Bug 1125687 - scp does not accept brace expantion breaking High Availability "crm cluster join"
scp does not accept brace expantion breaking High Availability "crm cluster j...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Basesystem
Current
Other Other
: P5 - None : Major (vote)
: ---
Assigned To: Vítězslav Čížek
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-02-17 12:27 UTC by Andrei Borzenkov
Modified: 2019-03-11 14:08 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrei Borzenkov 2019-02-17 12:27:06 UTC
I tried to setup pacemaker on current Tumbleweed using "crm cluster init", "crm cluster join" - it failed with

+ scp root@192.168.1.1:'/etc/csync2/{csync2.cfg,key_hagroup}' /etc/csync2
error: unexpected filename: csync2.cfg
ERROR: Can't retrieve csync2 config from 192.168.1.1

The most likely reason is patch openssh-7.9p1-scp-name-validator.patch, more precisely:


+                       rc = glob(sinkdata->pattern, GLOB_ALTDIRFUNC|GLOB_NOSORT, NULL, &gl);
+                       globfree(&gl);
+                       if (rc != 0) {
+                               if (rc == GLOB_NOMATCH)
+                                       run_err("error: unexpected filename: %s", cp);

While it could be extended with GLOB_BRACE, I wonder what other legitimate usage patterns are broken (what about GLOB_TILDE)?
Comment 2 Pedro Monreal Gonzalez 2019-02-18 10:42:55 UTC
@Andrei, could you please test if the patch fixes the issue? You can find the rpm's here:
https://download.opensuse.org/repositories/home:/pmonrealgonzalez:/branches:/network/openSUSE_Tumbleweed/x86_64/
Comment 3 Andrei Borzenkov 2019-02-18 17:06:28 UTC
(In reply to Pedro Monreal Gonzalez from comment #2)
> @Andrei, could you please test if the patch fixes the issue? You can find
> the rpm's here:
> https://download.opensuse.org/repositories/home:/pmonrealgonzalez:/branches:/
> network/openSUSE_Tumbleweed/x86_64/

Yes, brace expansion works with this one.
Comment 4 Pedro Monreal Gonzalez 2019-02-18 20:09:30 UTC
Thanks for testing, I'll submit now.
Comment 6 Swamp Workflow Management 2019-02-19 09:00:19 UTC
This is an autogenerated message for OBS integration:
This bug (1125687) was mentioned in
https://build.opensuse.org/request/show/677282 Factory / openssh
Comment 9 Swamp Workflow Management 2019-02-26 20:14:08 UTC
SUSE-SU-2019:0496-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1121816,1121821,1125687
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
SUSE Linux Enterprise Module for Server Applications 15 (src):    openssh-7.6p1-9.23.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    openssh-7.6p1-9.23.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    openssh-askpass-gnome-7.6p1-9.23.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    openssh-7.6p1-9.23.1
Comment 10 Swamp Workflow Management 2019-03-08 14:12:15 UTC
openSUSE-SU-2019:0307-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1121816,1121821,1125687
CVE References: CVE-2019-6109,CVE-2019-6111
Sources used:
openSUSE Leap 15.0 (src):    openssh-7.6p1-lp150.8.15.2, openssh-askpass-gnome-7.6p1-lp150.8.15.1
Comment 11 Vítězslav Čížek 2019-03-11 14:08:12 UTC
This affected only Factory and SLE-15 and derived codestreams.

I mentioned the commit from comment 1 in the corresponding scp security bug so it won't get forgotten once we'll be fixing the scp issues on the older distributions.