Age | Commit message (Collapse) | Author | |
---|---|---|---|
2010-03-31 | Drop Debian-specific removal of OpenSSL version check. Upstream ignores | Colin Watson | |
the two patchlevel nybbles now, which is sufficient to address the original reason this change was introduced, and it appears that any change in the major/minor/fix nybbles would involve a new libssl package name. (We'd still lose if the status nybble were ever changed, but that would mean somebody had packaged a development/beta version rather than a proper release, which doesn't appear to be normal practice.) | |||
2010-03-31 | ssh-vulnkey.patch: update another call to auth_key_is_revoked | Colin Watson | |
2010-03-31 | * New upstream release (LP: #535029). | Colin Watson | |
- After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. - Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is enabled by default in the Debian packaging, since it now doesn't involve additional library dependencies (closes: #231472, LP: #16918). - Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (closes: #482806). - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...". - Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian package, this overlaps with the key blacklisting facility added in openssh 1:4.7p1-9, but with different file formats and slightly different scopes; for the moment, I've roughly merged the two.) - Various multiplexing improvements, including support for requesting port-forwardings via the multiplex protocol (closes: #360151). - Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has (closes: #496843). - Many sftp client improvements, including tab-completion, more options, and recursive transfer support for get/put (LP: #33378). The old mget/mput commands never worked properly and have been removed (closes: #270399, #428082). - Do not prompt for a passphrase if we fail to open a keyfile, and log the reason why the open failed to debug (closes: #431538). - Prevent sftp from crashing when given a "-" without a command. Also, allow whitespace to follow a "-" (closes: #531561). | |||
2010-03-08 | Drop compatibility with the old gssapi mechanism used in ssh-krb5 << | Colin Watson | |
3.8.1p1-1. Simon Wilkinson refused this patch since the old gssapi mechanism was removed due to a serious security hole, and since these versions of ssh-krb5 are no longer security-supported by Debian I don't think there's any point keeping client compatibility for them. | |||
2010-03-01 | commentary from Jonathan (original patch author) on syslog-level-silent.patch | Colin Watson | |
2010-03-01 | existing upstream bug reference for quieter-signals.patch | Colin Watson | |
2010-03-01 | forwarded lintian-symlink-pickiness.patch | Colin Watson | |
2010-03-01 | forwarded old-gssapi.patch | Colin Watson | |
2010-03-01 | forwarded gssapi-compat.patch | Colin Watson | |
2010-03-01 | forwarded doc-hash-tab-completion.patch | Colin Watson | |
2010-03-01 | forwarded selinux-fix-chroot-directory.patch | Colin Watson | |
2010-03-01 | update Last-Update fields | Colin Watson | |
2010-03-01 | forwarded gnome-ssh-askpass2-link.patch | Colin Watson | |
2010-03-01 | forwarded doc-connection-sharing.patch | Colin Watson | |
2010-03-01 | forwarded ssh-copy-id-status-check.patch | Colin Watson | |
2010-03-01 | forwarded config-guess-sub.patch | Colin Watson | |
2010-03-01 | forwarded hurd-epfnosupport.patch | Colin Watson | |
2010-03-01 | forwarded authorized-keys-man-symlink.patch | Colin Watson | |
2010-03-01 | ssh-vulnkey.patch: fix offsets | Colin Watson | |
2010-02-28 | forwarded gssapi-dump.patch | Colin Watson | |
2010-02-28 | Add GSSAPIStoreCredentialsOnRekey to 'sshd -T' configuration dump. | Colin Watson | |
2010-02-28 | DEP-3 tagging of all remaining patches | Colin Watson | |
2010-02-28 | DEP-3 tagging of versioning and file system layout | Colin Watson | |
2010-02-28 | better patch name | Colin Watson | |
2010-02-28 | DEP-3 tagging of remaining miscellaneous bug fixes | Colin Watson | |
2010-02-27 | DEP-3 tagging for message adjustments, and start on miscellaneous bug fixes | Colin Watson | |
2010-02-27 | DEP-3 tagging of autotools, SELinux, key blacklisting, and keepalive patches | Colin Watson | |
2010-02-27 | DEP-3 tagging of GSSAPI patches; split old-gssapi.patch more appropriately | Colin Watson | |
2010-02-27 | Convert to source format 3.0 (quilt). | Colin Watson | |