diff options
author | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2008-05-12 23:33:01 +0000 |
commit | 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch) | |
tree | 92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /debian/control | |
parent | 19ccea525446d5a3c2a176d813c505be81b91cbf (diff) |
* Mitigate OpenSSL security vulnerability:
- Add key blacklisting support. Keys listed in
/etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by
sshd, unless "PermitBlacklistedKeys yes" is set in
/etc/ssh/sshd_config.
- Add a new program, ssh-vulnkey, which can be used to check keys
against these blacklists.
- Depend on openssh-blacklist.
- Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least
0.9.8g-9.
- Automatically regenerate known-compromised host keys, with a
critical-priority debconf note. (I regret that there was no time to
gather translations.)
Diffstat (limited to 'debian/control')
-rw-r--r-- | debian/control | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/debian/control b/debian/control index 290799998..c2bf961eb 100644 --- a/debian/control +++ b/debian/control | |||
@@ -8,7 +8,7 @@ Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.or | |||
8 | 8 | ||
9 | Package: openssh-client | 9 | Package: openssh-client |
10 | Architecture: any | 10 | Architecture: any |
11 | Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, adduser (>= 3.10), dpkg (>= 1.7.0), passwd | 11 | Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, adduser (>= 3.10), dpkg (>= 1.7.0), passwd, libssl0.9.8 (>= 0.9.8g-9) |
12 | Recommends: xauth | 12 | Recommends: xauth |
13 | Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) | 13 | Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) |
14 | Replaces: ssh, ssh-krb5 | 14 | Replaces: ssh, ssh-krb5 |
@@ -37,7 +37,7 @@ Description: secure shell client, an rlogin/rsh/rcp replacement | |||
37 | Package: openssh-server | 37 | Package: openssh-server |
38 | Priority: optional | 38 | Priority: optional |
39 | Architecture: any | 39 | Architecture: any |
40 | Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.0-6) | 40 | Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.0-6), libssl0.9.8 (>= 0.9.8g-9), openssh-blacklist |
41 | Recommends: xauth | 41 | Recommends: xauth |
42 | Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) | 42 | Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7) |
43 | Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5 | 43 | Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5 |
@@ -99,7 +99,7 @@ XC-Package-Type: udeb | |||
99 | Section: debian-installer | 99 | Section: debian-installer |
100 | Priority: optional | 100 | Priority: optional |
101 | Architecture: any | 101 | Architecture: any |
102 | Depends: ${shlibs:Depends}, libnss-files-udeb | 102 | Depends: ${shlibs:Depends}, libnss-files-udeb, libcrypto0.9.8-udeb (>= 0.9.8g-9) |
103 | XB-Installer-Menu-Item: 99900 | 103 | XB-Installer-Menu-Item: 99900 |
104 | Description: secure shell client for the Debian installer | 104 | Description: secure shell client for the Debian installer |
105 | This is the portable version of OpenSSH, a free implementation of | 105 | This is the portable version of OpenSSH, a free implementation of |
@@ -113,7 +113,7 @@ XC-Package-Type: udeb | |||
113 | Section: debian-installer | 113 | Section: debian-installer |
114 | Priority: optional | 114 | Priority: optional |
115 | Architecture: any | 115 | Architecture: any |
116 | Depends: ${shlibs:Depends}, libnss-files-udeb | 116 | Depends: ${shlibs:Depends}, libnss-files-udeb, libcrypto0.9.8-udeb (>= 0.9.8g-9) |
117 | Description: secure shell server for the Debian installer | 117 | Description: secure shell server for the Debian installer |
118 | This is the portable version of OpenSSH, a free implementation of | 118 | This is the portable version of OpenSSH, a free implementation of |
119 | the Secure Shell protocol as specified by the IETF secsh working | 119 | the Secure Shell protocol as specified by the IETF secsh working |