subject:"Bug#1069059\: cockpit update from DSA\-5655\-1 without binary builds \(build failures\)"

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

2024-04-16 Thread Salvatore Bonaccorso

Hi Martin,

On Tue, Apr 16, 2024 at 09:26:02AM +0200, Martin Pitt wrote:
> Control: tag -1 upstream fixed-upstream patch
> Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790
> 
> Hello Salvatore and Santiago,
> 
> Salvatore Bonaccorso [2024-04-15 19:28 +0200]:
> > The update for cockpit in DSA 5655-1 had problems with the
> > test-sshbridge test, causing FTBFS:
> >
> > >From the tail of the test failure:
> >
> > # cockpit-protocol-DEBUG: test-ssh: output queue empty
> >
> > (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: 
> > (src/ssh/cockpitsshrelay.c:1423):cockpit_ssh_connect: runtime check failed: 
> > (ssh_options_set (data->session, SSH_OPTIONS_HOST, host) == 0)
> >
> > (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: 
> > (src/ssh/cockpitsshrelay.c:1424):cockpit_ssh_connect: runtime check failed: 
> > (ssh_options_parse_config (data->session, NULL) == 0)
> > # cockpit-protocol-DEBUG: test-ssh: reading input 1
> > # cockpit-protocol-DEBUG: test-ssh: received a 82 byte payload
> > # cockpit-protocol-DEBUG: test-ssh: want more data
> > **
> > cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: 
> > assertion failed (json_object_get_string_member (init, "command") == 
> > "init"): ("authorize" == "init")
> > Bail out! 
> > cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: 
> > assertion failed (json_object_get_string_member (init, "command") == 
> > "init"): ("authorize" == "init")
> > cockpit-ssh-Message: 20:51:17.704: cockpit-ssh some_host: -1 couldn't 
> > connect: Hostname required 'some_host' '22'
> > cockpit-ssh-Message: 20:51:17.704: couldn't write control message: Broken 
> > pipe
> > cockpit-ssh-Message: 20:51:17.704: couldn't write authorize message: 
> > Inappropriate ioctl for device
> > FAIL test-sshbridge (exit status: 134)
> 
> Argh, I can reproduce. The test passes with the previous
> http://snapshot.debian.org/package/libssh/0.10.5-3/ but fails with current 
> 0.10.6-0+deb12u1.
> 
> The reason is annoyingly mundane, and already got fixed upstream half a year 
> ago:
> https://github.com/cockpit-project/cockpit/commit/518d36c3492020525
> 
> I prepared a package update with that fix cherry-picked. See attached debdiff.
> It builds fine in a clean bookworm container now.
> But I don't know how exactly to target and upload this: to bookworm-security 
> or
> -updates? It's a follow-up for a previous security update to make that 
> actually
> work, but not a security update in itself.

Technically speaking, as the issue is present already before the DSA
release, you are right and the proposed update way would have been the
way to go. *But* we have a released security-update wich de-facto does
not reach the users right now, so I propose to release the regression
fix trough a security and make it a DSA regression announce.

Can you please upload to security-master?

Regards,
Salvatore

Processed: Re: Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

2024-04-16 Thread Debian Bug Tracking System

Processing control commands:

> tag -1 upstream fixed-upstream patch
Bug #1069059 [src:cockpit] cockpit update from DSA-5655-1 without binary builds 
(build failures)
Added tag(s) upstream, fixed-upstream, and patch.
> forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790
Bug #1069059 [src:cockpit] cockpit update from DSA-5655-1 without binary builds 
(build failures)
Set Bug forwarded-to-address to 
'https://github.com/cockpit-project/cockpit/pull/19790'.

-- 
1069059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069059
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

2024-04-16 Thread Martin Pitt

Control: tag -1 upstream fixed-upstream patch
Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790

Hello Salvatore and Santiago,

Salvatore Bonaccorso [2024-04-15 19:28 +0200]:
> The update for cockpit in DSA 5655-1 had problems with the
> test-sshbridge test, causing FTBFS:
>
> >From the tail of the test failure:
>
> # cockpit-protocol-DEBUG: test-ssh: output queue empty
>
> (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: 
> (src/ssh/cockpitsshrelay.c:1423):cockpit_ssh_connect: runtime check failed: 
> (ssh_options_set (data->session, SSH_OPTIONS_HOST, host) == 0)
>
> (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: 
> (src/ssh/cockpitsshrelay.c:1424):cockpit_ssh_connect: runtime check failed: 
> (ssh_options_parse_config (data->session, NULL) == 0)
> # cockpit-protocol-DEBUG: test-ssh: reading input 1
> # cockpit-protocol-DEBUG: test-ssh: received a 82 byte payload
> # cockpit-protocol-DEBUG: test-ssh: want more data
> **
> cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: 
> assertion failed (json_object_get_string_member (init, "command") == "init"): 
> ("authorize" == "init")
> Bail out! 
> cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: 
> assertion failed (json_object_get_string_member (init, "command") == "init"): 
> ("authorize" == "init")
> cockpit-ssh-Message: 20:51:17.704: cockpit-ssh some_host: -1 couldn't 
> connect: Hostname required 'some_host' '22'
> cockpit-ssh-Message: 20:51:17.704: couldn't write control message: Broken pipe
> cockpit-ssh-Message: 20:51:17.704: couldn't write authorize message: 
> Inappropriate ioctl for device
> FAIL test-sshbridge (exit status: 134)

Argh, I can reproduce. The test passes with the previous
http://snapshot.debian.org/package/libssh/0.10.5-3/ but fails with current 
0.10.6-0+deb12u1.

The reason is annoyingly mundane, and already got fixed upstream half a year 
ago:
https://github.com/cockpit-project/cockpit/commit/518d36c3492020525

I prepared a package update with that fix cherry-picked. See attached debdiff.
It builds fine in a clean bookworm container now.
But I don't know how exactly to target and upload this: to bookworm-security or
-updates? It's a follow-up for a previous security update to make that actually
work, but not a security update in itself.

Santiago Vila [2024-04-15 20:28 +0200]:
> For completeness: this was already happening in bullseye and bookworm
> before the DSA. (Reminder for myself: report all the bugs I found
> last week while rebuilding bullseye and bookworm).

Right, that makes sense. There are no C code changes between 287 and 287.1.

Thanks, and sorry for the trouble,

Martin
diff -Nru cockpit-287.1/debian/changelog cockpit-287.1/debian/changelog
--- cockpit-287.1/debian/changelog  2024-04-02 11:11:19.0 +0200
+++ cockpit-287.1/debian/changelog  2024-04-16 09:20:17.0 +0200
@@ -1,3 +1,11 @@
+cockpit (287.1-0+deb12u2) bookworm-security; urgency=medium
+
+  * Add 0001-ssh-Use-valid-host-name-in-test-sshbridge.patch:
+Use valid host name in test-sshbridge. Fixes FTBFS due to unit test
+failure when building against libssh 0.10.6. (Closes: #1069059)
+
+ -- Martin Pitt   Tue, 16 Apr 2024 09:20:17 +0200
+
 cockpit (287.1-0+deb12u1) bookworm-security; urgency=medium
 
   * New upstream security update:
diff -Nru 
cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch
 
cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch
--- 
cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch
   1970-01-01 01:00:00.0 +0100
+++ 
cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch
   2024-04-16 09:19:18.0 +0200
@@ -0,0 +1,36 @@
+From 518d36c349202052578a459872c3657760226648 Mon Sep 17 00:00:00 2001
+From: Martin Pitt 
+Date: Fri, 29 Dec 2023 07:12:11 +0100
+Subject: [PATCH] ssh: Use valid host name in test-sshbridge
+
+libssh 0.10.6 made host name parsing stricter. `some_host` is not a
+valid general host name, and is rejected with the latest version.
+---
+ src/ssh/test-sshbridge.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ssh/test-sshbridge.c b/src/ssh/test-sshbridge.c
+index e0ff9a7a9..9c561e29a 100644
+--- a/src/ssh/test-sshbridge.c
 b/src/ssh/test-sshbridge.c
+@@ -323,7 +323,7 @@ setup (TestCase *tc,
+   if (!fixture->knownhosts_home)
+   g_assert_cmpint (mkdir (tc->home_ssh_dir, 0700), ==, 0);
+ 
+-  g_string_append (content, "Host some_host\n");
++  g_string_append (content, "Host somehost\n");
+   g_string_append_printf (content, "\tHostname %s\n", hostname);
+ 
+   if (fixture->ssh_config_port == PORT_VALID)
+@@ -346,7 +346,7 @@ setup (TestCase *tc,
+   if (fixture->ssh_config_user == USER_INVALID_HOST_PRIORITY)
+ g_string_append_printf (new_host, "%s@", g_get_user_name ());
+   /* Host in the ssh

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

2024-04-15 Thread Santiago Vila


found 1069059 239-1
found 1069059 287-1
tags 1069059 + bullseye bookworm
thanks

El 15/4/24 a las 19:28, Salvatore Bonaccorso escribió:

The update for cockpit in DSA 5655-1 had problems with the
test-sshbridge test, causing FTBFS:


For completeness: this was already happening in bullseye and bookworm
before the DSA. (Reminder for myself: report all the bugs I found
last week while rebuilding bullseye and bookworm).

Thanks.

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

2024-04-15 Thread Salvatore Bonaccorso

Source: cockpit
Version: 287.1-0+deb12u1
Severity: serious
Justification: missing binary builds, FTBFS
X-Debbugs-Cc: t...@security.debian.org, a...@debian.org, car...@debian.org

Hi

The update for cockpit in DSA 5655-1 had problems with the
test-sshbridge test, causing FTBFS:

>From the tail of the test failure:

# cockpit-protocol-DEBUG: test-ssh: output queue empty

(cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: 
(src/ssh/cockpitsshrelay.c:1423):cockpit_ssh_connect: runtime check failed: 
(ssh_options_set (data->session, SSH_OPTIONS_HOST, host) == 0)

(cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: 
(src/ssh/cockpitsshrelay.c:1424):cockpit_ssh_connect: runtime check failed: 
(ssh_options_parse_config (data->session, NULL) == 0)
# cockpit-protocol-DEBUG: test-ssh: reading input 1
# cockpit-protocol-DEBUG: test-ssh: received a 82 byte payload
# cockpit-protocol-DEBUG: test-ssh: want more data
**
cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: 
assertion failed (json_object_get_string_member (init, "command") == "init"): 
("authorize" == "init")
Bail out! 
cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: 
assertion failed (json_object_get_string_member (init, "command") == "init"): 
("authorize" == "init")
cockpit-ssh-Message: 20:51:17.704: cockpit-ssh some_host: -1 couldn't connect: 
Hostname required 'some_host' '22'
cockpit-ssh-Message: 20:51:17.704: couldn't write control message: Broken pipe
cockpit-ssh-Message: 20:51:17.704: couldn't write authorize message: 
Inappropriate ioctl for device
FAIL test-sshbridge (exit status: 134)

Regards,
Salvatore

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

Processed: Re: Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)

5 matches

Site Navigation

Mail list logo

Footer information