summaryrefslogtreecommitdiff
path: root/debian/rules
AgeCommit message (Collapse)Author
2010-01-31Install upstream sshd_config as an example (closes: #415008).Colin Watson
2010-01-31Link with -Wl,--as-needed (closes: #560155).Colin Watson
2010-01-25Drop change from 1:3.8p1-3 to avoid setresuid() and setresgid() systemColin Watson
calls. This only applied to Linux 2.2, which it's no longer feasible to run anyway (see 1:5.2p1-2 changelog).
2010-01-12Don't run tests when cross-compiling.Colin Watson
2010-01-12Use host compiler for ssh-askpass-gnome when cross-compiling.Colin Watson
2010-01-02Use hardening-includes for hardening logic (thanks, Kees Cook; closes:Colin Watson
#561887).
2009-08-28Build with just -fPIC on mips/mipsel, not -fPIE as well (thanks, LIU Qi;Colin Watson
closes: #538313).
2009-07-31Upgrade to debhelper v7.Colin Watson
2009-06-05this isn't needed, already removed aboveColin Watson
2009-06-05Remove /var/run/sshd from openssh-server package; it will be created atColin Watson
run-time before starting the server.
2009-06-05Build with -fPIC on mips/mipsel (thanks, Luk Claes; closes: #531942).Colin Watson
2009-01-28Add ufw integration (thanks, Didier Roche; seeColin Watson
https://wiki.ubuntu.com/UbuntuFirewall#Integrating%20UFW%20with%20Packages; LP: #261884).
2008-09-12Configure with --disable-strip; dh_strip will deal with strippingColin Watson
binaries and will honour DEB_BUILD_OPTIONS (thanks, Bernhard R. Link; closes: #498681).
2008-07-23Add lintian overrides for empty /usr/share/doc/openssh-clientColin Watson
directories in openssh-server and ssh (necessary due to being symlink targets).
2008-07-22Remove our local version of moduli(5) now that there's one upstream.Colin Watson
2008-06-08Update DEB_BUILD_OPTIONS parsing code from policy 3.8.0.Colin Watson
2008-06-08Drop openssh-client-udeb isinstallable hack, as main-menu (>= 1.26) nowColin Watson
takes care of that (thanks, Frans Pop; closes: #484404).
2008-05-20Generate two keys with the PID forced to the same value and test thatColin Watson
they differ, to defend against recurrences of the recent Debian OpenSSL vulnerability.
2008-05-13add repair instructions from MattColin Watson
2008-02-08* Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop definingColin Watson
SSHD_PAM_SERVICE (closes: #255870).
2008-02-04* Include the autogenerated debian/copyright in the source package.Colin Watson
2008-01-11* Drop source-compatibility with Debian 3.0:Colin Watson
- Remove support for building with GNOME 1. This allows simplification of our GNOME build-dependencies (see #460136). - Remove hacks to support the old PAM configuration scheme. - Remove compatibility for building without po-debconf. * Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I can see, the GTK2 version of ssh-askpass-gnome has never required libgnomeui-dev.
2008-01-10* Pass --with-mantype=doc to configure rather than build-depending onColin Watson
groff (closes: #460121).
2008-01-09* Adjust many relative links in faq.html to point toColin Watson
http://www.openssh.org/ (thanks, Dan Jacobson; mentioned in #459807).
2007-12-24* Recode LICENCE to UTF-8 when concatenating it to debian/copyright.Colin Watson
2007-12-24install debian/faq.html, not faq.htmlColin Watson
2007-12-24use real filename for FAQ ruleColin Watson
2007-12-24* Update moduli(5) to revision 1.11 from OpenBSD CVS.Colin Watson
2007-12-24* Refactor debian/rules configure and make invocations to make developmentColin Watson
easier.
2007-12-24* Install the OpenSSH FAQ in /usr/share/doc/openssh-client.Colin Watson
- Includes documentation on copying files with colons using scp (closes: #303453).
2007-11-17* Use autotools-dev's recommended configure --build and --host options.Colin Watson
2007-11-14* Don't build PIE executables on m68k (closes: #451192).Colin Watson
2007-11-12authorized_keys.5 belongs in openssh-serverColin Watson
2007-11-12* Don't ignore errors from 'make -C contrib clean'.Colin Watson
2007-11-12* Suppress error from debian/rules if lsb-release is not installed.Colin Watson
2007-07-05* Don't build PIE executables on hppa, as they crash.Colin Watson
2007-06-29fix syntaxColin Watson
2007-06-26* Only build PIE executables on Linux and NetBSD (closes: #430455).Colin Watson
2007-06-13* Add /etc/network/if-up.d/openssh-server to restart sshd when newColin Watson
interfaces appear (LP: #103436).
2007-06-12* If building on Ubuntu, add /sbin, /usr/sbin, and /usr/local/sbin to theColin Watson
default path.
2007-06-12* Build position-independent executables (only for debs, not for udebs) toColin Watson
take advantage of address space layout randomisation.
2007-06-12* Build the .deb --with-ssl-engine (LP: #119295).Colin Watson
2007-06-12* New upstream release (closes: #395507, #397961, #420035). ImportantColin Watson
changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi.
2006-12-23* It turns out that the people who told me that removing a conffile in theColin Watson
preinst was sufficient to have dpkg replace it without prompting when moving a conffile between packages were very much mistaken. As far as I can tell, the only way to do this reliably is to write out the desired new text of the conffile in the preinst. This is gross, and requires shipping the text of all conffiles in the preinst too, but there's nothing for it. Fortunately this nonsense is only required for smooth upgrades from sarge.
2006-12-06ssh-krb5 needs a copyright fileColin Watson
2006-12-06don't symlink /usr/share/doc/ssh-krb5; we have a separate NEWS file to put thereColin Watson
2006-12-06fix sed mistakeColin Watson
2006-12-06* Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_configColin Watson
to avoid unnecessary conffile resolution steps for administrators (thanks, Jari Aalto; closes: #335259).
2006-12-06* Create transitional ssh-krb5 package which enables GSSAPI configurationColin Watson
in sshd_config. * Default client to attempting GSSAPI authentication. * Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's found.
2006-05-12* Ship README.tun.Colin Watson