diff options
Diffstat (limited to 'debian/patches/gssapi.patch')
| -rw-r--r-- | debian/patches/gssapi.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index a60a8b4e1..6550ba60b 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
| @@ -1,3 +1,20 @@ | |||
| 1 | Description: GSSAPI key exchange support | ||
| 2 | This patch has been rejected upstream: "None of the OpenSSH developers are | ||
| 3 | in favour of adding this, and this situation has not changed for several | ||
| 4 | years. This is not a slight on Simon's patch, which is of fine quality, | ||
| 5 | but just that a) we don't trust GSSAPI implementations that much and b) we | ||
| 6 | don't like adding new KEX since they are pre-auth attack surface. This one | ||
| 7 | is particularly scary, since it requires hooks out to typically root-owned | ||
| 8 | system resources." | ||
| 9 | . | ||
| 10 | However, quite a lot of people rely on this in Debian, and it's better to | ||
| 11 | have it merged into the main openssh package rather than having separate | ||
| 12 | -krb5 packages (as we used to have). It seems to have a generally good | ||
| 13 | security history. | ||
| 14 | Author: Simon Wilkinson <simon@sxw.org.uk> | ||
| 15 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 | ||
| 16 | Last-Updated: 2010-02-27 | ||
| 17 | |||
| 1 | Index: b/ChangeLog.gssapi | 18 | Index: b/ChangeLog.gssapi |
| 2 | =================================================================== | 19 | =================================================================== |
| 3 | --- /dev/null | 20 | --- /dev/null |