Launchpad has imported 10 comments from the remote bug at https://bugzilla.mindrot.org/show_bug.cgi?id=2155.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2013-09-19T21:39:50+00:00 wzis wrote: the sftp program in RHEL 6.1/6.2/6.3/6.4 has a bug in tty settings. The 5.3p1 sftp program used in RHEL 6.1/6.2/6.3/6.4, and Ubuntu 12.04 LTS has tty attributes setting problem. Steps to Reproduce: 1. stty -echo 2. sftp user@server 3. key in pass as prompted. 4. cd /tmp 5. ls 6. bye 7. stty -a Actual results: The entered sftp sub-commands in step 4 to step 6 are visible, and the OS command entered after sftp in step 7 is also visible. Expected results: Those inputs entered in step 4 to step 7 shouldn't be visible. This is for security reason we want to hide the sftp subcommands when presented in the menu for user to get files. Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/5 ------------------------------------------------------------------------ On 2013-09-20T00:30:42+00:00 Dtucker wrote: I can't reproduce this on a fedora 18 box with openssh-5.3p1, built with or without libedit ("libedit-3.0-7.20120601cvs"). My guess is that it's actually a bug in libedit. have you reported this to ubuntu? can you reproduce it with the vanilla source from openssh.com? with or without libedit? Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/6 ------------------------------------------------------------------------ On 2013-09-20T01:20:19+00:00 wzis wrote: I reported the issue to ubuntu, but they said I need to report it in upstream. Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/7 ------------------------------------------------------------------------ On 2013-09-20T03:44:24+00:00 Dtucker wrote: who from ubuntu said that? is there an ubuntu or redhat bugreport? IMO that attitude from a vendor is laziness on their part. They're shipping an old, modified version of openssh, so it's their responsibility to investigate problems to a) make sure it's not due to their changes, b) not already fixed and c) the problems are reported against the right upstream. In this case, I happen to have an ubuntu 12.04 VM, and I can't reproduce the problem without libedit, but *can* reproduce it --with-libedit (2.11-20080614-3ubuntu2) but not on Fedora (which has libedit 3.0-7.20120601). Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/8 ------------------------------------------------------------------------ On 2013-09-20T05:28:22+00:00 wzis wrote: Agree with you: here is the bug reported to ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1225327 Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/9 ------------------------------------------------------------------------ On 2013-09-20T05:32:23+00:00 wzis wrote: So, based on your test, it's libedit caused the problem for ssh/sftp. This is the first time I reported bug to ubuntu, and found them not so helpful. Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/10 ------------------------------------------------------------------------ On 2013-09-20T05:56:09+00:00 wzis wrote: I did a test on Fedora 19: found it also has a problem: the sub-commands in sftp are still visible, but after exits from sftp, the setting recovered. Could you try on the Fedora 18 you have, using the Fedora's sftp? Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/11 ------------------------------------------------------------------------ On 2013-09-20T08:14:33+00:00 Dtucker wrote: fedora 18's sftp does do it, but the one I built doesn't (although it's linked against a locally built libedit in /usr/local, which I had not noticed): $ stty -echo; /usr/bin/sftp -o preferredauthentications=password localhost; stty sane dtucker@localhost's password: Connected to localhost. sftp> cd /tmp sftp> exit $ ldd /tmp/openssh-5.3p1/bin/sftp | grep libed libedit.so.0 => /usr/local/lib/libedit.so.0 (0xb7744000) $ stty -echo; /tmp/openssh-5.3p1/bin/sftp -o preferredauthentications=password localhost; stty sane Connecting to localhost... dtucker@localhost's password: sftp> sftp> Remote working directory: /tmp sftp> $ rpm -q libedit libedit-3.0-7.20120601cvs.fc18.i686 the local one is libedit-20100424-3.0 Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/13 ------------------------------------------------------------------------ On 2013-09-20T09:32:11+00:00 Dtucker wrote: repeated the test with libedit-20130712-3.1 and it fails. so: 20100424: works 20120601: fails 20130712: fails I'd be taking a pretty close look at this change, which was just before the 20120601 release:L http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libedit/tty.c?rev=1.42 &content-type=text/x-cvsweb-markup&sortby=date save and restore the tty settings on entry and exit respectively. cleanup debugging printfs Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/14 ------------------------------------------------------------------------ On 2013-09-20T11:05:07+00:00 Robie Basak wrote: > IMO that attitude from a vendor is laziness on their part. They're > shipping an old, modified version of openssh, so it's their > responsibility to investigate problems to a) make sure it's not due to > their changes, b) not already fixed and c) the problems are reported > against the right upstream. Hi. I triaged this bug in Ubuntu. I feel that I have been mispresented here. I appreciate that I shouldn't be sending bugs upstream without checking them first, being reasonably confident that they affect the latest upstream release and have not been introduced by the distribution. I did NOT say that this bug was ready to be reported upstream. I specifically said that the bug needed to be tested against the latest upstream release without distribution patches, and only in that case should the bug be reported upstream. I said: "Could you please test the latest upstream release, and if this still affects the upstream release without distribution patches, file a bug in the upstream bug tracker to get upstream's opinion?" In the case of this particular bug I wasn't even sure if this was expected behaviour by design. I do not wish to diverge from upstream on behaviour such as this. So if verified that this affected the latest upstream release without distribution patches, I then wanted to check with you if you considered this behaviour a bug at all. I'm sorry that it didn't occur to me that you were depending on another library for this functionality. As you can see from the bug, I didn't get that far. Rather than laziness, we are in a situation where far too many bugs are reported, and there aren't enough bug triagers to keep up. So rather than have bugs languish forever, I prefer to note in the bug what actions need to be taken next to empower the reporter to do them to at leave the option of making progress. Bugs affecting only one person after over a year of release tend not to get looked at any other way. Again, I did not intend to get you involved without a reporter having done basic checks to ensure that your latest release was affected, and I apologise for the noise. Reply at: https://bugs.launchpad.net/ubuntu/+source/libedit/+bug/1225327/comments/18 ** Changed in: openssh Status: Unknown => Confirmed ** Changed in: openssh Importance: Unknown => Critical -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1225327 Title: sftp in 12.04 has tty attributes setting problem To manage notifications about this bug go to: https://bugs.launchpad.net/openssh/+bug/1225327/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
