Debian Bug report logs - #686849
unblock: openssh/1:6.0p1-3

Package: release.debian.org; Maintainer for release.debian.org is Debian Release Team <debian-release@lists.debian.org>;

Reported by: Colin Watson <cjwatson@debian.org>

Date: Thu, 6 Sep 2012 17:33:04 UTC

Severity: normal

Done: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#686849; Package release.debian.org. (Thu, 06 Sep 2012 17:33:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Colin Watson <cjwatson@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Thu, 06 Sep 2012 17:33:06 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Colin Watson <cjwatson@debian.org>
To: submit@bugs.debian.org
Subject: unblock: openssh/1:6.0p1-3
Date: Thu, 6 Sep 2012 18:31:10 +0100
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

This is just a couple of simple bug-fixes and a translation update.  It
should be safe for wheezy.

diff -Nru openssh-6.0p1/debian/changelog openssh-6.0p1/debian/changelog
--- openssh-6.0p1/debian/changelog	2012-06-24 12:16:07.000000000 +0100
+++ openssh-6.0p1/debian/changelog	2012-08-24 06:55:38.000000000 +0100
@@ -1,3 +1,14 @@
+openssh (1:6.0p1-3) unstable; urgency=low
+
+  * debconf template translations:
+    - Add Indonesian (thanks, Andika Triwidada; closes: #681670).
+  * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
+    SELinux policies require this (closes: #658675).
+  * Add ncurses-term to openssh-server's Recommends, since it's often needed
+    to support unusual terminal emulators on clients (closes: #675362).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 24 Aug 2012 06:55:36 +0100
+
 openssh (1:6.0p1-2) unstable; urgency=low
 
   * Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
diff -Nru openssh-6.0p1/debian/control openssh-6.0p1/debian/control
--- openssh-6.0p1/debian/control	2012-06-24 02:40:37.000000000 +0100
+++ openssh-6.0p1/debian/control	2012-08-24 06:53:44.000000000 +0100
@@ -45,7 +45,7 @@
 Priority: optional
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), procps
-Recommends: xauth, openssh-blacklist, openssh-blacklist-extra, ${openssh-server:Recommends}
+Recommends: xauth, ncurses-term, openssh-blacklist, openssh-blacklist-extra, ${openssh-server:Recommends}
 Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
 Suggests: ssh-askpass, rssh, molly-guard, ufw, monkeysphere
diff -Nru openssh-6.0p1/debian/patches/copy-id-restorecon.patch openssh-6.0p1/debian/patches/copy-id-restorecon.patch
--- openssh-6.0p1/debian/patches/copy-id-restorecon.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.0p1/debian/patches/copy-id-restorecon.patch	2012-08-24 06:44:27.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Call restorecon on copied ~/.ssh/authorized_keys if possible
+Author: Tomas Mraz <tmraz@fedoraproject.org>
+Bug-Debian: http://bugs.debian.org/658675
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989
+Last-Update: 2012-08-24
+
+Index: b/contrib/ssh-copy-id
+===================================================================
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -41,7 +41,7 @@
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+ 
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+ 
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
diff -Nru openssh-6.0p1/debian/patches/series openssh-6.0p1/debian/patches/series
--- openssh-6.0p1/debian/patches/series	2012-05-26 01:41:30.000000000 +0100
+++ openssh-6.0p1/debian/patches/series	2012-08-24 06:47:59.000000000 +0100
@@ -3,6 +3,7 @@
 
 # SELinux
 selinux-role.patch
+copy-id-restorecon.patch
 
 # Key blacklisting
 ssh-vulnkey.patch
diff -Nru openssh-6.0p1/debian/po/id.po openssh-6.0p1/debian/po/id.po
--- openssh-6.0p1/debian/po/id.po	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.0p1/debian/po/id.po	2012-07-16 11:42:52.000000000 +0100
@@ -0,0 +1,163 @@
+# openssh debconf translation into Indonesian
+# Copyright (C) 2012 THE openssh'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the OpenSSH package.
+# Andika Triwidada <andika@gmail.com>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openssh debconf 1-6.0p1-2\n"
+"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
+"POT-Creation-Date: 2010-01-02 08:55+0000\n"
+"PO-Revision-Date: 2012-07-15 18:29+0700\n"
+"Last-Translator: Andika Triwidada <andika@gmail.com>\n"
+"Language-Team: Indonesian <id@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Indonesian\n"
+"X-Poedit-Country: INDONESIA\n"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid "Do you want to risk killing active SSH sessions?"
+msgstr "Apakah Anda mau menanggung resiko mematikan sesi SSH aktif?"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid ""
+"The currently installed version of /etc/init.d/ssh is likely to kill all "
+"running sshd instances. If you are doing this upgrade via an SSH session, "
+"you're likely to be disconnected and leave the upgrade procedure unfinished."
+msgstr ""
+"Versi /etc/init.d/ssh yang kini terpasang mungkin akan mematikan semua "
+"instansi sshd yang berjalan. Bila Anda melakukan upgrade ini melalui sesi "
+"SSH, Anda mungkin akan diputus dan meninggalkan prosedur upgrade tak "
+"terselesaikan."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid ""
+"This can be fixed by manually adding \"--pidfile /var/run/sshd.pid\" to the "
+"start-stop-daemon line in the stop section of the file."
+msgstr ""
+"Ini dapat diperbaiki secara manual dengan menambahkan \"--pidfile /var/run/"
+"sshd.pid\" ke baris start-stop-daemon pada bagian stop dari berkas."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid "New host key mandatory"
+msgstr "Kunci host baru wajib"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid ""
+"The current host key, in /etc/ssh/ssh_host_key, is encrypted with the IDEA "
+"algorithm. OpenSSH can not handle this host key file, and the ssh-keygen "
+"utility from the old (non-free) SSH installation does not appear to be "
+"available."
+msgstr ""
+"Kunci host saat ini, dalam /etc/ssh/ssh_host_key, dienkripsi memakai "
+"algoritma IDEA. OpenSSH tak bisa menangani berkas kunci host ini, dan "
+"utilitas ssh-keygen dari instalasi SSH lama (non-free) sepertinya tak "
+"tersedia."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid "You need to manually generate a new host key."
+msgstr "Anda perlu membuat kunci host baru secara manual."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid "Disable challenge-response authentication?"
+msgstr "Nonaktifkan otentikasi challenge-response?"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid ""
+"Password authentication appears to be disabled in the current OpenSSH server "
+"configuration. In order to prevent users from logging in using passwords "
+"(perhaps using only public key authentication instead) with recent versions "
+"of OpenSSH, you must disable challenge-response authentication, or else "
+"ensure that your PAM configuration does not allow Unix password file "
+"authentication."
+msgstr ""
+"Otentikasi sandi nampaknya dinonaktifkan dalam konfigurasi server OpenSSH "
+"saat ini. Untuk mencegah pengguna log masuk memakai sandi (mungkin "
+"digantikan hanya dengan memakai otentikasi kunci publik) dengan versi "
+"OpenSSH terkini, Anda mesti menonaktifkan otentikasi challenge-response, "
+"atau bisa juga dengan memastikan bahwa konfigurasi PAM Anda tak mengijinkan "
+"otentikasi berkas sandi Unix."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid ""
+"If you disable challenge-response authentication, then users will not be "
+"able to log in using passwords. If you leave it enabled (the default "
+"answer), then the 'PasswordAuthentication no' option will have no useful "
+"effect unless you also adjust your PAM configuration in /etc/pam.d/ssh."
+msgstr ""
+"Bila Anda menonaktifkan otentikasi challenge-response, maka pengguna tak "
+"akan bisa log masuk memakai sandi. Bila Anda membiarkannya aktif (jawaban "
+"baku), maka opsi 'PasswordAuthentication no' tak akan memiliki efek yang "
+"berguna kecuali Anda juga mengubah konfigurasi PAM Anda dalam /etc/pam.d/ssh."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid "Vulnerable host keys will be regenerated"
+msgstr "Kunci host yang vulnerable akan dibuat ulang"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"Some of the OpenSSH server host keys on this system were generated with a "
+"version of OpenSSL that had a broken random number generator. As a result, "
+"these host keys are from a well-known set, are subject to brute-force "
+"attacks, and must be regenerated."
+msgstr ""
+"Beberapa kunci host server OpenSSH pada sistem ini dibuat dengan versi "
+"OpenSSH yang memiliki pembangkit bilangan acak yang rusak. Akibatnya, kunci "
+"host ini berasal dari set yang dikenal luas, berresiko terhadap serangan "
+"brute-force, dan mesti dibuat ulang."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"Users of this system should be informed of this change, as they will be "
+"prompted about the host key change the next time they log in. Use 'ssh-"
+"keygen -l -f HOST_KEY_FILE' after the upgrade to print the fingerprints of "
+"the new host keys."
+msgstr ""
+"Pengguna sistem ini mesti diberitahu atas perubahan ini, karena mereka akan "
+"ditanyai tentang perubahan kunci host saat berikutnya mereka log masuk. "
+"Gunakan 'ssh-keygen -l -f HOST_KEY_FILE' setelah upgrade untuk mencetak "
+"sidik jari dari kunci host baru."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid "The affected host keys are:"
+msgstr "Kunci host yang terpengaruh adalah:"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"User keys may also be affected by this problem. The 'ssh-vulnkey' command "
+"may be used as a partial test for this. See /usr/share/doc/openssh-server/"
+"README.compromised-keys.gz for more details."
+msgstr ""
+"Kunci pengguna mungkin juga terpengaruh oleh masalah ini. Perintah 'ssh-"
+"vulnkey' dapat dipakai sebagai uji parsial untuk ini. Lihat /usr/share/doc/"
+"openssh-server/README.compromised-keys.gz untuk rincian lebih lanjut."

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]



Information forwarded to debian-bugs-dist@lists.debian.org, Debian Release Team <debian-release@lists.debian.org>:
Bug#686849; Package release.debian.org. (Sat, 08 Sep 2012 20:33:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian Release Team <debian-release@lists.debian.org>. (Sat, 08 Sep 2012 20:33:03 GMT) Full text and rfc822 format available.

Message #10 received at 686849@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: Colin Watson <cjwatson@debian.org>, 686849@bugs.debian.org
Subject: Re: Bug#686849: unblock: openssh/1:6.0p1-3
Date: Sat, 08 Sep 2012 21:30:24 +0100
On Thu, 2012-09-06 at 18:31 +0100, Colin Watson wrote:
> This is just a couple of simple bug-fixes and a translation update.  It
> should be safe for wheezy.

The changes look okay to me; thanks.  As d-i beta2 image preparation is
currently underway, I'm holding off on the unblock until that's been
completed.

Regards,

Adam




Reply sent to "Adam D. Barratt" <adam@adam-barratt.org.uk>:
You have taken responsibility. (Sun, 09 Sep 2012 14:51:08 GMT) Full text and rfc822 format available.

Notification sent to Colin Watson <cjwatson@debian.org>:
Bug acknowledged by developer. (Sun, 09 Sep 2012 14:51:08 GMT) Full text and rfc822 format available.

Message #15 received at 686849-done@bugs.debian.org (full text, mbox):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
To: 686849-done@bugs.debian.org
Cc: Colin Watson <cjwatson@debian.org>
Subject: Re: Bug#686849: unblock: openssh/1:6.0p1-3
Date: Sun, 09 Sep 2012 15:46:32 +0100
On Sat, 2012-09-08 at 21:30 +0100, Adam D. Barratt wrote:
> On Thu, 2012-09-06 at 18:31 +0100, Colin Watson wrote:
> > This is just a couple of simple bug-fixes and a translation update.  It
> > should be safe for wheezy.
> 
> The changes look okay to me; thanks.  As d-i beta2 image preparation is
> currently underway, I'm holding off on the unblock until that's been
> completed.

Now that beta2's out, unblocked; thanks.

Regards,

Adam




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 08 Oct 2012 07:26:49 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Mon Apr 21 06:56:23 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.