Age | Commit message (Collapse) | Author |
|
|
|
Origin: upstream, https://bugzilla.mindrot.org/show_bug.cgi?id=2200
Bug-Debian: http://bugs.debian.org/738693
Last-Update: 2014-02-15
Patch-Name: getsockname-error.patch
|
|
no longer supported.
|
|
Amend "Running sshd from inittab" instructions in README.Debian to recommend
'update-rc.d ssh disable', rather than manual removal of rc*.d symlinks that
won't work with dependency-based sysv-rc.
|
|
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
|
|
|
|
|
|
|
|
|
|
Drop some very old Conflicts and Replaces (ssh (<< 1:3.8.1p1-9), rsh-client
(<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-nonfree (<< 2), and
openssh-client (<< 1:3.8.1p1-11)). These all relate to pre-etch versions,
for which we no longer have maintainer script code, and per policy they
would have to become Breaks nowadays anyway.
|
|
Debian patch) rather than plain GPL.
|
|
Remove tests for whether /dev/null is a character device from the Upstart
job and the systemd service files; it's there to avoid a confusing failure
mode in daemon(), but with modern init systems we use the -D option to
suppress daemonisation anyway.
|
|
|
|
have got it wrong before, and it's fairly harmless to repeat it.
|
|
We need to cope with still-running sysvinit jobs being considered active by
systemd (thanks, Uoti Urpala and Michael Biebl).
|
|
|
|
This has been upstream's default since 5.4p1.
|
|
- djm@cvs.openbsd.org 2014/02/04 00:24:29
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170
Bug-Debian: http://bugs.debian.org/738619
Forwarded: not-needed
Last-Update: 2014-02-11
Patch-Name: fix-case-sensitive-matching.patch
|
|
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
default.
sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
PermitRootLogin default.
Document all of this, along with several sshd defaults set in
debian/openssh-server.postinst.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2014-02-12
Patch-Name: debian-config.patch
|
|
|
|
|
|
|
|
(closes: #738619).
|
|
- djm@cvs.openbsd.org 2014/02/04 00:24:29
[ssh.c]
delay lowercasing of hostname until right before hostname
canonicalisation to unbreak case-sensitive matching of ssh_config;
reported by Ike Devolder; ok markus@
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170
Bug-Debian: http://bugs.debian.org/738619
Forwarded: not-needed
Last-Update: 2014-02-11
Patch-Name: fix-case-sensitive-matching.patch
|
|
Thanks to Michael Biebl for spotting this.
|
|
|
|
|
|
|
|
|
|
README.Debian.
|
|
Upgraders who wish to add such host keys should manually add 'HostKey
/etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run 'ssh-keygen
-q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
|
|
|
|
/usr/bin/X11 (closes: #644521).
|
|
(closes: #734816).
|
|
* New upstream release (http://www.openssh.com/txt/release-6.5,
LP: #1275068):
- ssh(1): Add support for client-side hostname canonicalisation using a
set of DNS suffixes and rules in ssh_config(5). This allows
unqualified names to be canonicalised to fully-qualified domain names
to eliminate ambiguity when looking up keys in known_hosts or checking
host certificate names (closes: #115286).
|
|
Forwarded: no
Last-Update: 2013-09-14
Patch-Name: sigstop.patch
|
|
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
default.
sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
PermitRootLogin default.
Document all of this, along with several sshd defaults set in
debian/openssh-server.postinst.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: debian-config.patch
|
|
Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152
Last-Update: 2010-02-28
Patch-Name: gnome-ssh-askpass2-icon.patch
|
|
OpenSSL's SONAME is sufficient nowadays.
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: http://bugs.debian.org/93581
Bug-Debian: http://bugs.debian.org/664383
Forwarded: not-needed
Last-Update: 2013-12-23
Patch-Name: no-openssl-version-check.patch
|
|
Bug-Debian: http://bugs.debian.org/711623
Forwarded: no
Last-Update: 2013-06-08
Patch-Name: ssh-agent-setgid.patch
|
|
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: doc-upstart.patch
|
|
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727
Bug-Debian: http://bugs.debian.org/430154
Last-Update: 2013-09-14
Patch-Name: doc-hash-tab-completion.patch
|
|
Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks
to ssh with the name of the host you want to connect to. Debian ships an
ssh-argv0 script restoring this feature; this patch refers to its manual
page from ssh(1).
Bug-Debian: http://bugs.debian.org/111341
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: ssh-argv0.patch
|
|
No single bug reference for this patch, but history includes:
http://bugs.debian.org/154434 (login.conf(5))
http://bugs.debian.org/513417 (/etc/rc)
http://bugs.debian.org/530692 (ssl(8))
https://bugs.launchpad.net/bugs/456660 (ssl(8))
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: openbsd-docs.patch
|
|
Apparently this breaks some SVR4 packaging systems, so upstream can't win
either way and opted to keep the status quo. We need this patch anyway.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1728
Last-Update: 2013-09-14
Patch-Name: lintian-symlink-pickiness.patch
|
|
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720
Bug-Debian: http://bugs.debian.org/441817
Last-Update: 2013-09-14
Patch-Name: authorized-keys-man-symlink.patch
|
|
Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.
Bug-Debian: http://bugs.debian.org/562048
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: debian-banner.patch
|
|
This makes it easier to audit networks for versions patched against security
vulnerabilities. It has little detrimental effect, as attackers will
generally just try attacks rather than bothering to scan for
vulnerable-looking version strings. (However, see debian-banner.patch.)
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: package-versioning.patch
|
|
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
Last-Update: 2013-09-14
Patch-Name: mention-ssh-keygen-on-keychange.patch
|
|
Bug-Debian: http://bugs.debian.org/630606
Forwarded: no
Last-Update: 2013-09-14
Patch-Name: auth-log-verbosity.patch
|