[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#686849: marked as done (unblock: openssh/1:6.0p1-3)

Your message dated Sun, 09 Sep 2012 15:46:32 +0100
with message-id <1347201992.8753.86.camel@jacala.jungle.funky-badger.org>
and subject line Re: Bug#686849: unblock: openssh/1:6.0p1-3
has caused the Debian Bug report #686849,
regarding unblock: openssh/1:6.0p1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
686849: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686849
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

This is just a couple of simple bug-fixes and a translation update.  It
should be safe for wheezy.

diff -Nru openssh-6.0p1/debian/changelog openssh-6.0p1/debian/changelog
--- openssh-6.0p1/debian/changelog	2012-06-24 12:16:07.000000000 +0100
+++ openssh-6.0p1/debian/changelog	2012-08-24 06:55:38.000000000 +0100
@@ -1,3 +1,14 @@
+openssh (1:6.0p1-3) unstable; urgency=low
+
+  * debconf template translations:
+    - Add Indonesian (thanks, Andika Triwidada; closes: #681670).
+  * Call restorecon on copied ~/.ssh/authorized_keys if possible, since some
+    SELinux policies require this (closes: #658675).
+  * Add ncurses-term to openssh-server's Recommends, since it's often needed
+    to support unusual terminal emulators on clients (closes: #675362).
+
+ -- Colin Watson <cjwatson@debian.org>  Fri, 24 Aug 2012 06:55:36 +0100
+
 openssh (1:6.0p1-2) unstable; urgency=low
 
   * Tighten libssl1.0.0 and libcrypto1.0.0-udeb dependencies to the current
diff -Nru openssh-6.0p1/debian/control openssh-6.0p1/debian/control
--- openssh-6.0p1/debian/control	2012-06-24 02:40:37.000000000 +0100
+++ openssh-6.0p1/debian/control	2012-08-24 06:53:44.000000000 +0100
@@ -45,7 +45,7 @@
 Priority: optional
 Architecture: any
 Depends: ${shlibs:Depends}, ${misc:Depends}, debconf (>= 1.2.0) | debconf-2.0, libpam-runtime (>= 0.76-14), libpam-modules (>= 0.72-9), adduser (>= 3.9), dpkg (>= 1.9.0), openssh-client (= ${binary:Version}), lsb-base (>= 3.2-13), procps
-Recommends: xauth, openssh-blacklist, openssh-blacklist-extra, ${openssh-server:Recommends}
+Recommends: xauth, ncurses-term, openssh-blacklist, openssh-blacklist-extra, ${openssh-server:Recommends}
 Conflicts: ssh (<< 1:3.8.1p1-9), ssh-nonfree (<<2), ssh-socks, ssh2, sftp, rsh-client (<<0.16.1-1), ssh-krb5 (<< 1:4.3p2-7)
 Replaces: ssh, openssh-client (<< 1:3.8.1p1-11), ssh-krb5
 Suggests: ssh-askpass, rssh, molly-guard, ufw, monkeysphere
diff -Nru openssh-6.0p1/debian/patches/copy-id-restorecon.patch openssh-6.0p1/debian/patches/copy-id-restorecon.patch
--- openssh-6.0p1/debian/patches/copy-id-restorecon.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.0p1/debian/patches/copy-id-restorecon.patch	2012-08-24 06:44:27.000000000 +0100
@@ -0,0 +1,19 @@
+Description: Call restorecon on copied ~/.ssh/authorized_keys if possible
+Author: Tomas Mraz <tmraz@fedoraproject.org>
+Bug-Debian: http://bugs.debian.org/658675
+Bug-Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=739989
+Last-Update: 2012-08-24
+
+Index: b/contrib/ssh-copy-id
+===================================================================
+--- a/contrib/ssh-copy-id
++++ b/contrib/ssh-copy-id
+@@ -41,7 +41,7 @@
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
+ 
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys && (test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys >/dev/null 2>&1 || true)" || exit 1
+ 
+ cat <<EOF
+ Now try logging into the machine, with "ssh '$host'", and check in:
diff -Nru openssh-6.0p1/debian/patches/series openssh-6.0p1/debian/patches/series
--- openssh-6.0p1/debian/patches/series	2012-05-26 01:41:30.000000000 +0100
+++ openssh-6.0p1/debian/patches/series	2012-08-24 06:47:59.000000000 +0100
@@ -3,6 +3,7 @@
 
 # SELinux
 selinux-role.patch
+copy-id-restorecon.patch
 
 # Key blacklisting
 ssh-vulnkey.patch
diff -Nru openssh-6.0p1/debian/po/id.po openssh-6.0p1/debian/po/id.po
--- openssh-6.0p1/debian/po/id.po	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.0p1/debian/po/id.po	2012-07-16 11:42:52.000000000 +0100
@@ -0,0 +1,163 @@
+# openssh debconf translation into Indonesian
+# Copyright (C) 2012 THE openssh'S COPYRIGHT HOLDER
+# This file is distributed under the same license as the OpenSSH package.
+# Andika Triwidada <andika@gmail.com>, 2012.
+#
+msgid ""
+msgstr ""
+"Project-Id-Version: openssh debconf 1-6.0p1-2\n"
+"Report-Msgid-Bugs-To: openssh@packages.debian.org\n"
+"POT-Creation-Date: 2010-01-02 08:55+0000\n"
+"PO-Revision-Date: 2012-07-15 18:29+0700\n"
+"Last-Translator: Andika Triwidada <andika@gmail.com>\n"
+"Language-Team: Indonesian <id@li.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=UTF-8\n"
+"Content-Transfer-Encoding: 8bit\n"
+"X-Poedit-Language: Indonesian\n"
+"X-Poedit-Country: INDONESIA\n"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid "Do you want to risk killing active SSH sessions?"
+msgstr "Apakah Anda mau menanggung resiko mematikan sesi SSH aktif?"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid ""
+"The currently installed version of /etc/init.d/ssh is likely to kill all "
+"running sshd instances. If you are doing this upgrade via an SSH session, "
+"you're likely to be disconnected and leave the upgrade procedure unfinished."
+msgstr ""
+"Versi /etc/init.d/ssh yang kini terpasang mungkin akan mematikan semua "
+"instansi sshd yang berjalan. Bila Anda melakukan upgrade ini melalui sesi "
+"SSH, Anda mungkin akan diputus dan meninggalkan prosedur upgrade tak "
+"terselesaikan."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:1001
+msgid ""
+"This can be fixed by manually adding \"--pidfile /var/run/sshd.pid\" to the "
+"start-stop-daemon line in the stop section of the file."
+msgstr ""
+"Ini dapat diperbaiki secara manual dengan menambahkan \"--pidfile /var/run/"
+"sshd.pid\" ke baris start-stop-daemon pada bagian stop dari berkas."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid "New host key mandatory"
+msgstr "Kunci host baru wajib"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid ""
+"The current host key, in /etc/ssh/ssh_host_key, is encrypted with the IDEA "
+"algorithm. OpenSSH can not handle this host key file, and the ssh-keygen "
+"utility from the old (non-free) SSH installation does not appear to be "
+"available."
+msgstr ""
+"Kunci host saat ini, dalam /etc/ssh/ssh_host_key, dienkripsi memakai "
+"algoritma IDEA. OpenSSH tak bisa menangani berkas kunci host ini, dan "
+"utilitas ssh-keygen dari instalasi SSH lama (non-free) sepertinya tak "
+"tersedia."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:2001
+msgid "You need to manually generate a new host key."
+msgstr "Anda perlu membuat kunci host baru secara manual."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid "Disable challenge-response authentication?"
+msgstr "Nonaktifkan otentikasi challenge-response?"
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid ""
+"Password authentication appears to be disabled in the current OpenSSH server "
+"configuration. In order to prevent users from logging in using passwords "
+"(perhaps using only public key authentication instead) with recent versions "
+"of OpenSSH, you must disable challenge-response authentication, or else "
+"ensure that your PAM configuration does not allow Unix password file "
+"authentication."
+msgstr ""
+"Otentikasi sandi nampaknya dinonaktifkan dalam konfigurasi server OpenSSH "
+"saat ini. Untuk mencegah pengguna log masuk memakai sandi (mungkin "
+"digantikan hanya dengan memakai otentikasi kunci publik) dengan versi "
+"OpenSSH terkini, Anda mesti menonaktifkan otentikasi challenge-response, "
+"atau bisa juga dengan memastikan bahwa konfigurasi PAM Anda tak mengijinkan "
+"otentikasi berkas sandi Unix."
+
+#. Type: boolean
+#. Description
+#: ../openssh-server.templates:3001
+msgid ""
+"If you disable challenge-response authentication, then users will not be "
+"able to log in using passwords. If you leave it enabled (the default "
+"answer), then the 'PasswordAuthentication no' option will have no useful "
+"effect unless you also adjust your PAM configuration in /etc/pam.d/ssh."
+msgstr ""
+"Bila Anda menonaktifkan otentikasi challenge-response, maka pengguna tak "
+"akan bisa log masuk memakai sandi. Bila Anda membiarkannya aktif (jawaban "
+"baku), maka opsi 'PasswordAuthentication no' tak akan memiliki efek yang "
+"berguna kecuali Anda juga mengubah konfigurasi PAM Anda dalam /etc/pam.d/ssh."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid "Vulnerable host keys will be regenerated"
+msgstr "Kunci host yang vulnerable akan dibuat ulang"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"Some of the OpenSSH server host keys on this system were generated with a "
+"version of OpenSSL that had a broken random number generator. As a result, "
+"these host keys are from a well-known set, are subject to brute-force "
+"attacks, and must be regenerated."
+msgstr ""
+"Beberapa kunci host server OpenSSH pada sistem ini dibuat dengan versi "
+"OpenSSH yang memiliki pembangkit bilangan acak yang rusak. Akibatnya, kunci "
+"host ini berasal dari set yang dikenal luas, berresiko terhadap serangan "
+"brute-force, dan mesti dibuat ulang."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"Users of this system should be informed of this change, as they will be "
+"prompted about the host key change the next time they log in. Use 'ssh-"
+"keygen -l -f HOST_KEY_FILE' after the upgrade to print the fingerprints of "
+"the new host keys."
+msgstr ""
+"Pengguna sistem ini mesti diberitahu atas perubahan ini, karena mereka akan "
+"ditanyai tentang perubahan kunci host saat berikutnya mereka log masuk. "
+"Gunakan 'ssh-keygen -l -f HOST_KEY_FILE' setelah upgrade untuk mencetak "
+"sidik jari dari kunci host baru."
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid "The affected host keys are:"
+msgstr "Kunci host yang terpengaruh adalah:"
+
+#. Type: note
+#. Description
+#: ../openssh-server.templates:4001
+msgid ""
+"User keys may also be affected by this problem. The 'ssh-vulnkey' command "
+"may be used as a partial test for this. See /usr/share/doc/openssh-server/"
+"README.compromised-keys.gz for more details."
+msgstr ""
+"Kunci pengguna mungkin juga terpengaruh oleh masalah ini. Perintah 'ssh-"
+"vulnkey' dapat dipakai sebagai uji parsial untuk ini. Lihat /usr/share/doc/"
+"openssh-server/README.compromised-keys.gz untuk rincian lebih lanjut."

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---
--- Begin Message --- 
On Sat, 2012-09-08 at 21:30 +0100, Adam D. Barratt wrote:
> On Thu, 2012-09-06 at 18:31 +0100, Colin Watson wrote:
> > This is just a couple of simple bug-fixes and a translation update.  It
> > should be safe for wheezy.
> 
> The changes look okay to me; thanks.  As d-i beta2 image preparation is
> currently underway, I'm holding off on the unblock until that's been
> completed.

Now that beta2's out, unblocked; thanks.

Regards,

Adam

--- End Message ---
Reply to: