From f3212a95425ac55b5db711e155c61d006f2a40b1 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Mon, 6 May 2024 03:33:04 +0200
Subject: Removing small diffie-hellman moduli.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/rules | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/debian/rules b/debian/rules
index 550306d..4fb3313 100755
--- a/debian/rules
+++ b/debian/rules
@@ -181,6 +181,10 @@ endif
 		debian/openssh-server/etc/ssh/moduli \
 		debian/openssh-client/etc/ssh/ssh_config
 
+	# Remove small Diffie-Hellman moduli
+	awk '$$5 >= 4095' debian/openssh-server/etc/ssh/moduli > debian/openssh-server/etc/ssh/moduli.tmp
+	mv -f debian/openssh-server/etc/ssh/moduli.tmp debian/openssh-server/etc/ssh/moduli
+
 # We'd like to use dh_install --fail-missing here, but that doesn't work
 # well in combination with dh-exec: it complains that files generated by
 # dh-exec for architecture-dependent packages aren't installed.
-- 
cgit v1.2.3