Your message dated Thu, 14 Mar 2024 12:09:47 +0000
with message-id <[email protected]>
and subject line Bug#1066847: fixed in openssh 1:9.7p1-2
has caused the Debian Bug report #1066847,
regarding openssh: please consider disabling ssh-askpass-gnome on 32-bit during
the time_t transition
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1066847: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066847
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: openssh
Severity: wishlist
Tags: patch
X-Debbugs-Cc: [email protected]
On the architectures affected by the 64-bit time_t transition, there
is at least one cyclic build-dependency involving this package:
openssh-server, gtk+3.0, at-spi2-core, dbus-broker, systemd, cryptsetup,
libssh, openssh-server.
I've tried to break this cycle at at-spi2-core (#1066844) but that's going
to require additional changes in gtk+3.0, to disable its test suite (which
requires librsvg, which requires Rust, which needs re-bootstrapping)
on the affected architectures, and at this stage I'm unsure whether other
relevant cycles exist.
I think it would be pragmatic to disable ssh-askpass-gnome on the affected
architectures for the duration of this transition: it's a low-popcon
leaf package which is the only thing pulling in "heavy" dependencies
to openssh. I attach a possible patch. I've verified that it compiles
successfully in an armhf porterbox chroot (without ssh-askpass-gnome)
and on amd64 (with ssh-askpass-gnome), but I haven't otherwise tested it.
Thanks,
smcv
>From bbefe785a6ab567677af77ccd12b1fbb59a42d8d Mon Sep 17 00:00:00 2001
From: Simon McVittie <[email protected]>
Date: Thu, 14 Mar 2024 10:48:03 +0000
Subject: [PATCH] d/control, d/rules: Disable ssh-askpass-gnome on 32-bit,
except i386
On the architectures affected by the 64-bit time_t transition, there
is at least one cyclic build-dependency involving this package:
openssh-server, gtk+3.0, at-spi2-core, dbus-broker, systemd, cryptsetup,
libssh, openssh-server. Temporarily dropping a low-popcon binary package
that is already excludable by a build-profile seems like a convenient
place to break the cycle.
Closes: #-1
---
debian/control | 2 +-
debian/rules | 6 ++++++
2 files changed, 7 insertions(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index 0a785bcb2..38abe62ec 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Build-Depends: debhelper (>= 13.1~),
libaudit-dev [linux-any],
libedit-dev,
libfido2-dev (>= 1.5.0) [linux-any],
- libgtk-3-dev <!pkg.openssh.nognome>,
+ libgtk-3-dev [!armel !armhf !hppa !m68k !powerpc !sh4] <!pkg.openssh.nognome>,
libkrb5-dev | heimdal-dev,
libpam0g-dev | libpam-dev,
libselinux1-dev [linux-any],
diff --git a/debian/rules b/debian/rules
index fd9ab8d03..cd4c27b58 100755
--- a/debian/rules
+++ b/debian/rules
@@ -108,6 +108,10 @@ ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386)
BUILD_PACKAGES += -Nopenssh-tests
endif
+ifeq ($(DEB_HOST_ARCH_BITS)$(filter i386,$(DEB_HOST_ARCH_CPU)),32)
+ BUILD_PACKAGES += -Nssh-askpass-gnome
+endif
+
%:
dh $@ --with=runit $(BUILD_PACKAGES)
@@ -132,9 +136,11 @@ ifeq ($(filter noudeb,$(DEB_BUILD_PROFILES)),)
$(MAKE) -C debian/build-udeb $(PARALLEL) ASKPASS_PROGRAM='/usr/bin/ssh-askpass' ssh scp sftp sshd ssh-keygen
endif
+ifneq ($(DEB_HOST_ARCH_BITS)$(filter i386,$(DEB_HOST_ARCH_CPU)),32)
ifeq ($(filter pkg.openssh.nognome,$(DEB_BUILD_PROFILES)),)
$(MAKE) -C contrib gnome-ssh-askpass3 CC='$(CC) $(CPPFLAGS) $(CFLAGS) -Wall -Wl,--as-needed $(LDFLAGS)' PKG_CONFIG=$(PKG_CONFIG)
endif
+endif
override_dh_auto_build-indep:
--
2.43.0
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:9.7p1-2
Done: Colin Watson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 14 Mar 2024 11:45:12 +0000
Source: openssh
Architecture: source
Version: 1:9.7p1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1066847
Changes:
openssh (1:9.7p1-2) unstable; urgency=medium
.
[ Simon McVittie ]
* d/control, d/rules: Disable ssh-askpass-gnome on 32-bit, except i386
(closes: #1066847).
Checksums-Sha1:
5f5f6deebc4d28b459894d7aec5528f4d5edd1ba 3383 openssh_9.7p1-2.dsc
bbbded72b6d60911722e535f708a717f47a5af1d 189332 openssh_9.7p1-2.debian.tar.xz
Checksums-Sha256:
71cf7c4f5548e5e91ca1d2b74490cba3231763870fe7ac79f95ffbea95a77055 3383
openssh_9.7p1-2.dsc
655ac5089179bc03b55d012c18cdd85d85a3c8669ebd491bab0d22d0f6f4a17a 189332
openssh_9.7p1-2.debian.tar.xz
Files:
d10f7384f3e87e2482b28441f5f1011f 3383 net standard openssh_9.7p1-2.dsc
826e890f373188656b8f533b8e428ae4 189332 net standard
openssh_9.7p1-2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmXy458ACgkQOTWH2X2G
UAvK0Q/+L0mkB1D2NitlkqpzBfd1dZKiaSeMrziEg9yEvE6i/8K0T6blv4yplZlQ
5Vj4zOuK6TuAC8EVd1thV2192ZqxpSCPbovSNUiZyZXPE9eigBANOyHYeecG0jSN
hR4TcVCaNdh+mMK1YqlQwlAUldkQck8YIGoSmcY8IvlPNjnjdazc0zL6UZOKy3Hz
YVHA8yYZnkOLq5Auicuny2xUf6/p2HH4TOIHy7t2Cfvkn7vh9oDUeMWQ+0zwfM0Y
vv0mRCozdeCr6Nift+sr67XX3h/hSYqdCwiiVF5EpH01afQQoiftpXUj2ic1e+za
f24uQJTztmMtpJFPuvEPB5vhtD4nCC6rkDFJJLImJcAXL6XHP4R13cOru8CeO3h5
RcPj9KHsSG/4ZM89ktUWtH5PugZSWgKd3Md/xmR0/d8Rff2hKIBLcdUoTRWBgQEO
7gQJhdkNbhKllFDW1s4dqZVI62nlIWGZlbm/qIVH3rBz8C450lNArhBC0UMg5ixg
eyImxjBUfw7diVxgXeCIeYp7/FSm65EtR0IwgXvSsGEUFEwS+XQnYXCyvCBagyGd
tBfXvHkfzpjgSYe0l+aHZ5n4aPgG65ZtFLs94zzRd9PoM+rJq40mDkjM+/HYgBDD
ZJJp/NSv/w7xsbT15x+FpGLb2SJv8vE8ujYoRt3gIIsr2qsi6vA=
=787V
-----END PGP SIGNATURE-----
pgpWFzssyC6fJ.pgp
Description: PGP signature
--- End Message ---
