summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2012-05-26Add a sandbox fallback mechanism, so that behaviour on Linux depends onColin Watson
whether the running system's kernel has seccomp_filter support, not the build system's kernel (forwarded upstream as https://bugzilla.mindrot.org/show_bug.cgi?id=2011).
2012-05-22Pass noupdate to pam_motd call for /run/motd.dynamic.Roger Leigh
2012-05-18IPQoS fix closes #671075 tooColin Watson
2012-05-18close #671010 with new upstreamColin Watson
2012-05-18Fix a bashism in configure's seccomp_filter check.Colin Watson
2012-05-18* New upstream release (http://www.openssh.org/txt/release-6.0).Colin Watson
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections (closes: #643312, #650512). - Add a new privilege separation sandbox implementation for Linux's new seccomp sandbox, automatically enabled on platforms that support it. (Note: privilege separation sandboxing is still experimental.)
2012-04-22Update OpenSSH FAQ to revision 1.113, fixing missing line break (closes:Colin Watson
#669667).
2012-04-21Display dynamic part of MOTD from /run/motd.dynamic, if it existsColin Watson
(closes: #669699).
2012-04-02releasing version 1:5.9p1-5Colin Watson
2012-04-02* Fix cross-building:Colin Watson
- Allow using a cross-architecture pkg-config. - Pass default LDFLAGS to contrib/Makefile. - Allow dh_strip to strip gnome-ssh-askpass, rather than calling 'install -s'.
2012-04-01Use dpkg-buildflags, including for hardening support; drop use ofColin Watson
hardening-includes.
2012-03-19releasing version 1:5.9p1-4Colin Watson
2012-03-19Disable OpenSSL version check again, as its SONAME is sufficientColin Watson
nowadays (closes: #664383).
2012-02-24releasing version 1:5.9p1-3Colin Watson
2012-02-24Move ssh-krb5 to Section: oldlibs.Colin Watson
2012-02-24slight simplificationColin Watson
2012-02-24Ignore errors writing to console in init script (closes: #546743).Colin Watson
2012-02-14* debconf template translations:Colin Watson
- Update Polish (thanks, Michał Kułach; closes: #659829).
2011-11-09releasing version 1:5.9p1-2Colin Watson
2011-11-09Mark openssh-client and openssh-server as Multi-Arch: foreign.Colin Watson
2011-09-08releasing version 1:5.9p1-1Colin Watson
2011-09-07Update OpenSSH FAQ to revision 1.112.Colin Watson
2011-09-07merge respun 5.9p1Colin Watson
2011-09-06* New upstream release (http://www.openssh.org/txt/release-5.9).Colin Watson
- Introduce sandboxing of the pre-auth privsep child using an optional sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables mandatory restrictions on the syscalls the privsep child can perform. - Add new SHA256-based HMAC transport integrity modes from http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt. - The pre-authentication sshd(8) privilege separation slave process now logs via a socket shared with the master process, avoiding the need to maintain /dev/log inside the chroot (closes: #75043, #429243, #599240). - ssh(1) now warns when a server refuses X11 forwarding (closes: #504757). - sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths, separated by whitespace (closes: #76312). The authorized_keys2 fallback is deprecated but documented (closes: #560156). - ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4 ToS/DSCP (closes: #498297). - ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add - < /path/to/key" (closes: #229124). - Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691). - Say "required" rather than "recommended" in unprotected-private-key warning (LP: #663455).
2011-09-06actually, let's upstream-tag the revision with a tarball parent insteadColin Watson
2011-09-06keep bzr-builddeb happierColin Watson
2011-09-05bzr get -> bzr branchColin Watson
2011-07-29releasing version 1:5.8p1-7Colin Watson
2011-07-29Use 'dpkg-vendor --derives-from Ubuntu' to detect Ubuntu systems ratherColin Watson
than 'lsb_release -is' so that Ubuntu derivatives behave the same way as Ubuntu itself.
2011-07-29Only recommend ssh-import-id when built on Ubuntu (closes: #635887).Colin Watson
2011-07-28releasing version 1:5.8p1-6Colin Watson
2011-07-28* Merge from Ubuntu (Dustin Kirkland):Colin Watson
- openssh-server Recommends: ssh-import-id (no-op in Debian since that package doesn't exist there, but this reduces the Ubuntu delta).
2011-07-28Quieten logs when multiple from= restrictions are used in differentColin Watson
authorized_keys lines for the same key; it's still not ideal, but at least you'll only get one log entry per key (closes: #630606).
2011-07-28openssh-client and openssh-server Suggests: monkeysphere.Colin Watson
2011-07-24releasing version 1:5.8p1-5Colin Watson
2011-07-17* Backport from upstream:Colin Watson
- Make hostbased auth with ECDSA keys work correctly (closes: #633368).
2011-05-30update README.source tooColin Watson
2011-05-30Update Vcs-* fields for Alioth changes.Colin Watson
2011-04-13Drop openssh-server's dependency on openssh-blacklist to aColin Watson
recommendation (closes: #622604).
2011-04-04releasing version 1:5.8p1-4Colin Watson
2011-04-04Remove unreachable code from openssh-server.postinst.Colin Watson
2011-04-04Drop hardcoded dependencies on libssl0.9.8 and libcrypto0.9.8-udeb,Colin Watson
since the required minimum versions are rather old now anyway and openssl has bumped its SONAME (thanks, Julien Cristau; closes: #620828).
2011-03-18releasing version 1:5.8p1-3Colin Watson
2011-03-18Allow ssh-add to read from FIFOs (thanks, Daniel Kahn Gillmor; closes:Colin Watson
#614897).
2011-02-09Correct ssh-keygen instruction in the changelog for 1:5.7p1-1 (thanks,Colin Watson
Joel Stanley). -q -f /etc/ssh/ssh_host_ecdsa_key -N "" -t ecdsa'.
2011-02-08releasing version 1:5.8p1-2Colin Watson
2011-02-08Upload to unstable.Colin Watson
2011-02-05releasing version 1:5.8p1-1Colin Watson
2011-02-05* New upstream release (http://www.openssh.org/txt/release-5.8):Colin Watson
- Fix stack information leak in legacy certificate signing (http://www.openssh.com/txt/legacy-cert.adv).
2011-01-27releasing version 1:5.7p1-2Colin Watson