55
|
|
|
Colin Watson |
1:5.3p1-3ubuntu1 |
14 years ago
|
|
|
53
|
|
|
Colin Watson |
1:5.3p1-1ubuntu1 |
14 years ago
|
|
|
51
|
|
|
Colin Watson |
1:5.2p1-1ubuntu1 |
14 years ago
|
|
|
43
|
|
|
Colin Watson |
1:5.1p1-3ubuntu1 |
15 years ago
|
|
|
41
|
|
|
Colin Watson |
1:5.1p1-1ubuntu1 |
15 years ago
|
|
|
27
|
|
* New upstream release (closes: #453367). - CVE-2007-4752: Prevent ssh(1) from using a trusted X11 cookie if creation of an untrusted cookie fails; found and fixed by Jan Pechanec (closes: #444738). - sshd(8) in new installations defaults to SSH Protocol 2 only. Existing installations are unchanged. - The SSH channel window size has been increased, and both ssh(1) sshd(8) now send window updates more aggressively. These improves performance on high-BDP (Bandwidth Delay Product) networks. - ssh(1) and sshd(8) now preserve MAC contexts between packets, which saves 2 hash calls per packet and results in 12-16% speedup for arcfour256/hmac-md5. - A new MAC algorithm has been added, UMAC-64 (RFC4418) as "umac-64@openssh.com". UMAC-64 has been measured to be approximately 20% faster than HMAC-MD5. - Failure to establish a ssh(1) TunnelForward is now treated as a fatal error when the ExitOnForwardFailure option is set. - ssh(1) returns a sensible exit status if the control master goes away without passing the full exit status. - When using a ProxyCommand in ssh(1), set the outgoing hostname with gethostname(2), allowing hostbased authentication to work. - Make scp(1) skip FIFOs rather than hanging (closes: #246774). - Encode non-printing characters in scp(1) filenames. These could cause copies to be aborted with a "protocol error". - Handle SIGINT in sshd(8) privilege separation child process to ensure that wtmp and lastlog records are correctly updated. - Report GSSAPI mechanism in errors, for libraries that support multiple mechanisms. - Improve documentation for ssh-add(1)'s -d option. - Rearrange and tidy GSSAPI code, removing server-only code being linked into the client. - Delay execution of ssh(1)'s LocalCommand until after all forwardings have been established. - In scp(1), do not truncate non-regular files. - Improve exit message from ControlMaster clients. - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error (closes: #365541). - pam_end() was not being called if authentication failed (closes: #405041). - Manual page datestamps updated (closes: #433181). * Install the OpenSSH FAQ in /usr/share/doc/openssh-client. - Includes documentation on copying files with colons using scp (closes: #303453). * Create /var/run/sshd on start even if /etc/ssh/sshd_not_to_be_run exists (closes: #453285). * Fix "overriden" typo in ssh(1) (thanks, A. Costa; closes: #390699). * Refactor debian/rules configure and make invocations to make development easier. * Remove the hideously old /etc/ssh/primes on upgrade (closes: #123013). * Update moduli(5) to revision 1.11 from OpenBSD CVS. * Document the non-default options we set as standard in ssh_config(5) and sshd_config(5) (closes: #327886, #345628). * Recode LICENCE to UTF-8 when concatenating it to debian/copyright. * Override desktop-file-but-no-dh_desktop-call lintian warning; the .desktop file is intentionally not installed (see 1:3.8.1p1-10). * Update copyright dates for Kerberos patch in debian/copyright.head. * Policy version 3.7.3: no changes required.
|
Colin Watson |
1:4.7p1-1 |
16 years ago
|
|
|
21
|
|
* New upstream release (closes: #395507, #397961, #420035). Important changes not previously backported to 4.3p2: - 4.4/4.4p1 (http://www.openssh.org/txt/release-4.4): + On portable OpenSSH, fix a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms. + Implemented conditional configuration in sshd_config(5) using the "Match" directive. This allows some configuration options to be selectively overridden if specific criteria (based on user, group, hostname and/or address) are met. So far a useful subset of post-authentication options are supported and more are expected to be added in future releases. + Add support for Diffie-Hellman group exchange key agreement with a final hash of SHA256. + Added a "ForceCommand" directive to sshd_config(5). Similar to the command="..." option accepted in ~/.ssh/authorized_keys, this forces the execution of the specified command regardless of what the user requested. This is very useful in conjunction with the new "Match" option. + Add a "PermitOpen" directive to sshd_config(5). This mirrors the permitopen="..." authorized_keys option, allowing fine-grained control over the port-forwardings that a user is allowed to establish. + Add optional logging of transactions to sftp-server(8). + ssh(1) will now record port numbers for hosts stored in ~/.ssh/known_hosts when a non-standard port has been requested (closes: #50612). + Add an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established. + Extend sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments. + Replacement of all integer overflow susceptible invocations of malloc(3) and realloc(3) with overflow-checking equivalents. + Many manpage fixes and improvements. + Add optional support for OpenSSL hardware accelerators (engines), enabled using the --with-ssl-engine configure option. + Tokens in configuration files may be double-quoted in order to contain spaces (closes: #319639). + Move a debug() call out of a SIGCHLD handler, fixing a hang when the session exits very quickly (closes: #307890). + Fix some incorrect buffer allocation calculations (closes: #410599). + ssh-add doesn't ask for a passphrase if key file permissions are too liberal (closes: #103677). + Likewise, ssh doesn't ask either (closes: #99675). - 4.6/4.6p1 (http://www.openssh.org/txt/release-4.6): + sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. + Fixed an inconsistent check for a terminal when displaying scp progress meter (closes: #257524). + Fix "hang on exit" when background processes are running at the time of exit on a ttyful/login session (closes: #88337). * Update to current GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-4.6p1-gsskex-20070312.patch; install ChangeLog.gssapi. * Build the .deb --with-ssl-engine (closes: #408027, LP: #119295). * Use LSB functions in init scripts, and add an LSB-style header (partly from Ubuntu and partly thanks to Christian Perrier; closes: #389038). * Move init script start links to S16, move rc1 stop link to K84, and remove rc0 and rc6 stop links altogether (the last part from Ubuntu; closes: #122188). * Emit a slightly more informative message from the init script if /dev/null has somehow become not a character device (closes: #369964). * Belatedly build-depend on zlib1g-dev (>= 1:1.2.3-1) (closes: #333447). * Merge from Ubuntu: - Build position-independent executables (only for debs, not for udebs) to take advantage of address space layout randomisation. - If building on Ubuntu, add /sbin, /usr/sbin, and /usr/local/sbin to the default path. * Use ${binary:Version} rather than ${Source-Version} in openssh-server -> openssh-client dependency.
|
Colin Watson |
1:4.6p1-1 |
16 years ago
|
|
|
16
|
|
|
Colin Watson |
1:4.3p2-5ubuntu1 |
17 years ago
|
|
|
15
|
|
|
Colin Watson |
1:4.3p2-4ubuntu1 |
17 years ago
|
|
|
14
|
|
|
Colin Watson |
1:4.3p2-2ubuntu5 |
17 years ago
|
|
|
13
|
|
|
Colin Watson |
1:4.3p2-2ubuntu4 |
17 years ago
|
|
|
12
|
|
|
Scott James Remnant |
1:4.3p2-2ubuntu3 |
17 years ago
|
|
|
11
|
|
|
Scott James Remnant |
1:4.3p2-2ubuntu2 |
17 years ago
|
|
|
10
|
|
|
Colin Watson |
1:4.3p2-2ubuntu1 |
17 years ago
|
|
|
9
|
|
|
Colin Watson |
1:4.2p1-7ubuntu3 |
17 years ago
|
|
|
8
|
|
|
Colin Watson |
1:4.2p1-7ubuntu2 |
18 years ago
|
|
|
7
|
|
|
Colin Watson |
1:4.2p1-7ubuntu1 |
18 years ago
|
|
|
6
|
|
|
Martin Pitt |
1:4.2p1-5ubuntu2 |
18 years ago
|
|
|
5
|
|
|
Colin Watson |
1:4.2p1-5ubuntu1 |
18 years ago
|
|
|
4
|
|
|
Colin Watson |
1:4.1p1-7ubuntu4 |
18 years ago
|
|
|