summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2016-01-17releasing package openssh version 1:7.1p2-1Colin Watson
2016-01-14New upstream release (7.1p2).Colin Watson
2016-01-04releasing package openssh version 1:7.1p1-6Colin Watson
2016-01-04Shuffle PROPOSAL_KEX_ALGS mangling for GSSAPI key exchange a little later in ↵Colin Watson
ssh_kex2 so that it's actually effective (closes: #809696).
2016-01-04Allow authenticating as root using gssapi-keyex even with "PermitRootLogin ↵Colin Watson
prohibit-password" (closes: #809695).
2016-01-04Don't call sd_notify when sshd is re-execed (closes: #809035).Michael Biebl
2016-01-04Remove explicit "XS-Testsuite: autopkgtest" from debian/control; dpkg-source ↵Colin Watson
now figures that out automatically based on the existence of debian/tests/control.
2015-12-21releasing package openssh version 1:7.1p1-5Colin Watson
2015-12-21Add systemd readiness notification support (closes: #778913).Michael Biebl
2015-12-15releasing package openssh version 1:7.1p1-4Colin Watson
2015-12-15Backport upstream patch to unbreak connections with peers that set ↵Colin Watson
first_kex_follows (LP: #1526357).
2015-12-10releasing package openssh version 1:7.1p1-3Colin Watson
2015-12-10Redirect regression test input from /dev/zero, since otherwise conch will ↵Colin Watson
immediately send EOF.
2015-12-09Drop priority of openssh-client-ssh1 to extra (closes: #807518).Colin Watson
2015-12-08releasing package openssh version 1:7.1p1-2Colin Watson
2015-12-07Close LP: #1437005 too.Colin Watson
2015-12-07Update "Subsystem sftp" path in example sshd_config (closes: #691004).Colin Watson
2015-12-06Add an openssh-client-ssh1 binary package for people who need to connect to ↵Colin Watson
outdated SSH1-only servers (closes: #807107).
2015-12-05Add NEWS.Debian documenting cryptographic changes in OpenSSH 7.0 (closes: ↵Colin Watson
#806962).
2015-12-03Drop SSH1 keepalive patch. Now that SSH1 is disabled at compile-time, it's ↵Colin Watson
been rejected upstream and there isn't much point carrying it any more.
2015-12-03Really enable conch interoperability tests under autopkgtest.Colin Watson
2015-12-02releasing package openssh version 1:7.1p1-1Colin Watson
2015-12-02Enable conch interoperability tests under autopkgtest.Colin Watson
2015-11-29New upstream release (7.1p1).Colin Watson
2015-11-29Change "PermitRootLogin without-password" to the new preferred spelling of ↵Colin Watson
"PermitRootLogin prohibit-password" in sshd_config, and update documentation to reflect the new upstream default.
2015-11-29New upstream release (7.0p1).Colin Watson
2015-11-24releasing package openssh version 1:6.9p1-3Colin Watson
2015-11-24Drop ConsoleKit session registration patch; it was only ever enabled for ↵Colin Watson
Ubuntu, which no longer needs it (LP: #1334916, #1502045).
2015-11-24Do much less work in architecture-independent-only builds.Colin Watson
2015-11-24Fix dh_install and dh_fixperms overrides to work properly with an ↵Colin Watson
architecture-independent-only build (closes: #806090).
2015-09-17ssh_config(5): Fix markup errors in description of GSSAPITrustDns (closes: ↵Colin Watson
#799271).
2015-09-10releasing package openssh version 1:6.9p1-2Colin Watson
2015-09-10Build with audit support on Linux (closes: #797727, LP: #1478087).Tyler Hicks
2015-09-08mention-ssh-keygen-on-keychange.patch: Move example ssh-keygen invocation ↵Colin Watson
onto a separate line to make it easier to copy and paste (LP: #1491532).
2015-08-20releasing package openssh version 1:6.9p1-1Colin Watson
2015-08-20Let principals-command.sh work for noexec /var/run.Colin Watson
2015-08-20Fix autopkgtests to build some more regression test binaries.Colin Watson
2015-08-19Document the Debian-specific change to the default value of ↵Colin Watson
ForwardX11Trusted in ssh(1) (closes: #781469).
2015-08-19Add a couple of SECURITY: tags.Colin Watson
2015-08-19CVE-2015-5600: sshd(8): Fix circumvention of MaxAuthTries using ↵Colin Watson
keyboard-interactive authentication (closes: #793616).
2015-08-19Backport PAM security fixes.Colin Watson
- sshd(8): Fixed a privilege separation weakness related to PAM support. Attackers who could successfully compromise the pre-authentication process for remote code execution and who had valid credentials on the host could impersonate other users. Reported by Moritz Jodeit. - sshd(8): Fixed a use-after-free bug related to PAM support that was reachable by attackers who could compromise the pre-authentication process for remote code execution (closes: #795711). Also reported by Moritz Jodeit.
2015-08-19Fill in CVE-2015-5352 identifier and close #790798.Colin Watson
2015-08-19SECURITY: sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be ↵Colin Watson
world-writable. Local attackers may be able to write arbitrary messages to logged-in users, including terminal escape sequences. Reported by Nikolay Edigaryev.
2015-08-19New upstream release (6.9p1).Colin Watson
2015-08-19Thanks to Jakub Jelen of Red Hat for Fedora's rebased version of the GSSAPI ↵Colin Watson
key exchange patch.
2015-08-19Fix incorrect version in most recent debian/NEWS entry.Colin Watson
2015-08-19New upstream release (6.8p1).Colin Watson
2015-07-20Add generated file debian/copyrightColin Watson
This is friendlier to tools such as dgit that want the packaging git tree to look like the output of "dpkg-source -x".
2015-04-19releasing package openssh version 1:6.7p1-6Colin Watson
2015-04-19Silence confusing messages if Upstart is installed but not activeMartin Pitt
* openssh-server.postinst: Quiesce "Unable to connect to Upstart" error message from initctl if upstart is installed, but not the current init system. (LP: #1440070) * openssh-server.postinst: Fix version comparisons of upgrade adjustments to not apply to fresh installs.