Re: Bug#1007714: bullseye-pu: package openssh/1:8.4p1-5+deb11u1

[Colin Watson]

On Wed, Jun 29, 2022 at 10:27:01PM +0100, Adam D. Barratt wrote:
> On Fri, 2022-03-18 at 08:43 +0100, Cyril Brulebois wrote:
> > Adam D. Barratt  (2022-03-17):
> > > As openssh builds a udeb, I'm CCing KiBi and tagging the bug
> > > accordingly.
> > 
> > Making sure upgrades have a chance to work properly seems more
> > important
> > than any possible regressions at install time, for those deploying
> > over
> > SSH, so no objections at all.
> 
> Just a quick reminder on this, as the window for getting changes into
> 11.4 closes over the coming weekend.

Oops, sorry!  I've just uploaded this.

-- 
Colin Watson (he/him)  [cjwat...@debian.org]

Re: Bug#1007714: bullseye-pu: package openssh/1:8.4p1-5+deb11u1

[Adam D. Barratt]

Hi Colin,

On Fri, 2022-03-18 at 08:43 +0100, Cyril Brulebois wrote:
> Adam D. Barratt  (2022-03-17):
> > As openssh builds a udeb, I'm CCing KiBi and tagging the bug
> > accordingly.
> 
> Making sure upgrades have a chance to work properly seems more
> important
> than any possible regressions at install time, for those deploying
> over
> SSH, so no objections at all.

Just a quick reminder on this, as the window for getting changes into
11.4 closes over the coming weekend.

Regards,

Adam

Re: Bug#1007714: bullseye-pu: package openssh/1:8.4p1-5+deb11u1

[Cyril Brulebois]

Adam D. Barratt  (2022-03-17):
> As openssh builds a udeb, I'm CCing KiBi and tagging the bug
> accordingly.

Making sure upgrades have a chance to work properly seems more important
than any possible regressions at install time, for those deploying over
SSH, so no objections at all.


Cheers,
-- 
Cyril Brulebois (k...@debian.org)
D-I release manager -- Release team member -- Freelance Consultant


signature.asc
Description: PGP signature

Re: Bug#1007714: bullseye-pu: package openssh/1:8.4p1-5+deb11u1

[Adam D. Barratt]

Control: tags -1 + confirmed d-i

On Tue, 2022-03-15 at 15:20 +, Colin Watson wrote:
> OpenSSH in stable breaks on 32-bit architectures (at least armhf,
> reportedly also i386) after upgrading libc6 to the version in
> bookworm,
> due to changes in its system call interface that affect OpenSSH's
> seccomp sandbox.  See https://bugs.debian.org/1004427.
> 
> [ Impact ]
> Without this change, I'm concerned that sshd may be unavailable
> during
> part of an upgrade from bullseye to bookworm (or even make the
> machine
> inaccessible, if it's headless and the upgrade fails).  Getting the
> sandbox tweak into bullseye at this stage would reduce that risk.
> 

Please go ahead.

As openssh builds a udeb, I'm CCing KiBi and tagging the bug
accordingly.

Regards,

Adam