summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2012-03-19Disable OpenSSL version check again, as its SONAME is sufficientColin Watson
nowadays (closes: #664383).
2012-02-24releasing version 1:5.9p1-3Colin Watson
2012-02-24Move ssh-krb5 to Section: oldlibs.Colin Watson
2012-02-24slight simplificationColin Watson
2012-02-24Ignore errors writing to console in init script (closes: #546743).Colin Watson
2012-02-14* debconf template translations:Colin Watson
- Update Polish (thanks, Michał Kułach; closes: #659829).
2011-11-09releasing version 1:5.9p1-2Colin Watson
2011-11-09Mark openssh-client and openssh-server as Multi-Arch: foreign.Colin Watson
2011-09-08releasing version 1:5.9p1-1Colin Watson
2011-09-07Update OpenSSH FAQ to revision 1.112.Colin Watson
2011-09-07merge respun 5.9p1Colin Watson
2011-09-06* New upstream release (http://www.openssh.org/txt/release-5.9).Colin Watson
- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
2011-09-06actually, let's upstream-tag the revision with a tarball parent insteadColin Watson
2011-09-06keep bzr-builddeb happierColin Watson
2011-09-05bzr get -> bzr branchColin Watson
2011-07-29releasing version 1:5.8p1-7Colin Watson
2011-07-29Use 'dpkg-vendor --derives-from Ubuntu' to detect Ubuntu systems ratherColin Watson
than 'lsb_release -is' so that Ubuntu derivatives behave the same way as Ubuntu itself.
2011-07-29Only recommend ssh-import-id when built on Ubuntu (closes: #635887).Colin Watson
2011-07-28releasing version 1:5.8p1-6Colin Watson
2011-07-28* Merge from Ubuntu (Dustin Kirkland):Colin Watson
- openssh-server Recommends: ssh-import-id (no-op in Debian since that package doesn't exist there, but this reduces the Ubuntu delta).
2011-07-28Quieten logs when multiple from= restrictions are used in differentColin Watson
authorized_keys lines for the same key; it's still not ideal, but at least you'll only get one log entry per key (closes: #630606).
2011-07-28openssh-client and openssh-server Suggests: monkeysphere.Colin Watson
2011-07-24releasing version 1:5.8p1-5Colin Watson
2011-07-17* Backport from upstream:Colin Watson
- Make hostbased auth with ECDSA keys work correctly (closes: #633368).
2011-05-30update README.source tooColin Watson
2011-05-30Update Vcs-* fields for Alioth changes.Colin Watson
2011-04-13Drop openssh-server's dependency on openssh-blacklist to aColin Watson
recommendation (closes: #622604).
2011-04-04releasing version 1:5.8p1-4Colin Watson
2011-04-04Remove unreachable code from openssh-server.postinst.Colin Watson
2011-04-04Drop hardcoded dependencies on libssl0.9.8 and libcrypto0.9.8-udeb,Colin Watson
since the required minimum versions are rather old now anyway and openssl has bumped its SONAME (thanks, Julien Cristau; closes: #620828).
2011-03-18releasing version 1:5.8p1-3Colin Watson
2011-03-18Allow ssh-add to read from FIFOs (thanks, Daniel Kahn Gillmor; closes:Colin Watson
#614897).
2011-02-09Correct ssh-keygen instruction in the changelog for 1:5.7p1-1 (thanks,Colin Watson
Joel Stanley). -q -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa'.
2011-02-08releasing version 1:5.8p1-2Colin Watson
2011-02-08Upload to unstable.Colin Watson
2011-02-05releasing version 1:5.8p1-1Colin Watson
2011-02-05* New upstream release (http://www.openssh.org/txt/release-5.8):Colin Watson
- Fix stack information leak in legacy certificate signing (http://www.openssh.com/txt/legacy-cert.adv).
2011-01-27releasing version 1:5.7p1-2Colin Watson
2011-01-27Fix crash in ssh_selinux_setfscreatecon when SELinux is disabledColin Watson
(LP: #708571).
2011-01-27releasing version 1:5.7p1-1Colin Watson
2011-01-26adjust ECDSA commentary in changelog - we aren't generating ECDSA host keys ↵Colin Watson
on upgrades
2011-01-26changelog for GSSAPI updateColin Watson
2011-01-26merge gssapi branchColin Watson
2011-01-25Rearrange selinux-role.patch so that it links properly given thisColin Watson
SELinux build fix.
2011-01-25Backport SELinux build fix from CVS.Colin Watson
2011-01-24Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support.Colin Watson
2011-01-24Generate ECDSA host keys. These will only be used on freshColin Watson
installations or if you manually add 'HostKey /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config.
2011-01-24* New upstream release (http://www.openssh.org/txt/release-5.7):Colin Watson
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. - sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command. - scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host (closes: #508613). - ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races (closes: #454784). Stale server sockets are now automatically removed (closes: #523250). - ssh(1): install a SIGCHLD handler to reap expired child process (closes: #594687). - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories (closes: #357469, although only if you arrange for ssh-agent to actually see $TMPDIR since the setgid bit will cause it to be stripped off).
2010-12-30releasing version 1:5.6p1-3Colin Watson
2010-12-30* Merge 1:5.5p1-6.Colin Watson