1. 20 Oct, 2018 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 72b1d308
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2018-10-20
      
      Patch-Name: gssapi.patch
      72b1d308
  2. 24 Aug, 2018 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · e6c7c11a
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2018-08-24
      
      Patch-Name: gssapi.patch
      e6c7c11a
  3. 03 Apr, 2018 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · cb427e23
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2017-10-04
      
      Patch-Name: gssapi.patch
      cb427e23
  4. 04 Oct, 2017 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 4e704909
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2017-10-04
      
      Patch-Name: gssapi.patch
      4e704909
  5. 29 Mar, 2017 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · d51c7ac3
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2017-01-16
      
      Patch-Name: gssapi.patch
      d51c7ac3
  6. 16 Jan, 2017 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 48fbb156
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2017-01-16
      
      Patch-Name: gssapi.patch
      48fbb156
  7. 28 Dec, 2016 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 40ab38b3
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-12-28
      
      Patch-Name: gssapi.patch
      40ab38b3
  8. 23 Dec, 2016 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 9f717de1
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-08-07
      
      Patch-Name: gssapi.patch
      9f717de1
  9. 07 Aug, 2016 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · eecddf8b
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-08-07
      
      Patch-Name: gssapi.patch
      eecddf8b
  10. 21 Mar, 2016 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 8c27af53
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-03-21
      
      Patch-Name: gssapi.patch
      8c27af53
  11. 10 Mar, 2016 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 6dfd41bb
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-01-04
      
      Patch-Name: gssapi.patch
      6dfd41bb
  12. 29 Feb, 2016 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 374db175
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-01-04
      
      Patch-Name: gssapi.patch
      374db175
  13. 14 Jan, 2016 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 6a0a4b2f
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-01-04
      
      Patch-Name: gssapi.patch
      6a0a4b2f
  14. 04 Jan, 2016 2 commits
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 48424483
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-01-04
      
      Patch-Name: gssapi.patch
      48424483
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · d6cfd64e
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2016-01-04
      
      Patch-Name: gssapi.patch
      d6cfd64e
  15. 29 Nov, 2015 2 commits
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 09c4d9b7
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2015-11-29
      
      Patch-Name: gssapi.patch
      09c4d9b7
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 233e7823
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2015-11-29
      
      Patch-Name: gssapi.patch
      233e7823
  16. 17 Sep, 2015 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 70b18066
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2015-09-17
      
      Patch-Name: gssapi.patch
      70b18066
  17. 19 Aug, 2015 2 commits
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 5d3dc7ea
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2015-08-19
      
      Patch-Name: gssapi.patch
      5d3dc7ea
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 06879e71
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2015-08-19
      
      Patch-Name: gssapi.patch
      06879e71
  18. 07 Oct, 2014 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 1c1b6fa1
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2014-10-07
      
      Patch-Name: gssapi.patch
      1c1b6fa1
  19. 20 Mar, 2014 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 9dfcd1a0
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2014-03-19
      
      Patch-Name: gssapi.patch
      9dfcd1a0
  20. 19 Mar, 2014 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 429c595d
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2014-03-19
      
      Patch-Name: gssapi.patch
      429c595d
  21. 10 Feb, 2014 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · cd404114
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2014-02-10
      
      Patch-Name: gssapi.patch
      cd404114
  22. 09 Feb, 2014 1 commit
    • Simon Wilkinson's avatar
      GSSAPI key exchange support · 950be7e1
      Simon Wilkinson authored
      This patch has been rejected upstream: "None of the OpenSSH developers are
      in favour of adding this, and this situation has not changed for several
      years.  This is not a slight on Simon's patch, which is of fine quality, but
      just that a) we don't trust GSSAPI implementations that much and b) we don't
      like adding new KEX since they are pre-auth attack surface.  This one is
      particularly scary, since it requires hooks out to typically root-owned
      system resources."
      
      However, quite a lot of people rely on this in Debian, and it's better to
      have it merged into the main openssh package rather than having separate
      -krb5 packages (as we used to have).  It seems to have a generally good
      security history.
      
      Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
      Last-Updated: 2013-11-09
      
      Patch-Name: gssapi.patch
      950be7e1
  23. 24 Jan, 2011 1 commit