summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-04-22Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes:Colin Watson
#669667).
2012-04-21Display dynamic part of MOTD from /run/motd.dynamic, if it existsColin Watson
(closes: #669699).
2012-04-02releasing version 1:5.9p1-5Colin Watson
2012-04-02* Fix cross-building:Colin Watson
- Allow using a cross-architecture pkg-config. - Pass default LDFLAGS to contrib/Makefile. - Allow dh_strip to strip gnome-ssh-askpass, rather than calling 'install -s'.
2012-04-01Use dpkg-buildflags, including for hardening support; drop use ofColin Watson
hardening-includes.
2012-03-19releasing version 1:5.9p1-4Colin Watson
2012-03-19Disable OpenSSL version check again, as its SONAME is sufficientColin Watson
nowadays (closes: #664383).
2012-02-24releasing version 1:5.9p1-3Colin Watson
2012-02-24Move ssh-krb5 to Section: oldlibs.Colin Watson
2012-02-24slight simplificationColin Watson
2012-02-24Ignore errors writing to console in init script (closes: #546743).Colin Watson
2012-02-14* debconf template translations:Colin Watson
- Update Polish (thanks, Michał Kułach; closes: #659829).
2011-11-09releasing version 1:5.9p1-2Colin Watson
2011-11-09Mark openssh-client and openssh-server as Multi-Arch: foreign.Colin Watson
2011-09-08releasing version 1:5.9p1-1Colin Watson
2011-09-07Update OpenSSH FAQ to revision 1.112.Colin Watson
2011-09-07merge respun 5.9p1Colin Watson
2011-09-07merge 5.9p1 (respun)Colin Watson
2011-09-07Import 5.9p1 tarball (respun)Colin Watson
2011-09-07 - (djm) Respin OpenSSH-5.9p1 releaseDamien Miller
2011-09-07 - (djm) [README version.h] Correct versionDamien Miller
2011-09-06* New upstream release (http://www.openssh.org/txt/release-5.9).Colin Watson
- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
2011-09-06autoreconfColin Watson
2011-09-06merge 5.9p1Colin Watson
2011-09-06actually, let's upstream-tag the revision with a tarball parent insteadColin Watson
2011-09-06keep bzr-builddeb happierColin Watson
2011-09-06Import 5.9p1 tarballColin Watson
2011-09-05bzr get -> bzr branchColin Watson
2011-09-05 - (djm) Release OpenSSH-5.9Damien Miller
2011-09-05 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] Update version numbers.
2011-09-04 - (dtucker) [ssh-keygen.c ssh-pkcs11.c] Bug #1929: add null implementationsDarren Tucker
ofsh-pkcs11.cpkcs_init and pkcs_terminate for building without dlopen support.
2011-09-04 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatalDamien Miller
regress errors for the sandbox to warnings. ok tim dtucker
2011-08-29 - (djm) [openbsd-compat/port-linux.c] Suppress logging when attemptingDamien Miller
to switch SELinux context away from unconfined_t, based on patch from Jan Chadima; bz#1919 ok dtucker@
2011-08-28 - (dtucker) [auth-skey.c] Add log.h to fix build --with-skey.Darren Tucker
2011-08-17 - (tim) [configure.ac] Typo in error message spotted by Andy TsouladzeTim Rice
2011-08-17 - (djm) [regress/cipher-speed.sh regress/try-ciphers.sh] disable HMAC-SHA2Damien Miller
MAC tests for platforms that hack EVP_SHA2 support
2011-08-17 - djm@cvs.openbsd.org 2011/08/02 01:23:41Damien Miller
[regress/cipher-speed.sh regress/try-ciphers.sh] add SHA256/SHA512 based HMAC modes
2011-08-17 - markus@cvs.openbsd.org 2011/06/30 22:44:43Damien Miller
[connect-privsep.sh] test with sandbox enabled; ok djm@
2011-08-17 - dtucker@cvs.openbsd.org 2011/06/03 05:35:10Damien Miller
[regress/cfgmatch.sh] use OBJ to find test configs, patch from Tim Rice
2011-08-17 - (djm) [contrib/ssh-copy-id] Missing backlslash; spotted byDamien Miller
bisson AT archlinux.org
2011-08-17 - (djm) [configure.ac] error out if the host lacks the necessary bits forDamien Miller
an explicitly requested sandbox type
2011-08-17 - (djm) [ openbsd-compat/bsd-cygwin_util.c openbsd-compat/bsd-cygwin_util.h]Damien Miller
binary_pipe is no longer required on Cygwin; patch from Corinna Vinschen
2011-08-16 - (tim) [mac.c myproposal.h] Wrap SHA256 and SHA512 in ifdefs forTim Rice
OpenSSL 0.9.7. ok djm
2011-08-12 - (djm) [contrib/ssh-copy-id] Fix failure for cases where the path to theDamien Miller
identify file contained whitespace. bz#1828 patch from gwenael.lambrouin AT gmail.com; ok dtucker@
2011-08-12 - (djm) [contrib/redhat/openssh.spec contrib/redhat/sshd.init]Damien Miller
[contrib/suse/openssh.spec contrib/suse/rc.sshd] Updated RHEL and SLES init scrips from imorgan AT nas.nasa.gov
2011-08-12 - (dtucker) [openbsd-compat/port-linux.c] Bug 1924: Improve selinux contextDarren Tucker
change error by reporting old and new context names Patch from jchadima at redhat.
2011-08-07 - dtucker@cvs.openbsd.org 2011/08/07 12:55:30Darren Tucker
[sftp.1] typo, fix from Laurent Gautrot
2011-08-07 - jmc@cvs.openbsd.org 2010/10/14 20:41:28Darren Tucker
[moduli.5] probabalistic -> probabilistic; from naddy
2011-08-07 - sobrado@cvs.openbsd.org 2009/10/28 08:56:54Darren Tucker
[moduli.5] "Diffie-Hellman" is the usual spelling for the cryptographic protocol first published by Whitfield Diffie and Martin Hellman in 1976. ok jmc@
2011-08-07 - (dtucker) OpenBSD CVS SyncDarren Tucker
- jmc@cvs.openbsd.org 2008/06/26 06:59:39 [moduli.5] tweak previous;