[Touch-packages] [Bug 2053146] Re: openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex method is slightly wrong

Thu, 15 Feb 2024 04:11:08 -0800 

Hello and thanks for this bug report. The analysis looks sensible to me,
but I'm not really familiar with gss. To better understand the situation
I have a couple of questions:

- Does this mean that gss is unusable in Jammy at the moment? AFAICT
this is the only bug report about it, so I would be surprised.

- Are you able to test openssh from newer Ubuntu releases, ideally
including Noble (the next LTS, currently in development)? The gss patch
has been updated since Jammy, the last time on:

Last-Updated: 2023-12-18

Thanks!

** Changed in: openssh (Ubuntu)
       Status: Confirmed => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2053146

Title:
  openssh 8.9p1 for Jammy auth2-gss patch for gssapi-keyex method is
  slightly wrong

Status in openssh package in Ubuntu:
  Incomplete

Bug description:
  The Authmethod struct now have 4 entries but the initialization of the
  method_gsskeyex in the debian/patches/gssapi.patch only have 3
  entries.

  The struct was changed in upstream commit 
dbb339f015c33d63484261d140c84ad875a9e548 as
  ===
  @@ -104,7 +104,8 @@ struct Authctxt {
   
   struct Authmethod {
          char    *name;
  -       int     (*userauth)(struct ssh *);
  +       char    *synonym;
  +       int     (*userauth)(struct ssh *, const char *);
          int     *enabled;
   };

  ===

  The incorrect code does
  ===
  +Authmethod method_gsskeyex = {
  +       "gssapi-keyex",
  +       userauth_gsskeyex,
  +       &options.gss_authentication
  +};
  ===
  but should have a NULL between the "gssapi-keyex" string and userauth_gsskeyex

  
  This is now (change from Focal) causing gssapi-keyex to be disabled.

  
  ===
  lsb_release -rd
  Description:  Ubuntu 22.04.3 LTS
  Release:      22.04

  ===
  apt-cache policy openssh-server
  openssh-server:
    Installed: 1:8.9p1-3ubuntu0.6
    Candidate: 1:8.9p1-3ubuntu0.6
    Version table:
   *** 1:8.9p1-3ubuntu0.6 500
          500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu 
jammy-updates/main amd64 Packages
          500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu 
jammy-security/main amd64 Packages
          100 /var/lib/dpkg/status
       1:8.9p1-3 500
          500 http://faiserver.hpc2n.umu.se/mirrors/ubuntu/ubuntu jammy/main 
amd64 Packages

  ===

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2053146/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to