summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2008-05-14releasing version 1:4.7p1-10Colin Watson
2008-05-14clarifyColin Watson
2008-05-14ssh-vulnkey handles options in authorized_keys (LP: #230029).Colin Watson
2008-05-14ignore debian/*.debhelper.logColin Watson
2008-05-14Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel).Colin Watson
2008-05-13releasing version 1:4.7p1-9Colin Watson
2008-05-13changed ssh-vulnkey outputColin Watson
2008-05-13update from mdzColin Watson
2008-05-13compressionColin Watson
2008-05-13add repair instructions from MattColin Watson
2008-05-13add CVE identifier for OpenSSL vulnerabilityColin Watson
2008-05-12* Mitigate OpenSSL security vulnerability:Colin Watson
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)
2008-04-09Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8.Colin Watson
- CVE-2008-1657: Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified.
2008-04-06releasing version 1:4.7p1-8Colin Watson
2008-04-06urgency=high for security fixesColin Watson
2008-04-06Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1:Colin Watson
- Add code to actually implement GSSAPIStrictAcceptorCheck, which had somehow been omitted from a previous version of this patch (closes: #474246).
2008-04-06typoColin Watson
2008-04-06Backport from 4.9p1:Colin Watson
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see http://www.securityfocus.com/bid/28531/info). - Add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc.
2008-04-04Tweak scp's reporting of filenames in verbose mode to be a bit lessColin Watson
confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945).
2008-04-04Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from oldColin Watson
configurations (LP: #211400).
2008-04-01Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5.Colin Watson
- CVE-2008-1483: Don't use X11 forwarding port which can't be bound on all address families, preventing hijacking of X11 forwarding by
2008-03-31releasing version 1:4.7p1-7Colin Watson
2008-03-31Ignore errors writing to oom_adj (closes: #473573).Colin Watson
2008-03-30releasing version 1:4.7p1-6Colin Watson
2008-03-30* Disable the Linux kernel's OOM-killer for the sshd parent; tweakColin Watson
SSHD_OOM_ADJUST in /etc/default/ssh to change this (closes: #341767).
2008-03-22releasing version 1:4.7p1-5Colin Watson
2008-03-22* Use printf rather than echo -en (a bashism) in openssh-server.config andColin Watson
openssh-server.preinst.
2008-03-22more detail on #463011Colin Watson
2008-03-22* Patch from Red Hat / Fedora:Colin Watson
- Don't use X11 forwarding port which can't be bound on all address families (closes: #463011).
2008-03-18* Document in ssh(1) that '-S none' disables connection sharingColin Watson
(closes: #471437).
2008-02-29* debconf template translations:Colin Watson
- Update Finnish (thanks, Esko Arajärvi; closes: #468563).
2008-02-27* Recommends: xauth rather than Suggests: xbase-clients.Colin Watson
2008-02-13releasing version 1:4.7p1-4Colin Watson
2008-02-13closes: #465614 as wellColin Watson
2008-02-08* Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop definingColin Watson
SSHD_PAM_SERVICE (closes: #255870).
2008-02-04* Include the autogenerated debian/copyright in the source package.Colin Watson
2008-02-04* Fix configure detection of getseuserbyname andColin Watson
get_default_context_with_level (LP: #188136).
2008-02-01releasing version 1:4.7p1-3Colin Watson
2008-02-01* Allow passing temporary daemon parameters on the init script's commandColin Watson
line, e.g. '/etc/init.d/ssh start "-o PermitRootLogin=yes"' (thanks, Marc Haber; closes: #458547).
2008-02-01* Backport from upstream:Colin Watson
- Use the correct packet maximum sizes for remote port and agent forwarding. Prevents the server from killing the connection if too much data is queued and an excessively large packet gets sent (https://bugzilla.mindrot.org/show_bug.cgi?id=1360).
2008-01-12* Improve grammar of ssh-askpass-gnome description.Colin Watson
2008-01-11releasing version 1:4.7p1-2Colin Watson
2008-01-11* Drop source-compatibility with Debian 3.0:Colin Watson
- Remove support for building with GNOME 1. This allows simplification of our GNOME build-dependencies (see #460136). - Remove hacks to support the old PAM configuration scheme. - Remove compatibility for building without po-debconf. * Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I can see, the GTK2 version of ssh-askpass-gnome has never required libgnomeui-dev.
2008-01-10* Add armel to architecture list for libselinux1-dev build-dependencyColin Watson
(closes: #460136).
2008-01-10* Pass --with-mantype=doc to configure rather than build-depending onColin Watson
groff (closes: #460121).
2008-01-09* Adjust many relative links in faq.html to point toColin Watson
http://www.openssh.org/ (thanks, Dan Jacobson; mentioned in #459807).
2007-12-24releasing version 1:4.7p1-1Colin Watson
2007-12-24* Policy version 3.7.3: no changes required.Colin Watson
2007-12-24* Update copyright dates for Kerberos patch in debian/copyright.head.Colin Watson
2007-12-24* Override desktop-file-but-no-dh_desktop-call lintian warning; theColin Watson
.desktop file is intentionally not installed (see 1:3.8.1p1-10).