OpenSSH 7.7 -w tunnel bug

Bug #1801128 reported by Adam Jacobs on 2018-11-01
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Medium
Unassigned
Cosmic
Medium
Karl Stenerud

Bug Description

[Impact]

A regression in OpenSSH 7.7 breaks tunnelling via the -w switch in the ssh command.

[Test Case]

# lxc launch ubuntu:cosmic tester && lxc exec tester bash

# apt update && \
apt dist-upgrade -y && \
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config && \
service sshd restart && \
echo ubuntu:ubuntu | chpasswd

# ssh -w any ubuntu@localhost
ubuntu@localhost's password:
Tunnel device open failed.
Could not request tunnel forwarding.

[Regression Potential]

This is already fixed and tested upstream, and thus has little regression potential.

[Original Description]

Just upgraded to cosmic, which picks up OpenSSH 7.7.

OpenSSH 7.7 has known bug https://bugzilla.mindrot.org/show_bug.cgi?id=2855 which is fixed in OpenSSH 7.8. It's a regression that completely breaks -w tunneling.

The OpenSSH bug contains a trivial two-line patch to fix the bug. I downloaded the Ubuntu openssh package source, applied the patch and rebuilt, and can confirm that is does fix the problem.

Any chance we could get this patch backported to Cosmic?

ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: openssh-client 1:7.7p1-4
ProcVersionSignature: Ubuntu 4.18.0-10.11-generic 4.18.12
Uname: Linux 4.18.0-10-generic x86_64
ApportVersion: 2.20.10-0ubuntu13
Architecture: amd64
Date: Thu Nov 1 09:36:16 2018
ProcEnviron:
 TERM=xterm-256color
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
RelatedPackageVersions:
 ssh-askpass N/A
 libpam-ssh N/A
 keychain N/A
 ssh-askpass-gnome N/A
SSHClientVersion: OpenSSH_7.7p1 Ubuntu-4, OpenSSL 1.0.2n 7 Dec 2017
SourcePackage: openssh
UpgradeStatus: Upgraded to cosmic on 2018-11-01 (0 days ago)

Related branches

Adam Jacobs (bllfr0g) wrote :

@Colin - will you as usual handle the ssh bug here or should one of the server team take that?

tags: added: server-next
Adam Jacobs (bllfr0g) wrote :

For simplicity, here's the patch that fixes this bug (and is included in openssh 7.8):

diff --git a/openbsd-compat/port-net.c b/openbsd-compat/port-net.c
index 7050629c..bb535626 100644
--- a/openbsd-compat/port-net.c
+++ b/openbsd-compat/port-net.c
@@ -185,7 +185,7 @@ sys_tun_open(int tun, int mode, char **ifname)
  else
   debug("%s: %s mode %d fd %d", __func__, ifr.ifr_name, mode, fd);

- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
   goto failed;

  return (fd);
@@ -272,7 +272,7 @@ sys_tun_open(int tun, int mode, char **ifname)
    goto failed;
  }

- if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)))
+ if (ifname != NULL && (*ifname = strdup(ifr.ifr_name)) == NULL)
   goto failed;

  close(sock);

Andreas Hasenack (ahasenack) wrote :

Debian has 7.9p1, so as soon as Disco opens up for development the next sync will get the fix there.

Changed in openssh (Ubuntu Cosmic):
importance: Undecided → Medium
Changed in openssh (Ubuntu):
importance: Undecided → Medium
Changed in openssh (Ubuntu):
assignee: nobody → Karl Stenerud (kstenerud)
Changed in openssh (Ubuntu Cosmic):
assignee: nobody → Karl Stenerud (kstenerud)
status: New → In Progress
description: updated
Andreas Hasenack (ahasenack) wrote :

1:7.9p1-1 is in disco-proposed, going through migration.

Changed in openssh (Ubuntu):
status: New → In Progress

1:7.9p1-1 complete now

tagged and uploaded to C-unapproved

Andreas Hasenack (ahasenack) wrote :

The main task of this bug is tracking "disco". I believe the bug is either "invalid" there (disco had openssh 7.8 when this bug was filed and was unaffected, and now has 7.9), or "fix released".

Changed in openssh (Ubuntu):
status: In Progress → Fix Released
Changed in openssh (Ubuntu):
assignee: Karl Stenerud (kstenerud) → nobody

Hello Adam, or anyone else affected,

Accepted openssh into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssh/1:7.7p1-4ubuntu0.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in openssh (Ubuntu Cosmic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Adam Jacobs (bllfr0g) wrote :

Tested 7.7p1-4ubuntu0.1. Works perfectly.

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:7.7p1-4ubuntu0.1

---------------
openssh (1:7.7p1-4ubuntu0.1) cosmic; urgency=medium

  * debian/patches/fix-broken-tunnel-forwarding.patch: Fix tunnel forwarding
    broken in 7.7p1. Thanks to Damien Miller <email address hidden>. (LP: #1801128)

 -- Karl Stenerud <email address hidden> Wed, 07 Nov 2018 14:52:49 +0100

Changed in openssh (Ubuntu Cosmic):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for openssh has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers