Age | Commit message (Collapse) | Author | |
---|---|---|---|
2011-02-08 | Upload to unstable. | Colin Watson | |
2011-02-05 | releasing version 1:5.8p1-1 | Colin Watson | |
2011-02-05 | * New upstream release (http://www.openssh.org/txt/release-5.8): | Colin Watson | |
- Fix stack information leak in legacy certificate signing (http://www.openssh.com/txt/legacy-cert.adv). | |||
2011-01-27 | releasing version 1:5.7p1-2 | Colin Watson | |
2011-01-27 | Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled | Colin Watson | |
(LP: #708571). | |||
2011-01-27 | releasing version 1:5.7p1-1 | Colin Watson | |
2011-01-26 | adjust ECDSA commentary in changelog - we aren't generating ECDSA host keys ↵ | Colin Watson | |
on upgrades | |||
2011-01-26 | changelog for GSSAPI update | Colin Watson | |
2011-01-26 | merge gssapi branch | Colin Watson | |
2011-01-25 | Rearrange selinux-role.patch so that it links properly given this | Colin Watson | |
SELinux build fix. | |||
2011-01-25 | Backport SELinux build fix from CVS. | Colin Watson | |
2011-01-24 | Build-depend on libssl-dev (>= 0.9.8g) to ensure sufficient ECC support. | Colin Watson | |
2011-01-24 | Generate ECDSA host keys. These will only be used on fresh | Colin Watson | |
installations or if you manually add 'HostKey /etc/ssh/ssh_host_ecdsa_key' to /etc/ssh/sshd_config. | |||
2011-01-24 | * New upstream release (http://www.openssh.org/txt/release-5.7): | Colin Watson | |
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. - sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the "ln" command in the client. The old "ln" behaviour of creating a symlink is available using its "-s" option or through the preexisting "symlink" command. - scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host (closes: #508613). - ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. This allows the mux clients to determine that the server socket is either ready or stale without races (closes: #454784). Stale server sockets are now automatically removed (closes: #523250). - ssh(1): install a SIGCHLD handler to reap expired child process (closes: #594687). - ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent temporary directories (closes: #357469, although only if you arrange for ssh-agent to actually see $TMPDIR since the setgid bit will cause it to be stripped off). | |||
2010-12-30 | releasing version 1:5.6p1-3 | Colin Watson | |
2010-12-30 | * Merge 1:5.5p1-6. | Colin Watson | |
2010-12-27 | releasing version 1:5.5p1-6 | Colin Watson | |
2010-12-26 | Touch /var/run/sshd/.placeholder in the preinst so that /var/run/sshd, | Colin Watson | |
which is intentionally no longer shipped in the openssh-server package due to /var/run often being a temporary directory, is not removed on upgrade (closes: #575582). | |||
2010-11-02 | Drop override for desktop-file-but-no-dh_desktop-call, which Lintian no | Colin Watson | |
longer issues. | |||
2010-10-26 | releasing version 1:5.6p1-2 | Colin Watson | |
2010-10-26 | Backport upstream patch to install a SIGCHLD handler to reap expired ssh | Colin Watson | |
child processes, preventing lots of zombies when using ControlPersist (closes: #594687). | |||
2010-08-24 | releasing version 1:5.6p1-1 | Colin Watson | |
2010-08-24 | staticify most functions in ssh-vulnkey.c | Colin Watson | |
2010-08-24 | unconstify key argument to describe_key and do_key | Colin Watson | |
2010-08-24 | unconstify key argument to blacklisted_key_in_file and blacklisted_key | Colin Watson | |
2010-08-23 | * New upstream release (http://www.openssh.com/txt/release-5.6): | Colin Watson | |
- Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. This connection can stay alive indefinitely, or can be set to automatically close after a user-specified duration of inactivity (closes: #335697, #350898, #454787, #500573, #550262). - Support AuthorizedKeysFile, AuthorizedPrincipalsFile, HostbasedUsesNameFromPacketOnly, and PermitTunnel in sshd_config(5) Match blocks (closes: #549858). - sftp(1): fix ls in working directories that contain globbing characters in their pathnames (LP: #530714). | |||
2010-08-23 | releasing version 1:5.5p1-5 | Colin Watson | |
2010-08-13 | * debconf template translations: | Colin Watson | |
- Update Danish (thanks, Joe Hansen; closes: #592800). | |||
2010-08-05 | Use an architecture wildcard for libselinux1-dev (closes: #591740). | Colin Watson | |
2010-05-22 | releasing version 1:5.5p1-4 | Colin Watson | |
2010-05-22 | Check primary group memberships as well as supplementary group | Colin Watson | |
memberships, and only allow group-writability by groups with exactly one member, as zero-member groups are typically used by setgid binaries rather than being user-private groups (closes: #581697). | |||
2010-05-22 | Allow ~/.ssh/authorized_keys and other secure files to be | Colin Watson | |
group-writable, provided that the group in question contains only the file's owner; this extends a patch previously applied to ~/.ssh/config (closes: #581919). | |||
2010-05-04 | Add powerpcspe to architecture list for libselinux1-dev build-dependency | Sebastian Andrzej Siewior | |
(closes: #579843). | |||
2010-04-28 | releasing version 1:5.5p1-3 | Colin Watson | |
2010-04-28 | Drop IDEA key check; I don't think it works properly any more due to | Colin Watson | |
textual changes in error output, it's only relevant for direct upgrades from truly ancient versions, and it breaks upgrades if /etc/ssh/ssh_host_key can't be loaded (closes: #579570). | |||
2010-04-26 | Discard error messages while checking whether rsh, rlogin, and rcp | Colin Watson | |
alternatives exist (closes: #579285). | |||
2010-04-17 | releasing version 1:5.5p1-2 | Colin Watson | |
2010-04-17 | Use dh_installinit -n, since our maintainer scripts already handle this | Colin Watson | |
more carefully (thanks, Julien Cristau). | |||
2010-04-16 | releasing version 1:5.5p1-1 | Colin Watson | |
2010-04-16 | * New upstream release: | Colin Watson | |
- Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative paths. - Include a language tag when sending a protocol 2 disconnection message. - Make logging of certificates used for user authentication more clear and consistent between CAs specified using TrustedUserCAKeys and authorized_keys. | |||
2010-04-16 | releasing version 1:5.4p1-2 | Colin Watson | |
2010-04-10 | lintian-symlink-pickiness: remember to bump Last-Update | Colin Watson | |
2010-04-09 | Add a NEWS.Debian entry about changes in smartcard support relative to | Colin Watson | |
previous unofficial builds (closes: #231472). | |||
2010-04-08 | Use dh_install more effectively. | Colin Watson | |
2010-04-08 | remove obsolete Ssh.bin hack, no longer needed with new PKCS#11 smartcard ↵ | Colin Watson | |
handling | |||
2010-04-08 | remove old ssh_prng_cmds handling; we never use this, and it's unnecessary ↵ | Colin Watson | |
with debhelper v3 anyway | |||
2010-04-07 | Drop lpia support, since Ubuntu no longer supports this architecture. | Colin Watson | |
2010-04-07 | Convert to dh(1), and use dh_installdocs --link-doc. | Colin Watson | |
2010-04-06 | Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is | Colin Watson | |
installed, the host key is published in an SSHFP RR secured with DNSSEC, and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key verification (closes: #572049). | |||
2010-04-06 | lintian-symlink-pickiness.patch rejected upstream, but we need to keep it | Colin Watson | |