File 3111-ssh-Disable-ssh-dss-by-default.patch of Package erlang

From 725dad5605830b3a84407c2e8aa7c2ab30506980 Mon Sep 17 00:00:00 2001
From: Hans Nilsson <hans@erlang.org>
Date: Tue, 17 Mar 2020 15:07:29 +0100
Subject: [PATCH] ssh: Disable 'ssh-dss' by default

---
 lib/ssh/doc/src/ssh_app.xml                 | 10 +++++++++-
 lib/ssh/src/ssh_transport.erl               | 10 ++++++++--
 system/doc/general_info/deprecations_23.inc |  5 +++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml
index 6e8fedab9a..2e16ce43bb 100644
--- a/lib/ssh/doc/src/ssh_app.xml
+++ b/lib/ssh/doc/src/ssh_app.xml
@@ -184,8 +184,16 @@
 	  <item>rsa-sha2-256</item>
 	  <item>rsa-sha2-512</item>
 	  <item>ssh-rsa</item>
-	  <item>ssh-dss</item>
 	</list>
+	<p>The following unsecure <c>sha1</c> algorithm is now disabled by default:</p>
+	<list>
+	  <item>(ssh-dss)</item>
+	</list>
+	<p>It can be enabled with the 
+	<seealso marker="ssh:ssh#type-preferred_algorithms_common_option">preferred_algorithms</seealso>
+	or
+	<seealso marker="ssh:ssh#type-modify_algorithms_common_option">modify_algorithms</seealso>
+	options.  Use for example the Option value <c>{modify_algorithms, [{append, [{public_key,['ssh-dss']}]}]}</c>)</p>
       </item>
 
       <tag>MAC algorithms</tag>
diff --git a/lib/ssh/src/ssh_transport.erl b/lib/ssh/src/ssh_transport.erl
index 8a688fcd4a..a634fc65b8 100644
--- a/lib/ssh/src/ssh_transport.erl
+++ b/lib/ssh/src/ssh_transport.erl
@@ -117,6 +117,12 @@ default_algorithms(mac) ->
     supported_algorithms(mac, same(['AEAD_AES_128_GCM',
 				    'AEAD_AES_256_GCM']));
 
+default_algorithms(public_key) ->
+    supported_algorithms(public_key, [
+                                      %% Gone in OpenSSH 7.3.p1:
+                                      'ssh-dss'
+                                     ]);
+
 default_algorithms(Alg) ->
     supported_algorithms(Alg, []).
 
@@ -152,8 +158,8 @@ supported_algorithms(public_key) ->
        {'ssh-ed448',            [{public_keys,eddsa}, {curves,ed448}                      ]},
        {'rsa-sha2-256',         [{public_keys,rsa},   {hashs,sha256}                      ]},
        {'rsa-sha2-512',         [{public_keys,rsa},   {hashs,sha512}                      ]},
-       {'ssh-dss',              [{public_keys,dss},   {hashs,sha}                         ]}, % Gone in OpenSSH 7.3.p1
-       {'ssh-rsa',              [{public_keys,rsa},   {hashs,sha}                         ]}
+       {'ssh-rsa',              [{public_keys,rsa},   {hashs,sha}                         ]},
+       {'ssh-dss',              [{public_keys,dss},   {hashs,sha}                         ]} % Gone in OpenSSH 7.3.p1
       ]);
  
 supported_algorithms(cipher) ->
-- 
2.16.4