1 files changed, 88 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index e68c245e7..787d2dd0f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,91 @@
+openssh (1:3.8.1p1-15) UNRELEASED; urgency=low
+  * Build ssh in binary-indep, not binary-arch (thanks, LaMont Jones).
+ -- Colin Watson <cjwatson@debian.org>  Wed,  1 Dec 2004 16:23:23 +0000
+openssh (1:3.8.1p1-14) experimental; urgency=low
+  * We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
+  * Fix timing information leak allowing discovery of invalid usernames in
+    PAM keyboard-interactive authentication (backported from a patch by
+    Darren Tucker; closes: #281595).
+  * Make sure that there's a delay in PAM keyboard-interactive
+    authentication when PermitRootLogin is not set to yes and the correct
+    root password is entered (closes: #248747).
+ -- Colin Watson <cjwatson@debian.org>  Sun, 28 Nov 2004 18:09:37 +0000
+openssh (1:3.8.1p1-13) experimental; urgency=low
+  * Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
+  * debconf template translations:
+    - Update Dutch (thanks, cobaco; closes: #278715).
+  * Correct README.Debian's ForwardX11Trusted description (closes: #280190).
+ -- Colin Watson <cjwatson@debian.org>  Fri, 12 Nov 2004 12:03:13 +0000
+openssh (1:3.8.1p1-12) experimental; urgency=low
+  * Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
+  * Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
+    1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
+    implementations apparently have problems with the long version string.
+    This is of course a bug in those implementations, but since the extent
+    of the problem is unknown it's best to play safe (closes: #275731).
+  * debconf template translations:
+    - Add Finnish (thanks, Matti Pöllä; closes: #265339).
+    - Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
+    - Update French (thanks, Denis Barbier; closes: #276703).
+    - Update Japanese (thanks, Kenshi Muto; closes: #277438).
+ -- Colin Watson <cjwatson@debian.org>  Sun, 24 Oct 2004 19:21:17 +0100
+openssh (1:3.8.1p1-11) experimental; urgency=high
+  * Move sshd_config(5) to openssh-server, where it belongs.
+  * If PasswordAuthentication is disabled, then offer to disable
+    ChallengeResponseAuthentication too. The current PAM code will attempt
+    password-style authentication if ChallengeResponseAuthentication is
+    enabled (closes: #250369).
+  * This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
+    later and then upgraded. Sorry about that ... for this reason, the
+    default answer is to leave ChallengeResponseAuthentication enabled.
+ -- Colin Watson <cjwatson@debian.org>  Wed,  6 Oct 2004 14:28:20 +0100
+openssh (1:3.8.1p1-10) experimental; urgency=low
+  * Don't install the ssh-askpass-gnome .desktop file by default; I've had
+    too many GNOME people tell me it's the wrong thing to be doing. I've
+    left it in /usr/share/doc/ssh-askpass-gnome/examples/ for now.
+ -- Colin Watson <cjwatson@debian.org>  Wed, 25 Aug 2004 18:18:14 +0100
+openssh (1:3.8.1p1-9) experimental; urgency=low
+  * Split the ssh binary package into openssh-client and openssh-server
+    (closes: #39741). openssh-server depends on openssh-client for some
+    common functionality; it didn't seem worth creating yet another package
+    for this. openssh-client is priority standard, openssh-server optional.
+  * New transitional ssh package, priority optional, depending on
+    openssh-client and openssh-server. May be removed once nothing depends
+    on it.
+  * When upgrading from ssh to openssh-{client,server}, it's very difficult
+    for the maintainer scripts to find out what version we're upgrading from
+    without dodgy dpkg hackery. I've therefore taken the opportunity to move
+    a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
+    and ssh/user_environment_tell.
+  * Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7
+    happens even though we don't know what version we're upgrading from.
+  * Remove /etc/ssh/sshd_not_to_be_run on purge of openssh-server. For now
+    (until sarge+2) it's still honoured to avoid breaking existing
+    configurations, but the right approach is now to remove the
+    openssh-server package if you don't want to run the server. Add a NEWS
+    item to that effect.
+ -- Colin Watson <cjwatson@debian.org>  Mon,  2 Aug 2004 20:48:54 +0100
 openssh (1:3.8.1p1-8.sarge.4) unstable; urgency=high
  * Fix timing information leak allowing discovery of invalid usernames in

diff --git a/debian/changelog b/debian/changelog index e68c245e7..787d2dd0f 100644 --- a/debian/changelog +++ b/debian/changelog
@@ -1,3 +1,91 @@
		1	openssh (1:3.8.1p1-15) UNRELEASED; urgency=low
		2
		3	* Build ssh in binary-indep, not binary-arch (thanks, LaMont Jones).
		4
		5	-- Colin Watson <cjwatson@debian.org> Wed, 1 Dec 2004 16:23:23 +0000
		6
		7	openssh (1:3.8.1p1-14) experimental; urgency=low
		8
		9	* We use DH_COMPAT=2, so build-depend on debhelper (>= 2).
		10	* Fix timing information leak allowing discovery of invalid usernames in
		11	PAM keyboard-interactive authentication (backported from a patch by
		12	Darren Tucker; closes: #281595).
		13	* Make sure that there's a delay in PAM keyboard-interactive
		14	authentication when PermitRootLogin is not set to yes and the correct
		15	root password is entered (closes: #248747).
		16
		17	-- Colin Watson <cjwatson@debian.org> Sun, 28 Nov 2004 18:09:37 +0000
		18
		19	openssh (1:3.8.1p1-13) experimental; urgency=low
		20
		21	* Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
		22	* debconf template translations:
		23	- Update Dutch (thanks, cobaco; closes: #278715).
		24	* Correct README.Debian's ForwardX11Trusted description (closes: #280190).
		25
		26	-- Colin Watson <cjwatson@debian.org> Fri, 12 Nov 2004 12:03:13 +0000
		27
		28	openssh (1:3.8.1p1-12) experimental; urgency=low
		29
		30	* Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
		31	* Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
		32	1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
		33	implementations apparently have problems with the long version string.
		34	This is of course a bug in those implementations, but since the extent
		35	of the problem is unknown it's best to play safe (closes: #275731).
		36	* debconf template translations:
		37	- Add Finnish (thanks, Matti Pöllä; closes: #265339).
		38	- Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
		39	- Update French (thanks, Denis Barbier; closes: #276703).
		40	- Update Japanese (thanks, Kenshi Muto; closes: #277438).
		41
		42	-- Colin Watson <cjwatson@debian.org> Sun, 24 Oct 2004 19:21:17 +0100
		43
		44	openssh (1:3.8.1p1-11) experimental; urgency=high
		45
		46	* Move sshd_config(5) to openssh-server, where it belongs.
		47	* If PasswordAuthentication is disabled, then offer to disable
		48	ChallengeResponseAuthentication too. The current PAM code will attempt
		49	password-style authentication if ChallengeResponseAuthentication is
		50	enabled (closes: #250369).
		51	* This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
		52	later and then upgraded. Sorry about that ... for this reason, the
		53	default answer is to leave ChallengeResponseAuthentication enabled.
		54
		55	-- Colin Watson <cjwatson@debian.org> Wed, 6 Oct 2004 14:28:20 +0100
		56
		57	openssh (1:3.8.1p1-10) experimental; urgency=low
		58
		59	* Don't install the ssh-askpass-gnome .desktop file by default; I've had
		60	too many GNOME people tell me it's the wrong thing to be doing. I've
		61	left it in /usr/share/doc/ssh-askpass-gnome/examples/ for now.
		62
		63	-- Colin Watson <cjwatson@debian.org> Wed, 25 Aug 2004 18:18:14 +0100
		64
		65	openssh (1:3.8.1p1-9) experimental; urgency=low
		66
		67	* Split the ssh binary package into openssh-client and openssh-server
		68	(closes: #39741). openssh-server depends on openssh-client for some
		69	common functionality; it didn't seem worth creating yet another package
		70	for this. openssh-client is priority standard, openssh-server optional.
		71	* New transitional ssh package, priority optional, depending on
		72	openssh-client and openssh-server. May be removed once nothing depends
		73	on it.
		74	* When upgrading from ssh to openssh-{client,server}, it's very difficult
		75	for the maintainer scripts to find out what version we're upgrading from
		76	without dodgy dpkg hackery. I've therefore taken the opportunity to move
		77	a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
		78	and ssh/user_environment_tell.
		79	* Add a heuristic to try to make sure the sshd_config upgrade to >= 3.7
		80	happens even though we don't know what version we're upgrading from.
		81	* Remove /etc/ssh/sshd_not_to_be_run on purge of openssh-server. For now
		82	(until sarge+2) it's still honoured to avoid breaking existing
		83	configurations, but the right approach is now to remove the
		84	openssh-server package if you don't want to run the server. Add a NEWS
		85	item to that effect.
		86
		87	-- Colin Watson <cjwatson@debian.org> Mon, 2 Aug 2004 20:48:54 +0100
		88
1	openssh (1:3.8.1p1-8.sarge.4) unstable; urgency=high	89	openssh (1:3.8.1p1-8.sarge.4) unstable; urgency=high
2		90
3	* Fix timing information leak allowing discovery of invalid usernames in	91	* Fix timing information leak allowing discovery of invalid usernames in