Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-02-10 | Generate ED25519 host keys on fresh installations. | Colin Watson | |
Upgraders who wish to add such host keys should manually add 'HostKey /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'. | |||
2014-02-10 | Close some bugs related to ssh-vulnkey. | Colin Watson | |
2014-02-10 | Incorporate default path changes from shadow 1:4.0.18.1-8, removing ↵ | Colin Watson | |
/usr/bin/X11 (closes: #644521). | |||
2014-02-10 | Add the pam_keyinit session module, to create a new session keyring on login ↵ | Colin Watson | |
(closes: #734816). | |||
2014-02-10 | Merge 6.5p1. | Colin Watson | |
* New upstream release (http://www.openssh.com/txt/release-6.5, LP: #1275068): - ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names (closes: #115286). | |||
2014-02-10 | record new upstream branch created by importing openssh_6.5p1.orig.tar.gz | Colin Watson | |
2014-02-10 | Add OpenPGP signature checking configuration to watch file (thanks, Daniel ↵ | Colin Watson | |
Kahn Gillmor; closes: #732441). | |||
2014-02-09 | Drop ssh-vulnkey | Colin Watson | |
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code, leaving only basic configuration file compatibility, since it has been nearly six years since the original vulnerability and this code is not likely to be of much value any more. See https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full reasoning. | |||
2014-02-09 | Initialize git-dpm | Colin Watson | |
2014-02-09 | Remove trailing blank line. | Colin Watson | |
2014-02-09 | Switch to git; adjust Vcs-* fields. | Colin Watson | |
2013-12-23 | releasing package openssh version 1:6.4p1-2 | Colin Watson | |
2013-12-23 | Restore patch to disable OpenSSL version check (closes: #732940). | Colin Watson | |
2013-11-12 | Increase ServerKeyBits value in package-generated sshd_config to 1024 | Colin Watson | |
(closes: #727622, LP: #1244272). | |||
2013-11-09 | releasing package openssh version 1:6.4p1-1 | Colin Watson | |
2013-11-09 | urgency=high | Colin Watson | |
2013-11-09 | Add CVE-2013-4548 identifier. | Colin Watson | |
2013-11-09 | * New upstream release (http://www.openssh.com/txt/release-6.4). | Colin Watson | |
- sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected (closes: #729029). Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv | |||
2013-09-14 | * New upstream release (http://www.openssh.com/txt/release-6.3). | Colin Watson | |
- sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option (closes: #158590). - ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives (closes: #436052). - sftp(1): update progressmeter when data is acknowledged, not when it's sent (partially addresses #708372). - ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened (closes: #651357). | |||
2013-08-12 | When running under Upstart, only consider the daemon started once it is | Colin Watson | |
ready to accept connections (by raising SIGSTOP at that point and using "expect stop"). | |||
2013-07-02 | releasing version 1:6.2p2-6 | Colin Watson | |
2013-07-02 | Update config.guess and config.sub automatically at build time. | Colin Watson | |
dh_autoreconf does not take care of that by default because openssh does not use automake. | |||
2013-06-27 | releasing version 1:6.2p2-5 | Colin Watson | |
2013-06-27 | debian/rules: Include real distribution in SSH_EXTRAVERSION instead of | Yolanda Robla | |
hardcoding Debian (LP: #1195342). | |||
2013-06-13 | Use 'set -e' rather than '#! /bin/sh -e' in maintainer scripts and | Colin Watson | |
ssh-argv0. | |||
2013-06-08 | Document consequences of ssh-agent being setgid in ssh-agent(1); see | Colin Watson | |
#711623. | |||
2013-06-06 | releasing version 1:6.2p2-4 | Colin Watson | |
2013-06-06 | Close another file-rc bug. | Colin Watson | |
2013-06-06 | Set SELinux context on private host keys as well as public host keys | Colin Watson | |
(closes: #687436). | |||
2013-06-06 | Rebuild against debhelper 9.20130604 with fixed dependencies for | Colin Watson | |
invoke-rc.d and Upstart jobs (closes: #711364). | |||
2013-06-05 | Fix non-portable shell in ssh-copy-id (closes: #711162). | Colin Watson | |
2013-05-22 | releasing version 1:6.2p2-3 | Colin Watson | |
2013-05-22 | If the running init daemon is Upstart, then, on the first upgrade to | Colin Watson | |
this version, check whether sysvinit is still managing sshd; if so, manually stop it so that it can be restarted under upstart. We do this near the end of the postinst, so it shouldn't result in any appreciable extra window where sshd is not running during upgrade. | |||
2013-05-22 | releasing version 1:6.2p2-2 | Colin Watson | |
2013-05-22 | Remove ancient commented-out code. | Colin Watson | |
2013-05-22 | Fix dh_builddeb invocation so that we really use xz compression for | Colin Watson | |
binary packages, as intended since 1:6.1p1-2. | |||
2013-05-22 | Bracket our session stack with calls to pam_selinux close/open (thanks, | Colin Watson | |
Laurent Bigonville; closes: #679458). | |||
2013-05-22 | Use the pam_loginuid session module (thanks, Laurent Bigonville; closes: | Colin Watson | |
#677440, LP: #1067779). | |||
2013-05-22 | * Remove the check for vulnerable host keys; this was first added five | Colin Watson | |
years ago, and everyone should have upgraded through a version that applied these checks by now. The ssh-vulnkey tool and the blacklisting support in sshd are still here, at least for the moment. * This removes the last of our uses of debconf (closes: #221531). | |||
2013-05-22 | Drop now-unused Lintian override. | Colin Watson | |
2013-05-22 | Switch to new unified layout for Upstart jobs as documented in | Colin Watson | |
https://wiki.ubuntu.com/UpstartCompatibleInitScripts: the init script checks for a running Upstart, and we now let dh_installinit handle most of the heavy lifting in maintainer scripts. Ubuntu users should be essentially unaffected except that sshd may no longer start automatically in chroots if the running Upstart predates 0.9.0; but the main goal is simply not to break when openssh-server is installed in a chroot. | |||
2013-05-22 | Replace old manual conffile handling code with dpkg-maintscript-helper, | Colin Watson | |
via dh_installdeb. | |||
2013-05-22 | close bug | Colin Watson | |
2013-05-22 | Add #DEBHELPER# tokens to openssh-client.postinst and | Colin Watson | |
openssh-server.postinst. | |||
2013-05-22 | Clarify changelog: upgrades -> direct upgrades. | Colin Watson | |
2013-05-22 | Remove lots of maintainer script support for upgrades from pre-etch | Colin Watson | |
(three releases before current stable). | |||
2013-05-22 | Another unregistration. | Colin Watson | |
2013-05-21 | Remove support for upgrading from ssh-nonfree. | Colin Watson | |
2013-05-21 | Remove ssh/use_old_init_script, which was a workaround for a very old | Colin Watson | |
bug in /etc/init.d/ssh. If anyone has ignored this for >10 years then they aren't going to be convinced now. | |||
2013-05-21 | Drop conffile handling for upgrades from pre-split ssh package; this was | Colin Watson | |
originally added in 1:4.3p2-7 / 1:4.3p2-8, and contained a truly ghastly hack around a misbehaviour in sarge's dpkg. Since this is now four Debian releases ago, we can afford to drop this and simplify the packaging. |