Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)
Hi Martin, On Tue, Apr 16, 2024 at 09:26:02AM +0200, Martin Pitt wrote: > Control: tag -1 upstream fixed-upstream patch > Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790 > > Hello Salvatore and Santiago, > > Salvatore Bonaccorso [2024-04-15 19:28 +0200]: > > The update for cockpit in DSA 5655-1 had problems with the > > test-sshbridge test, causing FTBFS: > > > > >From the tail of the test failure: > > > > # cockpit-protocol-DEBUG: test-ssh: output queue empty > > > > (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: > > (src/ssh/cockpitsshrelay.c:1423):cockpit_ssh_connect: runtime check failed: > > (ssh_options_set (data->session, SSH_OPTIONS_HOST, host) == 0) > > > > (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: > > (src/ssh/cockpitsshrelay.c:1424):cockpit_ssh_connect: runtime check failed: > > (ssh_options_parse_config (data->session, NULL) == 0) > > # cockpit-protocol-DEBUG: test-ssh: reading input 1 > > # cockpit-protocol-DEBUG: test-ssh: received a 82 byte payload > > # cockpit-protocol-DEBUG: test-ssh: want more data > > ** > > cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: > > assertion failed (json_object_get_string_member (init, "command") == > > "init"): ("authorize" == "init") > > Bail out! > > cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: > > assertion failed (json_object_get_string_member (init, "command") == > > "init"): ("authorize" == "init") > > cockpit-ssh-Message: 20:51:17.704: cockpit-ssh some_host: -1 couldn't > > connect: Hostname required 'some_host' '22' > > cockpit-ssh-Message: 20:51:17.704: couldn't write control message: Broken > > pipe > > cockpit-ssh-Message: 20:51:17.704: couldn't write authorize message: > > Inappropriate ioctl for device > > FAIL test-sshbridge (exit status: 134) > > Argh, I can reproduce. The test passes with the previous > http://snapshot.debian.org/package/libssh/0.10.5-3/ but fails with current > 0.10.6-0+deb12u1. > > The reason is annoyingly mundane, and already got fixed upstream half a year > ago: > https://github.com/cockpit-project/cockpit/commit/518d36c3492020525 > > I prepared a package update with that fix cherry-picked. See attached debdiff. > It builds fine in a clean bookworm container now. > But I don't know how exactly to target and upload this: to bookworm-security > or > -updates? It's a follow-up for a previous security update to make that > actually > work, but not a security update in itself. Technically speaking, as the issue is present already before the DSA release, you are right and the proposed update way would have been the way to go. *But* we have a released security-update wich de-facto does not reach the users right now, so I propose to release the regression fix trough a security and make it a DSA regression announce. Can you please upload to security-master? Regards, Salvatore
Processed: Re: Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)
Processing control commands: > tag -1 upstream fixed-upstream patch Bug #1069059 [src:cockpit] cockpit update from DSA-5655-1 without binary builds (build failures) Added tag(s) upstream, fixed-upstream, and patch. > forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790 Bug #1069059 [src:cockpit] cockpit update from DSA-5655-1 without binary builds (build failures) Set Bug forwarded-to-address to 'https://github.com/cockpit-project/cockpit/pull/19790'. -- 1069059: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069059 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)
Control: tag -1 upstream fixed-upstream patch Control: forwarded -1 https://github.com/cockpit-project/cockpit/pull/19790 Hello Salvatore and Santiago, Salvatore Bonaccorso [2024-04-15 19:28 +0200]: > The update for cockpit in DSA 5655-1 had problems with the > test-sshbridge test, causing FTBFS: > > >From the tail of the test failure: > > # cockpit-protocol-DEBUG: test-ssh: output queue empty > > (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: > (src/ssh/cockpitsshrelay.c:1423):cockpit_ssh_connect: runtime check failed: > (ssh_options_set (data->session, SSH_OPTIONS_HOST, host) == 0) > > (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: > (src/ssh/cockpitsshrelay.c:1424):cockpit_ssh_connect: runtime check failed: > (ssh_options_parse_config (data->session, NULL) == 0) > # cockpit-protocol-DEBUG: test-ssh: reading input 1 > # cockpit-protocol-DEBUG: test-ssh: received a 82 byte payload > # cockpit-protocol-DEBUG: test-ssh: want more data > ** > cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: > assertion failed (json_object_get_string_member (init, "command") == "init"): > ("authorize" == "init") > Bail out! > cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: > assertion failed (json_object_get_string_member (init, "command") == "init"): > ("authorize" == "init") > cockpit-ssh-Message: 20:51:17.704: cockpit-ssh some_host: -1 couldn't > connect: Hostname required 'some_host' '22' > cockpit-ssh-Message: 20:51:17.704: couldn't write control message: Broken pipe > cockpit-ssh-Message: 20:51:17.704: couldn't write authorize message: > Inappropriate ioctl for device > FAIL test-sshbridge (exit status: 134) Argh, I can reproduce. The test passes with the previous http://snapshot.debian.org/package/libssh/0.10.5-3/ but fails with current 0.10.6-0+deb12u1. The reason is annoyingly mundane, and already got fixed upstream half a year ago: https://github.com/cockpit-project/cockpit/commit/518d36c3492020525 I prepared a package update with that fix cherry-picked. See attached debdiff. It builds fine in a clean bookworm container now. But I don't know how exactly to target and upload this: to bookworm-security or -updates? It's a follow-up for a previous security update to make that actually work, but not a security update in itself. Santiago Vila [2024-04-15 20:28 +0200]: > For completeness: this was already happening in bullseye and bookworm > before the DSA. (Reminder for myself: report all the bugs I found > last week while rebuilding bullseye and bookworm). Right, that makes sense. There are no C code changes between 287 and 287.1. Thanks, and sorry for the trouble, Martin diff -Nru cockpit-287.1/debian/changelog cockpit-287.1/debian/changelog --- cockpit-287.1/debian/changelog 2024-04-02 11:11:19.0 +0200 +++ cockpit-287.1/debian/changelog 2024-04-16 09:20:17.0 +0200 @@ -1,3 +1,11 @@ +cockpit (287.1-0+deb12u2) bookworm-security; urgency=medium + + * Add 0001-ssh-Use-valid-host-name-in-test-sshbridge.patch: +Use valid host name in test-sshbridge. Fixes FTBFS due to unit test +failure when building against libssh 0.10.6. (Closes: #1069059) + + -- Martin Pitt Tue, 16 Apr 2024 09:20:17 +0200 + cockpit (287.1-0+deb12u1) bookworm-security; urgency=medium * New upstream security update: diff -Nru cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch --- cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch 1970-01-01 01:00:00.0 +0100 +++ cockpit-287.1/debian/patches/0001-ssh-Use-valid-host-name-in-test-sshbridge.patch 2024-04-16 09:19:18.0 +0200 @@ -0,0 +1,36 @@ +From 518d36c349202052578a459872c3657760226648 Mon Sep 17 00:00:00 2001 +From: Martin Pitt +Date: Fri, 29 Dec 2023 07:12:11 +0100 +Subject: [PATCH] ssh: Use valid host name in test-sshbridge + +libssh 0.10.6 made host name parsing stricter. `some_host` is not a +valid general host name, and is rejected with the latest version. +--- + src/ssh/test-sshbridge.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/ssh/test-sshbridge.c b/src/ssh/test-sshbridge.c +index e0ff9a7a9..9c561e29a 100644 +--- a/src/ssh/test-sshbridge.c b/src/ssh/test-sshbridge.c +@@ -323,7 +323,7 @@ setup (TestCase *tc, + if (!fixture->knownhosts_home) + g_assert_cmpint (mkdir (tc->home_ssh_dir, 0700), ==, 0); + +- g_string_append (content, "Host some_host\n"); ++ g_string_append (content, "Host somehost\n"); + g_string_append_printf (content, "\tHostname %s\n", hostname); + + if (fixture->ssh_config_port == PORT_VALID) +@@ -346,7 +346,7 @@ setup (TestCase *tc, + if (fixture->ssh_config_user == USER_INVALID_HOST_PRIORITY) + g_string_append_printf (new_host, "%s@", g_get_user_name ()); + /* Host in the ssh
Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)
found 1069059 239-1 found 1069059 287-1 tags 1069059 + bullseye bookworm thanks El 15/4/24 a las 19:28, Salvatore Bonaccorso escribió: The update for cockpit in DSA 5655-1 had problems with the test-sshbridge test, causing FTBFS: For completeness: this was already happening in bullseye and bookworm before the DSA. (Reminder for myself: report all the bugs I found last week while rebuilding bullseye and bookworm). Thanks.
Bug#1069059: cockpit update from DSA-5655-1 without binary builds (build failures)
Source: cockpit Version: 287.1-0+deb12u1 Severity: serious Justification: missing binary builds, FTBFS X-Debbugs-Cc: t...@security.debian.org, a...@debian.org, car...@debian.org Hi The update for cockpit in DSA 5655-1 had problems with the test-sshbridge test, causing FTBFS: >From the tail of the test failure: # cockpit-protocol-DEBUG: test-ssh: output queue empty (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: (src/ssh/cockpitsshrelay.c:1423):cockpit_ssh_connect: runtime check failed: (ssh_options_set (data->session, SSH_OPTIONS_HOST, host) == 0) (cockpit-ssh:3731): cockpit-ssh-WARNING **: 20:51:17.702: (src/ssh/cockpitsshrelay.c:1424):cockpit_ssh_connect: runtime check failed: (ssh_options_parse_config (data->session, NULL) == 0) # cockpit-protocol-DEBUG: test-ssh: reading input 1 # cockpit-protocol-DEBUG: test-ssh: received a 82 byte payload # cockpit-protocol-DEBUG: test-ssh: want more data ** cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: assertion failed (json_object_get_string_member (init, "command") == "init"): ("authorize" == "init") Bail out! cockpit-ssh:ERROR:src/ssh/test-sshbridge.c:560:wait_until_transport_init: assertion failed (json_object_get_string_member (init, "command") == "init"): ("authorize" == "init") cockpit-ssh-Message: 20:51:17.704: cockpit-ssh some_host: -1 couldn't connect: Hostname required 'some_host' '22' cockpit-ssh-Message: 20:51:17.704: couldn't write control message: Broken pipe cockpit-ssh-Message: 20:51:17.704: couldn't write authorize message: Inappropriate ioctl for device FAIL test-sshbridge (exit status: 134) Regards, Salvatore