diff options
| author | Colin Watson <cjwatson@debian.org> | 2016-12-24 19:26:39 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2016-12-26 00:30:30 +0000 |
| commit | de911c73504da8dd7d9bbaddcf0c0845dd6eb9a0 (patch) | |
| tree | c1be675cab068c60f7461a67b396961227c9ae6d /debian/changelog | |
| parent | 9477f029ee259b25daff503e02e6b011aea82ce3 (diff) | |
| parent | af54c22db774b37a15df5e599d08a83d4bbe5079 (diff) | |
Start handling /etc/ssh/sshd_config using ucf.
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation
for this is to deal with deprecations of options related to protocol 1,
but something like this has been needed for a long time (closes:
#419574, #848089):
- sshd_config is now a slightly-patched version of upstream's, and only
contains non-default settings (closes: #147201).
- I've included as many historical md5sums of default versions of
sshd_config as I could reconstruct from version control, but I'm sure
I've missed some.
- Explicitly synchronise the debconf database with the current
configuration file state in openssh-server.config, to ensure that the
PermitRootLogin setting is properly preserved.
- UsePrivilegeSeparation now defaults to the stronger "sandbox" rather
than "yes", per upstream.
Diffstat (limited to 'debian/changelog')
| -rw-r--r-- | debian/changelog | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index c24cdc60b..80e03947f 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -118,6 +118,20 @@ openssh (1:7.4p1-1) UNRELEASED; urgency=medium | |||
| 118 | * Remove entries related to protocol 1 from the default sshd_config | 118 | * Remove entries related to protocol 1 from the default sshd_config |
| 119 | generated on new installations. | 119 | generated on new installations. |
| 120 | * Remove some advice related to protocol 1 from README.Debian. | 120 | * Remove some advice related to protocol 1 from README.Debian. |
| 121 | * Start handling /etc/ssh/sshd_config using ucf. The immediate motivation | ||
| 122 | for this is to deal with deprecations of options related to protocol 1, | ||
| 123 | but something like this has been needed for a long time (closes: | ||
| 124 | #419574, #848089): | ||
| 125 | - sshd_config is now a slightly-patched version of upstream's, and only | ||
| 126 | contains non-default settings (closes: #147201). | ||
| 127 | - I've included as many historical md5sums of default versions of | ||
| 128 | sshd_config as I could reconstruct from version control, but I'm sure | ||
| 129 | I've missed some. | ||
| 130 | - Explicitly synchronise the debconf database with the current | ||
| 131 | configuration file state in openssh-server.config, to ensure that the | ||
| 132 | PermitRootLogin setting is properly preserved. | ||
| 133 | - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather | ||
| 134 | than "yes", per upstream. | ||
| 121 | 135 | ||
| 122 | -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000 | 136 | -- Colin Watson <cjwatson@debian.org> Mon, 05 Dec 2016 19:31:33 +0000 |
| 123 | 137 | ||