diff options
| -rw-r--r-- | debian/NEWS | 6 | ||||
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/control | 28 | ||||
| -rwxr-xr-x | debian/openssh-client-ssh1.install | 5 | ||||
| -rwxr-xr-x | debian/rules | 10 |
5 files changed, 47 insertions, 4 deletions
diff --git a/debian/NEWS b/debian/NEWS index fac24aed5..d40a9666a 100644 --- a/debian/NEWS +++ b/debian/NEWS | |||
| @@ -6,7 +6,11 @@ openssh (1:7.1p1-2) UNRELEASED; urgency=medium | |||
| 6 | * Support for the legacy SSH version 1 protocol is disabled by default at | 6 | * Support for the legacy SSH version 1 protocol is disabled by default at |
| 7 | compile time. Note that this also means that the Cipher keyword in | 7 | compile time. Note that this also means that the Cipher keyword in |
| 8 | ssh_config(5) is effectively no longer usable; use Ciphers instead for | 8 | ssh_config(5) is effectively no longer usable; use Ciphers instead for |
| 9 | protocol 2. | 9 | protocol 2. The openssh-client-ssh1 package includes "ssh1", "scp1", |
| 10 | and "ssh-keygen1" binaries which you can use if you have no alternative | ||
| 11 | way to connect to an outdated SSH1-only server; please contact the | ||
| 12 | server administrator or system vendor in such cases and ask them to | ||
| 13 | upgrade. | ||
| 10 | * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is | 14 | * Support for the 1024-bit diffie-hellman-group1-sha1 key exchange is |
| 11 | disabled by default at run-time. It may be re-enabled using the | 15 | disabled by default at run-time. It may be re-enabled using the |
| 12 | instructions at http://www.openssh.com/legacy.html | 16 | instructions at http://www.openssh.com/legacy.html |
diff --git a/debian/changelog b/debian/changelog index 28c547018..bbade1fb8 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -6,6 +6,8 @@ openssh (1:7.1p1-2) UNRELEASED; urgency=medium | |||
| 6 | more. | 6 | more. |
| 7 | * Add NEWS.Debian documenting cryptographic changes in OpenSSH 7.0 | 7 | * Add NEWS.Debian documenting cryptographic changes in OpenSSH 7.0 |
| 8 | (closes: #806962). | 8 | (closes: #806962). |
| 9 | * Add an openssh-client-ssh1 binary package for people who need to connect | ||
| 10 | to outdated SSH1-only servers (closes: #807107). | ||
| 9 | 11 | ||
| 10 | -- Colin Watson <cjwatson@debian.org> Thu, 03 Dec 2015 11:59:32 +0000 | 12 | -- Colin Watson <cjwatson@debian.org> Thu, 03 Dec 2015 11:59:32 +0000 |
| 11 | 13 | ||
diff --git a/debian/control b/debian/control index a5fabff3a..aba152024 100644 --- a/debian/control +++ b/debian/control | |||
| @@ -42,6 +42,34 @@ Description: secure shell (SSH) client, for secure access to remote machines | |||
| 42 | ssh replaces the insecure rsh, rcp and rlogin programs, which are | 42 | ssh replaces the insecure rsh, rcp and rlogin programs, which are |
| 43 | obsolete for most purposes. | 43 | obsolete for most purposes. |
| 44 | 44 | ||
| 45 | Package: openssh-client-ssh1 | ||
| 46 | Architecture: any | ||
| 47 | Depends: ${shlibs:Depends}, ${misc:Depends}, openssh-client (= ${binary:Version}) | ||
| 48 | Multi-Arch: foreign | ||
| 49 | Description: secure shell (SSH) client for legacy SSH1 protocol | ||
| 50 | This is the portable version of OpenSSH, a free implementation of | ||
| 51 | the Secure Shell protocol as specified by the IETF secsh working | ||
| 52 | group. | ||
| 53 | . | ||
| 54 | Ssh (Secure Shell) is a program for logging into a remote machine | ||
| 55 | and for executing commands on a remote machine. | ||
| 56 | It provides secure encrypted communications between two untrusted | ||
| 57 | hosts over an insecure network. X11 connections and arbitrary TCP/IP | ||
| 58 | ports can also be forwarded over the secure channel. | ||
| 59 | It can be used to provide applications with a secure communication | ||
| 60 | channel. | ||
| 61 | . | ||
| 62 | This package provides the ssh1 and scp1 clients and the ssh-keygen1 | ||
| 63 | utility, all built with support for the legacy SSH1 protocol. This | ||
| 64 | protocol is obsolete and should not normally be used, but in some cases | ||
| 65 | there may be no alternative way to connect to outdated servers. | ||
| 66 | . | ||
| 67 | In some countries it may be illegal to use any encryption at all | ||
| 68 | without a special permit. | ||
| 69 | . | ||
| 70 | ssh replaces the insecure rsh, rcp and rlogin programs, which are | ||
| 71 | obsolete for most purposes. | ||
| 72 | |||
| 45 | Package: openssh-server | 73 | Package: openssh-server |
| 46 | Priority: optional | 74 | Priority: optional |
| 47 | Architecture: any | 75 | Architecture: any |
diff --git a/debian/openssh-client-ssh1.install b/debian/openssh-client-ssh1.install new file mode 100755 index 000000000..04e7e0c45 --- /dev/null +++ b/debian/openssh-client-ssh1.install | |||
| @@ -0,0 +1,5 @@ | |||
| 1 | #! /usr/bin/dh-exec | ||
| 2 | |||
| 3 | build-deb-ssh1/scp => usr/bin/scp1 | ||
| 4 | build-deb-ssh1/ssh => usr/bin/ssh1 | ||
| 5 | build-deb-ssh1/ssh-keygen => usr/bin/ssh-keygen1 | ||
diff --git a/debian/rules b/debian/rules index 993a70539..e67053cdd 100755 --- a/debian/rules +++ b/debian/rules | |||
| @@ -131,6 +131,7 @@ override_dh_autoreconf-indep: | |||
| 131 | 131 | ||
| 132 | override_dh_auto_configure-arch: | 132 | override_dh_auto_configure-arch: |
| 133 | dh_auto_configure -Bbuild-deb -- $(confflags) | 133 | dh_auto_configure -Bbuild-deb -- $(confflags) |
| 134 | dh_auto_configure -Bbuild-deb-ssh1 -- $(confflags) --with-ssh1 | ||
| 134 | dh_auto_configure -Bbuild-udeb -- $(confflags_udeb) | 135 | dh_auto_configure -Bbuild-udeb -- $(confflags_udeb) |
| 135 | 136 | ||
| 136 | override_dh_auto_configure-indep: | 137 | override_dh_auto_configure-indep: |
| @@ -141,6 +142,7 @@ override_dh_auto_build-arch: | |||
| 141 | cd build-udeb && ./config.status | 142 | cd build-udeb && ./config.status |
| 142 | 143 | ||
| 143 | $(MAKE) -C build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' | 144 | $(MAKE) -C build-deb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' |
| 145 | $(MAKE) -C build-deb-ssh1 $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp ssh-keygen | ||
| 144 | $(MAKE) -C build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen | 146 | $(MAKE) -C build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen |
| 145 | 147 | ||
| 146 | $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG) | 148 | $(MAKE) -C contrib gnome-ssh-askpass2 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG) |
| @@ -167,7 +169,7 @@ endif | |||
| 167 | override_dh_auto_test-indep: | 169 | override_dh_auto_test-indep: |
| 168 | 170 | ||
| 169 | override_dh_auto_clean: | 171 | override_dh_auto_clean: |
| 170 | rm -rf build-deb build-udeb | 172 | rm -rf build-deb build-deb-ssh1 build-udeb |
| 171 | ifeq ($(RUN_TESTS),yes) | 173 | ifeq ($(RUN_TESTS),yes) |
| 172 | $(MAKE) -C debian/keygen-test clean | 174 | $(MAKE) -C debian/keygen-test clean |
| 173 | endif | 175 | endif |
| @@ -201,8 +203,10 @@ override_dh_install-indep: | |||
| 201 | dh_install | 203 | dh_install |
| 202 | 204 | ||
| 203 | override_dh_installdocs: | 205 | override_dh_installdocs: |
| 204 | dh_installdocs -Nopenssh-server -Nopenssh-sftp-server | 206 | dh_installdocs \ |
| 205 | dh_installdocs -popenssh-server -popenssh-sftp-server \ | 207 | -Nopenssh-client-ssh1 -Nopenssh-server -Nopenssh-sftp-server |
| 208 | dh_installdocs \ | ||
| 209 | -popenssh-client-ssh1 -popenssh-server -popenssh-sftp-server \ | ||
| 206 | --link-doc=openssh-client | 210 | --link-doc=openssh-client |
| 207 | # Avoid breaking dh_installexamples later. | 211 | # Avoid breaking dh_installexamples later. |
| 208 | mkdir -p debian/openssh-server/usr/share/doc/openssh-client | 212 | mkdir -p debian/openssh-server/usr/share/doc/openssh-client |