Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye

To: Martin-Éric Racine <martin-eric.racine@iki.fi>
Cc: 1105036@bugs.debian.org
Subject: Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 19 May 2025 15:03:52 +0100
Message-id: <[🔎] aCs6SAITcPOvzmSP@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 1105036@bugs.debian.org
In-reply-to: <[🔎] CAPZXPQf2w9Ao5FR51CTJQARvuyAmz4iJA1+gfvnZf+G+RksSAA@mail.gmail.com>
References: <[🔎] 174686967405.382867.8362921264215668812.reportbug@p8h61.internal> <[🔎] aCCxgCvriFDdMcdx@riva.ucam.org> <[🔎] CAPZXPQdyaVQz-Ubx07epv7bG0VNUV-c1QQ9wz9b3gJE=g=spVg@mail.gmail.com> <[🔎] CAPZXPQf2w9Ao5FR51CTJQARvuyAmz4iJA1+gfvnZf+G+RksSAA@mail.gmail.com> <[🔎] 174686967405.382867.8362921264215668812.reportbug@p8h61.internal>

On Mon, May 19, 2025 at 11:45:40AM +0300, Martin-Éric Racine wrote:

su 11.5.2025 klo 18.33 Martin-Éric Racine (martin-eric.racine@iki.fi) kirjoitti:

su 11.5.2025 klo 17.17 Colin Watson (cjwatson@debian.org) kirjoitti:
> On Sat, May 10, 2025 at 12:34:34PM +0300, Martin-Éric Racine wrote:
> >Given how Trixie has raised the minimum CPU level for some
> >architectures (e.g. on i386, minimum Pentium 4 due to Rust now
> >requiring SSE2), it would be desirable for OpenSSH to be backported to
> >at least Bookworm, preferably also to Bullseye, so that hosts running
> >on deprecated CPUs can remain reachable using post-quantum crypto for
> >the remainder of their LTS support timespan.
>
> While I'm reasonably OK with doing this, backports rules mean that I
> need to wait until there's a suitable version in testing, and I'd much
> rather wait until at least version 1:10.0p1-3 is in testing since the
> current version in testing has an RC bug.

That seems reasonable enough. Looking forward to it.


Can we return to this now that we have 1:10.0p1-5 in Testing?

Thanks for the reminder. I've uploaded 1:10.0p1-5~bpo12+1 tobookworm-backports.

I did try bullseye, but the regression test suite hung at "conchciphers: cipher aes256-ctr". That probably just needs reintroducing anold patch to deal with older versions of Twisted, but this sort of thingcan get quite time-consuming and I'm reluctant to spend a lot of time onit with weak justification. I propose to just do bookworm and call thatgood enough; users of affected CPUs can at least upgrade to bookworm.


--
Colin Watson (he/him)                              [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>

References:
- Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>
- Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
  - From: Colin Watson <cjwatson@debian.org>
- Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>
- Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
  - From: Martin-Éric Racine <martin-eric.racine@iki.fi>

Prev by Date: Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
Next by Date: Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
Previous by thread: Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
Next by thread: Bug#1105036: openssh: please produce OpenSSH 10.x backports for Bookworm and Bullseye
Index(es):
- Date
- Thread