyTypes in sshd_config to ED25519.
+    - Setting HostCertificate in sshd_config to ED25519.
+    - Setting HostKey in sshd_config to ED25519.
+    - Setting AuthorizedKeysFile in sshd_config to
+      /etc/ssh/authorized_keys/%u .ssh/authorized_keys.
+    - Setting AllowAgentForwarding in sshd_config to no.
+    - Setting DebianBanner in sshd_config to no.
+    - Setting LoginGraceTime in sshd_config to 1m.
+    - Setting MaxAuthTries in sshd_config to 3.
+    - Adding patches from Colin Evrard <colin.evrard.134@gmail.com> for
+      optional Multipath TCP support.
+    - Refreshing mptcp patches.
+  * Merging upstream version 1:9.9p1.
+  * Merging debian version 1:9.9p1-1.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Fri, 27 Sep 2024 10:43:05 +0200
+
+openssh (1:9.9p1-1) unstable; urgency=medium
+
+  * Alias the old Debian-specific SetupTimeOut client option to
+    ConnectTimeout rather than to ServerAliveInterval.
+  * New upstream release (https://www.openssh.com/releasenotes.html#9.9p1):
+    - ssh(1): remove support for pre-authentication compression.
+    - ssh(1), sshd(8): processing of the arguments to the "Match"
+      configuration directive now follows more shell-like rules for quoted
+      strings, including allowing nested quotes and \-escaped characters.
+    - ssh(1), sshd(8): add support for a new hybrid post-quantum key
+      exchange based on the FIPS 203 Module-Lattice Key Enapsulation
+      mechanism (ML-KEM) combined with X25519 ECDH as described by
+      https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
+      This algorithm "mlkem768x25519-sha256" is available by default.
+    - ssh(1): the ssh_config "Include" directive can now expand environment
+      as well as the same set of %-tokens "Match Exec" supports.
+    - sshd(8): add a sshd_config "RefuseConnection" option that, if set will
+      terminate the connection at the first authentication request.
+    - sshd(8): add a "refuseconnection" penalty class to sshd_config
+      PerSourcePenalties that is applied when a connection is dropped by the
+      new RefuseConnection keyword.
+    - sshd(8): add a "Match invalid-user" predicate to sshd_config Match
+      options that matches when the target username is not valid on the
+      server.
+    - ssh(1), sshd(8): update the Streamlined NTRUPrime code to a
+      substantially faster implementation.
+    - ssh(1), sshd(8): the hybrid Streamlined NTRUPrime/X25519 key exchange
+      algorithm now has an IANA-assigned name in addition to the
+      "@openssh.com" vendor extension name. This algorithm is now also
+      available under this name "sntrup761x25519-sha512"
+    - ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
+      included in core dump files for most of their lifespans. This is in
+      addition to pre-existing controls in ssh-agent(1) and sshd(8) that
+      prevented coredumps.
+    - All: convert key handling to use the libcrypto EVP_PKEY API, with the
+      exception of DSA.
+    - sshd(8): add a random amount of jitter (up to 4 seconds) to the grace
+      login time to make its expiry unpredictable.
+    - sshd(8): fix regression introduced in openssh-9.8 that swapped the
+      order of source and destination addresses in some sshd log messages.
+    - sshd(8): do not apply authorized_keys options when signature
+      verification fails. Prevents more restrictive key options being
+      incorrectly applied to subsequent keys in authorized_keys.
+    - ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
+      prompts. Helps the user know what's going on when ssh-keygen is
+      invoked via other tools.
+    - ssh(1), ssh-add(1): make parsing user@host consistently look for the
+      last '@' in the string rather than the first. This makes it possible
+      to more consistently use usernames that contain '@' characters.
+    - ssh(1), sshd(8): be more strict in parsing key type names. Only allow
+      short names (e.g "rsa") in user-interface code and require full SSH
+      protocol names (e.g. "ssh-rsa") everywhere else.
+    - regress: many performance and correctness improvements to the
+      re-keying regression test.
+    - ssh-keygen(1): clarify that ed25519 is the default key type generated
+      and clarify that rsa-sha2-512 is the default signature scheme when RSA
+      is in use.
+    - sshd(8): fix minor memory leak in Subsystem option parsing.
+    - All: additional hardening and consistency checks for the sshbuf code.
+    - sshd(8): reduce default logingrace penalty to ensure that a single
+      forgotten login that times out will be below the penalty threshold.
+    - ssh(1): fix proxy multiplexing (-O proxy) bug. If a mux started with
+      ControlPersist then later has a forwarding added using mux proxy
+      connection and the forwarding was used, then when the mux proxy
+      session terminated, the mux master process would issue a bad message
+      that terminated the connection.
+    - Sync contrib/ssh-copy-id to the latest upstream version.
+    - sshd(8): restore audit call before exit that regressed in openssh-9.8.
+      Fixes an issue where the SSH_CONNECTION_ABANDON event was not
+      recorded.
+    - Fix detection of setres*id on GNU/Hurd.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 23 Sep 2024 21:09:59 -0700
+
+openssh (1:9.8p1-8) unstable; urgency=medium
+
+  * Source-only reupload.
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 30 Aug 2024 00:38:26 +0100
+
+openssh (1:9.8p1-7) unstable; urgency=medium
+
+  * Adjust description line-wrapping so that lintian recognizes that
+    openssh-client-gssapi is an intentionally empty package.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 29 Aug 2024 14:17:13 +0100
+
+openssh (1:9.8p1-6) unstable; urgency=medium
+
+  * Upload with binaries to satisfy Debian archive NEW checks.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 29 Aug 2024 13:46:57 +0100
+
+openssh (1:9.8p1-5) unstable; urgency=medium
+
+  * Add openssh-client-gssapi and openssh-server-gssapi packages; these
+    currently just depend on their non-gssapi counterparts, but will become
+    different in future.  See
+    https://lists.debian.org/debian-devel/2024/04/msg00044.html.
+
+ -- Colin Watson <cjwatson@debian.org>  Thu, 29 Aug 2024 12:53:42 +0100
+
+openssh (1:9.8p1-4) unstable; urgency=medium
+
+  [ Grzegorz Szymaszek ]
+  * Disable listening on 22 in the port change example in README.Debian.
+
+  [ Colin Watson ]
+  * sshd: Allow exec without absolute path in inetd mode (closes: #1078429).
+  * Add an autopkgtest for running sshd from xinetd.
+
+ -- Colin Watson <cjwatson@debian.org>  Mon, 26 Aug 2024 15:02:45 +0100
+
+openssh (1:9.8p1-3~progress7.99u1) graograman-backports; urgency=medium
+
+  * Uploading to graograman-backports, remaining changes:
+    - Updating maintainer field.
+    - Updating uploaders field.
+    - Updating bugs field.
+    - Updating vcs fields.
+    - Enabling pam_access.so.
+    - Disabling pam_motd.so.
+    - Setting default RSA size in ssh-keygen to 4096.
+    - Setting default ECDSA size in ssh-keygen to 521.
+    - Removing small diffie-hellman moduli.
+    - Updating options in ssh_config.
+    - Including openssh-client configuration files for Progress Linux.
+    - Setting CASignatureAlgorithms in ssh_config to ED25519.
+    - Setting Ciphers in ssh_config to ChaCha20.
+    - Setting HostbasedKeyTypes in ssh_config to ED25519.
+    - Setting HostKeyAlgorithms in ssh_config to ED25519.
+    - Setting KexAlgorithms in ssh_config to
+      sntrup761x25519-sha512@openssh.com and Curve25519.
+    - Setting MACs in ssh_config to UMAC and HMAC.
+    - Setting PubkeyAcceptedKeyTypes in ssh_config to ED25519.
+    - Setting IdentityFile in ssh_config to ED25519.
+    - Setting openssh-server/permit-root-login to false.
+    - Setting openssh-server/password-authentication to false.
+    - Including openssh-server configuration files for Progress Linux.
+    - Setting CASignatureAlgorithms in ssh_config to ED25519.
+    - Setting Ciphers in sshd_config to ChaCha20.
+    - Setting HostbasedAcceptedKeyTypes in sshd_config to ED25519.
+    - Setting HostKeyAlgorithms in sshd_config to ED25519.
+    - Setting KexAlgorithms in sshd_config to
+      sntrup761x25519-sha512@openssh.com and Curve25519.
+    - Setting MACs in sshd_config to UMAC and HMAC.
+    - Setting PubkeyAcceptedKeyTypes in sshd_config to ED25519.
+    - Setting HostCertificate in sshd_config to ED25519.
+    - Setting HostKey in sshd_config to ED25519.
+    - Setting AuthorizedKeysFile in sshd_config to
+      /etc/ssh/authorized_keys/%u .ssh/authorized_keys.
+    - Setting AllowAgentForwarding in sshd_config to no.
+    - Setting DebianBanner in sshd_config to no.
+    - Setting LoginGraceTime in sshd_config to 1m.
+    - Setting MaxAuthTries in sshd_config to 3.
+    - Adding patches from Colin Evrard <colin.evrard.134@gmail.com> for
+      optional Multipath TCP support.
+    - Refreshing mptcp patches.
+  * Merging debian version 1:9.8p1-3.
+
+ -- Daniel Baumann <daniel.baumann@progress-linux.org>  Mon, 26 Aug 2024 09:45:14 +0200
+
 openssh (1:9.8p1-3) unstable; urgency=medium
 
   [ Dirk Van Haerenborgh ]