Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIXED JENKINS-40362] Upgrade sshd-core to 0.14.0 to pick SSHD-330 #8

Merged
merged 1 commit into from Dec 11, 2016
Merged

[FIXED JENKINS-40362] Upgrade sshd-core to 0.14.0 to pick SSHD-330 #8

merged 1 commit into from Dec 11, 2016

Conversation

GLundh
Copy link
Member

@GLundh GLundh commented Dec 9, 2016

This solves a really bad issue where 1 handshake
in 256 fails randomly [1].

Note: The issue was easily reproducable, and after this
dependency upgrade the handshake did not fail in over
15K test connections.

[1] https://issues.apache.org/jira/browse/SSHD-330

@GLundh
Upgrades sshd-core to 0.14.0
e375ab1 
This solves a really bad issue where 1 handshake
in 256 fails randomly [1].

Note: The issue was easily reproducable, and after this
dependency upgrade the handshake did not fail in over
15K test connections.

[1] https://issues.apache.org/jira/browse/SSHD-330
@oleg-nenashev
Copy link
Member

I would also use the opportunity and enable the new Ciphers (see the discussion in jenkinsci/jenkins#2641). But I can do it in the follow-up PR

@oleg-nenashev
Copy link
Member

@GLundh Just in case, is there an issue in the Jenkins CI bugtracker for it? If no, I'll create the new one since it may be useful to backport it to 2.32.x

@oleg-nenashev
Copy link
Member

CC @jenkinsci/code-reviewers

@GLundh
Copy link
Member Author

GLundh commented Dec 9, 2016

@oleg-nenashev: I have not found an Jenkins-issue on this.

Please notice that there are later versions of sshd-core, but I went with 0.14.0 since it is well tested in other high traffic services we run (like Gerrit v2.12). It was also straightforward enough to upgrade too, without too much changes in the logic on the Jenkins side. Just the signature on the AbstractKeyPairProvider.loadKeys(), so it felt like a good match.

@GLundh
Copy link
Member Author

GLundh commented Dec 9, 2016

Is there any chances of having it backported to older LTS's? I am mainly thinking about 1.651.x. Not everyone is yet ready for the 2.x jump :)

@GLundh
Copy link
Member Author

GLundh commented Dec 9, 2016

Ah.. I see now you have already had the 0.14.0 vs 1.x discussion. Great 👍

@oleg-nenashev
Copy link
Member

Is there any chances of having it backported to older LTS's? I am mainly thinking about 1.651.x. Not everyone is yet ready for the 2.x jump :)

Well, we do not ship new releases of this LTS branch. On the other hand, you can build your own custom core with a patch (you a common multi-module Maven project). The code of this LTS branch is available here: https://github.com/jenkinsci/jenkins/tree/stable-1.651. With local builds you will have no JAR/WAR signing, but it is not a common requirement for deploying Jenkins to web containers.

@oleg-nenashev oleg-nenashev changed the title Upgrades sshd-core to 0.14.0 [FIXED JENKINS-40362] Upgrads sshd-core to 0.14.0 to pick SSHD-330 Dec 11, 2016
@oleg-nenashev
Copy link
Member

Merging this change in order to get it in the Weekly. Jenkins-internal issue: https://issues.jenkins-ci.org/browse/JENKINS-40362, will mark it as LTS candidate

@oleg-nenashev oleg-nenashev merged commit c65ba7f into jenkinsci:master Dec 11, 2016
@oleg-nenashev oleg-nenashev changed the title [FIXED JENKINS-40362] Upgrads sshd-core to 0.14.0 to pick SSHD-330 [FIXED JENKINS-40362] Upgrade sshd-core to 0.14.0 to pick SSHD-330 Dec 11, 2016
@oleg-nenashev oleg-nenashev mentioned this pull request Dec 11, 2016
Merged
This was referenced Apr 7, 2017
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@oleg-nenashev oleg-nenashev oleg-nenashev approved these changes

@kohsuke kohsuke Awaiting requested review from kohsuke

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@GLundh @oleg-nenashev