openssh.git -

Age	Commit message (Collapse)	Author
2017-08-27	Drop openssh-client-ssh1, now built by a separate source package.	Colin Watson

2017-08-23	releasing package openssh version 1:7.5p1-7	Colin Watson

2017-08-23	Add RuntimeDirectory and RuntimeDirectoryMode to ssh@.service as well as ↵	Colin Watson
	ssh.service (closes: #872978).
2017-08-23	Fix spelling of RuntimeDirectoryMode (closes: #872976).	Colin Watson

2017-08-23	releasing package openssh version 1:7.5p1-6	Colin Watson

2017-08-22	Remove unnecessary package name from rm_conffile	Colin Watson

2017-08-22	Quote IP address in suggested "ssh-keygen -f" calls (closes: #872643).	Colin Watson

2017-08-22	Fix incoming compression statistics	Russell Coker
	Bug-Debian: https://bugs.debian.org/797964 Forwarded: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-June/036077.html Last-Update: 2017-06-06 Patch-Name: fix-incoming-compression-statistics.patch
2017-08-22	Fix syntax error on Linux/X32	Damien Miller
	Patch from Mike Frysinger Origin: https://anongit.mindrot.org/openssh.git/commit/?id=6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 Last-Update: 2017-04-02 Patch-Name: x32-syntax-error.patch
2017-08-22	Missing header on Linux/s390	Damien Miller
	Patch from Jakub Jelen Origin: https://anongit.mindrot.org/openssh.git/commit/?id=58b8cfa2a062b72139d7229ae8de567f55776f24 Last-Update: 2017-04-02 Patch-Name: s390-missing-header.patch
2017-08-22	Restore reading authorized_keys2 by default	Colin Watson
	Upstream seems to intend to gradually phase this out, so don't assume that this will remain the default forever. However, we were late in adopting the upstream sshd_config changes, so it makes sense to extend the grace period. Bug-Debian: https://bugs.debian.org/852320 Forwarded: not-needed Last-Update: 2017-03-05 Patch-Name: restore-authorized_keys2.patch
2017-08-22	Remove ssh_host_dsa_key from HostKey default	Colin Watson
	The client no longer accepts DSA host keys, and servers using the default HostKey setting should have better host keys available. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2662 Bug-Debian: https://bugs.debian.org/850614 Last-Update: 2017-01-16 Patch-Name: no-dsa-host-key-by-default.patch
2017-08-22	Make integrity tests more robust against timeouts	Colin Watson
	If the first test in a series for a given MAC happens to modify the low bytes of a packet length, then ssh will time out and this will be interpreted as a test failure. Handle this failure mode. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658 Patch-Name: regress-integrity-robust.patch Last-Update: 2017-01-01
2017-08-22	Various Debian-specific configuration changes	Colin Watson
	ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2016-12-26 Patch-Name: debian-config.patch
2017-08-22	Add systemd readiness notification support	Michael Biebl
	Bug-Debian: https://bugs.debian.org/778913 Forwarded: no Last-Update: 2017-08-22 Patch-Name: systemd-readiness.patch
2017-08-22	Give the ssh-askpass-gnome window a default icon	Vincent Untz
	Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch
2017-08-22	Don't check the status field of the OpenSSL version	Kurt Roeckx
	There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
2017-08-22	Document consequences of ssh-agent being setgid in ssh-agent(1)	Colin Watson
	Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
2017-08-22	Document that HashKnownHosts may break tab-completion	Colin Watson
	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727 Bug-Debian: http://bugs.debian.org/430154 Last-Update: 2013-09-14 Patch-Name: doc-hash-tab-completion.patch
2017-08-22	ssh(1): Refer to ssh-argv0(1)	Colin Watson
	Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks to ssh with the name of the host you want to connect to. Debian ships an ssh-argv0 script restoring this feature; this patch refers to its manual page from ssh(1). Bug-Debian: http://bugs.debian.org/111341 Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: ssh-argv0.patch
2017-08-22	Adjust various OpenBSD-specific references in manual pages	Colin Watson
	No single bug reference for this patch, but history includes: http://bugs.debian.org/154434 (login.conf(5)) http://bugs.debian.org/513417 (/etc/rc) http://bugs.debian.org/530692 (ssl(8)) https://bugs.launchpad.net/bugs/456660 (ssl(8)) Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: openbsd-docs.patch
2017-08-22	Install authorized_keys(5) as a symlink to sshd(8)	Tomas Pospisek
	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch
2017-08-22	Add DebianBanner server configuration option	Kees Cook
	Setting this to "no" causes sshd to omit the Debian revision from its initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed Last-Update: 2015-11-29 Patch-Name: debian-banner.patch
2017-08-22	Include the Debian version in our identification	Matthew Vernon
	This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: package-versioning.patch
2017-08-22	Mention ssh-keygen in ssh fingerprint changed warning	Scott Moser
	Author: Chris Lamb <lamby@debian.org> Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 Last-Update: 2017-08-22 Patch-Name: mention-ssh-keygen-on-keychange.patch
2017-08-22	Add bug number for dropping Upstart support	Colin Watson

2017-08-22	Drop Upstart-specific patches	Colin Watson

2017-08-22	Fix incoming compression statistics	Russell Coker
	Bug-Debian: https://bugs.debian.org/797964 Forwarded: https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-June/036077.html Last-Update: 2017-06-06 Patch-Name: fix-incoming-compression-statistics.patch
2017-08-22	Fix syntax error on Linux/X32	Damien Miller
	Patch from Mike Frysinger Origin: https://anongit.mindrot.org/openssh.git/commit/?id=6b853c6f8ba5eecc50f3b57af8e63f8184eb0fa6 Last-Update: 2017-04-02 Patch-Name: x32-syntax-error.patch
2017-08-22	Missing header on Linux/s390	Damien Miller
	Patch from Jakub Jelen Origin: https://anongit.mindrot.org/openssh.git/commit/?id=58b8cfa2a062b72139d7229ae8de567f55776f24 Last-Update: 2017-04-02 Patch-Name: s390-missing-header.patch
2017-08-22	Restore reading authorized_keys2 by default	Colin Watson
	Upstream seems to intend to gradually phase this out, so don't assume that this will remain the default forever. However, we were late in adopting the upstream sshd_config changes, so it makes sense to extend the grace period. Bug-Debian: https://bugs.debian.org/852320 Forwarded: not-needed Last-Update: 2017-03-05 Patch-Name: restore-authorized_keys2.patch
2017-08-22	Remove ssh_host_dsa_key from HostKey default	Colin Watson
	The client no longer accepts DSA host keys, and servers using the default HostKey setting should have better host keys available. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2662 Bug-Debian: https://bugs.debian.org/850614 Last-Update: 2017-01-16 Patch-Name: no-dsa-host-key-by-default.patch
2017-08-22	Make integrity tests more robust against timeouts	Colin Watson
	If the first test in a series for a given MAC happens to modify the low bytes of a packet length, then ssh will time out and this will be interpreted as a test failure. Handle this failure mode. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2658 Patch-Name: regress-integrity-robust.patch Last-Update: 2017-01-01
2017-08-22	Various Debian-specific configuration changes	Colin Watson
	ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2016-12-26 Patch-Name: debian-config.patch
2017-08-22	Add systemd readiness notification support	Michael Biebl
	Bug-Debian: https://bugs.debian.org/778913 Forwarded: no Last-Update: 2017-08-22 Patch-Name: systemd-readiness.patch
2017-08-22	Give the ssh-askpass-gnome window a default icon	Vincent Untz
	Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch
2017-08-22	Don't check the status field of the OpenSSL version	Kurt Roeckx
	There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
2017-08-22	Document consequences of ssh-agent being setgid in ssh-agent(1)	Colin Watson
	Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2013-06-08 Patch-Name: ssh-agent-setgid.patch
2017-08-22	Drop upstart system and user jobs.	Dimitri John Ledkov

2017-08-22	Fix up drop sshd.conf	Dimitri John Ledkov

2017-07-23	Create /run/sshd under systemd using RuntimeDirectory rather than tmpfiles.d ↵	Colin Watson
	(thanks, Dmitry Smirnov; closes: #864190).
2017-06-28	Mark 1:7.5p1-1 NEWS entry as released	Colin Watson

2017-06-26	Test configuration before starting or reloading sshd under systemd (closes: ↵	Colin Watson
	#865770).
2017-06-18	releasing package openssh version 1:7.5p1-5	Colin Watson

2017-06-18	Fix syntax error in debian/copyright.	Colin Watson

2017-06-18	Upload to unstable.	Colin Watson

2017-06-18	Merge changelog from 1:7.4p1-11	Colin Watson

2017-06-06	releasing package openssh version 1:7.5p1-4	Colin Watson

2017-06-06	Relicense debian/* under a two-clause BSD licence for bidirectional ↵	Colin Watson
	compatibility with upstream, with permission from Matthew Vernon and others.
2017-06-06	Fix incoming compression statistics (thanks, Russell Coker; closes: #797964).	Colin Watson