summaryrefslogtreecommitdiff
path: root/debian/rules
AgeCommit message (Collapse)Author
2008-05-20Generate two keys with the PID forced to the same value and test thatColin Watson
they differ, to defend against recurrences of the recent Debian OpenSSL vulnerability.
2008-05-13add repair instructions from MattColin Watson
2008-02-08* Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop definingColin Watson
SSHD_PAM_SERVICE (closes: #255870).
2008-02-04* Include the autogenerated debian/copyright in the source package.Colin Watson
2008-01-11* Drop source-compatibility with Debian 3.0:Colin Watson
- Remove support for building with GNOME 1. This allows simplification of our GNOME build-dependencies (see #460136). - Remove hacks to support the old PAM configuration scheme. - Remove compatibility for building without po-debconf. * Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I can see, the GTK2 version of ssh-askpass-gnome has never required libgnomeui-dev.
2008-01-10* Pass --with-mantype=doc to configure rather than build-depending onColin Watson
groff (closes: #460121).
2008-01-09* Adjust many relative links in faq.html to point toColin Watson
http://www.openssh.org/ (thanks, Dan Jacobson; mentioned in #459807).
2007-12-24* Recode LICENCE to UTF-8 when concatenating it to debian/copyright.Colin Watson
2007-12-24install debian/faq.html, not faq.htmlColin Watson
2007-12-24use real filename for FAQ ruleColin Watson
2007-12-24* Update moduli(5) to revision 1.11 from OpenBSD CVS.Colin Watson
2007-12-24* Refactor debian/rules configure and make invocations to make developmentColin Watson
easier.
2007-12-24* Install the OpenSSH FAQ in /usr/share/doc/openssh-client.Colin Watson
- Includes documentation on copying files with colons using scp (closes: #303453).
2007-11-17* Use autotools-dev's recommended configure --build and --host options.Colin Watson
2007-11-14* Don't build PIE executables on m68k (closes: #451192).Colin Watson
2007-11-12authorized_keys.5 belongs in openssh-serverColin Watson
2007-11-12* Don't ignore errors from 'make -C contrib clean'.Colin Watson
2007-11-12* Suppress error from debian/rules if lsb-release is not installed.Colin Watson
2007-07-05* Don't build PIE executables on hppa, as they crash.Colin Watson
2007-06-29fix syntaxColin Watson
2007-06-26* Only build PIE executables on Linux and NetBSD (closes: #430455).Colin Watson
2007-06-13* Add /etc/network/if-up.d/openssh-server to restart sshd when newColin Watson
interfaces appear (LP: #103436).
2007-06-12* If building on Ubuntu, add /sbin, /usr/sbin, and /usr/local/sbin to theColin Watson
default path.
2007-06-12* Build position-independent executables (only for debs, not for udebs) toColin Watson
take advantage of address space layout randomisation.
2007-06-12* Build the .deb --with-ssl-engine (LP: #119295).Colin Watson
2007-06-12* New upstream release (closes: #395507, #397961, #420035). ImportantColin Watson
changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
2006-12-23* It turns out that the people who told me that removing a conffile in theColin Watson
preinst was sufficient to have dpkg replace it without prompting when moving a conffile between packages were very much mistaken. As far as I can tell, the only way to do this reliably is to write out the desired new text of the conffile in the preinst. This is gross, and requires shipping the text of all conffiles in the preinst too, but there's nothing for it. Fortunately this nonsense is only required for smooth upgrades from sarge.
2006-12-06ssh-krb5 needs a copyright fileColin Watson
2006-12-06don't symlink /usr/share/doc/ssh-krb5; we have a separate NEWS file to put thereColin Watson
2006-12-06fix sed mistakeColin Watson
2006-12-06* Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_configColin Watson
to avoid unnecessary conffile resolution steps for administrators (thanks, Jari Aalto; closes: #335259).
2006-12-06* Create transitional ssh-krb5 package which enables GSSAPI configurationColin Watson
in sshd_config. * Default client to attempting GSSAPI authentication. * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's found.
2006-05-12* Ship README.tun.Colin Watson
2006-05-12* debian/rules: Resynchronise CFLAGS with that generated by configure.Colin Watson
2006-03-31* Switch to debhelper compatibility level 4, since we now requireColin Watson
debhelper 4 even on sarge anyway for udeb support.
2006-03-31* Use udeb support introduced in debhelper 4.2.0 (available in sarge)Colin Watson
rather than constructing udebs by steam. * Require debhelper 5.0.22, which generates correct shared library dependencies for udebs. This build-dependency can be ignored if building on sarge.
2006-03-01small path reorderings, really sync with /etc/login.defsColin Watson
2006-03-01* I accidentally applied the default $PATH change in 1:4.2p1-6 to the udebColin Watson
rather than the deb. Fixed.
2005-10-10* Sync default values of $PATH from shadow 1:4.0.12-6, adding /usr/bin/X11Colin Watson
to the normal and superuser paths and /usr/games to the normal path.
2005-09-15* Explicitly tell po2debconf to use the 'popular' output encoding, so thatColin Watson
the woody-compatibility hack works even with po-debconf 0.9.0.
2005-09-14 - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr.Colin Watson
2005-09-14* debian/rules: Resynchronise CFLAGS with that generated by configure.Colin Watson
2005-07-07Fix one-character typo that meant the binaries in openssh-client andColin Watson
openssh-server got recompiled with the wrong options during 'debian/rules install' (closes: #317088, #317238, #317241).
2005-07-03Disable btmp logging, since Debian's /var/log/btmp has inappropriateColin Watson
permissions (closes: #314956).
2005-07-03Ship README.dns (closes: #284874).Colin Watson
2005-07-03Make /usr/share/doc/openssh-server and /usr/share/doc/ssh symlinks toColin Watson
/usr/share/doc/openssh-client.
2005-06-17Switch to debhelper compat level 3, since 2 is deprecated.Colin Watson
2005-06-17Restore /usr/lib/sftp-server temporarily, as a symlink toColin Watson
/usr/lib/openssh/sftp-server (closes: #312891).
2005-06-17Re-enable ssh-askpass-gnome on the Hurd, now that its build-dependenciesColin Watson
are available.
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.