Bug#686849: unblock: openssh/1:6.0p1-3

To: submit@bugs.debian.org
Subject: Bug#686849: unblock: openssh/1:6.0p1-3
From: Colin Watson <cjwatson@debian.org>
Date: Thu, 6 Sep 2012 18:31:10 +0100
Message-id: <[🔎] 20120906173110.GW8052@riva.dynamic.greenend.org.uk>
Reply-to: Colin Watson <cjwatson@debian.org>, 686849@bugs.debian.org
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

This is just a couple of simple bug-fixes and a translation update.  It
should be safe for wheezy.

diff -Nru openssh-6.0p1/debian/changelog openssh-6.0p1/debian/changelog
--- openssh-6.0p1/debian/changelog	2012-06-24 12:16:07.000000000 +0100
+++ openssh-6.0p1/debian/changelog	2012-08-24 06:55:38.000000000 +0100
@@ -1,3 +1,14 @@
+openssh (1:6.0p1-3) unstable; urgency=low
+
+  * debconf template translations:
+    - Add Indonesian (thanks, Andika Triwidada; closes: #681670).
+  * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
+    SELinux policies require this (closes: #658675).
+  * Add ncurses-term to openssh-server's Recommends, since it's often needed
+    to support unusual terminal emulators on clients (closes: #675362).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 24 Aug 2012 06:55:36 +0100
+
 openssh (1:6.0p1-2) unstable; urgency=low
 
   * Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
diff -Nru openssh-6.0p1/debian/control openssh-6.0p1/debian/control
--- openssh-6.0p1/debian/control	2012-06-24 02:40:37.000000000 +0100
+++ openssh-6.0p1/debian/control	2012-08-24 06:53:44.000000000 +0100
@@ -45,7 +45,7 @@
 Priority: optional
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), procps
-Recommends: xauth, openssh-blacklist, openssh-blacklist-extra, ${openssh-server:Recommends}
+Recommends: xauth, ncurses-term, openssh-blacklist, openssh-blacklist-extra, ${openssh-server:Recommends}
 Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
 Suggests: ssh-askpass, rssh, molly-guard, ufw, monkeysphere
diff -Nru openssh-6.0p1/debian/patches/copy-id-restorecon.patch openssh-6.0p1/debian/patches/copy-id-restorecon.patch
--- openssh-6.0p1/debian/patches/copy-id-restorecon.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.0p1/debian/patches/copy-id-restorecon.patch	2012-08-24 06:44:27.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Call restorecon on copied ~/.ssh/authorized_keys if possible
+Author: Tomas Mraz <tmraz@fedoraproject.org>
+Bug-Debian: http://bugs.debian.org/658675
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989
+Last-Update: 2012-08-24
+
+Index: b/contrib/ssh-copy-id
+===================================================================
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -41,7 +41,7 @@
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+ 
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+ 
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
diff -Nru openssh-6.0p1/debian/patches/series openssh-6.0p1/debian/patches/series
--- openssh-6.0p1/debian/patches/series	2012-05-26 01:41:30.000000000 +0100
+++ openssh-6.0p1/debian/patches/series	2012-08-24 06:47:59.000000000 +0100
@@ -3,6 +3,7 @@
 
 # SELinux
 selinux-role.patch
+copy-id-restorecon.patch
 
 # Key blacklisting
 ssh-vulnkey.patch
diff -Nru openssh-6.0p1/debian/po/id.po openssh-6.0p1/debian/po/id.po
--- openssh-6.0p1/debian/po/id.po	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.0p1/debian/po/id.po	2012-07-16 11:42:52.000000000 +0100
@@ -0,0 +1,163 @@
+# openssh debconf translation into Indonesian
+# Copyright (C) 2012 THE openssh'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the OpenSSH package.
+# Andika Triwidada <andika@gmail.com>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openssh debconf 1-6.0p1-2\n"
+"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
+"POT-Creation-Date: 2010-01-02 08:55+0000\n"
+"PO-Revision-Date: 2012-07-15 18:29+0700\n"
+"Last-Translator: Andika Triwidada <andika@gmail.com>\n"
+"Language-Team: Indonesian <id@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Indonesian\n"
+"X-Poedit-Country: INDONESIA\n"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid "Do you want to risk killing active SSH sessions?"
+msgstr "Apakah Anda mau menanggung resiko mematikan sesi SSH aktif?"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid ""
+"The currently installed version of /etc/init.d/ssh is likely to kill all "
+"running sshd instances. If you are doing this upgrade via an SSH session, "
+"you're likely to be disconnected and leave the upgrade procedure unfinished."
+msgstr ""
+"Versi /etc/init.d/ssh yang kini terpasang mungkin akan mematikan semua "
+"instansi sshd yang berjalan. Bila Anda melakukan upgrade ini melalui sesi "
+"SSH, Anda mungkin akan diputus dan meninggalkan prosedur upgrade tak "
+"terselesaikan."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid ""
+"This can be fixed by manually adding \"--pidfile /var/run/sshd.pid\" to the "
+"start-stop-daemon line in the stop section of the file."
+msgstr ""
+"Ini dapat diperbaiki secara manual dengan menambahkan \"--pidfile /var/run/"
+"sshd.pid\" ke baris start-stop-daemon pada bagian stop dari berkas."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid "New host key mandatory"
+msgstr "Kunci host baru wajib"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid ""
+"The current host key, in /etc/ssh/ssh_host_key, is encrypted with the IDEA "
+"algorithm. OpenSSH can not handle this host key file, and the ssh-keygen "
+"utility from the old (non-free) SSH installation does not appear to be "
+"available."
+msgstr ""
+"Kunci host saat ini, dalam /etc/ssh/ssh_host_key, dienkripsi memakai "
+"algoritma IDEA. OpenSSH tak bisa menangani berkas kunci host ini, dan "
+"utilitas ssh-keygen dari instalasi SSH lama (non-free) sepertinya tak "
+"tersedia."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid "You need to manually generate a new host key."
+msgstr "Anda perlu membuat kunci host baru secara manual."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid "Disable challenge-response authentication?"
+msgstr "Nonaktifkan otentikasi challenge-response?"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid ""
+"Password authentication appears to be disabled in the current OpenSSH server "
+"configuration. In order to prevent users from logging in using passwords "
+"(perhaps using only public key authentication instead) with recent versions "
+"of OpenSSH, you must disable challenge-response authentication, or else "
+"ensure that your PAM configuration does not allow Unix password file "
+"authentication."
+msgstr ""
+"Otentikasi sandi nampaknya dinonaktifkan dalam konfigurasi server OpenSSH "
+"saat ini. Untuk mencegah pengguna log masuk memakai sandi (mungkin "
+"digantikan hanya dengan memakai otentikasi kunci publik) dengan versi "
+"OpenSSH terkini, Anda mesti menonaktifkan otentikasi challenge-response, "
+"atau bisa juga dengan memastikan bahwa konfigurasi PAM Anda tak mengijinkan "
+"otentikasi berkas sandi Unix."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid ""
+"If you disable challenge-response authentication, then users will not be "
+"able to log in using passwords. If you leave it enabled (the default "
+"answer), then the 'PasswordAuthentication no' option will have no useful "
+"effect unless you also adjust your PAM configuration in /etc/pam.d/ssh."
+msgstr ""
+"Bila Anda menonaktifkan otentikasi challenge-response, maka pengguna tak "
+"akan bisa log masuk memakai sandi. Bila Anda membiarkannya aktif (jawaban "
+"baku), maka opsi 'PasswordAuthentication no' tak akan memiliki efek yang "
+"berguna kecuali Anda juga mengubah konfigurasi PAM Anda dalam /etc/pam.d/ssh."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid "Vulnerable host keys will be regenerated"
+msgstr "Kunci host yang vulnerable akan dibuat ulang"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"Some of the OpenSSH server host keys on this system were generated with a "
+"version of OpenSSL that had a broken random number generator. As a result, "
+"these host keys are from a well-known set, are subject to brute-force "
+"attacks, and must be regenerated."
+msgstr ""
+"Beberapa kunci host server OpenSSH pada sistem ini dibuat dengan versi "
+"OpenSSH yang memiliki pembangkit bilangan acak yang rusak. Akibatnya, kunci "
+"host ini berasal dari set yang dikenal luas, berresiko terhadap serangan "
+"brute-force, dan mesti dibuat ulang."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"Users of this system should be informed of this change, as they will be "
+"prompted about the host key change the next time they log in. Use 'ssh-"
+"keygen -l -f HOST_KEY_FILE' after the upgrade to print the fingerprints of "
+"the new host keys."
+msgstr ""
+"Pengguna sistem ini mesti diberitahu atas perubahan ini, karena mereka akan "
+"ditanyai tentang perubahan kunci host saat berikutnya mereka log masuk. "
+"Gunakan 'ssh-keygen -l -f HOST_KEY_FILE' setelah upgrade untuk mencetak "
+"sidik jari dari kunci host baru."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid "The affected host keys are:"
+msgstr "Kunci host yang terpengaruh adalah:"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"User keys may also be affected by this problem. The 'ssh-vulnkey' command "
+"may be used as a partial test for this. See /usr/share/doc/openssh-server/"
+"README.compromised-keys.gz for more details."
+msgstr ""
+"Kunci pengguna mungkin juga terpengaruh oleh masalah ini. Perintah 'ssh-"
+"vulnkey' dapat dipakai sebagai uji parsial untuk ini. Lihat /usr/share/doc/"
+"openssh-server/README.compromised-keys.gz untuk rincian lebih lanjut."

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to:
Follow-Ups:
- Bug#686849: unblock: openssh/1:6.0p1-3
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Bug#686849: marked as done (unblock: openssh/1:6.0p1-3)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
Prev by Date: Re: Bug#678227: Bug#641967: Apt downloads all description translations
Next by Date: Bug#686852: unblock: trn4/4.0-test77-6
Previous by thread: Re: Bug#678227: Bug#641967: Apt downloads all description translations
Next by thread: Bug#686849: unblock: openssh/1:6.0p1-3
Index(es):
- Date
- Thread