1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1100948: dropbear 2025.87 changes break OpenSSH's regression test s

    From Guilhem Moulin@21:1/5 to All on Thu Mar 20 21:20:01 2025
    Source: openssh
    Version: 1:9.9p2-1
    Severity: important
    Tags: patch fixed-upstream

    Hi,

    Since 2025.87-1 dropbear(8) and dbclient(1) are now built without
    support for the ‘hmac-sha1’ integrity algorithm, ‘ssh-rsa’ key algorithm, and ‘diffie-hellman-group14-sha1’ key exchange algorithm.

    That change broke OpenSSH's regression test suite (regress/dropbear-*.sh), hence its autopkgtests. OpenSSH upstream has a patch available at:

    https://github.com/openssh/openssh-portable/commit/97e10c0005a784622c61cb4e8bb7858b410bbcc6

    Indeed, applying this change fixes OpenSSH's autopkgtest.

    I (dropbear maintainer) didn't foresee breakage in other packages,
    apologies for that.

    --
    Guilhem.

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmfcdf0ACgkQ05pJnDwh pVJNuA//Xhvw3+j2r6eNHHqFWqsG61YUHccYkB3Vl4Xf0QWoCKazcPKnXd7jpVGi gJXCJCtVVQ0hYZMuFbLPoDQSAaqQrioXeuNyQ88/mFPWcfmZQD7xt3xyWuEt+aJp AIdIB/aLaFtaUbw3244DOP+3483JSfxNyvyNmsvJ5K0VmPJby1hPtOyRdUct36ui bN3VHrdyEfeQKd+oVg6WpiorsspJchetvvjqfTmqmEMhipzqom+HSZBRp2M/cTYy ydWmY2TL75llX/r8BHXSvKjvMcChgfsCTt/zxuKB4kvKf/CXmFYPbv/nZrcbgLBF NTyeqSmr+h/kedElFuUaNSl/ZMbLDjV7scdThTphioEGRszsNxbqHnmR9tTYNy7m MWw0K6E75X43167pec0FG11mG2Qjb8wRI+Ckuko5CV13L1kGHzm+ZG/stDOj+nKB za/hLcN9hS/No6QIhAmAZMWwhQJsO0sCHQXp1Koo3qX/4C3QFvy088SeQDiUvuLB GcrQhyq5mtA8tXS+vU5K6BHgCWCPghyN8Oyq6DPQ21Ctw6XQcVHCD4yiWkNLBcKK fNP/7kVMivE3Xt61tZsr0Urbw4ShnZVIX5CMOsREWuPQuEk3POu/VIo6mp7n4N10 6B8agLAQ/itifAjLd5d6t37Ees/u23vCbNvFhl8Lo4CY0HEkpuY=
    =NyL7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Colin Watson@21:1/5 to Guilhem Moulin on Fri Mar 21 00:20:01 2025
    On Thu, Mar 20, 2025 at 09:09:34PM +0100, Guilhem Moulin wrote:
    Since 2025.87-1 dropbear(8) and dbclient(1) are now built without
    support for the ‘hmac-sha1’ integrity algorithm, ‘ssh-rsa’ key >algorithm, and ‘diffie-hellman-group14-sha1’ key exchange algorithm.

    That change broke OpenSSH's regression test suite (regress/dropbear-*.sh), >hence its autopkgtests. OpenSSH upstream has a patch available at:

    https://github.com/openssh/openssh-portable/commit/97e10c0005a784622c61cb4e8bb7858b410bbcc6

    Indeed, applying this change fixes OpenSSH's autopkgtest.

    I (dropbear maintainer) didn't foresee breakage in other packages,
    apologies for that.

    Thanks for the heads-up. I'll get that into unstable.

    --
    Colin Watson (he/him) [cjwatson@debian.org]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)