1 files changed, 27 insertions, 5 deletions
diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst
index 4e91098df..ee660165e 100644
--- a/debian/openssh-server.postinst
+++ b/debian/openssh-server.postinst
@@ -72,10 +72,23 @@ set_config_option() {
 }
-remove_obsolete_gssapi() {
+disable_config_option() {
-        grep -qi '^[    ]*GSSAPINoMICAuthentication' /etc/ssh/sshd_config \
+        option="$1"
-                || return 0
-        perl -pe 's/^(\s*GSSAPINoMICAuthentication)/\#$1/i' \
+        value="$(get_config_option "$option")"
+        [ "$value" ] || return 0
+        perl -le '
+                $option = $ARGV[0];
+                while (<STDIN>) {
+                        chomp;
+                        (my $match = $_) =~ s/\s+/ /g;
+                        # TODO: actually only one "=" allowed after option
+                        if ($match =~ s/^(\s*\Q$option\E[[:space:]=]+.*)/#$1/i) {
+                                $_ = $match;
+                        }
+                        print;
+                }' \
                < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
        chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
        chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
@@ -83,6 +96,13 @@ remove_obsolete_gssapi() {
 }
+remove_obsolete_gssapi() {
+        disable_config_option GSSAPINoMICAuthentication
+        disable_config_option GSSUseSessionCCache
+        disable_config_option GSSAPIUseSessionCredCache
+}
 host_keys_required() {
        hostkeys="$(get_config_option HostKey)"
        if [ "$hostkeys" ]; then
@@ -202,7 +222,9 @@ create_sshdconfig() {
                fi
                # Remove obsolete GSSAPI options.
-                remove_obsolete_gssapi
+                if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then
+                    remove_obsolete_gssapi
+                fi
                return 0
            fi

diff --git a/debian/openssh-server.postinst b/debian/openssh-server.postinst index 4e91098df..ee660165e 100644 --- a/debian/openssh-server.postinst +++ b/debian/openssh-server.postinst
@@ -72,10 +72,23 @@ set_config_option() {
72	}	72	}
73		73
74		74
75	remove_obsolete_gssapi() {	75	disable_config_option() {
76	grep -qi '^[ ]*GSSAPINoMICAuthentication' /etc/ssh/sshd_config \	76	option="$1"
77	\|\| return 0	77
78	perl -pe 's/^(\s*GSSAPINoMICAuthentication)/\#$1/i' \	78	value="$(get_config_option "$option")"
		79	[ "$value" ] \|\| return 0
		80
		81	perl -le '
		82	$option = $ARGV[0];
		83	while (<STDIN>) {
		84	chomp;
		85	(my $match = $_) =~ s/\s+/ /g;
		86	# TODO: actually only one "=" allowed after option
		87	if ($match =~ s/^(\s\Q$option\E[[:space:]=]+.)/#$1/i) {
		88	$_ = $match;
		89	}
		90	print;
		91	}' \
79	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new	92	< /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new
80	chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new	93	chown --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
81	chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new	94	chmod --reference /etc/ssh/sshd_config /etc/ssh/sshd_config.dpkg-new
@@ -83,6 +96,13 @@ remove_obsolete_gssapi() {
83	}	96	}
84		97
85		98
		99	remove_obsolete_gssapi() {
		100	disable_config_option GSSAPINoMICAuthentication
		101	disable_config_option GSSUseSessionCCache
		102	disable_config_option GSSAPIUseSessionCredCache
		103	}
		104
		105
86	host_keys_required() {	106	host_keys_required() {
87	hostkeys="$(get_config_option HostKey)"	107	hostkeys="$(get_config_option HostKey)"
88	if [ "$hostkeys" ]; then	108	if [ "$hostkeys" ]; then
@@ -202,7 +222,9 @@ create_sshdconfig() {
202	fi	222	fi
203		223
204	# Remove obsolete GSSAPI options.	224	# Remove obsolete GSSAPI options.
205	remove_obsolete_gssapi	225	if dpkg --compare-versions "$oldversion" lt 1:4.3p2-8; then
		226	remove_obsolete_gssapi
		227	fi
206		228
207	return 0	229	return 0
208	fi	230	fi