summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-02-27 - djm@cvs.openbsd.org 2014/02/26 20:18:37Damien Miller
[ssh.c] bz#2205: avoid early hostname lookups unless canonicalisation is enabled; ok dtucker@ markus@
2014-02-24 - djm@cvs.openbsd.org 2014/02/23 20:11:36Damien Miller
[readconf.c readconf.h ssh.c ssh_config.5] reparse ssh_config and ~/.ssh/config if hostname canonicalisation changes the hostname. This allows users to write configurations that always refer to canonical hostnames, e.g. CanonicalizeHostname yes CanonicalDomains int.example.org example.org CanonicalizeFallbackLocal no Host *.int.example.org Compression off Host *.example.org User djm ok markus@
2014-02-24 - djm@cvs.openbsd.org 2014/02/23 20:03:42Damien Miller
[ssh-ed25519.c] check for unsigned overflow; not reachable in OpenSSH but others might copy our code...
2014-02-24 - djm@cvs.openbsd.org 2014/02/22 01:32:19Damien Miller
[readconf.c] when processing Match blocks, skip 'exec' clauses if previous predicates failed to match; ok markus@
2014-02-24 - djm@cvs.openbsd.org 2014/02/15 23:05:36Damien Miller
[channels.c] avoid spurious "getsockname failed: Bad file descriptor" errors in ssh -W; bz#2200, debian#738692 via Colin Watson; ok dtucker@
2014-02-24 - djm@cvs.openbsd.org 2014/02/07 06:55:54Damien Miller
[cipher.c mac.c] remove some logging that makes ssh debugging output very verbose; ok markus
2014-02-21Split sftp-server into its own packageAxel Beckert
This allows it to also be used by other SSH server implementations like dropbear (closes: #504290).
2014-02-2120140221Tim Rice
- (tim) [configure.ac] Fix cut-and-paste error. Patch from Bryan Drewery.
2014-02-21Add Alias=sshd.service to systemd ssh.service file, to match "Provides: ↵Colin Watson
sshd" in the sysvinit script (thanks, Michael Biebl).
2014-02-15releasing package openssh version 1:6.5p1-4Colin Watson
2014-02-15Fix getsockname errors when using "ssh -W" (closes: #738693).Colin Watson
2014-02-15Skip get_sock_port call for c->sock==-1Damien Miller
Origin: upstream, https://bugzilla.mindrot.org/show_bug.cgi?id=2200 Bug-Debian: http://bugs.debian.org/738693 Last-Update: 2014-02-15 Patch-Name: getsockname-error.patch
2014-02-13Remove code related to non-dependency-based sysv-rc ordering, since that is ↵Colin Watson
no longer supported.
2014-02-13Fix "Running sshd from inittab" instructions for dependency-based sysv-rcColin Watson
Amend "Running sshd from inittab" instructions in README.Debian to recommend 'update-rc.d ssh disable', rather than manual removal of rc*.d symlinks that won't work with dependency-based sysv-rc.
2014-02-13Configure --without-hardening on hppa, to work around ↵Colin Watson
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
2014-02-13 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add compatDarren Tucker
code for older OpenSSL versions that don't have EVP_MD_CTX_copy_ex.
2014-02-12releasing package openssh version 1:6.5p1-3Colin Watson
2014-02-12Tweak dh_systemd_enable invocations to avoid lots of error noise.Colin Watson
2014-02-12Drop unnecessary -1 in zlib1g Build-Depends version.Colin Watson
2014-02-12Policy version 3.9.5.Colin Watson
2014-02-12Drop some very old Conflicts and ReplacesColin Watson
Drop some very old Conflicts and Replaces (ssh (<< 1:3.8.1p1-9), rsh-client (<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-nonfree (<< 2), and openssh-client (<< 1:3.8.1p1-11)). These all relate to pre-etch versions, for which we no longer have maintainer script code, and per policy they would have to become Breaks nowadays anyway.
2014-02-12Refer to /usr/share/common-licenses/GPL-2 in debian/copyright (for the ↵Colin Watson
Debian patch) rather than plain GPL.
2014-02-12Remove unnecessary /dev/null testsColin Watson
Remove tests for whether /dev/null is a character device from the Upstart job and the systemd service files; it's there to avoid a confusing failure mode in daemon(), but with modern init systems we use the -D option to suppress daemonisation anyway.
2014-02-12Reorder transition code by guard version.Colin Watson
2014-02-12Bump guard version for sysvinit->systemd transition to 1:6.5p1-3; we may ↵Colin Watson
have got it wrong before, and it's fairly harmless to repeat it.
2014-02-12Fix sysvinit->systemd transition codeColin Watson
We need to cope with still-running sysvinit jobs being considered active by systemd (thanks, Uoti Urpala and Michael Biebl).
2014-02-12Avoid stdout noise from which(1) on purge of openssh-client.Colin Watson
2014-02-12Stop claiming that "Protocol 2" is a Debian-specific defaultColin Watson
This has been upstream's default since 5.4p1.
2014-02-12Unbreak case-sensitive matching of ssh_configDamien Miller
- djm@cvs.openbsd.org 2014/02/04 00:24:29 [ssh.c] delay lowercasing of hostname until right before hostname canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@ Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170 Bug-Debian: http://bugs.debian.org/738619 Forwarded: not-needed Last-Update: 2014-02-11 Patch-Name: fix-case-sensitive-matching.patch
2014-02-12Various Debian-specific configuration changesColin Watson
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside PermitRootLogin default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2014-02-12 Patch-Name: debian-config.patch
2014-02-12Adjust section title too.Colin Watson
2014-02-11Clarify socket activation mode in README.Debian, as suggested by Uoti Urpala.Colin Watson
2014-02-11releasing package openssh version 1:6.5p1-2Colin Watson
2014-02-11Backport upstream patch to unbreak case-sensitive matching of ssh_config ↵Colin Watson
(closes: #738619).
2014-02-11Unbreak case-sensitive matching of ssh_configDamien Miller
- djm@cvs.openbsd.org 2014/02/04 00:24:29 [ssh.c] delay lowercasing of hostname until right before hostname canonicalisation to unbreak case-sensitive matching of ssh_config; reported by Ike Devolder; ok markus@ Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170 Bug-Debian: http://bugs.debian.org/738619 Forwarded: not-needed Last-Update: 2014-02-11 Patch-Name: fix-case-sensitive-matching.patch
2014-02-11Only enable ssh.service for systemd, not both ssh.service and ssh.socket. ↵Colin Watson
Thanks to Michael Biebl for spotting this.
2014-02-10releasing package openssh version 1:6.5p1-1Colin Watson
2014-02-10Drop After=syslog.target; this is obsolete according to Lintian.Colin Watson
2014-02-10Add systemd support (thanks, Sven Joachim; closes: #676830).Colin Watson
2014-02-10Stop manually creating /usr/share/lintian/overrides; dh_lintian handles this.Colin Watson
2014-02-10Drop long-obsolete "SSH now uses protocol 2 by default" section from ↵Colin Watson
README.Debian.
2014-02-10Generate ED25519 host keys on fresh installations.Colin Watson
Upgraders who wish to add such host keys should manually add 'HostKey /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
2014-02-10Close some bugs related to ssh-vulnkey.Colin Watson
2014-02-10Incorporate default path changes from shadow 1:4.0.18.1-8, removing ↵Colin Watson
/usr/bin/X11 (closes: #644521).
2014-02-10Add the pam_keyinit session module, to create a new session keyring on login ↵Colin Watson
(closes: #734816).
2014-02-10Merge 6.5p1.Colin Watson
* New upstream release (http://www.openssh.com/txt/release-6.5, LP: #1275068): - ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names (closes: #115286).
2014-02-10Support synchronisation with service supervisor using SIGSTOPColin Watson
Forwarded: no Last-Update: 2013-09-14 Patch-Name: sigstop.patch
2014-02-10Various Debian-specific configuration changesColin Watson
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by default. sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside PermitRootLogin default. Document all of this, along with several sshd defaults set in debian/openssh-server.postinst. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: debian-config.patch
2014-02-10Give the ssh-askpass-gnome window a default iconVincent Untz
Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch
2014-02-10Disable OpenSSL version checkPhilip Hands
OpenSSL's SONAME is sufficient nowadays. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: http://bugs.debian.org/93581 Bug-Debian: http://bugs.debian.org/664383 Forwarded: not-needed Last-Update: 2013-12-23 Patch-Name: no-openssl-version-check.patch
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-08 17:14:06 +0000