summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2016-12-26Start handling /etc/ssh/sshd_config using ucf.Colin Watson
* Start handling /etc/ssh/sshd_config using ucf. The immediate motivation for this is to deal with deprecations of options related to protocol 1, but something like this has been needed for a long time (closes: #419574, #848089): - sshd_config is now a slightly-patched version of upstream's, and only contains non-default settings (closes: #147201). - I've included as many historical md5sums of default versions of sshd_config as I could reconstruct from version control, but I'm sure I've missed some. - Explicitly synchronise the debconf database with the current configuration file state in openssh-server.config, to ensure that the PermitRootLogin setting is properly preserved. - UsePrivilegeSeparation now defaults to the stronger "sandbox" rather than "yes", per upstream.
2016-12-24Move PermitRootLogin handling into create_sshdconfig.Colin Watson
2016-12-23Remove some advice related to protocol 1 from README.Debian.Colin Watson
2016-12-23Remove entries related to protocol 1 from the default sshd_config generated ↵Colin Watson
on new installations.
2016-12-23New upstream release (7.4p1).Colin Watson
2016-12-05wrap-and-sort debian/tests/control tooColin Watson
2016-12-05Apply "wrap-and-sort -atf debian/control".Colin Watson
2016-12-03releasing package openssh version 1:7.3p1-5Colin Watson
2016-12-03debian/tests/control: Add dependency on openssl, required by the PuTTY ↵Colin Watson
interoperability tests.
2016-12-02releasing package openssh version 1:7.3p1-4Colin Watson
2016-11-19Fix and enable PuTTY interoperability tests under autopkgtest.Colin Watson
2016-11-19Build all upstream regression test binaries using the new "regress-binaries" ↵Colin Watson
target.
2016-11-11Remove the non-upstream .gitignore file and add the relevant entries to ↵Colin Watson
debian/.gitignore, in order to make the source tree more dgit-compatible.
2016-11-11Move build directories under debian/.Colin Watson
2016-11-11Adjust Build-Depends further to avoid considering libssl-dev >= 1.1.0~ as ↵Colin Watson
sufficient.
2016-11-05releasing package openssh version 1:7.3p1-3Colin Watson
2016-11-05Policy version 3.9.8: no changes required.Colin Watson
2016-11-05Add a missing License line to debian/copyright.Colin Watson
2016-11-05Avoid building with OpenSSL 1.1 for now (see #828475).Colin Watson
2016-10-24releasing package openssh version 1:7.3p1-2Colin Watson
2016-10-24CVE-2016-8858: Unregister the KEXINIT handler after message has been ↵Colin Watson
received (closes: #841884).
2016-08-14Rewrite debian/copyright using copyright-format 1.0.Colin Watson
2016-08-07releasing package openssh version 1:7.3p1-1Colin Watson
2016-08-07New upstream release (7.3p1).Colin Watson
2016-07-29releasing package openssh version 1:7.2p2-8Colin Watson
2016-07-29debian/openssh-server.if-up: Don't block on a finished reload of openssh.serviceMartin Pitt
This avoids deadlocking with restarting networking. LP: #1584393
2016-07-29Add systemd user unit for graphical sessions that use systemdMartin Pitt
Override the corresponding upstart job in that case.
2016-07-29Add debian/agent-launch: Helper script for conditionally starting the SSH ↵Martin Pitt
agent in the user session Use it in ssh-agent.user-session.upstart. This will also be used in a corresponding systemd user unit. This replaces the backgrounded "ssh-agent -s" with a foreground task which works more nicely with modern init systems for logging/debugging and starting/stopping. Also use a fixed socket file name in $XDG_RUNTIME_DIR -- under both upstart and systemd we can assume this, and it allows restarting the service in a running session.
2016-07-29Stop enabling ssh-session-cleanup.service by default; instead, ship it as an ↵Colin Watson
example and add a section to README.Debian. libpam-systemd >= 230 and "UsePAM yes" should take care of the original problem for most systemd users (thanks, Michael Biebl; closes: #832155).
2016-07-23releasing package openssh version 1:7.2p2-7Colin Watson
2016-07-23Add note about upgrade problems.Colin Watson
2016-07-23Recommend libpam-systemd from openssh-server. It's a much better solution ↵Colin Watson
than the above for systemd users, but I'm wary of depending on it in case I cause an assortment of exciting dependency problems on upgrade for non-systemd users.
2016-07-23Don't stop the ssh-session-cleanup service on upgrade (closes: #832155).Colin Watson
2016-07-22releasing package openssh version 1:7.2p2-6Colin Watson
2016-07-22Fix typo.Colin Watson
2016-07-22Stop generating DSA host keys by default (thanks, Santiago Vila; closes: ↵Colin Watson
#823827).
2016-07-22Add a session cleanup script and a systemd unit file to trigger it, which ↵Colin Watson
serves to terminate SSH sessions cleanly if systemd doesn't do that itself, often because libpam-systemd is not installed (thanks, Vivek Das Mohapatra, Tom Hutter, and others; closes: #751636).
2016-07-22Backport upstream patch to close ControlPersist background process stderr ↵Colin Watson
when not in debug mode or when logging to a file or syslog (closes: #714526).
2016-07-22Close #831902.Colin Watson
2016-07-22CVE-2016-6210: Mitigate user enumeration via covert timing channel.Colin Watson
2016-06-06Retroactively add a NEWS.Debian entry for the UseDNS change in 6.9 (see LP ↵Colin Watson
#1588457).
2016-05-16Set SSH_PROGRAM=/usr/bin/ssh1 when building openssh-client-ssh1 so that scp1 ↵Colin Watson
works (reported by Olivier MATZ).
2016-05-03Copy summary of supported SFTP protocol versions from upstream's PROTOCOL ↵Colin Watson
file into the openssh-sftp-server package description (closes: #766887).
2016-04-30debian/watch: Switch to HTTP (thanks, Nicholas Luedtke; closes: #822997).Colin Watson
2016-04-28releasing package openssh version 1:7.2p2-5Colin Watson
2016-04-28Backport upstream patch to unbreak authentication using lone certificate ↵Colin Watson
keys in ssh-agent: when attempting pubkey auth with a certificate, if no separate private key is found among the keys then try with the certificate key itself (thanks, Paul Querna; LP: #1575961).
2016-04-15releasing package openssh version 1:7.2p2-4Colin Watson
2016-04-15Policy version 3.9.7: no changes required.Colin Watson
2016-04-15Drop dependency on libnss-files-udeb (closes: #819686).Colin Watson
2016-04-13releasing package openssh version 1:7.2p2-3Colin Watson