summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2016-07-29debian/openssh-server.if-up: Don't block on a finished reload of openssh.serviceMartin Pitt
This avoids deadlocking with restarting networking. LP: #1584393
2016-07-29Add systemd user unit for graphical sessions that use systemdMartin Pitt
Override the corresponding upstart job in that case.
2016-07-29Add debian/agent-launch: Helper script for conditionally starting the SSH ↵Martin Pitt
agent in the user session Use it in ssh-agent.user-session.upstart. This will also be used in a corresponding systemd user unit. This replaces the backgrounded "ssh-agent -s" with a foreground task which works more nicely with modern init systems for logging/debugging and starting/stopping. Also use a fixed socket file name in $XDG_RUNTIME_DIR -- under both upstart and systemd we can assume this, and it allows restarting the service in a running session.
2016-07-29Stop enabling ssh-session-cleanup.service by default; instead, ship it as an ↵Colin Watson
example and add a section to README.Debian. libpam-systemd >= 230 and "UsePAM yes" should take care of the original problem for most systemd users (thanks, Michael Biebl; closes: #832155).
2016-07-23releasing package openssh version 1:7.2p2-7Colin Watson
2016-07-23Add note about upgrade problems.Colin Watson
2016-07-23Recommend libpam-systemd from openssh-server. It's a much better solution ↵Colin Watson
than the above for systemd users, but I'm wary of depending on it in case I cause an assortment of exciting dependency problems on upgrade for non-systemd users.
2016-07-23Don't stop the ssh-session-cleanup service on upgrade (closes: #832155).Colin Watson
2016-07-22releasing package openssh version 1:7.2p2-6Colin Watson
2016-07-22Fix typo.Colin Watson
2016-07-22Stop generating DSA host keys by default (thanks, Santiago Vila; closes: ↵Colin Watson
#823827).
2016-07-22Add a session cleanup script and a systemd unit file to trigger it, which ↵Colin Watson
serves to terminate SSH sessions cleanly if systemd doesn't do that itself, often because libpam-systemd is not installed (thanks, Vivek Das Mohapatra, Tom Hutter, and others; closes: #751636).
2016-07-22Backport upstream patch to close ControlPersist background process stderr ↵Colin Watson
when not in debug mode or when logging to a file or syslog (closes: #714526).
2016-07-22Close #831902.Colin Watson
2016-07-22CVE-2016-6210: Mitigate user enumeration via covert timing channel.Colin Watson
2016-06-06Retroactively add a NEWS.Debian entry for the UseDNS change in 6.9 (see LP ↵Colin Watson
#1588457).
2016-05-16Set SSH_PROGRAM=/usr/bin/ssh1 when building openssh-client-ssh1 so that scp1 ↵Colin Watson
works (reported by Olivier MATZ).
2016-05-03Copy summary of supported SFTP protocol versions from upstream's PROTOCOL ↵Colin Watson
file into the openssh-sftp-server package description (closes: #766887).
2016-04-30debian/watch: Switch to HTTP (thanks, Nicholas Luedtke; closes: #822997).Colin Watson
2016-04-28releasing package openssh version 1:7.2p2-5Colin Watson
2016-04-28Backport upstream patch to unbreak authentication using lone certificate ↵Colin Watson
keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself (thanks, Paul Querna; LP: #1575961).
2016-04-15releasing package openssh version 1:7.2p2-4Colin Watson
2016-04-15Policy version 3.9.7: no changes required.Colin Watson
2016-04-15Drop dependency on libnss-files-udeb (closes: #819686).Colin Watson
2016-04-13releasing package openssh version 1:7.2p2-3Colin Watson
2016-04-13CVE-2015-8325: Ignore PAM environment vars when UseLogin=yes.Colin Watson
2016-04-06Fill in CVE-2016-3115 identifier.Colin Watson
2016-04-03Change all openssh.org references to openssh.com (closes: #819213).Colin Watson
2016-03-21releasing package openssh version 1:7.2p2-2Colin Watson
2016-03-21Fix kexgss_server to cope with DH_GRP_MIN/DH_GRP_MAX being stricter on the ↵Colin Watson
server end than the client (thanks, Damien Miller; closes: #817870, LP: #1558576).
2016-03-10releasing package openssh version 1:7.2p2-1Colin Watson
2016-03-10New upstream release (7.2p2).Colin Watson
2016-03-10releasing package openssh version 1:7.2p1-1Colin Watson
2016-03-08New upstream release (7.2).Colin Watson
2016-01-27Use HTTPS for Vcs-* URLs, and link to cgit rather than gitweb.Colin Watson
2016-01-17releasing package openssh version 1:7.1p2-2Colin Watson
2016-01-17Remove protocol 1 host key generation from openssh-server.postinst (closes: ↵Colin Watson
#811265).
2016-01-17releasing package openssh version 1:7.1p2-1Colin Watson
2016-01-14New upstream release (7.1p2).Colin Watson
2016-01-04releasing package openssh version 1:7.1p1-6Colin Watson
2016-01-04Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little later in ↵Colin Watson
ssh_kex2 so that it's actually effective (closes: #809696).
2016-01-04Allow authenticating as root using gssapi-keyex even with "PermitRootLogin ↵Colin Watson
prohibit-password" (closes: #809695).
2016-01-04Don't call sd_notify when sshd is re-execed (closes: #809035).Michael Biebl
2016-01-04Remove explicit "XS-Testsuite: autopkgtest" from debian/control; dpkg-source ↵Colin Watson
now figures that out automatically based on the existence of debian/tests/control.
2015-12-21releasing package openssh version 1:7.1p1-5Colin Watson
2015-12-21Add systemd readiness notification support (closes: #778913).Michael Biebl
2015-12-15releasing package openssh version 1:7.1p1-4Colin Watson
2015-12-15Backport upstream patch to unbreak connections with peers that set ↵Colin Watson
first_kex_follows (LP: #1526357).
2015-12-10releasing package openssh version 1:7.1p1-3Colin Watson
2015-12-10Redirect regression test input from /dev/zero, since otherwise conch will ↵Colin Watson
immediately send EOF.