Re: Bug#1105179: unblock: openssh/1:10.0p1-5

To: Colin Watson <cjwatson@debian.org>, 1105179-done@bugs.debian.org
Cc: openssh@packages.debian.org
Subject: Re: Bug#1105179: unblock: openssh/1:10.0p1-5
From: Cyril Brulebois <kibi@debian.org>
Date: Wed, 14 May 2025 03:25:01 +0200
Message-id: <[🔎] 20250514012501.52szouhs7yxzfjrb@mraw.org>
In-reply-to: <[🔎] aCJnGH_XEjUYw9Zd@camorr.rosewood.vpn.ucam.org>
References: <[🔎] aCJnGH_XEjUYw9Zd@camorr.rosewood.vpn.ucam.org>

Hi,

Colin Watson <cjwatson@debian.org> (2025-05-12):
> I know the hard freeze hasn't started yet, but this openssh upload isn't 
> quite going to make it into testing in time, and since it's a key 
> package you're going to need to review it anyway; so I might as well get 
> the request in early.  This fixes one grave bug (#1103418), one serious 
> bug (#1104992, filed after the upload so not in the changelog) and one 
> important bug (#1103522).  All the changes are as targeted as I believe 
> to be possible.
> 
> The --with-linux-memlock-onfault change is probably the only non-obvious 
> one; see https://bugzilla.mindrot.org/show_bug.cgi?id=3822 for more 
> details there.  It's basically just restoring previous behaviour, since 
> that option and the behaviour associated with it were new in 10.0p1.
> 
> openssh has pretty extensive autopkgtests.  Admittedly they didn't catch 
> these issues (although I have my suspicions that the riscv64 autopkgtest 
> failures that I fixed by disabling --with-linux-memlock-onfault just on 
> riscv64 in 1:10.0p1-2 were in fact the canary in the coalmine), but they 
> do provide decent assurance that openssh still works in general.
> 
> unblock openssh/1:10.0p1-5

openssh popped up on my radar when it came to picking and choosing which
packages would make sense to have in D-I Trixie RC 1, and which ones
could or should wait
(https://lists.debian.org/debian-release/2025/05/msg00524.html).

While I'm not usually reviewing unblock requests (and haven't been for
years), I'll take charge (and blame of course) of this one.

Your description of the recent changes match my “it seems we really want
to have this in testing” sentiment before sending the aforementioned
mail (even if nothing was required as far as d-i is concerned), and your
reply in the other thread confirms that waiting some more doesn't seem
warranted (the latest upload being 5/10 days old already).

Let's have this into testing now, then; thanks!


Cheers,
-- 
Cyril Brulebois (kibi@debian.org)            <https://debamax.com/>
D-I release manager -- Release team member -- Freelance Consultant

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Bug#1105179: unblock: openssh/1:10.0p1-5
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: Early migration for openssh?
Next by Date: Bug#1105954: openssh-server: OpenSSH produces error on logout because utmp is no longer used
Previous by thread: Bug#1105179: unblock: openssh/1:10.0p1-5
Next by thread: Early migration for openssh?
Index(es):
- Date
- Thread