openssh (1:3.7.1p2-1) UNRELEASED; urgency=low * New upstream release (closes: #232281): - New PAM implementation based on that in FreeBSD. This runs PAM session modules before dropping privileges (closes: #132681, #150968). - 'ssh -q' suppresses login banner (closes: #134589). - sshd doesn't lie to PAM about invalid usernames (closes: #157078). - ssh-add prints key comment on each prompt (closes: #181869). - Punctuation formatting fixed in man pages (closes: #191131). - EnableSSHKeysign documented in ssh_config(5) (closes: #224457). * Add 'UsePAM yes' to /etc/ssh/sshd_config on upgrade from versions older than this, to maintain the standard Debian sshd configuration. * Comment out PAMAuthenticationViaKbdInt and RhostsAuthentication in sshd_config on upgrade. Neither option is supported any more. * Remove -fno-builtin-log, -DHAVE_MMAP_ANON_SHARED, and -D__FILE_OFFSET_BITS=64 compiler options, which are no longer necessary. * Darren Tucker: - Supply newlines in chauthtok PAM conversation function and in accumulated PAM_TEXT_INFO and PAM_ERROR_MSG messages. - Store output from pam_session and pam_setcred for display after login, to fix problems with missing output from PAM session modules. -- Colin Watson Tue, 23 Sep 2003 19:22:38 +0100 openssh (1:3.6.1p2-12) unstable; urgency=low * Update Spanish debconf template translation (thanks, Javier Fernández-Sanguino Peña; closes: #228242). * Add debconf template translations: - Czech (thanks, Miroslav Kure; closes: #230110). - Simplified Chinese (thanks, Hiei Xu; closes: #230726). -- Colin Watson Wed, 11 Feb 2004 09:37:57 +0000 openssh (1:3.6.1p2-11) unstable; urgency=low * Comment out pam_limits in default configuration, for now at least (closes: #198254). * Use invoke-rc.d (if it exists) to run the init script. * Backport format string bug fix in sshconnect.c (closes: #225238). * ssh-copy-id exits if ssh fails (closes: #215252). -- Colin Watson Sun, 4 Jan 2004 18:59:21 +0000 openssh (1:3.6.1p2-10) unstable; urgency=low * Use --retry in init script when restarting rather than sleeping, to make sure the old process is dead (thanks, Herbert Xu; closes: #212117). Depend on dpkg (>= 1.9.0) for start-stop-daemon's --retry option. * Update debconf template translations: - Brazilian Portuguese (thanks, Andre Luis Lopes; closes: #219844). - Danish (thanks, Morten Brix Pedersen; closes: #217964). - Japanese (thanks, Kenshi Muto; closes: #212497). - Russian (thanks, Ilgiz Kalmetev). - Spanish (thanks, Carlos Valdivia Yagüe; closes: #211832). * Add Dutch debconf template translation (thanks, cobaco; closes: #215372). * Update config.guess and config.sub from autotools-dev 20031007.1 (closes: #217696). * Implement New World Order for PAM configuration, including /etc/pam.d/common-* from /etc/pam.d/ssh (closes: #212959). - To backport this release to woody, you need to set DEB_BUILD_SSH_WOODY in your environment. See README.Debian. * Add more commentary to /etc/pam.d/ssh. -- Colin Watson Sun, 16 Nov 2003 01:14:16 +0000 openssh (1:3.6.1p2-9) unstable; urgency=high * Merge even more buffer allocation fixes from upstream (CAN-2003-0682; closes: #211434). -- Colin Watson Fri, 19 Sep 2003 10:25:25 +0100 openssh (1:3.6.1p2-8) unstable; urgency=high * Merge more buffer allocation fixes from new upstream version 3.7.1p1 (closes: #211324). -- Colin Watson Wed, 17 Sep 2003 03:07:19 +0100 openssh (1:3.6.1p2-7) unstable; urgency=high * Update debconf template translations: - French (thanks, Christian Perrier; closes: #208801). - Japanese (thanks, Kenshi Muto; closes: #210380). * Some small improvements to the English templates courtesy of Christian Perrier. I've manually unfuzzied a few translations where it was obvious, on Christian's advice, but the others will have to be updated. * Document how to generate an RSA1 host key (closes: #141703). * Incorporate NMU fix for early buffer expansion vulnerability, CAN-2003-0693 (closes: #211205). Thanks to Michael Stone. -- Colin Watson Tue, 16 Sep 2003 14:32:28 +0100 openssh (1:3.6.1p2-6.0) unstable; urgency=high * SECURITY: fix for CAN-2003-0693, buffer allocation error -- Michael Stone Tue, 16 Sep 2003 08:27:07 -0400 openssh (1:3.6.1p2-6) unstable; urgency=medium * Use a more CVS-friendly means of setting SSH_VERSION. * Update Brazilian Portuguese debconf template translation (thanks, Andre Luis Lopes; closes: #208036). * Don't run 'sshd -t' in init script if the server isn't to be run (closes: #197576). * Fix login delay, spurious auth.log entry, and PermitRootLogin information leakage due to PAM issues with upstream's recent security update (thanks, Darren Tucker; closes: #99168, #192207, #193546). * Policy version 3.6.1: recode this changelog to UTF-8. -- Colin Watson Wed, 3 Sep 2003 19:14:02 +0100 openssh (1:3.6.1p2-5) unstable; urgency=low * Disable cmsg_type check for file descriptor passing when running on Linux 2.0 (closes: #150976). Remove comments about non-functional privilege separation on 2.0 from ssh/privsep_ask and ssh/privsep_tell debconf questions and from README.Debian, since it should all now work. * Fix "defails" typo in generated sshd_config (closes: #206484). * Backport upstream patch to strip trailing whitespace (including newlines) from configuration directives (closes: #192079). -- Colin Watson Wed, 27 Aug 2003 02:19:57 +0100 openssh (1:3.6.1p2-4) unstable; urgency=low * getent can get just one key; no need to use grep (thanks, James Troup). * Move /usr/local/bin to the front of the default path, following /etc/login.defs (closes: #201150). * Remove specifics of problematic countries from package description (closes: #197040). * Update Spanish debconf template translation (thanks, Carlos Valdivia Yagüe; closes: #198456). * Backport upstream patch to pass monitor signals through to child (closes: #164797). -- Colin Watson Sun, 27 Jul 2003 17:31:15 +0100 openssh (1:3.6.1p2-3) unstable; urgency=low * Update French debconf template translation (thanks, Christian Perrier; closes: #194323). * Version the adduser dependency for --no-create-home (closes: #195756). * Add a version of moduli(5), namely revision 1.7 of http://www.openbsd.org/cgi-bin/cvsweb/src/share/man/man5/moduli.5 with '/etc/moduli' changed to '/etc/ssh/moduli' throughout (closes: #196061). -- Colin Watson Mon, 9 Jun 2003 02:51:35 +0100 openssh (1:3.6.1p2-2) unstable; urgency=low * Force /etc/default/ssh to be non-executable, since dpkg apparently doesn't deal with permissions changes on conffiles (closes: #192966). * Use debconf 0.5's seen flag rather than the deprecated isdefault. * Add GPL location to copyright file. * Remove debian/postinst.old. * Switch to po-debconf, with some careful manual use of po2debconf to ensure that the source package continues to build smoothly on woody (closes: #183986). * Update debconf template translations: - Brazilian Portugese (thanks, Andre Luis Lopes; see #183986). - Japanese (thanks, Tomohiro KUBOTA; closes: #192429). * Compile with -fno-builtin-log for now, otherwise gcc-3.3 complains "log.h:59: warning: conflicting types for built-in function `log'". The OpenSSH log() function has been renamed in upstream CVS. -- Colin Watson Mon, 19 May 2003 01:52:38 +0100 openssh (1:3.6.1p2-1) unstable; urgency=medium * New upstream release, including fix for PAM user-discovery security hole (closes: #191681). * Fix ChallengeResponseAuthentication default in generated sshd_config (closes: #106037). * Put newlines after full stops in man page documentation for ProtocolKeepAlives and SetupTimeOut. * Policy version 3.5.9: support DEB_BUILD_OPTIONS=noopt, build gnome-ssh-askpass with -g and -Wall flags. * Really ask ssh/new_config debconf question before trying to fetch its value (closes: #188721). * On purge, remove only the files we know about in /etc/ssh rather than the whole thing, and remove the directory if that leaves it empty (closes: #176679). * ssh has depended on debconf for some time now with no complaints, so: - Simplify the postinst by relying on debconf being present. (The absent case was buggy anyway.) - Get rid of "if you have not installed debconf" text in README.Debian, and generally update the "/usr/bin/ssh not SUID" entry. * More README.Debian work: - Reorganize into "UPGRADE ISSUES" and "OTHER ISSUES", in an effort to make it easier for people to find the former. The upgrade issues should probably be sorted by version somehow. - Document X11UseLocalhost under "X11 Forwarding" (closes: #150913). * Fix setting of IP flags for interactive sessions (upstream bug #541). -- Colin Watson Mon, 5 May 2003 17:47:40 +0100 openssh (1:3.6.1p1-1) unstable; urgency=low * New upstream release (thanks, Laurence J. Lane). * debian/control: ssh-askpass-gnome is now Section: gnome, following the override file. -- Colin Watson Wed, 2 Apr 2003 00:51:02 +0100 openssh (1:3.6p1-1) unstable; urgency=low * New upstream release. - Workaround applied upstream for a bug in the interaction of glibc's getaddrinfo() with the Linux 2.2 kernel (closes: #155814). - As such, it should now be safe to remove --with-ipv4-default, so starting sshd with -6 is no longer necessary (closes: #79861 and lots of other merged bugs). - ssh-copy-id prints usage when run without arguments (closes: #71376). - scp exits 1 if ssh fails (closes: #138400). - sshd writes to utmp's ut_addr_v6 field in IPv6 mode (closes: #167867). - 'ssh-add -c' causes ssh-agent to ask the user each time a key is used (closes: #109795). * Install /etc/default/ssh non-executable (closes: #185537). -- Colin Watson Mon, 31 Mar 2003 23:00:59 +0100 openssh (1:3.5p1-5) unstable; urgency=low * Add /etc/default/ssh (closes: #161049). * Run the init script under 'set -e' (closes: #175010). * Change the default superuser path to include /sbin, /usr/sbin, and /usr/local/sbin (closes: #128235, #151267). Using login.defs would be nice, but that belongs to another package. Without a defined API to retrieve its settings, parsing it is off-limits. * Build ssh-askpass-gnome with GNOME 2. The source package should still support building on stable with GNOME 1, using the alternate libgnome-dev build-dependency (thanks, Colin Walters; closes: #167582). -- Colin Watson Sun, 9 Mar 2003 20:12:10 +0000 openssh (1:3.5p1-4) unstable; urgency=low * Point rlogin and rcp alternatives at slogin and scp respectively rather than ssh (closes: #121103, #151666). Fix alternative removal to match; previously it was completely wrong anyway. * Find out whether /etc/ssh/sshd_not_to_be_run exists and set the debconf question's default using that information, rather than using debconf as a registry. Other solutions may be better in the long run, but this is at least correct (thanks, Matthew Woodcraft; closes: #84725). * Stop using pam_lastlog, as it doesn't currently work well as a session module when privilege separation is enabled; it can usually read /var/log/lastlog but can't write to it. Instead, just use sshd's built-in support, already enabled by default (closes: #151297, #169938). * Use 'ssh-keygen -q' rather than redirecting output to /dev/null. * Add a "this may take some time" warning when creating host keys on installation (part of #110094). * When restarting via the init script, check for sshd_not_to_be_run after stopping sshd (idea from Tomas Pospisek; closes: #149850). * Append /usr/sbin:/sbin to the init script's $PATH, just in case of strangeness (closes: #115138). * Fix a dpkg-statoverride call to redirect stdout to /dev/null, not stderr. * Correct copyright file typo: "orignal" -> "original" (closes: #176490). * Rebuild with libssl0.9.7 (closes: #176983). * We're up to policy version 3.5.6. DEB_BUILD_OPTIONS stuff still needs to be looked at. -- Colin Watson Sat, 18 Jan 2003 01:37:23 +0000 openssh (1:3.5p1-3) unstable; urgency=low * Happy new year! * Use getent rather than id to find out whether the sshd user exists (closes: #150974). * Remove some duplication from the postinst's ssh-keysign setuid code. * Replace db_text with db_input throughout debian/config. (db_text has been a compatibility wrapper since debconf 0.1.5.) * Warn about PermitUserEnvironment on upgrade (closes: #167895). * Use 'make install-nokeys', and disable unused debhelper commands, thereby forward-porting the last pieces of Zack Weinberg's patch (closes: #68341). * Move the man page for gnome-ssh-askpass from the ssh package to ssh-askpass-gnome (closes: #174449). * Build with -DLOGIN_NO_ENDOPT, since Debian's /bin/login doesn't accept '--' to terminate the list of options (closes: #171554). * Add Jonathan Amery's ssh-argv0 script (closes: #111341). * Update Danish debconf template (thanks, Morten Brix Pedersen; closes: #174757). * Document setgid ssh-agent's effect on certain environment variables in README.Debian (closes: #167974). * Document interoperability problems between scp and ssh.com's server in README.Debian, and suggest some workarounds (closes: #174662). -- Colin Watson Wed, 1 Jan 2003 14:18:30 +0000 openssh (1:3.5p1-2) unstable; urgency=low * Mention in the ssh package description that it provides both ssh and sshd (closes: #99680). * Create a system group for ssh-agent, not a user group (closes: #167669). -- Colin Watson Mon, 4 Nov 2002 13:43:53 +0000 openssh (1:3.5p1-1) unstable; urgency=low * New upstream release. - Fixes typo in ssh-add usage (closes: #152239). - Fixes 'PermitRootLogin forced-commands-only' (closes: #166184). - ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys are deprecated for security reasons and will eventually go away. For now they can be re-enabled by setting 'PermitUserEnvironment yes' in sshd_config. - ssh-agent is installed setgid to prevent ptrace() attacks. The group actually doesn't matter, as it drops privileges immediately, but to avoid confusion the postinst creates a new 'ssh' group for it. * Obsolete patches: - Solar Designer's privsep+compression patch for Linux 2.2 (see 1:3.3p1-0.0woody1). - Hostbased auth ssh-keysign backport (see 1:3.4p1-4). * Remove duplicated phrase in ssh_config(5) (closes: #152404). * Source the debconf confmodule at the top of the postrm rather than at the bottom, to avoid making future non-idempotency problems worse (see #151035). * Debconf templates: - Add Polish (thanks, Grzegorz Kusnierz). - Update French (thanks, Denis Barbier; closes: #132509). - Update Spanish (thanks, Carlos Valdivia Yagüe; closes: #164716). * Write a man page for gnome-ssh-askpass, and link it to ssh-askpass.1 if this is the selected ssh-askpass alternative (closes: #67775). -- Colin Watson Sat, 26 Oct 2002 19:41:51 +0100 openssh (1:3.4p1-4) unstable; urgency=low * Allow ssh-krb5 in ssh-askpass-gnome's dependencies (closes: #129532). * Restore Russia to list of countries where encryption is problematic (see #148951 and http://www.average.org/freecrypto/). * Drop ssh-askpass-gnome's priority to optional, per the override file. * Drop the PAM special case for hurd-i386 (closes: #99157). * s/dile/idle/ in ssh_config(5) (closes: #118331). * Note in README.Debian that you need xauth from xbase-clients on the server for X11 forwarding (closes: #140269). * Use correct path to upstream README in copyright file (closes: #146037). * Document the units for ProtocolKeepAlives (closes: #159479). * Backport upstream patch to fix hostbased auth (closes: #117114). * Add -g to CFLAGS. -- Colin Watson Sun, 13 Oct 2002 18:58:53 +0100 openssh (1:3.4p1-3) unstable; urgency=low * Add myself to Uploaders: and begin acting as temporary maintainer, at Matthew's request. (Normal service will resume in some months' time.) * Add sharutils to Build-Depends (closes: #138465). * Stop creating the /usr/doc/ssh symlink. * Fix some debconf template typos (closes: #160358). * Split debconf templates into one file per language. * Add debconf template translations: - Brazilian Portuguese (thanks, Andre Luis Lopes; closes: #106173). - Danish (thanks, Claus Hindsgaul; closes: #126607). - Japanese (thanks, Tomohiro KUBOTA; closes: #137427). - Russian (thanks, Ilgiz Kalmetev; closes: #136610). - Spanish (thanks, Carlos Valdivia Yagüe; closes: #129041). * Update debconf template translations: - French (thanks, Igor Genibel; closes: #151361). - German (thanks, Axel Noetzold; closes: #147069). * Some of these translations are fuzzy. Please send updates. -- Colin Watson Sun, 13 Oct 2002 14:09:57 +0100 openssh (1:3.4p1-2) unstable; urgency=high * Get a security-fixed version into unstable * Also tidy README.Debian up a little -- Matthew Vernon Fri, 28 Jun 2002 17:20:59 +0100 openssh (1:3.4p1-1) testing; urgency=high * Extend my tendrils back into this package (Closes: #150915, #151098) * thanks to the security team for their work * no thanks to ISS/Theo de Raadt for their handling of these bugs * save old sshd_configs to sshd_config.dpkg-old when auto-generating a new one * tell/ask the user about PriviledgeSeparation * /etc/init.d/ssh run will now create the chroot empty dir if necessary * Remove our previous statoverride on /usr/bin/ssh (only for people upgrading from a version where we'd put one in ourselves!) * Stop slandering Russia, since someone asked so nicely (Closes: #148951) * Reduce the sleep time in /etc/init.d/ssh during a restart -- Matthew Vernon Fri, 28 Jun 2002 15:52:10 +0100 openssh (1:3.4p1-0.0woody1) testing-security; urgency=high * NMU by the security team. * New upstream version -- Michael Stone Wed, 26 Jun 2002 15:40:38 -0400 openssh (1:3.3p1-0.0woody4) testing-security; urgency=high * NMU by the security team. * fix error when /etc/ssh/sshd_config exists on new install * check that user doesn't exist before running adduser * use openssl internal random unconditionally -- Michael Stone Tue, 25 Jun 2002 19:44:39 -0400 openssh (1:3.3p1-0.0woody3) testing-security; urgency=high * NMU by the security team. * use correct home directory when sshd user is created -- Michael Stone Tue, 25 Jun 2002 08:59:50 -0400 openssh (1:3.3p1-0.0woody2) testing-security; urgency=high * NMU by the security team. * Fix rsa1 key creation (Closes: #150949) * don't fail if sshd user removal fails * depends: on adduser (Closes: #150907) -- Michael Stone Tue, 25 Jun 2002 08:59:50 -0400 openssh (1:3.3p1-0.0woody1) testing-security; urgency=high * NMU by the security team. * New upstream version. - Enable privilege separation by default. * Include patch from Solar Designer for privilege separation and compression on 2.2.x kernels. * Remove --disable-suid-ssh from configure. * Support setuid ssh-keysign binary instead of setuid ssh client. * Check sshd configuration before restarting. -- Daniel Jacobowitz Mon, 24 Jun 2002 13:43:44 -0400 openssh (1:3.0.2p1-9) unstable; urgency=high * Thanks to those who NMUd * The only change in this version is to debian/control - I've removed the bit that says you can't export it from the US - it would look pretty daft to say this about a package in main! Also, it's now OK to use crypto in France, so I've edited that comment slightly * Correct a path in README.Debian too (Closes: #138634) -- Matthew Vernon Sun, 4 Apr 2002 09:52:59 +0100 openssh (1:3.0.2p1-8.3) unstable; urgency=medium * NMU * Really set urgency to medium this time (oops) * Fix priority to standard per override while I'm at it -- Aaron M. Ucko Sun, 24 Mar 2002 09:00:08 -0500 openssh (1:3.0.2p1-8.2) unstable; urgency=low * NMU with maintainer's permission * Prepare for upcoming ssh-nonfree transitional packages per * Urgency medium because it would really be good to get this into woody before it releases * Fix sections to match override file * Reissued due to clash with non-US -> main move -- Aaron M. Ucko Sat, 23 Mar 2002 21:21:52 -0500 openssh (1:3.0.2p1-8.1) unstable; urgency=low * NMU * Move from non-US to mani -- LaMont Jones Thu, 21 Mar 2002 09:33:50 -0700 openssh (1:3.0.2p1-8) unstable; urgency=critical * Security fix - patch from upstream (Closes: #137209, #137210) * Undo the changes in the unreleased -7, since they appear to break things here. Accordingly, the code change is minimal, and I'm happy to get it into testing ASAP -- Matthew Vernon Thu, 7 Mar 2002 14:25:23 +0000 openssh (1:3.0.2p1-7) unstable; urgency=high * Build to support IPv6 and IPv4 by default again -- Matthew Vernon Sat, 2 Mar 2002 00:25:05 +0000 openssh (1:3.0.2p1-6) unstable; urgency=high * Correct error in the clean target (Closes: #130868) -- Matthew Vernon Sat, 26 Jan 2002 00:32:00 +0000 openssh (1:3.0.2p1-5) unstable; urgency=medium * Include the Debian version in our identification, to make it easier to audit networks for patched versions in future -- Matthew Vernon Mon, 21 Jan 2002 17:16:10 +0000 openssh (1:3.0.2p1-4) unstable; urgency=medium * If we're asked to not run sshd, stop any running sshd's first (Closes: #129327) -- Matthew Vernon Wed, 16 Jan 2002 21:24:16 +0000 openssh (1:3.0.2p1-3) unstable; urgency=high * Fix /etc/pam.d/ssh to not set $MAIL (Closes: #128913) * Remove extra debconf suggestion (Closes: #128094) * Mmm. speedy bug-fixing :-) -- Matthew Vernon Sat, 12 Jan 2002 17:23:58 +0000 openssh (1:3.0.2p1-2) unstable; urgency=high * Fix postinst to not automatically overwrite sshd_config (!) (Closes: #127842, #127867) * Add section in README.Debian about the PermitRootLogin setting -- Matthew Vernon Sat, 5 Jan 2003 05:26:30 +0000 openssh (1:3.0.2p1-1) unstable; urgency=high * Incorporate fix from Colin's NMU * New upstream version (fixes the bug Wichert fixed) (Closes: #124035) * Capitalise IETF (Closes: #125379) * Refer to the correct sftp-server location (Closes: #126854, #126224) * Do what we're asked re SetUID ssh (Closes: #124065, #124154, #123247) * Ask people upgrading from potato if they want a new conffile (Closes: #125642) * Fix a typo in postinst (Closes: #122192, #122410, #123440) * Frob the default config a little (Closes: #122284, #125827, #125696, #123854) * Make /etc/init.d/ssh be more clear about ssh not running (Closes: #123552) * Fix typo in templates file (Closes: #123411) -- Matthew Vernon Fri, 4 Jan 2002 16:01:52 +0000 openssh (1:3.0.1p1-1.2) unstable; urgency=high * Non-maintainer upload * Prevent local users from passing environment variables to the login process when UseLogin is enabled -- Wichert Akkerman Mon, 3 Dec 2001 19:34:45 +0100 openssh (1:3.0.1p1-1.1) unstable; urgency=low * Non-maintainer upload, at Matthew's request. * Remove sa_restorer assignment to fix compilation on alpha, hppa, and ia64 (closes: #122086). -- Colin Watson Sun, 2 Dec 2001 18:54:16 +0000 openssh (1:3.0.1p1-1) unstable; urgency=high * New upstream version (Closes: #113646, #113513, #114707, #118564) * Building with a libc that works (!) (Closes: #115228) * Patches forward-ported are -1/-2 options for scp, the improvement to 'waiting for forwarded connections to terminate...' * Fix /etc/init.d/ssh to stop sshd properly (Closes: #115228) * /etc/ssh/sshd_config is no longer a conffile but generated in the postinst * Remove suidregister leftover from postrm * Mention key we are making in the postinst * Default to not enable SSH protocol 1 support, since protocol 2 is much safer anyway. * New version of the vpn-fixes patch, from Ian Jackson * New handling of -q, and added new -qq option; thanks to Jon Amery * Experimental smartcard support not enabled, since I have no way of testing it. -- Matthew Vernon Thu, 28 Nov 2001 17:43:01 +0000 openssh (1:2.9p2-6) unstable; urgency=low * check for correct file in /etc/init.d/ssh (Closes: #110876) * correct location of version 2 keys in ssh.1 (Closes: #110439) * call update-alternatives --quiet (Closes: #103314) * hack ssh-copy-id to chmod go-w (Closes: #95551) * TEMPORARY fix to provide largefile support using a -D in the cflags line. long-term, upstream will patch the autoconf stuff (Closes: #106809, #111849) * remove /etc/rc references in ssh-keygen.1 (Closes: #68350) * scp.1 patch from Adam McKenna to document -r properly (Closes: #76054) * Check for files containing a newline character (Closes: #111692) -- Matthew Vernon Thu, 13 Sep 2001 16:47:36 +0100 openssh (1:2.9p2-5) unstable; urgency=high * Thanks to all the bug-fixers who helped! * remove sa_restorer assignment (Closes: #102837) * patch from Peter Benie to DTRT wrt X forwarding if the server refuses us access (Closes: #48297) * patch from upstream CVS to fix port forwarding (Closes: #107132) * patch from Jonathan Amery to document ssh-keygen behaviour (Closes:#106643, #107512) * patch to postinst from Jonathan Amery (Closes: #106411) * patch to manpage from Jonathan Amery (Closes: #107364) * patch from Matthew Vernon to make -q emit fatal errors as that is the documented behaviour (Closes: #64347) * patch from Ian Jackson to cause us to destroy a file when we scp it onto itself, rather than dumping bits of our memory into it, which was a security hole (see #51955) * patch from Jonathan Amery to document lack of Kerberos support (Closes: #103726) * patch from Matthew Vernon to make the 'waiting for connections to terminate' message more helpful (Closes: #50308) -- Matthew Vernon Thu, 23 Aug 2001 02:14:09 +0100 openssh (1:2.9p2-4) unstable; urgency=high * Today's build of ssh is strawberry flavoured * Patch from mhp to reduce length of time sshd is stopped for (Closes: #106176) * Tidy up debconf template (Closes: #106152) * If called non-setuid, then setgid()'s failure should not be fatal (see #105854) -- Matthew Vernon Sun, 22 Jul 2001 14:19:43 +0100 openssh (1:2.9p2-3) unstable; urgency=low * Patch from yours truly to add -1 and -2 options to scp (Closes: #106061) * Improve the IdentityFile section in the man page (Closes: #106038) -- Matthew Vernon Sat, 21 Jul 2001 14:47:27 +0100 openssh (1:2.9p2-2) unstable; urgency=low * Document the protocol version 2 and IPV6 changes (Closes: #105845, #105868) * Make PrintLastLog 'no' by default (Closes: #105893) -- Matthew Vernon Thu, 19 Jul 2001 18:36:41 +0100 openssh (1:2.9p2-1) unstable; urgency=low * new (several..) upstream version (Closes: #96726, #81856, #96335) * Hopefully, this will close some other bugs too -- Matthew Vernon Tue, 17 Jul 2001 19:41:58 +0100 openssh (1:2.5.2p2-3) unstable; urgency=low * Taking Over this package * Patches from Robert Bihlmeyer for the Hurd (Closes: #102991) * Put PermitRootLogin back to yes (Closes: #67334, #67371, #78274) * Don't fiddle with conf-files any more (Closes: #69501) -- Matthew Vernon Tue, 03 Jul 2001 02:58:13 +0100 openssh (1:2.5.2p2-2.2) unstable; urgency=low * NMU * Include Hurd compatibility patches from Robert Bihlmeyer (Closes: #76033) * Patch from Richard Kettlewell for protocolkeepalives (Closes: #99273) * Patch from Matthew Vernon for BannerTimeOut, batchmode, and documentation for protocolkeepalives. Makes ssh more generally useful for scripting uses (Closes: #82877, #99275) * Set a umask, so ourpidfile isn't world-writable (closes: #100012, #98286, #97391) -- Matthew Vernon Thu, 28 Jun 2001 23:15:42 +0100 openssh (1:2.5.2p2-2.1) unstable; urgency=low * NMU * Remove duplicate Build-Depends for libssl096-dev and change it to depend on libssl-dev instaed. Also adding in virtual | real package style build-deps. (Closes: #93793, #75228) * Removing add-log entry (Closes: #79266) * This was a pam bug from a while back (Closes: #86908, #88457, #86843) * pam build-dep already exists (Closes: #93683) * libgnome-dev build-dep already exists (Closes: #93694) * No longer in non-free (Closes: #85401) * Adding in fr debconf translations (Closes: #83783) * Already suggests xbase-clients (Closes: #79741) * No need to suggest libpam-pwdb anymore (Closes: #81658) * Providing rsh-client (Closes: #79437) * hurd patch was already applied (Closes: #76033) * default set to no (Closes: #73682) * Adding in a suggests for dnsutils (Closes: #93265) * postinst bugs fixed (Closes: #88057, #88066, #88196, #88405, #88612) (Closes: #88774, #88196, #89556, #90123, #90228, #90833, #87814, #85465) * Adding in debconf dependency -- Ivan E. Moore II Mon, 16 Apr 2001 14:11:04 +0100 openssh (1:2.5.2p2-2) unstable; urgency=high * disable the OpenSSL version check in entropy.c (closes: #93581, #93588, #93590, #93614, #93619, #93635, #93648) -- Philip Hands Wed, 11 Apr 2001 20:30:04 +0100 openssh (1:2.5.2p2-1) unstable; urgency=low * New upstream release * removed make-ssh-known-hosts, since ssh-keyscan does that job (closes: #86069, #87748) * fix double space indent in german templates (closes: #89493) * make postinst check for ssh_host_rsa_key * get rid of the last of the misguided debian/rules NMU debris :-/ -- Philip Hands Sat, 24 Mar 2001 20:59:33 +0000 openssh (1:2.5.1p2-2) unstable; urgency=low * rebuild with new debhelper (closes: #89558, #89536, #90225) * fix broken dpkg-statoverride test in postinst (closes: #89612, #90474, #90460, #89605) * NMU bug fixed but not closed in last upload (closes: #88206) -- Philip Hands Fri, 23 Mar 2001 16:11:33 +0000 openssh (1:2.5.1p2-1) unstable; urgency=high * New upstream release * fix typo in postinst (closes: #88110) * revert to setting PAM service name in debian/rules, backing out last NMU, which also (closes: #88101) * restore the pam lastlog/motd lines, lost during the NMUs, and sshd_config * restore printlastlog option patch * revert to using debhelper, which had been partially disabled in NMUs -- Philip Hands Tue, 13 Mar 2001 01:41:34 +0000 openssh (1:2.5.1p1-1.8) unstable; urgency=high * And now the old pam-bug s/sshd/ssh in ssh.c is also fixed -- Christian Kurz Thu, 1 Mar 2001 19:48:01 +0100 openssh (1:2.5.1p1-1.7) unstable; urgency=high * And now we mark the correct binary as setuid, when a user requested to install it setuid. -- Christian Kurz Thu, 1 Mar 2001 07:19:56 +0100 openssh (1:2.5.1p1-1.6) unstable; urgency=high * Fixes postinst to handle overrides that are already there. Damn, I should have noticed the bug earlier. -- Christian Kurz Wed, 28 Feb 2001 22:35:00 +0100 openssh (1:2.5.1p1-1.5) unstable; urgency=high * Rebuild ssh with pam-support. -- Christian Kurz Mon, 26 Feb 2001 21:55:51 +0100 openssh (1:2.5.1p1-1.4) unstable; urgency=low * Added Build-Depends on libssl096-dev. * Fixed sshd_config file to disallow root logins again. -- Christian Kurz Sun, 25 Feb 2001 20:03:55 +0100 openssh (1:2.5.1p1-1.3) unstable; urgency=low * Fixed missing manpages for sftp.1 and ssh-keyscan.1 * Made package policy 3.5.2 compliant. -- Christian Kurz Sun, 25 Feb 2001 15:46:26 +0100 openssh (1:2.5.1p1-1.2) unstable; urgency=low * Added Conflict with sftp, since we now provide our own sftp-client. * Added a fix for our broken dpkg-statoverride call in the 2.3.0p1-13. * Fixed some config pathes in the comments of sshd_config. * Removed ssh-key-exchange-vulnerability-patch since it's not needed anymore because upstream included the fix. -- Christian Kurz Sun, 25 Feb 2001 13:46:58 +0100 openssh (1:2.5.1p1-1.1) unstable; urgency=high * Another NMU to get the new upstream version 2.5.1p1 into unstable. (Closes: #87123) * Corrected postinst to mark ssh as setuid. (Closes: #86391, #85766) * Key Exchange patch is already included by upstream. (Closes: #86015) * Upgrading should be possible now. (Closes: #85525, #85523) * Added --disable-suid-ssh as compile option, so ssh won't get installed suid per default. * Fixed postinst to run dpkg-statoverride only, when dpkg-statoverride is available and the mode of the binary should be 4755. And also added suggestion for a newer dpkg. (Closes: #85734, #85741, #86876) * sftp and ssh-keyscan will also be included from now on. (Closes: #79994) * scp now understands spaces in filenames (Closes: #53783, #58958, #66723) * ssh-keygen now supports showing DSA fingerprints. (Closes: #68623) * ssh doesn' t show motd anymore when switch -t is used. (Closes #69035) * ssh supports the usage of other dsa keys via the ssh command line options. (Closes: #81250) * Documentation in sshd_config fixed. (Closes: #81088) * primes file included by upstream and included now. (Closes: #82101) * scp now allows dots in the username. (Closes: #82477) * Spelling error in ssh-copy-id.1 corrected by upstream. (Closes: #78124) -- Christian Kurz Sun, 25 Feb 2001 10:06:08 +0100 openssh (1:2.3.0p1-1.13) unstable; urgency=low * Config should now also be fixed with this hopefully last NMU. -- Christian Kurz Sat, 10 Feb 2001 22:56:36 +0100 openssh (1:2.3.0p1-1.12) unstable; urgency=high * Added suggest for xbase-clients to control-file. (Closes #85227) * Applied patch from Markus Friedl to fix a vulnerability in the rsa keyexchange. * Fixed position of horizontal line. (Closes: #83613) * Fixed hopefully the grep problem in the config-file. (Closes: #78802) * Converted package from suidregister to dpkg-statoverride. -- Christian Kurz Fri, 9 Feb 2001 19:43:55 +0100 openssh (1:2.3.0p1-1.11) unstable; urgency=medium * Fixed some typos in the german translation of the debconf template. -- Christian Kurz Wed, 24 Jan 2001 18:22:38 +0100 openssh (1:2.3.0p1-1.10) unstable; urgency=medium * Fixed double printing of motd. (Closes: #82618) -- Christian Kurz Tue, 23 Jan 2001 21:03:43 +0100 openssh (1:2.3.0p1-1.9) unstable; urgency=high * And the next NMU which includes the patch from Andrew Bartlett and Markus Friedl to fix the root privileges handling of openssh. (Closes: #82657) -- Christian Kurz Wed, 17 Jan 2001 22:20:54 +0100 openssh (1:2.3.0p1-1.8) unstable; urgency=high * Applied fix from Ryan Murray to allow building on other architectures since the hurd patch was wrong. (Closes: #82471) -- Christian Kurz Tue, 16 Jan 2001 22:45:51 +0100 openssh (1:2.3.0p1-1.7) unstable; urgency=medium * Fixed another typo on sshd_config -- Christian Kurz Sun, 14 Jan 2001 19:01:31 +0100 openssh (1:2.3.0p1-1.6) unstable; urgency=high * Added Build-Dependency on groff (Closes: #81886) * Added Build-Depencency on debhelper (Closes: #82072) * Fixed entry for known_hosts in sshd_config (Closes: #82096) -- Christian Kurz Thu, 11 Jan 2001 23:08:16 +0100 openssh (1:2.3.0p1-1.5) unstable; urgency=high * Fixed now also the problem with sshd used as default ipv4 and didn't use IPv6. This should be now fixed. -- Christian Kurz Thu, 11 Jan 2001 21:25:55 +0100 openssh (1:2.3.0p1-1.4) unstable; urgency=high * Fixed buggy entry in postinst. -- Christian Kurz Wed, 10 Jan 2001 23:12:16 +0100 openssh (1:2.3.0p1-1.3) unstable; urgency=high * After finishing the rewrite of the rules-file I had to notice that the manpage installation was broken. This should now work again. -- Christian Kurz Wed, 10 Jan 2001 22:11:59 +0100 openssh (1:2.3.0p1-1.2) unstable; urgency=high * Fixed the screwed up build-dependency. * Removed --with-ipv4-default to support ipv6. * Changed makefile to use /etc/pam.d/ssh instead of /etc/pam.d/sshd. * Fixed location to sftp-server in config. * Since debian still relies on /etc/pam.d/ssh instead of moving to /etc/pam.d/sshd, I had to hack ssh.h to get ssh to use this name. * Fixed path to host key in sshd_config. -- Christian Kurz Wed, 10 Jan 2001 08:23:47 +0100 openssh (1:2.3.0p1-1.1) unstable; urgency=medium * NMU with permission of Phil Hands. * New upstream release * Update Build-Depends to point to new libssl096. * This upstream release doesn't leak any information depending on the setting of PermitRootLogin (Closes: #59933) * New upstream release contains fix against forcing a client to do X/agent forwarding (Closes: #76788) * Changed template to contain correct path to the documentation (Closes: #67245) * Added --with-4in6 switch as compile option into debian/rules. * Added --with-ipv4-default as compile option into debian/rules. (Closes: #75037) * Changed default path to also contain /usr/local/bin and /usr/X11R6/bin (Closes: #62472,#54567,#62810) * Changed path to sftp-server in sshd_config to match the our package (Closes: #68347) * Replaced OpenBSDh with OpenBSD in the init-script. * Changed location to original source in copyright.head * Changed behaviour of init-script when invoked with the option restart (Closes: #68706,#72560) * Added a note about -L option of scp to README.Debian * ssh won't print now the motd if invoked with -t option (Closes: #59933) * RFC.nroff.gz get's now converted into RFC.gz. (Closes: #63867) * Added a note about tcp-wrapper support to README.Debian (Closes: #72807,#22190) * Removed two unneeded options from building process. * Added sshd.pam into debian dir and install it. * Commented out unnecessary call to dh_installinfo. * Added a line to sshd.pam so that limits will be paid attention to (Closes: #66904) * Restart Option has a Timeout of 10 seconds (Closes: 51264) * scp won't override files anymore (Closes: 51955) * Removed pam_lastlog module, so that the lastlog is now printed only once (Closes: #71742, #68335, #69592, #71495, #77781) * If password is expired, openssh now forces the user to change it. (Closes: #51747) * scp should now have no more problems with shell-init-files that produces ouput (Closes: #56280,#59873) * ssh now prints the motd correctly (Closes: #66926) * ssh upgrade should disable ssh daemon only if users has choosen to do so (Closes: #67478) * ssh can now be installed suid (Closes: #70879) * Modified debian/rules to support hurd. -- Christian Kurz Wed, 27 Dec 2000 20:06:57 +0100 openssh (1:2.2.0p1-1.1) unstable; urgency=medium * Non-Maintainer Upload * Check for new returns in the new libc (closes: #72803, #74393, #72797, #71307, #71702) * Link against libssl095a (closes: #66304) * Correct check for PermitRootLogin (closes: #69448) -- Ryan Murray Wed, 18 Oct 2000 00:48:18 -0700 openssh (1:2.2.0p1-1) unstable; urgency=low * New upstream release -- Philip Hands Mon, 11 Sep 2000 14:49:43 +0100 openssh (1:2.1.1p4-3) unstable; urgency=low * add rsh alternatives * add -S option to scp (using Tommi Virtanen's patch) (closes: #63097) * do the IPV4_DEFAULT thing properly this time -- Philip Hands Fri, 11 Aug 2000 18:14:37 +0100 openssh (1:2.1.1p4-2) unstable; urgency=low * reinstate manpage .out patch from 1:1.2.3 * fix typo in postinst * only compile ssh with IPV4_DEFAULT * apply James Troup's patch to add a -o option to scp and updated manpage -- Philip Hands Sun, 30 Jul 2000 00:12:49 +0100 openssh (1:2.1.1p4-1) unstable; urgency=low * New upstream release -- Philip Hands Sat, 29 Jul 2000 14:46:16 +0100 openssh (1:1.2.3-10) unstable; urgency=low * add version to libpam-modules dependency, because old versions of pam_motd make it impossible to log in. -- Philip Hands Sat, 29 Jul 2000 13:28:22 +0100 openssh (1:1.2.3-9) frozen unstable; urgency=low * force location of /usr/bin/X11/xauth (closes: #64424, #66437, #66859) *RC* * typos in config (closes: #66779, #66780) * sshd_not_to_be_run could be assumed to be true, in error, if the config script died in an unusual way --- I've reversed this (closes: #66335) * Apply Zack Weinberg 's patch to ssh-askpass-ptk (closes: #65981) * change default for PermitRootLogin to "no" (closes: #66406) -- Philip Hands Tue, 11 Jul 2000 20:51:18 +0100 openssh (1:1.2.3-8) frozen unstable; urgency=low * get rid of Provides: rsh-server (this will mean that rstartd will need to change it's depends to deal with #63948, which I'm reopening) (closes: #66257) Given that this is also a trivial change, and is a reversal of a change that was mistakenly made after the freeze, I think this should also go into frozen. -- Philip Hands Wed, 28 Jun 2000 03:26:30 +0100 openssh (1:1.2.3-7) frozen unstable; urgency=low * check if debconf is installed before calling db_stop in postinst. This is required to allow ssh to be installed when debconf is not wanted, which probably makes it an RC upload (hopefully the last of too many). -- Philip Hands Wed, 28 Jun 2000 03:19:47 +0100 openssh (1:1.2.3-6) frozen unstable; urgency=low * fixed depressing little bug involving a line wrap looking like a blank line in the templates file *RC* (closes: #66090, #66078, #66083, #66182) -- Philip Hands Mon, 26 Jun 2000 00:45:05 +0100 openssh (1:1.2.3-5) frozen unstable; urgency=low * add code to prevent UseLogin exploit, although I think our PAM conditional code breaks UseLogin in a way that protects us from this exploit anyway. ;-) (closes: #65495) *RC* * Apply Zack Weinberg 's patch to fix keyboard grab vulnerability in ssh-askpass-gnome (closes: #64795) *RC* * stop redirection of sshd's file descriptors (introduced in 1:1.2.3-3) and use db_stop in the postinst to solve that problem instead (closes: #65104) * add Provides: rsh-server to ssh (closes: #63948) * provide config option not to run sshd -- Philip Hands Mon, 12 Jun 2000 23:05:11 +0100 openssh (1:1.2.3-4) frozen unstable; urgency=low * fixes #63436 which is *RC* * add 10 second pause in init.d restart (closes: #63844) * get rid of noenv in PAM mail line (closes: #63856) * fix host key path in make-ssh-known-hosts (closes: #63713) * change wording of SUID template (closes: #62788, #63436) -- Philip Hands Sat, 27 May 2000 11:18:06 +0100 openssh (1:1.2.3-3) frozen unstable; urgency=low * redirect sshd's file descriptors to /dev/null in init to prevent debconf from locking up during installation ** grave bug just submited by me ** -- Philip Hands Thu, 20 Apr 2000 17:10:59 +0100 openssh (1:1.2.3-2) frozen unstable; urgency=low * allow user to select SUID status of /usr/bin/ssh (closes: 62462) ** RC ** * suggest debconf * conflict with debconf{,-tiny} (<<0.2.17) so I can clean up the preinst -- Philip Hands Wed, 19 Apr 2000 17:49:15 +0100 openssh (1:1.2.3-1) frozen unstable; urgency=low * New upstream release * patch sshd to create extra xauth key required for localhost (closes: #49944) *** RC *** * FallbacktoRsh now defaults to ``no'' to match impression given in sshd_config * stop setting suid bit on ssh (closes: #58711, #58558) This breaks Rhosts authentication (which nobody uses) and allows the LD_PRELOAD trick to get socks working, so seems like a net benefit. -- Philip Hands Thu, 13 Apr 2000 20:01:54 +0100 openssh (1:1.2.2-1.4) frozen unstable; urgency=low * Recompile for frozen, contains fix for RC bug. -- Tommi Virtanen Tue, 29 Feb 2000 22:14:58 +0200 openssh (1:1.2.2-1.3) unstable; urgency=low * Integrated man page addition for PrintLastLog. This bug was filed on "openssh", and I ended up creating my own patch for this (closes: #59054) * Improved error message when ssh_exchange_identification gets EOF (closes: #58904) * Fixed typo (your -> you're) in debian/preinst. * Added else-clauses to config to make this upgradepath possible: oldssh -> openssh preinst fails due to upgrade_to_openssh=false -> ssh-nonfree -> openssh. Without these, debconf remembered the old answer, config didn't force asking it, and preinst always aborted (closes: #56596, #57782) * Moved setting upgrade_to_openssh isdefault flag to the place where preinst would abort. This means no double question to most users, people who currently suffer from "can't upgrade" may need to run apt-get install ssh twice. Did not do the same for use_old_init_script, as the situation is a bit different, and less common (closes: #54010, #56224) * Check for existance of ssh-keygen before attempting to use it in preinst, added warning for non-existant ssh-keygen in config. This happens when the old ssh is removed (say, due to ssh-nonfree getting installed). -- Tommi Virtanen Sun, 27 Feb 2000 21:36:43 +0200 openssh (1:1.2.2-1.2) frozen unstable; urgency=low * Non-maintainer upload. * Added configuration option PrintLastLog, default off due to PAM (closes: #54007, #55042) * ssh-askpass-{gnome,ptk} now provide ssh-askpass, making ssh's Suggests: line more accurate. Also closing related bugs fixed earlier, when default ssh-askpass moved to /usr/bin. (closes: #52403, #54741, #50607, #52298, #50967, #51661) * Patched to call vhangup, with autoconf detection and all (closes: #55379) * Added --with-ipv4-default workaround to a glibc bug causing slow DNS lookups, as per UPGRADING. Use -6 to really use IPv6 addresses. (closes: #57891, #58744, #58713, #57970) * Added noenv to PAM pam_mail line. Thanks to Ben Collins. (closes: #58429) * Added the UPGRADING file to the package. * Added frozen to the changelog line and recompiled before package was installed into the archive. -- Tommi Virtanen Fri, 25 Feb 2000 22:08:57 +0200 openssh (1:1.2.2-1.1) frozen unstable; urgency=low * Non-maintainer upload. * Integrated scp pipe buffer patch from Ben Collins , should now work even if reading a pipe gives less than fstat st_blksize bytes. Should now work on Alpha and Sparc Linux (closes: #53697, #52071) * Made ssh depend on libssl09 (>= 0.9.4-3) (closes: #51393) * Integrated patch from Ben Collins to do full shadow account locking and expiration checking (closes: #58165, #51747) -- Tommi Virtanen Tue, 22 Feb 2000 20:46:12 +0200 openssh (1:1.2.2-1) frozen unstable; urgency=medium * New upstream release (closes: #56870, #56346) * built against new libesd (closes: #56805) * add Colin Watson =NULL patch (closes: #49902, #54894) * use socketpairs as suggested by Andrew Tridgell to eliminate rsync (and other) lockups * patch SSHD_PAM_SERVICE back into auth-pam.c, again :-/ (closes: #49902, #55872, #56959) * uncoment the * line in ssh_config (closes: #56444) * #54894 & #49902 are release critical, so this should go in frozen -- Philip Hands Wed, 9 Feb 2000 04:52:04 +0000 openssh (1:1.2.1pre24-1) unstable; urgency=low * New upstream release -- Philip Hands Fri, 31 Dec 1999 02:47:24 +0000 openssh (1:1.2.1pre23-1) unstable; urgency=low * New upstream release * excape ? in /etc/init.d/ssh (closes: #53269) -- Philip Hands Wed, 29 Dec 1999 16:50:46 +0000 openssh (1:1.2pre17-1) unstable; urgency=low * New upstream release -- Philip Hands Thu, 9 Dec 1999 16:50:40 +0000 openssh (1:1.2pre16-1) unstable; urgency=low * New upstream release * upstream release (1.2pre14) (closes: #50299) * make ssh depend on libwrap0 (>= 7.6-1.1) (closes: #50973, #50776) * dispose of grep -q broken pipe message in config script (closes: #50855) * add make-ssh-known-hosts (closes: #50660) * add -i option to ssh-copy-id (closes: #50657) * add check for *LK* in password, indicating a locked account -- Philip Hands Wed, 8 Dec 1999 22:59:38 +0000 openssh (1:1.2pre13-1) unstable; urgency=low * New upstream release * make sshd.c use SSHD_PAM_SERVICE and define it as "ssh" in debian/rules * remove duplicate line in /etc/pam.d/ssh (closes: #50310) * mention ssh -A option in ssh.1 & ssh_config * enable forwarding to localhost in default ssh_config (closes: #50373) * tweak preinst to deal with debconf being `unpacked' * use --with-tcp-wrappers (closes: #49545) -- Philip Hands Sat, 20 Nov 1999 14:20:04 +0000 openssh (1:1.2pre11-2) unstable; urgency=low * oops, just realised that I forgot to strip out the unpleasant fiddling mentioned below (which turned not to be a fix anyway) -- Philip Hands Mon, 15 Nov 1999 01:35:23 +0000 openssh (1:1.2pre11-1) unstable; urgency=low * New upstream release (closes: #49722) * add 2>/dev/null to dispose of spurious message casused by grep -q (closes: #49876, #49604) * fix typo in debian/control (closes: #49841) * Do some unpleasant fiddling with upgraded keys in the preinst, which should make the keylength problem go away. (closes: #49676) * make pam_start in sshd use ``ssh'' as the service name (closes: #49956) * If /etc/ssh/NOSERVER exist, stop sshd from starting (closes: #47107) * apply Ben Collins 's shadow patch * disable lastlogin and motd printing if using pam (closes: #49957) * add ssh-copy-id script and manpage -- Philip Hands Fri, 12 Nov 1999 01:03:38 +0000 openssh (1:1.2pre9-1) unstable; urgency=low * New upstream release * apply Chip Salzenberg 's SO_REUSEADDR patch to channels.c, to make forwarded ports instantly reusable * replace Pre-Depend: debconf with some check code in preinst * make the ssh-add ssh-askpass failure message more helpful * fix the ssh-agent getopts bug (closes: #49426) * fixed typo on Suggests: line (closes: #49704, #49571) * tidy up ssh package description (closes: #49642) * make ssh suid (closes: #49635) * in preinst upgrade code, ensure ssh_host_keys is mode 600 (closes: #49606) * disable agent forwarding by default, for the similar reasons as X forwarding (closes: #49586) -- Philip Hands Tue, 9 Nov 1999 09:57:47 +0000 openssh (1:1.2pre7-4) unstable; urgency=low * predepend on debconf (>= 0.2.17) should now allow preinst questions -- Philip Hands Sat, 6 Nov 1999 10:31:06 +0000 openssh (1:1.2pre7-3) unstable; urgency=low * add ssh-askpass package using Tommi Virtanen's perl-tk script * add ssh-preconfig package cludge * add usage hints to ssh-agent.1 -- Philip Hands Fri, 5 Nov 1999 00:38:33 +0000 openssh (1:1.2pre7-2) unstable; urgency=low * use pam patch from Ben Collins * add slogin symlink to Makefile.in * change /usr/bin/login to LOGIN_PROGRAM define of /bin/login * sort out debconf usage * patch from Tommi Virtanen 's makes ssh-add use ssh-askpass -- Philip Hands Thu, 4 Nov 1999 11:08:54 +0000 openssh (1:1.2pre7-1) unstable; urgency=low * New upstream release -- Philip Hands Tue, 2 Nov 1999 21:02:37 +0000 openssh (1:1.2.0.pre6db1-2) unstable; urgency=low * change the binary package name to ssh (the non-free branch of ssh has been renamed to ssh-nonfree) * make pam file comply with Debian standards * use an epoch to make sure openssh supercedes ssh-nonfree -- Philip Hands Sat, 30 Oct 1999 16:26:05 +0100 openssh (1.2pre6db1-1) unstable; urgency=low * New upstream source * sshd accepts logins now! -- Dan Brosemer Fri, 29 Oct 1999 11:13:38 -0500 openssh (1.2.0.19991028-1) unstable; urgency=low * New upstream source * Added test for -lnsl to configure script -- Dan Brosemer Thu, 28 Oct 1999 18:52:09 -0500 openssh (1.2.0.19991027-3) unstable; urgency=low * Initial release -- Dan Brosemer Wed, 27 Oct 1999 19:39:46 -0500 Local variables: mode: debian-changelog End: