All autopkgtests for the newly accepted openssh (1:8.2p1-4ubuntu0.6) for focal have finished running. The following regressions have been reported in tests triggered by the package:
gvfs/1.44.1-1ubuntu1.1 (arm64, amd64, ppc64el) Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1]. https://people.canonical.com/~ubuntu-archive/proposed- migration/focal/update_excuses.html#openssh [1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions Thank you! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/1871465 Title: ssh_config(5) contains outdated information Status in openssh package in Ubuntu: Fix Released Status in openssh source package in Focal: Fix Committed Status in openssh source package in Hirsute: Won't Fix Status in openssh source package in Impish: Won't Fix Bug description: [Impact] The problem here is straightforward. The case is to fix manpages. They need to reflect a change done to the code some time ago. That problem might be annoying for users before being fixed. Backport upstream fix to Focal Origin: https://github.com/openssh/openssh-portable/commit/53ea05e09b04fd7b6dea66b42b34d65fe61b9636 [Test Plan] Make a container for testing: First option: $ lxc launch images:ubuntu/bionic focal-test $ lxc shell focal-test Simply install the openssh package using ‘apt install’ and check both ssh_config.5 and sshd_config.5 files. You should be able to spot the ‘ssh_rsa’ in these files. [Where problems could occur] Any code change might change the behavior of the package in a specific situation and cause other errors. Next things which might cause regression are new dependencies which might not align and it is obvious the dependencies are upgraded and it might be a problem, but it is really unlikely. Even none of the rather generic cases above does apply here as we only change non-functional content in the form of the man page; Therefore the only risk is out of re-building the package which could pick up something from e.g. a changed toolchain. [Other Info] Fixing this is nice for the users, but OTOH very low severity and would cause a package download and update on almost every Ubuntu in the world. Therefore we will mark this as block-proposed and keep it in focal-proposed so that a later real update (security or functional) will pick this up from -proposed and then fix it in the field for real. ----------------------------original report------------------------------- The release of OpenSSH 8.2 has removed `ssh-rsa` from the default list of CACertificateAlgorithms. However the latest `openssh-client` still ships the man page for ssh_config(5) that contains the following description: CASignatureAlgorithms Specifies which algorithms are allowed for signing of certificates by certificate authorities (CAs). The default is: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa ssh(1) will not accept host certificates signed using algorithms other than those specified. As far as I am concerned, `ssh-rsa` should be dropped from the list so as to match the behavior of ssh(1). To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1871465/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
