summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2017-03-05 16:52:52 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2017-03-05 16:53:06 +0000
commit121831ad33526a7e453cd5bbfed45776dce8b7d2 (patch)
tree61dc2e9263ccea58a677b2788716f822e326da47
parentReleasing progress-linux version 1:7.4p1-6dschinn1. (diff)
downloadopenssh-121831ad33526a7e453cd5bbfed45776dce8b7d2.zip
openssh-121831ad33526a7e453cd5bbfed45776dce8b7d2.tar.xz
Merging debian version 1:7.4p1-7.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/.git-dpm4
-rw-r--r--debian/NEWS12
-rw-r--r--debian/changelog12
-rw-r--r--debian/openssh-server.templates2
-rw-r--r--debian/patches/restore-authorized_keys2.patch35
-rw-r--r--debian/patches/series1
6 files changed, 63 insertions, 3 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index a923bac..78ca326 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-3f1016b4535faf6e48aa71e21569aa714a25193f
-3f1016b4535faf6e48aa71e21569aa714a25193f
+e18d2ba71e6bf009c53e65509da84b712c300471
+e18d2ba71e6bf009c53e65509da84b712c300471
971a7653746a6972b907dfe0ce139c06e4a6f482
971a7653746a6972b907dfe0ce139c06e4a6f482
openssh_7.4p1.orig.tar.gz
diff --git a/debian/NEWS b/debian/NEWS
index cfdf7b5..77c594c 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,15 @@
+openssh (1:7.4p1-7) unstable; urgency=medium
+
+ This version restores the default for AuthorizedKeysFile to search both
+ ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as was the case in
+ Debian configurations before 1:7.4p1-1. Upstream intends to phase out
+ searching ~/.ssh/authorized_keys2 by default, so you should ensure that
+ you are only using ~/.ssh/authorized_keys, at least for critical
+ administrative access; do not assume that the current default will remain
+ in place forever.
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 05 Mar 2017 02:12:42 +0000
+
openssh (1:7.4p1-1) unstable; urgency=medium
OpenSSH 7.4 includes a number of changes that may affect existing
diff --git a/debian/changelog b/debian/changelog
index 06ef6c4..b9ae8bb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,15 @@
+openssh (1:7.4p1-7) unstable; urgency=medium
+
+ * Don't set "PermitRootLogin yes" on fresh installations (regression
+ introduced in 1:7.4p1-1; closes: #852781).
+ * Restore reading authorized_keys2 by default. Upstream seems to intend
+ to gradually phase this out, so don't assume that this will remain the
+ default forever. However, we were late in adopting the upstream
+ sshd_config changes, so it makes sense to extend the grace period
+ (closes: #852320).
+
+ -- Colin Watson <cjwatson@debian.org> Sun, 05 Mar 2017 02:12:42 +0000
+
openssh (1:7.4p1-6dschinn1) dschinn; urgency=medium
* Initial upload to dschinn.
diff --git a/debian/openssh-server.templates b/debian/openssh-server.templates
index 1bc8a33..27907f2 100644
--- a/debian/openssh-server.templates
+++ b/debian/openssh-server.templates
@@ -1,6 +1,6 @@
Template: openssh-server/permit-root-login
Type: boolean
-Default: false
+Default: true
_Description: Disable SSH password authentication for root?
Previous versions of openssh-server permitted logging in as root over SSH
using password authentication. The default for new installations is now
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
new file mode 100644
index 0000000..86da09c
--- /dev/null
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -0,0 +1,35 @@
+From e18d2ba71e6bf009c53e65509da84b712c300471 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Sun, 5 Mar 2017 02:02:11 +0000
+Subject: Restore reading authorized_keys2 by default
+
+Upstream seems to intend to gradually phase this out, so don't assume
+that this will remain the default forever. However, we were late in
+adopting the upstream sshd_config changes, so it makes sense to extend
+the grace period.
+
+Bug-Debian: https://bugs.debian.org/852320
+Forwarded: not-needed
+Last-Update: 2017-03-05
+
+Patch-Name: restore-authorized_keys2.patch
+---
+ sshd_config | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/sshd_config b/sshd_config
+index 4aea6c72..bcf3ac17 100644
+--- a/sshd_config
++++ b/sshd_config
+@@ -36,9 +36,8 @@
+
+ #PubkeyAuthentication yes
+
+-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+-# but this is overridden so installations will only check .ssh/authorized_keys
+-AuthorizedKeysFile .ssh/authorized_keys
++# Expect .ssh/authorized_keys2 to be disregarded by default in future.
++#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
+
+ #AuthorizedPrincipalsFile none
+
diff --git a/debian/patches/series b/debian/patches/series
index fc7dda8..0f5c0be 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -29,6 +29,7 @@ regress-forwarding-race.patch
regress-mktemp.patch
sandbox-x32-workaround.patch
no-dsa-host-key-by-default.patch
+restore-authorized_keys2.patch
progress-linux/0001-ssh-keygen-rsa-size.patch
progress-linux/0002-ssh-keygen-ecdsa-size.patch
progress-linux/0003-ssh-config-protocol-1-removals.patch