summaryrefslogtreecommitdiff
path: root/configure
AgeCommit message (Collapse)Author
2007-06-12* New upstream release (closes: #395507, #397961, #420035). ImportantColin Watson
changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
2007-06-12Import OpenSSH 4.6p1.Colin Watson
2006-12-06* Fix quoting error in configure.ac and regenerate configure (thanks, BenColin Watson
Pfaff; closes: #391248).
2006-10-27Incorporate Manoj's NMU:Colin Watson
* NMU to update SELinux patch, bringing it in line with current selinux releases. The patch for this NMU is simply the Bug#394795 patch, and no other changes. (closes: #394795)
2006-05-12* Update to current GSSAPI patch fromColin Watson
http://www.sxw.org.uk/computing/patches/openssh-4.3p2-gsskex-20060223.patch (closes: #352042).
2006-05-12Merge 4.3p2 to the trunk.Colin Watson
2006-05-12Import OpenSSH 4.3p2.Colin Watson
2005-09-14Merge 4.2p1 to the trunk.Colin Watson
2005-09-14Import OpenSSH 4.2p1.Colin Watson
2005-09-02* Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113).Colin Watson
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
2005-05-30Import OpenSSH 4.1p1.Colin Watson
2005-03-10Import OpenSSH 4.0p1.Colin Watson
2005-01-04Import OpenSSH 3.9p1.Colin Watson
2004-05-01Import OpenSSH 3.8.1p1.Colin Watson
2004-03-01Import OpenSSH 3.8p1.Colin Watson
2003-09-23Import OpenSSH 3.7.1p2.Colin Watson
2003-09-17Import OpenSSH 3.7p1.Colin Watson
2003-09-01Import OpenSSH 3.6.1p2.Colin Watson
2003-09-01Import OpenSSH 3.6p1.Colin Watson
2003-09-01Import OpenSSH 3.5p1.Colin Watson
2003-09-01Import OpenSSH 3.4p1.Colin Watson