Control: found -1 1:6.7p1-1 Control: forwarded -1 https://bugzilla.mindrot.org/show_bug.cgi?id=1789
On Thu, Oct 09, 2014 at 04:56:48PM +0200, Mike Gabriel wrote: > I just checked debian/changelog and the 6.7 release announcement. The > following issue hasn't been addressed yet in Debian, nor by upstream. > > If on the SSH client side a session is running with pam_namespace.so > in use, it is impossible to do X11 port forwarding. The ssh client > tries to connect to /tmp/.X11-unix/X<displayport> which is out of > reach with pam_namespace sessions. > > Instead, ssh client should connect the X11 forwarding end point to the > X11 socket in kernel namespace (@/tmp/.X11-unix/X<displayport>). > > A patch is available in the Fedora OpenSSH package [1]. [...] > [1] > http://pkgs.fedoraproject.org/cgit/openssh.git/tree/openssh-5.5p1-x11.patch It appears (after a bit of trawling through git history plus some guesswork; I wish Fedora had better conventions for patch headers the way that Debian does ...) that this is https://bugzilla.redhat.com/show_bug.cgi?id=598671, and the upstream bug is https://bugzilla.mindrot.org/show_bug.cgi?id=1789. By the way the patch in Fedora's git repository does not match the latest one attached to the upstream bug. I'm a bit wary given upstream's fairly strenuous objections. In cases where I feel I know something better than upstream I do sometimes decide to carry a patch anyway of course, but in this case I'm far from a relevant expert. Do you think that perhaps somebody could re-engage with that upstream bug and see if they can work through the objections? Thanks, -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
