Package: libssh Severity: important Version: 0.5.4-1 Dear maintainer,
in X2Go upstream we stumbled over an issue with libssh's mechanism of requesting reverse port forwarding channels. In a nutshell, it is only possible to request one reverse port forwarding channel per SSH session.
Till now, we worked around this in X2Go Client by starting multiple sessions (and only requesting one channel per session). With an upcoming feature of X2Go Client (Google Authenticator support) we need this problem to be fixed in libssh.
We provided a patch against libssh upstream that recently got accepted by Andreas Schneider [1].
Attached, find a debdiff that adds two patches to the package's patchset. These two patches make multiple revert port forwardings available in libssh 0.5.4. In Git master of libssh this issue has already been fixed [2]. The patch is expected to land in libssh upstream release 0.6.1.
In the debdiff, I also put myself into debian/control's Uploaders: field. I'd be happy to support libssh packaging in the future (as it is a vital package for X2Go). If you accept my offer please leave me in Uploaders:. If not, feel free to drop the partial patch for debian/control from the debdiff.
Thanks+Greets, MikePS: please also refrain from uploading libssh 0.6.x to Debian for a while, as it currently breaks X2Go Client. We'd appreciate if you could provide us some time to solve a memory leak and a segfault issue we experience with libssh 0.6.x and X2Go Client. Thanks.
[1] http://www.libssh.org/archive/libssh/2014-01/0000013.html[2] http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462
-- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
diff -Nru libssh-0.5.4/debian/changelog libssh-0.5.4/debian/changelog --- libssh-0.5.4/debian/changelog 2013-02-05 01:12:09.000000000 +0100 +++ libssh-0.5.4/debian/changelog 2014-01-21 10:26:56.000000000 +0100 @@ -1,3 +1,12 @@ +libssh (0.5.4-2) unstable; urgency=low + + * debian/patches/0004-reset-global-request-status.patch: Allow requesting + more than one channel per session. + * debian/patches/0005-multi-reverse-fwd.patch: Ease handling of multiple + reverse port forwarding requests per session. + + -- Mike Gabriel <sunwea...@debian.org> Tue, 21 Jan 2014 09:56:46 +0100 + libssh (0.5.4-1) unstable; urgency=low * New upstream security release diff -Nru libssh-0.5.4/debian/control libssh-0.5.4/debian/control --- libssh-0.5.4/debian/control 2013-02-05 01:12:09.000000000 +0100 +++ libssh-0.5.4/debian/control 2014-01-21 09:56:44.000000000 +0100 @@ -2,6 +2,8 @@ Section: libs Priority: optional Maintainer: Laurent Bigonville <bi...@debian.org> +Uploaders: + Mike Gabriel <sunwea...@debian.org>, Build-Depends: cdbs (>= 0.4.93~), debhelper (>= 8.1.3~), cmake (>= 2.6), libssl-dev, libz-dev Build-Depends-Indep: doxygen Standards-Version: 3.9.2 diff -Nru libssh-0.5.4/debian/patches/0004-reset-global-request-status.patch libssh-0.5.4/debian/patches/0004-reset-global-request-status.patch --- libssh-0.5.4/debian/patches/0004-reset-global-request-status.patch 1970-01-01 01:00:00.000000000 +0100 +++ libssh-0.5.4/debian/patches/0004-reset-global-request-status.patch 2014-01-21 10:25:32.000000000 +0100 @@ -0,0 +1,18 @@ +Description: Allow requesting more than one channel per session. +Author: Andreas Schneider <a...@cryptomilk.org> +Abstract: + In the 0.5.x series of libssh only one channel request per session + is possible. This blocks using libssh client sessions which require + requesting multiple channels on a single SSH connection. +Origin: http://git.libssh.org/projects/libssh.git/commit/src/channels.c?id=e30acdb58a86937e8bece57ce47e272f1106ca55 +--- a/src/channels.c ++++ b/src/channels.c +@@ -1951,7 +1951,7 @@ + break; + + } +- ++ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE; + leave_function(); + return rc; + error: diff -Nru libssh-0.5.4/debian/patches/0005-multi-reverse-fwd.patch libssh-0.5.4/debian/patches/0005-multi-reverse-fwd.patch --- libssh-0.5.4/debian/patches/0005-multi-reverse-fwd.patch 1970-01-01 01:00:00.000000000 +0100 +++ libssh-0.5.4/debian/patches/0005-multi-reverse-fwd.patch 2014-01-21 10:18:27.000000000 +0100 @@ -0,0 +1,85 @@ +Description: Allow requesting multiple reverse port forwarding tunnels per connection +Author: Oleksandr Shneyder <o.schney...@phoca-gmbh.de> +Abstract: + Channel: Add ssh_channel_accept_forward(). + . + This new function works the same way as ssh_forward_accept() + but can return a destination port of the channel (useful if + SSH connection is supposed to reverse forward multiple TCP/IP + ports). +Origin: http://git.libssh.org/projects/libssh.git/commit/?id=a1c4fc07d43fb7a7e1e91bfdadbd3dc62b8ce462 +--- a/include/libssh/libssh.h ++++ b/include/libssh/libssh.h +@@ -371,6 +371,7 @@ + LIBSSH_API char *ssh_dirname (const char *path); + LIBSSH_API int ssh_finalize(void); + LIBSSH_API ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms); ++LIBSSH_API ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int *destination_port); + LIBSSH_API int ssh_forward_cancel(ssh_session session, const char *address, int port); + LIBSSH_API int ssh_forward_listen(ssh_session session, const char *address, int port, int *bound_port); + LIBSSH_API void ssh_free(ssh_session session); +--- a/src/channels.c ++++ b/src/channels.c +@@ -1755,7 +1755,7 @@ + } + + static ssh_channel ssh_channel_accept(ssh_session session, int channeltype, +- int timeout_ms) { ++ int timeout_ms, int *destination_port) { + #ifndef _WIN32 + static const struct timespec ts = { + .tv_sec = 0, +@@ -1779,6 +1779,10 @@ + ssh_message_subtype(msg) == channeltype) { + ssh_list_remove(session->ssh_message_list, iterator); + channel = ssh_message_channel_request_open_reply_accept(msg); ++ if(destination_port) { ++ *destination_port=msg->channel_request_open.destination_port; ++ } ++ + ssh_message_free(msg); + return channel; + } +@@ -1809,7 +1813,7 @@ + * the server. + */ + ssh_channel ssh_channel_accept_x11(ssh_channel channel, int timeout_ms) { +- return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms); ++ return ssh_channel_accept(channel->session, SSH_CHANNEL_X11, timeout_ms, NULL); + } + + /** +@@ -1857,7 +1861,7 @@ + } else { + session->global_req_state=SSH_CHANNEL_REQ_STATE_DENIED; + } +- ++ session->global_req_state = SSH_CHANNEL_REQ_STATE_NONE; + leave_function(); + return SSH_PACKET_USED; + +@@ -2027,7 +2031,23 @@ + * the server + */ + ssh_channel ssh_forward_accept(ssh_session session, int timeout_ms) { +- return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms); ++ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, NULL); ++} ++ ++/** ++ * @brief Accept an incoming TCP/IP forwarding channel and get information ++ * about incomming connection ++ * @param[in] session The ssh session to use. ++ * ++ * @param[in] timeout_ms A timeout in milliseconds. ++ * ++ * @param[in] destination_port A pointer to destination port or NULL. ++ * ++ * @return Newly created channel, or NULL if no incoming channel request from ++ * the server ++ */ ++ssh_channel ssh_channel_accept_forward(ssh_session session, int timeout_ms, int* destination_port) { ++ return ssh_channel_accept(session, SSH_CHANNEL_FORWARDED_TCPIP, timeout_ms, destination_port); + } + + /** diff -Nru libssh-0.5.4/debian/patches/series libssh-0.5.4/debian/patches/series --- libssh-0.5.4/debian/patches/series 2013-02-05 01:12:09.000000000 +0100 +++ libssh-0.5.4/debian/patches/series 2014-01-21 10:17:52.000000000 +0100 @@ -1,3 +1,5 @@ 0001-disable-latex-documentation.patch 0002-fix-html-doc-generation.patch 0003-fix-typo.patch +0004-reset-global-request-status.patch +0005-multi-reverse-fwd.patch
pgpVdmQRMIDQx.pgp
Description: Digitale PGP-Signatur
