Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 941255 - net-misc/openssh-9.8: optionally support DSA keys
Summary: net-misc/openssh-9.8: optionally support DSA keys
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo's Team for Core System packages
URL:
Whiteboard:
Keywords: PATCH
Depends on:
Blocks: 940250
  Show dependency tree
 
Reported: 2024-10-11 01:04 UTC by Patrice Levesque
Modified: 2024-10-29 01:08 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Add dsa-keys USE flag. (openssh-9.8_p1-r2.ebuild.patch,1.13 KB, patch)
2024-10-11 01:04 UTC, Patrice Levesque
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Patrice Levesque 2024-10-11 01:04:22 UTC
Created attachment 905159 [details, diff]
Add dsa-keys USE flag.

As of OpenSSH 9.8, DSA keys support is enabled via an optional compile flag.

Even though DSA keys are being phased out and are expected to be completely removed from OpenSSH in early 2025, some people still connect to old servers.

It's only a matter of adding `--enable-dsa-keys` to `configure`, as described in https://www.openssh.com/releasenotes.html

Attaching a trivial patch to current `=net-libs/openssh-9.8_p1-r2` that adds a `dsa-keys` use flag.
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-10-11 01:05:19 UTC
Yeah, I was planning on doing this before and didn't end up forgetting. I think it's reasonable.
Comment 2 Larry the Git Cow gentoo-dev 2024-10-29 01:06:36 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0147b4dd59f9f653bada12ce3474c54df49030ad

commit 0147b4dd59f9f653bada12ce3474c54df49030ad
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-10-29 00:59:32 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-10-29 01:06:01 +0000

    net-misc/openssh: add 9.9_p1
    
    * Add a patch from master for slow X forwarding (bug #929191) with
      the default-on ObscureKeystrokeTiming feature.
    
    * Pull in various patches from upstream's stable branch (V_9_9) and
      add a note to the ebuild about checking it, see
      https://marc.info/?l=openssh-unix-dev&m=172723798122122&w=2.
    
    * Add USE=legacy-ciphers (bug #941255) to support DSA keys. I'll probably
      backport this to 9.8 too.
    
    Bug: https://bugs.gentoo.org/929191
    Closes: https://bugs.gentoo.org/940250
    Closes: https://bugs.gentoo.org/941255
    Signed-off-by: Sam James <sam@gentoo.org>

 net-misc/openssh/Manifest                          |   2 +
 .../files/9.9_p1/0001-fix-utmpx-ifdef.patch        |  39 ++
 ...build-construct_utmp-when-USE_BTMP-is-set.patch |  40 ++
 .../9.9_p1/0003-gss-serv.c-needs-sys-param.h.patch |  30 ++
 ...x-regression-introduced-when-I-switched-t.patch | 296 ++++++++++++++
 ...x-previous-change-to-ssh_config-Match-whi.patch |  70 ++++
 ...x-ML-KEM768x25519-KEX-on-big-endian-syste.patch |  99 +++++
 ...0007-upstream-explicitly-include-endian.h.patch |  37 ++
 ...-htole64-etc-for-systems-without-endian.h.patch |  66 +++
 .../files/openssh-9.9_p1-x-forwarding-slow.patch   |  66 +++
 net-misc/openssh/metadata.xml                      |   5 +
 net-misc/openssh/openssh-9.9_p1.ebuild             | 442 +++++++++++++++++++++
 12 files changed, 1192 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2024-10-29 01:08:57 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bc6963031680ce2ceae0e2c66e47fcf3b380e938

commit bc6963031680ce2ceae0e2c66e47fcf3b380e938
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2024-10-29 01:08:06 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2024-10-29 01:08:06 +0000

    net-misc/openssh: backport USE=legacy-ciphers for DSA to 9.8_p1-r3
    
    Closes: https://bugs.gentoo.org/941255
    Signed-off-by: Sam James <sam@gentoo.org>

 net-misc/openssh/openssh-9.8_p1-r3.ebuild | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)