Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
We now ignore the wildcard if we have another matching key -- even if
the wildcard entry comes first in authorized_keys.
This is how it worked before the forward port.
|
|
|
|
|
|
|
|
Closes: #984940
|
|
Origin: upstream, https://ftp.openbsd.org/pub/OpenBSD/patches/6.8/common/015_sshagent.patch.sig
Bug-Debian: https://bugs.debian.org/984940
Last-Update: 2021-03-13
Patch-Name: ssh-agent-double-free.patch
|
|
|
|
Closes: #982705
|
|
|
|
Closes: #975540
|
|
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=d9e727dcc04a52caaac87543ea1d230e9e6b5604
Bug: https://github.com/openssh/openssh-portable/pull/206
Bug-Debian: https://bugs.debian.org/975540
Bug-Debian: https://bugs.debian.org/976242
Last-Update: 2020-12-02
Patch-Name: ssh-copy-id-heredoc-syntax.patch
|
|
|
|
|
|
This reverts commit 5b56bd0affea7b02b540bdbc4d1d271b0e4fc885. The bug
reporter wasn't actually using x32, but rather an ordinary 32-bit
userspace on a 64-bit kernel; this patch broke the seccomp sandbox on
the actual x32 architecture.
Patch-Name: revert-x32-sandbox-breakage.patch
|
|
|
|
|
|
This reverts commit 5ee8448ad7c306f05a9f56769f95336a8269f379.
The IPQoS default changes have some unfortunate interactions with
iptables (see https://bugs.debian.org/923880) and VMware, so I'm
temporarily reverting them until those have been fixed.
Bug-Debian: https://bugs.debian.org/923879
Bug-Debian: https://bugs.debian.org/926229
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1822370
Last-Update: 2019-04-08
Patch-Name: revert-ipqos-defaults.patch
|
|
Twisted Conch fails to read private keys in the new format
(https://twistedmatrix.com/trac/ticket/9515). Work around this until it
can be fixed in Twisted.
Forwarded: not-needed
Last-Update: 2019-10-09
Patch-Name: conch-old-privkey-format.patch
|
|
Upstream seems to intend to gradually phase this out, so don't assume
that this will remain the default forever. However, we were late in
adopting the upstream sshd_config changes, so it makes sense to extend
the grace period.
Bug-Debian: https://bugs.debian.org/852320
Forwarded: not-needed
Last-Update: 2017-03-05
Patch-Name: restore-authorized_keys2.patch
|
|
ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
fewer problems with existing setups (http://bugs.debian.org/237021).
ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
worms.
ssh: Enable GSSAPIAuthentication by default.
ssh: Include /etc/ssh/ssh_config.d/*.conf.
sshd: Enable PAM, disable ChallengeResponseAuthentication, and disable
PrintMotd.
sshd: Enable X11Forwarding.
sshd: Set 'AcceptEnv LANG LC_*' by default.
sshd: Change sftp subsystem path to /usr/lib/openssh/sftp-server.
sshd: Include /etc/ssh/sshd_config.d/*.conf.
Document all of this.
Author: Russ Allbery <rra@debian.org>
Forwarded: not-needed
Last-Update: 2020-10-18
Patch-Name: debian-config.patch
|
|
Bug-Debian: https://bugs.debian.org/778913
Forwarded: no
Last-Update: 2017-08-22
Patch-Name: systemd-readiness.patch
|
|
Bug-Ubuntu: https://bugs.launchpad.net/bugs/27152
Last-Update: 2010-02-28
Patch-Name: gnome-ssh-askpass2-icon.patch
|
|
There is no reason to check the version of OpenSSL (in Debian). If it's
not compatible the soname will change. OpenSSH seems to want to do a
check for the soname based on the version number, but wants to keep the
status of the release the same. Remove that check on the status since
it doesn't tell you anything about how compatible that version is.
Author: Colin Watson <cjwatson@debian.org>
Bug-Debian: https://bugs.debian.org/93581
Bug-Debian: https://bugs.debian.org/664383
Bug-Debian: https://bugs.debian.org/732940
Forwarded: not-needed
Last-Update: 2014-10-07
Patch-Name: no-openssl-version-status.patch
|
|
Bug-Debian: http://bugs.debian.org/711623
Forwarded: no
Last-Update: 2020-02-21
Patch-Name: ssh-agent-setgid.patch
|