Add an openssh-client-ssh1 binary package for people who need to connect to outdated SSH1-only servers (closes: #807107).

author: Colin Watson <cjwatson@debian.org> 2015-12-06 23:41:31 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-12-06 23:41:31 +0000
commit: 1ce6d994a71306cc1b3778903d80993b0faeadf9 (patch)
tree: 6bd9440b1512aa3579662411a65e511df157ecc0
parent: e83912709e9904b517a4457c49dbf8e7d77abd4a (diff)
5 files changed, 47 insertions, 4 deletions
diff --git a/debian/NEWS b/debian/NEWS
index fac24aed5..d40a9666a 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -6,7 +6,11 @@ openssh (1:7.1p1-2) UNRELEASED; urgency=medium
   * Support for the legacy SSH version 1 protocol is disabled by default at
     compile time.  Note that this also means that the Cipher keyword in
     ssh_config(5) is effectively no longer usable; use Ciphers instead for
-     protocol 2.
+     protocol 2.  The openssh-client-ssh1 package includes "ssh1", "scp1",
+     and "ssh-keygen1" binaries which you can use if you have no alternative
+     way to connect to an outdated SSH1-only server; please contact the
+     server administrator or system vendor in such cases and ask them to
+     upgrade.
   * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is
     disabled by default at run-time.  It may be re-enabled using the
     instructions at http://www.openssh.com/legacy.html
diff --git a/debian/changelog b/debian/changelog
index 28c547018..bbade1fb8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ openssh (1:7.1p1-2) UNRELEASED; urgency=medium
    more.
  * Add NEWS.Debian documenting cryptographic changes in OpenSSH 7.0
    (closes: #806962).
+  * Add an openssh-client-ssh1 binary package for people who need to connect
+    to outdated SSH1-only servers (closes: #807107).
 -- Colin Watson <cjwatson@debian.org>  Thu, 03 Dec 2015 11:59:32 +0000
diff --git a/debian/control b/debian/control
index a5fabff3a..aba152024 100644
--- a/debian/control
+++ b/debian/control
@@ -42,6 +42,34 @@ Description: secure shell (SSH) client, for secure access to remote machines
 ssh replaces the insecure rsh, rcp and rlogin programs, which are
 obsolete for most purposes.
+Package: openssh-client-ssh1
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, openssh-client (= ${binary:Version})
+Multi-Arch: foreign
+Description: secure shell (SSH) client for legacy SSH1 protocol
+ This is the portable version of OpenSSH, a free implementation of
+ the Secure Shell protocol as specified by the IETF secsh working
+ group.
+ .
+ Ssh (Secure Shell) is a program for logging into a remote machine
+ and for executing commands on a remote machine.
+ It provides secure encrypted communications between two untrusted
+ hosts over an insecure network. X11 connections and arbitrary TCP/IP
+ ports can also be forwarded over the secure channel.
+ It can be used to provide applications with a secure communication
+ channel.
+ .
+ This package provides the ssh1 and scp1 clients and the ssh-keygen1
+ utility, all built with support for the legacy SSH1 protocol. This
+ protocol is obsolete and should not normally be used, but in some cases
+ there may be no alternative way to connect to outdated servers.
+ .
+ In some countries it may be illegal to use any encryption at all
+ without a special permit.
+ .
+ ssh replaces the insecure rsh, rcp and rlogin programs, which are
+ obsolete for most purposes.
 Package: openssh-server
 Priority: optional
 Architecture: any
diff --git a/debian/openssh-client-ssh1.install b/debian/openssh-client-ssh1.install
new file mode 100755
index 000000000..04e7e0c45
--- /dev/null
+++ b/debian/openssh-client-ssh1.install
@@ -0,0 +1,5 @@
+#! /usr/bin/dh-exec
+build-deb-ssh1/scp => usr/bin/scp1
+build-deb-ssh1/ssh => usr/bin/ssh1
+build-deb-ssh1/ssh-keygen => usr/bin/ssh-keygen1
diff --git a/debian/rules b/debian/rules
index 993a70539..e67053cdd 100755
--- a/debian/rules
+++ b/debian/rules
@@ -131,6 +131,7 @@ override_dh_autoreconf-indep:
 override_dh_auto_configure-arch:
        dh_auto_configure -Bbuild-deb -- $(confflags)
+        dh_auto_configure -Bbuild-deb-ssh1 -- $(confflags) --with-ssh1
        dh_auto_configure -Bbuild-udeb -- $(confflags_udeb)
 override_dh_auto_configure-indep:
@@ -141,6 +142,7 @@ override_dh_auto_build-arch:
        cd build-udeb && ./config.status
        $(MAKE) -C build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass'
+        $(MAKE) -C build-deb-ssh1 $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp ssh-keygen
        $(MAKE) -C build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
        $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
@@ -167,7 +169,7 @@ endif
 override_dh_auto_test-indep:
 override_dh_auto_clean:
-        rm -rf build-deb build-udeb
+        rm -rf build-deb build-deb-ssh1 build-udeb
 ifeq ($(RUN_TESTS),yes)
        $(MAKE) -C debian/keygen-test clean
 endif
@@ -201,8 +203,10 @@ override_dh_install-indep:
        dh_install
 override_dh_installdocs:
-        dh_installdocs -Nopenssh-server -Nopenssh-sftp-server
+        dh_installdocs \
-        dh_installdocs -popenssh-server -popenssh-sftp-server \
+                -Nopenssh-client-ssh1 -Nopenssh-server -Nopenssh-sftp-server
+        dh_installdocs \
+                -popenssh-client-ssh1 -popenssh-server -popenssh-sftp-server \
                --link-doc=openssh-client
        # Avoid breaking dh_installexamples later.
        mkdir -p debian/openssh-server/usr/share/doc/openssh-client
author	Colin Watson <cjwatson@debian.org>	2015-12-06 23:41:31 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-12-06 23:41:31 +0000
commit	1ce6d994a71306cc1b3778903d80993b0faeadf9 (patch)
tree	6bd9440b1512aa3579662411a65e511df157ecc0
parent	e83912709e9904b517a4457c49dbf8e7d77abd4a (diff)