This bug was fixed in the package openssh - 1:7.2p2-4ubuntu2.2
---
openssh (1:7.2p2-4ubuntu2.2) xenial; urgency=medium
* Fix ssh-keygen -H accidentally corrupting known_hosts that contained
already-hashed entries (LP: #1668093).
* Fix ssh-keyscan to correctly hash hosts with
This bug was fixed in the package openssh - 1:7.3p1-1ubuntu0.1
---
openssh (1:7.3p1-1ubuntu0.1) yakkety; urgency=medium
* Fix ssh-keygen -H accidentally corrupting known_hosts that contained
already-hashed entries (LP: #1668093).
* Fix ssh-keyscan to correctly hash hosts with
Prior to the update I had a diff when rehashing like:
$ ssh-keyscan 10.245.71.133 > ~/.ssh/known_hosts; for i in $(seq 1 20); do
ssh-keygen -H; diff -Naur ~/.ssh/known_hosts.old ~/.ssh/known_hosts; done
Removing the known_hosts file and upgrading to proposed version.
After the update I see one
Hello Sarah, or anyone else affected,
Accepted openssh into yakkety-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/openssh/1:7.3p1-1ubuntu0.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Changed in: openssh (Ubuntu)
Assignee: (unassigned) => Colin Watson (cjwatson)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H
I've hit the publish buttons now.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already hashed entries
Status in openssh package
** Changed in: openssh (Ubuntu Xenial)
Assignee: (unassigned) => ChristianEhrhardt (paelzer)
** Changed in: openssh (Ubuntu Yakkety)
Assignee: (unassigned) => ChristianEhrhardt (paelzer)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages,
Great, I see zesty has the fix that works through tests now - thanks
cjwatson!
Colin could you hit publish on the bileto tickets then to kick of the related
SRUs into unapproved?
(I'm also subscribing sponsors in case you have no time)
Bileto references:
Xenial:
This bug was fixed in the package openssh - 1:7.4p1-9
---
openssh (1:7.4p1-9) unstable; urgency=medium
* Fix null pointer dereference in ssh-keygen; this fixes an autopkgtest
regression introduced in 1:7.4p1-8.
-- Colin Watson Thu, 16 Mar 2017 13:43:15
Thanks Colin,
I have new bileto tickets with all the fixes prepared:
Xenial: https://bileto.ubuntu.com/#/ticket/2597
Yakkety: https://bileto.ubuntu.com/#/ticket/2598
Although things looked good on testing at first (local amd64), you can
see there that arm and s390x seem to fail now.
ARM:
run
I've uploaded 1:7.4p1-9 to unstable to fix this, and will sync it once I
can.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already
Was my guess as well, in a bit I'll be able to test and confirm.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already hashed
Yep, that seems to do the job here; thanks for narrowing it down.
Cherry-picking and then I'll do a full adt-run before uploading again.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
I'm still setting up my own test environment since I've been doing other
things this morning, but I'd guess at
https://anongit.mindrot.org/openssh.git/commit/?id=18501151cf272a15b5f2c5e777f2e0933633c513
in that case.
--
You received this bug notification because you are a member of Ubuntu
Touch
Upstream has made no change to the tests since then.
I'd have expected upstream to fail as well, but it seems to not fail.
On latest upstream:
autoreconf -f -i
./configure
make -j
mkdir /var/empty
cd regress
$ PATH=`pwd`/..:$PATH:. TEST_SHELL=/bin/sh sh test-exec.sh `pwd`
keygen-knownhosts.sh
Testing and shell into SRU for Xenial (others have the same, so just one is ok)
Former Version:
$ autopkgtest --apt-upgrade --shell --no-built-binaries
openssh_7.2p2-4ubuntu2.1.dsc -- lxd ubuntu-daily:xenial/amd64
New Version:
$ autopkgtest --apt-upgrade --shell
Yes I've seen this in the Debian upload as well, I'll bundle it - thanks
for the heads up.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H
Thanks, I'll look into this at the Debian end as soon as I can.
I'd suggest bundling fixes for bug 1670745 with any SRUs where it's
relevant; I intended those to go together.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to
Can now reproduce locally (was my fault), debugging further by isolating
the testcase from the regress suite
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
First I checked if the change that got into Debian matches mine that I
prepared for SRU - they do.
I triggered a local autopkgtest of pre/post SRU upload locally and while that
was running evaluated the history of these tests in Ubuntu and Debian.
It seems to fail in Debian just as much, while
My first guess is that all non openssh fails are random transient issues, but
the openssh test itself seems to be related - test is "failed ssh-keygen
known_hosts".
Maybe some expected content did not match, I'll look into that tomorrow.
@cjwatson - did you have anything like that on your
I did prepare in Bileto:
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2585
https://launchpad.net/~ci-train-ppa-service/+archive/ubuntu/2586
Associated autopkgtests ran fine:
https://bileto.ubuntu.com/excuses/2585/xenial.html
Also the openssh tests of the QA Test suite
** Changed in: openssh (Debian)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already
Discussed with cjwatson, the Debian upload to unstable will happen today
and a sync to Zesty will follow.
So it is about preparing the SRUs and pushing them to unapproved once
the sync came in.
** Description changed:
+ [Impact]
+
+ * re-execution of ssh-keygen -H can clobber known-hosts
+
** Tags added: patch server-next
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already hashed entries
Status in openssh package in
** Changed in: openssh (Debian)
Status: Unknown => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already
Thanks - I'll cherry-pick that into Debian, so zesty will get the fix.
I'd appreciate somebody else handling SRUs, though.
** Bug watch added: Debian Bug tracker #851734
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851734
** Changed in: openssh (Debian)
Importance: Undecided => Unknown
This was fixed upstream in this commit
https://anongit.mindrot.org/openssh.git/commit/?id=12d3767ba4c84c32150cbe6ff6494498780f12c9
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
Yes, I will report the bug upstream within the next few days if nobody
else reports it first.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H
** Changed in: openssh (Ubuntu)
Status: Confirmed => Triaged
** Changed in: openssh (Ubuntu)
Importance: Undecided => Medium
** Also affects: openssh (Debian)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch
On
git://anongit.mindrot.org/openssh.git
With bisect helper:
$cat ../test-ssh.sh
#!/bin/bash
set -ux
make clean
autoreconf && ./configure && make -j4
if [[ $? -ne 0 ]]; then
# skip build issue
exit 125
fi
rm ~/.ssh/known_hosts /root/.ssh/known_hosts.old /root/.ssh/known_hosts
As I expected it also affects Debian (openssh-client 1:7.4p1-6)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already hashed
Building and testing latest released upstream
https://mirror.hs-esslingen.de/pub/OpenBSD/OpenSSH/portable/openssh-7.4p1.tar.gz
autoreconf && ./configure && make -j 4
And Testing local ./ssh-keygen just built.
To make sure lib dependencies are not the one that introduce this I
built this on
Thank you for taking the time to report this bug and helping to make
Ubuntu better. I appreciate the quality of this bug report and I'm sure
it'll be helpful to others experiencing the same issue.
As I proved in my checks this is an upstream bug. OTOH while annoying it
is not "very" fatal other
Confirmed to not affect Trusty (as reported)
(openssh-client 1:6.6p1-2ubuntu2)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts
Confirmed to be also broken in Zesty (openssh-client 1:7.4p1-6)
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1668093
Title:
ssh-keygen -H corrupts already hashed
And the behavior is clearly against what the manpage says:
-H Hash a known_hosts file. This replaces all hostnames and addresses
with hashed representations within the specified file; the original content is
moved to a file with a .old suffix. These hashes may be used normally by ssh
and
Hi,
thank you a lot for the good debugging steps!
I can totally confirm the issue.
Need to check with upstream and Debian versions later.
** Changed in: openssh (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
38 matches
Mail list logo