Age | Commit message (Collapse) | Author | |
---|---|---|---|
2016-12-26 | Start handling /etc/ssh/sshd_config using ucf. | Colin Watson | |
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation for this is to deal with deprecations of options related to protocol 1, but something like this has been needed for a long time (closes: #419574, #848089): - sshd_config is now a slightly-patched version of upstream's, and only contains non-default settings (closes: #147201). - I've included as many historical md5sums of default versions of sshd_config as I could reconstruct from version control, but I'm sure I've missed some. - Explicitly synchronise the debconf database with the current configuration file state in openssh-server.config, to ensure that the PermitRootLogin setting is properly preserved. - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather than "yes", per upstream. | |||
2016-12-24 | Move PermitRootLogin handling into create_sshdconfig. | Colin Watson | |
2016-12-23 | Remove some advice related to protocol 1 from README.Debian. | Colin Watson | |
2016-12-23 | Remove entries related to protocol 1 from the default sshd_config generated ↵ | Colin Watson | |
on new installations. | |||
2016-12-23 | New upstream release (7.4p1). | Colin Watson | |
2016-12-05 | wrap-and-sort debian/tests/control too | Colin Watson | |
2016-12-05 | Apply "wrap-and-sort -atf debian/control". | Colin Watson | |
2016-12-03 | releasing package openssh version 1:7.3p1-5 | Colin Watson | |
2016-12-03 | debian/tests/control: Add dependency on openssl, required by the PuTTY ↵ | Colin Watson | |
interoperability tests. | |||
2016-12-02 | releasing package openssh version 1:7.3p1-4 | Colin Watson | |
2016-11-19 | Fix and enable PuTTY interoperability tests under autopkgtest. | Colin Watson | |
2016-11-19 | Build all upstream regression test binaries using the new "regress-binaries" ↵ | Colin Watson | |
target. | |||
2016-11-11 | Remove the non-upstream .gitignore file and add the relevant entries to ↵ | Colin Watson | |
debian/.gitignore, in order to make the source tree more dgit-compatible. | |||
2016-11-11 | Move build directories under debian/. | Colin Watson | |
2016-11-11 | Adjust Build-Depends further to avoid considering libssl-dev >= 1.1.0~ as ↵ | Colin Watson | |
sufficient. | |||
2016-11-05 | releasing package openssh version 1:7.3p1-3 | Colin Watson | |
2016-11-05 | Policy version 3.9.8: no changes required. | Colin Watson | |
2016-11-05 | Add a missing License line to debian/copyright. | Colin Watson | |
2016-11-05 | Avoid building with OpenSSL 1.1 for now (see #828475). | Colin Watson | |
2016-10-24 | releasing package openssh version 1:7.3p1-2 | Colin Watson | |
2016-10-24 | CVE-2016-8858: Unregister the KEXINIT handler after message has been ↵ | Colin Watson | |
received (closes: #841884). | |||
2016-08-14 | Rewrite debian/copyright using copyright-format 1.0. | Colin Watson | |
2016-08-07 | releasing package openssh version 1:7.3p1-1 | Colin Watson | |
2016-08-07 | New upstream release (7.3p1). | Colin Watson | |
2016-07-29 | releasing package openssh version 1:7.2p2-8 | Colin Watson | |
2016-07-29 | debian/openssh-server.if-up: Don't block on a finished reload of openssh.service | Martin Pitt | |
This avoids deadlocking with restarting networking. LP: #1584393 | |||
2016-07-29 | Add systemd user unit for graphical sessions that use systemd | Martin Pitt | |
Override the corresponding upstart job in that case. | |||
2016-07-29 | Add debian/agent-launch: Helper script for conditionally starting the SSH ↵ | Martin Pitt | |
agent in the user session Use it in ssh-agent.user-session.upstart. This will also be used in a corresponding systemd user unit. This replaces the backgrounded "ssh-agent -s" with a foreground task which works more nicely with modern init systems for logging/debugging and starting/stopping. Also use a fixed socket file name in $XDG_RUNTIME_DIR -- under both upstart and systemd we can assume this, and it allows restarting the service in a running session. | |||
2016-07-29 | Stop enabling ssh-session-cleanup.service by default; instead, ship it as an ↵ | Colin Watson | |
example and add a section to README.Debian. libpam-systemd >= 230 and "UsePAM yes" should take care of the original problem for most systemd users (thanks, Michael Biebl; closes: #832155). | |||
2016-07-23 | releasing package openssh version 1:7.2p2-7 | Colin Watson | |
2016-07-23 | Add note about upgrade problems. | Colin Watson | |
2016-07-23 | Recommend libpam-systemd from openssh-server. It's a much better solution ↵ | Colin Watson | |
than the above for systemd users, but I'm wary of depending on it in case I cause an assortment of exciting dependency problems on upgrade for non-systemd users. | |||
2016-07-23 | Don't stop the ssh-session-cleanup service on upgrade (closes: #832155). | Colin Watson | |
2016-07-22 | releasing package openssh version 1:7.2p2-6 | Colin Watson | |
2016-07-22 | Fix typo. | Colin Watson | |
2016-07-22 | Stop generating DSA host keys by default (thanks, Santiago Vila; closes: ↵ | Colin Watson | |
#823827). | |||
2016-07-22 | Add a session cleanup script and a systemd unit file to trigger it, which ↵ | Colin Watson | |
serves to terminate SSH sessions cleanly if systemd doesn't do that itself, often because libpam-systemd is not installed (thanks, Vivek Das Mohapatra, Tom Hutter, and others; closes: #751636). | |||
2016-07-22 | Backport upstream patch to close ControlPersist background process stderr ↵ | Colin Watson | |
when not in debug mode or when logging to a file or syslog (closes: #714526). | |||
2016-07-22 | Close #831902. | Colin Watson | |
2016-07-22 | CVE-2016-6210: Mitigate user enumeration via covert timing channel. | Colin Watson | |
2016-06-06 | Retroactively add a NEWS.Debian entry for the UseDNS change in 6.9 (see LP ↵ | Colin Watson | |
#1588457). | |||
2016-05-16 | Set SSH_PROGRAM=/usr/bin/ssh1 when building openssh-client-ssh1 so that scp1 ↵ | Colin Watson | |
works (reported by Olivier MATZ). | |||
2016-05-03 | Copy summary of supported SFTP protocol versions from upstream's PROTOCOL ↵ | Colin Watson | |
file into the openssh-sftp-server package description (closes: #766887). | |||
2016-04-30 | debian/watch: Switch to HTTP (thanks, Nicholas Luedtke; closes: #822997). | Colin Watson | |
2016-04-28 | releasing package openssh version 1:7.2p2-5 | Colin Watson | |
2016-04-28 | Backport upstream patch to unbreak authentication using lone certificate ↵ | Colin Watson | |
keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself (thanks, Paul Querna; LP: #1575961). | |||
2016-04-15 | releasing package openssh version 1:7.2p2-4 | Colin Watson | |
2016-04-15 | Policy version 3.9.7: no changes required. | Colin Watson | |
2016-04-15 | Drop dependency on libnss-files-udeb (closes: #819686). | Colin Watson | |
2016-04-13 | releasing package openssh version 1:7.2p2-3 | Colin Watson | |