Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-05-14 | ssh-vulnkey handles options in authorized_keys (LP: #230029). | Colin Watson | |
2008-05-14 | ignore debian/*.debhelper.log | Colin Watson | |
2008-05-14 | Add a FILES section to ssh-vulnkey(1) (thanks, Hugh Daniel). | Colin Watson | |
2008-05-13 | releasing version 1:4.7p1-9 | Colin Watson | |
2008-05-13 | changed ssh-vulnkey output | Colin Watson | |
2008-05-13 | update from mdz | Colin Watson | |
2008-05-13 | compression | Colin Watson | |
2008-05-13 | add repair instructions from Matt | Colin Watson | |
2008-05-13 | add CVE identifier for OpenSSL vulnerability | Colin Watson | |
2008-05-12 | * Mitigate OpenSSL security vulnerability: | Colin Watson | |
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.) | |||
2008-04-09 | Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-8. | Colin Watson | |
- CVE-2008-1657: Ignore ~/.ssh/rc if a sshd_config ForceCommand is specified. | |||
2008-04-06 | releasing version 1:4.7p1-8 | Colin Watson | |
2008-04-06 | urgency=high for security fixes | Colin Watson | |
2008-04-06 | Backport from Simon Wilkinson's GSSAPI key exchange patch for 5.0p1: | Colin Watson | |
- Add code to actually implement GSSAPIStrictAcceptorCheck, which had somehow been omitted from a previous version of this patch (closes: #474246). | |||
2008-04-06 | typo | Colin Watson | |
2008-04-06 | Backport from 4.9p1: | Colin Watson | |
- Ignore ~/.ssh/rc if a sshd_config ForcedCommand is specified (see http://www.securityfocus.com/bid/28531/info). - Add no-user-rc authorized_keys option to disable execution of ~/.ssh/rc. | |||
2008-04-04 | Tweak scp's reporting of filenames in verbose mode to be a bit less | Colin Watson | |
confusing with spaces (thanks, Nicolas Valcárcel; LP: #89945). | |||
2008-04-04 | Rename KeepAlive to TCPKeepAlive in sshd_config, cleaning up from old | Colin Watson | |
configurations (LP: #211400). | |||
2008-04-01 | Fill in CVE identifier for security vulnerability fixed in 1:4.7p1-5. | Colin Watson | |
- CVE-2008-1483: Don't use X11 forwarding port which can't be bound on all address families, preventing hijacking of X11 forwarding by | |||
2008-03-31 | releasing version 1:4.7p1-7 | Colin Watson | |
2008-03-31 | Ignore errors writing to oom_adj (closes: #473573). | Colin Watson | |
2008-03-30 | releasing version 1:4.7p1-6 | Colin Watson | |
2008-03-30 | * Disable the Linux kernel's OOM-killer for the sshd parent; tweak | Colin Watson | |
SSHD_OOM_ADJUST in /etc/default/ssh to change this (closes: #341767). | |||
2008-03-22 | releasing version 1:4.7p1-5 | Colin Watson | |
2008-03-22 | * Use printf rather than echo -en (a bashism) in openssh-server.config and | Colin Watson | |
openssh-server.preinst. | |||
2008-03-22 | more detail on #463011 | Colin Watson | |
2008-03-22 | * Patch from Red Hat / Fedora: | Colin Watson | |
- Don't use X11 forwarding port which can't be bound on all address families (closes: #463011). | |||
2008-03-18 | * Document in ssh(1) that '-S none' disables connection sharing | Colin Watson | |
(closes: #471437). | |||
2008-02-29 | * debconf template translations: | Colin Watson | |
- Update Finnish (thanks, Esko Arajärvi; closes: #468563). | |||
2008-02-27 | * Recommends: xauth rather than Suggests: xbase-clients. | Colin Watson | |
2008-02-13 | releasing version 1:4.7p1-4 | Colin Watson | |
2008-02-13 | closes: #465614 as well | Colin Watson | |
2008-02-08 | * Move /etc/pam.d/ssh to /etc/pam.d/sshd, allowing us to stop defining | Colin Watson | |
SSHD_PAM_SERVICE (closes: #255870). | |||
2008-02-04 | * Include the autogenerated debian/copyright in the source package. | Colin Watson | |
2008-02-04 | * Fix configure detection of getseuserbyname and | Colin Watson | |
get_default_context_with_level (LP: #188136). | |||
2008-02-01 | releasing version 1:4.7p1-3 | Colin Watson | |
2008-02-01 | * Allow passing temporary daemon parameters on the init script's command | Colin Watson | |
line, e.g. '/etc/init.d/ssh start "-o PermitRootLogin=yes"' (thanks, Marc Haber; closes: #458547). | |||
2008-02-01 | * Backport from upstream: | Colin Watson | |
- Use the correct packet maximum sizes for remote port and agent forwarding. Prevents the server from killing the connection if too much data is queued and an excessively large packet gets sent (https://bugzilla.mindrot.org/show_bug.cgi?id=1360). | |||
2008-01-12 | * Improve grammar of ssh-askpass-gnome description. | Colin Watson | |
2008-01-11 | releasing version 1:4.7p1-2 | Colin Watson | |
2008-01-11 | * Drop source-compatibility with Debian 3.0: | Colin Watson | |
- Remove support for building with GNOME 1. This allows simplification of our GNOME build-dependencies (see #460136). - Remove hacks to support the old PAM configuration scheme. - Remove compatibility for building without po-debconf. * Build-depend on libgtk2.0-dev rather than libgnomeui-dev. As far as I can see, the GTK2 version of ssh-askpass-gnome has never required libgnomeui-dev. | |||
2008-01-10 | * Add armel to architecture list for libselinux1-dev build-dependency | Colin Watson | |
(closes: #460136). | |||
2008-01-10 | * Pass --with-mantype=doc to configure rather than build-depending on | Colin Watson | |
groff (closes: #460121). | |||
2008-01-09 | * Adjust many relative links in faq.html to point to | Colin Watson | |
http://www.openssh.org/ (thanks, Dan Jacobson; mentioned in #459807). | |||
2007-12-24 | releasing version 1:4.7p1-1 | Colin Watson | |
2007-12-24 | * Policy version 3.7.3: no changes required. | Colin Watson | |
2007-12-24 | * Update copyright dates for Kerberos patch in debian/copyright.head. | Colin Watson | |
2007-12-24 | * Override desktop-file-but-no-dh_desktop-call lintian warning; the | Colin Watson | |
.desktop file is intentionally not installed (see 1:3.8.1p1-10). | |||
2007-12-24 | * Recode LICENCE to UTF-8 when concatenating it to debian/copyright. | Colin Watson | |
2007-12-24 | install debian/faq.html, not faq.html | Colin Watson | |