summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-03-13move repos to public hostAndrew Cady
2021-03-13submodules will gitignore build productsAndrew Cady
2021-03-13make gitignore (convenience target)Andrew Cady
2021-03-13gitignore build productsAndrew Cady
2021-03-13add support for building submodules with makeAndrew Cady
2021-03-13disable systemd Type=notify, since it just times outAndrew Cady
2021-03-13backport to stretch by backporting two build deps as git submodulesAndrew Cady
2021-03-13gitignore build productsAndrew Cady
2021-03-13eliminate warning about const pointer castAndrew Cady
2021-03-13port forward to updated upstreamAndrew Cady
2021-03-13gitignoreAndrew Cady
2021-03-13use mk-build-deps instead of apt-get build-depAndrew Cady
2021-03-13Makefile: "make install" optimizationAndrew Cady
2021-03-13add MakefileAndrew Cady
2021-03-13Comment our functionAndrew Cady
2021-03-13conditional is more clear nowAndrew Cady
2021-03-13Restore wildcard semanticsAndrew Cady
We now ignore the wildcard if we have another matching key -- even if the wildcard entry comes first in authorized_keys. This is how it worked before the forward port.
2021-03-13variable renames, store key typeAndrew Cady
2021-03-13Added wildcard authorization for authorized_keys.joe
2021-03-13releasing package openssh version 1:8.4p1-5Colin Watson
2021-03-13CVE-2021-28041: Fix double free in ssh-agent(1)Colin Watson
Closes: #984940
2021-03-13Double free in ssh-agent(1)Colin Watson
Origin: upstream, https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig Bug-Debian: https://bugs.debian.org/984940 Last-Update: 2021-03-13 Patch-Name: ssh-agent-double-free.patch
2021-02-15releasing package openssh version 1:8.4p1-4Colin Watson
2021-02-15Avoid using libmd's <sha2.h> even if it's installedColin Watson
Closes: #982705
2020-12-02releasing package openssh version 1:8.4p1-3Colin Watson
2020-12-02Fix `EOF: command not found` error in ssh-copy-idColin Watson
Closes: #975540
2020-12-02Fix `EOF: command not found` error in ssh-copy-idOleg
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=d9e727dcc04a52caaac87543ea1d230e9e6b5604 Bug: https://github.com/openssh/openssh-portable/pull/206 Bug-Debian: https://bugs.debian.org/975540 Bug-Debian: https://bugs.debian.org/976242 Last-Update: 2020-12-02 Patch-Name: ssh-copy-id-heredoc-syntax.patch
2020-10-26releasing package openssh version 1:8.4p1-2Colin Watson
2020-10-26Revert incorrect upstream x32 seccomp patchColin Watson
2020-10-26Revert "detect Linux/X32 systems"Colin Watson
This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885. The bug reporter wasn't actually using x32, but rather an ordinary 32-bit userspace on a 64-bit kernel; this patch broke the seccomp sandbox on the actual x32 architecture. Patch-Name: revert-x32-sandbox-breakage.patch
2020-10-20releasing package openssh version 1:8.4p1-1Colin Watson
2020-10-20New upstream release (8.4p1)Colin Watson
2020-10-18Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for"Colin Watson
This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379. The IPQoS default changes have some unfortunate interactions with iptables (see https://bugs.debian.org/923880) and VMware, so I'm temporarily reverting them until those have been fixed. Bug-Debian: https://bugs.debian.org/923879 Bug-Debian: https://bugs.debian.org/926229 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1822370 Last-Update: 2019-04-08 Patch-Name: revert-ipqos-defaults.patch
2020-10-18Work around conch interoperability failureColin Watson
Twisted Conch fails to read private keys in the new format (https://twistedmatrix.com/trac/ticket/9515). Work around this until it can be fixed in Twisted. Forwarded: not-needed Last-Update: 2019-10-09 Patch-Name: conch-old-privkey-format.patch
2020-10-18Restore reading authorized_keys2 by defaultColin Watson
Upstream seems to intend to gradually phase this out, so don't assume that this will remain the default forever. However, we were late in adopting the upstream sshd_config changes, so it makes sense to extend the grace period. Bug-Debian: https://bugs.debian.org/852320 Forwarded: not-needed Last-Update: 2017-03-05 Patch-Name: restore-authorized_keys2.patch
2020-10-18Various Debian-specific configuration changesColin Watson
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause fewer problems with existing setups (http://bugs.debian.org/237021). ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024). ssh: Enable HashKnownHosts by default to try to limit the spread of ssh worms. ssh: Enable GSSAPIAuthentication by default. ssh: Include /etc/ssh/ssh_config.d/*.conf. sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable PrintMotd. sshd: Enable X11Forwarding. sshd: Set 'AcceptEnv LANG LC_*' by default. sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server. sshd: Include /etc/ssh/sshd_config.d/*.conf. Document all of this. Author: Russ Allbery <rra@debian.org> Forwarded: not-needed Last-Update: 2020-10-18 Patch-Name: debian-config.patch
2020-10-18Add systemd readiness notification supportMichael Biebl
Bug-Debian: https://bugs.debian.org/778913 Forwarded: no Last-Update: 2017-08-22 Patch-Name: systemd-readiness.patch
2020-10-18Give the ssh-askpass-gnome window a default iconVincent Untz
Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152 Last-Update: 2010-02-28 Patch-Name: gnome-ssh-askpass2-icon.patch
2020-10-18Don't check the status field of the OpenSSL versionKurt Roeckx
There is no reason to check the version of OpenSSL (in Debian). If it's not compatible the soname will change. OpenSSH seems to want to do a check for the soname based on the version number, but wants to keep the status of the release the same. Remove that check on the status since it doesn't tell you anything about how compatible that version is. Author: Colin Watson <cjwatson@debian.org> Bug-Debian: https://bugs.debian.org/93581 Bug-Debian: https://bugs.debian.org/664383 Bug-Debian: https://bugs.debian.org/732940 Forwarded: not-needed Last-Update: 2014-10-07 Patch-Name: no-openssl-version-status.patch
2020-10-18Document consequences of ssh-agent being setgid in ssh-agent(1)Colin Watson
Bug-Debian: http://bugs.debian.org/711623 Forwarded: no Last-Update: 2020-02-21 Patch-Name: ssh-agent-setgid.patch
2020-10-18Document that HashKnownHosts may break tab-completionColin Watson
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1727 Bug-Debian: http://bugs.debian.org/430154 Last-Update: 2013-09-14 Patch-Name: doc-hash-tab-completion.patch
2020-10-18ssh(1): Refer to ssh-argv0(1)Colin Watson
Old versions of OpenSSH (up to 2.5 or thereabouts) allowed creating symlinks to ssh with the name of the host you want to connect to. Debian ships an ssh-argv0 script restoring this feature; this patch refers to its manual page from ssh(1). Bug-Debian: http://bugs.debian.org/111341 Forwarded: not-needed Last-Update: 2013-09-14 Patch-Name: ssh-argv0.patch
2020-10-18Adjust various OpenBSD-specific references in manual pagesColin Watson
No single bug reference for this patch, but history includes: http://bugs.debian.org/154434 (login.conf(5)) http://bugs.debian.org/513417 (/etc/rc) http://bugs.debian.org/530692 (ssl(8)) https://bugs.launchpad.net/bugs/456660 (ssl(8)) Forwarded: not-needed Last-Update: 2017-10-04 Patch-Name: openbsd-docs.patch
2020-10-18Install authorized_keys(5) as a symlink to sshd(8)Tomas Pospisek
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1720 Bug-Debian: http://bugs.debian.org/441817 Last-Update: 2013-09-14 Patch-Name: authorized-keys-man-symlink.patch
2020-10-18Add DebianBanner server configuration optionKees Cook
Setting this to "no" causes sshd to omit the Debian revision from its initial protocol handshake, for those scared by package-versioning.patch. Bug-Debian: http://bugs.debian.org/562048 Forwarded: not-needed Last-Update: 2020-06-07 Patch-Name: debian-banner.patch
2020-10-18Include the Debian version in our identificationMatthew Vernon
This makes it easier to audit networks for versions patched against security vulnerabilities. It has little detrimental effect, as attackers will generally just try attacks rather than bothering to scan for vulnerable-looking version strings. (However, see debian-banner.patch.) Forwarded: not-needed Last-Update: 2019-06-05 Patch-Name: package-versioning.patch
2020-10-18Mention ssh-keygen in ssh fingerprint changed warningScott Moser
Author: Chris Lamb <lamby@debian.org> Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 Last-Update: 2017-08-22 Patch-Name: mention-ssh-keygen-on-keychange.patch
2020-10-18Force use of DNSSEC even if "options edns0" isn't in resolv.confColin Watson
This allows SSHFP DNS records to be verified if glibc 2.11 is installed. Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049 Last-Update: 2010-04-06 Patch-Name: dnssec-sshfp.patch
2020-10-18Look for $SHELL on the path for ProxyCommand/LocalCommandColin Watson
There's some debate on the upstream bug about whether POSIX requires this. I (Colin Watson) agree with Vincent and think it does. Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 Bug-Debian: http://bugs.debian.org/492728 Last-Update: 2020-02-21 Patch-Name: shell-path.patch
2020-10-18Adjust scp quoting in verbose modeNicolas Valcárcel
Tweak scp's reporting of filenames in verbose mode to be a bit less confusing with spaces. This should be revised to mimic real shell quoting. Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945 Last-Update: 2010-02-27 Patch-Name: scp-quoting.patch
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-09 09:22:47 +0000