Any ETA on a build that patches OpenSSH client bug CVE-2016-0777

hi all,

How can I see when a patch for http://undeadly.org/cgi?action=article&sid=20160114142733 will get in the build queue and completes?
The patched OpenSSH 7.1p2 has just been released.

Background info:

Regards,

–jeroen

Well, the fix has been accepted to the devel repo 4 hours ago and forwarded to Factory.
You can track the progress of the submission to Factory here:
https://build.opensuse.org/request/show/353732

Once this is accepted, it will be in the next Tumbleweed snapshot afterwards.

Btw, an update has been submitted for 13.2 and Leap 42.1 as well:
https://build.opensuse.org/project/show/openSUSE:Maintenance:4526
https://build.opensuse.org/project/show/openSUSE:Maintenance:4527

Thanks wolfi323.
Two more questions:

  1. How do I get from https://build.opensuse.org/package/show/network/openssh to https://build.opensuse.org/request/show/353732 ?

  2. How do I correlate a request like https://build.opensuse.org/request/show/353732 to the results at https://openqa.opensuse.org/group_overview/1 ?

Regards,

–jeroen

Click on “Requests”.

  1. How do I correlate a request like Request 353732: Submit openssh - openSUSE Build Service to the results at openQA ?

No idea. I don’t think you can.

But looking at the request again, they are apparently pushing it to the emergency update repo to avoid the delay by openqa.

That link doesn’t reveal any information. Apparently you need to be logged in for that. Too bad, as that makes a lot of monitoring harder.

Thanks for the info: I’ll create an account shortly.

Hopefully the update is in this build from openQA : openQA: Test summary

You should be able to login with the same username/password as here.

Hopefully the update is in this build from openQA : openQA: Test summary

That’s irrelevant if it is pushed to the additional update repo. openqa only tests the “normal” distribution, the purpose of the update repo is to be able to circumvent this process in emergencies.

PS: Request 353732: Submit openssh - openSUSE Build Service has been accepted to Factory already (i.e. it also went through openqa), so the fix will be in the repo when Tumbleweed is published the next time.

The request to push it to the Update repo was actually this:

But that’s probably irrelevant now…

I already found out that worked.

That’s irrelevant if it is pushed to the additional update repo. openqa only tests the “normal” distribution, the purpose of the update repo is to be able to circumvent this process in emergencies.

Ah. I didn’t know that as all Tumbleweek FAQs I’ve seen so far indicate you should update using zypper dup, not zypper up.

What’s the URL of the additional update repo to use with Tumbleweed?

It’s irrelevant in this case whether you use “zypper up” or “zypper dup”.
Both will install all updates in your configured repos. The main difference is just that “zypper up” will not switch packages to versions from other repos/vendors (there are other differences of course, but I don’t want to go into that now, a link to a discussion can be found on the Tumbleweed Portal).

The update repo has the same vendor as the main repo though (openSUSE), so “zypper up” will install updates from there as well.

“zypper patch” will only install patches from the update repo, and is normally useless on Tumbleweed.

What’s the URL of the additional update repo to use with Tumbleweed?

http://download.opensuse.org/update/tumbleweed , as mentioned on the Tumbleweed installation page:

https://en.opensuse.org/openSUSE:Tumbleweed_installation#Repositories

Thanks a lot. I somehow got confused as https://openqa.opensuse.org/group_overview/1 indicated the build was done, but neither zypper dup nor zypper up would update.

Now they do.

Thanks again for all the help.

It made it to https://openqa.opensuse.org/tests/overview?distri=opensuse&version=Tumbleweed&build=20160116&groupid=1