Age | Commit message (Collapse) | Author |
|
|
|
/usr/lib/openssh/sftp-server (closes: #312891).
|
|
are available.
|
|
- Added SELinux capability, and turned it on be default. Added
restorecon calls in preinst and postinst (should not matter if the
machine is not SELinux aware). By and large, the changes made should
have no effect unless the rules file calls --with-selinux; and even
then there should be no performance hit for machines not actively
running SELinux.
- Modified the preinst and postinst to call restorecon to set the
security context for the generated public key files.
- Added a comment to /etc/pam.d/ssh to indicate that an SELinux system
may want to also include pam_selinux.so.
|
|
|
|
|
|
|
|
|
|
to "yes" in /etc/ssh/ssh_config), having a debconf question to ask whether
it should be setuid is overkill, and the question text had got out of date
anyway. Remove this question, ship ssh-keysign setuid in
openssh-client.deb, and set a statoverride if the debconf question was
previously set to false.
|
|
configuration files to match (closes: #87900, #151321).
|
|
(closes: #295757, #308868, and possibly others; may open other bugs).
Use PAM password authentication to avoid #278394. In future I may
provide two sets of binaries built with and without this option, since
it seems I can't win.
|
|
satisfy build-dependencies.
|
|
- Link with -lcrypt.
- Link with -lpthread rather than -pthread.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Enable threading for PAM, on Sam Hartman's advice (closes: #278394).
|
|
* Preserve /etc/ssh/sshd_config ownership/permissions (closes: #276754).
* Shorten the version string from the form "OpenSSH_3.8.1p1 Debian
1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
implementations apparently have problems with the long version string.
This is of course a bug in those implementations, but since the extent
of the problem is unknown it's best to play safe (closes: #275731).
* debconf template translations:
- Add Finnish (thanks, Matti Pöllä; closes: #265339).
- Update Danish (thanks, Morten Brix Pedersen; closes: #275895).
- Update French (thanks, Denis Barbier; closes: #276703).
- Update Japanese (thanks, Kenshi Muto; closes: #277438).
|
|
1:3.8.1p1-8.sarge.1" to "OpenSSH_3.8.1p1 Debian-8.sarge.1", as some SSH
implementations apparently have problems with the long version string. This
is of course a bug in those implementations, but since the extent of the
problem is unknown it's best to play safe (closes: #275731).
|
|
|
|
many GNOME people tell me it's the wrong thing to be doing. I've left it in
/usr/share/doc/ssh-askpass-gnome/examples/ for now.
|
|
|
|
(closes: #39741). openssh-server depends on openssh-client for some
common functionality; it didn't seem worth creating yet another package
for this.
* New transitional ssh package, depending on openssh-client and
openssh-server. May be removed once nothing depends on it.
* When upgrading from ssh to openssh-{client,server}, it's very difficult
for the maintainer scripts to find out what version we're upgrading from
without dodgy dpkg hackery. I've therefore taken the opportunity to move
a couple of debconf notes into NEWS files, namely ssh/ssh2_keys_merged
and ssh/user_environment_tell.
* In general, upgrading to this version directly from woody without first
upgrading to the version in sarge is not currently guaranteed to work
very smoothly due to the aforementioned version discovery problems.
|
|
cvs up -jV_3_8_1_P1-4 -jV_3_8_1_P1-8
|
|
Blank's request (closes: #260800).
|
|
|
|
to get openssh-client-udeb to show up as a retrievable debian-installer
component.
|
|
oh well.
|
|
|
|
|
|
|
|
|
|
#242462, awaiting real fix upstream).
|
|
debian-installer. They still need libnss_files to be supplied in udeb form
by glibc.
|
|
|
|
still in the source, so this only addresses part of #211640 rather than
closing it). It isn't DFSG-free and only documents the obsolete SSH1
protocol, not to mention that it was never a real RFC but only an
Internet-Draft. It's available from
http://www.free.lp.se/bamse/draft-ylonen-ssh-protocol-00.txt if you want it
for some reason.
|
|
use them. setreuid() and setregid() will do well enough for our purposes
(closes: #239999).
|
|
multiple builds.
|
|
to grep for things.
|
|
_FILE_OFFSET_BITS) came from, but it doesn't seem to be necessary any more.
Remove it.
|
|
cvs up -jV_3_6_1_P2-9 -jV_3_6_1_P2-10
|
|
works, and so that it survives repeated runs of 'debian/rules binary'.
|
|
/etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959).
Add more commentary to /etc/pam.d/ssh.
|
|
are no longer necessary.
|
|
|
|
|
|
|