* Mitigate OpenSSL security vulnerability:

- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)
author: Colin Watson <cjwatson@debian.org> 2008-05-12 23:33:01 +0000
committer: Colin Watson <cjwatson@debian.org> 2008-05-12 23:33:01 +0000
commit: 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch)
tree: 92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /debian/control
parent: 19ccea525446d5a3c2a176d813c505be81b91cbf (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/debian/control b/debian/control
index 290799998..c2bf961eb 100644
--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,7 @@ Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.or
 Package: openssh-client
 Architecture: any
-Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, adduser (>= 3.10), dpkg (>= 1.7.0), passwd
+Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, adduser (>= 3.10), dpkg (>= 1.7.0), passwd, libssl0.9.8 (>= 0.9.8g-9)
 Recommends: xauth
 Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, ssh-krb5
@@ -37,7 +37,7 @@ Description: secure shell client, an rlogin/rsh/rcp replacement
 Package: openssh-server
 Priority: optional
 Architecture: any
-Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.0-6)
+Depends: ${shlibs:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.0-6), libssl0.9.8 (>= 0.9.8g-9), openssh-blacklist
 Recommends: xauth
 Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
@@ -99,7 +99,7 @@ XC-Package-Type: udeb
 Section: debian-installer
 Priority: optional
 Architecture: any
-Depends: ${shlibs:Depends}, libnss-files-udeb
+Depends: ${shlibs:Depends}, libnss-files-udeb, libcrypto0.9.8-udeb (>= 0.9.8g-9)
 XB-Installer-Menu-Item: 99900
 Description: secure shell client for the Debian installer
 This is the portable version of OpenSSH, a free implementation of
@@ -113,7 +113,7 @@ XC-Package-Type: udeb
 Section: debian-installer
 Priority: optional
 Architecture: any
-Depends: ${shlibs:Depends}, libnss-files-udeb
+Depends: ${shlibs:Depends}, libnss-files-udeb, libcrypto0.9.8-udeb (>= 0.9.8g-9)
 Description: secure shell server for the Debian installer
 This is the portable version of OpenSSH, a free implementation of
 the Secure Shell protocol as specified by the IETF secsh working
author	Colin Watson <cjwatson@debian.org>	2008-05-12 23:33:01 +0000
committer	Colin Watson <cjwatson@debian.org>	2008-05-12 23:33:01 +0000
commit	47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch)
tree	92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /debian/control
parent	19ccea525446d5a3c2a176d813c505be81b91cbf (diff)

diff --git a/debian/control b/debian/control index 290799998..c2bf961eb 100644 --- a/debian/control +++ b/debian/control
@@ -8,7 +8,7 @@ Uploaders: Colin Watson <cjwatson@debian.org>, Matthew Vernon <matthew@debian.or
8		8
9	Package: openssh-client	9	Package: openssh-client
10	Architecture: any	10	Architecture: any
11	Depends: ${shlibs:Depends}, debconf (>= 1.2.0) \| debconf-2.0, adduser (>= 3.10), dpkg (>= 1.7.0), passwd	11	Depends: ${shlibs:Depends}, debconf (>= 1.2.0) \| debconf-2.0, adduser (>= 3.10), dpkg (>= 1.7.0), passwd, libssl0.9.8 (>= 0.9.8g-9)
12	Recommends: xauth	12	Recommends: xauth
13	Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)	13	Conflicts: ssh (<< 1:3.8.1p1-9), sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
14	Replaces: ssh, ssh-krb5	14	Replaces: ssh, ssh-krb5
@@ -37,7 +37,7 @@ Description: secure shell client, an rlogin/rsh/rcp replacement
37	Package: openssh-server	37	Package: openssh-server
38	Priority: optional	38	Priority: optional
39	Architecture: any	39	Architecture: any
40	Depends: ${shlibs:Depends}, debconf (>= 1.2.0) \| debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.0-6)	40	Depends: ${shlibs:Depends}, debconf (>= 1.2.0) \| debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.0-6), libssl0.9.8 (>= 0.9.8g-9), openssh-blacklist
41	Recommends: xauth	41	Recommends: xauth
42	Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)	42	Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
43	Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5	43	Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
@@ -99,7 +99,7 @@ XC-Package-Type: udeb
99	Section: debian-installer	99	Section: debian-installer
100	Priority: optional	100	Priority: optional
101	Architecture: any	101	Architecture: any
102	Depends: ${shlibs:Depends}, libnss-files-udeb	102	Depends: ${shlibs:Depends}, libnss-files-udeb, libcrypto0.9.8-udeb (>= 0.9.8g-9)
103	XB-Installer-Menu-Item: 99900	103	XB-Installer-Menu-Item: 99900
104	Description: secure shell client for the Debian installer	104	Description: secure shell client for the Debian installer
105	This is the portable version of OpenSSH, a free implementation of	105	This is the portable version of OpenSSH, a free implementation of
@@ -113,7 +113,7 @@ XC-Package-Type: udeb
113	Section: debian-installer	113	Section: debian-installer
114	Priority: optional	114	Priority: optional
115	Architecture: any	115	Architecture: any
116	Depends: ${shlibs:Depends}, libnss-files-udeb	116	Depends: ${shlibs:Depends}, libnss-files-udeb, libcrypto0.9.8-udeb (>= 0.9.8g-9)
117	Description: secure shell server for the Debian installer	117	Description: secure shell server for the Debian installer
118	This is the portable version of OpenSSH, a free implementation of	118	This is the portable version of OpenSSH, a free implementation of
119	the Secure Shell protocol as specified by the IETF secsh working	119	the Secure Shell protocol as specified by the IETF secsh working