summaryrefslogtreecommitdiff
path: root/debian
AgeCommit message (Collapse)Author
2005-09-14 - Fix HAVE_GSSAPI_KRB5_H/HAVE_GSSAPI_GSSAPI_KRB5_H typos inColin Watson
gss-serv-krb5.c.
2005-09-14 - Update commented-out Kerberos/GSSAPI options in default sshd_config.Colin Watson
2005-09-14 - openssh-client and openssh-server replace ssh-krb5.Colin Watson
2005-09-14 - Build-depend on libkrb5-dev and configure --with-kerberos5=/usr.Colin Watson
2005-09-14Update copyright file for GSSAPI key exchange patch.Colin Watson
2005-09-14* Add remaining pieces of Kerberos support (closes: #275472):Colin Watson
- Add GSSAPI key exchange support from http://www.sxw.org.uk/computing/patches/openssh.html (thanks, Stephen Frost).
2005-09-14* Annotate 1:4.1p1-1 changelog with CVE references.Colin Watson
- SECURITY (CAN-2005-2797): Fix a bug introduced in OpenSSH 4.0 that caused GatewayPorts to be incorrectly activated for dynamic ("-D") port forwardings when no listen address was explicitly specified (closes: #326065). - SECURITY (CAN-2005-2798): Fix improper delegation of GSSAPI credentials. This code is only built in openssh-krb5, not openssh, but I mention the CVE reference here anyway for completeness.
2005-09-14releasing version 1:4.2p1-1Colin Watson
2005-09-14* Set X11Forwarding to yes in the default sshd_config (new installs only).Colin Watson
At least when X11UseLocalhost is turned on, which is the default, the security risks of using X11 forwarding are risks to the client, not to the server (closes: #320104).
2005-09-14* openssh-client and openssh-server conflict with pre-split ssh to avoidColin Watson
problems when ssh is left un-upgraded (closes: #324695).
2005-09-14Flesh out changelog for upstream changes in 4.2p1.Colin Watson
2005-09-14* debian/rules: Resynchronise CFLAGS with that generated by configure.Colin Watson
2005-09-14Merge 4.2p1 to the trunk.Colin Watson
2005-09-02releasing version 1:4.1p1-7Colin Watson
2005-09-02* Policy version 3.6.2: no changes required.Colin Watson
2005-09-02* Fix XSIish uses of 'test' in openssh-server.preinst.Colin Watson
2005-09-02* Add GNU/kFreeBSD support (thanks, Aurelien Jarno; closes: #318113).Colin Watson
2005-09-02* Work around the ssh-askpass alternative somehow ending up in manual modeColin Watson
pointing to the obsolete /usr/lib/ssh/gnome-ssh-askpass.
2005-07-09Do the IDEA host key check on a temporary file to avoid alteringColin Watson
/etc/ssh/ssh_host_key itself (closes: #312312).
2005-07-09fix awful formatting in check_idea_keyColin Watson
2005-07-07Finish 1:4.1p1-6.Colin Watson
2005-07-07Fix one-character typo that meant the binaries in openssh-client andColin Watson
openssh-server got recompiled with the wrong options during 'debian/rules install' (closes: #317088, #317238, #317241).
2005-07-03Finish 1:4.1p1-5.Colin Watson
2005-07-03Allow ~/.ssh/config to be group-writable, provided that the group inColin Watson
question contains only the file's owner (closes: #314347).
2005-07-03Disable btmp logging, since Debian's /var/log/btmp has inappropriateColin Watson
permissions (closes: #314956).
2005-07-03documentation directory reorganisation closes: #314745Colin Watson
2005-07-03Ship README.dns (closes: #284874).Colin Watson
2005-07-03Make /usr/share/doc/openssh-server and /usr/share/doc/ssh symlinks toColin Watson
/usr/share/doc/openssh-client.
2005-07-03debconf-updatepoColin Watson
2005-07-02Add Vietnamese debconf template translation (thanks, Clytie Siddall;Colin Watson
closes: #316636).
2005-06-30Drop priority of ssh to extra to match the override file.Colin Watson
2005-06-24Update Brazilian Portuguese debconf template translation (thanks, AndréColin Watson
Luís Lopes; closes: #315477).
2005-06-17Build-depend on libselinux1-dev on ppc64 too (closes: #314625).Colin Watson
2005-06-17Finish 1:4.1p1-4.Colin Watson
2005-06-17Switch to debhelper compat level 3, since 2 is deprecated.Colin Watson
2005-06-17Restore /usr/lib/sftp-server temporarily, as a symlink toColin Watson
/usr/lib/openssh/sftp-server (closes: #312891).
2005-06-17Re-enable ssh-askpass-gnome on the Hurd, now that its build-dependenciesColin Watson
are available.
2005-06-17close #308555Colin Watson
2005-06-17Manoj Srivastava:Colin Watson
- Added SELinux capability, and turned it on be default. Added restorecon calls in preinst and postinst (should not matter if the machine is not SELinux aware). By and large, the changes made should have no effect unless the rules file calls --with-selinux; and even then there should be no performance hit for machines not actively running SELinux. - Modified the preinst and postinst to call restorecon to set the security context for the generated public key files. - Added a comment to /etc/pam.d/ssh to indicate that an SELinux system may want to also include pam_selinux.so.
2005-06-14Update German debconf template translation (thanks, Jens Seidel; closes:Colin Watson
#313949).
2005-06-08openssh-client and openssh-server conflict with ssh-krb5, as ssh-krb5 onlyColin Watson
conflicts with ssh (closes: #312475).
2005-06-06Finish 1:4.1p1-3.Colin Watson
2005-06-02Finish 1:4.1p1-2.Colin Watson
2005-06-01Apply Linux 2.2 workaround (see #239999) only on Linux.Colin Watson
2005-06-01Fix DEB_HOST_ARCH_OS/DEB_HOST_GNU_SYSTEM compatibility handling.Colin Watson
2005-05-31ssh-keygen -> ssh-keysign (OK Matti Pöllä), in case this translation getsColin Watson
resurrected
2005-05-31Remove unnecessary SSH_KEYSIGN variable overrides.Colin Watson
2005-05-31Fix picky lintian errors about slogin symlinks.Colin Watson
2005-05-31Add lintian overrides for the above (setuid-binary, no-debconf-templates).Colin Watson
2005-05-31Since ssh-keysign isn't used by default (you need to set EnableSSHKeysignColin Watson
to "yes" in /etc/ssh/ssh_config), having a debconf question to ask whether it should be setuid is overkill, and the question text had got out of date anyway. Remove this question, ship ssh-keysign setuid in openssh-client.deb, and set a statoverride if the debconf question was previously set to false.