Ubuntu
openssh package

Merge ~kstenerud/ubuntu/+source/openssh:openssh-broken-tunnel-forwarding-1801128 into ubuntu/+source/openssh:ubuntu/cosmic-devel

  1. Git
  2. lp:~kstenerud/ubuntu/+source/openssh
  3. openssh-broken-tunnel-forwarding-1801128
  4. Merge into ubuntu/cosmic-devel
Proposed by Karl Stenerud
Status: Merged
Approved by: Christian Ehrhardt 
Approved revision: 917f739deb27c6440777c8330cfeeb46307775ec
Merged at revision: 917f739deb27c6440777c8330cfeeb46307775ec
Proposed branch: ~kstenerud/ubuntu/+source/openssh:openssh-broken-tunnel-forwarding-1801128
Merge into: ubuntu/+source/openssh:ubuntu/cosmic-devel
Diff against target: 60 lines (+38/-0)
3 files modified
debian/changelog (+7/-0)
debian/patches/fix-broken-tunnel-forwarding.patch (+30/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Christian Ehrhardt  (community) Approve
Canonical Server Pending
Review via email: mp+358491@code.launchpad.net

Description of the change

Applied upstream patch to fix tunnel forwarding broken in 7.7p1.
https://github.com/openssh/openssh-portable/commit/cfb1d9bc76734681e3dea532a1504fcd466fbe91

PPA: ppa:kstenerud/openssh-broken-tunnel-forwarding-1801128

Steps to test:

# lxc launch ubuntu:cosmic tester && lxc exec tester bash

# apt update && \
apt dist-upgrade -y && \
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config && \
sed -i 's/#PermitTunnel no/PermitTunnel yes/g' /etc/ssh/sshd_config && \
sed -i 's/#AllowTcpForwarding yes/AllowTcpForwarding yes/g' /etc/ssh/sshd_config && \
service sshd restart && \
echo ubuntu:ubuntu | chpasswd
# ssh -w any ubuntu@localhost
ubuntu@localhost's password:
Tunnel device open failed.
Could not request tunnel forwarding.

# add-apt-repository -y ppa:kstenerud/openssh-broken-tunnel-forwarding-1801128 && \
apt update && \
apt dist-upgrade -y
# ssh -w any ubuntu@localhost

* Should not say "Tunnel device open failed"

Package test results:

autopkgtest [10:43:29]: test regress: -----------------------]
autopkgtest [10:43:29]: test regress: - - - - - - - - - - results - - - - - - - - - -
regress PASS
autopkgtest [10:43:29]: @@@@@@@@@@@@@@@@@@@@ summary
regress PASS

To post a comment you must log in.
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

minor style question - since I had no time for a full review I added a personal slot for me to add this.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

The MP is good, but Disco has to complete the fix first.
+1

https://launchpad.net/ubuntu/+source/openssh/1:7.9p1-1 still is in proposed.
Only failures on snapd.

None of them seems related to the ssh upload
x86: tty ioctl issue
arm64: service didn't start

I re-kicked the tests, to check if the reproduce the error.
But I'd ask to get in touch with the snap people (MVO?) to ask if these are known issues that they plan to force override.

review: Approve
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Arm resolved on the re-run
X86 still fails but this time on the same thing arm had before.

Unfortunately this seems to be a flaky test.
Please check the outcome the next few days and let us know once it completes or if you need help.

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

To ssh://git.launchpad.net/~usd-import-team/ubuntu/+source/openssh
 * [new tag] upload/1%7.7p1-4ubuntu0.1 -> upload/1%7.7p1-4ubuntu0.1

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Uploading to ubuntu (via ftp to upload.ubuntu.com):
  Uploading openssh_7.7p1-4ubuntu0.1.dsc: done.
  Uploading openssh_7.7p1-4ubuntu0.1.debian.tar.xz: done.
  Uploading openssh_7.7p1-4ubuntu0.1_source.buildinfo: done.
  Uploading openssh_7.7p1-4ubuntu0.1_source.changes: done.
Successfully uploaded packages.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index e0aab97..d7b02d6 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+openssh (1:7.7p1-4ubuntu0.1) cosmic; urgency=medium
7+
8+ * debian/patches/fix-broken-tunnel-forwarding.patch: Fix tunnel forwarding
9+ broken in 7.7p1. Thanks to Damien Miller <djb@mindrot.org>. (LP: #1801128)
10+
11+ -- Karl Stenerud <karl.stenerud@canonical.com> Wed, 07 Nov 2018 14:52:49 +0100
12+
13 openssh (1:7.7p1-4) unstable; urgency=high
14
15 * Apply upstream patch to delay bailout for invalid authenticating user
16diff --git a/debian/patches/fix-broken-tunnel-forwarding.patch b/debian/patches/fix-broken-tunnel-forwarding.patch
17new file mode 100644
18index 0000000..c2523fa
19--- /dev/null
20+++ b/debian/patches/fix-broken-tunnel-forwarding.patch
21@@ -0,0 +1,30 @@
22+Description: Fix tunnel forwarding broken in 7.7p1
23+Origin: upstream, https://github.com/openssh/openssh-portable/commit/cfb1d9bc76734681e3dea532a1504fcd466fbe91
24+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2855
25+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1801128
26+Last-Update: 2018-11-07
27+---
28+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
29+
30+diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
31+index 7050629c..bb535626 100644
32+--- a/openbsd-compat/port-net.c
33++++ b/openbsd-compat/port-net.c
34+@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname)
35+ else
36+ debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);
37+
38+- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
39++ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
40+ goto failed;
41+
42+ return (fd);
43+@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname)
44+ goto failed;
45+ }
46+
47+- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
48++ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
49+ goto failed;
50+
51+ close(sock);
52diff --git a/debian/patches/series b/debian/patches/series
53index e1eb167..ba24bda 100644
54--- a/debian/patches/series
55+++ b/debian/patches/series
56@@ -26,3 +26,4 @@ seccomp-getuid-geteuid.patch
57 seccomp-s390-ioctl-ep11-crypto.patch
58 upstream-relax-checking-of-authorized_keys-environme.patch
59 upstream-delay-bailout-for-invalid-authenticating-user.patch
60+fix-broken-tunnel-forwarding.patch

Subscribers

People subscribed via source and target branches