[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
This bug was fixed in the package openssh - 1:8.4p1-6ubuntu2 --- openssh (1:8.4p1-6ubuntu2) impish; urgency=medium * Configure with ac_cv_func_closefrom=no to avoid an incompatibility with glibc 2.34's fallback_closefrom function (LP: #1944621) -- William 'jawn-smith' Wilson Tue, 21 Sep 2021 22:08:39 + ** Changed in: openssh (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
Actually, a feature of openssh is being able to use a chroot that doesn't look like a root filesystem, so we'll have to consider how to move forward on this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
Mounting /proc in the chroot fixed the test. I'll prepare a patch and an upstream bug report. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
So this is fun, the upstream openssh actually has the same test failure when running `make tests`. So it doesn't appear to be something we introduced here, but it is definitely a problem that needs solving. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
Bryceh: I've been looking into this a bit. Removing the --oknodo had no effect on the tests, and neither did removing the diff that we carry from Debian. I've also noticed that the issue only occurs on kernel <= 5.8. The tests all pass when run in a test environment with kernel 5.11 or 5.13, which is how I missed this in my initial testing. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
From the original debdiff, two items catch the eye: +- Cherry-pick seccomp fixes for glibc 2.33 thanks to Dave Jones for + reports on armhf. This is a carried delta so I shouldn't think it creates a new issue, however I note we're now on glibc 2.34 in impish so wonder if there's some additional adjustment required for this fix. + * debian/tests/regress: Don't fail cleanup if haveged isn't running. This is a change to the test that is failing, so seems suspect, however the actual change is just this: - start-stop-daemon --stop --quiet \ + start-stop-daemon --stop --quiet --oknodo \ -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
This is stuck in -proposed due to some test failures. a. snapd's autopkgtests are failing. I'm not sure why but it's failing against a bunch of stuff, and unlikely to be related to openssh. For this, I think just wait until snapd gets sorted. b. openssh's autopkgtest for armhf fails: https://autopkgtest.ubuntu.com/results/autopkgtest- impish/impish/armhf/o/openssh/20210915_153813_9f0ec@/log.gz 15:37:47.745132692 E: run test sftp-chroot.sh ... 15:37:47.815324958 O: 15:37:47.818687482 O: WARNING: Unsafe (group or world writable) directory permissions found: 15:37:47.821470734 O: /tmp/autopkgtest.BMCGDj /tmp 15:37:47.824349161 O: 15:37:47.828068207 O: These could be abused to locally escalate privileges. If you are 15:37:47.831098208 O: sure that this is not a risk (eg there are no other users), you can 15:37:47.834369382 O: bypass this check by setting TEST_SSH_UNSAFE_PERMISSIONS=1 15:37:47.838832596 O: 15:37:48.389593715 O: test sftp in chroot: get 15:37:49.220480056 O: FATAL: Fetch testdata_openssh-tests.10274 failed 15:37:49.272336819 E: make: *** [Makefile:214: t-exec] Error 1 15:37:49.272732416 O: make: Leaving directory '/tmp/autopkgtest.BMCGDj/autopkgtest_tmp/user/regress' 15:37:49.275848416 O: ==> /tmp/autopkgtest.BMCGDj/autopkgtest_tmp/user/regress/failed-regress.log <== 15:37:49.278666043 O: trace: test sftp in chroot: get 15:37:49.279119015 E: tail: error writing 'standard output': Resource temporarily unavailable 15:37:49.281732694 O: Connection closed 15:37:49.284391098 O: Connection closed. 15:37:49.287049577 O: FATAL: Fetch testdata_openssh-tests.10274 failed 15:37:49.289863204 O: 15:37:49.292443584 O: trace: test sftp in chroot: get 15:37:49.295060163 O: Connection closed 15:37:49.297757192 O: Connection closed. 15:37:49.300477945 O: FATAL: Fetch testdata_openssh-tests.10274 failed 15:37:49.303095599 O: FAIL: Fetch testdata_openssh-tests.10274 failed 15:37:49.308296783 O: ==> /tmp/autopkgtest.BMCGDj/autopkgtest_tmp/user/regress/failed-ssh.log <== ... 15:37:51.474372804 O: debug3: channel 0: status: The following connections are open: 15:37:51.477102508 O: #0 server-session (t4 r0 i3/0 o3/0 e[closed]/0 fd -1/-1/-1 sock -1 cc -1) 15:37:51.479741212 O: 15:37:51.482360441 O: debug3: receive packet: type 1 15:37:51.485060819 O: Received disconnect from 127.0.0.1 port 51114:11: disconnected by user 15:37:51.487996046 O: Disconnected from user openssh-tests 127.0.0.1 port 51114 15:37:51.490691200 O: debug1: do_cleanup 15:37:51.493366103 O: debug1: temporarily_use_uid: 1001/1001 (e=1001/1001) 15:37:51.501159391 O: debug1: restore_uid: (unprivileged) 15:37:51.503932169 O: debug3: mm_request_receive entering 15:37:51.506765122 O: debug1: do_cleanup 15:37:51.509590624 O: debug1: temporarily_use_uid: 1001/1001 (e=0/0) 15:37:51.512431677 O: debug1: restore_uid: 0/0 15:37:51.515012731 O: debug1: audit_event: unhandled event 12 15:37:51.517875458 O: debug1: main_sigchld_handler: Child exited 15:37:51.520917709 O: FATAL: Fetch testdata_openssh-tests.10274 failed 15:37:51.523740937 O: -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
** Tags added: update-excuse -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
** Tags removed: server-next -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
I'm unsubscribing sponsors since this has been uploaded. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
$ rmad openssh openssh | 1:8.4p1-6ubuntu1 | impish-proposed The package was accepted to -proposed and has built successfully for all architectures. It'd be helpful if you could keep an eye on the update- excuses page to make sure its autopkgtests pass successfully. The autopkgtests failed in my local environment due to warnings about permissions on some tmp dirs; possibly this issue won't affect the buildd environment so the tests will be ok, but worth watching. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
Verified locally that it builds. The dropped change was taken upstream, and the remaining delta still looks relevant to carry. LGTM, +1. I've added the merge changes to git-ubuntu and sponsored the upload: $ debuild -S -sa $(git ubuntu push-for-upload) ... Now signing changes and any dsc files... signfile dsc openssh_8.4p1-6ubuntu1.dsc A661100B3DAC1D4F2CAD8A54E603B2578FB8F0FB fixup_buildinfo openssh_8.4p1-6ubuntu1.dsc openssh_8.4p1-6ubuntu1_source.buildinfo signfile buildinfo openssh_8.4p1-6ubuntu1_source.buildinfo A661100B3DAC1D4F2CAD8A54E603B2578FB8F0FB fixup_changes dsc openssh_8.4p1-6ubuntu1.dsc openssh_8.4p1-6ubuntu1_source.changes fixup_changes buildinfo openssh_8.4p1-6ubuntu1_source.buildinfo openssh_8.4p1-6ubuntu1_source.changes signfile changes openssh_8.4p1-6ubuntu1_source.changes A661100B3DAC1D4F2CAD8A54E603B2578FB8F0FB Successfully signed dsc, buildinfo, changes files $ dput ubuntu ../openssh_8.4p1-6ubuntu1_source.changes D: Setting host argument. Checking signature on .changes gpg: ../openssh_8.4p1-6ubuntu1_source.changes: Valid signature from E603B2578FB8F0FB Checking signature on .dsc gpg: ../openssh_8.4p1-6ubuntu1.dsc: Valid signature from E603B2578FB8F0FB Package includes an .orig.tar.gz file although the debian revision suggests that it might not be required. Multiple uploads of the .orig.tar.gz may be rejected by the upload queue management software. Uploading to ubuntu (via ftp to upload.ubuntu.com): Uploading openssh_8.4p1-6ubuntu1.dsc: done. Uploading openssh_8.4p1.orig.tar.gz: done. Uploading openssh_8.4p1-6ubuntu1.debian.tar.xz: done. Uploading openssh_8.4p1-6ubuntu1_source.buildinfo: done. Uploading openssh_8.4p1-6ubuntu1_source.changes: done. Successfully uploaded packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
** Tags added: server-next ** Changed in: openssh (Ubuntu) Importance: Undecided => High ** Changed in: openssh (Ubuntu) Status: Confirmed => In Progress ** Changed in: openssh (Ubuntu) Assignee: (unassigned) => William Wilson (jawn-smith) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
This diff from Debian still includes the seccomp fixes pulled in for glibc 2.33, as they are still relevant with glibc 2.34. These are in upstream openssh version 8.5, so when Debian gets to 8.5 we can sync and drop the diff. ** Patch added: "Diff from Debian" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+attachment/5521260/+files/lp1941799-debian-ubuntu.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1941799] Re: Please merge openssh 1:8.4p1-6 from Debian unstable
** Patch added: "Diff from 1:8.4p1-5ubuntu2" https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+attachment/5521261/+files/lp1941799-ubuntu-ubuntu.debdiff ** Changed in: openssh (Ubuntu) Assignee: William Wilson (jawn-smith) => (unassigned) ** Changed in: openssh (Ubuntu) Status: In Progress => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1941799 Title: Please merge openssh 1:8.4p1-6 from Debian unstable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1941799/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
