summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-07-29Only recommend ssh-import-id when built on Ubuntu (closes: #635887).Colin Watson
2011-07-28releasing version 1:5.8p1-6Colin Watson
2011-07-28* Merge from Ubuntu (Dustin Kirkland):Colin Watson
- openssh-server Recommends: ssh-import-id (no-op in Debian since that package doesn't exist there, but this reduces the Ubuntu delta).
2011-07-28Quieten logs when multiple from= restrictions are used in differentColin Watson
authorized_keys lines for the same key; it's still not ideal, but at least you'll only get one log entry per key (closes: #630606).
2011-07-28openssh-client and openssh-server Suggests: monkeysphere.Colin Watson
2011-07-24releasing version 1:5.8p1-5Colin Watson
2011-07-17* Backport from upstream:Colin Watson
- Make hostbased auth with ECDSA keys work correctly (closes: #633368).
2011-05-30update README.source tooColin Watson
2011-05-30Update Vcs-* fields for Alioth changes.Colin Watson
2011-04-13Drop openssh-server's dependency on openssh-blacklist to aColin Watson
recommendation (closes: #622604).
2011-04-04releasing version 1:5.8p1-4Colin Watson
2011-04-04Remove unreachable code from openssh-server.postinst.Colin Watson
2011-04-04Drop hardcoded dependencies on libssl0.9.8 and libcrypto0.9.8-udeb,Colin Watson
since the required minimum versions are rather old now anyway and openssl has bumped its SONAME (thanks, Julien Cristau; closes: #620828).
2011-03-18releasing version 1:5.8p1-3Colin Watson
2011-03-18Allow ssh-add to read from FIFOs (thanks, Daniel Kahn Gillmor; closes:Colin Watson
#614897).
2011-02-09Correct ssh-keygen instruction in the changelog for 1:5.7p1-1 (thanks,Colin Watson
Joel Stanley). -q -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa'.
2011-02-08releasing version 1:5.8p1-2Colin Watson
2011-02-08Upload to unstable.Colin Watson
2011-02-05releasing version 1:5.8p1-1Colin Watson
2011-02-05configure somehow became non-executable; restore x bitColin Watson
2011-02-05* New upstream release (http://www.openssh.org/txt/release-5.8):Colin Watson
- Fix stack information leak in legacy certificate signing (http://www.openssh.com/txt/legacy-cert.adv).
2011-02-05merge 5.8p1Colin Watson
2011-02-05Import 5.8p1 tarballColin Watson
2011-02-04 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]Damien Miller
[contrib/suse/openssh.spec] update versions in docs and spec files. - Release OpenSSH 5.8p1
2011-02-04 - djm@cvs.openbsd.org 2011/02/04 00:44:43Damien Miller
[version.h] openssh-5.8
2011-02-04 - djm@cvs.openbsd.org 2011/02/04 00:44:21Damien Miller
[key.c] fix uninitialised nonce variable; reported by Mateusz Kocielski
2011-02-04 - djm@cvs.openbsd.org 2011/01/31 21:42:15Damien Miller
[PROTOCOL.mux] cut'n'pasto; from bert.wesarg AT googlemail.com
2011-02-0420110128Damien Miller
- (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851
2011-02-04cherry-pickDamien Miller
20110125 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-28 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabledDamien Miller
before attempting setfscreatecon(). Check whether matchpathcon() succeeded before using its result. Patch from cjwatson AT debian.org; bz#1851
2011-01-27releasing version 1:5.7p1-2Colin Watson
2011-01-27Fix crash in ssh_selinux_setfscreatecon when SELinux is disabledColin Watson
(LP: #708571).
2011-01-27releasing version 1:5.7p1-1Colin Watson
2011-01-26adjust ECDSA commentary in changelog - we aren't generating ECDSA host keys ↵Colin Watson
on upgrades
2011-01-2620110127Tim Rice
- (tim) [configure.ac] Consistent M4 quoting throughout, updated obsolete AC_TRY_COMPILE with AC_COMPILE_IFELSE, updated obsolete AC_TRY_LINK with AC_LINK_IFELSE, updated obsolete AC_TRY_RUN with AC_RUN_IFELSE, misc white space changes for consistency/readability. Makes autoconf 2.68 happy. "Nice work" djm
2011-01-2620110127Tim Rice
- (tim) [config.guess config.sub] Sync with upstream.
2011-01-26changelog for GSSAPI updateColin Watson
2011-01-26merge gssapi branchColin Watson
2011-01-26import openssh-5.7p1-gsskex-all-20110125.patchColin Watson
2011-01-25Rearrange selinux-role.patch so that it links properly given thisColin Watson
SELinux build fix.
2011-01-25Backport SELinux build fix from CVS.Colin Watson
2011-01-25 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.cDamien Miller
openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to port-linux.c to avoid compilation errors. Add -lselinux to ssh when building with SELinux support to avoid linking failure; report from amk AT spamfence.net; ok dtucker
2011-01-24Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.Colin Watson
2011-01-24Generate ECDSA host keys. These will only be used on freshColin Watson
installations or if you manually add 'HostKey /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
2011-01-24* New upstream release (http://www.openssh.org/txt/release-5.7):Colin Watson
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. - sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command. - scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host (closes: #508613). - ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races (closes: #454784). Stale server sockets are now automatically removed (closes: #523250). - ssh(1): install a SIGCHLD handler to reap expired child process (closes: #594687). - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories (closes: #357469, although only if you arrange for ssh-agent to actually see $TMPDIR since the setgid bit will cause it to be stripped off).
2011-01-24merge 5.7p1Colin Watson
2011-01-24import openssh-5.6p1-gsskex-all-20110101.patchColin Watson
2011-01-24Import 5.7p1 tarballColin Watson
2011-01-22 - (djm) Release 5.7p1Damien Miller
2011-01-22trim entries older than 5.5p1Damien Miller