Debian Bug report logs - #231472
please provide a second openssh-client package

version graph

Package: openssh; Maintainer for openssh is Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>;

Reported by: Eric Dorland <eric@debian.org>

Date: Fri, 6 Feb 2004 20:33:04 UTC

Severity: normal

Tags: patch

Merged with 240077, 355274, 409844, 481769, 493029, 500445, 505277

Found in versions 1:5.1p1-1.1, 1:5.1p1-3

Fixed in version openssh/1:5.4p1-2

Done: Colin Watson <cjwatson@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Eric Dorland <eric@debian.org>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: please include opensc support
Date: Fri, 06 Feb 2004 15:22:43 -0500
Package: ssh
Version: 1:3.6.1p2-11
Severity: wishlist

I've recently uploaded the opensc package to unstable. It contains
infrastructure for supporting smart cards and usb tokens. OpenSSH can be
compiled with opensc support (see ./configure --help, --with-opensc
switch). It would be great to be able to incorporate the opensc support
into openssh. I'm eager to send you a patch for enable this support, but
I'm not sure how you would like to go about it. If it was enabled in the
current openssh package, I would need to put opensc in standard which
may not be popular (although if smart card usage takes off this move may
make sense). Or would you prefer to have a seperate package (ssh-sc or
something) that is contains the opensc enabled ssh?

Eagerly awaiting your reponse :)

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.0
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages ssh depends on:
ii  adduser                     3.51         Add and remove users and groups
ii  debconf                     1.4.8        Debian configuration management sy
ii  dpkg                        1.10.18      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-11 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-15      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-15      Runtime support for the PAM librar
ii  libpam0g                    0.76-15      Pluggable Authentication Modules l
ii  libssl0.9.7                 0.9.7c-5     SSL shared libraries
ii  libwrap0                    7.6-ipv6.1-3 Wietse Venema's TCP wrappers libra
ii  zlib1g                      1:1.2.1-3    compression library - runtime

-- debconf information excluded




Bug 231472 cloned as bug 236981. Request was from Eric Dorland <eric@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #12 received at 231472@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Alessandro Razeto <eto@linux.it>, 240077@bugs.debian.org
Cc: 231472@bugs.debian.org, control@bugs.debian.org
Subject: Re: Bug#240077: ssh: why not to compile with opensc?
Date: Thu, 25 Mar 2004 18:56:47 +0000
tags 240077 - experimental sid
merge 231472 240077
thanks

On Thu, Mar 25, 2004 at 07:02:41PM +0100, Alessandro Razeto wrote:
> Package: ssh
> Version: 1:3.8p1-2
> Severity: wishlist
> Tags: experimental sid
> 
> I think it could be usefull to compile ssh with opensc support, which
> is already included in the source files. 
> One need only to add to debian/rules the --opensc=/usr directive to
> configure and add the source dependancy to libopensc0-dev.

Wouldn't that produce a binary package that depends on libopensc0,
thereby requiring everyone with ssh to install that library? It would
have to be a separate package, and I have concerns about the
maintainability of that approach.

Please search for existing bugs before filing new ones, by the way;
searching for "opensc" in ssh's bug page immediately finds #231472.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Merged 231472 240077. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Andreas Jellinghaus <aj@dungeon.inka.de>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #19 received at 231472@bugs.debian.org (full text, mbox):

From: Andreas Jellinghaus <aj@dungeon.inka.de>
To: Colin Watson <cjwatson@debian.org>, 240077@bugs.debian.org
Cc: Alessandro Razeto <eto@linux.it>, 231472@bugs.debian.org
Subject: Re: Bug#240077: ssh: why not to compile with opensc?
Date: Thu, 25 Mar 2004 23:10:37 +0100
> Wouldn't that produce a binary package that depends on libopensc0,
> thereby requiring everyone with ssh to install that library?

yes, and opensc is compiled to use either openct or pcsc-lite
(has a library package, too) or both. and opensc is usualy linked
against openssl.

so yes, the result might be considered big and fat.

in comparison, microsoft has it's crypto api with the
cryptografic service provider, which is a nice design.
step by step the unix collection of grown libraries
is improved towards a similar architecture.

the whole situation is made worse by the fact, there
are many different projects implementing a similiar
set of functions, for example the many crypto libraries
out there, or openssl, gnutls and other library offering
tls (libnss is there at least, maybe others?).

and there is the plan of every project to support everything,
for example opensc not only supports pcsc-lite so ifdhandler
format drivers can be used, it also has build in support for
ct-api format drivers, it had for a while an internal framework
for usb tokens, which was replaced by the new openct driver
and middleware that opensc supports, too.

also while opensc currently uses openssl (but can be compiled
without at reduced functionality), there are aims to be able
to use gnutls as well, but to my knowledge gnutls has a long
way to go for offering the same features that openssl has.
and opensc not only uses openssl, but also has two libraries,
so called engines, that openssl can use to access smart
cards.

and don't forget nss, which cannot be used by opensc so far,
but nss can use any library implementing the pkcs#11 interface,
and opensc is implementing that.

if all that double and tripple functionality isn't enough,
opensc supports quite a number of smart cards, and is
gaining support for new ones step by step. each smart
card (operating system) is incompatible to each other,
so these (opensc internal) drivers are necesssary.

confused? I'm sorry. Let's go back to openssh.

While it would be utterly cool to have opensc support
in debian, I already expectet that you don't want it,
because of the many libraries.

But could you create a second package with opensc support
and maintain both? the differences are:
 - one configure flage: --with-opensc
 - one build dependency in the control: libopensc-dev
   (which results in several build and runtime library
   dependencies)
 - one patch (for ssh to ask for the pin openssh needs
   a redesign of some part, which markus (openssh developer)
   didn't find time so far to do. out patch is not that ugly,
   but not the clean design they like to have either. it does
   not touch anything outside the smart card related code.)

everything else is the same, not even changes in documentation,
config files, or debconf questions or anything. so three
simple changes, that's why it might be easier for you
to maintain two openssh versions in parallel.

Thanks for your attention.

Regards, Andreas Jellinghaus
(opensc & openct developer :-)




Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Eric Dorland <eric@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #24 received at 231472@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: 240077@bugs.debian.org, 231472@bugs.debian.org
Cc: control@bugs.debian.org
Subject: patch to build a ssh-opensc package
Date: Mon, 3 May 2004 00:12:03 -0400
[Message part 1 (text/plain, inline)]
tags 240077 patch
tags 231472 patch
thanks

And here's the patch. I basically kept the same rules file and just
added some makefile magic to make it compile box versions of the
packages. Let me know what you think/any problems.

-- 
Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 
------END GEEK CODE BLOCK------
[ssh-opensc.diff (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]

Tags added: patch Request was from Eric Dorland <eric@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch Request was from Eric Dorland <eric@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #33 received at 231472@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: Eric Dorland <eric@debian.org>, 240077@bugs.debian.org
Cc: 231472@bugs.debian.org
Subject: Re: Bug#240077: patch to build a ssh-opensc package
Date: Mon, 3 May 2004 09:17:28 +0100
On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> And here's the patch. I basically kept the same rules file and just
> added some makefile magic to make it compile box versions of the
> packages. Let me know what you think/any problems.

It's unlikely to apply very well the first time when this can be looked
at, i.e. after sarge, since the client and server will be split out
then.

I have a general objection, though: consider N features in OpenSSH which
require extra libraries (there are a few filed as other bugs, IIRC). How
many packages am I supposed to build? N? 2^N? Dealing with configuration
files would be a total nightmare. And so on. As I said in my original
mail to you, "It would have to be a separate package, and I have
concerns about the maintainability of that approach."

I'd rather wait until we split out client and server, then build the
server with some extra features by default since the server will be in
optional rather than standard.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Eric Dorland <eric@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #38 received at 231472@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: Colin Watson <cjwatson@debian.org>
Cc: Eric Dorland <eric@debian.org>, 240077@bugs.debian.org, 231472@bugs.debian.org
Subject: Re: Bug#240077: patch to build a ssh-opensc package
Date: Mon, 3 May 2004 20:56:21 -0400
[Message part 1 (text/plain, inline)]
* Colin Watson (cjwatson@debian.org) wrote:
> On Mon, May 03, 2004 at 12:12:03AM -0400, Eric Dorland wrote:
> > And here's the patch. I basically kept the same rules file and just
> > added some makefile magic to make it compile box versions of the
> > packages. Let me know what you think/any problems.
> 
> It's unlikely to apply very well the first time when this can be looked
> at, i.e. after sarge, since the client and server will be split out
> then.

No problem, I can redo the patch then, but lets keep it around for
reference. 

> I have a general objection, though: consider N features in OpenSSH which
> require extra libraries (there are a few filed as other bugs, IIRC). How
> many packages am I supposed to build? N? 2^N? Dealing with configuration
> files would be a total nightmare. And so on. As I said in my original
> mail to you, "It would have to be a separate package, and I have
> concerns about the maintainability of that approach."

I understand that point of view, but I also would love to see this
functionality in ssh (and I'm sure others have features they'd like to
see). Would you be amenable to doing something similar to the exim4
maintainers -heavy and -light packages? This way you only need C=2
packages :)

I'm not sure what you mean by dealing with the configuration files,
but I don't think the opensc support adds any addition configuration
options...
 
> I'd rather wait until we split out client and server, then build the
> server with some extra features by default since the server will be in
> optional rather than standard.

Well the opensc library would affect the client, not the server
(actually it may be used on the server as well, I'm not sure...), so
it wouldn't be used in the server. 

-- 
Eric Dorland <eric.dorland@mail.mcgill.ca>
ICQ: #61138586, Jabber: hooty@jabber.com
1024D/16D970C6 097C 4861 9934 27A0 8E1C  2B0A 61E9 8ECF 16D9 70C6

-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS d- s++: a-- C+++ UL+++ P++ L++ E++ W++ N+ o K- w+ 
O? M++ V-- PS+ PE Y+ PGP++ t++ 5++ X+ R tv++ b+++ DI+ D+ 
G e h! r- y+ 
------END GEEK CODE BLOCK------
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to Eric Dorland <eric@debian.org>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #43 received at 231472@bugs.debian.org (full text, mbox):

From: Eric Dorland <eric@debian.org>
To: Debian Bug Tracking System <231472@bugs.debian.org>
Subject: opensc support
Date: Mon, 13 Jun 2005 15:16:10 -0400
Package: openssh
Followup-For: Bug #231472

Hi,

Now that sarge is released (horray), any thoughts on including this
support in your package. I'm willing to do the heavy lifting, and
probably the best approach would be a seperate package with the opensc
support built in. Let me know what you think.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.11
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)



Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Message #46 received at 231472@bugs.debian.org (full text, mbox):

From: martin f krafft <madduck@debian.org>
To: 231472@bugs.debian.org
Subject: status?
Date: Sun, 5 Feb 2006 19:55:59 +0100
[Message part 1 (text/plain, inline)]
What is the status on this wishlist request?

-- 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP (sub)keys? Use subkeys.pgp.net as keyserver!
 
always remember you're unique, just like everyone else.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Matthew Vernon <matthew@debian.org>:
Bug#231472; Package ssh. Full text and rfc822 format available.

Acknowledgement sent to David Schmitt <david@schmitt.edv-bus.at>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <matthew@debian.org>. Full text and rfc822 format available.

Message #51 received at 231472@bugs.debian.org (full text, mbox):

From: David Schmitt <david@schmitt.edv-bus.at>
To: 231472@bugs.debian.org
Subject: status?
Date: Mon, 5 Feb 2007 20:42:41 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


What is the status on this wishlist request?



Regards, David

PS: Since martin's question is more than a year old, I dare to re-send the 
question.

- -- 
- - hallo... wie gehts heute?
- - *hust* gut *rotz* *keuch*
- - gott sei dank kommunizieren wir ├╝ber ein septisches medium ;)
 -- Matthias Leeb, Uni f. angewandte Kunst, 2005-02-15
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFx4i0/Pp1N6Uzh0URAqwVAJ9Uu2UZjp3wuEF2cHs4+8zvcucb7gCgjOjf
BDBRVS1SgH6K4XUvx4PDCn8=
=5K+f
-----END PGP SIGNATURE-----



Bug reassigned from package `ssh' to `openssh'. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 231472 240077 409844. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Merged 231472 240077 355274 409844 481769. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (Sun, 18 May 2008 13:48:04 GMT) Full text and rfc822 format available.

Merged 231472 240077 355274 409844 481769 500445. Request was from Adam D. Barratt <adam@adam-barratt.org.uk> to control@bugs.debian.org. (Sun, 28 Sep 2008 12:36:07 GMT) Full text and rfc822 format available.

Merged 231472 240077 355274 409844 481769 493029 500445 505277. Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (Wed, 31 Mar 2010 10:21:10 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:11 GMT) Full text and rfc822 format available.

Notification sent to Eric Dorland <eric@debian.org>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:11 GMT) Full text and rfc822 format available.

Message #66 received at 231472-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 231472-close@bugs.debian.org
Subject: Bug#231472: fixed in openssh 1:5.4p1-1
Date: Tue, 06 Apr 2010 22:45:12 +0000
Source: openssh
Source-Version: 1:5.4p1-1

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_5.4p1-1_i386.udeb
  to main/o/openssh/openssh-client-udeb_5.4p1-1_i386.udeb
openssh-client_5.4p1-1_i386.deb
  to main/o/openssh/openssh-client_5.4p1-1_i386.deb
openssh-server-udeb_5.4p1-1_i386.udeb
  to main/o/openssh/openssh-server-udeb_5.4p1-1_i386.udeb
openssh-server_5.4p1-1_i386.deb
  to main/o/openssh/openssh-server_5.4p1-1_i386.deb
openssh_5.4p1-1.debian.tar.gz
  to main/o/openssh/openssh_5.4p1-1.debian.tar.gz
openssh_5.4p1-1.dsc
  to main/o/openssh/openssh_5.4p1-1.dsc
openssh_5.4p1.orig.tar.gz
  to main/o/openssh/openssh_5.4p1.orig.tar.gz
ssh-askpass-gnome_5.4p1-1_i386.deb
  to main/o/openssh/ssh-askpass-gnome_5.4p1-1_i386.deb
ssh-krb5_5.4p1-1_all.deb
  to main/o/openssh/ssh-krb5_5.4p1-1_all.deb
ssh_5.4p1-1_all.deb
  to main/o/openssh/ssh_5.4p1-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 231472@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 06 Apr 2010 22:38:31 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source all i386
Version: 1:5.4p1-1
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 231472 270399 280609 360151 428082 431538 482806 496843 531561 555625 575725
Changes: 
 openssh (1:5.4p1-1) unstable; urgency=low
 .
   * New upstream release (LP: #535029).
     - After a transition period of about 10 years, this release disables SSH
       protocol 1 by default.  Clients and servers that need to use the
       legacy protocol must explicitly enable it in ssh_config / sshd_config
       or on the command-line.
     - Remove the libsectok/OpenSC-based smartcard code and add support for
       PKCS#11 tokens.  This support is enabled by default in the Debian
       packaging, since it now doesn't involve additional library
       dependencies (closes: #231472, LP: #16918).
     - Add support for certificate authentication of users and hosts using a
       new, minimal OpenSSH certificate format (closes: #482806).
     - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
     - Add the ability to revoke keys in sshd(8) and ssh(1).  (For the Debian
       package, this overlaps with the key blacklisting facility added in
       openssh 1:4.7p1-9, but with different file formats and slightly
       different scopes; for the moment, I've roughly merged the two.)
     - Various multiplexing improvements, including support for requesting
       port-forwardings via the multiplex protocol (closes: #360151).
     - Allow setting an explicit umask on the sftp-server(8) commandline to
       override whatever default the user has (closes: #496843).
     - Many sftp client improvements, including tab-completion, more options,
       and recursive transfer support for get/put (LP: #33378).  The old
       mget/mput commands never worked properly and have been removed
       (closes: #270399, #428082).
     - Do not prompt for a passphrase if we fail to open a keyfile, and log
       the reason why the open failed to debug (closes: #431538).
     - Prevent sftp from crashing when given a "-" without a command.  Also,
       allow whitespace to follow a "-" (closes: #531561).
 .
   * Fix 'debian/rules quilt-setup' to avoid writing .orig files if some
     patches apply with offsets.
   * Include debian/ssh-askpass-gnome.png in the Debian tarball now that
     we're using a source format that permits this, rather than messing
     around with uudecode.
   * Drop compatibility with the old gssapi mechanism used in ssh-krb5 <<
     3.8.1p1-1.  Simon Wilkinson refused this patch since the old gssapi
     mechanism was removed due to a serious security hole, and since these
     versions of ssh-krb5 are no longer security-supported by Debian I don't
     think there's any point keeping client compatibility for them.
   * Fix substitution of ETC_PAM_D_SSH, following the rename in 1:4.7p1-4.
   * Hardcode the location of xauth to /usr/bin/xauth rather than
     /usr/bin/X11/xauth (thanks, Aron Griffis; closes: #575725, LP: #8440).
     xauth no longer depends on x11-common, so we're no longer guaranteed to
     have the /usr/bin/X11 symlink available.  I was taking advantage of the
     /usr/bin/X11 symlink to smooth X's move to /usr/bin, but this is far
     enough in the past now that it's probably safe to just use /usr/bin.
   * Remove SSHD_OOM_ADJUST configuration.  sshd now unconditionally makes
     itself non-OOM-killable, and doesn't require configuration to avoid log
     spam in virtualisation containers (closes: #555625).
   * Drop Debian-specific removal of OpenSSL version check.  Upstream ignores
     the two patchlevel nybbles now, which is sufficient to address the
     original reason this change was introduced, and it appears that any
     change in the major/minor/fix nybbles would involve a new libssl package
     name.  (We'd still lose if the status nybble were ever changed, but that
     would mean somebody had packaged a development/beta version rather than
     a proper release, which doesn't appear to be normal practice.)
   * Drop most of our "LogLevel SILENT" (-qq) patch.  This was originally
     introduced to match the behaviour of non-free SSH, in which -q does not
     suppress fatal errors, but matching the behaviour of OpenSSH upstream is
     much more important nowadays.  We no longer document that -q does not
     suppress fatal errors (closes: #280609).  Migrate "LogLevel SILENT" to
     "LogLevel QUIET" in sshd_config on upgrade.
   * Policy version 3.8.4:
     - Add a Homepage field.
Checksums-Sha1: 
 6ee9e148ad9cf2a41c9739e7965d4c0a718668ae 1694 openssh_5.4p1-1.dsc
 2a3042372f08afb1415ceaec8178213276a36302 1094604 openssh_5.4p1.orig.tar.gz
 7379e94c120ed0d3f17eac6aabe32f840a487b8f 233154 openssh_5.4p1-1.debian.tar.gz
 43273fef00b41b1922fcf16f1a923a2d9c0bd56c 1240 ssh_5.4p1-1_all.deb
 864e5c7c5efd1dc734d8759e68c8ad0b4ed93fed 93012 ssh-krb5_5.4p1-1_all.deb
 ad9b4a4f0bd27e04a43e9ff82750572457613950 875794 openssh-client_5.4p1-1_i386.deb
 a8969c78a0095b2640d6357340ee1b4e9b3621d2 297168 openssh-server_5.4p1-1_i386.deb
 df0666a31c0ea53070eee66ed16b8fef666b0564 100386 ssh-askpass-gnome_5.4p1-1_i386.deb
 801090e864540ee1342f7016ab9b643b43338075 193232 openssh-client-udeb_5.4p1-1_i386.udeb
 1f4c2cf71da9c384b6e48c01d0c72d8e5a6349d6 218024 openssh-server-udeb_5.4p1-1_i386.udeb
Checksums-Sha256: 
 b58014a46751c6876cf2abac8c1b4ff7691fe0787ffe3a2fdb094990c3741b77 1694 openssh_5.4p1-1.dsc
 ae96e70d04104824ab10f0d7aaef4584ac96b2a870adfcd8b457d836c8c5404e 1094604 openssh_5.4p1.orig.tar.gz
 6971cbdcb59cea5dda29fe5c31939c3415f50635897d74a82dd8a47954398064 233154 openssh_5.4p1-1.debian.tar.gz
 705fca4ded8f01f979f5d2d67307f77fa9249378cc648b1b1e9f5de3bd5d4ac8 1240 ssh_5.4p1-1_all.deb
 4ad7484b82c45881c756a5f526660942cd48fc0ee945448980c4aa836ec6e562 93012 ssh-krb5_5.4p1-1_all.deb
 94b0cfcb92f58d30147022d86a277200bd700a80877c917fae67d4c33ebf5051 875794 openssh-client_5.4p1-1_i386.deb
 8108aecb229def39e38ccdcd68940ca7511177d7c04513bcd152755aa493c9bb 297168 openssh-server_5.4p1-1_i386.deb
 926472da43dee63355e2478a04c426b5a6af4a0f1d300f13c6825a9105c0f703 100386 ssh-askpass-gnome_5.4p1-1_i386.deb
 5f3d90b896c39976432e4a1a003578945f044faa786dff13eb6f6769552e829b 193232 openssh-client-udeb_5.4p1-1_i386.udeb
 e85187674d0b3b7e42780d10b9f163d297e372269cac1d7ab9f593dc4d38ef2f 218024 openssh-server-udeb_5.4p1-1_i386.udeb
Files: 
 632afff272e44d3ed316e78566dfc746 1694 net standard openssh_5.4p1-1.dsc
 da10af8a789fa2e83e3635f3a1b76f5e 1094604 net standard openssh_5.4p1.orig.tar.gz
 b7f81be1721ff7a9701069198b02dba5 233154 net standard openssh_5.4p1-1.debian.tar.gz
 3b7776f10b9fd2ef5911db5ebd48ae5a 1240 net extra ssh_5.4p1-1_all.deb
 2f9e0b2b11912749e1dde01f38d1a1f1 93012 net extra ssh-krb5_5.4p1-1_all.deb
 984ad564b3c6fa2d73036ab50b68353f 875794 net standard openssh-client_5.4p1-1_i386.deb
 9394971388afc25b31500d435ae8af65 297168 net optional openssh-server_5.4p1-1_i386.deb
 e5abea75351c1737d6f4f61bd23983b8 100386 gnome optional ssh-askpass-gnome_5.4p1-1_i386.deb
 04e5101bcc8b4d02904efb8bbc169b9c 193232 debian-installer optional openssh-client-udeb_5.4p1-1_i386.udeb
 2debab4885b293f2777b2ee36cbcbeaa 218024 debian-installer optional openssh-server-udeb_5.4p1-1_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFLu6sC9t0zAhD6TNERAi7BAJ9CuOPsPweVIdZWYeW46XtLsSEe2wCfSvfN
l+75IGaMwDbORvZOAryllMQ=
=88S0
-----END PGP SIGNATURE-----





Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:11 GMT) Full text and rfc822 format available.

Notification sent to Alessandro Razeto <eto@linux.it>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:11 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:11 GMT) Full text and rfc822 format available.

Notification sent to Peter Marschall <peter@adpm.de>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:11 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:12 GMT) Full text and rfc822 format available.

Notification sent to Luke Kenneth Casson Leighton <lkcl@lkcl.net>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:12 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:12 GMT) Full text and rfc822 format available.

Notification sent to Patrick Winnertz <winnie@debian.org>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:13 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:13 GMT) Full text and rfc822 format available.

Notification sent to Patrick Winnertz <winnie@debian.org>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:13 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:14 GMT) Full text and rfc822 format available.

Notification sent to Christoph Goehre <christoph.goehre@gmx.de>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:14 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Tue, 06 Apr 2010 22:48:14 GMT) Full text and rfc822 format available.

Notification sent to Luigi Sportelli <gigiozzz@gmail.com>:
Bug acknowledged by developer. (Tue, 06 Apr 2010 22:48:14 GMT) Full text and rfc822 format available.

Bug No longer marked as fixed in versions openssh/1:5.4p1-1 and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 08 Apr 2010 10:00:15 GMT) Full text and rfc822 format available.

Changed Bug title to 'pkcs#11 not working correctly' from 'please include opensc support' Request was from Patrick Winnertz <winnie@debian.org> to control@bugs.debian.org. (Thu, 08 Apr 2010 10:00:18 GMT) Full text and rfc822 format available.

Severity set to 'normal' from 'wishlist' Request was from Patrick Winnertz <winnie@debian.org> to control@bugs.debian.org. (Thu, 08 Apr 2010 10:00:21 GMT) Full text and rfc822 format available.

Changed Bug title to 'please provide a second openssh-client package' from 'pkcs#11 not working correctly' Request was from Colin Watson <cjwatson@debian.org> to control@bugs.debian.org. (Fri, 09 Apr 2010 10:12:06 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:07 GMT) Full text and rfc822 format available.

Notification sent to Eric Dorland <eric@debian.org>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:07 GMT) Full text and rfc822 format available.

Message #114 received at 231472-close@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: 231472-close@bugs.debian.org
Subject: Bug#231472: fixed in openssh 1:5.4p1-2
Date: Sat, 10 Apr 2010 00:33:58 +0000
Source: openssh
Source-Version: 1:5.4p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_5.4p1-2_i386.udeb
  to main/o/openssh/openssh-client-udeb_5.4p1-2_i386.udeb
openssh-client_5.4p1-2_i386.deb
  to main/o/openssh/openssh-client_5.4p1-2_i386.deb
openssh-server-udeb_5.4p1-2_i386.udeb
  to main/o/openssh/openssh-server-udeb_5.4p1-2_i386.udeb
openssh-server_5.4p1-2_i386.deb
  to main/o/openssh/openssh-server_5.4p1-2_i386.deb
openssh_5.4p1-2.debian.tar.gz
  to main/o/openssh/openssh_5.4p1-2.debian.tar.gz
openssh_5.4p1-2.dsc
  to main/o/openssh/openssh_5.4p1-2.dsc
ssh-askpass-gnome_5.4p1-2_i386.deb
  to main/o/openssh/ssh-askpass-gnome_5.4p1-2_i386.deb
ssh-krb5_5.4p1-2_all.deb
  to main/o/openssh/ssh-krb5_5.4p1-2_all.deb
ssh_5.4p1-2_all.deb
  to main/o/openssh/ssh_5.4p1-2_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 231472@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 10 Apr 2010 01:08:59 +0100
Source: openssh
Binary: openssh-client openssh-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb
Architecture: source i386 all
Version: 1:5.4p1-2
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - secure shell (SSH) client, for secure access to remote machines
 openssh-client-udeb - secure shell client for the Debian installer (udeb)
 openssh-server - secure shell (SSH) server, for secure access from remote machines
 openssh-server-udeb - secure shell server for the Debian installer (udeb)
 ssh        - secure shell client and server (metapackage)
 ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad
 ssh-krb5   - secure shell client and server (transitional package)
Closes: 231472 572049
Changes: 
 openssh (1:5.4p1-2) unstable; urgency=low
 .
   * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is
     installed, the host key is published in an SSHFP RR secured with DNSSEC,
     and VerifyHostKeyDNS=yes, then ssh will no longer prompt for host key
     verification (closes: #572049).
   * Convert to dh(1), and use dh_installdocs --link-doc.
   * Drop lpia support, since Ubuntu no longer supports this architecture.
   * Use dh_install more effectively.
   * Add a NEWS.Debian entry about changes in smartcard support relative to
     previous unofficial builds (closes: #231472).
Checksums-Sha1: 
 ea065da0e91177a3c8ca887f3a68406d8466277f 1690 openssh_5.4p1-2.dsc
 2d3006e63aa153214c7c175fcd401996c4af7c86 234525 openssh_5.4p1-2.debian.tar.gz
 89c2caf631701fc2a8f52f1622c490db541565fa 876046 openssh-client_5.4p1-2_i386.deb
 20514d8bec72ec19563c7af480afd8acea14cd12 297258 openssh-server_5.4p1-2_i386.deb
 9db91b10991b8f130454462311e69a778b5452b9 1244 ssh_5.4p1-2_all.deb
 2a96b0e4dc2d99678c3b06480983ddd0f01215e9 93252 ssh-krb5_5.4p1-2_all.deb
 4d9f2487628608f04a51d26fa792e604385fefbf 100820 ssh-askpass-gnome_5.4p1-2_i386.deb
 4cbeb61c06224280f3fd62006f89333f59d166dc 193214 openssh-client-udeb_5.4p1-2_i386.udeb
 9bcc826cee302b59fc93e8d534d7a35fb6c5223e 218002 openssh-server-udeb_5.4p1-2_i386.udeb
Checksums-Sha256: 
 db66d52a2485dc4f3aeb93fd0c0c852f5ccf546251e9d1312b16e9a03bebb062 1690 openssh_5.4p1-2.dsc
 a31b5362c427d2d635646d0fdde1beff5f05f44323c087d5b96c32cbe387073c 234525 openssh_5.4p1-2.debian.tar.gz
 b38e81eaf0945ff5a029ff8e6e64d3b3d63b4230d76294eed65aadc2cafcfc85 876046 openssh-client_5.4p1-2_i386.deb
 51271b715e7e679dffbfe242d504ad3025711996e691e5fa3974cce7c216bdfe 297258 openssh-server_5.4p1-2_i386.deb
 400bc095d6a50768c953e2ece951eb214db848d03c8dd6e95c6b96d2e8cb1786 1244 ssh_5.4p1-2_all.deb
 119ecc41350872385bc387bb9aeed093b357f4de1cce0b40f8f04ae1e670cacf 93252 ssh-krb5_5.4p1-2_all.deb
 3020b14d1683bb1ad2a1b61cb3a07ef71535f3dec86768ca29f09f2f7c636d89 100820 ssh-askpass-gnome_5.4p1-2_i386.deb
 8efbd59ee4b6b94fddd67e251b83c637df17e4a05bfb6f76699c965d268ab318 193214 openssh-client-udeb_5.4p1-2_i386.udeb
 c01a7200be37edaef85a3a85322680d2d6f2da92beb860f1c01578ba26361a49 218002 openssh-server-udeb_5.4p1-2_i386.udeb
Files: 
 4356514555f30830abcb74e1167d3539 1690 net standard openssh_5.4p1-2.dsc
 360bbaddd6801be9f97eb02d311a5ef5 234525 net standard openssh_5.4p1-2.debian.tar.gz
 767be5bb371d9f8550dff606b6375e99 876046 net standard openssh-client_5.4p1-2_i386.deb
 395055e7be48a79e4cead6c1c485ee08 297258 net optional openssh-server_5.4p1-2_i386.deb
 b55894e809be15c7af2ff2ba610dac1b 1244 net extra ssh_5.4p1-2_all.deb
 280c1c5ca100b6cb5a74f8c0c7d425c9 93252 net extra ssh-krb5_5.4p1-2_all.deb
 b1dad13e8357941454014c899e04f5d2 100820 gnome optional ssh-askpass-gnome_5.4p1-2_i386.deb
 afe3eeb8a65d31946e0a4f4fec525481 193214 debian-installer optional openssh-client-udeb_5.4p1-2_i386.udeb
 b06ae35d1c0de66a0652b2b3257aa207 218002 debian-installer optional openssh-server-udeb_5.4p1-2_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFLv8NI9t0zAhD6TNERAgSfAJsG24Xqgk8l0PyqUhhjlrZoWfLGrwCeLeTa
ToPqurN9XXN/51IdACeujhI=
=7/BA
-----END PGP SIGNATURE-----





Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:07 GMT) Full text and rfc822 format available.

Notification sent to Alessandro Razeto <eto@linux.it>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:07 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:07 GMT) Full text and rfc822 format available.

Notification sent to Peter Marschall <peter@adpm.de>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:07 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:08 GMT) Full text and rfc822 format available.

Notification sent to Luke Kenneth Casson Leighton <lkcl@lkcl.net>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:08 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:08 GMT) Full text and rfc822 format available.

Notification sent to Patrick Winnertz <winnie@debian.org>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:09 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:09 GMT) Full text and rfc822 format available.

Notification sent to Patrick Winnertz <winnie@debian.org>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:09 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:10 GMT) Full text and rfc822 format available.

Notification sent to Christoph Goehre <christoph.goehre@gmx.de>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:10 GMT) Full text and rfc822 format available.

Reply sent to Colin Watson <cjwatson@debian.org>:
You have taken responsibility. (Sat, 10 Apr 2010 00:36:10 GMT) Full text and rfc822 format available.

Notification sent to Luigi Sportelli <gigiozzz@gmail.com>:
Bug acknowledged by developer. (Sat, 10 Apr 2010 00:36:10 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 30 Jun 2010 07:33:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 20:24:25 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.