Re: [HEADS UP]: OpenSSH 7.2 to Fedora 23
On Mar 3 09:53, Jakub Jelen wrote:
> On 03/03/2016 09:31 AM, Corinna Vinschen wrote:
> >Hi Jakub,
> >
> >On Mar 2 17:48, Jakub Jelen wrote:
> >>Hi there,
> >>I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no
> >>incompatible changes except these:
> >As I reported to the openssh-unix-dev list, as well as in
> >https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23,
> >this release silently removes the /usr/bin/slogin symlink pointing to
> >/usr/bin/ssh, because upstream removed the Makefile commands creating
> >it at install time. Same for slogin.1 -> ssh.1.
> >
> >This will break lots of installations (scripts, keyboard shortcuts, etc).
> >
> >For the Cygwin distro I now added the missing rules to the spec file,
> >along the lines of
> >
> > cd ${DESTDIR}/usr/bin
> > ln -s ./ssh.exe slogin
> > cd ${DESTDIR}/usr/share/man/man1
> > ln -s ./ssh.1 slogin.1
> >
> >Please create slogin in the rpm spec file as well.
> Thanks for the notice. My bad that I thought that symlink is just ancient
> stuff from old times. I will respin update with restored symlink for Fedora
> 23.
>
> Do you think that we need to carry this symlink even to Fedora 24? Do you
> have some examples of scripts using slogin? They should probably also get
> fixed.
I'm not aware of scripts in the distro using slogin. But I'm aware of
user installations using slogin. The slogin symlink exists for 20 years
now. Just removing it is bound to break local configurations for no
good reason.
If upstream can't be bothered to keep up with slogin it's bad, but from
my POV a distro should not break user configurations if it's not a big
problem to keep them running. So, yes, I think the symlinks should be
maintained by the distros in future.
Corinna
signature.asc
Description: PGP signature
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
Re: [HEADS UP]: OpenSSH 7.2 to Fedora 23
On 03/03/2016 09:31 AM, Corinna Vinschen wrote:
Hi Jakub,
On Mar 2 17:48, Jakub Jelen wrote:
Hi there,
I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no
incompatible changes except these:
As I reported to the openssh-unix-dev list, as well as in
https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23,
this release silently removes the /usr/bin/slogin symlink pointing to
/usr/bin/ssh, because upstream removed the Makefile commands creating
it at install time. Same for slogin.1 -> ssh.1.
This will break lots of installations (scripts, keyboard shortcuts, etc).
For the Cygwin distro I now added the missing rules to the spec file,
along the lines of
cd ${DESTDIR}/usr/bin
ln -s ./ssh.exe slogin
cd ${DESTDIR}/usr/share/man/man1
ln -s ./ssh.1 slogin.1
Please create slogin in the rpm spec file as well.
Thanks for the notice. My bad that I thought that symlink is just
ancient stuff from old times. I will respin update with restored symlink
for Fedora 23.
Do you think that we need to carry this symlink even to Fedora 24? Do
you have some examples of scripts using slogin? They should probably
also get fixed.
Upstream also probably didn't see it as a big deal:
https://anongit.mindrot.org/openssh.git/commit/?id=69fead5d7cdaa73bdece9fcba80f8e8e70b90346
--
Jakub Jelen
Associate Software Engineer
Security Technologies
Red Hat
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[HEADS UP]: OpenSSH 7.2 to Fedora 23
Hi there, I just pushed openssh-7.2 update [1] into Fedora 23 testing. There are no incompatible changes except these: * the minimum modulus size supported for diffie-hellman-group-exchange was increased to 2048 bits, * several legacy cryptographic algorithms and MD5-based and truncated HMAC algorithms were disabled on client side. which might be some trouble when connecting to old systems. If you need to use some of these fancy ciphers or HMACs, you need to configure your client to use them explicitly, for example: ssh -o Ciphers=+blowfish-cbc -o MACs=+hmac-md5-96 your_host or store appropriate values to the ~/.ssh/config. SSH should now also yield reasonable messages when it was not able to negotiate particular algorithms. My tests passed and the package is already for few days in rawhide and f24, but another testing would be appreciated, especially quick check if some of your common use cases are not disturbed. And there are also some fancy features you might want to give a try such ad-hoc adding keys to ssh-agent or new keyword restrict to use in authorized_keys file [2]. Thanks for attention and have a great day, [1] https://bodhi.fedoraproject.org/updates/openssh-7.2p1-1.fc23 [2] http://www.openssh.com/txt/release-7.2 -- Jakub Jelen Security Technologies Red Hat -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
