summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2014-02-15releasing package openssh version 1:6.5p1-4Colin Watson
2014-02-15Fix getsockname errors when using "ssh -W" (closes: #738693).Colin Watson
2014-02-13Remove code related to non-dependency-based sysv-rc ordering, since that is ↵Colin Watson
no longer supported.
2014-02-13Fix "Running sshd from inittab" instructions for dependency-based sysv-rcColin Watson
Amend "Running sshd from inittab" instructions in README.Debian to recommend 'update-rc.d ssh disable', rather than manual removal of rc*.d symlinks that won't work with dependency-based sysv-rc.
2014-02-13Configure --without-hardening on hppa, to work around ↵Colin Watson
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=60155 (closes: #738798).
2014-02-12releasing package openssh version 1:6.5p1-3Colin Watson
2014-02-12Tweak dh_systemd_enable invocations to avoid lots of error noise.Colin Watson
2014-02-12Drop unnecessary -1 in zlib1g Build-Depends version.Colin Watson
2014-02-12Policy version 3.9.5.Colin Watson
2014-02-12Drop some very old Conflicts and ReplacesColin Watson
Drop some very old Conflicts and Replaces (ssh (<< 1:3.8.1p1-9), rsh-client (<< 0.16.1-1), ssh-krb5 (<< 1:4.3p2-7), ssh-nonfree (<< 2), and openssh-client (<< 1:3.8.1p1-11)). These all relate to pre-etch versions, for which we no longer have maintainer script code, and per policy they would have to become Breaks nowadays anyway.
2014-02-12Refer to /usr/share/common-licenses/GPL-2 in debian/copyright (for the ↵Colin Watson
Debian patch) rather than plain GPL.
2014-02-12Remove unnecessary /dev/null testsColin Watson
Remove tests for whether /dev/null is a character device from the Upstart job and the systemd service files; it's there to avoid a confusing failure mode in daemon(), but with modern init systems we use the -D option to suppress daemonisation anyway.
2014-02-12Reorder transition code by guard version.Colin Watson
2014-02-12Bump guard version for sysvinit->systemd transition to 1:6.5p1-3; we may ↵Colin Watson
have got it wrong before, and it's fairly harmless to repeat it.
2014-02-12Fix sysvinit->systemd transition codeColin Watson
We need to cope with still-running sysvinit jobs being considered active by systemd (thanks, Uoti Urpala and Michael Biebl).
2014-02-12Avoid stdout noise from which(1) on purge of openssh-client.Colin Watson
2014-02-12Stop claiming that "Protocol 2" is a Debian-specific defaultColin Watson
This has been upstream's default since 5.4p1.
2014-02-12Adjust section title too.Colin Watson
2014-02-11Clarify socket activation mode in README.Debian, as suggested by Uoti Urpala.Colin Watson
2014-02-11releasing package openssh version 1:6.5p1-2Colin Watson
2014-02-11Backport upstream patch to unbreak case-sensitive matching of ssh_config ↵Colin Watson
(closes: #738619).
2014-02-11Only enable ssh.service for systemd, not both ssh.service and ssh.socket. ↵Colin Watson
Thanks to Michael Biebl for spotting this.
2014-02-10releasing package openssh version 1:6.5p1-1Colin Watson
2014-02-10Drop After=syslog.target; this is obsolete according to Lintian.Colin Watson
2014-02-10Add systemd support (thanks, Sven Joachim; closes: #676830).Colin Watson
2014-02-10Stop manually creating /usr/share/lintian/overrides; dh_lintian handles this.Colin Watson
2014-02-10Drop long-obsolete "SSH now uses protocol 2 by default" section from ↵Colin Watson
README.Debian.
2014-02-10Generate ED25519 host keys on fresh installations.Colin Watson
Upgraders who wish to add such host keys should manually add 'HostKey /etc/ssh/ssh_host_ed25519_key' to /etc/ssh/sshd_config and run 'ssh-keygen -q -f /etc/ssh/ssh_host_ed25519_key -N "" -t ed25519'.
2014-02-10Close some bugs related to ssh-vulnkey.Colin Watson
2014-02-10Incorporate default path changes from shadow 1:4.0.18.1-8, removing ↵Colin Watson
/usr/bin/X11 (closes: #644521).
2014-02-10Add the pam_keyinit session module, to create a new session keyring on login ↵Colin Watson
(closes: #734816).
2014-02-10Merge 6.5p1.Colin Watson
* New upstream release (http://www.openssh.com/txt/release-6.5, LP: #1275068): - ssh(1): Add support for client-side hostname canonicalisation using a set of DNS suffixes and rules in ssh_config(5). This allows unqualified names to be canonicalised to fully-qualified domain names to eliminate ambiguity when looking up keys in known_hosts or checking host certificate names (closes: #115286).
2014-02-10record new upstream branch created by importing openssh_6.5p1.orig.tar.gzColin Watson
2014-02-10Add OpenPGP signature checking configuration to watch file (thanks, Daniel ↵Colin Watson
Kahn Gillmor; closes: #732441).
2014-02-09Drop ssh-vulnkeyColin Watson
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code, leaving only basic configuration file compatibility, since it has been nearly six years since the original vulnerability and this code is not likely to be of much value any more. See https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full reasoning.
2014-02-09Initialize git-dpmColin Watson
2014-02-09Remove trailing blank line.Colin Watson
2014-02-09Switch to git; adjust Vcs-* fields.Colin Watson
2013-12-23releasing package openssh version 1:6.4p1-2Colin Watson
2013-12-23Restore patch to disable OpenSSL version check (closes: #732940).Colin Watson
2013-11-12Increase ServerKeyBits value in package-generated sshd_config to 1024Colin Watson
(closes: #727622, LP: #1244272).
2013-11-09releasing package openssh version 1:6.4p1-1Colin Watson
2013-11-09urgency=highColin Watson
2013-11-09Add CVE-2013-4548 identifier.Colin Watson
2013-11-09* New upstream release (http://www.openssh.com/txt/release-6.4).Colin Watson
- sshd(8): fix a memory corruption problem triggered during rekeying when an AES-GCM cipher is selected (closes: #729029). Full details of the vulnerability are available at: http://www.openssh.com/txt/gcmrekey.adv
2013-09-14* New upstream release (http://www.openssh.com/txt/release-6.3).Colin Watson
- sftp(1): add support for resuming partial downloads using the "reget" command and on the sftp commandline or on the "get" commandline using the "-a" (append) option (closes: #158590). - ssh(1): add an "IgnoreUnknown" configuration option to selectively suppress errors arising from unknown configuration directives (closes: #436052). - sftp(1): update progressmeter when data is acknowledged, not when it's sent (partially addresses #708372). - ssh(1): do not fatally exit when attempting to cleanup multiplexing- created channels that are incompletely opened (closes: #651357).
2013-08-12When running under Upstart, only consider the daemon started once it isColin Watson
ready to accept connections (by raising SIGSTOP at that point and using "expect stop").
2013-07-02releasing version 1:6.2p2-6Colin Watson
2013-07-02Update config.guess and config.sub automatically at build time.Colin Watson
dh_autoreconf does not take care of that by default because openssh does not use automake.
2013-06-27releasing version 1:6.2p2-5Colin Watson