summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-08-22Fix up drop sshd.confDimitri John Ledkov
2017-07-23Create /run/sshd under systemd using RuntimeDirectory rather than tmpfiles.d ↵Colin Watson
(thanks, Dmitry Smirnov; closes: #864190).
2017-06-28Mark 1:7.5p1-1 NEWS entry as releasedColin Watson
2017-06-26Test configuration before starting or reloading sshd under systemd (closes: ↵Colin Watson
#865770).
2017-06-18releasing package openssh version 1:7.5p1-5Colin Watson
2017-06-18Fix syntax error in debian/copyright.Colin Watson
2017-06-18Upload to unstable.Colin Watson
2017-06-18Merge changelog from 1:7.4p1-11Colin Watson
2017-06-06releasing package openssh version 1:7.5p1-4Colin Watson
2017-06-06Relicense debian/* under a two-clause BSD licence for bidirectional ↵Colin Watson
compatibility with upstream, with permission from Matthew Vernon and others.
2017-06-06Fix incoming compression statistics (thanks, Russell Coker; closes: #797964).Colin Watson
2017-06-06Fix incoming compression statisticsRussell Coker
Bug-Debian: https://bugs.debian.org/797964 Forwarded: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-June/036077.html Last-Update: 2017-06-06 Patch-Name: fix-incoming-compression-statistics.patch
2017-06-06releasing package openssh version 1:7.4p1-11Colin Watson
2017-06-06Fix incoming compression statistics (thanks, Russell Coker; closes: #797964).Colin Watson
2017-06-06Fix incoming compression statisticsRussell Coker
Bug-Debian: https://bugs.debian.org/797964 Forwarded: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-June/036077.html Last-Update: 2017-06-06 Patch-Name: fix-incoming-compression-statistics.patch
2017-05-09Only call "initctl set-env" from agent-launch if $UPSTART_SESSION is set ↵Colin Watson
(LP: #1689299).
2017-05-03Drop README.Debian section on privilege separation, as it's no longer optional.Colin Watson
2017-05-02releasing package openssh version 1:7.5p1-3Colin Watson
2017-04-22Ensure that /etc/ssh exists before trying to create /etc/ssh/sshd_config ↵Colin Watson
(LP: #1685022).
2017-04-22Fix purge failure when /etc/ssh has already somehow been removed (LP: #1682817).Colin Watson
2017-04-08Adjust OpenSSL dependencies for openssh-client-ssh1 too.Colin Watson
2017-04-08Fix debian/adjust-openssl-dependencies to account for preferring libssl1.0-dev.Colin Watson
2017-04-02releasing package openssh version 1:7.5p1-2Colin Watson
2017-04-02Fix syntax error on Linux/X32Colin Watson
2017-04-02Fix syntax error on Linux/X32Damien Miller
Patch from Mike Frysinger Origin: https://anongit.mindrot.org/openssh.git/commit/?id=6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 Last-Update: 2017-04-02 Patch-Name: x32-syntax-error.patch
2017-04-02Add missing header on Linux/s390Colin Watson
2017-04-02Missing header on Linux/s390Damien Miller
Patch from Jakub Jelen Origin: https://anongit.mindrot.org/openssh.git/commit/?id=58b8cfa2a062b72139d7229ae8de567f55776f24 Last-Update: 2017-04-02 Patch-Name: s390-missing-header.patch
2017-04-02releasing package openssh version 1:7.5p1-1Colin Watson
2017-04-02New upstream release (7.5p1)Colin Watson
2017-03-30releasing package openssh version 1:7.4p1-10Colin Watson
2017-03-30Unbreak Unix domain socket forwarding for root (closes: #858252).Colin Watson
2017-03-30upstream commitdjm@openbsd.org
unbreak Unix domain socket forwarding for root; ok markus@ Upstream-ID: 6649c76eb7a3fa15409373295ca71badf56920a2 Origin: https://anongit.mindrot.org/openssh.git/commit/?id=51045869fa084cdd016fdd721ea760417c0a3bf3 Bug-Debian: https://bugs.debian.org/858252 Last-Update: 2017-03-30 Patch-Name: unbreak-unix-forwarding-for-root.patch
2017-03-30Move privilege separation directory and PID file from /var/run/ to /run/ ↵Colin Watson
(closes: #760422, #856825).
2017-03-29Restore reading authorized_keys2 by defaultColin Watson
Upstream seems to intend to gradually phase this out, so don't assume that this will remain the default forever. However, we were late in adopting the upstream sshd_config changes, so it makes sense to extend the grace period. Bug-Debian: https://bugs.debian.org/852320 Forwarded: not-needed Last-Update: 2017-03-05 Patch-Name: restore-authorized_keys2.patch
2017-03-29Remove ssh_host_dsa_key from HostKey defaultColin Watson
The client no longer accepts DSA host keys, and servers using the default HostKey setting should have better host keys available. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2662 Bug-Debian: https://bugs.debian.org/850614 Last-Update: 2017-01-16 Patch-Name: no-dsa-host-key-by-default.patch
2017-03-29Make integrity tests more robust against timeoutsColin Watson
If the first test in a series for a given MAC happens to modify the low bytes of a packet length, then ssh will time out and this will be interpreted as a test failure. Handle this failure mode. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658 Patch-Name: regress-integrity-robust.patch Last-Update: 2017-01-01
2017-03-29Various Debian-specific configuration changesColin Watson
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2016-12-26 Patch-Name: debian-config.patch
2017-03-29Add systemd readiness notification supportMichael Biebl
Bug-Debian: https://bugs.debian.org/778913 Forwarded: no Last-Update: 2016-01-04 Patch-Name: systemd-readiness.patch
2017-03-29Document that HashKnownHosts may break tab-completionColin Watson
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727 Bug-Debian: http://bugs.debian.org/430154 Last-Update: 2013-09-14 Patch-Name: doc-hash-tab-completion.patch
2017-03-29Support synchronisation with service supervisor using SIGSTOPColin Watson
Author: Robie Basak <robie.basak@ubuntu.com> Forwarded: no Last-Update: 2014-04-14 Patch-Name: sigstop.patch
2017-03-29ssh(1): Refer to ssh-argv0(1)Colin Watson
Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks to ssh with the name of the host you want to connect to. Debian ships an ssh-argv0 script restoring this feature; this patch refers to its manual page from ssh(1). Bug-Debian: http://bugs.debian.org/111341 Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: ssh-argv0.patch
2017-03-29Give the ssh-askpass-gnome window a default iconVincent Untz
Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch
2017-03-29Adjust various OpenBSD-specific references in manual pagesColin Watson
No single bug reference for this patch, but history includes: http://bugs.debian.org/154434 (login.conf(5)) http://bugs.debian.org/513417 (/etc/rc) http://bugs.debian.org/530692 (ssl(8)) https://bugs.launchpad.net/bugs/456660 (ssl(8)) Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: openbsd-docs.patch
2017-03-29Don't check the status field of the OpenSSL versionKurt Roeckx
There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
2017-03-29Install authorized_keys(5) as a symlink to sshd(8)Tomas Pospisek
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch
2017-03-29Document consequences of ssh-agent being setgid in ssh-agent(1)Colin Watson
Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
2017-03-29Add DebianBanner server configuration optionKees Cook
Setting this to "no" causes sshd to omit the Debian revision from its initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed Last-Update: 2015-11-29 Patch-Name: debian-banner.patch
2017-03-29Refer to ssh's Upstart job as well as its init scriptColin Watson
Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: doc-upstart.patch
2017-03-29Include the Debian version in our identificationMatthew Vernon
This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: package-versioning.patch
2017-03-29Quieten logs when multiple from= restrictions are usedColin Watson
Bug-Debian: http://bugs.debian.org/630606 Forwarded: no Last-Update: 2013-09-14 Patch-Name: auth-log-verbosity.patch