openssh (1:3.4p1-1.woody.3) stable-security; urgency=high * NMU by the security team. * Apply additional realloc fixes from Solar Designer * Apply double-free fix, taken from OpenBSD CVS -- Wichert Akkerman Fri, 19 Sep 2003 08:00:44 +0000 openssh (1:3.4p1-1.woody.2) stable-security; urgency=high * NMU by the security team. * SECURITY: Additional buffer handling patches from OpenSSH upstream (additional patches to buffer.c and new patch to channels.c) * Merge upstream patch to ssh-keysign that prevents freed memory reuse. Pulls in -1.woody.1 -- Michael Stone Tue, 16 Sep 2003 20:45:35 -0400 openssh (1:3.4p1-1.1) stable-security; urgency=high * NMU by the security team. * Merge patch from OpenBSD to fix a security problem in buffer handling CAN-2003-0693 -- Wichert Akkerman Tue, 16 Sep 2003 13:06:31 +0200 openssh (1:3.4p1-1) testing; urgency=high * Extend my tendrils back into this package (Closes: #150915, #151098) * thanks to the security team for their work * no thanks to ISS/Theo de Raadt for their handling of these bugs * save old sshd_configs to sshd_config.dpkg-old when auto-generating a new one * tell/ask the user about PriviledgeSeparation * /etc/init.d/ssh run will now create the chroot empty dir if necessary * Remove our previous statoverride on /usr/bin/ssh (only for people upgrading from a version where we'd put one in ourselves!) * Stop slandering Russia, since someone asked so nicely (Closes: #148951) * Reduce the sleep time in /etc/init.d/ssh during a restart -- Matthew Vernon Fri, 28 Jun 2002 15:52:10 +0100 openssh (1:3.4p1-0.0woody1) testing-security; urgency=high * NMU by the security team. * New upstream version -- Michael Stone Wed, 26 Jun 2002 15:40:38 -0400 openssh (1:3.3p1-0.0woody4) testing-security; urgency=high * NMU by the security team. * fix error when /etc/ssh/sshd_config exists on new install * check that user doesn't exist before running adduser * use openssl internal random unconditionally -- Michael Stone Tue, 25 Jun 2002 19:44:39 -0400 openssh (1:3.3p1-0.0woody3) testing-security; urgency=high * NMU by the security team. * use correct home directory when sshd user is created -- Michael Stone Tue, 25 Jun 2002 08:59:50 -0400 openssh (1:3.3p1-0.0woody2) testing-security; urgency=high * NMU by the security team. * Fix rsa1 key creation (Closes: #150949) * don't fail if sshd user removal fails * depends: on adduser (Closes: #150907) -- Michael Stone Tue, 25 Jun 2002 08:59:50 -0400 openssh (1:3.3p1-0.0woody1) testing-security; urgency=high * NMU by the security team. * New upstream version. - Enable privilege separation by default. * Include patch from Solar Designer for privilege separation and compression on 2.2.x kernels. * Remove --disable-suid-ssh from configure. * Support setuid ssh-keysign binary instead of setuid ssh client. * Check sshd configuration before restarting. -- Daniel Jacobowitz Mon, 24 Jun 2002 13:43:44 -0400 openssh (1:3.0.2p1-9) unstable; urgency=high * Thanks to those who NMUd * The only change in this version is to debian/control - I've removed the bit that says you can't export it from the US - it would look pretty daft to say this about a package in main! Also, it's now OK to use crypto in France, so I've edited that comment slightly * Correct a path in README.Debian too (Closes: #138634) -- Matthew Vernon Sun, 4 Apr 2002 09:52:59 +0100 openssh (1:3.0.2p1-8.3) unstable; urgency=medium * NMU * Really set urgency to medium this time (oops) * Fix priority to standard per override while I'm at it -- Aaron M. Ucko Sun, 24 Mar 2002 09:00:08 -0500 openssh (1:3.0.2p1-8.2) unstable; urgency=low * NMU with maintainer's permission * Prepare for upcoming ssh-nonfree transitional packages per * Urgency medium because it would really be good to get this into woody before it releases * Fix sections to match override file * Reissued due to clash with non-US -> main move -- Aaron M. Ucko Sat, 23 Mar 2002 21:21:52 -0500 openssh (1:3.0.2p1-8.1) unstable; urgency=low * NMU * Move from non-US to mani -- LaMont Jones Thu, 21 Mar 2002 09:33:50 -0700 openssh (1:3.0.2p1-8) unstable; urgency=critical * Security fix - patch from upstream (Closes: #137209, #137210) * Undo the changes in the unreleased -7, since they appear to break things here. Accordingly, the code change is minimal, and I'm happy to get it into testing ASAP -- Matthew Vernon Thu, 7 Mar 2002 14:25:23 +0000 openssh (1:3.0.2p1-7) unstable; urgency=high * Build to support IPv6 and IPv4 by default again -- Matthew Vernon Sat, 2 Mar 2002 00:25:05 +0000 openssh (1:3.0.2p1-6) unstable; urgency=high * Correct error in the clean target (Closes: #130868) -- Matthew Vernon Sat, 26 Jan 2002 00:32:00 +0000 openssh (1:3.0.2p1-5) unstable; urgency=medium * Include the Debian version in our identification, to make it easier to audit networks for patched versions in future -- Matthew Vernon Mon, 21 Jan 2002 17:16:10 +0000 openssh (1:3.0.2p1-4) unstable; urgency=medium * If we're asked to not run sshd, stop any running sshd's first (Closes: #129327) -- Matthew Vernon Wed, 16 Jan 2002 21:24:16 +0000 openssh (1:3.0.2p1-3) unstable; urgency=high * Fix /etc/pam.d/ssh to not set $MAIL (Closes: #128913) * Remove extra debconf suggestion (Closes: #128094) * Mmm. speedy bug-fixing :-) -- Matthew Vernon Sat, 12 Jan 2002 17:23:58 +0000 openssh (1:3.0.2p1-2) unstable; urgency=high * Fix postinst to not automatically overwrite sshd_config (!) (Closes: #127842, #127867) * Add section in README.Debian about the PermitRootLogin setting -- Matthew Vernon Sat, 5 Jan 2003 05:26:30 +0000 openssh (1:3.0.2p1-1) unstable; urgency=high * Incorporate fix from Colin's NMU * New upstream version (fixes the bug Wichert fixed) (Closes: #124035) * Capitalise IETF (Closes: #125379) * Refer to the correct sftp-server location (Closes: #126854, #126224) * Do what we're asked re SetUID ssh (Closes: #124065, #124154, #123247) * Ask people upgrading from potato if they want a new conffile (Closes: #125642) * Fix a typo in postinst (Closes: #122192, #122410, #123440) * Frob the default config a little (Closes: #122284, #125827, #125696, #123854) * Make /etc/init.d/ssh be more clear about ssh not running (Closes: #123552) * Fix typo in templates file (Closes: #123411) -- Matthew Vernon Fri, 4 Jan 2002 16:01:52 +0000 openssh (1:3.0.1p1-1.2) unstable; urgency=high * Non-maintainer upload * Prevent local users from passing environment variables to the login process when UseLogin is enabled -- Wichert Akkerman Mon, 3 Dec 2001 19:34:45 +0100 openssh (1:3.0.1p1-1.1) unstable; urgency=low * Non-maintainer upload, at Matthew's request. * Remove sa_restorer assignment to fix compilation on alpha, hppa, and ia64 (closes: #122086). -- Colin Watson Sun, 2 Dec 2001 18:54:16 +0000 openssh (1:3.0.1p1-1) unstable; urgency=high * New upstream version (Closes: #113646, #113513, #114707, #118564) * Building with a libc that works (!) (Closes: #115228) * Patches forward-ported are -1/-2 options for scp, the improvement to 'waiting for forwarded connections to terminate...' * Fix /etc/init.d/ssh to stop sshd properly (Closes: #115228) * /etc/ssh/sshd_config is no longer a conffile but generated in the postinst * Remove suidregister leftover from postrm * Mention key we are making in the postinst * Default to not enable SSH protocol 1 support, since protocol 2 is much safer anyway. * New version of the vpn-fixes patch, from Ian Jackson * New handling of -q, and added new -qq option; thanks to Jon Amery * Experimental smartcard support not enabled, since I have no way of testing it. -- Matthew Vernon Thu, 28 Nov 2001 17:43:01 +0000 openssh (1:2.9p2-6) unstable; urgency=low * check for correct file in /etc/init.d/ssh (Closes: #110876) * correct location of version 2 keys in ssh.1 (Closes: #110439) * call update-alternatives --quiet (Closes: #103314) * hack ssh-copy-id to chmod go-w (Closes: #95551) * TEMPORARY fix to provide largefile support using a -D in the cflags line. long-term, upstream will patch the autoconf stuff (Closes: #106809, #111849) * remove /etc/rc references in ssh-keygen.1 (Closes: #68350) * scp.1 patch from Adam McKenna to document -r properly (Closes: #76054) * Check for files containing a newline character (Closes: #111692) -- Matthew Vernon Thu, 13 Sep 2001 16:47:36 +0100 openssh (1:2.9p2-5) unstable; urgency=high * Thanks to all the bug-fixers who helped! * remove sa_restorer assignment (Closes: #102837) * patch from Peter Benie to DTRT wrt X forwarding if the server refuses us access (Closes: #48297) * patch from upstream CVS to fix port forwarding (Closes: #107132) * patch from Jonathan Amery to document ssh-keygen behaviour (Closes:#106643, #107512) * patch to postinst from Jonathan Amery (Closes: #106411) * patch to manpage from Jonathan Amery (Closes: #107364) * patch from Matthew Vernon to make -q emit fatal errors as that is the documented behaviour (Closes: #64347) * patch from Ian Jackson to cause us to destroy a file when we scp it onto itself, rather than dumping bits of our memory into it, which was a security hole (see #51955) * patch from Jonathan Amery to document lack of Kerberos support (Closes: #103726) * patch from Matthew Vernon to make the 'waiting for connections to terminate' message more helpful (Closes: #50308) -- Matthew Vernon Thu, 23 Aug 2001 02:14:09 +0100 openssh (1:2.9p2-4) unstable; urgency=high * Today's build of ssh is strawberry flavoured * Patch from mhp to reduce length of time sshd is stopped for (Closes: #106176) * Tidy up debconf template (Closes: #106152) * If called non-setuid, then setgid()'s failure should not be fatal (see #105854) -- Matthew Vernon Sun, 22 Jul 2001 14:19:43 +0100 openssh (1:2.9p2-3) unstable; urgency=low * Patch from yours truly to add -1 and -2 options to scp (Closes: #106061) * Improve the IdentityFile section in the man page (Closes: #106038) -- Matthew Vernon Sat, 21 Jul 2001 14:47:27 +0100 openssh (1:2.9p2-2) unstable; urgency=low * Document the protocol version 2 and IPV6 changes (Closes: #105845, #105868) * Make PrintLastLog 'no' by default (Closes: #105893) -- Matthew Vernon Thu, 19 Jul 2001 18:36:41 +0100 openssh (1:2.9p2-1) unstable; urgency=low * new (several..) upstream version (Closes: #96726, #81856, #96335) * Hopefully, this will close some other bugs too -- Matthew Vernon Tue, 17 Jul 2001 19:41:58 +0100 openssh (1:2.5.2p2-3) unstable; urgency=low * Taking Over this package * Patches from Robert Bihlmeyer for the Hurd (Closes: #102991) * Put PermitRootLogin back to yes (Closes: #67334, #67371, #78274) * Don't fiddle with conf-files any more (Closes: #69501) -- Matthew Vernon Tue, 03 Jul 2001 02:58:13 +0100 openssh (1:2.5.2p2-2.2) unstable; urgency=low * NMU * Include Hurd compatibility patches from Robert Bihlmeyer (Closes: #76033) * Patch from Richard Kettlewell for protocolkeepalives (Closes: #99273) * Patch from Matthew Vernon for BannerTimeOut, batchmode, and documentation for protocolkeepalives. Makes ssh more generally useful for scripting uses (Closes: #82877, #99275) * Set a umask, so ourpidfile isn't world-writable (closes: #100012, #98286, #97391) -- Matthew Vernon Thu, 28 Jun 2001 23:15:42 +0100 openssh (1:2.5.2p2-2.1) unstable; urgency=low * NMU * Remove duplicate Build-Depends for libssl096-dev and change it to depend on libssl-dev instaed. Also adding in virtual | real package style build-deps. (Closes: #93793, #75228) * Removing add-log entry (Closes: #79266) * This was a pam bug from a while back (Closes: #86908, #88457, #86843) * pam build-dep already exists (Closes: #93683) * libgnome-dev build-dep already exists (Closes: #93694) * No longer in non-free (Closes: #85401) * Adding in fr debconf translations (Closes: #83783) * Already suggests xbase-clients (Closes: #79741) * No need to suggest libpam-pwdb anymore (Closes: #81658) * Providing rsh-client (Closes: #79437) * hurd patch was already applied (Closes: #76033) * default set to no (Closes: #73682) * Adding in a suggests for dnsutils (Closes: #93265) * postinst bugs fixed (Closes: #88057, #88066, #88196, #88405, #88612) (Closes: #88774, #88196, #89556, #90123, #90228, #90833, #87814, #85465) * Adding in debconf dependency -- Ivan E. Moore II Mon, 16 Apr 2001 14:11:04 +0100 openssh (1:2.5.2p2-2) unstable; urgency=high * disable the OpenSSL version check in entropy.c (closes: #93581, #93588, #93590, #93614, #93619, #93635, #93648) -- Philip Hands Wed, 11 Apr 2001 20:30:04 +0100 openssh (1:2.5.2p2-1) unstable; urgency=low * New upstream release * removed make-ssh-known-hosts, since ssh-keyscan does that job (closes: #86069, #87748) * fix double space indent in german templates (closes: #89493) * make postinst check for ssh_host_rsa_key * get rid of the last of the misguided debian/rules NMU debris :-/ -- Philip Hands Sat, 24 Mar 2001 20:59:33 +0000 openssh (1:2.5.1p2-2) unstable; urgency=low * rebuild with new debhelper (closes: #89558, #89536, #90225) * fix broken dpkg-statoverride test in postinst (closes: #89612, #90474, #90460, #89605) * NMU bug fixed but not closed in last upload (closes: #88206) -- Philip Hands Fri, 23 Mar 2001 16:11:33 +0000 openssh (1:2.5.1p2-1) unstable; urgency=high * New upstream release * fix typo in postinst (closes: #88110) * revert to setting PAM service name in debian/rules, backing out last NMU, which also (closes: #88101) * restore the pam lastlog/motd lines, lost during the NMUs, and sshd_config * restore printlastlog option patch * revert to using debhelper, which had been partially disabled in NMUs -- Philip Hands Tue, 13 Mar 2001 01:41:34 +0000 openssh (1:2.5.1p1-1.8) unstable; urgency=high * And now the old pam-bug s/sshd/ssh in ssh.c is also fixed -- Christian Kurz Thu, 1 Mar 2001 19:48:01 +0100 openssh (1:2.5.1p1-1.7) unstable; urgency=high * And now we mark the correct binary as setuid, when a user requested to install it setuid. -- Christian Kurz Thu, 1 Mar 2001 07:19:56 +0100 openssh (1:2.5.1p1-1.6) unstable; urgency=high * Fixes postinst to handle overrides that are already there. Damn, I should have noticed the bug earlier. -- Christian Kurz Wed, 28 Feb 2001 22:35:00 +0100 openssh (1:2.5.1p1-1.5) unstable; urgency=high * Rebuild ssh with pam-support. -- Christian Kurz Mon, 26 Feb 2001 21:55:51 +0100 openssh (1:2.5.1p1-1.4) unstable; urgency=low * Added Build-Depends on libssl096-dev. * Fixed sshd_config file to disallow root logins again. -- Christian Kurz Sun, 25 Feb 2001 20:03:55 +0100 openssh (1:2.5.1p1-1.3) unstable; urgency=low * Fixed missing manpages for sftp.1 and ssh-keyscan.1 * Made package policy 3.5.2 compliant. -- Christian Kurz Sun, 25 Feb 2001 15:46:26 +0100 openssh (1:2.5.1p1-1.2) unstable; urgency=low * Added Conflict with sftp, since we now provide our own sftp-client. * Added a fix for our broken dpkg-statoverride call in the 2.3.0p1-13. * Fixed some config pathes in the comments of sshd_config. * Removed ssh-key-exchange-vulnerability-patch since it's not needed anymore because upstream included the fix. -- Christian Kurz Sun, 25 Feb 2001 13:46:58 +0100 openssh (1:2.5.1p1-1.1) unstable; urgency=high * Another NMU to get the new upstream version 2.5.1p1 into unstable. (Closes: #87123) * Corrected postinst to mark ssh as setuid. (Closes: #86391, #85766) * Key Exchange patch is already included by upstream. (Closes: #86015) * Upgrading should be possible now. (Closes: #85525, #85523) * Added --disable-suid-ssh as compile option, so ssh won't get installed suid per default. * Fixed postinst to run dpkg-statoverride only, when dpkg-statoverride is available and the mode of the binary should be 4755. And also added suggestion for a newer dpkg. (Closes: #85734, #85741, #86876) * sftp and ssh-keyscan will also be included from now on. (Closes: #79994) * scp now understands spaces in filenames (Closes: #53783, #58958, #66723) * ssh-keygen now supports showing DSA fingerprints. (Closes: #68623) * ssh doesn' t show motd anymore when switch -t is used. (Closes #69035) * ssh supports the usage of other dsa keys via the ssh command line options. (Closes: #81250) * Documentation in sshd_config fixed. (Closes: #81088) * primes file included by upstream and included now. (Closes: #82101) * scp now allows dots in the username. (Closes: #82477) * Spelling error in ssh-copy-id.1 corrected by upstream. (Closes: #78124) -- Christian Kurz Sun, 25 Feb 2001 10:06:08 +0100 openssh (1:2.3.0p1-1.13) unstable; urgency=low * Config should now also be fixed with this hopefully last NMU. -- Christian Kurz Sat, 10 Feb 2001 22:56:36 +0100 openssh (1:2.3.0p1-1.12) unstable; urgency=high * Added suggest for xbase-clients to control-file. (Closes #85227) * Applied patch from Markus Friedl to fix a vulnerability in the rsa keyexchange. * Fixed position of horizontal line. (Closes: #83613) * Fixed hopefully the grep problem in the config-file. (Closes: #78802) * Converted package from suidregister to dpkg-statoverride. -- Christian Kurz Fri, 9 Feb 2001 19:43:55 +0100 openssh (1:2.3.0p1-1.11) unstable; urgency=medium * Fixed some typos in the german translation of the debconf template. -- Christian Kurz Wed, 24 Jan 2001 18:22:38 +0100 openssh (1:2.3.0p1-1.10) unstable; urgency=medium * Fixed double printing of motd. (Closes: #82618) -- Christian Kurz Tue, 23 Jan 2001 21:03:43 +0100 openssh (1:2.3.0p1-1.9) unstable; urgency=high * And the next NMU which includes the patch from Andrew Bartlett and Markus Friedl to fix the root privileges handling of openssh. (Closes: #82657) -- Christian Kurz Wed, 17 Jan 2001 22:20:54 +0100 openssh (1:2.3.0p1-1.8) unstable; urgency=high * Applied fix from Ryan Murray to allow building on other architectures since the hurd patch was wrong. (Closes: #82471) -- Christian Kurz Tue, 16 Jan 2001 22:45:51 +0100 openssh (1:2.3.0p1-1.7) unstable; urgency=medium * Fixed another typo on sshd_config -- Christian Kurz Sun, 14 Jan 2001 19:01:31 +0100 openssh (1:2.3.0p1-1.6) unstable; urgency=high * Added Build-Dependency on groff (Closes: #81886) * Added Build-Depencency on debhelper (Closes: #82072) * Fixed entry for known_hosts in sshd_config (Closes: #82096) -- Christian Kurz Thu, 11 Jan 2001 23:08:16 +0100 openssh (1:2.3.0p1-1.5) unstable; urgency=high * Fixed now also the problem with sshd used as default ipv4 and didn't use IPv6. This should be now fixed. -- Christian Kurz Thu, 11 Jan 2001 21:25:55 +0100 openssh (1:2.3.0p1-1.4) unstable; urgency=high * Fixed buggy entry in postinst. -- Christian Kurz Wed, 10 Jan 2001 23:12:16 +0100 openssh (1:2.3.0p1-1.3) unstable; urgency=high * After finishing the rewrite of the rules-file I had to notice that the manpage installation was broken. This should now work again. -- Christian Kurz Wed, 10 Jan 2001 22:11:59 +0100 openssh (1:2.3.0p1-1.2) unstable; urgency=high * Fixed the screwed up build-dependency. * Removed --with-ipv4-default to support ipv6. * Changed makefile to use /etc/pam.d/ssh instead of /etc/pam.d/sshd. * Fixed location to sftp-server in config. * Since debian still relies on /etc/pam.d/ssh instead of moving to /etc/pam.d/sshd, I had to hack ssh.h to get ssh to use this name. * Fixed path to host key in sshd_config. -- Christian Kurz Wed, 10 Jan 2001 08:23:47 +0100 openssh (1:2.3.0p1-1.1) unstable; urgency=medium * NMU with permission of Phil Hands. * New upstream release * Update Build-Depends to point to new libssl096. * This upstream release doesn't leak any information depending on the setting of PermitRootLogin (Closes: #59933) * New upstream release contains fix against forcing a client to do X/agent forwarding (Closes: #76788) * Changed template to contain correct path to the documentation (Closes: #67245) * Added --with-4in6 switch as compile option into debian/rules. * Added --with-ipv4-default as compile option into debian/rules. (Closes: #75037) * Changed default path to also contain /usr/local/bin and /usr/X11R6/bin (Closes: #62472,#54567,#62810) * Changed path to sftp-server in sshd_config to match the our package (Closes: #68347) * Replaced OpenBSDh with OpenBSD in the init-script. * Changed location to original source in copyright.head * Changed behaviour of init-script when invoked with the option restart (Closes: #68706,#72560) * Added a note about -L option of scp to README.Debian * ssh won't print now the motd if invoked with -t option (Closes: #59933) * RFC.nroff.gz get's now converted into RFC.gz. (Closes: #63867) * Added a note about tcp-wrapper support to README.Debian (Closes: #72807,#22190) * Removed two unneeded options from building process. * Added sshd.pam into debian dir and install it. * Commented out unnecessary call to dh_installinfo. * Added a line to sshd.pam so that limits will be paid attention to (Closes: #66904) * Restart Option has a Timeout of 10 seconds (Closes: 51264) * scp won't override files anymore (Closes: 51955) * Removed pam_lastlog module, so that the lastlog is now printed only once (Closes: #71742, #68335, #69592, #71495, #77781) * If password is expired, openssh now forces the user to change it. (Closes: #51747) * scp should now have no more problems with shell-init-files that produces ouput (Closes: #56280,#59873) * ssh now prints the motd correctly (Closes: #66926) * ssh upgrade should disable ssh daemon only if users has choosen to do so (Closes: #67478) * ssh can now be installed suid (Closes: #70879) * Modified debian/rules to support hurd. -- Christian Kurz Wed, 27 Dec 2000 20:06:57 +0100 openssh (1:2.2.0p1-1.1) unstable; urgency=medium * Non-Maintainer Upload * Check for new returns in the new libc (closes: #72803, #74393, #72797, #71307, #71702) * Link against libssl095a (closes: #66304) * Correct check for PermitRootLogin (closes: #69448) -- Ryan Murray Wed, 18 Oct 2000 00:48:18 -0700 openssh (1:2.2.0p1-1) unstable; urgency=low * New upstream release -- Philip Hands Mon, 11 Sep 2000 14:49:43 +0100 openssh (1:2.1.1p4-3) unstable; urgency=low * add rsh alternatives * add -S option to scp (using Tommi Virtanen's patch) (closes: #63097) * do the IPV4_DEFAULT thing properly this time -- Philip Hands Fri, 11 Aug 2000 18:14:37 +0100 openssh (1:2.1.1p4-2) unstable; urgency=low * reinstate manpage .out patch from 1:1.2.3 * fix typo in postinst * only compile ssh with IPV4_DEFAULT * apply James Troup's patch to add a -o option to scp and updated manpage -- Philip Hands Sun, 30 Jul 2000 00:12:49 +0100 openssh (1:2.1.1p4-1) unstable; urgency=low * New upstream release -- Philip Hands Sat, 29 Jul 2000 14:46:16 +0100 openssh (1:1.2.3-10) unstable; urgency=low * add version to libpam-modules dependency, because old versions of pam_motd make it impossible to log in. -- Philip Hands Sat, 29 Jul 2000 13:28:22 +0100 openssh (1:1.2.3-9) frozen unstable; urgency=low * force location of /usr/bin/X11/xauth (closes: #64424, #66437, #66859) *RC* * typos in config (closes: #66779, #66780) * sshd_not_to_be_run could be assumed to be true, in error, if the config script died in an unusual way --- I've reversed this (closes: #66335) * Apply Zack Weinberg 's patch to ssh-askpass-ptk (closes: #65981) * change default for PermitRootLogin to "no" (closes: #66406) -- Philip Hands Tue, 11 Jul 2000 20:51:18 +0100 openssh (1:1.2.3-8) frozen unstable; urgency=low * get rid of Provides: rsh-server (this will mean that rstartd will need to change it's depends to deal with #63948, which I'm reopening) (closes: #66257) Given that this is also a trivial change, and is a reversal of a change that was mistakenly made after the freeze, I think this should also go into frozen. -- Philip Hands Wed, 28 Jun 2000 03:26:30 +0100 openssh (1:1.2.3-7) frozen unstable; urgency=low * check if debconf is installed before calling db_stop in postinst. This is required to allow ssh to be installed when debconf is not wanted, which probably makes it an RC upload (hopefully the last of too many). -- Philip Hands Wed, 28 Jun 2000 03:19:47 +0100 openssh (1:1.2.3-6) frozen unstable; urgency=low * fixed depressing little bug involving a line wrap looking like a blank line in the templates file *RC* (closes: #66090, #66078, #66083, #66182) -- Philip Hands Mon, 26 Jun 2000 00:45:05 +0100 openssh (1:1.2.3-5) frozen unstable; urgency=low * add code to prevent UseLogin exploit, although I think our PAM conditional code breaks UseLogin in a way that protects us from this exploit anyway. ;-) (closes: #65495) *RC* * Apply Zack Weinberg 's patch to fix keyboard grab vulnerability in ssh-askpass-gnome (closes: #64795) *RC* * stop redirection of sshd's file descriptors (introduced in 1:1.2.3-3) and use db_stop in the postinst to solve that problem instead (closes: #65104) * add Provides: rsh-server to ssh (closes: #63948) * provide config option not to run sshd -- Philip Hands Mon, 12 Jun 2000 23:05:11 +0100 openssh (1:1.2.3-4) frozen unstable; urgency=low * fixes #63436 which is *RC* * add 10 second pause in init.d restart (closes: #63844) * get rid of noenv in PAM mail line (closes: #63856) * fix host key path in make-ssh-known-hosts (closes: #63713) * change wording of SUID template (closes: #62788, #63436) -- Philip Hands Sat, 27 May 2000 11:18:06 +0100 openssh (1:1.2.3-3) frozen unstable; urgency=low * redirect sshd's file descriptors to /dev/null in init to prevent debconf from locking up during installation ** grave bug just submited by me ** -- Philip Hands Thu, 20 Apr 2000 17:10:59 +0100 openssh (1:1.2.3-2) frozen unstable; urgency=low * allow user to select SUID status of /usr/bin/ssh (closes: 62462) ** RC ** * suggest debconf * conflict with debconf{,-tiny} (<<0.2.17) so I can clean up the preinst -- Philip Hands Wed, 19 Apr 2000 17:49:15 +0100 openssh (1:1.2.3-1) frozen unstable; urgency=low * New upstream release * patch sshd to create extra xauth key required for localhost (closes: #49944) *** RC *** * FallbacktoRsh now defaults to ``no'' to match impression given in sshd_config * stop setting suid bit on ssh (closes: #58711, #58558) This breaks Rhosts authentication (which nobody uses) and allows the LD_PRELOAD trick to get socks working, so seems like a net benefit. -- Philip Hands Thu, 13 Apr 2000 20:01:54 +0100 openssh (1:1.2.2-1.4) frozen unstable; urgency=low * Recompile for frozen, contains fix for RC bug. -- Tommi Virtanen Tue, 29 Feb 2000 22:14:58 +0200 openssh (1:1.2.2-1.3) unstable; urgency=low * Integrated man page addition for PrintLastLog. This bug was filed on "openssh", and I ended up creating my own patch for this (closes: #59054) * Improved error message when ssh_exchange_identification gets EOF (closes: #58904) * Fixed typo (your -> you're) in debian/preinst. * Added else-clauses to config to make this upgradepath possible: oldssh -> openssh preinst fails due to upgrade_to_openssh=false -> ssh-nonfree -> openssh. Without these, debconf remembered the old answer, config didn't force asking it, and preinst always aborted (closes: #56596, #57782) * Moved setting upgrade_to_openssh isdefault flag to the place where preinst would abort. This means no double question to most users, people who currently suffer from "can't upgrade" may need to run apt-get install ssh twice. Did not do the same for use_old_init_script, as the situation is a bit different, and less common (closes: #54010, #56224) * Check for existance of ssh-keygen before attempting to use it in preinst, added warning for non-existant ssh-keygen in config. This happens when the old ssh is removed (say, due to ssh-nonfree getting installed). -- Tommi Virtanen Sun, 27 Feb 2000 21:36:43 +0200 openssh (1:1.2.2-1.2) frozen unstable; urgency=low * Non-maintainer upload. * Added configuration option PrintLastLog, default off due to PAM (closes: #54007, #55042) * ssh-askpass-{gnome,ptk} now provide ssh-askpass, making ssh's Suggests: line more accurate. Also closing related bugs fixed earlier, when default ssh-askpass moved to /usr/bin. (closes: #52403, #54741, #50607, #52298, #50967, #51661) * Patched to call vhangup, with autoconf detection and all (closes: #55379) * Added --with-ipv4-default workaround to a glibc bug causing slow DNS lookups, as per UPGRADING. Use -6 to really use IPv6 addresses. (closes: #57891, #58744, #58713, #57970) * Added noenv to PAM pam_mail line. Thanks to Ben Collins. (closes: #58429) * Added the UPGRADING file to the package. * Added frozen to the changelog line and recompiled before package was installed into the archive. -- Tommi Virtanen Fri, 25 Feb 2000 22:08:57 +0200 openssh (1:1.2.2-1.1) frozen unstable; urgency=low * Non-maintainer upload. * Integrated scp pipe buffer patch from Ben Collins , should now work even if reading a pipe gives less than fstat st_blksize bytes. Should now work on Alpha and Sparc Linux (closes: #53697, #52071) * Made ssh depend on libssl09 (>= 0.9.4-3) (closes: #51393) * Integrated patch from Ben Collins to do full shadow account locking and expiration checking (closes: #58165, #51747) -- Tommi Virtanen Tue, 22 Feb 2000 20:46:12 +0200 openssh (1:1.2.2-1) frozen unstable; urgency=medium * New upstream release (closes: #56870, #56346) * built against new libesd (closes: #56805) * add Colin Watson =NULL patch (closes: #49902, #54894) * use socketpairs as suggested by Andrew Tridgell to eliminate rsync (and other) lockups * patch SSHD_PAM_SERVICE back into auth-pam.c, again :-/ (closes: #49902, #55872, #56959) * uncoment the * line in ssh_config (closes: #56444) * #54894 & #49902 are release critical, so this should go in frozen -- Philip Hands Wed, 9 Feb 2000 04:52:04 +0000 openssh (1:1.2.1pre24-1) unstable; urgency=low * New upstream release -- Philip Hands Fri, 31 Dec 1999 02:47:24 +0000 openssh (1:1.2.1pre23-1) unstable; urgency=low * New upstream release * excape ? in /etc/init.d/ssh (closes: #53269) -- Philip Hands Wed, 29 Dec 1999 16:50:46 +0000 openssh (1:1.2pre17-1) unstable; urgency=low * New upstream release -- Philip Hands Thu, 9 Dec 1999 16:50:40 +0000 openssh (1:1.2pre16-1) unstable; urgency=low * New upstream release * upstream release (1.2pre14) (closes: #50299) * make ssh depend on libwrap0 (>= 7.6-1.1) (closes: #50973, #50776) * dispose of grep -q broken pipe message in config script (closes: #50855) * add make-ssh-known-hosts (closes: #50660) * add -i option to ssh-copy-id (closes: #50657) * add check for *LK* in password, indicating a locked account -- Philip Hands Wed, 8 Dec 1999 22:59:38 +0000 openssh (1:1.2pre13-1) unstable; urgency=low * New upstream release * make sshd.c use SSHD_PAM_SERVICE and define it as "ssh" in debian/rules * remove duplicate line in /etc/pam.d/ssh (closes: #50310) * mention ssh -A option in ssh.1 & ssh_config * enable forwarding to localhost in default ssh_config (closes: #50373) * tweak preinst to deal with debconf being `unpacked' * use --with-tcp-wrappers (closes: #49545) -- Philip Hands Sat, 20 Nov 1999 14:20:04 +0000 openssh (1:1.2pre11-2) unstable; urgency=low * oops, just realised that I forgot to strip out the unpleasant fiddling mentioned below (which turned not to be a fix anyway) -- Philip Hands Mon, 15 Nov 1999 01:35:23 +0000 openssh (1:1.2pre11-1) unstable; urgency=low * New upstream release (closes: #49722) * add 2>/dev/null to dispose of spurious message casused by grep -q (closes: #49876, #49604) * fix typo in debian/control (closes: #49841) * Do some unpleasant fiddling with upgraded keys in the preinst, which should make the keylength problem go away. (closes: #49676) * make pam_start in sshd use ``ssh'' as the service name (closes: #49956) * If /etc/ssh/NOSERVER exist, stop sshd from starting (closes: #47107) * apply Ben Collins 's shadow patch * disable lastlogin and motd printing if using pam (closes: #49957) * add ssh-copy-id script and manpage -- Philip Hands Fri, 12 Nov 1999 01:03:38 +0000 openssh (1:1.2pre9-1) unstable; urgency=low * New upstream release * apply Chip Salzenberg 's SO_REUSEADDR patch to channels.c, to make forwarded ports instantly reusable * replace Pre-Depend: debconf with some check code in preinst * make the ssh-add ssh-askpass failure message more helpful * fix the ssh-agent getopts bug (closes: #49426) * fixed typo on Suggests: line (closes: #49704, #49571) * tidy up ssh package description (closes: #49642) * make ssh suid (closes: #49635) * in preinst upgrade code, ensure ssh_host_keys is mode 600 (closes: #49606) * disable agent forwarding by default, for the similar reasons as X forwarding (closes: #49586) -- Philip Hands Tue, 9 Nov 1999 09:57:47 +0000 openssh (1:1.2pre7-4) unstable; urgency=low * predepend on debconf (>= 0.2.17) should now allow preinst questions -- Philip Hands Sat, 6 Nov 1999 10:31:06 +0000 openssh (1:1.2pre7-3) unstable; urgency=low * add ssh-askpass package using Tommi Virtanen's perl-tk script * add ssh-preconfig package cludge * add usage hints to ssh-agent.1 -- Philip Hands Fri, 5 Nov 1999 00:38:33 +0000 openssh (1:1.2pre7-2) unstable; urgency=low * use pam patch from Ben Collins * add slogin symlink to Makefile.in * change /usr/bin/login to LOGIN_PROGRAM define of /bin/login * sort out debconf usage * patch from Tommi Virtanen 's makes ssh-add use ssh-askpass -- Philip Hands Thu, 4 Nov 1999 11:08:54 +0000 openssh (1:1.2pre7-1) unstable; urgency=low * New upstream release -- Philip Hands Tue, 2 Nov 1999 21:02:37 +0000 openssh (1:1.2.0.pre6db1-2) unstable; urgency=low * change the binary package name to ssh (the non-free branch of ssh has been renamed to ssh-nonfree) * make pam file comply with Debian standards * use an epoch to make sure openssh supercedes ssh-nonfree -- Philip Hands Sat, 30 Oct 1999 16:26:05 +0100 openssh (1.2pre6db1-1) unstable; urgency=low * New upstream source * sshd accepts logins now! -- Dan Brosemer Fri, 29 Oct 1999 11:13:38 -0500 openssh (1.2.0.19991028-1) unstable; urgency=low * New upstream source * Added test for -lnsl to configure script -- Dan Brosemer Thu, 28 Oct 1999 18:52:09 -0500 openssh (1.2.0.19991027-3) unstable; urgency=low * Initial release -- Dan Brosemer Wed, 27 Oct 1999 19:39:46 -0500 Local variables: mode: debian-changelog End: