diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 9 | ||||
-rw-r--r-- | debian/control | 15 | ||||
-rw-r--r-- | debian/ssh-krb5.NEWS | 18 | ||||
-rw-r--r-- | debian/ssh-krb5.postinst | 61 |
4 files changed, 10 insertions, 93 deletions
diff --git a/debian/changelog b/debian/changelog index 869f89285..f7dcbda83 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,12 @@ | |||
1 | openssh (1:7.6p1-3) UNRELEASED; urgency=medium | ||
2 | |||
3 | * Remove the decade-old ssh-krb5 transitional package; upgrades of | ||
4 | openssh-server will preserve existing configuration, and new | ||
5 | installations should just enable GSSAPIAuthentication and | ||
6 | GSSAPIKeyExchange in sshd_config (closes: #878626). | ||
7 | |||
8 | -- Colin Watson <cjwatson@debian.org> Mon, 16 Oct 2017 10:30:50 +0100 | ||
9 | |||
1 | openssh (1:7.6p1-2) unstable; urgency=medium | 10 | openssh (1:7.6p1-2) unstable; urgency=medium |
2 | 11 | ||
3 | * Apply upstream patch to fix PermitOpen argument handling. | 12 | * Apply upstream patch to fix PermitOpen argument handling. |
diff --git a/debian/control b/debian/control index 6c0449c70..568080c74 100644 --- a/debian/control +++ b/debian/control | |||
@@ -164,24 +164,11 @@ Description: secure shell client and server (metapackage) | |||
164 | and the OpenSSH server. It provides nothing in and of itself, so you | 164 | and the OpenSSH server. It provides nothing in and of itself, so you |
165 | may remove it if nothing depends on it. | 165 | may remove it if nothing depends on it. |
166 | 166 | ||
167 | Package: ssh-krb5 | ||
168 | Section: oldlibs | ||
169 | Priority: optional | ||
170 | Architecture: all | ||
171 | Depends: openssh-client (>= ${binary:Version}), | ||
172 | openssh-server (>= ${binary:Version}), | ||
173 | ${misc:Depends}, | ||
174 | Description: secure shell client and server (transitional package) | ||
175 | This is a transitional package depending on the regular Debian OpenSSH | ||
176 | client and server, which now support GSSAPI natively. It will add the | ||
177 | necessary GSSAPI options to the server configuration file. You can | ||
178 | remove it once the upgrade is complete and nothing depends on it. | ||
179 | |||
180 | Package: ssh-askpass-gnome | 167 | Package: ssh-askpass-gnome |
181 | Section: gnome | 168 | Section: gnome |
182 | Priority: optional | 169 | Priority: optional |
183 | Architecture: any | 170 | Architecture: any |
184 | Depends: openssh-client | ssh (>= 1:1.2pre7-4) | ssh-krb5, | 171 | Depends: openssh-client | ssh (>= 1:1.2pre7-4), |
185 | ${misc:Depends}, | 172 | ${misc:Depends}, |
186 | ${shlibs:Depends}, | 173 | ${shlibs:Depends}, |
187 | Replaces: ssh (<< 1:3.5p1-3), | 174 | Replaces: ssh (<< 1:3.5p1-3), |
diff --git a/debian/ssh-krb5.NEWS b/debian/ssh-krb5.NEWS deleted file mode 100644 index 5a6433ab2..000000000 --- a/debian/ssh-krb5.NEWS +++ /dev/null | |||
@@ -1,18 +0,0 @@ | |||
1 | ssh-krb5 (1:4.3p2-7) unstable; urgency=low | ||
2 | |||
3 | The normal openssh-server and openssh-client packages in Debian now | ||
4 | include full GSSAPI support, including key exchange. This package is | ||
5 | now only a transitional package that depends on openssh-server and | ||
6 | openssh-client and configures openssh-server for GSSAPI authentication | ||
7 | if it wasn't already. | ||
8 | |||
9 | You can now simply install openssh-server and openssh-client directly | ||
10 | and remove this package. Just make sure that /etc/ssh/sshd_config | ||
11 | contains: | ||
12 | |||
13 | GSSAPIAuthentication yes | ||
14 | GSSAPIKeyExchange yes | ||
15 | |||
16 | if you want to support GSSAPI authentication to your ssh server. | ||
17 | |||
18 | -- Russ Allbery <rra@debian.org> Tue, 03 Oct 2006 22:27:27 -0700 | ||
diff --git a/debian/ssh-krb5.postinst b/debian/ssh-krb5.postinst deleted file mode 100644 index f799accfe..000000000 --- a/debian/ssh-krb5.postinst +++ /dev/null | |||
@@ -1,61 +0,0 @@ | |||
1 | #!/bin/sh | ||
2 | |||
3 | set -e | ||
4 | |||
5 | action="$1" | ||
6 | oldversion="$2" | ||
7 | |||
8 | if [ "$action" = configure ] ; then | ||
9 | # Make sure that GSSAPI is enabled. If there is no uncommented GSSAPI | ||
10 | # configuration, uncomment any commented-out configuration if present | ||
11 | # (this will catch the case of a fresh install of openssh-server). | ||
12 | # Otherwise, add configuration turning on GSSAPIAuthentication and | ||
13 | # GSSAPIKeyExchange. | ||
14 | # | ||
15 | # If there is some configuration, we may be upgrading from ssh-krb5. It | ||
16 | # enabled GSSAPIKeyExchange without any configuration option. Therefore, | ||
17 | # if it isn't explicitly set, always enable it for compatible behavior | ||
18 | # with ssh-krb5. | ||
19 | if dpkg --compare-versions "$oldversion" ge 1:4.3p2-9; then | ||
20 | : | ||
21 | else | ||
22 | changed= | ||
23 | if grep -qi '^[ ]*GSSAPI' /etc/ssh/sshd_config ; then | ||
24 | if grep -qi '^[ ]*GSSAPIKeyExchange' /etc/ssh/sshd_config ; then | ||
25 | : | ||
26 | else | ||
27 | changed=true | ||
28 | cat >> /etc/ssh/sshd_config <<EOF | ||
29 | |||
30 | # GSSAPI key exchange (added by ssh-krb5 transitional package) | ||
31 | GSSAPIKeyExchange yes | ||
32 | EOF | ||
33 | fi | ||
34 | else | ||
35 | changed=true | ||
36 | if grep -qi '^#GSSAPI' /etc/ssh/sshd_config ; then | ||
37 | perl -pe 's/^\#(GSSAPI(Authentication|KeyExchange))\b.*/$1 yes/i' \ | ||
38 | < /etc/ssh/sshd_config > /etc/ssh/sshd_config.dpkg-new | ||
39 | chown --reference /etc/ssh/sshd_config \ | ||
40 | /etc/ssh/sshd_config.dpkg-new | ||
41 | chmod --reference /etc/ssh/sshd_config \ | ||
42 | /etc/ssh/sshd_config.dpkg-new | ||
43 | mv /etc/ssh/sshd_config.dpkg-new /etc/ssh/sshd_config | ||
44 | else | ||
45 | cat >> /etc/ssh/sshd_config <<EOF | ||
46 | |||
47 | # GSSAPI authentication (added by ssh-krb5 transitional package) | ||
48 | GSSAPIAuthentication yes | ||
49 | GSSAPIKeyExchange yes | ||
50 | EOF | ||
51 | fi | ||
52 | fi | ||
53 | if [ -n "$changed" ]; then | ||
54 | invoke-rc.d ssh restart | ||
55 | fi | ||
56 | fi | ||
57 | fi | ||
58 | |||
59 | #DEBHELPER# | ||
60 | |||
61 | exit 0 | ||