summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2013-11-09Add CVE-2013-4548 identifier.Colin Watson
2013-11-09* New upstream release (http://www.openssh.com/txt/release-6.4).Colin Watson
- sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected (closes: #729029). Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv
2013-09-14* New upstream release (http://www.openssh.com/txt/release-6.3).Colin Watson
- sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option (closes: #158590). - ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives (closes: #436052). - sftp(1): update progressmeter when data is acknowledged, not when it's sent (partially addresses #708372). - ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened (closes: #651357).
2013-08-12When running under Upstart, only consider the daemon started once it isColin Watson
ready to accept connections (by raising SIGSTOP at that point and using "expect stop").
2013-07-02releasing version 1:6.2p2-6Colin Watson
2013-07-02Update config.guess and config.sub automatically at build time.Colin Watson
dh_autoreconf does not take care of that by default because openssh does not use automake.
2013-06-27releasing version 1:6.2p2-5Colin Watson
2013-06-27debian/rules: Include real distribution in SSH_EXTRAVERSION instead ofYolanda Robla
hardcoding Debian (LP: #1195342).
2013-06-13Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts andColin Watson
ssh-argv0.
2013-06-08Document consequences of ssh-agent being setgid in ssh-agent(1); seeColin Watson
#711623.
2013-06-06releasing version 1:6.2p2-4Colin Watson
2013-06-06Close another file-rc bug.Colin Watson
2013-06-06Set SELinux context on private host keys as well as public host keysColin Watson
(closes: #687436).
2013-06-06Rebuild against debhelper 9.20130604 with fixed dependencies forColin Watson
invoke-rc.d and Upstart jobs (closes: #711364).
2013-06-05Fix non-portable shell in ssh-copy-id (closes: #711162).Colin Watson
2013-05-22releasing version 1:6.2p2-3Colin Watson
2013-05-22If the running init daemon is Upstart, then, on the first upgrade toColin Watson
this version, check whether sysvinit is still managing sshd; if so, manually stop it so that it can be restarted under upstart. We do this near the end of the postinst, so it shouldn't result in any appreciable extra window where sshd is not running during upgrade.
2013-05-22releasing version 1:6.2p2-2Colin Watson
2013-05-22Remove ancient commented-out code.Colin Watson
2013-05-22Fix dh_builddeb invocation so that we really use xz compression forColin Watson
binary packages, as intended since 1:6.1p1-2.
2013-05-22Bracket our session stack with calls to pam_selinux close/open (thanks,Colin Watson
Laurent Bigonville; closes: #679458).
2013-05-22Use the pam_loginuid session module (thanks, Laurent Bigonville; closes:Colin Watson
#677440, LP: #1067779).
2013-05-22* Remove the check for vulnerable host keys; this was first added fiveColin Watson
years ago, and everyone should have upgraded through a version that applied these checks by now. The ssh-vulnkey tool and the blacklisting support in sshd are still here, at least for the moment. * This removes the last of our uses of debconf (closes: #221531).
2013-05-22Drop now-unused Lintian override.Colin Watson
2013-05-22Switch to new unified layout for Upstart jobs as documented inColin Watson
https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script checks for a running Upstart, and we now let dh_installinit handle most of the heavy lifting in maintainer scripts. Ubuntu users should be essentially unaffected except that sshd may no longer start automatically in chroots if the running Upstart predates 0.9.0; but the main goal is simply not to break when openssh-server is installed in a chroot.
2013-05-22Replace old manual conffile handling code with dpkg-maintscript-helper,Colin Watson
via dh_installdeb.
2013-05-22close bugColin Watson
2013-05-22Add #DEBHELPER# tokens to openssh-client.postinst andColin Watson
openssh-server.postinst.
2013-05-22Clarify changelog: upgrades -> direct upgrades.Colin Watson
2013-05-22Remove lots of maintainer script support for upgrades from pre-etchColin Watson
(three releases before current stable).
2013-05-22Another unregistration.Colin Watson
2013-05-21Remove support for upgrading from ssh-nonfree.Colin Watson
2013-05-21Remove ssh/use_old_init_script, which was a workaround for a very oldColin Watson
bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then they aren't going to be convinced now.
2013-05-21Drop conffile handling for upgrades from pre-split ssh package; this wasColin Watson
originally added in 1:4.3p2-7 / 1:4.3p2-8, and contained a truly ghastly hack around a misbehaviour in sarge's dpkg. Since this is now four Debian releases ago, we can afford to drop this and simplify the packaging.
2013-05-21Change start condition of Upstart job to be just the standard "runlevelColin Watson
[2345]", rather than "filesystem or runlevel [2345]"; the latter makes it unreasonably difficult to ensure that urandom starts before ssh, and is not really necessary since one of static-network-up and failsafe-boot is guaranteed to happen and will trigger entry to the default runlevel, and we don't care about ssh starting before the network (LP: #1098299).
2013-05-16releasing version 1:6.2p2-1Colin Watson
2013-05-16* New upstream release (http://www.openssh.com/txt/release-6.2p2):Colin Watson
- Only warn for missing identity files that were explicitly specified (closes: #708275). - Fix bug in contributed contrib/ssh-copy-id script that could result in "rm *" being called on mktemp failure (closes: #708419).
2013-05-13releasing version 1:6.2p1-3Colin Watson
2013-05-13Renumber Debian-specific additions to enum monitor_reqtype so that theyColin Watson
fit within a single byte (thanks, Jason Conti; LP: #1179202).
2013-05-09releasing version 1:6.2p1-2Colin Watson
2013-05-09Fix consolekit mismerges in monitor.c and monitor_wrap.c.Colin Watson
2013-05-09* Fix build failure on Ubuntu:Colin Watson
- Include openbsd-compat/sys-queue.h from consolekit.c.
2013-05-07releasing version 1:6.2p1-1Colin Watson
2013-05-07Move platform_sys_dir_uid to misc.c to fix linking following ↵Colin Watson
user-group-modes.patch.
2013-05-07* New upstream release (http://www.openssh.com/txt/release-6.2).Colin Watson
- Add support for multiple required authentication in SSH protocol 2 via an AuthenticationMethods option (closes: #195716). - Fix Sophie Germain formula in moduli(5) (closes: #698612). - Update ssh-copy-id to Phil Hands' greatly revised version (closes: #99785, #322228, #620428; LP: #518883, #835901, #1074798).
2013-05-06Use dh-autoreconf.Colin Watson
2013-03-25releasing version 1:6.1p1-4Colin Watson
2013-03-25Add ssh-agent upstart user job. This implements something similar toStéphane Graber
the 90x11-common_ssh-agent Xsession script. That is, start ssh-agent and set the appropriate environment variables (closes: #703906).
2013-03-25debian/openssh-server.sshd.pam: Explicitly state that ~/.pam_environmentGunnar Hjalmarsson
should be read, and move the pam_env calls from "auth" to "session" so that it's also read when $HOME is encrypted (LP: #952185).
2013-02-08releasing version 1:6.1p1-3Colin Watson