Bug#1025455: libssh-dev: DSA support is disabled by default
Hello Vagrant, CC'ing the upstream maintainers, in case I speak nonsense here. Vagrant Cascadian [2022-12-04 16:45 -0800]: > In libssh 0.10.x versions, DSA support is deprecated and disabled by > default. This was indeed intended [1]. > This causes test suite failures when building guile-ssh which > tests support for DSA keys. > > The attached patch enables DSA support, as was supported in previous > versions. > -DEB_CMAKE_EXTRA_FLAGS := -DBUILD_STATIC_LIB=ON > -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) -DUNIT_TESTING=$(if $(filter > nocheck,$(DEB_BUILD_OPTIONS)),OFF,ON) -DWITH_GSSAPI=ON > +DEB_CMAKE_EXTRA_FLAGS := -DBUILD_STATIC_LIB=ON > -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) -DUNIT_TESTING=$(if $(filter > nocheck,$(DEB_BUILD_OPTIONS)),OFF,ON) -DWITH_GSSAPI=ON -DWITH_DSA=ON > If that is not an option in time for bookworm freeze, please let me know > ASAP so I can patch guile-ssh instead. If at all possible, I'd rather not enable it in the Debian package. DSA isn't an acceptable crypt algorithm any more, and I'd rather not support it for another Debian release. OpenSSH deprecated it two years ago [2], the Fedora package does not enable it either [3], and libssh upstream will remove it in the next major version. Can guile-ssh be built easily without DSA support? If so, that'd be great (and then let's reassign or just close this bug). Otherwise I can have a look and help you with disabling the DSA feature in guile. Thanks, Martin [1] https://www.libssh.org/2022/08/26/libssh-0-10-0/ [2] http://www.openssh.com/legacy.html [3] https://src.fedoraproject.org/rpms/libssh/blob/rawhide/f/libssh.spec#_74 signature.asc Description: PGP signature
Bug#1025455: libssh-dev: DSA support is disabled by default
Source: libssh Version: 0.10.4-2 Severity: important Tags: patch X-Debbugs-Cc: Vagrant Cascadian Control: block 1020087 by -1 In libssh 0.10.x versions, DSA support is deprecated and disabled by default. This causes test suite failures when building guile-ssh which tests support for DSA keys. The attached patch enables DSA support, as was supported in previous versions. If that is not an option in time for bookworm freeze, please let me know ASAP so I can patch guile-ssh instead. Thanks for maintaining libssh! live well, vagrant From d3963761a4e2666187e4fb5281f5f45c9e8a106f Mon Sep 17 00:00:00 2001 From: Vagrant Cascadian Date: Mon, 5 Dec 2022 00:19:05 + Subject: [PATCH] debian/rules: Enable DSA support. Upstream 0.10.x disables DSA support by default, and is likely to be deprecated in future versions. --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index fb55ca2..880aa59 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,6 @@ #!/usr/bin/make -f -DEB_CMAKE_EXTRA_FLAGS := -DBUILD_STATIC_LIB=ON -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) -DUNIT_TESTING=$(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),OFF,ON) -DWITH_GSSAPI=ON +DEB_CMAKE_EXTRA_FLAGS := -DBUILD_STATIC_LIB=ON -DLIB_INSTALL_DIR=/usr/lib/$(DEB_HOST_MULTIARCH) -DUNIT_TESTING=$(if $(filter nocheck,$(DEB_BUILD_OPTIONS)),OFF,ON) -DWITH_GSSAPI=ON -DWITH_DSA=ON export DEB_LDFLAGS_MAINT_APPEND = -Wl,-z,defs -Wl,-O1 export DEB_BUILD_MAINT_OPTIONS = hardening=+all -- 2.30.2 signature.asc Description: PGP signature