summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2007-12-24* Override desktop-file-but-no-dh_desktop-call lintian warning; theColin Watson
.desktop file is intentionally not installed (see 1:3.8.1p1-10).
2007-12-24* Recode LICENCE to UTF-8 when concatenating it to debian/copyright.Colin Watson
2007-12-24install debian/faq.html, not faq.htmlColin Watson
2007-12-24* Document the non-default options we set as standard in ssh_config(5) andColin Watson
sshd_config(5) (closes: #327886, #345628).
2007-12-24use real filename for FAQ ruleColin Watson
2007-12-24* Update moduli(5) to revision 1.11 from OpenBSD CVS.Colin Watson
2007-12-24* Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013).Colin Watson
2007-12-24* Refactor debian/rules configure and make invocations to make developmentColin Watson
easier.
2007-12-24fix compilation failure due to merge errorColin Watson
2007-12-24* Fix "overriden" typo in ssh(1) (thanks, A. Costa; closes: #390699).Colin Watson
2007-12-24* Create /var/run/sshd on start even if /etc/ssh/sshd_not_to_be_run existsColin Watson
(closes: #453285).
2007-12-24* Install the OpenSSH FAQ in /usr/share/doc/openssh-client.Colin Watson
- Includes documentation on copying files with colons using scp (closes: #303453).
2007-12-24* New upstream release (closes: #453367).Colin Watson
- CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec (closes: #444738). - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. - The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. - ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. - A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. - Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. - ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work. - Make scp(1) skip FIFOs rather than hanging (closes: #246774). - Encode non-printing characters in scp(1) filenames. These could cause copies to be aborted with a "protocol error". - Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated. - Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms. - Improve documentation for ssh-add(1)'s -d option. - Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. - Delay execution of ssh(1)'s LocalCommand until after all forwardings have been established. - In scp(1), do not truncate non-regular files. - Improve exit message from ControlMaster clients. - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error (closes: #365541). - pam_end() was not being called if authentication failed (closes: #405041). - Manual page datestamps updated (closes: #433181).
2007-12-23Import OpenSSH 4.7p1.Colin Watson
2007-12-03releasing version 1:4.6p1-7Colin Watson
2007-12-03* Check whether deluser exists in postrm (closes: #454085).Colin Watson
2007-11-20* Adjust README.Debian to suggest mailing debian-ssh@lists.debian.orgColin Watson
rather than Matthew.
2007-11-17* Use autotools-dev's recommended configure --build and --host options.Colin Watson
2007-11-14* Don't build PIE executables on m68k (closes: #451192).Colin Watson
2007-11-12revert previous commit; ftruncate is needed to shorten a previously-existing ↵Colin Watson
file
2007-11-12* Make scp only ftruncate if it hasn'\''t written the required number ofColin Watson
bytes (works around #447153).
2007-11-12releasing version 1:4.6p1-6Colin Watson
2007-11-12authorized_keys.5 belongs in openssh-serverColin Watson
2007-11-12* Adjust categories in ssh-askpass-gnome.desktop to comply with theColin Watson
Desktop Menu Specification.
2007-11-12* Don't ignore errors from 'make -C contrib clean'.Colin Watson
2007-11-12* Suppress error from debian/rules if lsb-release is not installed.Colin Watson
2007-11-08revert mistakenly committed experimentColin Watson
2007-11-08* Fix sshd/inittab advice in README.Debian to account for rc.d movementColin Watson
(closes: #450632).
2007-10-18 - Update Brazilian Portuguese (thanks, Eder L. Marques;Colin Watson
closes: #447145).
2007-10-18* Discard error output from dpkg-query in preinsts, in case the sshColin Watson
metapackage is not installed.
2007-09-12* Install authorized_keys(5) as a symlink to sshd(8) (thanks, TomasColin Watson
Pospisek; closes: #441817).
2007-09-12* debconf template translations:Colin Watson
- Add Slovak (thanks, Ivan Masár; closes: #441690).
2007-09-12* Remove blank line between head comment and first template inColin Watson
debian/openssh-server.templates.master; apparently it confuses some versions of debconf.
2007-09-04don't say it twiceDamien Miller
2007-09-04credit Jan PechanecDamien Miller
2007-09-04Mention Jan PechanecDarren Tucker
2007-08-17 - (dtucker) [INSTALL] Link to tcpwrappers.Darren Tucker
2007-08-17 - (dtucker) [INSTALL] Give PAM its own heading.Darren Tucker
2007-08-17 - (dtucker) [INSTALL] the pid file is sshd.pid not ssh.pid.Darren Tucker
2007-08-17 - (dtucker) [INSTALL] Group the parts describing random options and PAMDarren Tucker
implementations together which is hopefully more coherent.
2007-08-17typoDarren Tucker
2007-08-17 - (dtucker) [sshd.8] Many Linux variants use a single "!" to denote lockedDarren Tucker
accounts and that's what the code looks for, so make man page and code agree. Pointed out by Roumen Petrov.
2007-08-16 - (dtucker) [session.c] Call PAM cleanup functions for unauthenticatedDarren Tucker
connections too. Based on a patch from Sandro Wefel, with & ok djm@
2007-08-15 - stevesk@cvs.openbsd.org 2007/08/15 12:13:41Darren Tucker
[ssh_config.5] tun device forwarding now honours ExitOnForwardFailure; ok markus@
2007-08-15 - (dtucker) [README contrib/caldera/openssh.spec contrib/redhat/openssh.specDarren Tucker
contrib/suse/openssh.spec] Crank version.
2007-08-15 - (dtucker) [openbsd-compat/bsd-cray.c] Remove debug from signal handler.Darren Tucker
ok djm@
2007-08-15 - markus@cvs.openbsd.org 2007/08/15 08:16:49Darren Tucker
[version.h] openssh 4.7
2007-08-15 - markus@cvs.openbsd.org 2007/08/15 08:14:46Darren Tucker
[clientloop.c] do NOT fall back to the trused x11 cookie if generation of an untrusted cookie fails; from security-alert at sun.com; ok dtucker
2007-08-13 - (dtucker) [session.c] Bug #1339: ensure that pam_setcred() is alwaysDarren Tucker
called with PAM_ESTABLISH_CRED at least once, which resolves a problem with pam_dhkeys. Patch from David Leonard, ok djm@
2007-08-10 - (dtucker) [configure.ac] Bug #1343: Set DISABLE_FD_PASSING for QNX6. From.Darren Tucker
Matt Kraai, ok djm@.