Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-05-21 | Recommend openssh-blacklist from openssh-client. | Colin Watson | |
2008-05-20 | Generate two keys with the PID forced to the same value and test that | Colin Watson | |
they differ, to defend against recurrences of the recent Debian OpenSSL vulnerability. | |||
2008-05-19 | Update Vietnamese (thanks, Clytie Siddall; closes: #481876). | Colin Watson | |
2008-05-19 | Update Bulgarian (thanks, Damyan Ivanov; closes: #481870). | Colin Watson | |
2008-05-19 | Update Basque (thanks, Piarres Beobide; closes: #481836). | Colin Watson | |
2008-05-18 | sync changelog credit with Last-Translator | Colin Watson | |
2008-05-18 | Update Portuguese (thanks, Rui Branco; closes: #481781). | Colin Watson | |
2008-05-18 | Update German (thanks, Helge Kreutzmann; closes: #481676). | Colin Watson | |
2008-05-17 | Update Czech (thanks, Miroslav Kure; closes: #481624). | Colin Watson | |
2008-05-17 | Update Japanese (thanks, Kenshi Muto; closes: #481621). | Colin Watson | |
2008-05-17 | Update Galician (thanks, Jacobo Tarrio; closes: #481596). | Colin Watson | |
2008-05-17 | Update Norwegian Bokmål (thanks, Bjørn Steensrud; closes: #481591). | Colin Watson | |
2008-05-17 | Update French (thanks, Christian Perrier; closes: #481576). | Colin Watson | |
2008-05-17 | Check RSA1 keys without the need for a separate blacklist. Thanks to | Colin Watson | |
Simon Tatham for the idea. | |||
2008-05-17 | debconf-updatepo | Colin Watson | |
2008-05-17 | Fix typo in ssh/vulnerable_host_keys message (thanks, Esko Arajärvi). | Colin Watson | |
2008-05-14 | releasing version 1:4.7p1-10 | Colin Watson | |
2008-05-14 | clarify | Colin Watson | |
2008-05-14 | ssh-vulnkey handles options in authorized_keys (LP: #230029). | Colin Watson | |
2008-05-14 | Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel). | Colin Watson | |
2008-05-13 | releasing version 1:4.7p1-9 | Colin Watson | |
2008-05-13 | add CVE identifier for OpenSSL vulnerability | Colin Watson | |
2008-05-12 | * Mitigate OpenSSL security vulnerability: | Colin Watson | |
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.) | |||
2008-04-09 | Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8. | Colin Watson | |
- CVE-2008-1657: Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified. | |||
2008-04-06 | releasing version 1:4.7p1-8 | Colin Watson | |
2008-04-06 | urgency=high for security fixes | Colin Watson | |
2008-04-06 | Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1: | Colin Watson | |
- Add code to actually implement GSSAPIStrictAcceptorCheck, which had somehow been omitted from a previous version of this patch (closes: #474246). | |||
2008-04-06 | typo | Colin Watson | |
2008-04-06 | Backport from 4.9p1: | Colin Watson | |
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see http://www.securityfocus.com/bid/28531/info). - Add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc. | |||
2008-04-04 | Tweak scp's reporting of filenames in verbose mode to be a bit less | Colin Watson | |
confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945). | |||
2008-04-04 | Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from old | Colin Watson | |
configurations (LP: #211400). | |||
2008-04-01 | Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5. | Colin Watson | |
- CVE-2008-1483: Don't use X11 forwarding port which can't be bound on all address families, preventing hijacking of X11 forwarding by | |||
2008-03-31 | releasing version 1:4.7p1-7 | Colin Watson | |
2008-03-31 | Ignore errors writing to oom_adj (closes: #473573). | Colin Watson | |
2008-03-30 | releasing version 1:4.7p1-6 | Colin Watson | |
2008-03-30 | * Disable the Linux kernel's OOM-killer for the sshd parent; tweak | Colin Watson | |
SSHD_OOM_ADJUST in /etc/default/ssh to change this (closes: #341767). | |||
2008-03-22 | releasing version 1:4.7p1-5 | Colin Watson | |
2008-03-22 | * Use printf rather than echo -en (a bashism) in openssh-server.config and | Colin Watson | |
openssh-server.preinst. | |||
2008-03-22 | more detail on #463011 | Colin Watson | |
2008-03-22 | * Patch from Red Hat / Fedora: | Colin Watson | |
- Don't use X11 forwarding port which can't be bound on all address families (closes: #463011). | |||
2008-03-18 | * Document in ssh(1) that '-S none' disables connection sharing | Colin Watson | |
(closes: #471437). | |||
2008-02-29 | * debconf template translations: | Colin Watson | |
- Update Finnish (thanks, Esko Arajärvi; closes: #468563). | |||
2008-02-27 | * Recommends: xauth rather than Suggests: xbase-clients. | Colin Watson | |
2008-02-13 | releasing version 1:4.7p1-4 | Colin Watson | |
2008-02-13 | closes: #465614 as well | Colin Watson | |
2008-02-08 | * Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop defining | Colin Watson | |
SSHD_PAM_SERVICE (closes: #255870). | |||
2008-02-04 | * Include the autogenerated debian/copyright in the source package. | Colin Watson | |
2008-02-04 | * Fix configure detection of getseuserbyname and | Colin Watson | |
get_default_context_with_level (LP: #188136). | |||
2008-02-01 | releasing version 1:4.7p1-3 | Colin Watson | |
2008-02-01 | * Allow passing temporary daemon parameters on the init script's command | Colin Watson | |
line, e.g. '/etc/init.d/ssh start "-o PermitRootLogin=yes"' (thanks, Marc Haber; closes: #458547). |