summaryrefslogtreecommitdiff
path: root/debian/changelog
AgeCommit message (Collapse)Author
2011-09-06* New upstream release (http://www.openssh.org/txt/release-5.9).Colin Watson
- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
2011-07-29releasing version 1:5.8p1-7Colin Watson
2011-07-29Use 'dpkg-vendor --derives-from Ubuntu' to detect Ubuntu systems ratherColin Watson
than 'lsb_release -is' so that Ubuntu derivatives behave the same way as Ubuntu itself.
2011-07-29Only recommend ssh-import-id when built on Ubuntu (closes: #635887).Colin Watson
2011-07-28releasing version 1:5.8p1-6Colin Watson
2011-07-28* Merge from Ubuntu (Dustin Kirkland):Colin Watson
- openssh-server Recommends: ssh-import-id (no-op in Debian since that package doesn't exist there, but this reduces the Ubuntu delta).
2011-07-28Quieten logs when multiple from= restrictions are used in differentColin Watson
authorized_keys lines for the same key; it's still not ideal, but at least you'll only get one log entry per key (closes: #630606).
2011-07-28openssh-client and openssh-server Suggests: monkeysphere.Colin Watson
2011-07-24releasing version 1:5.8p1-5Colin Watson
2011-07-17* Backport from upstream:Colin Watson
- Make hostbased auth with ECDSA keys work correctly (closes: #633368).
2011-05-30update README.source tooColin Watson
2011-05-30Update Vcs-* fields for Alioth changes.Colin Watson
2011-04-13Drop openssh-server's dependency on openssh-blacklist to aColin Watson
recommendation (closes: #622604).
2011-04-04releasing version 1:5.8p1-4Colin Watson
2011-04-04Remove unreachable code from openssh-server.postinst.Colin Watson
2011-04-04Drop hardcoded dependencies on libssl0.9.8 and libcrypto0.9.8-udeb,Colin Watson
since the required minimum versions are rather old now anyway and openssl has bumped its SONAME (thanks, Julien Cristau; closes: #620828).
2011-03-18releasing version 1:5.8p1-3Colin Watson
2011-03-18Allow ssh-add to read from FIFOs (thanks, Daniel Kahn Gillmor; closes:Colin Watson
#614897).
2011-02-09Correct ssh-keygen instruction in the changelog for 1:5.7p1-1 (thanks,Colin Watson
Joel Stanley). -q -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa'.
2011-02-08releasing version 1:5.8p1-2Colin Watson
2011-02-08Upload to unstable.Colin Watson
2011-02-05releasing version 1:5.8p1-1Colin Watson
2011-02-05* New upstream release (http://www.openssh.org/txt/release-5.8):Colin Watson
- Fix stack information leak in legacy certificate signing (http://www.openssh.com/txt/legacy-cert.adv).
2011-01-27releasing version 1:5.7p1-2Colin Watson
2011-01-27Fix crash in ssh_selinux_setfscreatecon when SELinux is disabledColin Watson
(LP: #708571).
2011-01-27releasing version 1:5.7p1-1Colin Watson
2011-01-26adjust ECDSA commentary in changelog - we aren't generating ECDSA host keys ↵Colin Watson
on upgrades
2011-01-26changelog for GSSAPI updateColin Watson
2011-01-25Rearrange selinux-role.patch so that it links properly given thisColin Watson
SELinux build fix.
2011-01-25Backport SELinux build fix from CVS.Colin Watson
2011-01-24Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.Colin Watson
2011-01-24Generate ECDSA host keys. These will only be used on freshColin Watson
installations or if you manually add 'HostKey /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
2011-01-24* New upstream release (http://www.openssh.org/txt/release-5.7):Colin Watson
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. - sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command. - scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host (closes: #508613). - ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races (closes: #454784). Stale server sockets are now automatically removed (closes: #523250). - ssh(1): install a SIGCHLD handler to reap expired child process (closes: #594687). - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories (closes: #357469, although only if you arrange for ssh-agent to actually see $TMPDIR since the setgid bit will cause it to be stripped off).
2010-12-30releasing version 1:5.6p1-3Colin Watson
2010-12-30* Merge 1:5.5p1-6.Colin Watson
2010-12-27releasing version 1:5.5p1-6Colin Watson
2010-12-26Touch /var/run/sshd/.placeholder in the preinst so that /var/run/sshd,Colin Watson
which is intentionally no longer shipped in the openssh-server package due to /var/run often being a temporary directory, is not removed on upgrade (closes: #575582).
2010-11-02Drop override for desktop-file-but-no-dh_desktop-call, which Lintian noColin Watson
longer issues.
2010-10-26releasing version 1:5.6p1-2Colin Watson
2010-10-26Backport upstream patch to install a SIGCHLD handler to reap expired sshColin Watson
child processes, preventing lots of zombies when using ControlPersist (closes: #594687).
2010-08-24releasing version 1:5.6p1-1Colin Watson
2010-08-23* New upstream release (http://www.openssh.com/txt/release-5.6):Colin Watson
- Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity (closes: #335697, #350898, #454787, #500573, #550262). - Support AuthorizedKeysFile, AuthorizedPrincipalsFile, HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5) Match blocks (closes: #549858). - sftp(1): fix ls in working directories that contain globbing characters in their pathnames (LP: #530714).
2010-08-23releasing version 1:5.5p1-5Colin Watson
2010-08-13* debconf template translations:Colin Watson
- Update Danish (thanks, Joe Hansen; closes: #592800).
2010-08-05Use an architecture wildcard for libselinux1-dev (closes: #591740).Colin Watson
2010-05-22releasing version 1:5.5p1-4Colin Watson
2010-05-22Check primary group memberships as well as supplementary groupColin Watson
memberships, and only allow group-writability by groups with exactly one member, as zero-member groups are typically used by setgid binaries rather than being user-private groups (closes: #581697).
2010-05-22Allow ~/.ssh/authorized_keys and other secure files to beColin Watson
group-writable, provided that the group in question contains only the file's owner; this extends a patch previously applied to ~/.ssh/config (closes: #581919).
2010-05-04Add powerpcspe to architecture list for libselinux1-dev build-dependencySebastian Andrzej Siewior
(closes: #579843).
2010-04-28releasing version 1:5.5p1-3Colin Watson