summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2017-04-02Add missing header on Linux/s390Colin Watson
2017-04-02releasing package openssh version 1:7.5p1-1Colin Watson
2017-04-02New upstream release (7.5p1)Colin Watson
2017-03-30releasing package openssh version 1:7.4p1-10Colin Watson
2017-03-30Unbreak Unix domain socket forwarding for root (closes: #858252).Colin Watson
2017-03-30Move privilege separation directory and PID file from /var/run/ to /run/ ↵Colin Watson
(closes: #760422, #856825).
2017-03-16releasing package openssh version 1:7.4p1-9Colin Watson
2017-03-16Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest ↵Colin Watson
regression introduced in 1:7.4p1-8.
2017-03-15releasing package openssh version 1:7.4p1-8Colin Watson
2017-03-14Fix ssh-keyscan to correctly hash hosts with a port number (closes: #857736, ↵Colin Watson
LP: #1670745).
2017-03-09Fix ssh-keygen -H accidentally corrupting known_hosts that contained ↵Colin Watson
already-hashed entries (closes: #851734, LP: #1668093).
2017-03-05releasing package openssh version 1:7.4p1-7Colin Watson
2017-03-05Restore reading authorized_keys2 by defaultColin Watson
Upstream seems to intend to gradually phase this out, so don't assume that this will remain the default forever. However, we were late in adopting the upstream sshd_config changes, so it makes sense to extend the grace period (closes: #852320).
2017-01-29Don't set "PermitRootLogin yes" on fresh installations (regression ↵Colin Watson
introduced in 1:7.4p1-1; closes: #852781).
2017-01-16releasing package openssh version 1:7.4p1-6Colin Watson
2017-01-16Rekeying patch fixes LP: #1608965 tooColin Watson
2017-01-16Fix rekeying failure with GSSAPI key exchange (thanks, Harald Barth; closes: ↵Colin Watson
#819361).
2017-01-16Remove ssh_host_dsa_key from HostKey default (closes: #850614).Colin Watson
2017-01-16Document sshd_config changes that may be needed following the removal of ↵Colin Watson
protocol 1 support from sshd (closes: #851573).
2017-01-15Remove LOGIN_PROGRAM and LOGIN_NO_ENDOPT definitions, since UseLogin is gone.Colin Watson
2017-01-06Remove temporary file on exit from postinst (closes: #850275).Colin Watson
2017-01-03releasing package openssh version 1:7.4p1-5Colin Watson
2017-01-03Work around clock_gettime kernel bug on Linux x32 (closes: #849923).Colin Watson
2017-01-03Create mux socket for regression tests in a temporary directory.Colin Watson
2017-01-02releasing package openssh version 1:7.4p1-4Colin Watson
2017-01-02merge patched into masterColin Watson
2017-01-01Make integrity tests more robust against timeouts in the case where the ↵Colin Watson
first test in a series for a given MAC happens to modify the low bytes of a packet length.
2017-01-01Run regression tests inside annotate-output to try to diagnose timeout issues.Colin Watson
2016-12-31releasing package openssh version 1:7.4p1-3Colin Watson
2016-12-31Tweak regression test setup to cope with the case where some of the source ↵Colin Watson
directory is unreadable by the openssh-tests user.
2016-12-31Dump some useful log files if regression tests fail.Colin Watson
2016-12-31Run regression tests using 'sh -x' to try to get more information about ↵Colin Watson
failures.
2016-12-31Revert attempted hack around regress/forwarding.sh test failure, since it ↵Colin Watson
doesn't seem to help.
2016-12-29releasing package openssh version 1:7.4p1-2Colin Watson
2016-12-28Avoid calling into Kerberos libraries from ssh_gssapi_server_mechanisms in ↵Colin Watson
the privsep monitor.
2016-12-28Attempt to hack around regress/forwarding.sh test failure in some environments.Colin Watson
2016-12-27releasing package openssh version 1:7.4p1-1Colin Watson
2016-12-27When running regression tests under autopkgtest, use a non-root user with ↵Colin Watson
passwordless sudo.
2016-12-26Make debian/tests/regress executable.Colin Watson
2016-12-26Stop openssh-server.config exiting non-zero on fresh installations.Colin Watson
2016-12-26Build gnome-ssh-askpass with GTK+ 3 (LP: #801187).Colin Watson
2016-12-26Remove redundant "GSSAPIDelegateCredentials no" from ssh_config (already the ↵Colin Watson
upstream default), and document that setting ServerAliveInterval to 300 by default if BatchMode is set is Debian-specific (closes: #765630).
2016-12-26Start handling /etc/ssh/sshd_config using ucf.Colin Watson
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation for this is to deal with deprecations of options related to protocol 1, but something like this has been needed for a long time (closes: #419574, #848089): - sshd_config is now a slightly-patched version of upstream's, and only contains non-default settings (closes: #147201). - I've included as many historical md5sums of default versions of sshd_config as I could reconstruct from version control, but I'm sure I've missed some. - Explicitly synchronise the debconf database with the current configuration file state in openssh-server.config, to ensure that the PermitRootLogin setting is properly preserved. - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather than "yes", per upstream.
2016-12-24Move PermitRootLogin handling into create_sshdconfig.Colin Watson
2016-12-23Remove some advice related to protocol 1 from README.Debian.Colin Watson
2016-12-23Remove entries related to protocol 1 from the default sshd_config generated ↵Colin Watson
on new installations.
2016-12-23New upstream release (7.4p1).Colin Watson
2016-12-05wrap-and-sort debian/tests/control tooColin Watson
2016-12-05Apply "wrap-and-sort -atf debian/control".Colin Watson
2016-12-03releasing package openssh version 1:7.3p1-5Colin Watson