summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-15Fix getsockname errors when using "ssh -W" (closes: #738693).Colin Watson
2014-02-15Skip get_sock_port call for c->sock==-1Damien Miller
Origin: upstream, https://bugzilla.mindrot.org/show_bug.cgi?id=2200 Bug-Debian: http://bugs.debian.org/738693 Last-Update: 2014-02-15 Patch-Name: getsockname-error.patch
2014-02-13Remove code related to non-dependency-based sysv-rc ordering, since that is ↵Colin Watson
no longer supported.
2014-02-13Fix "Running sshd from inittab" instructions for dependency-based sysv-rcColin Watson
Amend "Running sshd from inittab" instructions in README.Debian to recommend 'update-rc.d ssh disable', rather than manual removal of rc*.d symlinks that won't work with dependency-based sysv-rc.
2014-02-13Configure --without-hardening on hppa, to work around ↵Colin Watson
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
2014-02-12releasing package openssh version 1:6.5p1-3Colin Watson
2014-02-12Tweak dh_systemd_enable invocations to avoid lots of error noise.Colin Watson
2014-02-12Drop unnecessary -1 in zlib1g Build-Depends version.Colin Watson
2014-02-12Policy version 3.9.5.Colin Watson
2014-02-12Drop some very old Conflicts and ReplacesColin Watson
Drop some very old Conflicts and Replaces (ssh (<< 1:3.8.1p1-9), rsh-client (<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-nonfree (<< 2), and openssh-client (<< 1:3.8.1p1-11)). These all relate to pre-etch versions, for which we no longer have maintainer script code, and per policy they would have to become Breaks nowadays anyway.
2014-02-12Refer to /usr/share/common-licenses/GPL-2 in debian/copyright (for the ↵Colin Watson
Debian patch) rather than plain GPL.
2014-02-12Remove unnecessary /dev/null testsColin Watson
Remove tests for whether /dev/null is a character device from the Upstart job and the systemd service files; it's there to avoid a confusing failure mode in daemon(), but with modern init systems we use the -D option to suppress daemonisation anyway.
2014-02-12Reorder transition code by guard version.Colin Watson
2014-02-12Bump guard version for sysvinit->systemd transition to 1:6.5p1-3; we may ↵Colin Watson
have got it wrong before, and it's fairly harmless to repeat it.
2014-02-12Fix sysvinit->systemd transition codeColin Watson
We need to cope with still-running sysvinit jobs being considered active by systemd (thanks, Uoti Urpala and Michael Biebl).
2014-02-12Avoid stdout noise from which(1) on purge of openssh-client.Colin Watson
2014-02-12Stop claiming that "Protocol 2" is a Debian-specific defaultColin Watson
This has been upstream's default since 5.4p1.
2014-02-12Unbreak case-sensitive matching of ssh_configDamien Miller
- djm@cvs.openbsd.org 2014/02/04 00:24:29 [ssh.c] delay lowercasing of hostname until right before hostname canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@ Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170 Bug-Debian: http://bugs.debian.org/738619 Forwarded: not-needed Last-Update: 2014-02-11 Patch-Name: fix-case-sensitive-matching.patch
2014-02-12Various Debian-specific configuration changesColin Watson
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside PermitRootLogin default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2014-02-12 Patch-Name: debian-config.patch
2014-02-12Adjust section title too.Colin Watson
2014-02-11Clarify socket activation mode in README.Debian, as suggested by Uoti Urpala.Colin Watson
2014-02-11releasing package openssh version 1:6.5p1-2Colin Watson
2014-02-11Backport upstream patch to unbreak case-sensitive matching of ssh_config ↵Colin Watson
(closes: #738619).
2014-02-11Unbreak case-sensitive matching of ssh_configDamien Miller
- djm@cvs.openbsd.org 2014/02/04 00:24:29 [ssh.c] delay lowercasing of hostname until right before hostname canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@ Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170 Bug-Debian: http://bugs.debian.org/738619 Forwarded: not-needed Last-Update: 2014-02-11 Patch-Name: fix-case-sensitive-matching.patch
2014-02-11Only enable ssh.service for systemd, not both ssh.service and ssh.socket. ↵Colin Watson
Thanks to Michael Biebl for spotting this.
2014-02-10releasing package openssh version 1:6.5p1-1Colin Watson
2014-02-10Drop After=syslog.target; this is obsolete according to Lintian.Colin Watson
2014-02-10Add systemd support (thanks, Sven Joachim; closes: #676830).Colin Watson
2014-02-10Stop manually creating /usr/share/lintian/overrides; dh_lintian handles this.Colin Watson
2014-02-10Drop long-obsolete "SSH now uses protocol 2 by default" section from ↵Colin Watson
README.Debian.
2014-02-10Generate ED25519 host keys on fresh installations.Colin Watson
Upgraders who wish to add such host keys should manually add 'HostKey /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
2014-02-10Close some bugs related to ssh-vulnkey.Colin Watson
2014-02-10Incorporate default path changes from shadow 1:4.0.18.1-8, removing ↵Colin Watson
/usr/bin/X11 (closes: #644521).
2014-02-10Add the pam_keyinit session module, to create a new session keyring on login ↵Colin Watson
(closes: #734816).
2014-02-10Merge 6.5p1.Colin Watson
* New upstream release (http://www.openssh.com/txt/release-6.5, LP: #1275068): - ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names (closes: #115286).
2014-02-10Support synchronisation with service supervisor using SIGSTOPColin Watson
Forwarded: no Last-Update: 2013-09-14 Patch-Name: sigstop.patch
2014-02-10Various Debian-specific configuration changesColin Watson
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside PermitRootLogin default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: debian-config.patch
2014-02-10Give the ssh-askpass-gnome window a default iconVincent Untz
Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch
2014-02-10Disable OpenSSL version checkPhilip Hands
OpenSSL's SONAME is sufficient nowadays. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: http://bugs.debian.org/93581 Bug-Debian: http://bugs.debian.org/664383 Forwarded: not-needed Last-Update: 2013-12-23 Patch-Name: no-openssl-version-check.patch
2014-02-10Document consequences of ssh-agent being setgid in ssh-agent(1)Colin Watson
Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
2014-02-10Refer to ssh's Upstart job as well as its init scriptColin Watson
Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: doc-upstart.patch
2014-02-10Document that HashKnownHosts may break tab-completionColin Watson
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727 Bug-Debian: http://bugs.debian.org/430154 Last-Update: 2013-09-14 Patch-Name: doc-hash-tab-completion.patch
2014-02-10ssh(1): Refer to ssh-argv0(1)Colin Watson
Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks to ssh with the name of the host you want to connect to. Debian ships an ssh-argv0 script restoring this feature; this patch refers to its manual page from ssh(1). Bug-Debian: http://bugs.debian.org/111341 Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: ssh-argv0.patch
2014-02-10Adjust various OpenBSD-specific references in manual pagesColin Watson
No single bug reference for this patch, but history includes: http://bugs.debian.org/154434 (login.conf(5)) http://bugs.debian.org/513417 (/etc/rc) http://bugs.debian.org/530692 (ssl(8)) https://bugs.launchpad.net/bugs/456660 (ssl(8)) Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: openbsd-docs.patch
2014-02-10Fix picky lintian errors about slogin symlinksColin Watson
Apparently this breaks some SVR4 packaging systems, so upstream can't win either way and opted to keep the status quo. We need this patch anyway. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1728 Last-Update: 2013-09-14 Patch-Name: lintian-symlink-pickiness.patch
2014-02-10Install authorized_keys(5) as a symlink to sshd(8)Tomas Pospisek
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch
2014-02-10Add DebianBanner server configuration optionKees Cook
Setting this to "no" causes sshd to omit the Debian revision from its initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: debian-banner.patch
2014-02-10Include the Debian version in our identificationMatthew Vernon
This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: package-versioning.patch
2014-02-10Mention ssh-keygen in ssh fingerprint changed warningScott Moser
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 Last-Update: 2013-09-14 Patch-Name: mention-ssh-keygen-on-keychange.patch
2014-02-10Quieten logs when multiple from= restrictions are usedColin Watson
Bug-Debian: http://bugs.debian.org/630606 Forwarded: no Last-Update: 2013-09-14 Patch-Name: auth-log-verbosity.patch